Ensure access permissions to node comment
This commit is contained in:
parent
6630f264ef
commit
be34a0703f
1 changed files with 22 additions and 22 deletions
|
|
@ -37,27 +37,27 @@ function nodecomment_nodeapi(&$node, $op, $arg = 0, $page = 0) {
|
|||
|
||||
case 'delete':
|
||||
// If this node has own comments, delete them.
|
||||
// For increased durability, don't add any checks here: it should help to
|
||||
// For increased durability, don't add any checks here: it should help to
|
||||
// deal with the orphan problem.
|
||||
_nodecomment_delete_comments($node->nid);
|
||||
|
||||
|
||||
// If this is a comment, delete it and it's children comments from the thread.
|
||||
if (isset($node->comment_target_nid)) {
|
||||
_nodecomment_thread_delete_children($node->nid, $node->comment_target_nid);
|
||||
|
||||
// For increased durability, delete node_comments entries one by one,
|
||||
// together with their nodes, even when mass deleting.
|
||||
|
||||
// For increased durability, delete node_comments entries one by one,
|
||||
// together with their nodes, even when mass deleting.
|
||||
db_query('DELETE FROM {node_comments} WHERE cid = %d', $node->nid);
|
||||
|
||||
|
||||
_nodecomment_update_node_statistics($node->comment_target_nid);
|
||||
}
|
||||
break;
|
||||
|
||||
case 'view':
|
||||
// If this is a comment.
|
||||
// If this is a comment.
|
||||
if ($page && isset($node->comment_target_nid)) {
|
||||
// Redirect to target node, if needed.
|
||||
// We could do it inside hook_init() but then we would add 1 query for
|
||||
// We could do it inside hook_init() but then we would add 1 query for
|
||||
// every node view, which is a tax it's better not to pay.
|
||||
if (variable_get('node_comment_node_redirect', TRUE)) {
|
||||
if (!nodecomment_is_content($node->type)) {
|
||||
|
|
@ -75,14 +75,14 @@ function nodecomment_nodeapi(&$node, $op, $arg = 0, $page = 0) {
|
|||
}
|
||||
|
||||
function _nodecomment_nodeapi_load($node, $op, $arg, $page) {
|
||||
// We want to process 3 cases:
|
||||
// We want to process 3 cases:
|
||||
// - node which is a node comment
|
||||
// - node which has node comments
|
||||
// - both
|
||||
$comment_types = nodecomment_get_comment_types();
|
||||
$node->comment_type = nodecomment_get_comment_type($node->type);
|
||||
$comment_data = array();
|
||||
|
||||
|
||||
// Is this a comment type ?
|
||||
if (in_array($node->type, $comment_types)) {
|
||||
$query = "SELECT nc.nid AS comment_target_nid, nc.pid AS comment_target_cid,
|
||||
|
|
@ -90,7 +90,7 @@ function _nodecomment_nodeapi_load($node, $op, $arg, $page) {
|
|||
u.signature, u.signature_format
|
||||
FROM {node_comments} nc
|
||||
INNER JOIN {users} u ON nc.uid = u.uid
|
||||
WHERE nc.cid = %d";
|
||||
WHERE nc.cid = %d";
|
||||
$comment_data = db_fetch_array(db_query($query, $node->nid));
|
||||
if ($comment_data) {
|
||||
// It's a node comment! Populate commenty stuff.
|
||||
|
|
@ -116,17 +116,17 @@ function _nodecomment_nodeapi_load($node, $op, $arg, $page) {
|
|||
);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
// Does this node have node comments ?
|
||||
if ($node->comment_type) {
|
||||
// Move $node->comment to $node->node_comment and set $node->comment
|
||||
// Move $node->comment to $node->node_comment and set $node->comment
|
||||
// to disabled to prevent core comment module messing with the node.
|
||||
// In presave nodeapi operation restore this setting.
|
||||
// In 3.x branch this is the only hack we do with core comment module.
