Add item argument to Comment::can_comment() to ensure we can view the…

… item, too.
gallery · Jun 13, 2013 · 46cd102 · 46cd102
1 parent 5409b45
commit 46cd102
Show file tree

Hide file tree

Showing 4 changed files with 8 additions and 9 deletions.
diff --git a/modules/comment/classes/Comment/Comment.php b/modules/comment/classes/Comment/Comment.php
@@ -18,8 +18,9 @@
  * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
  */
 class Comment_Comment {
-  static function can_comment() {
-    return !Identity::active_user()->guest ||
-      Module::get_var("comment", "access_permissions") == "everybody";
+  static function can_comment($item) {
+    return (Access::can("view", $item) &&
+            (!Identity::active_user()->guest ||
+            Module::get_var("comment", "access_permissions") == "everybody"));
   }
 }
diff --git a/modules/comment/classes/Comment/Controller/Comments.php b/modules/comment/classes/Comment/Controller/Comments.php
@@ -25,8 +25,7 @@ class Comment_Controller_Comments extends Controller {
   public function action_add() {
     $item_id = $this->request->arg(0, "digit");
     $item = ORM::factory("Item", $item_id);
-    Access::required("view", $item);
-    if (!Comment::can_comment()) {
+    if (!Comment::can_comment($item)) {
       throw HTTP_Exception::factory(403);
     }
     $author = Identity::active_user();

diff --git a/modules/comment/classes/Comment/Controller/Rest/Comments.php b/modules/comment/classes/Comment/Controller/Rest/Comments.php
@@ -61,8 +61,7 @@ static function post_entity($id, $params) {
     }
 
     $item = ORM::factory("Item", $i_id);
-    Access::required("view", $item);
-    if (!Comment::can_comment()) {
+    if (!Comment::can_comment($item)) {
       throw Rest_Exception::factory(403);
     }
 

diff --git a/modules/comment/views/comment/block.html.php b/modules/comment/views/comment/block.html.php
@@ -1,5 +1,5 @@
 <?php defined("SYSPATH") or die("No direct script access.") ?>
-<? if (Comment::can_comment()): ?>
+<? if (Comment::can_comment($item)): ?>
 <a href="<?= URL::site("comments/add/{$item->id}") ?>" id="g-add-comment"
    class="g-button ui-corner-all ui-icon-left ui-state-default">
   <span class="ui-icon ui-icon-comment"></span>
@@ -10,7 +10,7 @@ class="g-button ui-corner-all ui-icon-left ui-state-default">
 <div id="g-comment-detail">
   <? if (!$comments->count()): ?>
   <p class="g-no-comments">
-    <? if (Comment::can_comment()): ?>
+    <? if (Comment::can_comment($item)): ?>
     <?= t("No comments yet. Be the first to <a %attrs>comment</a>!",
           array("attrs" => HTML::mark_clean("href=\"" . URL::site("comments/add/{$item->id}") . "\" class=\"showCommentForm\""))) ?>
     <? else: ?>