manuelcillero/suitedesk
manuelcillero/suitedesk
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Ensure access permissions to node comment

Browse source
This commit is contained in:
Manuel Cillero 2017-07-26 11:54:56 +02:00
parent 6630f264ef
commit be34a0703f
1 changed files with 22 additions and 22 deletions
Download patch file Download diff file Expand all files Collapse all files

44
modules/nodecomment/nodecomment.module
View file

@ -37,27 +37,27 @@ function nodecomment_nodeapi(&$node, $op, $arg = 0, $page = 0) {
case 'delete': case 'delete':
// If this node has own comments, delete them. // If this node has own comments, delete them.
// For increased durability, don't add any checks here: it should help to // For increased durability, don't add any checks here: it should help to
// deal with the orphan problem. // deal with the orphan problem.
_nodecomment_delete_comments($node->nid); _nodecomment_delete_comments($node->nid);
// If this is a comment, delete it and it's children comments from the thread. // If this is a comment, delete it and it's children comments from the thread.
if (isset($node->comment_target_nid)) { if (isset($node->comment_target_nid)) {
_nodecomment_thread_delete_children($node->nid, $node->comment_target_nid); _nodecomment_thread_delete_children($node->nid, $node->comment_target_nid);
// For increased durability, delete node_comments entries one by one, // For increased durability, delete node_comments entries one by one,
// together with their nodes, even when mass deleting. // together with their nodes, even when mass deleting.
db_query('DELETE FROM {node_comments} WHERE cid = %d', $node->nid); db_query('DELETE FROM {node_comments} WHERE cid = %d', $node->nid);
_nodecomment_update_node_statistics($node->comment_target_nid); _nodecomment_update_node_statistics($node->comment_target_nid);
} }
break; break;
case 'view': case 'view':
// If this is a comment. // If this is a comment.
if ($page && isset($node->comment_target_nid)) { if ($page && isset($node->comment_target_nid)) {
// Redirect to target node, if needed. // Redirect to target node, if needed.
// We could do it inside hook_init() but then we would add 1 query for // We could do it inside hook_init() but then we would add 1 query for
// every node view, which is a tax it's better not to pay. // every node view, which is a tax it's better not to pay.
if (variable_get('node_comment_node_redirect', TRUE)) { if (variable_get('node_comment_node_redirect', TRUE)) {
if (!nodecomment_is_content($node->type)) { if (!nodecomment_is_content($node->type)) {
@ -75,14 +75,14 @@ function nodecomment_nodeapi(&$node, $op, $arg = 0, $page = 0) {
} }
function _nodecomment_nodeapi_load($node, $op, $arg, $page) { function _nodecomment_nodeapi_load($node, $op, $arg, $page) {
// We want to process 3 cases: // We want to process 3 cases:
// - node which is a node comment // - node which is a node comment
// - node which has node comments // - node which has node comments
// - both // - both
$comment_types = nodecomment_get_comment_types(); $comment_types = nodecomment_get_comment_types();
$node->comment_type = nodecomment_get_comment_type($node->type); $node->comment_type = nodecomment_get_comment_type($node->type);
$comment_data = array(); $comment_data = array();
// Is this a comment type ? // Is this a comment type ?
if (in_array($node->type, $comment_types)) { if (in_array($node->type, $comment_types)) {
$query = "SELECT nc.nid AS comment_target_nid, nc.pid AS comment_target_cid, $query = "SELECT nc.nid AS comment_target_nid, nc.pid AS comment_target_cid,
@ -90,7 +90,7 @@ function _nodecomment_nodeapi_load($node, $op, $arg, $page) {
u.signature, u.signature_format u.signature, u.signature_format
FROM {node_comments} nc FROM {node_comments} nc
INNER JOIN {users} u ON nc.uid = u.uid INNER JOIN {users} u ON nc.uid = u.uid
WHERE nc.cid = %d"; WHERE nc.cid = %d";
$comment_data = db_fetch_array(db_query($query, $node->nid)); $comment_data = db_fetch_array(db_query($query, $node->nid));
if ($comment_data) { if ($comment_data) {
// It's a node comment! Populate commenty stuff. // It's a node comment! Populate commenty stuff.
@ -116,17 +116,17 @@ function _nodecomment_nodeapi_load($node, $op, $arg, $page) {
); );
} }
} }
// Does this node have node comments ? // Does this node have node comments ?
if ($node->comment_type) { if ($node->comment_type) {
// Move $node->comment to $node->node_comment and set $node->comment // Move $node->comment to $node->node_comment and set $node->comment
// to disabled to prevent core comment module messing with the node. // to disabled to prevent core comment module messing with the node.
// In presave nodeapi operation restore this setting. // In presave nodeapi operation restore this setting.
// In 3.x branch this is the only hack we do with core comment module. // In 3.x branch this is the only hack we do with core comment module.