|
||||
$node->node_comment = $node->comment;
|
||||
$node->comment = COMMENT_NODE_DISABLED;
|
||||
}
|
||||
|
||||
|
||||
return $comment_data;
|
||||
}
|
||||
|
||||
|
|
@ -150,12 +150,12 @@ function nodecomment_link($type, $node = NULL, $teaser = FALSE) {
|
|||
if ($type != 'node') {
|
||||
return;
|
||||
}
|
||||
|
||||
|
||||
if (isset($node->comment_target_nid)) {
|
||||
// This node is a comment to a parent node.
|
||||
_nodecomment_comment_links($links, $node, $teaser);
|
||||
}
|
||||
|
||||
|
||||
if (!empty($node->comment_type)) {
|
||||
// This node can have node comments, read only or writable.
|
||||
_nodecomment_node_links($links, $node, $teaser);
|
||||
|
|
@ -170,7 +170,7 @@ function _nodecomment_comment_links(&$links, &$node, $teaser) {
|
|||
// But the core comment does the same.
|
||||
// Fixing this properly will require an advanced node access module.
|
||||
$target_node = node_load($node->comment_target_nid);
|
||||
if ($target_node && nodecomment_is_readwrite($target_node)) {
|
||||
if ($target_node && $target_node->status == 1 && nodecomment_is_readwrite($target_node)) {
|
||||
if (node_access('update', $node)) {
|
||||
$links['comment_edit'] = array(
|
||||
'title' => t('edit'),
|
||||
|
|
@ -185,7 +185,7 @@ function _nodecomment_comment_links(&$links, &$node, $teaser) {
|
|||
'query' => drupal_get_destination(),
|
||||
);
|
||||
}
|
||||
// Show comment reply links in threaded mode. In flat mode we only
|
||||
// Show comment reply links in threaded mode. In flat mode we only
|
||||
// hide the link: separate comment reply pages are always accessible.
|
||||
$mode = _comment_get_display_setting('mode', $node);
|
||||
$flat = in_array($mode, array(COMMENT_MODE_FLAT_COLLAPSED, COMMENT_MODE_FLAT_EXPANDED));
|
||||
|
|
@ -254,7 +254,7 @@ function _nodecomment_node_links(&$links, &$node, $teaser) {
|
|||
// The user can't create the comment nodetype.
|
||||
elseif ($user->uid == 0) {
|
||||
// Show anonymous users the chance to login or register
|
||||
// We cannot use drupal_get_destination() because these links sometimes
|
||||
// We cannot use drupal_get_destination() because these links sometimes
|
||||
// appear on /node and taxonomy listing pages.
|
||||
if (variable_get('comment_form_location_'. $node->type, COMMENT_FORM_SEPARATE_PAGE) == COMMENT_FORM_SEPARATE_PAGE) {
|
||||
$destination = 'destination='. drupal_urlencode('node/add/'. str_replace('_', '-', $comment_type) .'/'. $node->nid);
|
||||
|
|
@ -350,12 +350,12 @@ function _nodecomment_node_add_access($op, $type) {
|
|||
// Note: menu callbacks receive proper type with underscores instead of
|
||||
// hyphens because Node module creates menu items with predefined
|
||||
// callback arguments rather than lets callback fetch argument from the url.
|
||||
|
||||
|
||||
// Don't allow to add nodecomments without comment context.
|
||||
//
|
||||
// TODO: we may want to allow this later, if we want to add comments
|
||||
// that are "content" by our terms without comment context.
|
||||
// But before doing so, we need to be sure that our nodeapi & nodecomment
|
||||
// But before doing so, we need to be sure that our nodeapi & nodecomment
|
||||
// logics can handle that.
|
||||
if (!is_numeric(arg(3))) {
|
||||
return FALSE;
|
||||
|
|
@ -415,7 +415,7 @@ function nodecomment_views_pre_build(&$view) {
|
|||
|
||||
/**
|
||||
* Implementation of hook_node_type().
|
||||
*
|
||||
*
|
||||
* Update nodecomment variables when node type information changes.
|
||||
*/
|
||||
function nodecomment_node_type($op, $info) {
|
||||
|
|
|
|||
Reference in a new issue