public static function checkCommentPermission($contentObject, $languageCode, $foundCommentAttribute) { //check permission $canAddComment = ezcomPermission::hasAccessToFunction('add', $contentObject, $languageCode, null, null, $contentObject->mainNode()); if (!$canAddComment['result']) { eZDebug::writeWarning('No access to adding comments.', 'ezcomments'); return $module->handleError(eZError::KERNEL_ACCESS_DENIED, 'kernel'); } // Check to see if commenting is turned on, on the object level $commentContent = $foundCommentAttribute->content(); return $commentContent; }
function checkPermission($comment) { // check permission $contentObject = $comment->contentObject(); $contentNode = $contentObject->mainNode(); $languageID = $comment->attribute('language_id'); $languageCode = eZContentLanguage::fetch($languageID)->attribute('locale'); $canDeleteResult = ezcomPermission::hasAccessToFunction('delete', $contentObject, $languageCode, $comment, null, $contentNode); $objectAttributes = $contentObject->fetchDataMap(false, $languageCode); $objectAttribute = null; foreach ($objectAttributes as $attribute) { if ($attribute->attribute('data_type_string') === 'ezcomcomments') { $objectAttribute = $attribute; break; } } $commentContent = $objectAttribute->content(); if (!$canDeleteResult['result'] || !$commentContent['show_comments']) { return ezpI18n::tr('ezcomments/comment/delete', 'You don\'t have' . ' access to delete comment' . ' or the comment is hidden!'); } else { return true; } }
} if (is_null($objectAttribute)) { eZDebug::writeError('The object doesn\'t have a ezcomcomments attribute!', 'ezcomments'); return; } $tpl = eZTemplate::factory(); $tpl->setVariable('contentobject', $contentObject); $tpl->setVariable('node', $contentObject->mainNode()); $tpl->setVariable('objectattribute', $objectAttribute); $tpl->setVariable('language_id', $languageID); $tpl->setVariable('language_code', $languageCode); $canAdd = false; $canAddResult = ezcomPermission::hasAccessToFunction('add', $contentObject, $languageCode); $canAdd = $canAddResult['result']; $canRead = false; $canReadResult = ezcomPermission::hasAccessToFunction('read', $contentObject, $languageCode); $canRead = $canReadResult['result']; $user = eZUser::currentUser(); $userID = $user->attribute('contentobject_id'); $Module = $Params['Module']; $Page = null; if (!is_null($Params['Page'])) { if (!is_numeric($Params['Page'])) { eZDebug::writeError('The page parameter is not a number.', 'ezcomments'); $tpl->setVariable('error_message', ezpI18n::tr('ezcomments/comment/view', 'The page parameter is not a number.')); return showView($tpl); } else { $Page = $Params['Page']; } } else { $Page = 1;
if (!is_numeric($commentID)) { eZDebug::writeError('The parameter comment id is not a number.', 'ezcomments'); return; } $comment = ezcomComment::fetch($commentID); if (is_null($comment)) { eZDebug::writeError('The comment doesn\'t exist.', 'ezcomments'); return; } //check the permission $contentObject = $comment->contentObject(); $contentNode = $contentObject->mainNode(); $languageID = $comment->attribute('language_id'); $languageCode = eZContentLanguage::fetch($languageID)->attribute('locale'); $canEdit = false; $canEditResult = ezcomPermission::hasAccessToFunction('edit', $contentObject, $languageCode, $comment, null, $contentNode); $canEdit = $canEditResult['result']; $tpl->setVariable('can_edit', $canEdit); if (!$canEdit) { $Result['path'] = array(array('url' => false, 'text' => ezpI18n::tr('ezcomments/comment/edit', 'Edit comment'))); $Result['content'] = $tpl->fetch('design:comment/edit.tpl'); return $Result; } $contentID = $comment->attribute('contentobject_id'); // get if notification is enabled and notification value $ini = eZINI::instance('ezcomments.ini'); $formSettings = $ini->variable('FormSettings', 'AvailableFields'); $notificationEnabled = in_array('notificationField', $formSettings); $emailEnabled = in_array('email', $formSettings); $notified = null; if ($notificationEnabled) {