If user cannot view record then prevent comment

This commit is contained in:
Will Rossiter 2017-07-28 17:12:01 +12:00 committed by GitHub
parent fb3cc1b861
commit 85e8384151

View File

@ -363,6 +363,11 @@ class CommentsExtension extends DataExtension
if (!$this->owner->CommentsEnabled) { if (!$this->owner->CommentsEnabled) {
return false; return false;
} }
if (!$this->owner->canView($member)) {
// deny if current user cannot view the underlying record.
return false;
}
// Check if member is required // Check if member is required
$requireLogin = $this->owner->CommentsRequireLogin; $requireLogin = $this->owner->CommentsRequireLogin;