Merge pull request #214 from fullscreeninteractive/wilr-patch-1

If user cannot view record then prevent comment

src/Extensions/CommentsExtension.php

@@ -363,6 +363,11 @@ class CommentsExtension extends DataExtension
         if (!$this->owner->CommentsEnabled) {
             return false;
         }
+        
+        if (!$this->owner->canView($member)) {
+            // deny if current user cannot view the underlying record.
+            return false;
+        }
 
         // Check if member is required
         $requireLogin = $this->owner->CommentsRequireLogin;