diff --git commons_q_a.module commons_q_a.module
index 40a24e378a1c25f91004e6d1b40a1f19e9436c38..f84a93666bd00f7587583f95c2f3d11ad5ca78a7 100644
--- commons_q_a.module
+++ commons_q_a.module
@@ -88,32 +88,53 @@ function commons_q_a_views_pre_render(&$view) {
if ($view->name == 'commons_question_answers' && !empty($view->args[0])) {
// If the user has access to post into any of the groups associated
// with the question, embed a simplified answer node form.
+ global $user;
+
$question_nid = $view->args[0];
$question = node_load($question_nid);
- foreach ($question->og_group_ref[LANGUAGE_NONE] as $key => $value) {
- if (og_user_access('node', $value['target_id'], 'create answer content')) {
- module_load_include('inc', 'node', 'node.pages');
- global $user;
- $types = node_type_get_types();
- $node = (object) array('uid' => $user->uid, 'name' => (isset($user->name) ? $user->name : ''), 'type' => 'answer', 'language' => LANGUAGE_NONE);
- // Prepopulate the Related question field
- // with Entityreference Prepopulate, which looks strictly at $_GET.
- $_GET['field_related_question'] = $view->args[0];
- $answer_form = drupal_get_form('answer_node_form', $node);
- $answer_form['header'] = array(
- '#markup' => '
' . t('Add a new answer') . '
',
- '#weight' => -10,
- );
- // Hide any vertical tabs that might be present.
- $answer_form['additional_settings']['#access'] = FALSE;
- // Hide the Related question field.
- $answer_form['field_related_question']['#access'] = FALSE;
- // Add the form to the attachment_after part of the view,
- $view->attachment_after .= drupal_render($answer_form);
- // We only need to add the form once if the user has access to
- // post questions into any of the groups associated with the parent.
- return;
+ $group_ref = array();
+ $answer_access = FALSE;
+ if (!empty($question->og_group_ref[LANGUAGE_NONE])) {
+ foreach ($question->og_group_ref[LANGUAGE_NONE] as $key => $value) {
+ // Check to see the user has access to the group the question is in, only attach to those groups they have permission to post in.
+ if (og_user_access('node', $value['target_id'], 'create answer content')) {
+ $group_ref[] = $value['target_id'];
+ $answer_access = TRUE;
+ }
+ }
+ }
+ // If user belongs to no groups, or no groups are assigned to the Question, check node_access for user.
+ if (!$answer_access) {
+ if (node_access('create', $question, $user)) {
+ $answer_access = TRUE;
+ }
+ }
+
+ // Check global user access before showing the answer form.
+ if ($answer_access) {
+ module_load_include('inc', 'node', 'node.pages');
+ $types = node_type_get_types();
+ $node = (object) array('uid' => $user->uid, 'name' => (isset($user->name) ? $user->name : ''), 'type' => 'answer', 'language' => LANGUAGE_NONE);
+ // Prepopulate the Related question field
+ // with Entityreference Prepopulate, which looks strictly at $_GET.
+ $_GET['field_related_question'] = $view->args[0];
+ if (!empty($group_ref)) {
+ $_GET['og_group_ref'] = implode(',',$group_ref);
}
+ $answer_form = drupal_get_form('answer_node_form', $node);
+ $answer_form['header'] = array(
+ '#markup' => '' . t('Add a new answer') . '
',
+ '#weight' => -10,
+ );
+ // Hide any vertical tabs that might be present.
+ $answer_form['additional_settings']['#access'] = FALSE;
+ // Hide the Related question field.
+ $answer_form['field_related_question']['#access'] = FALSE;
+ // Add the form to the attachment_after part of the view,
+ $view->attachment_after .= drupal_render($answer_form);
+ // We only need to add the form once if the user has access to
+ // post questions into any of the groups associated with the parent.
+ return;
}
}
}