I have in my quip options: &moderatorGroup=`Administrator`
I noticed that normal members in a different group could also delete the comments.
The "remove" option next to the comment was available.
Digging a litle further, I noticed that:
None of my member groups have a resource policy for quip in there. (under element category access), including the administrators.
Digging a bit further in the quipthread.class.php I see this:
switch ($permission) {
case ’view’:
$access = $this->xpdo->hasPermission(’quip.thread_view’);
break;
case ’truncate’:
$access = $this->xpdo->hasPermission(’quip.thread_truncate’);
break;
case ’comment_approve’:
$access = $this->xpdo->hasPermission(’quip.comment_approve’);
break;
case ’comment_remove’:
$access = $this->xpdo->hasPermission(’quip.comment_approve’);
break;
case ’comment_update’:
$access = $this->xpdo->hasPermission(’quip.comment_approve’);
break;
}
Is it correct that all these hasPermissions go to comment_approve??
I already had to change the file earlier, because my quip comment box was being closed automatically after 14 days. Although I leaved it open until eternity.
Database says that it’s `0` but the default options where still taken.
As I have only one quip form on my site I commented-out the function checkifstillopen and just return true.
Modx version: MODx Revolution 2.0.0-pl rev7212
quip: 1.1.0 RC1
PHP Version 5.2.10
Server: Linux with Apache/1.3.41
