[myexperiment-hackers] [2310] trunk/lib/authorization.rb: removed permission for content owners to delete comments on their contributables

[noreply]

Revision

2310

Author

dgc

Date

2009-11-30 11:48:33 -0500 (Mon, 30 Nov 2009)

Log Message

removed permission for content owners to delete comments on their contributables

Modified Paths

• trunk/lib/authorization.rb

Diff

Modified: trunk/lib/authorization.rb (2309 => 2310)

--- trunk/lib/authorization.rb	2009-11-28 00:37:01 UTC (rev 2309)
+++ trunk/lib/authorization.rb	2009-11-30 16:48:33 UTC (rev 2310)
@@ -393,12 +393,10 @@
       when "Comment"
         case action
           when "destroy"
-            # the user who posted the comment can delete it, also anyone that
-            # can edit the object the comment relates to.  adminstrators and
-            # curators can also delete comments.
+            # Users can delete their own comments.  Curators and
+            # administrators can delete any comment.
   
             is_authorized = Authorization.is_owner?(user_id, thing_instance) ||
-              Authorization.check(:action ="" 'edit', :object => thing_instance.commentable, :user => user_id) ||
               user_is_administrator?(user_id) || user_is_curator?(user_id)
 
           when "view"