Comments Module Requires Articles be Public

Comments Module Requires Articles be Public 15 years 5 months ago #1634

Eric Vasbinder
Topic Author
Offline
Fresh Boarder
Posts: 3
Thank you received: 0

Hi there,

I am a new user of JomComments and I first must say that I really enjoy it. However, the latest comments module has a bit of a problem: in order to display anything other than "no comments", it needs to have all articles and sections and categories that it reads comments from marked as public.

I cannot mark my articles as public, as this is a completely private site on the Internet. No access to anything is allowed without a valid account. If I mark an article as public, someone could access the article directly, by pasting the URL in the web browser, eliminating my security for the site.

What would it take to update the Latest Comments Module to allow it to read comments from articles marked as Registered or Special? This would of course depend upon the ability of the current user to access those articles based on their user roles and permissions.

Comments Module Requires Articles be Public 15 years 5 months ago #1640

Daniel Dimitrov
Away
Administrator
Posts: 9618
Karma: 155
Thank you received: 1081

So, if you understand you right: you want to unable an article that is marked as for registered to be shown in the module as teaser?

Then you must go to. administrator/components/com_comment/plugins/com_content/josc_com_content.php

and find the functions mod_getmostcommentQuery and mod_commentsGetOthersQuery. You will see:
the following code:

$query 	=  	"SELECT COUNT(c.id) AS countid, ct.id, ct.title "
				.	"\n FROM `vpo_comment`    AS c "
				.  	"\n INNER JOIN `vpo_content`    AS ct  ON ct.id = c.contentid "
	       		.  	"\n INNER JOIN `vpo_categories` AS cat ON cat.id = ct.catid "
	    		.   "\n INNER JOIN `vpo_sections`   AS sec ON sec.id = cat.section "
				.  	"\n WHERE c.published='1' "
				.	"\n   AND c.component='$component' "
				.	"\n   AND sec.access <= " . (int) $gid
				.  	"\n   AND sec.published='1' "
				.	"\n   AND cat.access <= " . (int) $gid
				.  	"\n   AND cat.published='1' "
				.   "\n   AND ct.access <= " . (int) $gid
				.  	"\n ". (count($where) ? (" AND ".implode(" AND ", $where)) : "")
	    		.	"\n GROUP BY c.contentid"
	    		.	"\n ORDER BY countid DESC"
				.	"\n $limit"
	    		;

you have to remove the part with:

		.	"\n   AND sec.access <= " . (int) $gid
				.  	"\n   AND sec.published='1' "
				.	"\n   AND cat.access <= " . (int) $gid
				.  	"\n   AND cat.published='1' "
				.   "\n   AND ct.access <= " . (int) $gid

and it should do what you needed to do.

Comments Module Requires Articles be Public 15 years 5 months ago #1648

Eric Vasbinder
Topic Author
Offline
Fresh Boarder
Posts: 3
Thank you received: 0

Hi Daniel,

Actually, I was looking at the code, and it seems to me that the reason that it's failing is that the code requires the section access and category access and article access levels to be at or below public. Shouldn't those values be variable? Based on the access level of the currently logged on user?

For example, where does the code get the value

(int) $gid

from? Is the $gid value just public? It's the group ID, right? Or does it read it from the currently logged on user? If that is what it is supposed to do, then maybe there is a bug there, causing the "$gid" to be public all the time instead of being based on the value of the logged in user.

Please let me know what you think.

Best Regards,
Eric

Comments Module Requires Articles be Public 15 years 5 months ago #1649

Daniel Dimitrov
Away
Administrator
Posts: 9618
Karma: 155
Thank you received: 1081

Hey Eric!
What do you want to do?

gid - is the group id of the user.
So if I'm logged as guest on your site my group number will be smaller than the group id of the article and I will not see the article.
If I'm logged as registered user my group id will be bigger or equal of the article group and I will see it.
This code is working as it should work.

Comments Module Requires Articles be Public 15 years 5 months ago #1650

Eric Vasbinder
Topic Author
Offline
Fresh Boarder
Posts: 3
Thank you received: 0

Unfortunately, it doesn't work.

If I log in as guest, the entire site is blocked - I've set all modules, articles, categories, and sections to require a level of registered.

However, if I log in as registered, I want all of the articles and article comments, and the latest comments in the Module to appear.

Unless I disable the security access, then the comments do not appear in the MODULE only. They still appear at the bottom of the articles themselves. But that's it. Even if I'm logged in as Administrator, if the articles the comments are tied to are marked as anything other than Public, the module won't show the latest comments for those articles.

Comments Module Requires Articles be Public 15 years 5 months ago #1654

Daniel Dimitrov Away Administrator Posts: 9618 Karma: 155 Thank you received: 1081	OK, I will test it during the week-end. Check this box to be notified of replies to this topic. Note: BBcode and smileys are still usable.

