From 5409b456fb0161b74658cf972de50e2e32f0cd06 Mon Sep 17 00:00:00 2001 From: shadlaws Date: Thu, 13 Jun 2013 19:45:02 +0200 Subject: [PATCH] Relax access for Controller_Rest_Comments::post_entity() to match std UI. --- modules/comment/classes/Comment/Controller/Rest/Comments.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/modules/comment/classes/Comment/Controller/Rest/Comments.php b/modules/comment/classes/Comment/Controller/Rest/Comments.php index 03e61ad791..507502dd2b 100644 --- a/modules/comment/classes/Comment/Controller/Rest/Comments.php +++ b/modules/comment/classes/Comment/Controller/Rest/Comments.php @@ -61,7 +61,10 @@ static function post_entity($id, $params) { } $item = ORM::factory("Item", $i_id); - Access::required("edit", $item); + Access::required("view", $item); + if (!Comment::can_comment()) { + throw Rest_Exception::factory(403); + } // Build the comment model. $comment = ORM::factory("Comment");