Can't delete own comments when "Comment Delete" module is enabled

Same problem. The problem is within ajax comments hook_link_alter, the if statement at line 232. $comment seems to be empty. It's probably because comment delete module has many "$comment =" that redefines it. We need to find a way to reset it in ajax comments.

I'm curious, does Flat Comments work with AJAX Comments? Asking because Flat Comments prevent comments of comments from getting wiped when the parent comment is deleted. Comment Delete could be replaced if that's the case. If not, then perhaps an integration of the two? If anything, could be a 3 way module collision. I haven't used 2 of the 3 modules.

If you're using some other functionality of Comment Delete that I'm not aware of, please disregard my answer. Trying to see if there're alternatives to your issue. :)

I'm using it with flatcomments and I haven't noticed any problems. I don't see how comment delete could be replaced though, since it provides the ability to give users permission to delete own comments.

Regarding the issue, I found a strange thing. If you edit a comment and save it, the delete link is changed to the correct url. But then when you refresh the page again, the $comment->cid is gone again.

EDIT: I managed to make it output the correct path, but it didn't matter. The comment is still not deleted. I tried to deactivate flat comments too, to see if it made a difference, it didn't. There's got to be something with the token validation that causes this problem.

I noticed that the watchdog registers the delete attemps. The delete link leads to ajax_comments/instant_delete/%, regardless of what the url looks like when you hover it. In ajax_comments.module, we can see that the access arguments for the menu callback don't include the permissions provided by comment delete module, so we'll have to add it/them. However, it still doesn't work for me.

Replaced 'access arguments' => array('administer comments'), with 'access arguments' => array('administer comments', 'delete own comments') on line 93.

I believe that I have solved the problem. I'm not sure what access arguments are, but I made an access callback instead and left the access argument as it was. Since our delete link only gets created if a ($links['comment_delete'] exists, I took the path from the already existing link and saved it to a variable. From there I could work out the $comment->cid.

There's a comment in the preprocess function saying "Insert proper delete links here (fix until hook_link_alter will not work propertly)", I think that part can be deleted now.

I'm submitting a patch for review.

I didn't mean to change title, I thought it was the subject of my message. Changing it back.

subscribe

Hi. Thanks for the bug report and contribution. I have a few thoughts -

1) I rolled the issue version ahead to -dev as I'm not looking at any specific fixes to 1.8. The dev branch right now is 1.8 with a bunch of other bugfixes and cleanups, so please use that for suggesting new patches. It didn't exist in that state when this issue was started.

2) In the -dev branch, the callbacks were moved to ajax_comments.pages.inc. The patch in #4 does not reflect that change.

3) Have you tried applying your patch and then disabling those two deletion modules? If so, what happens? Does the original module functionality survive? Or might you need to roll any of this inside of a function_exists() call to tie the changes to the presence of the additional modules? I'm specifically thinking about the ajax_comments_link_alter modification.

I've made a new patch for the dev version as of October 25th 2010. The only thing I really did was adding permissions to the ajax_comments_preprocess_comment function so that it includes the permissions provided with comment delete. I haven't added any support for usercomment module, since I don't use it. It should be simple to include the permissions provided by it as well. The permissions are added with an "or" condition, so it doesn't interfere with the normal ajax comments behaviour. It works as usual with comment delete disabled.

Patch doesn't works for me, I'm using ajax_comments.module,v 1.1.2.30 (because newer versions of ajax_comments doesn't work with quote module which I need).

If you have more than 99 comments on your site you should change #4 patch.

row:

$comment->cid = substr($deletepath, -2);

begin:

$comment->cid = substr($deletepath, strrpos ($deletepath, '/')+1);

Attached the modified patch.

There is a problem with the patches and AJAX Comments:

Freshly added comments submitted via AJAX by a user who only has permission to "delete own comments at anytime" are not getting tokens, and thus are not properly ajaxified (due to the JS file skipping links that do not have the 'token' parameter). However, delete links already present when visiting the page (old comments) all have the correctly tokenized and ajaxified URLs.

For example:

Comment that already exists when visiting the node comment form:

<a href="/comment/delete/504?token=07d0558e8fbc40e45005cb0cafd0abae" class="ajax-comments-processed">delete</a>

VS. a comment that was just added via AJAX, below it:

<a href="/comment/delete/506" class="ajax-comments-processed">delete</a>

Only happens with fresh AJAX comments - comments already there when the page is loaded have properly processed tokens.

I am testing a node with comments from the administrator, who has *all* permissions for both the comment module and the delete_comments module, and comments left by the active user, who has a different role where their only permissions are "post comments without approval" and "delete own comments at anytime".

It seems something needs to be tweaked here, since this is what is providing tokens (or not):

ajax_comments.module - after patching with #4, #9 and #11:

/**
 * Process variables for comment.tpl.php.
 */
function ajax_comments_preprocess_comment(&$variables) {
  $comment = $variables['comment'];

  // Insert proper delete links (fix until hook_link_alter will not work properly)
  if ($variables['links'] && user_access('administer comments') || user_access('delete any comment') || user_access('delete any comments at anytime')) {
    $links = module_invoke_all('link', 'comment', $comment, 0);
    $links['comment_delete'] = array(
      'title' => t('delete'),
      'href' => 'comment/delete/'. $comment->cid,
      'query' => 'token='. drupal_get_token($comment->cid),
    );
    $variables['links'] = isset($links) ? theme('links', $links) : '';
  }

  if (!$comment->cid) {
    $variables['new'] = t('preview');
    $variables['comment']->new = TRUE;
  }
  else {
    $variables['title'] = l($comment->subject, 'node/' . $comment->nid, array('attributes' => array('class' => 'active'), 'fragment' => "comment-$comment->cid"));
  }
}

If I change the line

if ($variables['links'] && user_access('administer comments') || user_access('delete any comment') || user_access('delete any comments at anytime')) {

to:

if ($variables['links'] && user_access('administer comments') || user_access('delete any comment') || user_access('delete own comments at anytime')) {

(changing the permission "delete any comments at anytime" to "delete own comments at anytime") then it works perfectly - fresh comments submitted with AJAX properly get tokens. HOWEVER, at the same time, non-admin users suddenly get the ability to delete other people's comments, which is NOT good. "Delete" links show up next to everyone's comments when I make this change, which betrays the master permission "administer comments" which is NOT selected for this user's role.

Issue is closed because 6.x version is unsupported. Feel free to open new issue for 7.x or 8.x versions of module.