Draft & Editability based on enum status for different roles Security wise?

I have a scenario, lets say a hotel review website. there are lists of hotels, and each hotel has some questions, like if it has a pool, or a bar, or airconditioning. We would like anonymous users to be able to supply a draft review. Initially we had the hotel have an enum(pending, approved), so that a moderator was able to change the enum. but we had the issue that anonymous users were not able to edit their drafts. We then gave the anonymous user all the read/write rights, but this now means that anonymous users are able to rewrite approved reviews. I thought maybe it would be a good idea to create another entity, that is identical to the hotel, and call it hoteldraft, have a MF that an admin can use, that copies the data from the draft to the approved one.  But this seems redundant, so is there a smarter way to only make the hotel editable by an anounymous user while the status is on pending?  
2 answers

Hi Jason,

This is a common issue with anonymous users, they are anonymous so the system will have a hard time identifying what they did in a previous session, hence anonymous. If they are still in the same session, ofcourse you can use an association to the session that the anonymous user needs in order to reach some point of editting something.

One fix for this is allowing anonymous users to input their email address in their review (not shown to other anonymous users), and on review send them an email with a deeplink that allows them to edit the review for an x amount of time, where the deeplink has a loooonnnggg string inside it that will make it impossible for other anonymous people to ‘guess'’ the link and be able to edit other anonymous’ people's  reviews.


I know you can hide pages with input fields, based on roles, but does this cause security vulnerabilities, due to the fact that anonymous users are still allowed to edit the entity

proposed in this post: