Right now, comment_links() figures the only people who will ever use comment links are those who are going to post comments. This is a bad assumption -- much of the functionality from this feature comes from administrators being able to use it to delete old comments.

Example case: I built a new D7 website for my alma mater student paper that migrated a metric boatload of badly structured, semi-sanitized content ("...And I'm not just talking about the articles..." *boom-tish*). This included all of the site's unpublished comments -- most of which are spam, some of which contain useful data. The site is now using Disqus for all of its comments, however, given that module won't import existing comments into Disqus, we have left comment.module enabled so that older comments are still visible. To prevent the old "add comment" form from also being displayed (not to mention accessible by spambots), none of the site's roles have comment.module's "post comments" permission, but some have "administer comments".

Occasionally we run into an old story that's gotten hit really hard by comment spam not caught by the previous system's Rube Goldberg-esque filtering system. The current "Comments" tab in /admin/content is useless for getting rid of these -- even with Admin Views enabled (Without Admin Views -- forget about it.). However, since comment_links() requires the "post comments" role for it to return links to the template, this is not possible.

I've written a patch that changes the if ... elseif to two separate if statements. Please see attached.

CommentFileSizeAuthor
#8 comment-permissions_for_comment_links-1918118-8.patch3.12 KBaendra
#3 comment-permissions_for_comment_links-1918118-3.patch1.48 KBaendra
#1 comment-permissions_for_comment_links-1918118-1.patch1.41 KBaendra
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

aendra’s picture

aendra CreditAttribution: aendra commented
Status: Active » Needs review
FileSize
comment-permissions_for_comment_links-1918118-1.patch1.41 KB

Attached here, rather.

marcingy’s picture

marcingy CreditAttribution: marcingy commented
Version: 7.x-dev » 8.x-dev
Status: Needs review » Needs work
Issue tags: +Needs backport to D7

Features need to go in d8 first but the patch itself looks good.

aendra’s picture

aendra CreditAttribution: aendra commented
Status: Needs work » Needs review
FileSize
comment-permissions_for_comment_links-1918118-3.patch1.48 KB

@marcingy -- Thanks! I've made a Drupal 8 version, attached.

marcingy’s picture

marcingy CreditAttribution: marcingy commented
Status: Needs review » Reviewed & tested by the community
webchick’s picture

webchick
she/they
Primary language English
Location Vancouver 🇨🇦
CreditAttribution: webchick commented
Category: feature » task
Issue tags: +Needs tests, +RTBC Feb 18

I've run into this use case, too. However, we need automated tests that show the functionality works as expected. See http://drupal.org/simpletest or drop by core mentoring hours if you need a hand!

Also, re-classifying this as a task, rather than a feature.

webchick’s picture

webchick
she/they
Primary language English
Location Vancouver 🇨🇦
CreditAttribution: webchick commented
Issue tags: -RTBC Feb 18

...which means I don't need that tag. :)

webchick’s picture

webchick
she/they
Primary language English
Location Vancouver 🇨🇦
CreditAttribution: webchick commented
Status: Reviewed & tested by the community » Needs work

Sheesh. :) Getting late.

aendra’s picture

aendra CreditAttribution: aendra commented
Status: Needs work » Needs review
FileSize
comment-permissions_for_comment_links-1918118-8.patch3.12 KB

Updated D8 patch with revised tests -- I modified the "anonymous" test case so, instead of being an admin, is merely a user with 'administer comments' and 'post comments' abilities.

Gábor Hojtsy’s picture

Gábor Hojtsy
he/him
Primary language Hungarian
Location Hungary
CreditAttribution: Gábor Hojtsy commented

I think this might technically/practically work well, but it looks odd that the anonymous user role is repurposed for admin tasks. It would be great to get a second opinion.

Status: Needs review » Needs work

The last submitted patch, comment-permissions_for_comment_links-1918118-8.patch, failed testing.

Xen’s picture

Xen CreditAttribution: Xen at Reload commented

This patch has been rendered obsolete by the rewrite to entity access.

There doesn't seem to be any comment access tests, but the question is whether testing this permission explicitly isn't a bit over the top.

andypost’s picture

andypost
he/him
Primary language Russian
CreditAttribution: andypost commented
Issue tags: +Needs reroll, +Needs issue summary update
Related issues: +#2377849: Simplify what CommentLinkBuilder is doing - consider removing a lot of the functionality

There's related issue to fix comment links, but it does not stop this one

mgifford’s picture

mgifford
he/him
Primary language English
CreditAttribution: mgifford commented
Assigned: aendra » Unassigned

There has been no new work on this issue in quite some time. So I'm assuming the person assigned is no longer being actively pursuing it. Sincere apologies if this is wrong.

andypost’s picture

andypost
he/him
Primary language Russian
CreditAttribution: andypost commented
Version: 8.0.x-dev » 7.x-dev

Comment links are rendered by \Drupal\comment\CommentPostRenderCache::renderLinks and this is not an issue now.
But I discovered that render of links has different theme function links__comment__comment vs links__comment depending on "in_preview" context - that needs separate issue #2477127: Use consistently links__comment in \Drupal\comment\CommentPostRenderCache::renderLinks()

So moving to d7

kennybell’s picture

kennybell CreditAttribution: kennybell as a volunteer commented
Status: Needs work » Needs review
Issue tags: -Needs backport to D7, -Needs reroll +drupalcampcr2017

I tested the patch from the #1, that one apply to D7.

The patch apply cleanly to the last dev D7 version.

No Reroll needed, no Backport needed.