archive/pillar
0
0
Fork 0
Code Issues 42 Pull Requests Projects Releases Wiki Activity

Allow overriding whether the user can comment from URL.

Browse Source 
Not really secure (user can still post comments via API and by changing the
URL and re-requesting the embedded comment form), but at least normal users
are blocked from commenting this way.
This commit is contained in:
Sybren A. Stüvel 2016-11-11 15:51:08 +01:00
parent ce6020702e
commit 52a1602a7c
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pillar/web/nodes/custom/comments.py
View File

@ -170,6 +170,8 @@ def comments_for_node(node_id):
node = Node.find(node_id, api=api)
project = Project({'_id': node.project})
can_post_comments = project.node_type_has_method('comment', 'POST', api=api)
can_comment_override = request.args.get('can_comment', 'True') == 'True'
can_post_comments = can_post_comments and can_comment_override
# Query for all children, i.e. comments on the node.
comments = Node.all({