From a004dfe780babd736509604d9627df8577a79fab Mon Sep 17 00:00:00 2001 From: Christopher Pitt Date: Tue, 14 Apr 2015 16:25:48 +1200 Subject: [PATCH] Fixed comment permissions --- code/dataobjects/Comment.php | 82 ++++++++++++++++++++++++++---------- tests/CommentsTest.php | 19 +++++++++ 2 files changed, 79 insertions(+), 22 deletions(-) diff --git a/code/dataobjects/Comment.php b/code/dataobjects/Comment.php index 32e79bd..264211f 100755 --- a/code/dataobjects/Comment.php +++ b/code/dataobjects/Comment.php @@ -267,58 +267,96 @@ class Comment extends DataObject { * @return Boolean */ public function canView($member = null) { - if(!$member) $member = Member::currentUser(); + $member = $this->getMember($member); - // Standard mechanism for accepting permission changes from decorators $extended = $this->extendedCan('canView', $member); - if($extended !== null) return $extended; + if($extended !== null) { + return $extended; + } - // Allow admin - if(Permission::checkMember($member, 'CMS_ACCESS_CommentAdmin')) return true; + if(Permission::checkMember($member, 'CMS_ACCESS_CommentAdmin')) { + return true; + } - // Check if parent has comments and can be viewed - $parent = $this->getParent(); - return $parent && $parent->ProvideComments && $parent->canView($member); + if($parent = $this->getParent()) { + return $parent->canView($member) + && $parent->has_extension('CommentsExtension') + && $parent->CommentsEnabled; + } + + return false; } /** - * Checks for "CMS_ACCESS_CommentAdmin" permission codes and - * {@link canView()}. + * Checks if the comment can be edited. * - * @param Member $member + * @param null|int|Member $member * * @return Boolean */ public function canEdit($member = null) { - if(!$member) $member = Member::currentUser(); + $member = $this->getMember($member); + + if(!$member) { + return false; + } - // Standard mechanism for accepting permission changes from decorators $extended = $this->extendedCan('canEdit', $member); - if($extended !== null) return $extended; + if($extended !== null) { + return $extended; + } - if(!$this->canView($member)) return false; + if(Permission::checkMember($member, 'CMS_ACCESS_CommentAdmin')) { + return true; + } - return (bool) Permission::checkMember($member, 'CMS_ACCESS_CommentAdmin'); + if($parent = $this->getParent()) { + return $parent->canEdit($member); + } + + return false; } /** - * Checks for "CMS_ACCESS_CommentAdmin" permission codes and - * {@link canEdit()}. + * Checks if the comment can be deleted. * - * @param Member $member + * @param null|int|Member $member * * @return Boolean */ public function canDelete($member = null) { - if(!$member) $member = Member::currentUser(); + $member = $this->getMember($member); + + if(!$member) { + return false; + } - // Standard mechanism for accepting permission changes from decorators $extended = $this->extendedCan('canDelete', $member); - if($extended !== null) return $extended; + if($extended !== null) { + return $extended; + } return $this->canEdit($member); } + /** + * Resolves Member object. + * + * @param Member|int|null $member + * @return Member|null + */ + protected function getMember($member = null) { + if(!$member) { + $member = Member::currentUser(); + } + + if(is_numeric($member)) { + $member = DataObject::get_by_id('Member', $member, true); + } + + return $member; + } + /** * Return the authors name for the comment * diff --git a/tests/CommentsTest.php b/tests/CommentsTest.php index 86469a7..ffd037f 100644 --- a/tests/CommentsTest.php +++ b/tests/CommentsTest.php @@ -14,6 +14,25 @@ class CommentsTest extends FunctionalTest { public function setUp() { parent::setUp(); Config::nest(); + + // Set good default values + Config::inst()->update('CommentsExtension', 'comments', array( + 'enabled' => true, + 'enabled_cms' => false, + 'require_login' => false, + 'require_login_cms' => false, + 'required_permission' => false, + 'require_moderation_nonmembers' => false, + 'require_moderation' => false, + 'require_moderation_cms' => false, + 'frontend_moderation' => false, + 'frontend_spam' => false, + )); + + // Configure this dataobject + Config::inst()->update('CommentableItem', 'comments', array( + 'enabled_cms' => true + )); } public function tearDown() {