Comments Module Requires Articles be Public 15 years 5 months ago #1682

pierre Offline Fresh Boarder Posts: 4 Thank you received: 0	Hello, I have the same problem and would be very interested in a solution ! Thank you for this great component. Check this box to be notified of replies to this topic. Note: BBcode and smileys are still usable.

Comments Module Requires Articles be Public 15 years 5 months ago #1686

Daniel Dimitrov Away Administrator Posts: 9618 Karma: 155 Thank you received: 1081	Sorry, I didn't have time to work on this last weekend. I will try to get this fixed till the end of the week. Check this box to be notified of replies to this topic. Note: BBcode and smileys are still usable.

Comments Module Requires Articles be Public 15 years 5 months ago #1709

pierre Offline Fresh Boarder Posts: 4 Thank you received: 0	Hello Daniel, Have you had a chance yet to have a look at this problem? Thanks in advance. Check this box to be notified of replies to this topic. Note: BBcode and smileys are still usable.

Comments Module Requires Articles be Public 15 years 5 months ago #1715

Daniel Dimitrov
Away
Administrator
Posts: 9618
Karma: 155
Thank you received: 1081

Hey there!
Sorry for the delay! I suppose you both are using 1.5.
The problem was comming from the fact that we were declaring

global $database, $gid;

The global $database object was there, but the gid was not.
So if you log in - your group id was always 0.
Now change that to

$database = JFactory::getDBO();
		$user = JFactory::getUser();
		$gid = $user->gid;

and it should work.
Open administrator/components/com_comment/plugins/com_content/jos_com_content.class.php
find the 2 functions mod_commentsGetMostCommentedQuery , mod_commentsGetOthersQuery and made the above changes.
At the end - the functions should look like this:

/*----------------------------------------------------------------------------------
	 *  F U N C T I O N S   F O R   MOD_COMMENTS   M O D U L E 
	 *----------------------------------------------------------------------------------
	 */
	function mod_commentsGetMostCommentedQuery($secids, $catids, $maxlines)
	{
		$database = JFactory::getDBO();
		$user = JFactory::getUser();
		$gid = $user->gid;
 
		$component = $this->_component;
 
		$limit = $maxlines>=0 ? " limit $maxlines " : "";
 
		$where = array();
		if ($catids)
			$where[] = "cat.id IN ($catids)";
		if ($secids)
			$where[] = "cat.section IN ($secids)";
 
	    /* 
	     * Count comment id group by contentid 
   	 	 * TODO: restrict according content item user rights, dates and category/secitons published and dates...
	     */
	    $query 	=  	"SELECT COUNT(c.id) AS countid, ct.id, ct.title "
				.	"\n FROM `vpo_comment`    AS c "
				.  	"\n INNER JOIN `vpo_content`    AS ct  ON ct.id = c.contentid "
	       		.  	"\n INNER JOIN `vpo_categories` AS cat ON cat.id = ct.catid "
	    		.   "\n INNER JOIN `vpo_sections`   AS sec ON sec.id = cat.section "
				.  	"\n WHERE c.published='1' "
				.	"\n   AND c.component='$component' "
				.	"\n   AND sec.access <= " . (int) $gid
				.  	"\n   AND sec.published='1' "
				.	"\n   AND cat.access <= " . (int) $gid
				.  	"\n   AND cat.published='1' "
				.   "\n   AND ct.access <= " . (int) $gid
				.  	"\n ". (count($where) ? (" AND ".implode(" AND ", $where)) : "")
	    		.	"\n GROUP BY c.contentid"
	    		.	"\n ORDER BY countid DESC"
				.	"\n $limit"
	    		;
		$database->SetQuery($query);
		$rows = $database->loadAssocList();
 
		return $rows;		
	}
 
	function mod_commentsGetOthersQuery($secids, $catids, $maxlines, $orderby)
	{
		$database = JFactory::getDBO();
		$user = JFactory::getUser();
		$gid = $user->gid;
 
		$component = $this->_component;
 
		$limit = $maxlines>=0 ? " limit $maxlines " : "";
 
		$where = array();
		if ($catids)
			$where[] = "cat.id IN ($catids)";
		if ($secids)
			$where[] = "cat.section IN ($secids)";
 
		if ($orderby=='mostrated') {
			$mostrated =  ", (c.voting_yes-c.voting_no)/2 AS mostrated";
			$where[]  = "(c.voting_yes > 0 OR c.voting_no > 0)";
		} else {
			$mostrated = "";
			$orderby = "c.$orderby";
		}
 
