Fixed comment permissions

This commit is contained in:
Christopher Pitt 2015-04-14 16:25:48 +12:00
parent 7585b5d19f
commit 6effd8d5aa

View File

@ -267,54 +267,80 @@ class Comment extends DataObject {
* @return Boolean * @return Boolean
*/ */
public function canView($member = null) { public function canView($member = null) {
if(!$member) $member = Member::currentUser(); $member = $this->getMember($member);
// Standard mechanism for accepting permission changes from decorators if(!$member) {
$extended = $this->extendedCan('canView', $member); return false;
if($extended !== null) return $extended;
// Allow admin
if(Permission::checkMember($member, 'CMS_ACCESS_CommentAdmin')) return true;
// Check if parent has comments and can be viewed
$parent = $this->getParent();
return $parent && $parent->ProvideComments && $parent->canView($member);
} }
/** if($extended = $this->extendedCan('canView', $member)) {
* Checks for "CMS_ACCESS_CommentAdmin" permission codes and return $extended;
* {@link canView()}. }
*
* @param Member $member
*
* @return Boolean
*/
public function canEdit($member = null) {
if(!$member) $member = Member::currentUser();
// Standard mechanism for accepting permission changes from decorators if($parent = $this->getParent()) {
$extended = $this->extendedCan('canEdit', $member); return $parent->canView($member);
if($extended !== null) return $extended; }
if(!$this->canView($member)) return false;
return (bool) Permission::checkMember($member, 'CMS_ACCESS_CommentAdmin'); return (bool) Permission::checkMember($member, 'CMS_ACCESS_CommentAdmin');
} }
/** /**
* Checks for "CMS_ACCESS_CommentAdmin" permission codes and * Checks if the comment can be edited.
* {@link canEdit()}.
* *
* @param Member $member * @param null|int|Member $member
*
* @return Boolean
*/
public function canEdit($member = null) {
$member = $this->getMember($member);
if(!$member) {
return false;
}
if($extended = $this->extendedCan('canEdit', $member)) {
return $extended;
}
if($parent = $this->getParent()) {
return $parent->canEdit($member);
}
return (bool) Permission::checkMember($member, 'CMS_ACCESS_CommentAdmin');
}
/**
* Resolves Member object.
*
* @param null|int|Member $member
*
* @return DataObject|Member|null
*/
protected function getMember($member = null) {
if(!$member) $member = Member::currentUser();
if(is_numeric($member)) $member = Member::get()->byID($member);
return $member;
}
/**
* Checks if the comment can be deleted.
*
* @param null|int|Member $member
* *
* @return Boolean * @return Boolean
*/ */
public function canDelete($member = null) { public function canDelete($member = null) {
if(!$member) $member = Member::currentUser(); $member = $this->getMember($member);
// Standard mechanism for accepting permission changes from decorators if(!$member) {
$extended = $this->extendedCan('canDelete', $member); return false;
if($extended !== null) return $extended; }
if($extended = $this->extendedCan('canDelete', $member)) {
return $extended;
}
return $this->canEdit($member); return $this->canEdit($member);
} }