mirror of
https://github.com/silverstripe/silverstripe-comments
synced 2024-10-22 11:05:49 +02:00
Merge pull request #110 from tractorcow/pr/109
Fixed comment permissions
This commit is contained in:
commit
1410702fce
@ -267,58 +267,96 @@ class Comment extends DataObject {
|
||||
* @return Boolean
|
||||
*/
|
||||
public function canView($member = null) {
|
||||
if(!$member) $member = Member::currentUser();
|
||||
$member = $this->getMember($member);
|
||||
|
||||
// Standard mechanism for accepting permission changes from decorators
|
||||
$extended = $this->extendedCan('canView', $member);
|
||||
if($extended !== null) return $extended;
|
||||
if($extended !== null) {
|
||||
return $extended;
|
||||
}
|
||||
|
||||
// Allow admin
|
||||
if(Permission::checkMember($member, 'CMS_ACCESS_CommentAdmin')) return true;
|
||||
if(Permission::checkMember($member, 'CMS_ACCESS_CommentAdmin')) {
|
||||
return true;
|
||||
}
|
||||
|
||||
// Check if parent has comments and can be viewed
|
||||
$parent = $this->getParent();
|
||||
return $parent && $parent->ProvideComments && $parent->canView($member);
|
||||
if($parent = $this->getParent()) {
|
||||
return $parent->canView($member)
|
||||
&& $parent->has_extension('CommentsExtension')
|
||||
&& $parent->CommentsEnabled;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Checks for "CMS_ACCESS_CommentAdmin" permission codes and
|
||||
* {@link canView()}.
|
||||
* Checks if the comment can be edited.
|
||||
*
|
||||
* @param Member $member
|
||||
* @param null|int|Member $member
|
||||
*
|
||||
* @return Boolean
|
||||
*/
|
||||
public function canEdit($member = null) {
|
||||
if(!$member) $member = Member::currentUser();
|
||||
$member = $this->getMember($member);
|
||||
|
||||
if(!$member) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// Standard mechanism for accepting permission changes from decorators
|
||||
$extended = $this->extendedCan('canEdit', $member);
|
||||
if($extended !== null) return $extended;
|
||||
if($extended !== null) {
|
||||
return $extended;
|
||||
}
|
||||
|
||||
if(!$this->canView($member)) return false;
|
||||
if(Permission::checkMember($member, 'CMS_ACCESS_CommentAdmin')) {
|
||||
return true;
|
||||
}
|
||||
|
||||
return (bool) Permission::checkMember($member, 'CMS_ACCESS_CommentAdmin');
|
||||
if($parent = $this->getParent()) {
|
||||
return $parent->canEdit($member);
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Checks for "CMS_ACCESS_CommentAdmin" permission codes and
|
||||
* {@link canEdit()}.
|
||||
* Checks if the comment can be deleted.
|
||||
*
|
||||
* @param Member $member
|
||||
* @param null|int|Member $member
|
||||
*
|
||||
* @return Boolean
|
||||
*/
|
||||
public function canDelete($member = null) {
|
||||
if(!$member) $member = Member::currentUser();
|
||||
$member = $this->getMember($member);
|
||||
|
||||
if(!$member) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// Standard mechanism for accepting permission changes from decorators
|
||||
$extended = $this->extendedCan('canDelete', $member);
|
||||
if($extended !== null) return $extended;
|
||||
if($extended !== null) {
|
||||
return $extended;
|
||||
}
|
||||
|
||||
return $this->canEdit($member);
|
||||
}
|
||||
|
||||
/**
|
||||
* Resolves Member object.
|
||||
*
|
||||
* @param Member|int|null $member
|
||||
* @return Member|null
|
||||
*/
|
||||
protected function getMember($member = null) {
|
||||
if(!$member) {
|
||||
$member = Member::currentUser();
|
||||
}
|
||||
|
||||
if(is_numeric($member)) {
|
||||
$member = DataObject::get_by_id('Member', $member, true);
|
||||
}
|
||||
|
||||
return $member;
|
||||
}
|
||||
|
||||
/**
|
||||
* Return the authors name for the comment
|
||||
*
|
||||
|
@ -14,6 +14,25 @@ class CommentsTest extends FunctionalTest {
|
||||
public function setUp() {
|
||||
parent::setUp();
|
||||
Config::nest();
|
||||
|
||||
// Set good default values
|
||||
Config::inst()->update('CommentsExtension', 'comments', array(
|
||||
'enabled' => true,
|
||||
'enabled_cms' => false,
|
||||
'require_login' => false,
|
||||
'require_login_cms' => false,
|
||||
'required_permission' => false,
|
||||
'require_moderation_nonmembers' => false,
|
||||
'require_moderation' => false,
|
||||
'require_moderation_cms' => false,
|
||||
'frontend_moderation' => false,
|
||||
'frontend_spam' => false,
|
||||
));
|
||||
|
||||
// Configure this dataobject
|
||||
Config::inst()->update('CommentableItem', 'comments', array(
|
||||
'enabled_cms' => true
|
||||
));
|
||||
}
|
||||
|
||||
public function tearDown() {
|
||||
|
Loading…
Reference in New Issue
Block a user