[drupal-devel] [bug] 'administer nodes' should be 'administer comments'

ricmadeira drupal-devel at drupal.org
Wed Jun 29 22:38:41 UTC 2005 

Issue status update for http://drupal.org/node/25285

 Project:      Drupal
 Version:      cvs
 Component:    comment.module
 Category:     bug reports
 Priority:     normal
 Assigned to:  Anonymous
 Reported by:  ejort
 Updated by:   ricmadeira
 Status:       patch

Yes, I can confirm it! I have had this same problem since I started
using Drupal (from 4.5.2 onwards); I was just too stupid to file a bug
report.


Please include this fix with the next release. Drupal 4.6.2 doesn't
have it yet (I just tested it) so I have to patch it manually again.




ricmadeira



Previous comments:
------------------------------------------------------------------------

June 19, 2005 - 05:47 : ejort

Attachment: http://drupal.org/files/issues/comment.module.remove_administer_nodes.patch (810 bytes)

Hi,


In the validate case in comment_nodeapi, there is currently the
following:


      if (!user_access('administer nodes')) {
        // Force default for normal users:
        $node->comment = variable_get("comment_$node->type",
2);
      }


The check for 'adminster nodes' should instead be for 'administer
comments'.  As seen in the 'form admin' case, the comment options are
only output if the user has 'administer comments' permission:


      if (user_access('administer comments')) {
        $selected = isset($node->comment) ? $node->comment :
variable_get("comment_$node->type", 2);
        $output = form_radios('', 'comment', $selected,
array(t('Disabled'), t('Read only'), t('Read/write')));
        return form_group(t('User comments'), $output);
      }


So, the bug I ran into was with users who had 'administer nodes' but
not 'administer comments' permission.  Everything was posted with
comments disabled (the validate case DIDN'T force comments to the
default, but neither were they given an option to select anything). 
This one line patch fixes the issue.


This is present in 4.6 (where I discovered it) and in HEAD.


Cheers,
Eric




------------------------------------------------------------------------

June 28, 2005 - 03:41 : ejort

Can anybody confirm or deny this issue?

More information about the drupal-devel mailing list