Index: modules/comment/comment.module =================================================================== RCS file: /cvs/drupal/drupal/modules/comment/comment.module,v retrieving revision 1.882 diff -u -9 -p -r1.882 comment.module --- modules/comment/comment.module 17 Jun 2010 13:44:44 -0000 1.882 +++ modules/comment/comment.module 21 Jun 2010 18:10:38 -0000 @@ -685,37 +685,37 @@ function comment_node_view($node, $view_ '#theme' => 'links__comment_node', '#links' => $links, '#attributes' => array('class' => array('links', 'inline')), ); // Only append comments when we are building a node on its own node detail // page. We compare $node and $page_node to ensure that comments are not // appended to other nodes shown on the page, for example a node_reference // displayed in 'full' view mode within another node. - if ($node->comment && node_is_page($node) && empty($node->in_preview) && user_access('access comments')) { + if ($node->comment && node_is_page($node) && empty($node->in_preview)) { $node->content['comments'] = comment_node_page_additions($node); } } } /** * Build the comment-related elements for node detail pages. * * @param $node * A node object. */ function comment_node_page_additions($node) { $additions = array(); // Only attempt to render comments if the node has visible comments. // Unpublished comments are not included in $node->comment_count, so show // comments unconditionally if the user is an administrator. - if ($node->comment_count || user_access('administer comments')) { + if ($node->comment_count && user_access('access comments') || user_access('administer comments')) { $mode = variable_get('comment_default_mode_' . $node->type, COMMENT_MODE_THREADED); $comments_per_page = variable_get('comment_default_per_page_' . $node->type, 50); if ($cids = comment_get_thread($node, $mode, $comments_per_page)) { $comments = comment_load_multiple($cids); comment_prepare_thread($comments); $build = comment_view_multiple($comments, $node); $build['#attached']['css'][] = drupal_get_path('module', 'comment') . '/comment.css'; $build['pager']['#theme'] = 'pager'; $additions['comments'] = $build; Index: modules/comment/comment.pages.inc =================================================================== RCS file: /cvs/drupal/drupal/modules/comment/comment.pages.inc,v retrieving revision 1.39 diff -u -9 -p -r1.39 comment.pages.inc --- modules/comment/comment.pages.inc 10 Jun 2010 06:57:20 -0000 1.39 +++ modules/comment/comment.pages.inc 21 Jun 2010 18:10:38 -0000 @@ -27,79 +27,79 @@ * @return * The rendered parent node or comment plus the new comment form. */ function comment_reply($node, $pid = NULL) { // Set the breadcrumb trail. drupal_set_breadcrumb(array(l(t('Home'), NULL), l($node->title, 'node/' . $node->nid))); $op = isset($_POST['op']) ? $_POST['op'] : ''; $build = array(); - if (user_access('access comments')) { - // The user is previewing a comment prior to submitting it. - if ($op == t('Preview')) { - if (user_access('post comments')) { - $build['comment_form'] = drupal_get_form('comment_form', (object) array('pid' => $pid, 'nid' => $node->nid)); - } - else { - drupal_set_message(t('You are not authorized to post comments.'), 'error'); - drupal_goto("node/$node->nid"); - } + // The user is previewing a comment prior to submitting it. + if ($op == t('Preview')) { + if (user_access('post comments')) { + $build['comment_form'] = drupal_get_form('comment_form', (object) array('pid' => $pid, 'nid' => $node->nid)); } else { - // $pid indicates that this is a reply to a comment. - if ($pid) { + drupal_set_message(t('You are not authorized to post comments.'), 'error'); + drupal_goto("node/$node->nid"); + } + } + else { + // $pid indicates that this is a reply to a comment. + if ($pid) { + if (user_access('access comments')) { // Load the comment whose cid = $pid $comment = db_query('SELECT c.*, u.uid, u.name AS registered_name, u.signature, u.signature_format, u.picture, u.data FROM {comment} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.cid = :cid AND c.status = :status', array( ':cid' => $pid, ':status' => COMMENT_PUBLISHED, ))->fetchObject(); - if ( $comment ) { + if ($comment) { // If that comment exists, make sure that the current comment and the // parent comment both belong to the same parent node. if ($comment->nid != $node->nid) { // Attempting to reply to a comment not belonging to the current nid. drupal_set_message(t('The comment you are replying to does not exist.'), 'error'); drupal_goto("node/$node->nid"); } // Display the parent comment $comment->node_type = 'comment_node_' . $node->type; field_attach_load('comment', array($comment->cid => $comment)); $comment->name = $comment->uid ? $comment->registered_name : $comment->name; $build['comment_parent'] = comment_view($comment, $node); } else { drupal_set_message(t('The