describe unexpected situation where a logged-in user can delete other comments

2021-09-30 09:59:32 -04:00 · 2021-09-30 09:59:32 -04:00 · 7b71cc3636
parent 4ad3d3a873
commit 7b71cc3636
1 changed files with 6 additions and 0 deletions
--- a/doc/bugs/logged_in_users_can_remove_any_comments.mdwn
+++ b/doc/bugs/logged_in_users_can_remove_any_comments.mdwn
@ -0,0 +1,6 @@
+[ the precise circumstances around which this can happen are still being nailed down ]
+
+[[plugins/remove]] says:
+> Users can only remove things that they are allowed to edit or upload.
+
+This permits a logged-in user to remove comments by other users, which might be unexpected. *&mdash; [[Jon]], 2021-09-30*