Make comment permission more granular.

Is this patch still needed? Doesn't it tie comment.module unnecessarily into node.module?

Hello

I need to be able to
a) post/reply etc on forums as anonymous user
b) do not anon users to edit it's own (probably made by other anon users) forum posts
c) do not allow anyone to post comments to any other node types

AFAIK currently it's not possibile, but it'd be possibile with this patch, so I'd be glad it it was accepted.

The patch looks strange to me, because of such changes in each module:

  if ($op == 'comment') {
    if (user_access('post comments') && $node->comment == 2) {
      return TRUE;
    }
  }

They are not needed. I think they even negate the other parts of the patch, by always allowing to comment those node types. Usually hook_access deals only with permissions defined by that module, and not mess with other permissions, node module handles those anyway. So node-access-comment_0.patch looks better than later patches, except the above last hunk in node.module.

I might be wrong, and I haven't tested it... A big change and access modules need to be modified too...

menesis, thanks for looking at the patch!

Currently, we have two ways to determine permissions for a node. One is the general node_access function and one is the node specific function (eg book_access). I have implemented the comment permission check through the latter. This has two reasons: It does not change the current behaviour for those modules and it does not require database queries.

I am open for discussion on it.

I am interested in this issue.

I am maintaining the phpBB2 to Drupal migration module : http://drupal.org/node/45403
and one of the most often requested feature that is currently missing from Drupal core is to be a able to have private forums, restricted to some roles.

Currently, the only way I know to achieve this is with the contrib module taxonomy_access. Unfortunately, this module requires taxonomy.module to be patched, which shows that the core of Drupal is lacking some important component.

I am willing to test patches, and reroll the current one, if need be.

If we want to have private forums (or other node types) only viewable by certain roles (a moderators' forum, for example)...

I'd like to know first what is the general feeling about how this feature should be achieved?

Is this patch the way to go, or is the patched version of taxonomy together with taxonomy_access a better/more general way?

For my two cents on this topic, I believe that forums and the ability to create private ones is a critical feature for 4.7.x and 5.0. I am willing to help fund a bounty for a solution to this obvious functionality. BUT, only if it is a part of the core code and not a "taxonomy_access" like solution.

I apologize for repeating the question from Steven in #6, but "is this patch still needed?"

Based on Beginner's comment in #12:

Unfortunately, this module requires taxonomy.module to be patched, which shows that the core of Drupal is lacking some important component.

With 4.7 that comment appears to no longer be the case - a patch to core is no longer needed.

I believe the only place where Taxonomy Access is unable to provide this feature is in the area of hiding forums/containers/node-titles from users (though that could be wrong).

So, is this patch still needed and is it still a good idea for Drupal core?

Thanks for the clarification and in that case I'm very interested in it. Once HEAD opens up again I'll try to remember to revisit this.

I've re-rolled this against HEAD but it remains untested.

This is still totally lacking from Drupal, and IMO it would still be a very useful feature. For example, OG is currently able to stop people who aren't group members from editing a node (in a public group), but it's unable to stop them from commenting on that same node. I think of many use cases where stopping commenting would be desired here.

Maybe in Drupal 8, eh?

Hopefully this is on-topic. I'd like to have an additional permission titled something like 'post replies to comments' and 'post replies to comments without moderation'.

The use case is for guestbook type nodes and support forum type nodes, wherein anonymous users (or any other role) can post initial comments and new comments, but only specific roles can reply to those comments. This is very common in guestbook type apps, where a visitor leaves a comment and the owner of the blog can respond, but you don't want a full-blown threaded discussion.

Thanks,

+

When using og, it should be possible to limit commenting to users who have joined a group. It looks like this would be cleaner than implementing hook_form_comment_alter() to override comment_form(). Although I suppose that since comment_og provides some of this functionality I myself don't need this ;-).

tagging

Closed as duplicate #1727754: Add less generic comment administration permissions
Also there's work in progress on #1903138: Move global comment permissions to comment-type level

PS: probably we should close this one as duplicate of #1903138: Move global comment permissions to comment-type level