comment you are replying to does not exist.'), 'error'); drupal_goto("node/$node->nid"); } } - // This is the case where the comment is in response to a node. Display the node. - elseif (user_access('access content')) { - $build['comment_node'] = node_view($node); - } - - // Should we show the reply box? - if ($node->comment != COMMENT_NODE_OPEN) { - drupal_set_message(t("This discussion is closed: you can't post new comments."), 'error'); - drupal_goto("node/$node->nid"); - } - elseif (user_access('post comments')) { - $edit = array('nid' => $node->nid, 'pid' => $pid); - $build['comment_form'] = drupal_get_form('comment_form', (object) $edit); - } else { - drupal_set_message(t('You are not authorized to post comments.'), 'error'); + drupal_set_message(t('You are not authorized to view comments.'), 'error'); drupal_goto("node/$node->nid"); } } - } - else { - drupal_set_message(t('You are not authorized to view comments.'), 'error'); - drupal_goto("node/$node->nid"); + // This is the case where the comment is in response to a node. Display the node. + elseif (user_access('access content')) { + $build['comment_node'] = node_view($node); + } + + // Should we show the reply box? + if ($node->comment != COMMENT_NODE_OPEN) { + drupal_set_message(t("This discussion is closed: you can't post new comments."), 'error'); + drupal_goto("node/$node->nid"); + } + elseif (user_access('post comments')) { + $edit = array('nid' => $node->nid, 'pid' => $pid); + $build['comment_form'] = drupal_get_form('comment_form', (object) $edit); + } + else { + drupal_set_message(t('You are not authorized to post comments.'), 'error'); + drupal_goto("node/$node->nid"); + } } return $build; } /** * Menu callback; publish specified comment. * * @param $cid Index: modules/comment/comment.test =================================================================== RCS file: /cvs/drupal/drupal/modules/comment/comment.test,v retrieving revision 1.82 diff -u -9 -p -r1.82 comment.test --- modules/comment/comment.test 1 Jun 2010 17:58:29 -0000 1.82 +++ modules/comment/comment.test 21 Jun 2010 18:10:39 -0000 @@ -570,36 +570,51 @@ class CommentAnonymous extends CommentHe 'access comments' => FALSE, 'post comments' => FALSE, 'post comments without approval' => FALSE, )); // Attempt to view comments while disallowed. // NOTE: if authenticated user has permission to post comments, then a // "Login or register to post comments" type link may be shown. $this->drupalGet('node/' . $this->node->nid); - $this->assertNoPattern('/
]*?)id="comments"([^>]*?)>/', t('Comments were not displayed.')); - $this->assertNoLink('Add new comment', t('Link to add comment was found.')); + $this->assertNoPattern('@]*>Comments@', t('Comments were not displayed.')); + $this->assertNoLink('Add new comment', 0, t('Link to add comment was found.')); // Attempt to view node-comment form while disallowed. $this->drupalGet('comment/reply/' . $this->node->nid); - $this->assertText('You are not authorized to view comments', t('Error attempting to post comment.')); + $this->assertText('You are not authorized to post comments', t('Error attempting to post comment.')); $this->assertNoFieldByName('subject', '', t('Subject field not found.')); - $this->assertNoFieldByName('comment[value]', '', t('Comment field not found.')); + $this->assertNoFieldByName('comment_body[und][0][value]', '', t('Comment field not found.')); user_role_change_permissions(DRUPAL_ANONYMOUS_RID, array( 'access comments' => TRUE, 'post comments' => FALSE, 'post comments without approval' => FALSE, )); $this->drupalGet('node/' . $this->node->nid); - $this->assertPattern('/
]*?)id="comments"([^>]*?)>/', t('Comments were displayed.')); + $this->assertPattern('@]*>Comments@', t('Comments were displayed.')); $this->assertLink('Log in', 1, t('Link to log in was found.')); $this->assertLink('register', 1, t('Link to register was found.')); + + user_role_change_permissions(DRUPAL_ANONYMOUS_RID, array( + 'access comments' => FALSE, + 'post comments' => TRUE, + 'post comments without approval' => TRUE, + )); + $this->drupalGet('node/' . $this->node->nid); + $this->assertNoPattern('@]*>Comments@', t('Comments were not displayed.')); + $this->assertLink('Add new comment', 0, t('Link to add comment was found.')); + $this->assertFieldByName('subject', '', t('Subject field found.')); + $this->assertFieldByName('comment_body[und][0][value]', '', t('Comment field found.')); + + $this->drupalGet('comment/reply/' . $this->node->nid . '/' . $anonymous_comment3->id); + $this->assertText('You are not authorized to view comments', t('Error attempting to post reply.')); + $this->assertNoText($author_name, t('Comment not displayed.')); } } /** * Verify pagination of comments. */ class CommentPagerTest extends CommentHelperCase { public static function getInfo() {