From 8fbd97593aa810a322b4d61559fc7e8a29f82d45 Mon Sep 17 00:00:00 2001 From: Dennis Eichhorn Date: Fri, 15 Dec 2023 01:38:45 +0000 Subject: [PATCH] fix comment section permissions --- Controller/BackendController.php | 23 +++++++++++++++++++---- Theme/Backend/news-single.tpl.php | 10 +++++++--- 2 files changed, 26 insertions(+), 7 deletions(-) diff --git a/Controller/BackendController.php b/Controller/BackendController.php index 5e0ade0..aeeffb1 100755 --- a/Controller/BackendController.php +++ b/Controller/BackendController.php @@ -20,6 +20,7 @@ use Modules\News\Models\NewsSeen; use Modules\News\Models\NewsSeenMapper; use Modules\News\Models\NewsStatus; use Modules\News\Models\PermissionCategory; +use Modules\Comments\Models\PermissionCategory as NewsPermissionCategory; use phpOMS\Account\PermissionType; use phpOMS\Asset\AssetType; use phpOMS\Contract\RenderableInterface; @@ -201,10 +202,9 @@ final class BackendController extends Controller implements DashboardElementInte $view->data['editable'] = $this->app->accountManager->get($accountId)->hasPermission( PermissionType::MODIFY, $this->app->unitId, $this->app->appId, self::NAME, PermissionCategory::NEWS, $article->id); - // allow comments - if (!$article->comments !== null - && $this->app->moduleManager->get('Comments')::ID > 0 - ) { + // Comments module available + $commentModule = $this->app->moduleManager->get('Comments'); + if ($commentModule::ID > 0) { $head = $response->data['Content']->head; $head->addAsset(AssetType::CSS, 'Modules/Comments/Theme/Backend/css/styles.css'); @@ -213,6 +213,21 @@ final class BackendController extends Controller implements DashboardElementInte $view->data['commentCreate'] = $commentCreateView; $view->data['commentList'] = $commentListView; + + $view->data['commentPermissions'] = [ + 'moderation' => $this->app->accountManager->get($request->header->account)->hasPermission( + PermissionType::MODIFY, $this->app->unitId, $this->app->appId, $commentModule::NAME, NewsPermissionCategory::MODERATION, $article->comments->id ?? null + ), + 'list_modify' => $this->app->accountManager->get($request->header->account)->hasPermission( + PermissionType::MODIFY, $this->app->unitId, $this->app->appId, $commentModule::NAME, NewsPermissionCategory::LIST, $article->comments->id ?? null + ), + 'list_read' => $this->app->accountManager->get($request->header->account)->hasPermission( + PermissionType::READ, $this->app->unitId, $this->app->appId, $commentModule::NAME, NewsPermissionCategory::LIST, $article->comments->id ?? null + ), + 'write' => $this->app->accountManager->get($request->header->account)->hasPermission( + PermissionType::READ, $this->app->unitId, $this->app->appId, $commentModule::NAME, NewsPermissionCategory::COMMENT, null + ), + ]; } return $view; diff --git a/Theme/Backend/news-single.tpl.php b/Theme/Backend/news-single.tpl.php index 8dd37eb..85a5677 100755 --- a/Theme/Backend/news-single.tpl.php +++ b/Theme/Backend/news-single.tpl.php @@ -71,8 +71,12 @@ echo $this->data['nav']->render(); ?> comments; -if (!empty($commentList) && $commentList->status !== CommentListStatus::INACTIVE) : - /* @todo check if user has permission to create a comment here, maybe he is only allowed to read comments */ +if ($this->data['commentPermissions']['write'] && $commentList->status === CommentListStatus::ACTIVE) : echo $this->getData('commentCreate')->render(1); - echo $this->getData('commentList')->render($commentList); endif; + +if ($this->data['commentPermissions']['list_modify'] + || ($this->data['commentPermissions']['list_read'] && $commentList->status !== CommentListStatus::INACTIVE) +) : + echo $this->getData('commentList')->render($commentList); +endif; \ No newline at end of file