Mercurial > hg > isophonics-drupal-site

diff core/modules/comment/src/Controller/CommentController.php @ 12:7a779792577d

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Update Drupal core to v8.4.5 (via Composer)
author Chris Cannam
date Fri, 23 Feb 2018 15:52:07 +0000
parents 4c8ae668cc8c
children 129ea1e6d783
line wrap: on
line diff
--- a/core/modules/comment/src/Controller/CommentController.php	Fri Feb 23 15:51:18 2018 +0000
+++ b/core/modules/comment/src/Controller/CommentController.php	Fri Feb 23 15:52:07 2018 +0000
@@ -279,9 +279,12 @@
     // Check if the user has the proper permissions.
     $access = AccessResult::allowedIfHasPermission($account, 'post comments');
 
+    // If commenting is open on the entity.
     $status = $entity->{$field_name}->status;
     $access = $access->andIf(AccessResult::allowedIf($status == CommentItemInterface::OPEN)
-      ->addCacheableDependency($entity));
+      ->addCacheableDependency($entity))
+      // And if user has access to the host entity.
+      ->andIf(AccessResult::allowedIf($entity->access('view')));
 
     // $pid indicates that this is a reply to a comment.
     if ($pid) {