Index: core/modules/comment/src/CommentPermissions.php IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- core/modules/comment/src/CommentPermissions.php (revision ) +++ core/modules/comment/src/CommentPermissions.php (revision ) @@ -0,0 +1,63 @@ +buildPermissions($type); + } + return $perms; + } + + /** + * Returns a list of comment permissions for a given comment type. + * + * @param \Drupal\comment\Entity\CommentType $type + * The comment type. + * + * @return array + * An associative array of permission names and descriptions. + */ + protected function buildPermissions(CommentType $type) { + $type_id = $type->id(); + $args = array('%type_name' => $type->label()); + + return array( + 'access comments ' . $type_id => array( + 'title' => $this->t('%type_name: View comments', $args), + ), + 'post comments ' . $type_id => array( + 'title' => $this->t('%type_name: Post comments', $args), + ), + 'reply comments ' . $type_id => array( + 'title' => $this->t('%type_name: Reply comments', $args), + ), + 'skip comment approval ' . $type_id => array( + 'title' => $this->t('%type_name: Skip comment approval', $args), + ), + 'edit own comments ' . $type_id => array( + 'title' => $this->t('%type_name: Edit own comments', $args), + ), + ); + } + +} Index: core/modules/comment/src/CommentManager.php IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- core/modules/comment/src/CommentManager.php (date 1481849872000) +++ core/modules/comment/src/CommentManager.php (revision ) @@ -66,6 +66,13 @@ */ protected $currentUser; + /** + * Comment types indexing permissions. + * + * @var array + */ + protected $typesIndexPermissions = array(); + /** * Construct the CommentManager object. * @@ -149,7 +156,7 @@ $this->authenticatedCanPostComments = $this->entityManager ->getStorage('user_role') ->load(RoleInterface::AUTHENTICATED_ID) - ->hasPermission('post comments'); + ->hasPermission('post comments ' . $entity->{$field_name}->getSetting('comment_type')); } if ($this->authenticatedCanPostComments) { @@ -226,4 +233,38 @@ return FALSE; } + /** + * {@inheritdoc} + */ + public function isIndexingAvailable(EntityInterface $entity, $field_name) { + $comment_type = $entity->{$field_name}->getSetting('comment_type'); + + if (array_key_exists($comment_type, $this->typesIndexPermissions)) { + return $this->typesIndexPermissions[$comment_type]; + } + + // Do not index in the following three cases: + // 1. 'Authenticated user' can search content but can't access comments. + // 2. 'Anonymous user' can search content but can't access comments. + // 3. Any role can search content but can't access comments and access + // comments is not granted by the 'authenticated user' role. In this case + // all users might have both permissions from various roles but it is also + // possible to set up a user to have only search content and so a user + // edit could change the security situation so it is not safe to index the + // comments. + $this->typesIndexPermissions[$comment_type] = TRUE; + $roles = $this->entityManager->getStorage('user_role')->loadMultiple(); + $authenticated_can_access = $roles[RoleInterface::AUTHENTICATED_ID]->hasPermission('access comments ' . $comment_type); + foreach ($roles as $rid => $role) { + if ($role->hasPermission('search content') && !$role->hasPermission('access comments ' . $comment_type)) { + if ($rid == RoleInterface::AUTHENTICATED_ID || $rid == RoleInterface::ANONYMOUS_ID || !$authenticated_can_access) { + $this->typesIndexPermissions[$comment_type] = FALSE; + break; + } + } + } + + return $this->typesIndexPermissions[$comment_type]; + } + } Index: core/modules/comment/comment.module IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- core/modules/comment/comment.module (date 1481849872000) +++ core/modules/comment/comment.module (revision ) @@ -423,48 +423,25 @@ * Implements hook_node_update_index(). */ function comment_node_update_index(EntityInterface $node) { - $index_comments = &drupal_static(__FUNCTION__); - - if ($index_comments === NULL) { - // Do not index in the following three cases: - // 1. 'Authenticated user' can search content but can't access comments. - // 2. 