Prevent anonymous users from deleting comments

[riv]

It seems that if I enable the default anonymous user, then everyone can edit/delete other anonymous comments. Is there any way to prevent this?

[atrol]

if I enable the default anonymous user

Confusing, there is no default anonymous user in Mantis.

[riv]

Not sure if it was in the manual, but I have a user with anonymous@localhost email, which seems to be used for everyone that isn't logged in (I had to create the user manually, though, but I don't see how I could change its priveleges).

[atrol]

Got page "Manage" > "Manage Users"
Click on the anonymous user
Change "Access Level" to "viewer".
Click "Update User"

[riv]

Got page "Manage" > "Manage Users"
Click on the anonymous user
Change "Access Level" to "viewer".
Click "Update User"

But then they won't be able to submit issues/post comments? That was the whole point, I want people to be able to contribute without going through the trouble of registering.

I'm reading through the scripts and there seem to be some settings such as bugnote_allow_user_edit_delete and delete_bugnote_threshold - but I can't see those mentioned in the documentation.

[atrol]

Is your user configured as a reporter?
If so, the user should not be able to change notes with default settings.
Goto page Manage > Manage Configuration > Workflow Thresholds
Have a look at section "Notes"
There should just be checkbox "Add notes" enabled for reporters.

BTW, you didn't tell which version you are using.
Maybe you are running an outdated version which might cause your issue.
I recommend to upgrade to 1.2.19 if you are running an older version.

[riv]

I'm on 1.2.19

In the workflow thresholds, in the "Allow user to edit their own issue notes" line there is only one common checkbox for all access levels. I tried changing anonymous level to viewer and added the capability to report issues and add notes, and it still allowed it to edit/delete all anonymous notes.

Unchecking this box prevents all users from editing/deleting posts, which isn't a great solution, either

Here's my notes section: http://i.imgur.com/LlbONWX.png

[atrol]

Coming back to your very first statement
> It seems that if I enable the default anonymous user, then everyone can edit/delete other anonymous comments
So you want anonymous users but you want to distinguish between them?
They are anonymous, thus you can't know which one of your anonymous users created the note.

[riv]

No, I just want them to not be able to delete/edit comments at all, but it seems that the 'can edit/delete' option can only be changed for all access levels at the same time.

[atrol]

What I tried:

Fresh installation of 1.2.19
Created user "anon" as a REPORTER.
Added the following lines to file config_inc.php

Code: Select all

$g_allow_anonymous_login	= ON;
$g_anonymous_account		= 'anon';

Logged in as user anon
Created an issue
Added a note
Logged in as administrator
Added a note to the same issue
Logged in as anon
I get buttons to edit/delete the first note.
I see no buttons to edit/delete the note thas has been added by user administrator.

Logged in as administrator
Unchecked "Allow user to edit their own issue notes" on "Workflow Thresholds"page
Logged in as anon
Now I see no buttons to edit/delete the first own note.
And still I see no buttons to edit/delete the note thas has been added by user administrator.

I don't see any unexpected behavior.
Am I missing something?