Merge pull request #110 from tractorcow/pr/109

Fixed comment permissions
This commit is contained in:
Christopher Pitt 2015-04-16 11:10:19 +12:00
commit 1410702fce
2 changed files with 79 additions and 22 deletions

View File

@ -267,58 +267,96 @@ class Comment extends DataObject {
* @return Boolean
*/
public function canView($member = null) {
if(!$member) $member = Member::currentUser();
$member = $this->getMember($member);
// Standard mechanism for accepting permission changes from decorators
$extended = $this->extendedCan('canView', $member);
if($extended !== null) return $extended;
if($extended !== null) {
return $extended;
}
// Allow admin
if(Permission::checkMember($member, 'CMS_ACCESS_CommentAdmin')) return true;
if(Permission::checkMember($member, 'CMS_ACCESS_CommentAdmin')) {
return true;
}
// Check if parent has comments and can be viewed
$parent = $this->getParent();
return $parent && $parent->ProvideComments && $parent->canView($member);
if($parent = $this->getParent()) {
return $parent->canView($member)
&& $parent->has_extension('CommentsExtension')
&& $parent->CommentsEnabled;
}
return false;
}
/**
* Checks for "CMS_ACCESS_CommentAdmin" permission codes and
* {@link canView()}.
* Checks if the comment can be edited.
*
* @param Member $member
* @param null|int|Member $member
*
* @return Boolean
*/
public function canEdit($member = null) {
if(!$member) $member = Member::currentUser();
$member = $this->getMember($member);
if(!$member) {
return false;
}
// Standard mechanism for accepting permission changes from decorators
$extended = $this->extendedCan('canEdit', $member);
if($extended !== null) return $extended;
if($extended !== null) {
return $extended;
}
if(!$this->canView($member)) return false;
if(Permission::checkMember($member, 'CMS_ACCESS_CommentAdmin')) {
return true;
}
return (bool) Permission::checkMember($member, 'CMS_ACCESS_CommentAdmin');
if($parent = $this->getParent()) {
return $parent->canEdit($member);
}
return false;
}
/**
* Checks for "CMS_ACCESS_CommentAdmin" permission codes and
* {@link canEdit()}.
* Checks if the comment can be deleted.
*
* @param Member $member
* @param null|int|Member $member
*
* @return Boolean
*/
public function canDelete($member = null) {
if(!$member) $member = Member::currentUser();
$member = $this->getMember($member);
if(!$member) {
return false;
}
// Standard mechanism for accepting permission changes from decorators
$extended = $this->extendedCan('canDelete', $member);
if($extended !== null) return $extended;
if($extended !== null) {
return $extended;
}
return $this->canEdit($member);
}
/**
* Resolves Member object.
*
* @param Member|int|null $member
* @return Member|null
*/
protected function getMember($member = null) {
if(!$member) {
$member = Member::currentUser();
}
if(is_numeric($member)) {
$member = DataObject::get_by_id('Member', $member, true);
}
return $member;
}
/**
* Return the authors name for the comment
*

View File

@ -14,6 +14,25 @@ class CommentsTest extends FunctionalTest {
public function setUp() {
parent::setUp();
Config::nest();
// Set good default values
Config::inst()->update('CommentsExtension', 'comments', array(
'enabled' => true,
'enabled_cms' => false,
'require_login' => false,
'require_login_cms' => false,
'required_permission' => false,
'require_moderation_nonmembers' => false,
'require_moderation' => false,
'require_moderation_cms' => false,
'frontend_moderation' => false,
'frontend_spam' => false,
));
// Configure this dataobject
Config::inst()->update('CommentableItem', 'comments', array(
'enabled_cms' => true
));
}
public function tearDown() {