"MDL-23917, by pass permission when view comments in front page"

anovikov · Aug 25, 2010 · 287ccb3 · 287ccb3
1 parent d90dd97
commit 287ccb3
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 5 deletions.
diff --git a/comment/comment_ajax.php b/comment/comment_ajax.php
@@ -31,11 +31,13 @@
 
 $action    = optional_param('action',    '', PARAM_ALPHA);
 
+$ignore_permission = false;
 // XXX: display comments in frontpage without login
 if ($context->id != get_context_instance(CONTEXT_COURSE, SITEID)->id
     or $action == 'add'
     or $action == 'delete') {
-        require_login($course, true, $cm);
+    $ignore_permission = true;
+    require_login($course, true, $cm);
 }
 require_sesskey();
 
@@ -59,6 +61,8 @@
     $args->itemid    = $itemid;
     $args->client_id = $client_id;
     $args->component = $component;
+    // only for comments in frontpage
+    $args->ignore_permission = $ignore_permission;
     $manager = new comment($args);
 } else {
     die;

diff --git a/comment/comment_post.php b/comment/comment_post.php
@@ -33,12 +33,14 @@
 $content   = optional_param('content',   '',     PARAM_RAW);
 $itemid    = optional_param('itemid',    '',     PARAM_INT);
 $returnurl = optional_param('returnurl', '',     PARAM_URL);
+$component = optional_param('component', '', PARAM_ALPHAEXT);
 
 $cmt = new stdclass;
 $cmt->contextid = $contextid;
 $cmt->courseid  = $course->id;
 $cmt->area      = $area;
 $cmt->itemid    = $itemid;
+$cmt->component = $component;
 $comment = new comment($cmt);
 
 switch ($action) {

diff --git a/comment/lib.php b/comment/lib.php
@@ -86,6 +86,7 @@ class comment {
     private static $comment_context = null;
     private static $comment_area = null;
     private static $comment_page = null;
+    private static $comment_component = null;
     /**
      * Construct function of comment class, initialise
      * class members
@@ -166,6 +167,12 @@ public function __construct($options) {
             $this->linktext = get_string('comments');
         }
 
+        if (!empty($options->ignore_permission)) {
+            $this->ignore_permission = true;
+        } else {
+            $this->ignore_permission = false;
+        }
+
         if (!empty($options->showcount)) {
             $count = $this->count();
             if (empty($count)) {
@@ -212,7 +219,7 @@ public static function init() {
         self::$nonjs = optional_param('nonjscomment', '', PARAM_ALPHA);
         self::$comment_itemid  = optional_param('comment_itemid',  '', PARAM_INT);
         self::$comment_context = optional_param('comment_context', '', PARAM_INT);
-		self::$comment_page    = optional_param('comment_page',    '', PARAM_INT);
+        self::$comment_page    = optional_param('comment_page',    '', PARAM_INT);
         self::$comment_area    = optional_param('comment_area',    '', PARAM_ALPHAEXT);
 
         $PAGE->requires->string_for_js('addcomment', 'moodle');
@@ -246,8 +253,13 @@ private function check_permissions() {
         $this->viewcap = has_capability('moodle/comment:view', $this->context);
         if (!empty($this->plugintype)) {
             $permissions = plugin_callback($this->plugintype, $this->pluginname, FEATURE_COMMENT, 'permissions', array($this->args), array('post'=>true, 'view'=>true));
-            $this->postcap = $this->postcap && $permissions['post'];
-            $this->viewcap = $this->viewcap && $permissions['view'];
+            if ($this->ignore_permission) {
+                $this->postcap = $this->postcap && $permissions['post'];
+                $this->viewcap = $this->viewcap && $permissions['view'];
+            } else {
+                $this->postcap = $permissions['post'];
+                $this->viewcap = $permissions['view'];
+            }
         }
     }
 
@@ -407,7 +419,7 @@ public function get_comments($page = '') {
             $c->timecreated = $u->ctimecreated;
             $url = new moodle_url('/user/view.php', array('id'=>$u->id, 'course'=>$this->courseid));
             $c->username = $u->username;
-            $c->profileurl = $url;
+            $c->profileurl = $url->out();
             $c->fullname = fullname($u);
             $c->time = userdate($c->timecreated, get_string('strftimerecent', 'langconfig'));
             $c->content = format_text($c->content, $c->format);
@@ -588,6 +600,7 @@ public function print_comments($page = 0, $return = true, $nonjs = true) {
 <input type="hidden" name="contextid" value="$this->contextid" />
 <input type="hidden" name="action" value="add" />
 <input type="hidden" name="area" value="$this->commentarea" />
+<input type="hidden" name="component" value="$this->component" />
 <input type="hidden" name="itemid" value="$this->itemid" />
 <input type="hidden" name="courseid" value="{$this->courseid}" />
 <input type="hidden" name="sesskey" value="{$sesskey}" />