As it says on the tin. We have dozens of publicly viewable spaces, most of them have anonymous comments enabled. This was OK for years, but eventually spammers found this hole.
Even with CAPTCHA enabled a lot of spam comments are manually put in (almost all from China, Russia, India, Venezuele, India).
Thus, the time has now come to disable anonymous comments.
Because we have so many spaces, I'm looking for an automated way to remove the privileges from all spaces. Is this possibel? SQL is no problem here.
I do it by editing the Comment Layout decorator and adding a check: if the user is not logged in, then the comments area doesn't show up. Instead, I prompt them to log in. Here's the code:
#if ($permissionHelper.canComment($remoteUser, $page)) ## comment code here #elseif (!$permissionHelper.canComment($remoteUser, $page)) #set($targetPage = "/login.action?os_destination=" + $generalUtil.urlEncode($page.getUrlPath())) You must <a href="$targetPage">log in</a> to comment. #end
--action runFromSpaceList --common "--action removePermissions --space @space@ --userId anonymous --permissions comment"
If you don't need it for all space, there are other techniques to subset the list (regex) or just use a specific list with runFromList
Furthermore, you can view your permission settings across all your spaces with this example output: getSpacePermissionList
I already had a look at the spacepermissions table and came up with:
DELETE FROM spacepermissions WHERE permtype = 'COMMENT' AND permusername IS NULL and permgroupname IS NULL;
That seemed to do the trick.
I'll have a look at the CLI stuff because that seem to be a better abstraction layer then plain SQL.
You have to be careful with the SQL approach not to corrupt your database (from a Confluence perspective). You should also not do SQL on a live server. For some things, you may be able to get away with it and it is hard to know what cases those are or if it changes from one release to another :(.
You're right. I just found out that my SQL solution in fact did NOT work.
Or, not any more. I swear that the anonymous comment was gone when I applied the commands, but several hours later it's there again. Even though the permissions manager shows a red cross.
If I manually enable all permissions, then disable, then it works.
I'll try the CLI tools now.
While it's only hiding comments from anon. users, this is a way to achieve this:
More and more people are building their careers with Atlassian, and we want you to be at the front of this wave! Important Dates Start the Certification Prep Course by 2 April 2019 Take your e...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs