summaryrefslogtreecommitdiff
path: root/modules/comment/controllers/comments.php
diff options
context:
space:
mode:
Diffstat (limited to 'modules/comment/controllers/comments.php')
-rw-r--r--modules/comment/controllers/comments.php5
1 files changed, 5 insertions, 0 deletions
diff --git a/modules/comment/controllers/comments.php b/modules/comment/controllers/comments.php
index 930579ac..c48bd380 100644
--- a/modules/comment/controllers/comments.php
+++ b/modules/comment/controllers/comments.php
@@ -134,6 +134,7 @@ class Comments_Controller extends REST_Controller {
*/
public function _update($comment) {
$item = ORM::factory("item", $comment->item_id);
+ access::required("view", $item);
access::required("edit", $item);
$form = comment::get_edit_form($comment);
@@ -161,6 +162,7 @@ class Comments_Controller extends REST_Controller {
*/
public function _delete($comment) {
$item = ORM::factory("item", $comment->item_id);
+ access::required("view", $item);
access::required("edit", $item);
$comment->delete();
@@ -183,6 +185,9 @@ class Comments_Controller extends REST_Controller {
* @see REST_Controller::form_edit($resource)
*/
public function _form_edit($comment) {
+ if (!user::active()->admin) {
+ access::forbidden();
+ }
print comment::get_edit_form($comment);
}
}
generated by cgit v1.2.3 (git 2.46.0) at 2025-10-13 19:15:32 +0000