Issue status update for http://drupal.org/node/10426 Project: Drupal Version: cvs Component: comment.module Category: tasks Priority: normal Assigned to: killes@www.drop.org Reported by: killes@www.drop.org Updated by: Gerhard Killesreiter Status: patch menesis, thanks for looking at the patch! Currently, we have two ways to determine permissions for a node. One is the general node_access function and one is the node specific function (eg book_access). I have implemented the comment permission check through the latter. This has two reasons: It does not change the current behaviour for those modules and it does not require database queries. I am open for discussion on it. Gerhard Killesreiter Previous comments: ------------------------------------------------------------------------ August 29, 2004 - 06:55 : killes@www.drop.org Attachment: http://drupal.org/files/issues/node-access-comment.patch (5 KB) There have been requests to private forums. I think the most straightforward way to allow them is by extending the node_access hook. The attached patch tries this. It assumes that my node object caching patch got committed. Afterwards loading a node twice won't be a performance issue anymore. The patch is untested, I'd like to get feedback on the implementation. ------------------------------------------------------------------------ August 31, 2004 - 16:53 : killes@www.drop.org Attachment: http://drupal.org/files/issues/node-access-comment_0.patch (5.02 KB) The patch is now tested. I think this needs a better explanations: The patch isn't only for forums (which still need some kind of taxonomy permissions) but applies to all nodes. You can set individual nodes to be commentable through the _access hook. This would be helpfull for a forum where only a selected role should be allowed to post, but others should read the announcements. ------------------------------------------------------------------------ September 4, 2004 - 08:57 : killes@www.drop.org The patch has a small problem: We need either to move this check <?php if ($op == 'comment' && $node->comment == 2 && user_access('post comments')) {     return TRUE; } ?> before the db query (and thus taking away a bit of the power from that patch) or add a grant_comment column to the node_access table: alter table node_access add grant_comment tinyint(1) unsigned NOT NULL default '0'; ------------------------------------------------------------------------ September 5, 2004 - 10:42 : killes@www.drop.org Attachment: http://drupal.org/files/issues/node-access-comment_0_0.patch (4.78 KB) Keeping up with CVS. I'd like to receive some feedback on the resolution of the problme mentioned above. ------------------------------------------------------------------------ September 13, 2004 - 02:25 : killes@www.drop.org Attachment: http://drupal.org/files/issues/module_0.patch (7.1 KB) Keeping up with cvs. Node modules should implement _access('comment'). ------------------------------------------------------------------------ September 14, 2004 - 06:38 : killes@www.drop.org Attachment: http://drupal.org/files/issues/commentable.patch (7.89 KB) Had forgotten blog.module ------------------------------------------------------------------------ February 5, 2005 - 00:19 : Steven Is this patch still needed? Doesn't it tie comment.module unnecessarily into node.module? ------------------------------------------------------------------------ February 8, 2005 - 00:01 : killes@www.drop.org Yes, the patch is still needed. The patch actually removes more code from node.module than it adds. Both modules are essential to Drupal and some degree of interaction is tolerable, I think. You can still disable comment.module withou any ill effects. ------------------------------------------------------------------------ April 26, 2005 - 21:07 : Cvbge Hello I need to be able to a) post/reply etc on forums as anonymous user b) do not anon users to edit it's own (probably made by other anon users) forum posts c) do not allow anyone to post comments to any other node types AFAIK currently it's not possibile, but it'd be possibile with this patch, so I'd be glad it it was accepted. ------------------------------------------------------------------------ April 27, 2005 - 15:35 : killes@www.drop.org Attachment: http://drupal.org/files/issues/commentable_0.patch (8.85 KB) Updated patch. Note that the db upgrade path is missing. I'll add that after my revisions patch got committed. ------------------------------------------------------------------------ April 28, 2005 - 17:26 : menesis The patch looks strange to me, because of such changes in each module: <?php   if ($op == 'comment') {     if (user_access('post comments') && $node->comment == 2) {       return TRUE;     }   } ?> They are not needed. I think they even negate the other parts of the patch, by always allowing to comment those node types. Usually hook_access deals only with permissions defined by that module, and not mess with other permissions, node module handles those anyway. So node-access-comment_0.patch [1] looks better than later patches, except the above last hunk in node.module. I might be wrong, and I haven't tested it... A big change and access modules need to be modified too... [1] http://drupal.org/files/issues/node-access-comment_0.patch