[url=http://wonderwinds.com/hackblog.php/2005/01/31/lim_iting_who_can_delete_edit_publish_po]This hack[/url] may be helpful.

I wanna say b2evolution is a nice blog but it is missing many things.
I hope "Phoenix" may fulfil all the requirements.
Google blogs (blogger.com) should be target of the b2evolution developers.

I also did hack, I wanna share with the people here:

To make authors edit/delete their own posts

In bottom of this file: ~/blogs/b2evocore/_class_user.php

/* this new function, I'm adding */
	function getauthor() { return $this->login; }
/* this new function, I added */

Some where in between of this file: ~/blogs/admin/_edit_showposts.php

if($user_login == $Item->Author->getauthor()) {
	// Display edit button if current user has the rights:
	$Item->edit_link( ' ', ' ', '#', '#', 'ActionButton');

		// Display delete button if current user has the rights:
	$Item->delete_link( ' ', ' ', '#', '#', 'DeleteButton');

	// Display publish NOW button if current user has the rights:
	$Item->publish_link( ' ', ' ', '#', '#', 'PublishButton');
}

Tips for hacking with b2evolution:
read out and find out what you can do with the data and functions in PHP classes here: ~/blogs/b2evocore/

Even my blogs http://www.mediasworks.com/blogs/ are not yet comment.
Lots of things to hack in b2evolution, I think.

One thing I wanna do is remove 'index.php' part in URLs coming in the blogs.
I did it, but some links in the blogs went HTTP 404.
I need some .htaccess rewrite to make: ~/blogs/path_tail/~file to ~/blogs/index.php/path_tail/~file

Also, can there's a way authors can edit their comments only.

If someone already did that, please help me.

I want to start off by thanking Anshul for posting his work. for some reason that did not work for me and I ended up doing this.

In bottom of this file: ~/blogs/b2evocore/_class_user.php

/* this new function, I'm adding */
   function getauthor() { return $this->login; }
/* this new function, I added */

Then in ~/blogs/skins/YOUR SKIN NAME HERE/_main.php

find this line

$Item->edit_link( ' • ' ); // Link to backoffice

and replace with

//We need to put a check in place to make sure that we are not allowing people to edit each others posts
if(($user_login == $Item->Author->getauthor()) || (strtolower($user_login) == 'admin'))
{
	$Item->edit_link( ' • ' ); // Link to backoffice for editing 
}

For my instance we will always use the admin account for admin stuff so that is why we added in the OR condition to the if statement. if you want to make YOUR custom account the admin and be able to edit everything then replace the == 'admin' with =='your user account name here all lower case'

Good luck and have fun blogging

Chris
PHP Developer - www.MountainInternet.com

Strangely enough, none of these hacks worked for me, so I had to use this one here http://wonderwinds.com/hackblog.php/2005/01/31/lim_iting_who_can_delete_edit_publish_po

But it seems that in all three cases, the only thing the hack does is to hide the edit-button. So if you know the link to edit the post, you can do so (as long as you know your users it's no problem, though). So let's hope some skilled b2-user will make a more secure hack somewhen!

I am stunned to read this section. I have just spent 3 full days setting up this software to only now discover that is totally floored :-
A. You cant have a topic where a new visitor can login and automatically be approved to leave a new posting. (So its not attracting new possible sticky customers the way it should. They cant participate till later. Why would a new visitor bother to wait. And why have a separate approval process, because you have not identified them anyway. they are still an annonymous stranger).

B. If you approve a person who registers, to access a topic and write posts there, you are automatically approving them to delete eveyone elses posts in the same topic? :roll: What? Surely this cant be so?
Why would anyone start to design this software without taking care of these two issues?
When a kid who wants to annoy people can find all of the B2evo blog sites and destroy many months of work, by every one of you, one afternoon just for fun.
I am stunned that you all accept this way of life!!

Please Mr B2Evo. Please be fair to the public. Please post a note on your download page that tell the public of this softwares shortcomings.

Get a grip okay?

First off, if you automagically allow newly registered people to blog you'll be the darling of the spam industry. That's why blogspot is so corrupted with spammers. How will you know if the person is not a spammer? You'll probably email them and decide if you want to give them permissions of any kind in YOUR blog. Duh. Second, the only way someone has permission to edit or delete posts is if you give them permission to edit or delete posts. HELLO!!! ANYBODY HOME??? If you give them permission then guess what? You gave them permission! Remember these are people you've decided to trust with the right to post content on YOUR blog. This isn't blogspot okay? It is YOUR blog software installed on YOUR server.

As to your core issue, and correct me if I'm wrong but your core issue is that you want authorized bloggers to only be able to edit or delete their own posts, why not post it in the [url=http://forums.b2evolution.net/viewforum.php?f=8]Feature request[/url] forum? The current method is considered a collaborative FEATURE. Yeah - it's a feature even though you personally don't like it. Dig this: if you trust your bloggers then you don't have to worry about malicious users deleting other people's posts. If you don't trust them then why did you give them permissions in YOUR blog? The way it is now, all permitted members can work on any given content. That's called collaboration! Each blogger could have their own blog if that's what you want them to have, or multiple bloggers can post in the same blog without having edit permissions if that's what you want them to have.