'Anonymous user' can search content but can't access comments. - // 3. Any role can search content but can't access comments and access - // comments is not granted by the 'authenticated user' role. In this case - // all users might have both permissions from various roles but it is also - // possible to set up a user to have only search content and so a user - // edit could change the security situation so it is not safe to index the - // comments. - $index_comments = TRUE; - $roles = \Drupal::entityManager()->getStorage('user_role')->loadMultiple(); - $authenticated_can_access = $roles[RoleInterface::AUTHENTICATED_ID]->hasPermission('access comments'); - foreach ($roles as $rid => $role) { - if ($role->hasPermission('search content') && !$role->hasPermission('access comments')) { - if ($rid == RoleInterface::AUTHENTICATED_ID || $rid == RoleInterface::ANONYMOUS_ID || !$authenticated_can_access) { - $index_comments = FALSE; - break; - } - } - } - } - $build = array(); + $manager = \Drupal::service('comment.manager'); - if ($index_comments) { - foreach (\Drupal::service('comment.manager')->getFields('node') as $field_name => $info) { - // Skip fields that entity does not have. - if (!$node->hasField($field_name)) { - continue; - } - $field_definition = $node->getFieldDefinition($field_name); - $mode = $field_definition->getSetting('default_mode'); - $comments_per_page = $field_definition->getSetting('per_page'); - if ($node->get($field_name)->status) { - $comments = \Drupal::entityManager()->getStorage('comment') - ->loadThread($node, $field_name, $mode, $comments_per_page); - if ($comments) { - $build[] = \Drupal::entityManager()->getViewBuilder('comment')->viewMultiple($comments); - } + foreach ($manager->getFields('node') as $field_name => $info) { + // Skip fields that entity does not have. + if (!$node->hasField($field_name)) { + continue; + } + if (!$manager->isIndexingAvailable($node, $field_name)) { + continue; + } + $field_definition = $node->getFieldDefinition($field_name); + $mode = $field_definition->getSetting('default_mode'); + $comments_per_page = $field_definition->getSetting('per_page'); + if ($node->get($field_name)->status) { + $comments = \Drupal::entityManager()->getStorage('comment') + ->loadThread($node, $field_name, $mode, $comments_per_page); + if ($comments) { + $build[] = \Drupal::entityManager()->getViewBuilder('comment')->viewMultiple($comments); } } } @@ -497,7 +474,7 @@ } // Do not make a string if comments are hidden. $status = $node->get($field_name)->status; - if (\Drupal::currentUser()->hasPermission('access comments') && $status != CommentItemInterface::HIDDEN) { + if (\Drupal::currentUser()->hasPermission('access comments ' . $node->{$field_name}->getSetting('comment_type')) && $status != CommentItemInterface::HIDDEN) { if ($status == CommentItemInterface::OPEN) { // At least one comment field is open. $open = TRUE; Index: core/modules/comment/src/CommentForm.php IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- core/modules/comment/src/CommentForm.php (date 1481849872000) +++ core/modules/comment/src/CommentForm.php (revision ) @@ -127,7 +127,7 @@ } } else { - $status = ($this->currentUser->hasPermission('skip comment approval') ? CommentInterface::PUBLISHED : CommentInterface::NOT_PUBLISHED); + $status = ($this->currentUser->hasPermission('skip comment approval ' . $comment->bundle()) ? CommentInterface::PUBLISHED : CommentInterface::NOT_PUBLISHED); } $date = ''; @@ -352,7 +352,7 @@ $uri = $entity->urlInfo(); $logger = $this->logger('content'); - if ($this->currentUser->hasPermission('post comments') && ($this->currentUser->hasPermission('administer comments') || $entity->{$field_name}->status == CommentItemInterface::OPEN)) { + if ($this->currentUser->hasPermission('post comments ' . $comment->bundle()) && ($this->currentUser->hasPermission('administer comments') || $entity->{$field_name}->status == CommentItemInterface::OPEN)) { $comment->save(); $form_state->setValue('cid', $comment->id()); Index: core/modules/comment/src/Controller/CommentController.php IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- core/modules/comment/src/Controller/CommentController.php (date 1481849872000) +++ core/modules/comment/src/Controller/CommentController.php (revision ) @@ -119,12 +119,17 @@ if (!