Allow comment_save() caller to request moderation of a new comment [#153689]

When comment_save() is used to create a comment, it always sets the status to match the user's "post comments without approval" permission:

          $status = user_access('post comments without approval') ? COMMENT_PUBLISHED : COMMENT_NOT_PUBLISHED;

However, if you want to use a module like mailhandler to override this setting so that the status is always moderated in a given situation (such as, I want moderates to clean up the garbage sending a comment by email adds, etc.), this line of code won't let you. The work around is to perform your save twice:

// Setup $edit...
$edit['status'] = COMMENT_NOT_PUBLISHED;
$cid = comment_save($edit);

if ($cid) {
    $edit['cid'] = $cid;
    comment_save($edit);
}
else {
    // Bad stuff...
}

The second save will set the status as desired. However, this is kind of gross.

Rather, I propose allowing the initial $edit to explicitly request moderation. Thus, you could do the above with only a single call to comment_save(), but you're still not permitted to request publishing when you don't have such permission. I've attached the patch for doing this.

I think it would be really nice if this made it into 6.x.

Comment	File	Size	Author
#8	comment-status-in-form_0.patch	3.44 KB	zostay
#5	comment-status-in-form.patch	3.42 KB	zostay
	comment-moderation-request.patch	897 bytes	zostay

Comments

Comment #1

zostay commented 21 June 2007 at 20:58

Status:

Active

» Needs review

Comment #2

moshe weitzman commented 22 June 2007 at 03:49

this does not belong in comment save at all. the moderation should be a #value field on the comment form and modules can then form_alter it as needed.

Comment #3

zostay commented 22 June 2007 at 15:17

Can you elaborate? I'm not sure how hook_form_alter() helps since comment_save() is directly invoked here. I could also just drop the data straight into the comment table without using comment_save() at all.

It seems that if there's an API for doing it, I'd be better off doing that in case the process of entering a comment should change in the future (e.g., an additional hook call is added or something). I think creating a implementation for hook_comment() would be more applicable in this case.

I still don't see why forcing moderation on a comment during the INSERT is a bad thing. Any other solution I can think of means there's a chance that someone could hit the page and see the published comment during the few milliseconds between the initial insert and update. Whereas having the ability to force moderation means this is never the possibility and peforms better to boot.

Comment #4

zostay commented 22 June 2007 at 15:21

Nevermind, I misunderstood. I now see what saying. I'm dumb. :)

I'll submit a patch using your idea as well.

Comment #5

zostay commented 22 June 2007 at 15:42

Status	File	Size
new	comment-status-in-form.patch	3.42 KB

Here's a patch that moves the decision into comment_form(), which allows another module to modify the default value via form_alter() and allows the decision to made explicitly without interference in comment_save().

This should perform actions as per moshe weitzman's comment.

Comment #6

moshe weitzman commented 22 June 2007 at 16:23

Status:

Needs review

» Needs work

yes, this is wat i was describing. thanks.

i think the form could be simplified further. we can tead admins same as everyone else. so, how about this:


  if ($edit['cid']) {
    $status = (bool)$edit['status'];
  }
  else {
    $status = user_access('post comments without approval') ? COMMENT_PUBLISHED : COMMENT_NOT_PUBLISHED;
  }
  $form['status'] = array('#type' => 'value', '#value' =>  $status);

Comment #7

zostay commented 22 June 2007 at 18:15

Two comments:

$comment->status is not a boolean. I know that it is effectively one now, but COMMENT_PUBLISHED and COMMENT_UNPUBLISHED are definitely integers and opposite the normal values one would expect from $node->status. Therefore, I'm not sure if casting to (bool) is appropriate.
If a user already has "administer comments", the status is provided in $edit['status'] via the $form['admin']['status'] radio button. Thus, I don't know that adding status a second time as a "#value" in the same form is the correct treatment.

Comment #8

zostay commented 22 June 2007 at 18:25

Status	File	Size
new	comment-status-in-form_0.patch	3.44 KB

Regarding (2) in my previous comment. The test does miss the case where !$edit['cid'], so I added the opposite of the admin guard from earlier:

if ($edit['cid'] && user_access('administer comments')) {

into the patch:

if (!$edit['cid'] || !user_access('administer comments')) {

Comment #9

zostay commented 25 June 2007 at 21:05

Status:

Needs work

» Needs review

Comment #10

zostay commented 30 July 2007 at 20:52

This patch still works on Drupal 5.2, though hunks #4 and #5 are offset.

Comment #11

catch

he/him

English

commented 29 October 2007 at 12:15

Version:	6.x-dev	» 7.x-dev
Status:	Needs review	» Needs work

No longer applies, bumping to D7.

Comment #12

moshe weitzman commented 12 May 2008 at 12:15

Still a worthwhile patch.

Comment #13

sun

German

Karlsruhe

commented 30 March 2010 at 11:55

Status:

Needs work

» Closed (duplicate)

http://api.drupal.org/api/function/comment_form/7 was already streamlined and 'status' is now always contained in the form.

Allow comment_save() caller to request moderation of a new comment

Comments

Comment #1

Comment #2

Comment #3

Comment #4

Comment #5

Comment #6

Comment #7

Comment #8

Comment #9

Comment #10

Comment #11

Comment #12

Comment #13

News items

Our community

Documentation

Drupal code base

Governance of community