New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix EZP-22095: eZ Star Rating does not work for anonymous #14
Conversation
Quick feedback...
|
@@ -58,7 +58,10 @@ public static function rate( $args ) | |||
|
|||
// Provide extra session protection on 4.1 (not possible on 4.0) by expecting user | |||
// to have an existing session (new session = mostlikely a spammer / hacker trying to manipulate rating) | |||
if ( class_exists( 'eZSession' ) && eZSession::userHasSessionCookie() !== true ) | |||
if ( class_exists( 'eZSession' ) && |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
while on it, class_exists( 'eZSession' ) can be removed
seems ok to me but the relation between UseUserSession, AllowAnonymousRating and the Session/ForceStart settings should be clarified because it's unclear to me if all combinations of those can work or not. |
@dpobel Regarding sessions :
|
+1 |
@@ -186,7 +188,8 @@ function userHasRated( $returnRatedObject = false ) | |||
*/ | |||
function store( $fieldFilters = null ) | |||
{ | |||
if ( $this->attribute( 'user_id' ) == eZUser::currentUserID() ) | |||
if ( $this->attribute( 'user_id' ) == eZUser::currentUserID() && | |||
eZINI::instance()->variable( 'eZStarRating', 'UseUserSession' ) === 'enabled' ) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
CS
if (
$this->attribute( 'user_id' ) == eZUser::currentUserID()
&& eZINI::instance()->variable( 'eZStarRating', 'UseUserSession' ) === 'enabled'
)
Looks good, besides my comments +1 |
Fix EZP-22095: eZ Star Rating does not work for anonymous
Link: https://jira.ez.no/browse/EZP-22095
Description
Since we added an antispam feature in 4.1, using star rating for anonymous user was not working anymore. This patch reintroduce the anonymous rating by using a new setting that bypasses the spam feature (some user might be in a spam free environment such as some intranets). It also makes sure to create sessions only when needed.
Tests
Manual tests