Just because it isn't how YOU think it should be doesn't mean it's wrong. It doesn't mean it's right either. It only means it's not what you magically decide is the only way the world should be.

Thanks again for responding Edb.

You said "or multiple bloggers can post in the same blog without having edit permissions if that's what you want them to have. "

If that is correct then my concern is not so bad. But how can you do that ?
I cant see that in the admin options.

Also I dont get this idea of trust. You can only trust those you know, or have some expeience of. Nearly all new registrations are complete strangers. How would you decide which registrants that you trust? So, if they are all strangers then you may as well give them automatic aproval (for those topics that you want them to get in and write about whilst they are in the mood).

The way I see it if you can have a general topic that any stranger can regiter for and commence blogging immediately, whist they have it on their mind, you are more likely to attract new users. You should have an email confirmation (click a link from an email the system has sent) before they sign in. And if they can not edit or delete other posts in this topic then the worst they can do is add spam. And its just as easy to deal with the spam as it is to process the approvals. Anyway each will make that choice but if you have collaborative blogging topic you are always exposed anless you have a carefull screeening process.

if you could have them all post but not edit (or delet) in the one topic then I would say yes that is a feature. Please advise where that is in the manual and/or admin
Regards

I just wiped out my 0.9.2 installation so I have to go from memory here. On your blogs tab select the blog you want someone to post in, then you get a list of registered members with various permissions. You make them a member of the blog and tick off the boxes for what you want them to be able to do. You can give posting permission without editing permission. Edit = delete I think but I could be wrong. You can also give them permission to only post drafts or protected until you decide they fit your style of blog. Keep in mind it is actually seriously completely your blog. It's not supposed to be a "sign up and start blogging" thing.

How to trust a stranger? Well let's see... You're probably getting the idea that my advice here, though perhaps a bit rough, is generally worthy. Others who post here are the same: if you get an answer it's probably trustable. You'll probably look at a reply and think "is this good info?", then attempt to implement it, then decide if you trust this person you've never met.

I used b2evolution for a hobby club back where I used to live. I actually knew most of the members so it's different, but I set up a mechanism by which total strangers who happened to be into our thing could also post. I trusted that if they could guess the login and password from the clues I gave then they were good to post. I did NOT give them permission to edit posts though. In fact all they could do is post published in one blog.

BTW I completely agree with the overall thrust of this thread. A blog owner should have the option to say that a blogger can edit/delete their own posts but not edit/delete content produced by others. It needs to be an option though. Another option to try to cover in a manual somewhere eh? The idea to me is that people who want to allow total strangers to post won't have to worry about accidentally trusting a person who turns out to be malicious. Then again you should be backing up your database from time to time, so if a blogger gets mean you can always restore the database and boot the offender.

Adding another layer of permissions means adding another layer of complexity, and it's pretty complex as it is. 1.6 and the future 1.8 get even crazier in terms of permissions, but it also streamlines it in some regards. Kinda hard to be all things at the same time eh?

EdB wrote:

BTW I completely agree with the overall thrust of this thread. A blog owner should have the option to say that a blogger can edit/delete their own posts but not edit/delete content produced by others. It needs to be an option though.

Another thing is that some users in my case are newbees without any knowledge about blogging. I'd like to tell them: "No worry, you can't do anything wrong whatever you do". So this is one reason I asked for this feature.

Thanks EdB but I think your mistaken about that.

The permissions tab on each blog in the admin panel only has a button for "member" then Post/Edit for all of the accessable levels of a post.

It strangely has a separate button for delete (if you approve someone to edit you may as well approve them to delete) So Edit/Delete permissions are the two that could be combined not Edit/Post.

In any case, as many others have said in this forum, there should be no ability to Edit/Delete somone elses posts, UNLESS YOU HAVE EDITORIAL PERMISSION its a fundamental security issue.

So as a security measure, and a commercial development, I would suggest that these two issues be added to the list of Urgent changes needed together:
(A). The separate granting of editorial permission (ability to Edit/Delete posts within a Blog) and at the same time, (B). changing the current situation where editorial permission it being automatically granted to every blogger in every blog.

Secondly as a commercial development its paramount that Blog owners have the option to specify that new registrants can have the ability to be both members of certain blogs automatically and also to be bloggers with posting only ability, automatically in those blogs.

These changes would mean that we can all have an additional Free-for-All blog to attract new participants who can join and participate immediately. They can spam that blog, but they can not destroy that blog because they can not edit or delete other than their own posts.

A Free-for-All blog is the very thing we need to have to help us do what most want from a blog and that is development of sticky users and community development around your web site.

The key issue here is security so that we are able to use the community Blogging feature without the risk of a trusted blogger deciding to wipe out a blog. Most web site owners are not in a position to assess trustworthyness of the public and they dont have to.

I will add this to the Feature requests Blog.