Skip to end of metadata
Go to start of metadata

We're trying to use Community Bubbles to have forums on our site, but I'm curious if there is a way to prevent a user from editing a different user's posts? 

For example, this post was created by one user and edited by another.

  • No labels

12 Comments

  1. Unknown User (gfraser)

    Use the add-topic macro to output link to create a new topic - this macro automatically sets page permissions so that only the author of the topic can edit the opening post.

    1. you can also use the {add-page-restriction} macro that comes with builder to do a similar thing (handy if you want to define a template for use in the new post)

      1. Unknown User (mhenman)

        Where can I find more documentation on the add-page-restriction macro?  I see references to it from several posts, but I can't find any docs.

        Thanks!

        1. Unknown User (orgetex)

          their is no documentation available at Adaptavist but you will find it if you type "add page" within your macro browser. Syntax is as follows:

          {add-page-restriction:edit=user3,group3|view=user1,user2,group1,group2}
    2. Unknown User (mhenman)

      We're using the add-topic macro, and that's not adding the restriction. Even setting the restrict parameter in the macro, top level posts can still be edited by others.

      1. If you have builder installed (it doesn't need to be the selected theme) then edit a page and on the right there is a link to the confluence notation guide.

        All of the builder macros are fully documented in there, the html documentation is lagging behind I'm afraid, we hope to address this deficiency in the coming months.

        1. Unknown User (mjhenman)

          OK, I'll give that a try.  We'll have to make that part of a template, as we'll not ask our users to have to put that in every post.

          I'm curious why even this site allows users to edit each others posts.  Seems like a glaring security hole to have that as the default behavior.

          1. Unknown User (gfraser)

            We monitor all changes on this site closely (eg. to delete spam as soon as it appears) so it's not too much of a problem in our use case.

          2. It's easy enough to roll back someone else's changes ... if a user abuses our trust we just disable their login.

            1. Unknown User (mjhenman)

              Wow, I'm glad that works for you.  I've never worked anywhere that took that stance.  I'm under mandate to ensure that the system does not allow a non-admin user to modify any content created by another user.  Thanks again for the help!

              1. Unknown User (gfraser)

                Yup, a lot of our customers have the same security requirements hence us making the macros mentioned above.

                Have you checked that users have the 'restrict' permission (allows them to add restrictions to pages in a space) - that might be why the add-topic macro isn't working for you.

                1. Unknown User (mjhenman)

                  I checked this morning and yes, all users have the restrict permission.