Anyone can delete a post from a pool using the API, but only mods and the pool creator can see the "delete posts" checkbox, even in public pools. Is that intended? Seems like the delete interface should show up for anyone who can add a post.
Updated
Posted under General
zewt said:
I don't think I am. Are you sure you didn't test this logged in as a moderator? It always shows up for mods.
I didn't test it at all, but I checked the source and the pool controller checks that you have the proper permissions before removing posts from a pool. Did you test it?
http://img131.imageshack.us/my.php?image=danboorulh8.png
This is another matter and I haven't checked but I have a feeling a good chunk of those don't belong there.
I reported it because I saw the problem, though I did check the source to see what was going on (and since I had seen it on moe and wanted to make sure it wasn't some change there).
pool_controller.rb remove_post checks "if !@pool.is_public? && (@current_user == nil || @current_user.id != @pool.user_id)", so anyone can delete posts from public pools, and only the user can do so from private pools (this sounds correct).
views/pool/show.rhtml tests current_user.has_permission?(@pool) before displaying del-mode. That's the check the API does for pool/destroy, not pool/delete_post.
Shuugo: did you use POST (not GET) when you tried it? I hit that problem: for some reason, the API only accepts POST for several commands (including this one).
Log said:
http://img131.imageshack.us/my.php?image=danboorulh8.pngThis is another matter and I haven't checked but I have a feeling a good chunk of those don't belong there.
I did some clean up and will do some checking on the remaining images.
zewt said:
Anyone can delete a post from a pool using the API, but only mods and the pool creator can see the "delete posts" checkbox, even in public pools. Is that intended? Seems like the delete interface should show up for anyone who can add a post.
This is a bug probably. http://trac.donmai.us/ticket/102
