Check "rate content" permission in views [#252914]

I have a view that displays the voting widget that is associated with a node type using the "VotingAPI percent vote result" field.

In the view the permissions are ignored and the widget allows votes to be made. I assume that it should not allow votes and display the static widget if the return of user_access('rate content') is false.

Comments

Comment #1

quicksketch

he/him

CreditAttribution: quicksketch commented 30 April 2008 at 21:08

Title:

view permissions

» Check "rate content" permission in views

Thanks, this indeed sounds like a bug.

Comment #2

CoolDreamZ CreditAttribution: CoolDreamZ commented 19 June 2008 at 06:01

I have the same issue using the Bonus Grid view with a widget embedded in each grid cell. It gives the appearance of a vote for an anonymous user (which is not actually saved as far as I can see)

Comment #3

CoolDreamZ CreditAttribution: CoolDreamZ commented 19 June 2008 at 08:22

An update on this, the widget also displays even if Fivestar is not configured for the related content type

Comment #4

leenwebb CreditAttribution: leenwebb commented 3 July 2008 at 16:47

Subscribing -- I have this same issue; I'm displaying "VotingAPI percent vote value" in my Bonus Grid view, and even though I have fivestar set to never allow anonymous voting, it's letting anonymous users vote.

(I think that's it not actually saving the vote, but I want it to have the same behavior it has on the actual node page -- to just display the votes thus far and not show any rollover behavior at all.)

Comment #5

leenwebb CreditAttribution: leenwebb commented 18 July 2008 at 22:43

In the spirit of trying to make developers cry, I'm posting my hack-tastic workaround for this bug. It is gross, but it works!

In fivestar.module, down way at the bottom around line #1510, I edited the two functions "fivestar_views_widget_compact_handler" and "fivestar_views_widget_normal_handler" like so:

function fivestar_views_widget_compact_handler($op, $filter, $value, &$query) {
	global $user;
	if($user->uid == 0){return fivestar_views_value_display_handler($op, $filter, $value, $query, FALSE);}
	else { return fivestar_views_widget_handler($op, $filter, $value, $query, FALSE);}
}

Ouch. My anonymous vote interval is "never", which is functionally equivalent to being logged in (AKA having a UID of something other than 0). I couldn't figure out how to grab anonymous vote interval, so I grabbed $user instead.

If a user is logged in, they get to vote. If the user isn't logged in, they can see the stars but can't vote.

I was desperate to use Fivestar in some views, so if you are too, feel free to use this code. Hopefully before too long a Fivestar developer will come up with a real solution and save me from myself.