$node->node_comment = $node->comment; $node->node_comment = $node->comment;
$node->comment = COMMENT_NODE_DISABLED; $node->comment = COMMENT_NODE_DISABLED;
} }
return $comment_data; return $comment_data;
} }
@ -150,12 +150,12 @@ function nodecomment_link($type, $node = NULL, $teaser = FALSE) {
if ($type != 'node') { if ($type != 'node') {
return; return;
} }
if (isset($node->comment_target_nid)) { if (isset($node->comment_target_nid)) {
// This node is a comment to a parent node. // This node is a comment to a parent node.
_nodecomment_comment_links($links, $node, $teaser); _nodecomment_comment_links($links, $node, $teaser);
} }
if (!empty($node->comment_type)) { if (!empty($node->comment_type)) {
// This node can have node comments, read only or writable. // This node can have node comments, read only or writable.
_nodecomment_node_links($links, $node, $teaser); _nodecomment_node_links($links, $node, $teaser);
@ -170,7 +170,7 @@ function _nodecomment_comment_links(&$links, &$node, $teaser) {
// But the core comment does the same. // But the core comment does the same.
// Fixing this properly will require an advanced node access module. // Fixing this properly will require an advanced node access module.
$target_node = node_load($node->comment_target_nid); $target_node = node_load($node->comment_target_nid);
if ($target_node && nodecomment_is_readwrite($target_node)) { if ($target_node && $target_node->status == 1 && nodecomment_is_readwrite($target_node)) {
if (node_access('update', $node)) { if (node_access('update', $node)) {
$links['comment_edit'] = array( $links['comment_edit'] = array(
'title' => t('edit'), 'title' => t('edit'),
@ -185,7 +185,7 @@ function _nodecomment_comment_links(&$links, &$node, $teaser) {
'query' => drupal_get_destination(), 'query' => drupal_get_destination(),
); );
} }
// Show comment reply links in threaded mode. In flat mode we only // Show comment reply links in threaded mode. In flat mode we only
// hide the link: separate comment reply pages are always accessible. // hide the link: separate comment reply pages are always accessible.
$mode = _comment_get_display_setting('mode', $node); $mode = _comment_get_display_setting('mode', $node);
$flat = in_array($mode, array(COMMENT_MODE_FLAT_COLLAPSED, COMMENT_MODE_FLAT_EXPANDED)); $flat = in_array($mode, array(COMMENT_MODE_FLAT_COLLAPSED, COMMENT_MODE_FLAT_EXPANDED));
@ -254,7 +254,7 @@ function _nodecomment_node_links(&$links, &$node, $teaser) {
// The user can't create the comment nodetype. // The user can't create the comment nodetype.
elseif ($user->uid == 0) { elseif ($user->uid == 0) {
// Show anonymous users the chance to login or register // Show anonymous users the chance to login or register
// We cannot use drupal_get_destination() because these links sometimes // We cannot use drupal_get_destination() because these links sometimes
// appear on /node and taxonomy listing pages. // appear on /node and taxonomy listing pages.
if (variable_get('comment_form_location_'. $node->type, COMMENT_FORM_SEPARATE_PAGE) == COMMENT_FORM_SEPARATE_PAGE) { if (variable_get('comment_form_location_'. $node->type, COMMENT_FORM_SEPARATE_PAGE) == COMMENT_FORM_SEPARATE_PAGE) {
$destination = 'destination='. drupal_urlencode('node/add/'. str_replace('_', '-', $comment_type) .'/'. $node->nid); $destination = 'destination='. drupal_urlencode('node/add/'. str_replace('_', '-', $comment_type) .'/'. $node->nid);
@ -350,12 +350,12 @@ function _nodecomment_node_add_access($op, $type) {
// Note: menu callbacks receive proper type with underscores instead of // Note: menu callbacks receive proper type with underscores instead of
// hyphens because Node module creates menu items with predefined // hyphens because Node module creates menu items with predefined
// callback arguments rather than lets callback fetch argument from the url. // callback arguments rather than lets callback fetch argument from the url.
// Don't allow to add nodecomments without comment context. // Don't allow to add nodecomments without comment context.
// //
// TODO: we may want to allow this later, if we want to add comments // TODO: we may want to allow this later, if we want to add comments
// that are "content" by our terms without comment context. // that are "content" by our terms without comment context.
// But before doing so, we need to be sure that our nodeapi & nodecomment // But before doing so, we need to be sure that our nodeapi & nodecomment
// logics can handle that. // logics can handle that.
if (!is_numeric(arg(3))) { if (!is_numeric(arg(3))) {
return FALSE; return FALSE;
@ -415,7 +415,7 @@ function nodecomment_views_pre_build(&$view) {
/** /**
* Implementation of hook_node_type(). * Implementation of hook_node_type().
* *
* Update nodecomment variables when node type information changes. * Update nodecomment variables when node type information changes.
*/ */
function nodecomment_node_type($op, $info) { function nodecomment_node_type($op, $info) {