aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMario <mario@mariovavti.com>2018-09-05 12:18:56 +0200
committerMario <mario@mariovavti.com>2018-09-05 12:18:56 +0200
commita81a1bd5f1cbaf3bad1735ba0a188128c8e54577 (patch)
treeea062fb7490ab62cf71739fb84c4942955e8ca67
parent5d1539df75ae1e719da77e64c738ae3ea2c84f55 (diff)
parent9446e0348efa151ef7d75fa8206bb578633273dd (diff)
downloadvolse-hubzilla-a81a1bd5f1cbaf3bad1735ba0a188128c8e54577.tar.gz
volse-hubzilla-a81a1bd5f1cbaf3bad1735ba0a188128c8e54577.tar.bz2
volse-hubzilla-a81a1bd5f1cbaf3bad1735ba0a188128c8e54577.zip
Merge branch 'fix-authorcomment-fix' into 'dev'
Corrected resubmit of fixes to Authors unable to comment on posts they authored… See merge request hubzilla/core!1269
-rw-r--r--Zotlabs/Module/Item.php12
-rw-r--r--include/zot.php29
2 files changed, 29 insertions, 12 deletions
diff --git a/Zotlabs/Module/Item.php b/Zotlabs/Module/Item.php
index 640b4fa5c..a24d6da9c 100644
--- a/Zotlabs/Module/Item.php
+++ b/Zotlabs/Module/Item.php
@@ -29,7 +29,7 @@ use \Zotlabs\Lib as Zlib;
class Item extends \Zotlabs\Web\Controller {
function post() {
-
+
// This will change. Figure out who the observer is and whether or not
// they have permission to post here. Else ignore the post.
@@ -237,10 +237,12 @@ class Item extends \Zotlabs\Web\Controller {
if($parent) {
logger('mod_item: item_post parent=' . $parent);
$can_comment = false;
- if((array_key_exists('owner',$parent_item)) && intval($parent_item['owner']['abook_self']))
- $can_comment = perm_is_allowed($profile_uid,$observer['xchan_hash'],'post_comments');
- else
- $can_comment = can_comment_on_post($observer['xchan_hash'],$parent_item);
+
+ $can_comment = can_comment_on_post($observer['xchan_hash'],$parent_item);
+ if (!$can_comment) {
+ if((array_key_exists('owner',$parent_item)) && intval($parent_item['owner']['abook_self'])==1 )
+ $can_comment = perm_is_allowed($profile_uid,$observer['xchan_hash'],'post_comments');
+ }
if(! $can_comment) {
notice( t('Permission denied.') . EOL) ;
diff --git a/include/zot.php b/include/zot.php
index 52102e147..e8ac2df02 100644
--- a/include/zot.php
+++ b/include/zot.php
@@ -1808,13 +1808,28 @@ function process_delivery($sender, $arr, $deliveries, $relay, $public = false, $
else {
$arr['item_wall'] = 0;
}
-
- if((! perm_is_allowed($channel['channel_id'],$sender['hash'],$perm)) && (! $tag_delivery) && (! $local_public)) {
- logger("permission denied for delivery to channel {$channel['channel_id']} {$channel['channel_address']}");
- $DR->update('permission denied');
- $result[] = $DR->get();
- continue;
- }
+
+
+ if ((! $tag_delivery) && (! $local_public)) {
+ $allowed = (perm_is_allowed($channel['channel_id'],$sender['hash'],$perm));
+
+ if((! $allowed) && $perm == 'post_comments') {
+ $parent = q("select * from item where mid = '%s' and uid = %d limit 1",
+ dbesc($arr['parent_mid']),
+ intval($channel['channel_id'])
+ );
+ if ($parent) {
+ $allowed = can_comment_on_post($d['hash'],$parent[0]);
+ }
+ }
+
+ if (! $allowed) {
+ logger("permission denied for delivery to channel {$channel['channel_id']} {$channel['channel_address']}");
+ $DR->update('permission denied');
+ $result[] = $DR->get();
+ continue;
+ }
+ }
if($arr['mid'] != $arr['parent_mid']) {