How do I remove the 'adding comments' from anonymous users?

As it says on the tin. We have dozens of publicly viewable spaces, most of them have anonymous comments enabled. This was OK for years, but eventually spammers found this hole.

Even with CAPTCHA enabled a lot of spam comments are manually put in (almost all from China, Russia, India, Venezuele, India).

Thus, the time has now come to disable anonymous comments.

Because we have so many spaces, I'm looking for an automated way to remove the privileges from all spaces. Is this possibel? SQL is no problem here.

Thanks

3 answers

I do it by editing the Comment Layout decorator and adding a check: if the user is not logged in, then the comments area doesn't show up. Instead, I prompt them to log in. Here's the code:

#if ($permissionHelper.canComment($remoteUser, $page))
  ## comment code here
#elseif (!$permissionHelper.canComment($remoteUser, $page))
  #set($targetPage = "/login.action?os_destination=" + $generalUtil.urlEncode($page.getUrlPath()))
  You must <a href="$targetPage">log in</a> to comment.
#end

hth,

matt

Yes, easy to do with Confluence Command Line Interface. Use the removePermissions action specifying the space. Use in combination with runFromSpaceList like so:

--action runFromSpaceList --common "--action removePermissions --space @space@ --userId anonymous --permissions comment"

If you don't need it for all space, there are other techniques to subset the list (regex) or just use a specific list with runFromList

Furthermore, you can view your permission settings across all your spaces with this example output: getSpacePermissionList

I already had a look at the spacepermissions table and came up with:

DELETE FROM spacepermissions WHERE permtype = 'COMMENT' AND permusername IS NULL and permgroupname IS NULL;

That seemed to do the trick.

I'll have a look at the CLI stuff because that seem to be a better abstraction layer then plain SQL.

Thanks!!

You have to be careful with the SQL approach not to corrupt your database (from a Confluence perspective). You should also not do SQL on a live server. For some things, you may be able to get away with it and it is hard to know what cases those are or if it changes from one release to another :(.

You're right. I just found out that my SQL solution in fact did NOT work.

Or, not any more. I swear that the anonymous comment was gone when I applied the commands, but several hours later it's there again. Even though the permissions manager shows a red cross.

If I manually enable all permissions, then disable, then it works.

I'll try the CLI tools now.

Suggest an answer

Log in or Sign up to answer
Atlassian Community Anniversary

Happy Anniversary, Atlassian Community!

This community is celebrating its one-year anniversary and Atlassian co-founder Mike Cannon-Brookes has all the feels.

Read more
Community showcase
Kesha Thillainayagam
Posted Apr 13, 2018 in Confluence

We want to hear how your non-technical teams are using Confluence!

Hi Community! Kesha (kay-sha) from the Confluence marketing team here! Can you share stories with us on how your non-technical (think Marketing, Sales, HR, legal, etc.) teams are using Confluen...

370 views 20 10
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you