Open SamBartrum opened 8 years ago
JackMedley
commented
8 years ago Only admins or the people that 'own' the post I would have thought? SO have a system where anyone can vote for a comment to be removed and if enough people do so its flagged for an admin to decide
SamBartrum
commented
8 years ago Yeah obvs. I guess we don't need a 'delete', an 'edit' and a 'report' should be appropriate
JackMedley
commented
8 years ago Well I suppose when you render the list server side you will need to know which posts/comments belong to the user who requested the page (and whether they are an admin/academic/registered user) and then that way you can give them exactly the correct amount of privelages simple by only rendering the buttons they are allowed...that said then end-points for the buttons that arent hidden should still double check that the action is legit.
SamBartrum
commented
8 years ago So I've already attached users to posts/comments etc. And it's easy client side to not display buttons etc if the user is not authenticated
Should we allow this? If so should be keep the old posts?