Commit fe40d606 authored by Aaron Wells's avatar Aaron Wells
Browse files

Don't allow replies to deleted comments (Bug 1485840)

Change-Id: Ie3254cc86db14d704b293aa6f64053360b5db8fe
parent 6ee9bbaa
......@@ -516,9 +516,10 @@ class ArtefactTypeComment extends ArtefactType {
foreach($comments as &$c) {
// You can post a public reply to a comment if you can see it & the comment is not private
$c->canpublicreply = (int) self::can_public_reply_to_comment($c->private);
$c->canpublicreply = (int) self::can_public_reply_to_comment($c->private, $c->deletedby);
$c->canprivatereply = (int) self::can_private_reply_to_comment(
$c->private,
$c->deletedby,
$userid,
$c->author,
$c->parentauthor,
......@@ -553,16 +554,18 @@ class ArtefactTypeComment extends ArtefactType {
* Can you post a public reply to this comment?
* (Made into a separate function so we can re-use the logic)
* @param boolean $isprivate Is the comment private?
* @param int $deletedby The id of the user who deleted the comment (or null)
* @return boolean
*/
public static function can_public_reply_to_comment($isprivate) {
return !$isprivate;
public static function can_public_reply_to_comment($isprivate, $deletedby) {
return !($isprivate || $deletedby);
}
/**
* Can you post a private reply to this comment?
* (Made into a separate function so we can re-use the logic)
* @param boolean $isprivate Is the replied-to comment private?
* @param int $deletedby The id of the user who deleted the comment (or null)
* @param int $commenter User replying to the comment
* @param int $author Author of the replied-to comment
* @param int $parentauthor Author of the replied-to comment's parent
......@@ -570,7 +573,13 @@ class ArtefactTypeComment extends ArtefactType {
* @param View $view The view being commented on (or null)
* @return boolean
*/
public static function can_private_reply_to_comment($isprivate, $commenter, $author, $parentauthor, $artefact=null, $view=null) {
public static function can_private_reply_to_comment($isprivate, $deletedby, $commenter, $author, $parentauthor, $artefact=null, $view=null) {
// Can't post a private reply to a deleted comment
if ($deletedby) {
return false;
}
// No private replies to anonymous comments
// (It would be impossible for the commenter to see!)
if (!$author) {
......@@ -1359,7 +1368,8 @@ function add_feedback_form_validate(Pieform $form, $values) {
a.id,
acc.private,
a.author,
p.author as grandparentauthor
p.author as grandparentauthor,
acc.deletedby
FROM
{artefact} a
INNER JOIN {artefact_comment_comment} acc
......@@ -1377,6 +1387,11 @@ function add_feedback_form_validate(Pieform $form, $values) {
$form->set_error('message', get_string('replytonoaccess', 'artefact.comment'));
}
// Can't reply to a deleted comment
if ($parent->deletedby) {
$form->set_error('message', get_string('replytodeletednotallowed', 'artefact.comment'));
}
// Validate that you're allowed to reply to this comment
if (!empty($artefact)) {
$canedit = $USER->can_edit_artefact($artefact);
......@@ -1395,7 +1410,7 @@ function add_feedback_form_validate(Pieform $form, $values) {
// Validate the public/private setting of this comment
if ($values['ispublic']) {
if (!ArtefactTypeComment::can_public_reply_to_comment($parent->private)) {
if (!ArtefactTypeComment::can_public_reply_to_comment($parent->private, $parent->deletedby)) {
$form->set_error('message', get_string('replytonopublicreplyallowed', 'artefact.comment'));
}
}
......@@ -1403,7 +1418,7 @@ function add_feedback_form_validate(Pieform $form, $values) {
// You are only allowed to post a private reply if you are the page owner, or the parent comment
// is a direct reply to one of your comments
// You also cannot post a private reply to one of your own comments.
if (!ArtefactTypeComment::can_private_reply_to_comment($parent->private, $USER->get('id'), $parent->author, $parent->grandparentauthor, $artefact, $view)) {
if (!ArtefactTypeComment::can_private_reply_to_comment($parent->private, $parent->deletedby, $USER->get('id'), $parent->author, $parent->grandparentauthor, $artefact, $view)) {
$form->set_error('message', get_string('replytonoprivatereplyallowed', 'artefact.comment'));
}
}
......
......@@ -134,3 +134,19 @@ Scenario: No private replies to anonymous comments
Then I should see "Public comment by anonymous user"
And I should see "Public reply by pagecommenter"
Scenario: No replies to deleted comments
Given I log in as "pageowner" with password "password"
And I go to portfolio page "page1"
And I follow "Add comment"
And I fill in "I will delete this comment" in WYSIWYG editor "add_feedback_form_message_ifr"
And I check "Make public"
And I press "Comment"
And I should see "I will delete this comment"
And I press "Delete"
# TODO: The Pieforms confirm popup seems to be missing right now
# This is probably an unrelated bug due to Bootstrap
# And I accept the confirm popup
# No reply button, because I have deleted the comment
Then I should not see "Reply"
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment