Fixed comment permissions

This commit is contained in:
Christopher Pitt 2015-04-14 16:25:48 +12:00 committed by Damian Mooyman
parent 7585b5d19f
commit a004dfe780
2 changed files with 79 additions and 22 deletions

View File

@ -267,58 +267,96 @@ class Comment extends DataObject {
* @return Boolean * @return Boolean
*/ */
public function canView($member = null) { public function canView($member = null) {
if(!$member) $member = Member::currentUser(); $member = $this->getMember($member);
// Standard mechanism for accepting permission changes from decorators
$extended = $this->extendedCan('canView', $member); $extended = $this->extendedCan('canView', $member);
if($extended !== null) return $extended; if($extended !== null) {
return $extended;
}
// Allow admin if(Permission::checkMember($member, 'CMS_ACCESS_CommentAdmin')) {
if(Permission::checkMember($member, 'CMS_ACCESS_CommentAdmin')) return true; return true;
}
// Check if parent has comments and can be viewed if($parent = $this->getParent()) {
$parent = $this->getParent(); return $parent->canView($member)
return $parent && $parent->ProvideComments && $parent->canView($member); && $parent->has_extension('CommentsExtension')
&& $parent->CommentsEnabled;
}
return false;
} }
/** /**
* Checks for "CMS_ACCESS_CommentAdmin" permission codes and * Checks if the comment can be edited.
* {@link canView()}.
* *
* @param Member $member * @param null|int|Member $member
* *
* @return Boolean * @return Boolean
*/ */
public function canEdit($member = null) { public function canEdit($member = null) {
if(!$member) $member = Member::currentUser(); $member = $this->getMember($member);
if(!$member) {
return false;
}
// Standard mechanism for accepting permission changes from decorators
$extended = $this->extendedCan('canEdit', $member); $extended = $this->extendedCan('canEdit', $member);
if($extended !== null) return $extended; if($extended !== null) {
return $extended;
}
if(!$this->canView($member)) return false; if(Permission::checkMember($member, 'CMS_ACCESS_CommentAdmin')) {
return true;
}
return (bool) Permission::checkMember($member, 'CMS_ACCESS_CommentAdmin'); if($parent = $this->getParent()) {
return $parent->canEdit($member);
}
return false;
} }
/** /**
* Checks for "CMS_ACCESS_CommentAdmin" permission codes and * Checks if the comment can be deleted.
* {@link canEdit()}.
* *
* @param Member $member * @param null|int|Member $member
* *
* @return Boolean * @return Boolean
*/ */
public function canDelete($member = null) { public function canDelete($member = null) {
if(!$member) $member = Member::currentUser(); $member = $this->getMember($member);
if(!$member) {
return false;
}
// Standard mechanism for accepting permission changes from decorators
$extended = $this->extendedCan('canDelete', $member); $extended = $this->extendedCan('canDelete', $member);
if($extended !== null) return $extended; if($extended !== null) {
return $extended;
}
return $this->canEdit($member); return $this->canEdit($member);
} }
/**
* Resolves Member object.
*
* @param Member|int|null $member
* @return Member|null
*/
protected function getMember($member = null) {
if(!$member) {
$member = Member::currentUser();
}
if(is_numeric($member)) {
$member = DataObject::get_by_id('Member', $member, true);
}
return $member;
}
/** /**
* Return the authors name for the comment * Return the authors name for the comment
* *

View File

@ -14,6 +14,25 @@ class CommentsTest extends FunctionalTest {
public function setUp() { public function setUp() {
parent::setUp(); parent::setUp();
Config::nest(); Config::nest();
// Set good default values
Config::inst()->update('CommentsExtension', 'comments', array(
'enabled' => true,
'enabled_cms' => false,
'require_login' => false,
'require_login_cms' => false,
'required_permission' => false,
'require_moderation_nonmembers' => false,
'require_moderation' => false,
'require_moderation_cms' => false,
'frontend_moderation' => false,
'frontend_spam' => false,
));
// Configure this dataobject
Config::inst()->update('CommentableItem', 'comments', array(
'enabled_cms' => true
));
} }
public function tearDown() { public function tearDown() {