$entity->access('view')) { throw new AccessDeniedHttpException(); } - $field_definition = $this->entityManager()->getFieldDefinitions($entity->getEntityTypeId(), $entity->bundle())[$comment->getFieldName()]; + $field_definition = $this->entityManager() + ->getFieldDefinitions($entity->getEntityTypeId(), $entity->bundle())[$comment->getFieldName()]; // Find the current display page for this comment. - $page = $this->entityManager()->getStorage('comment')->getDisplayOrdinal($comment, $field_definition->getSetting('default_mode'), $field_definition->getSetting('per_page')); + $page = $this->entityManager() + ->getStorage('comment') + ->getDisplayOrdinal($comment, $field_definition->getSetting('default_mode'), $field_definition->getSetting('per_page')); // @todo: Cleaner sub request handling. - $subrequest_url = $entity->urlInfo()->setOption('query', ['page' => $page])->toString(TRUE); + $subrequest_url = $entity->urlInfo() + ->setOption('query', ['page' => $page]) + ->toString(TRUE); $redirect_request = Request::create($subrequest_url->getGeneratedUrl(), 'GET', $request->query->all(), $request->cookies->all(), array(), $request->server->all()); // Carry over the session to the subrequest. if ($session = $request->getSession()) { @@ -221,7 +226,9 @@ // Load the parent comment. $comment = $this->entityManager()->getStorage('comment')->load($pid); // Display the parent comment. - $build['comment_parent'] = $this->entityManager()->getViewBuilder('comment')->view($comment); + $build['comment_parent'] = $this->entityManager() + ->getViewBuilder('comment') + ->view($comment); } // The comment is in response to a entity. @@ -231,7 +238,9 @@ $entity = clone $entity; $entity->{$field_name}->status = CommentItemInterface::HIDDEN; // Render array of the entity full view mode. - $build['commented_entity'] = $this->entityManager()->getViewBuilder($entity->getEntityTypeId())->view($entity, 'full'); + $build['commented_entity'] = $this->entityManager() + ->getViewBuilder($entity->getEntityTypeId()) + ->view($entity, 'full'); unset($build['commented_entity']['#cache']); } } @@ -277,16 +286,19 @@ $account = $this->currentUser(); // Check if the user has the proper permissions. - $access = AccessResult::allowedIfHasPermission($account, 'post comments'); + $comment_type = $entity->{$field_name}->getSetting('comment_type'); + + if (!$pid) { + $access = AccessResult::allowedIfHasPermission($account, 'post comments ' . $comment_type); - $status = $entity->{$field_name}->status; - $access = $access->andIf(AccessResult::allowedIf($status == CommentItemInterface::OPEN) - ->addCacheableDependency($entity)); - + $status = $entity->{$field_name}->status; + $access = $access->andIf(AccessResult::allowedIf($status == CommentItemInterface::OPEN) + ->addCacheableDependency($entity)); + } // $pid indicates that this is a reply to a comment. - if ($pid) { + else { // Check if the user has the proper permissions. - $access = $access->andIf(AccessResult::allowedIfHasPermission($account, 'access comments')); + $access = AccessResult::allowedIfHasPermission($account, 'reply comments ' . $comment_type); /// Load the parent comment. $comment = $this->entityManager()->getStorage('comment')->load($pid); @@ -333,7 +345,11 @@ $query = $page_number ? array('page' => $page_number) : NULL; $links[$nid] = array( 'new_comment_count' => (int) $new, - 'first_new_comment_link' => $this->getUrlGenerator()->generateFromRoute('entity.node.canonical', array('node' => $node->id()), array('query' => $query, 'fragment' => 'new')), + 'first_new_comment_link' => $this->getUrlGenerator() + ->generateFromRoute('entity.node.canonical', array('node' => $node->id()), array( + 'query' => $query, + 'fragment' => 'new' + )), ); } Index: core/modules/comment/src/CommentLazyBuilders.php IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- core/modules/comment/src/CommentLazyBuilders.php (date 1481849872000) +++ core/modules/comment/src/CommentLazyBuilders.php (revision ) @@ -166,34 +166,40 @@ $status = $commented_entity->get($entity->getFieldName())->status; if ($status == CommentItemInterface::OPEN) { - if ($entity->access('delete')) { + $delete_url = $entity->urlInfo('delete-form'); + if ($delete_url->access()) { $links['comment-delete'] = array( 'title' => t('Delete'), - 'url' => $entity->urlInfo('delete-form'), + 'url' => $delete_url, ); } - if ($entity->access('update')) { + $update_url = $entity->urlInfo('edit-form'); + if ($update_url->access()) { $links['comment-edit'] = array( 'title' => t('Edit'), - 'url' => $entity->urlInfo('edit-form'), + 'url' => $update_url, ); } - if ($entity->access('create')) { - $links['comment-reply'] = array( - 'title' => t('Reply'), - 'url' => Url::fromRoute('comment.reply', [ - 'entity_type' => $entity->getCommentedEntityTypeId(), - 'entity' => $entity->getCommentedEntityId(), - 'field_name' => $entity->getFieldName(), - 'pid' => $entity->id(), - ]), + + $create_url = Url::fromRoute('comment.reply', [ + 'entity_type' => $entity->getCommentedEntityTypeId(), + 'entity' => $entity->getCommentedEntityId(), + 'field_name' => $entity->getFieldName(), + 'pid' => $entity->id(), + ]); + if ($create_url->access()) { + $links['comment-reply'] = array( + 'title' => t('Reply'), + 'url' => $create_url, ); } - if (!$entity->isPublished() && $entity->access('approve')) { + + $approve_url = Url::fromRoute('comment.approve', ['comment' => $entity->id()]); + if (!$entity->isPublished() && $approve_url->access()) { $links['comment-approve'] = array( 'title' => t('Approve'), - 'url' => Url::fromRoute('comment.approve', ['comment' => $entity->id()]), + 'url' => $approve_url, ); } if (empty($links) && $this->currentUser->isAnonymous()) { Index: core/modules/comment/src/CommentAccessControlHandler.php IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- core/modules/comment/src/CommentAccessControlHandler.php (date 1481849872000) +++ core/modules/comment/src/CommentAccessControlHandler.php (revision ) @@ -36,11 +36,11 @@ switch ($operation) { case 'view': - return AccessResult::allowedIf($account->hasPermission('access comments') && $entity->isPublished())->cachePerPermissions()->addCacheableDependency($entity) + return AccessResult::allowedIf($account->hasPermission('access comments ' . $entity->bundle()) && $entity->isPublished())->cachePerPermissions()->addCacheableDependency($entity) ->andIf($entity->getCommentedEntity()->access($operation, $account, TRUE)); case 'update': - return AccessResult::allowedIf($account->id() && $account->id() == $entity->getOwnerId() && $entity->isPublished() && $account->hasPermission('edit own comments'))->cachePerPermissions()->cachePerUser()->addCacheableDependency($entity); + return AccessResult::allowedIf($account->id() && $account->id() == $entity->getOwnerId() && $entity->isPublished() && $account->hasPermission('edit own comments ' . $entity->bundle()))->cachePerPermissions()->cachePerUser()->addCacheableDependency($entity); default: // No opinion. @@ -52,7 +52,7 @@ * {@inheritdoc} */ protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) { - return AccessResult::allowedIfHasPermission($account, 'post comments'); + return AccessResult::allowedIfHasPermission($account, 'post comments ' . $entity_bundle); } /** @@ -90,7 +90,7 @@ ]; if ($items && ($entity = $items->getEntity()) && $entity->isNew() && in_array($field_definition->getName(), $create_only_fields, TRUE)) { // We are creating a new comment, user can edit create only fields. - return AccessResult::allowedIfHasPermission($account, 'post comments')->addCacheableDependency($entity); + return AccessResult::allowedIfHasPermission($account, 'post comments ' . $entity->bundle())->addCacheableDependency($entity); } // We are editing an existing comment - create only fields are now read // only. @@ -115,7 +115,7 @@ $commented_entity = $entity->getCommentedEntity(); $anonymous_contact = $commented_entity->get($entity->getFieldName())->getFieldDefinition()->getSetting('anonymous'); $admin_access = AccessResult::allowedIfHasPermission($account, 'administer comments'); - $anonymous_access = AccessResult::allowedIf($entity->isNew() && $account->isAnonymous() && $anonymous_contact != COMMENT_ANONYMOUS_MAYNOT_CONTACT && $account->hasPermission('post comments')) + $anonymous_access = AccessResult::allowedIf($entity->isNew() && $account->isAnonymous() && $anonymous_contact != COMMENT_ANONYMOUS_MAYNOT_CONTACT && $account->hasPermission('post comments ' . $entity->bundle())) ->cachePerPermissions() ->addCacheableDependency($entity) ->addCacheableDependency($field_definition->getConfig($commented_entity->bundle())) Index: core/modules/comment/src/CommentFieldItemList.php IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- core/modules/comment/src/CommentFieldItemList.php (date 1481849872000) +++ core/modules/comment/src/CommentFieldItemList.php (revision ) @@ -56,8 +56,8 @@ // takes care of showing the thread and form based on individual // permissions, so if a user only has ‘post comments’ access, only the // form will be shown and not the comments. - $result = AccessResult::allowedIfHasPermission($account ?: \Drupal::currentUser(), 'access comments') - ->orIf(AccessResult::allowedIfHasPermission($account ?: \Drupal::currentUser(), 'post comments')); + $result = AccessResult::allowedIfHasPermission($account ?: \Drupal::currentUser(), 'access comments ' . $this->getSetting('comment_type')) + ->orIf(AccessResult::allowedIfHasPermission($account ?: \Drupal::currentUser(), 'post comments ' . $this->getSetting('comment_type'))); return $return_as_object ? $result : $result->isAllowed(); } return parent::access($operation, $account, $return_as_object); Index: core/modules/comment/src/CommentManagerInterface.php IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- core/modules/comment/src/CommentManagerInterface.php (date 1481849872000) +++ core/modules/comment/src/CommentManagerInterface.php (revision ) @@ -77,4 +77,17 @@ */ public function getCountNewComments(EntityInterface $entity, $field_name = NULL, $timestamp = 0); + /** + * Check is comments indexing available for requested entity field. + * + * @param \Drupal\Core\Entity\EntityInterface $entity + * Entity object to check. + * @param string $field_name + * Field machine name. + * + * @return bool + * Result of check. + */ + public function isIndexingAvailable(EntityInterface $entity, $field_name); + } Index: core/modules/comment/src/Plugin/Field/FieldFormatter/CommentDefaultFormatter.php IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- core/modules/comment/src/Plugin/Field/FieldFormatter/CommentDefaultFormatter.php (date 1481849872000) +++ core/modules/comment/src/Plugin/Field/FieldFormatter/CommentDefaultFormatter.php (revision ) @@ -161,7 +161,7 @@ // $entity->get($field_name)->comment_count, but unpublished comments // should display if the user is an administrator. $elements['#cache']['contexts'][] = 'user.permissions'; - if ($this->currentUser->hasPermission('access comments') || $this->currentUser->hasPermission('administer comments')) { + if ($this->currentUser->hasPermission('access comments ' . $this->getFieldSetting('comment_type')) || $this->currentUser->hasPermission('administer comments')) { $output['comments'] = []; if ($entity->get($field_name)->comment_count || $this->currentUser->hasPermission('administer comments')) { @@ -190,7 +190,7 @@ if ($status == CommentItemInterface::OPEN && $comment_settings['form_location'] == CommentItemInterface::FORM_BELOW && $this->viewMode != 'print') { // Only show the add comment form if the user has permission. $elements['#cache']['contexts'][] = 'user.roles'; - if ($this->currentUser->hasPermission('post comments')) { + if ($this->currentUser->hasPermission('post comments ' . $this->getFieldSetting('comment_type'))) { $output['comment_form'] = [ '#lazy_builder' => ['comment.lazy_builders:renderForm', [ $entity->getEntityTypeId(), Index: core/modules/comment/src/CommentLinkBuilder.php IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- core/modules/comment/src/CommentLinkBuilder.php (date 1481849872000) +++ core/modules/comment/src/CommentLinkBuilder.php (revision ) @@ -101,7 +101,7 @@ // Teaser view: display the number of comments that have been posted, // or a link to add new comments if the user has permission, the // entity is open to new comments, and there currently are none. - if ($this->currentUser->hasPermission('access comments')) { + if ($this->currentUser->hasPermission('access comments ' . $field_definition->getSetting('comment_type'))) { if (!empty($entity->get($field_name)->comment_count)) { $links['comment-comments'] = array( 'title' => $this->formatPlural($entity->get($field_name)->comment_count, '1 comment', '@count comments'), @@ -125,8 +125,13 @@ } // Provide a link to new comment form. if ($commenting_status == CommentItemInterface::OPEN) { + $comment_form_url = Url::fromRoute('comment.reply', [ + 