		$query 	=  "SELECT c.*, ct.title AS ctitle $mostrated "
				.  "\n FROM `vpo_comment`    AS c "
				.  "\n INNER JOIN `vpo_content`    AS ct  ON ct.id = c.contentid "
        		.  "\n INNER JOIN `vpo_categories` AS cat ON cat.id = ct.catid "
	    		.  "\n INNER JOIN `vpo_sections`   AS sec ON sec.id = cat.section "
				.  "\n WHERE c.published='1' "
				.	"\n   AND c.component='$component' "
				.	"\n   AND sec.access <= " . (int) $gid
				.  	"\n   AND sec.published='1' "
				.	"\n   AND cat.access <= " . (int) $gid
				.  	"\n   AND cat.published='1' "
				.   "\n   AND ct.access <= " . (int) $gid
				.  "\n ". (count($where) ? (" AND ".implode(" AND ", $where)) : "")
				.  "\n ORDER BY $orderby DESC "
				.  "\n $limit"
				;
		$database->SetQuery($query);
		$rows = $database->loadAssocList();
 
		return $rows;
	}

Hope that solves the problem! Awaiting feedback!
Greetings!
Daniel

Comments Module Requires Articles be Public 15 years 5 months ago #1720

oluijks
Offline
Fresh Boarder
Posts: 2
Thank you received: 0

In my case it was because the qeury looks for content access (ct.access) and not category access (cat.access)

So I changed the query a bit

From

	    $query 	=  	"SELECT COUNT(c.id) AS countid, ct.id, ct.title "
				.	"\n FROM `vpo_comment`    AS c "
				.  	"\n INNER JOIN `vpo_content`    AS ct  ON ct.id = c.contentid "
	       		.  	"\n INNER JOIN `vpo_categories` AS cat ON cat.id = ct.catid "
	    		.   "\n INNER JOIN `vpo_sections`   AS sec ON sec.id = cat.section "
				.  	"\n WHERE c.published='1' "
				.	"\n   AND c.component='$component' "
				.	"\n   AND sec.access <= " . (int) $gid
				.  	"\n   AND sec.published='1' "
				.	"\n   AND cat.access <= " . (int) $gid
				.  	"\n   AND cat.published='1' "
				.   "\n   AND ct.access <= " . (int) $gid
				.  	"\n ". (count($where) ? (" AND ".implode(" AND ", $where)) : "")
	    		.	"\n GROUP BY c.contentid"
	    		.	"\n ORDER BY countid DESC"
				.	"\n $limit"
	    		;

To

	    $query 	=  	"SELECT COUNT(c.id) AS countid, ct.id, ct.title "
				.	"\n FROM `vpo_comment`    AS c "
				.  	"\n INNER JOIN `vpo_content`    AS ct  ON ct.id = c.contentid "
	       		.  	"\n INNER JOIN `vpo_categories` AS cat ON cat.id = ct.catid "
	    		.   "\n INNER JOIN `vpo_sections`   AS sec ON sec.id = cat.section "
				.  	"\n WHERE c.published='1' "
				.	"\n   AND c.component='$component' "
				.	"\n   AND sec.access <= " . (int) $gid
				.  	"\n   AND sec.published='1' "
				.	"\n   AND cat.access <= " . (int) $gid
				.  	"\n   AND cat.published='1' "
				.   "\n   AND cat.access <= " . (int) $gid
				.  	"\n ". (count($where) ? (" AND ".implode(" AND ", $where)) : "")
	    		.	"\n GROUP BY c.contentid"
	    		.	"\n ORDER BY countid DESC"
				.	"\n $limit"
	    		;

Comments Module Requires Articles be Public 15 years 5 months ago #1723

Daniel Dimitrov
Away
Administrator
Posts: 9618
Karma: 155
Thank you received: 1081

oluijks wrote:

In my case it was because the qeury looks for content access (ct.access) and not category access (cat.access)

Hm, how is that possible.
Here is the part of the query that checks the permissions:

                .    "\n   AND sec.access <= " . (int) $gid 
                .      "\n   AND sec.published='1' " 
                .    "\n   AND cat.access <= " . (int) $gid 
                .      "\n   AND cat.published='1' " 
                .   "\n   AND ct.access <= " . (int) $gid

sec - sectoin
cat - category
ct - content

Comments Module Requires Articles be Public 15 years 5 months ago #1724

oluijks Offline Fresh Boarder Posts: 2 Thank you received: 0	" ct.access <= " . (int) $gid " doesn't do it for my setup, thats why I changed it.... query always comes back with 0 rows... I'm not saying that is a bug or some, just in my case Check this box to be notified of replies to this topic. Note: BBcode and smileys are still usable.

Comments Module Requires Articles be Public 15 years 5 months ago #1737

pierre Offline Fresh Boarder Posts: 4 Thank you received: 0	Thank you Daniel, it works great for me! Check this box to be notified of replies to this topic. Note: BBcode and smileys are still usable.

Tiles

CMC

CMandrill

FFGate

CUpdater

CNotes

Mydigipass

CSlideshow

Pricing

Joomla! Development

Joomla! Security

App Development

Angular 2

Official releases

Developer releases

Languages

Help Desk

Support policy

Hotspots

Matukio Events

CComment

Ctransifex

CMC

CNotes

CMigrator

CMandrill

MyDigipass

CForms

CForms for WordPress

Video Tutorials

Changelogs

Matukio API Docs

Team

Joomla Commitment

Privacy Policy / Imprint

Notice

TOPIC: Comments Module Requires Articles be Public