Index: modules/comment/comment.module =================================================================== RCS file: /cvs/drupal/drupal/modules/comment/comment.module,v retrieving revision 1.887 diff -u -p -r1.887 comment.module --- modules/comment/comment.module 30 Jul 2010 02:50:37 -0000 1.887 +++ modules/comment/comment.module 4 Aug 2010 16:00:47 -0000 @@ -698,7 +698,7 @@ function comment_node_view($node, $view_ // page. We compare $node and $page_node to ensure that comments are not // appended to other nodes shown on the page, for example a node_reference // displayed in 'full' view mode within another node. - if ($node->comment && node_is_page($node) && empty($node->in_preview) && user_access('access comments')) { + if ($node->comment && node_is_page($node) && empty($node->in_preview)) { $node->content['comments'] = comment_node_page_additions($node); } } @@ -716,7 +716,7 @@ function comment_node_page_additions($no // Only attempt to render comments if the node has visible comments. // Unpublished comments are not included in $node->comment_count, so show // comments unconditionally if the user is an administrator. - if ($node->comment_count || user_access('administer comments')) { + if (($node->comment_count && user_access('access comments')) || user_access('administer comments')) { $mode = variable_get('comment_default_mode_' . $node->type, COMMENT_MODE_THREADED); $comments_per_page = variable_get('comment_default_per_page_' . $node->type, 50); if ($cids = comment_get_thread($node, $mode, $comments_per_page)) { Index: modules/comment/comment.pages.inc =================================================================== RCS file: /cvs/drupal/drupal/modules/comment/comment.pages.inc,v retrieving revision 1.39 diff -u -p -r1.39 comment.pages.inc --- modules/comment/comment.pages.inc 10 Jun 2010 06:57:20 -0000 1.39 +++ modules/comment/comment.pages.inc 4 Aug 2010 16:00:47 -0000 @@ -33,26 +33,26 @@ function comment_reply($node, $pid = NUL $op = isset($_POST['op']) ? $_POST['op'] : ''; $build = array(); - if (user_access('access comments')) { - // The user is previewing a comment prior to submitting it. - if ($op == t('Preview')) { - if (user_access('post comments')) { - $build['comment_form'] = drupal_get_form('comment_form', (object) array('pid' => $pid, 'nid' => $node->nid)); - } - else { - drupal_set_message(t('You are not authorized to post comments.'), 'error'); - drupal_goto("node/$node->nid"); - } + // The user is previewing a comment prior to submitting it. + if ($op == t('Preview')) { + if (user_access('post comments')) { + $build['comment_form'] = drupal_get_form('comment_form', (object) array('pid' => $pid, 'nid' => $node->nid)); } else { - // $pid indicates that this is a reply to a comment. - if ($pid) { + drupal_set_message(t('You are not authorized to post comments.'), 'error'); + drupal_goto("node/$node->nid"); + } + } + else { + // $pid indicates that this is a reply to a comment. + if ($pid) { + if (user_access('access comments')) { // Load the comment whose cid = $pid $comment = db_query('SELECT c.*, u.uid, u.name AS registered_name, u.signature, u.signature_format, u.picture, u.data FROM {comment} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.cid = :cid AND c.status = :status', array( ':cid' => $pid, ':status' => COMMENT_PUBLISHED, ))->fetchObject(); - if ( $comment ) { + if ($comment) { // If that comment exists, make sure that the current comment and the // parent comment both belong to the same parent node. if ($comment->nid != $node->nid) { @@ -71,29 +71,29 @@ function comment_reply($node, $pid = NUL drupal_goto("node/$node->nid"); } } - // This is the case where the comment is in response to a node. Display the node. - elseif (user_access('access content')) { - $build['comment_node'] = node_view($node); - } - - // Should we show the reply box? - if ($node->comment != COMMENT_NODE_OPEN) { - drupal_set_message(t("This discussion is closed: you can't post new comments."), 