Right now, comment_links() figures the only people who will ever use comment links are those who are going to post comments. This is a bad assumption -- much of the functionality from this feature comes from administrators being able to use it to delete old comments.
Example case: I built a new D7 website for my alma mater student paper that migrated a metric boatload of badly structured, semi-sanitized content ("...And I'm not just talking about the articles..." *boom-tish*). This included all of the site's unpublished comments -- most of which are spam, some of which contain useful data. The site is now using Disqus for all of its comments, however, given that module won't import existing comments into Disqus, we have left comment.module enabled so that older comments are still visible. To prevent the old "add comment" form from also being displayed (not to mention accessible by spambots), none of the site's roles have comment.module's "post comments" permission, but some have "administer comments".
Occasionally we run into an old story that's gotten hit really hard by comment spam not caught by the previous system's Rube Goldberg-esque filtering system. The current "Comments" tab in /admin/content is useless for getting rid of these -- even with Admin Views enabled (Without Admin Views -- forget about it.). However, since comment_links() requires the "post comments" role for it to return links to the template, this is not possible.
I've written a patch that changes the if ... elseif to two separate if statements. Please see attached.
Comment | File | Size | Author |
---|---|---|---|
#8 | comment-permissions_for_comment_links-1918118-8.patch | 3.12 KB | aendra |
Comments
Comment #1
aendra CreditAttribution: aendra commentedAttached here, rather.
Comment #2
marcingy CreditAttribution: marcingy commentedFeatures need to go in d8 first but the patch itself looks good.
Comment #3
aendra CreditAttribution: aendra commented@marcingy -- Thanks! I've made a Drupal 8 version, attached.
Comment #4
marcingy CreditAttribution: marcingy commentedComment #5
webchickI've run into this use case, too. However, we need automated tests that show the functionality works as expected. See http://drupal.org/simpletest or drop by core mentoring hours if you need a hand!
Also, re-classifying this as a task, rather than a feature.
Comment #6
webchick...which means I don't need that tag. :)
Comment #7
webchickSheesh. :) Getting late.
Comment #8
aendra CreditAttribution: aendra commentedUpdated D8 patch with revised tests -- I modified the "anonymous" test case so, instead of being an admin, is merely a user with 'administer comments' and 'post comments' abilities.
Comment #9
Gábor HojtsyI think this might technically/practically work well, but it looks odd that the anonymous user role is repurposed for admin tasks. It would be great to get a second opinion.
Comment #11
Xen CreditAttribution: Xen at Reload commentedThis patch has been rendered obsolete by the rewrite to entity access.
There doesn't seem to be any comment access tests, but the question is whether testing this permission explicitly isn't a bit over the top.
Comment #12
andypostThere's related issue to fix comment links, but it does not stop this one
Comment #13
mgiffordThere has been no new work on this issue in quite some time. So I'm assuming the person assigned is no longer being actively pursuing it. Sincere apologies if this is wrong.
Comment #14
andypostComment links are rendered by
\Drupal\comment\CommentPostRenderCache::renderLinks
and this is not an issue now.But I discovered that render of links has different theme function
links__comment__comment
vslinks__comment
depending on "in_preview" context - that needs separate issue #2477127: Use consistently links__comment in \Drupal\comment\CommentPostRenderCache::renderLinks()So moving to d7
Comment #15
kennybell CreditAttribution: kennybell as a volunteer commentedI tested the patch from the #1, that one apply to D7.
The patch apply cleanly to the last dev D7 version.
No Reroll needed, no Backport needed.