[geeklog-hg] [Geeklog-Core/geeklog] 1ea536: Additional permission checks for Comment Library

Tom noreply at github.com
Sat Feb 15 13:48:48 EST 2020 

  Branch: refs/heads/master
  Home:   https://github.com/Geeklog-Core/geeklog
  Commit: 1ea536fc2826caaa8439d389395e5fc33774f8dd
      https://github.com/Geeklog-Core/geeklog/commit/1ea536fc2826caaa8439d389395e5fc33774f8dd
  Author: eSilverStrike <eSilverStrike at users.noreply.github.com>
  Date:   2020-02-15 (Sat, 15 Feb 2020)

  Changed paths:
    M language/english.php
    M language/english_utf-8.php
    M language/japanese_utf-8.php
    M plugins/polls/functions.inc
    M plugins/staticpages/functions.inc
    M public_html/layout/denim/comment/commentbar.thtml
    M public_html/layout/denim_three/comment/commentbar.thtml
    M public_html/layout/modern_curve/comment/commentbar.thtml
    M system/lib-article.php
    M system/lib-comment.php
    M system/lib-plugins.php

  Log Message:
  -----------
  Additional permission checks for Comment Library

For #1023

- Added PLG_commentEnabled API function which allows comment library to find out if comments are enabled and access is allowed for a user by the plugin item. This will be required as of Geeklog v3.0.0 but if missing will fall back to PLG_getItemInfo which works for the most part but only knows if user has access to item and not if comments are closed or disabled for the item.
- So if user can see comments for the plugin item and they are not closed they will be able to add new comments (and edit or delete if have permissions).
- Likewise if the user doesn’t have access to preview, submit, delete, edit something (or it doesn’t exist) a 404 error will be returned (as long as PLG_commentEnabled is supported by the plugin)
- Added some messages to comment bar to indicate if login is required to post and if Comments are closed.
- Comment Post button will take into account if posts are not allowed, it will disappear
-  Admins will always have access though to post, edit, and reply even if comments are closed
- Also added some better checks on variables so the comment library does not assume good data. If bad data found 404 error happens

More information about the geeklog-cvs mailing list