Author: gabriel.birke
Description:
Annotations from anonymous users are stored with user id 0. However, the code for updating/deleting annotations checks for user id identity so even logged in users can only edit their own comments. This could result in undeleteable, uneditable offensive comments all over the wiki.
My proposal for this would be new permissions named "updateannotation" and "deleteannotation" assigned to the sysop user by default. These permissions would allow to bypass the "only update/delete your own annotation" restriction.
Version: unspecified
Severity: normal
See Also:
T54156: History for annotations
T56246: Logging for deleted annotations