Anyone can delete everyone's comment

[Mustafa_s]

Hello,

I've been using Fabrik to create and store records, each record contains a comment box via the Form Comment plugin. This works well for the most part, however I noticed that any user in any group can delete someone else's published comments.

For example, there is a saved record and user A decides to comment on the record. When user B decides to either edit or view the record he can actually click on the text area of the comment from user A and delete it.

Notice how I can double the written comment in the screenshot beow, select the text I want to delete and actually hit delete and save.

How can I disable this "feature"?

Any help is appreciated it, thank you.

 

[cheesegrits]

Which commenting method are you using? Local?

-- hugh

 

[Mustafa_s]

Hugh,

You are correct, I'm using local commenting. Below are the settings I'm using..

 

[cheesegrits]

That looks like an older version of the plugin. With the current version, I can't edit comments ...

http://screencast.com/t/EG6Hzlitefj

Try doing a github update ... I also fixed a couple of issues I noticed while testing prior to answering this.

-- hugh

 

[Mustafa_s]

Since thanks Hugh, that screencast is exactly what I'm looking for.

I won't be able to perform the upgrade since the application is in 24/7 use until the weekend.

Is there an alternative to doing a github update? What I mean is, can I take the latest version of the plugin advertised on this website and install over my current version of the form plugin?

 

[cheesegrits]

Nope, you can't cherry pick updates. Changes in plugins rely on changes in the main component.

If you don't use github, you can update everything to 3.4 through the main J! extension manager. I suggest doing it half a dozen or so at a time, don't do everything in one go, we've seen issues with failed file transfers if you try and run too many at once.

However, in this case, the fixes I just committed to github are necessary, as the local commenting was broken. So you'll need to do a github update. Which again, you can't cherry pick, you have to upload *everything*.

I don't know what version you are updating from, so I'd suggest doing a standard update through J!'s extension manager, and then a github update. That will get you up to date. I also STRONGLY recommend you don't do this on your live site. Use Akeeba to clone a sandbox site, and test doing it there first, make sure nothing mission critical to you is broken.

-- hugh

 

[Mustafa_s]

Thanks Hugh.

I was thinking of using Akeeba to clone a sandbox site as well, yep.

I've never done a github update before, I wonder how much of an impact it'll have on my application. My main concern is that the github update may break something else while fixing the commenting issue.

I guess the only way to find out is to apply *all* updates through github and test on a cloned site.

A good weekend lesson

keep you posted!

 

[cheesegrits]

Yup, obviously applying a github update has the potential to break stuff. Github is "bleeding edge", by definition, as it's our development code base. However, there is no other way to pick up fixes and improvements between releases. That's the trade off - you either stick on the "official" release track, and wait a few months for fixes in github to make their way in to the next release, or you switch to the github track.

And really, all a release is, is a snapshot of github. We just do our best to make sure we have a stable code base in github before doing a release. So it's usually a few weeks of going through the issues list, and being extra attentive in the forums for any bug reports, prior to deciding we are stable enough to build a release (which takes about a day, even with our extensive automation of the process).

And that's kind of where subscription support comes in. If you find bugs in your usage when you test on your sandbox, obviously we can fix them. But in Community, you are going to be bottom of the priority totem pole.

-- hugh

 

[Mustafa_s]

Hugh,

I wanted to follow up with my findings so as to clarify my issue and help anyone else that may experience a similar scenario. So as you suggested I managed to upgrade the Form Comment plugin code from github and to my surprise I was still experiencing the same issue. Suffice to say, after hours of digging in and troubleshooting the issue (on a development test site), I found the problem causing anyone to delete comments in the Form Comments plugin - it was the Joomla ACLs set on the Fabrik component, the Public group had "ALLOWED" set to everything. Doh!

I want to thank you for your help and time.

Thanks,
Mustafa