'entity_type' => $entity->getEntityTypeId(), + 'entity' => $entity->id(), + 'field_name' => $field_name, + ]); $comment_form_location = $field_definition->getSetting('form_location'); - if ($this->currentUser->hasPermission('post comments')) { + if ($comment_form_url->access()) { $links['comment-add'] = array( 'title' => $this->t('Add new comment'), 'language' => $entity->language(), @@ -134,11 +139,7 @@ 'fragment' => 'comment-form', ); if ($comment_form_location == CommentItemInterface::FORM_SEPARATE_PAGE) { - $links['comment-add']['url'] = Url::fromRoute('comment.reply', [ - 'entity_type' => $entity->getEntityTypeId(), - 'entity' => $entity->id(), - 'field_name' => $field_name, - ]); + $links['comment-add']['url'] = $comment_form_url; } else { $links['comment-add'] += ['url' => $entity->urlInfo()]; @@ -157,21 +158,22 @@ // comments. if ($commenting_status == CommentItemInterface::OPEN) { $comment_form_location = $field_definition->getSetting('form_location'); - if ($this->currentUser->hasPermission('post comments')) { + $comment_form_url = Url::fromRoute('comment.reply', [ + 'entity_type' => $entity->getEntityTypeId(), + 'entity' => $entity->id(), + 'field_name' => $field_name, + ]); + if ($comment_form_url->access()) { // Show the "post comment" link if the form is on another page, or // if there are existing comments that the link will skip past. - if ($comment_form_location == CommentItemInterface::FORM_SEPARATE_PAGE || (!empty($entity->get($field_name)->comment_count) && $this->currentUser->hasPermission('access comments'))) { + if ($comment_form_location == CommentItemInterface::FORM_SEPARATE_PAGE || (!empty($entity->get($field_name)->comment_count) && $this->currentUser->hasPermission('access comments ' . $field_definition->getSetting('comment_type')))) { $links['comment-add'] = array( 'title' => $this->t('Add new comment'), 'attributes' => array('title' => $this->t('Share your thoughts and opinions.')), 'fragment' => 'comment-form', ); if ($comment_form_location == CommentItemInterface::FORM_SEPARATE_PAGE) { - $links['comment-add']['url'] = Url::fromRoute('comment.reply', [ - 'entity_type' => $entity->getEntityTypeId(), - 'entity' => $entity->id(), - 'field_name' => $field_name, - ]); + $links['comment-add']['url'] = $comment_form_url; } else { $links['comment-add']['url'] = $entity->urlInfo(); Index: core/modules/comment/src/Plugin/Field/FieldType/CommentItem.php IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- core/modules/comment/src/Plugin/Field/FieldType/CommentItem.php (date 1481849872000) +++ core/modules/comment/src/Plugin/Field/FieldType/CommentItem.php (revision ) @@ -129,7 +129,7 @@ COMMENT_ANONYMOUS_MAY_CONTACT => t('Anonymous posters may leave their contact information'), COMMENT_ANONYMOUS_MUST_CONTACT => t('Anonymous posters must leave their contact information'), ), - '#access' => $anonymous_user->hasPermission('post comments'), + '#access' => $anonymous_user->hasPermission('post comments ' . $this->getSetting('comment_type')), ); $element['form_location'] = array( '#type' => 'checkbox', Index: core/modules/comment/src/Entity/Comment.php IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- core/modules/comment/src/Entity/Comment.php (date 1481849872000) +++ core/modules/comment/src/Entity/Comment.php (revision ) @@ -73,7 +73,7 @@ parent::preSave($storage); if (is_null($this->get('status')->value)) { - $published = \Drupal::currentUser()->hasPermission('skip comment approval') ? CommentInterface::PUBLISHED : CommentInterface::NOT_PUBLISHED; + $published = \Drupal::currentUser()->hasPermission('skip comment approval ' . $this->bundle()) ? CommentInterface::PUBLISHED : CommentInterface::NOT_PUBLISHED; $this->setPublished($published); } if ($this->isNew()) { Index: core/modules/comment/comment.permissions.yml IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- core/modules/comment/comment.permissions.yml (date 1481849872000) +++ core/modules/comment/comment.permissions.yml (revision ) @@ -7,7 +7,12 @@ title: 'View comments' post comments: title: 'Post comments' +reply comments: + title: 'Reply comments' skip comment approval: title: 'Skip comment approval' edit own comments: title: 'Edit own comments' + +permission_callbacks: + - \Drupal\comment\CommentPermissions::commentTypePermissions