comment.pages.inc 4.77 KB
Newer Older
1 2 3 4
<?php

/**
 * @file
5
 * User page callbacks for the Comment module.
6 7
 */

8
use Drupal\Core\Entity\EntityInterface;
9
use Drupal\comment\Plugin\Core\Entity\Comment;
10
use Symfony\Component\HttpFoundation\RedirectResponse;
11
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
12

13
/**
14 15
 * Form constructor for the comment reply form.
 *
16 17 18 19 20 21 22 23 24
 * There are several cases that have to be handled, including:
 *   - replies to comments
 *   - replies to nodes
 *   - attempts to reply to nodes that can no longer accept comments
 *   - respecting access permissions ('access comments', 'post comments', etc.)
 *
 * The node or comment that is being replied to must appear above the comment
 * form to provide the user context while authoring the comment.
 *
25
 * @param \Drupal\Core\Entity\EntityInterface $node
26 27
 *   Every comment belongs to a node. This is that node.
 * @param $pid
28 29
 *   (optional) Some comments are replies to other comments. In those cases,
 *   $pid is the parent comment's comment ID. Defaults to NULL.
30
 *
31 32 33 34 35 36
 * @return array
 *   An associative array containing:
 *   - An array for rendering the node or parent comment.
 *     - comment_node: If the comment is a reply to the node.
 *     - comment_parent: If the comment is a reply to another comment.
 *   - comment_form: The comment form as a renderable array.
37
 */
38
function comment_reply(EntityInterface $node, $pid = NULL) {
39
  // Set the breadcrumb trail.
40
  drupal_set_breadcrumb(array(l(t('Home'), NULL), l($node->label(), 'node/' . $node->nid)));
41
  $op = isset($_POST['op']) ? $_POST['op'] : '';
42
  $build = array();
43

44 45 46
  // The user is previewing a comment prior to submitting it.
  if ($op == t('Preview')) {
    if (user_access('post comments')) {
47
      $build['comment_form'] = comment_add($node, $pid);
48 49
    }
    else {
50
      drupal_set_message(t('You are not authorized to post comments.'), 'error');
51
      return new RedirectResponse(url("node/$node->nid", array('absolute' => TRUE)));
52 53 54 55 56 57
    }
  }
  else {
    // $pid indicates that this is a reply to a comment.
    if ($pid) {
      if (user_access('access comments')) {
58 59
        // Load the parent comment.
        $comment = comment_load($pid);
60
        if ($comment->status->value == COMMENT_PUBLISHED) {
61 62
          // If that comment exists, make sure that the current comment and the
          // parent comment both belong to the same parent node.
63
          if ($comment->nid->target_id != $node->nid) {
64 65
            // Attempting to reply to a comment not belonging to the current nid.
            drupal_set_message(t('The comment you are replying to does not exist.'), 'error');
66
            return new RedirectResponse(url("node/$node->nid", array('absolute' => TRUE)));
67 68
          }
          // Display the parent comment
69
          $build['comment_parent'] = comment_view($comment);
70 71 72
        }
        else {
          drupal_set_message(t('The comment you are replying to does not exist.'), 'error');
73
          return new RedirectResponse(url("node/$node->nid", array('absolute' => TRUE)));
74 75 76
        }
      }
      else {
77
        drupal_set_message(t('You are not authorized to view comments.'), 'error');
78
        return new RedirectResponse(url("node/$node->nid", array('absolute' => TRUE)));
79 80
      }
    }
81 82 83 84 85 86 87 88
    // This is the case where the comment is in response to a node. Display the node.
    elseif (user_access('access content')) {
      $build['comment_node'] = node_view($node);
    }

    // Should we show the reply box?
    if ($node->comment != COMMENT_NODE_OPEN) {
      drupal_set_message(t("This discussion is closed: you can't post new comments."), 'error');
89
      return new RedirectResponse(url("node/$node->nid", array('absolute' => TRUE)));
90 91
    }
    elseif (user_access('post comments')) {
92
      $build['comment_form'] = comment_add($node, $pid);
93 94 95
    }
    else {
      drupal_set_message(t('You are not authorized to post comments.'), 'error');
96
      return new RedirectResponse(url("node/$node->nid", array('absolute' => TRUE)));
97
    }
98 99
  }

100
  return $build;
101
}
102 103

/**
104 105
 * Page callback: Publishes the specified comment.
 *
106 107
 * @param \Drupal\comment\Plugin\Core\Entity\Comment $comment
 *   A comment entity.
108 109
 *
 * @see comment_menu()
110
 */
111
function comment_approve(Comment $comment) {
112 113 114
  // @todo CSRF tokens are validated in page callbacks rather than access
  //   callbacks, because access callbacks are also invoked during menu link
  //   generation. Add token support to routing: http://drupal.org/node/755584.
115
  $token = drupal_container()->get('request')->query->get('token');
116
  if (!isset($token) || !drupal_valid_token($token, 'comment/' . $comment->id() . '/approve')) {
117
    throw new AccessDeniedHttpException();
118 119
  }

120 121
  $comment->status->value = COMMENT_PUBLISHED;
  $comment->save();
122

123
  drupal_set_message(t('Comment approved.'));
124
  return new RedirectResponse('node/' . $comment->nid->target_id, array('absolute' => TRUE));
125
}