[geeklog-hg] [Geeklog-Core/geeklog] 1ea536: Additional permission checks for Comment Library
Tom
noreply at github.com
Sat Feb 15 13:48:48 EST 2020
Branch: refs/heads/master
Home: https://github.com/Geeklog-Core/geeklog
Commit: 1ea536fc2826caaa8439d389395e5fc33774f8dd
https://github.com/Geeklog-Core/geeklog/commit/1ea536fc2826caaa8439d389395e5fc33774f8dd
Author: eSilverStrike <eSilverStrike at users.noreply.github.com>
Date: 2020-02-15 (Sat, 15 Feb 2020)
Changed paths:
M language/english.php
M language/english_utf-8.php
M language/japanese_utf-8.php
M plugins/polls/functions.inc
M plugins/staticpages/functions.inc
M public_html/layout/denim/comment/commentbar.thtml
M public_html/layout/denim_three/comment/commentbar.thtml
M public_html/layout/modern_curve/comment/commentbar.thtml
M system/lib-article.php
M system/lib-comment.php
M system/lib-plugins.php
Log Message:
-----------
Additional permission checks for Comment Library
For #1023
- Added PLG_commentEnabled API function which allows comment library to find out if comments are enabled and access is allowed for a user by the plugin item. This will be required as of Geeklog v3.0.0 but if missing will fall back to PLG_getItemInfo which works for the most part but only knows if user has access to item and not if comments are closed or disabled for the item.
- So if user can see comments for the plugin item and they are not closed they will be able to add new comments (and edit or delete if have permissions).
- Likewise if the user doesn’t have access to preview, submit, delete, edit something (or it doesn’t exist) a 404 error will be returned (as long as PLG_commentEnabled is supported by the plugin)
- Added some messages to comment bar to indicate if login is required to post and if Comments are closed.
- Comment Post button will take into account if posts are not allowed, it will disappear
- Admins will always have access though to post, edit, and reply even if comments are closed
- Also added some better checks on variables so the comment library does not assume good data. If bad data found 404 error happens
More information about the geeklog-cvs
mailing list