diff options
Diffstat (limited to 'modules/comment')
| -rw-r--r-- | modules/comment/controllers/comments.php | 17 | ||||
| -rw-r--r-- | modules/comment/helpers/comment.php | 4 | ||||
| -rw-r--r-- | modules/comment/js/comment.js | 6 |
3 files changed, 18 insertions, 9 deletions
diff --git a/modules/comment/controllers/comments.php b/modules/comment/controllers/comments.php index e759309f..e6ade267 100644 --- a/modules/comment/controllers/comments.php +++ b/modules/comment/controllers/comments.php @@ -56,8 +56,10 @@ class Comments_Controller extends REST_Controller { */ public function _create($comment) { rest::http_content_type(rest::JSON); + $item = ORM::factory("item", $this->input->post("item_id")); + access::required("view", $item); - $form = comment::get_add_form($this->input->post("item_id")); + $form = comment::get_add_form($item); if ($form->validate()) { $comment->author = $this->input->post("author"); $comment->email = $this->input->post("email"); @@ -71,7 +73,7 @@ class Comments_Controller extends REST_Controller { print json_encode( array("result" => "success", "resource" => url::site("comments/{$comment->id}"), - "form" => comment::get_add_form($this->input->post("item_id"))->__toString())); + "form" => comment::get_add_form($item)->__toString())); } else { print json_encode( array("result" => "error", @@ -86,7 +88,9 @@ class Comments_Controller extends REST_Controller { */ public function _show($comment) { if (rest::output_format() == "json") { - print json_encode(array("result" => "success", "data" => $comment->as_array())); + print json_encode( + array("result" => "success", + "data" => $comment->as_array())); } else { $view = new View("comment.html"); $view->comment = $comment; @@ -135,8 +139,11 @@ class Comments_Controller extends REST_Controller { * Present a form for adding a new comment to this item or editing an existing comment. * @see REST_Controller::form_add($resource) */ - public function _form_add($item_id) { - print comment::get_add_form($item_id); + public function _form_add($item) { + $item = ORM::factory("item", $item_id); + access::required("view", $item); + + print comment::get_add_form($item); } /** diff --git a/modules/comment/helpers/comment.php b/modules/comment/helpers/comment.php index 51246444..79aa9ddc 100644 --- a/modules/comment/helpers/comment.php +++ b/modules/comment/helpers/comment.php @@ -52,13 +52,13 @@ class comment_Core { return $comment; } - static function get_add_form($item_id) { + static function get_add_form($item) { $form = new Forge(url::site("comments"), "", "post"); $group = $form->group("add_comment")->label(_("Add comment")); $group->input("author") ->label(_("Author")) ->id("gAuthor"); $group->input("email") ->label(_("Email")) ->id("gEmail"); $group->textarea("text")->label(_("Text")) ->id("gText"); - $group->hidden("item_id")->value($item_id); + $group->hidden("item_id")->value($item->id); $group->submit(_("Add")); $form->add_rules_from(ORM::factory("comment")); return $form; diff --git a/modules/comment/js/comment.js b/modules/comment/js/comment.js index 3ae23f62..c9cfeb08 100644 --- a/modules/comment/js/comment.js +++ b/modules/comment/js/comment.js @@ -6,8 +6,10 @@ function ajaxify_comment_form() { $("#gComments form").ajaxForm({ dataType: "json", success: function(data) { - $("#gComments form").replaceWith(data.form); - ajaxify_comment_form(); + if (data.form) { + $("#gComments form").replaceWith(data.form); + ajaxify_comment_form(); + } if (data.result == "success") { $.get(data.resource, function(data, textStatus) { $("#gComments .gBlockContent ul:first").append("<li>"+data+"</li>"); |