'error'); - drupal_goto("node/$node->nid"); - } - elseif (user_access('post comments')) { - $edit = array('nid' => $node->nid, 'pid' => $pid); - $build['comment_form'] = drupal_get_form('comment_form', (object) $edit); - } else { - drupal_set_message(t('You are not authorized to post comments.'), 'error'); + drupal_set_message(t('You are not authorized to view comments.'), 'error'); drupal_goto("node/$node->nid"); } } - } - else { - drupal_set_message(t('You are not authorized to view comments.'), 'error'); - drupal_goto("node/$node->nid"); + // This is the case where the comment is in response to a node. Display the node. + elseif (user_access('access content')) { + $build['comment_node'] = node_view($node); + } + + // Should we show the reply box? + if ($node->comment != COMMENT_NODE_OPEN) { + drupal_set_message(t("This discussion is closed: you can't post new comments."), 'error'); + drupal_goto("node/$node->nid"); + } + elseif (user_access('post comments')) { + $edit = array('nid' => $node->nid, 'pid' => $pid); + $build['comment_form'] = drupal_get_form('comment_form', (object) $edit); + } + else { + drupal_set_message(t('You are not authorized to post comments.'), 'error'); + drupal_goto("node/$node->nid"); + } } return $build; Index: modules/comment/comment.test =================================================================== RCS file: /cvs/drupal/drupal/modules/comment/comment.test,v retrieving revision 1.85 diff -u -p -r1.85 comment.test --- modules/comment/comment.test 20 Jul 2010 02:05:13 -0000 1.85 +++ modules/comment/comment.test 4 Aug 2010 16:07:16 -0000 @@ -576,14 +576,14 @@ class CommentAnonymous extends CommentHe // NOTE: if authenticated user has permission to post comments, then a // "Login or register to post comments" type link may be shown. $this->drupalGet('node/' . $this->node->nid); - $this->assertNoPattern('/
]*?)id="comments"([^>]*?)>/', t('Comments were not displayed.')); - $this->assertNoLink('Add new comment', t('Link to add comment was found.')); + $this->assertNoPattern('@]*>Comments@', t('Comments were not displayed.')); + $this->assertNoLink('Add new comment', 0, t('Link to add comment was found.')); // Attempt to view node-comment form while disallowed. $this->drupalGet('comment/reply/' . $this->node->nid); - $this->assertText('You are not authorized to view comments', t('Error attempting to post comment.')); + $this->assertText('You are not authorized to post comments', t('Error attempting to post comment.')); $this->assertNoFieldByName('subject', '', t('Subject field not found.')); - $this->assertNoFieldByName('comment[value]', '', t('Comment field not found.')); + $this->assertNoFieldByName('comment_body[und][0][value]', '', t('Comment field not found.')); user_role_change_permissions(DRUPAL_ANONYMOUS_RID, array( 'access comments' => TRUE, @@ -591,9 +591,23 @@ class CommentAnonymous extends CommentHe 'post comments without approval' => FALSE, )); $this->drupalGet('node/' . $this->node->nid); - $this->assertPattern('/
]*?)id="comments"([^>]*?)>/', t('Comments were displayed.')); + $this->assertPattern('@]*>Comments@', t('Comments were displayed.')); $this->assertLink('Log in', 1, t('Link to log in was found.')); $this->assertLink('register', 1, t('Link to register was found.')); + + user_role_change_permissions(DRUPAL_ANONYMOUS_RID, array( + 'access comments' => FALSE, + 'post comments' => TRUE, + 'post comments without approval' => TRUE, + )); + $this->drupalGet('node/' . $this->node->nid); + $this->assertNoPattern('@]*>Comments@', t('Comments were not displayed.')); + $this->assertFieldByName('subject', '', t('Subject field found.')); + $this->assertFieldByName('comment_body[und][0][value]', '', t('Comment field found.')); + + $this->drupalGet('comment/reply/' . $this->node->nid . '/' . $anonymous_comment3->id); + $this->assertText('You are not authorized to view comments', t('Error attempting to post reply.')); + $this->assertNoText($author_name, t('Comment not displayed.')); } }