"Post comments without approval" permission does not work by itself
xmacinfo - April 19, 2009 - 13:23
| Project: | Drupal |
| Version: | 7.x-dev |
| Component: | comment.module |
| Category: | bug report |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | needs work |
| Issue tags: | Needs usability review |
Description
The "Post comments without approval" permission does not work for anonymous user. The system display the "Login or register to post comments" message.
When "Post comments... ...(approval required)." is set, anonymous user can post comment properly.
I did a complete Drupal 7 reinstall from cvs and a complete database wipe out too.
#1
I can confirm, there is also something else weird going on. If you are able to post the first comment, the next time you can only reply on the existing comment, not add a new one.
#2
Moving this to critical since commenting is a mean feature of many web sites.
#3
I gave this a once over, and it appears to me that it's an issue with the links that show up underneath the node.
On a fresh install I made a node, and gave anonymous users the permission to post comments without permission, I'm able to post the first comment, like #1 says, and can only post additional comments by going straight to the url: /comment/reply/1#comment-form since the "reply" link doesn't appear.
#4
I tracked it down to a bug in Garland's CSS where the comments div would slide over the 'links' div. That's why the 'add a comment' link is visible when a node has no comments.
I've made a patch that fixes this in style.css.
#5
This is not the original intent of this bug post. I don't underestand how a CSS change can change the HTML code of the form. I've applied you patch just to make sure, to no avail.
Anonymous user with the "Post comments without approval" permission should be able to post a comment. Instead, the backend sends the "Login or register to post comments". So the error is more in line with permission not checked properly.
I've also switched to Stark and I get the same problem. So this is definitely not a theme issue.
Your patch might still be good to correct a Garland issue, though. So we may need to create a new issue, or fix it here first before fixing the original issue.
#6
Okay.
The CSS change is indeed a seperate issue. The HTML is all there. The code works. It's just the CSS that obscures the 'add a comment' link making it only possible to reply to an existing comment.
I've taken another look at the original issue. The code only defines
user_access('post comments')in the comment.module ignoring the 'post comments without approval' permission. i've changed it and tested it. Looks like it works for me. I can post a comment as an anonymous user with the 'post a comment without approval' permission set.Attached is a patch.
#7
Weird. I *did* change the status to 'needs review'.
#8
I was always under the impression this permission meant 'bypass approval for comments' - and required 'post comments' permissions as well. It's probably better this way though.
Doesn't seem like this would only be limited to anonymous users - also it's something we could write a test for.
#9
The thought occurred to me that those two permissions are a bit confusing. 'Post comments' actually stands for two things:
1. able to make a comment
2. you're comment needs to be approved by someone with 'administer comment' permission before it is published.
Whereas 'Post comments without approval' means:
1. able to make a comment
2. you're comment will be published right away
The problem is that both are in fact mutually exclusive. When you make a module, you can code in such a way that certain permissions take precedence over others. That's what's happening here: If you give a role the permission 'Post comments without permission' the 'Post comments' permission will be ignored. Problem is that there is no way to show this behavior in a clear way to the end user when he configures permissions. A good alternative would be to uncheck and grey out the 'Post comments' permission if the 'Post comments without approval' is checked for a role.
#10
Reading the Permission descriptions for comments can be confusing, especially if both "post comments" check boxes needs to be checked:
_ Post comments --> Add comments to content (approval required).
_ Post comments without approval --> Add comments to content (no approval required).
Both permission share the same description, so the admins think these two permissions are exclusive.
Instead of just fixing this bug, can we find a better way to express these permissions so as not to confuse the administrators? Do we need a usability review here or can we come with something straightforward? And later on, once we settle on a solution, as catch said, some tests will need to be written.
Any taught?
#11
#4 is a duplicate of #356445: "Add new comment" link disappears after the first comment has been created.
#12
Two permissions for the very same action is a 100% no-go. Permissions are cumulative. Having two permissions that do more or less the same will increase and NOT reduce confusion.
Change the permission name and/or clarify the description instead.
And, this is not critical.
#15
It will be good to consider #593670: User who cannot post comments without approval should be notified in advance. while fixing this issue.