Simple users can see the Edit button on other's users Forums, Topics, Answers and Comments

[ane-gabriela]

Steps to reproduce:

1. As Admin or a simple user eg. user01 create a Forum, Topic, Answer, Comment
2. As another simple user eg. user02 access the Forums home page
3. Click on Edit next to the Forum
4. Access the Topic
5. Click on Edit
6. Access an Answer
7. Click on Edit Answer
8. Observe the Comment
9. Click on Edit

Expected results: A simple user shouldn't be able to edit Forum/Topic/Answer/Comments that aren't his or he is not the Forum/Topic creator.

Actual results:

• The simple user can Edit the Forum created by Admin or another user
• The simple user can Edit the Topic created by Admin or another user
• The simple user can Edit the Answer created by Admin or another user
• The simple user can see the Edit button next to the comment but once clicked the message "Failed to retrieve comment:Forbidden"

Environment: Windows 10, XWiki 12.1 with MySQL 5.7 and IE 11, Forum Application (Pro) 2.7.1

[ane-gabriela]

When simple users click on Edit next to a comment of another user/admin

Environment: Windows 11, XWiki 14.10.18 with Forum Application (Pro) 2.9, Chrome 118

[ndascalita]

Could reproduce in XWiki 14.10.20 with Forum Application Pro 2.9.1