Hi,
Forum moderators cannot seem to delete comments in forum topics. I get the delete link, but when clicked it gives an access denied error.
The only way around this is to set 'administer comments' for authenticated users, but that means all my users can administer comments on all node types.
The only other module showing as a possible interference is groups_access, but I have disabled that and it makes no difference.
Devel shows no other modules setting access permissions either. It just seems that the forum moderator role isn't being given the correct permissions somewhere along the line.
Any help appreciated.
Thanks
Rich
Comment | File | Size | Author |
---|---|---|---|
#12 | Picture 8.png | 56.82 KB | bearstar |
Comments
Comment #1
salvisI can't reproduce this. My moderator on my test site can delete other user's comments.
Are you by any chance using Advanced Forum?
Comment #2
rich_lang CreditAttribution: rich_lang commentedHi,
Yes, I am using Advanced Forum. Are there any permissions specific to that then, or does it just not work very well with the forum_access module?
Thanks
Rich
Comment #3
salvisAF and FA have some areas where they overlap, and it's a bit of a challenge to get them to get along smoothly.
Please try to temporarily disable AF and check whether that makes any difference.
Comment #4
rich_lang CreditAttribution: rich_lang commentedThanks for the info. Advanced Forums is a 'must' for our client, so i'm happy with my current solution for this:
Removing the 'Delete' link for moderators via CSS (just so I can quickly put it back in if I ever need to).
Thinking about it, i'm not sure that deleting a comment (reply) is a good thing for moderators to be doing. It can affect the flow of a thread and make the replies to the deleted comment appear to be nonsensical. I am suggesting that my moderators edit the comment, remove offending text and insert a generic comment such as 'This reply has been moderated'.
Comment #5
salvis(Deleting a comment will delete the subtree of replies under it.)
I'm setting the support request to fixed because we've found an acceptable solution for you, but it would still help me if you could do a quick test and report back whether the "Access denied" error goes away if you temporarily disable AF.
Comment #6
MichelleAF does not deal with access control so, generally speaking, should not affect FA. I know there have been a few glitches here and there but, overall, AF and FA should work fine together.
Michelle
Comment #7
salvisThanks for jumping in, Michelle. The trouble with the comments is that they are dumb and deaf as far as access control is concerned. The only thing they understand is permissions. For that reason, FA needs to manipulate $user on-the-fly to make comment/delete/% accessible.
This works on my test site and so far I have no clue to why it goes to 403 for rich_lang. Just a wild guess: if AF moved comment/delete/% to some other path, then it obviously wouldn't work. I've tried installing AF not too long ago (in a different context), but there are a lot of options that I don't really know how to configure...
Comment #8
MichelleAF doesn't do much with core comments aside from making them look nicer, but it does have the option to use Node Comments, which totally throws a wrench in things. Is the OP using that?
Michelle
Comment #10
bearstar CreditAttribution: bearstar commentedHi there,
I see that you were looking for someone who has the same issue as rich_Lang.
I have AF installed and as forum moderator, I cannot delete comments. The reason it is confusing is that there is a greyed-out checkbox that implies that folks who are designated as forum moderators have the permission to delete comments. But, they don't.
The only way around that I can tell is to give moderators a role that allows them to do more than regular authenticated users. I wonder why that AF setting is even there if it doesn't do what it implies?
Comment #11
MichelleWhat setting are you talking about? AF doesn't have anything to do with moderation.
Michelle
Comment #12
bearstar CreditAttribution: bearstar commentedIf you go to /admin/content/forum/edit/forum/xx you will see a section shown in the attached snap.
Ignore the "moderator" role (that's something I just created as test) but if you look at the greyed-out Forum Moderator role, the area under Delete posts is checked, which implies that forum moderators can delete posts in forums that they are moderating....
UPDATE: When the Forum Moderator user deletes a comment (yes, they can see the Delete button), they get Access Denied.
It all hinges on the permission for Administer Comments. If that is checked, the Forum Moderator can delete comments. While this would imply that the regular authenticated user can also delete comments, that is not actually the case.
So, I guess it works. I will do more testing and will report back if I discover something else....
Comment #13
MichelleThat image has nothing to do with Advanced Forum. I'm guessing that's Forum Access adding it.
Michelle
Comment #14
bearstar CreditAttribution: bearstar commentedThat makes sense. Thanks for pointing that out. I now know which tree to bark up if I have further issues.
Comment #15
salvisYes, that's Forum Access.
No, forget 'administer comments'. Forum moderators must be able to delete comments without that (global!) permission.
I would still like to get answers to two questions:
1. Are you using the Node Comments module?
2. Does your moderator still get 'Access denied' when you temporarily disable Advanced Forum?
Comment #16
alien CreditAttribution: alien commentedPlease help, i have the same issue. I'm not using Node Comments module and yes then i disable Advanced Forum i still get 'Access denied'.
thx,
Comment #17
salvisSee #7...
Please set up a virgin test site with only Forum Access (and ACL) and try this there. We must find a common ground!
Comment #18
alien CreditAttribution: alien commentedFor me it's "organic group 6.x-2.1" module. if i disable it, delete comment works, i don't have access_denied.
My version of drupal is 6.22
Can you test with this module please.
Edit :
if i comment the function og_init in the file og.module it works.
And in this function :
here the dump of $item variable
'access' => boolean false ?
thx
Comment #19
salvisFinally, we have a clue! Thanks!
Comment #20
Media Crumb CreditAttribution: Media Crumb commentedDid this issue ever get solved. Having the same problem.
Comment #21
salvisNo. We haven't found the source of the problem.
Are you using OG?
Comment #22
Media Crumb CreditAttribution: Media Crumb commentedyes I am
Comment #23
salvisYou can delete nodes, but not comments.
Are you using the Node Comments module?
Are you using Advanced Forum?
Moderators have a Delete link, but when they click on it, they get access denied — is that what you're seeing?
Comment #24
Media Crumb CreditAttribution: Media Crumb commented"Moderators have a Delete link, but when they click on it, they get access denied — is that what you're seeing?"
Yes, they see a link but get access denied. I'm using AF but not node comments.
Comment #25
Media Crumb CreditAttribution: Media Crumb commentedAlso I'm using OG as well. Seems like that is the common thread here no?
Comment #26
salvisalien's analysis in #18 is correct. The problem is indeed og_init() calling menu_get_item() (via og_determine_context()), before forum_access_init() has run.
The first call of menu_get_item() evaluates the access callback and arguments and sets the 'access' key, and as soon as that is first set to false, there is no way to recover. This is a limitation of core that has been discussed at length in the core queue. This lead to the development of the Chain Menu Access API module, which is used by FA for D7.
To work around this issue, which is caused by OG, FA would need to be updated to use CMA. We have an example in FA for D7, but this would still be a major effort and require lots of testing. I doubt that anyone wants to undertake this.
Alternatively, you can play with the module weights (see the Util module). FA has a weight of 2 and OG a weight of 0. If you change the weights such that OG becomes heavier than FA (or at least the same weight), then forum_access_init() will run before og_init() and it should work. However, changing module weights can have all sorts of unexpected and undesirable consequences. If you decide to try that, you're completely on your own. If you ever seek support, be sure to change the module weights back to their initial configuration and check whether this solves the problem.
Comment #28
salvisComment #29
dillix CreditAttribution: dillix commented