The "edit" link on comments needs to be produced through an AJAX call instead of produced automatically by Javascript. For one thing, a user with "administer comments" permission will never see the link on other people's comments, which that user has permission to edit. Also, the link needs to pass through hook_link_alter to give other modules a chance to change the output.

Comments

meustrus’s picture

Does anybody see this issue? Here's some skeleton code to replace the respective functions in 6.x-1.0-rc2 to at least fix the 'administer comments' issue:

/**
 * Process comment template variables
 *
 * @see comment.module
 * Replace "new" marker with empty span containing timestamp info
 * Add "edit" uid span for JS phase
 */
function authcache_preprocess_comment(&$variables) {

  // Will use Ajax to determine whether to display "new" marker for user
  if ($variables['is_page_authcache']) {
    $variables['new'] = 'timestamp . '">';

    // These comments are still editable
    if ($variables['user']->uid && !user_access('administer comments') && comment_num_replies($variables['comment']->cid) == 0) {
      $variables['links'] .= 'uid . ' comment-id-' . $variables['comment']->cid . '">';
    }
  }
}

/**
 * Overridden to handle $links
 * @see comment.module
 */
function theme_authcache_comment_view($comment, $node, $links = array(), $visible = TRUE) {
  global $user, $is_page_authcache;
  
  if ($user->uid && !user_access('administer comments') && $is_page_authcache) {
    unset($links['comment_edit']);
  }
  
  return theme_comment_view($comment, $node, $links, $visible);
}

It pretty much just disables the Edit link javascript if the user has "administer comments," under the assumption that the entire role has "administer comments" permission. Ideally, the comment_preprocess function would always add a tag to replace the links with values retrieved from AJAX instead of conditionally adding a tag to add the edit link. But, I don't know how Drupal AJAX works and so couldn't put together a bit of code to exemplify.

znerol’s picture

Issue summary: View changes
Status: Active » Closed (outdated)