- b2evolution CMS Support Forums
- b2evolution Development
- A look into the future
- Feature requests and Feedback
- No edit or delete without separate Editorial Permission
1 akcent May 29, 2006 01:39
As many others have said in this forum, there should be no ability to Edit/Delete somone elses posts, UNLESS YOU HAVE EDITORIAL PERMISSION. It is a fundamental security issue.
EDITORAL PERMISSION (without a major overhaul)
So as a security measure, and a commercial development, I would suggest that these two issues be added to the list of Urgent changes needed together:
The separate granting of Editorial Permission (ability to Edit/Delete posts within a Blog separated from ability to post) and at the same time, changing the current situation where editorial permission it being automatically granted to every blogger in every blog.
<b>If you separate the Posting permission from Edit/Delete permission, then you have the ability to give editorial permission to the few instead of to all.</b>
The ability to Edit/Delete their OWN posts can be a separate additional development, because if they cant Edit/Delete ANY posts then we can manage well as they can ask an editor to fix a wrong post or just Live with it. Or they could be given editorial permission, if we trust them by then, or it could be even given temporarily.
ABILITY TO SPECIFY FREE FOR ALL BLOGS
Secondly as a commercial development its paramount that Blog owners have the option to specify that new registrants can have the ability to be both members of certain blogs automatically and also to be bloggers with posting only permission (as above), automatically in those blogs.
(Blogs could be designated a category, like Free-For-All or not when set up. Then in Groups/Blogs we need to be able to specify under Free-for-All permissions either "Member" and "Post" separate to /Edit-Delete/View/Full Access etc).
These changes would mean that we can all have an additional Free-for-All blog or blogs to attract new participants who can join and participate immediately. These auto members could spam those Free-For-all blogs, but they can not destroy the blog because they can not edit or delete ANY posts.
A Free-for-All blog is the very thing we need to have to help us do what most want from a blog and that is <b>development of sticky users</b> and community development around your web site.
The key issue here is <b>security</b> so that we are able to use the community Blogging feature without the risk of a trusted blogger later deciding to wipe out a blog. Most web site owners are not in a position to assess trustworthyness of the public and they dont really have to with this method.