| Index: trunk/extensions/CodeReview/CodeRevisionView.php |
| — | — | @@ -120,8 +120,7 @@ |
| 121 | 121 | |
| 122 | 122 | function checkPostings() { |
| 123 | 123 | global $wgRequest, $wgUser; |
| 124 | | - if( $wgRequest->wasPosted() |
| 125 | | - && $wgUser->matchEditToken( $wgRequest->getVal( 'wpEditToken' ) ) ) { |
| | 124 | + if( $wgRequest->wasPosted() && $wgUser->matchEditToken( $wgRequest->getVal('wpEditToken') ) ) { |
| 126 | 125 | // Look for a posting... |
| 127 | 126 | $text = $wgRequest->getText( "wpReply{$this->mReplyTarget}" ); |
| 128 | 127 | $parent = $wgRequest->getIntOrNull( 'wpParent' ); |
| — | — | @@ -130,9 +129,8 @@ |
| 131 | 130 | if( $isPreview ) { |
| 132 | 131 | // Save the text for reference on later comment display... |
| 133 | 132 | $this->mPreviewText = $text; |
| 134 | | - } else if( strlen($text) ) { // don't save blank comments |
| | 133 | + } else if( $wgUser->isAllowed('codereview-post-comment') && strlen($text) ) { |
| 135 | 134 | $id = $this->mRev->saveComment( $text, $review, $parent ); |
| 136 | | - |
| 137 | 135 | // Redirect to the just-saved comment; this avoids POST |
| 138 | 136 | // horrors on forward/rewind. Hope we don't have slave issues? |
| 139 | 137 | $permaLink = $this->commentLink( $id ); |
| — | — | @@ -329,6 +327,9 @@ |
| 330 | 328 | } |
| 331 | 329 | $repo = $this->mRepo->getName(); |
| 332 | 330 | $rev = $this->mRev->getId(); |
| | 331 | + if( !$wgUser->isAllowed('codereview-post-comment') ) { |
| | 332 | + return ''; |
| | 333 | + } |
| 333 | 334 | return '<div class="mw-codereview-post-comment">' . |
| 334 | 335 | $preview . |
| 335 | 336 | Xml::hidden( 'wpEditToken', $wgUser->editToken() ) . |