Modified: trunk/app/controllers/comments_controller.rb (3540 => 3541)
--- trunk/app/controllers/comments_controller.rb 2013-05-09 15:01:41 UTC (rev 3540)
+++ trunk/app/controllers/comments_controller.rb 2013-05-10 09:39:17 UTC (rev 3541)
@@ -34,6 +34,11 @@
ajaxy = false
end
+ if Authorization.check('create', Comment, current_user, @context) == false
+ render_401("You are not authorized to create this comment.")
+ return
+ end
+
if text and text.length > 0
comment = Comment.new(:user => current_user, :comment => text, :commentable => @context)
Modified: trunk/app/views/activities/_activity.rhtml (3540 => 3541)
--- trunk/app/views/activities/_activity.rhtml 2013-05-09 15:01:41 UTC (rev 3540)
+++ trunk/app/views/activities/_activity.rhtml 2013-05-10 09:39:17 UTC (rev 3541)
@@ -23,7 +23,7 @@
<% end %>
<% end %>
<% end %>
- <% if Authorization.check('create', Comment, user, activity.context) %>
+ <% if Authorization.check('create', Comment, user, activity) %>
<% if (activity.comments.length == 0) && (activity_set.length == 1) %>
<span><a href="" activity.id -%>').style.display = 'block'; return false;">Comment</a></span>
<% else %>
@@ -47,7 +47,7 @@
<div style="clear: left"></div>
</div>
<% end %>
- <% if Authorization.check('create', Comment, user, activity.context) %>
+ <% if Authorization.check('create', Comment, user, activity) %>
<div class="activityCommentBox">
<div style="float: left">