diff --git a/common/config/main.php b/common/config/main.php
index 7b8bbc8..1cfbc9a 100755
--- a/common/config/main.php
+++ b/common/config/main.php
@@ -146,6 +146,7 @@
// ],
'authManager' => [
'class' => 'yii\rbac\DbManager',
+ 'defaultRoles' => ['USER'],
],
//подключаем конфигурации API соц сетей для авторизации
diff --git a/common/modules/comment/Controller.php b/common/modules/comment/Controller.php
index d2db544..bf806d6 100644
--- a/common/modules/comment/Controller.php
+++ b/common/modules/comment/Controller.php
@@ -19,6 +19,10 @@
{
\Yii::$app->response->format = \yii\web\Response::FORMAT_JSON;
$post = \Yii::$app->request->post('Comment');
+ $get = \Yii::$app->request->get();
+ if(empty($post['comment_id']) && !empty($get['comment_id'])) {
+ $post['comment_id'] = $get['comment_id'];
+ }
if(!empty($post['comment_id'])) {
if($model = \common\modules\comment\models\Comment::findOne($post['comment_id'])) {
/**
diff --git a/common/modules/comment/models/Comment.php b/common/modules/comment/models/Comment.php
index ee0708a..b721a80 100644
--- a/common/modules/comment/models/Comment.php
+++ b/common/modules/comment/models/Comment.php
@@ -3,6 +3,7 @@
use common\models\User;
use yii\db\ActiveQuery;
+ use yii\helpers\Url;
/**
* Class Comment
@@ -40,6 +41,8 @@
*/
public $guestComment = true;
+ public $buttons = [ ];
+
public function rules()
{
return [
@@ -176,7 +179,8 @@
'comment.model' => $model,
'comment.model_id' => $model_id,
'comment.status' => 1,
- ])->with('rating');
+ ])
+ ->with('rating');
}
public function postComment()
@@ -221,15 +225,24 @@
$this->addError('comment_id', 'Comment ID not found');
return false;
} else {
- if($this->status == self::STATUS_DELETED) {
- return false;
- }
- $this->status = self::STATUS_DELETED;
- if($this->update()) {
- $this->clearSafe();
- return true;
+ if($this->user_id == \Yii::$app->user->id) {
+ if($this->delete()) {
+ return true;
+ } else {
+ $this->addError('comment_id', 'Can\'t delete post.');
+ return false;
+ }
} else {
- return false;
+ if($this->status == self::STATUS_DELETED) {
+ return false;
+ }
+ $this->status = self::STATUS_DELETED;
+ if($this->update()) {
+ $this->clearSafe();
+ return true;
+ } else {
+ return false;
+ }
}
}
} else {
@@ -270,13 +283,15 @@
if($this->scenario == self::SCENARIO_GUEST) {
return false;
} else {
- return \Yii::$app->user->can(\common\modules\comment\Permissions::DELETE, [
+ return (\Yii::$app->user->can(\common\modules\comment\Permissions::DELETE, [
'model' => $this->model,
'model_id' => $this->model_id,
+ 'comment' => $this,
]) || \Yii::$app->user->can(\common\modules\comment\Permissions::DELETE_OWN, [
'model' => $this->model,
'model_id' => $this->model_id,
- ]);
+ 'comment' => $this,
+ ]));
}
}
@@ -313,7 +328,7 @@
'model' => $this->className(),
])
->one();
- if(!$rating instanceof \common\modules\comment\models\Rating && !empty($this->primaryKey)) {
+ if(!$rating instanceof \common\modules\comment\models\Rating && !empty( $this->primaryKey )) {
$rating = new \common\modules\comment\models\Rating([
'model' => $this->className(),
'model_id' => $this->comment_id,
@@ -355,4 +370,14 @@
return $this->hasOne(User::className(), [ 'id' => 'user_id' ]);
}
+ public function buildButtons()
+ {
+ if($this->checkDelete()) {
+ $this->buttons[ 'delete' ] = Url::to([
+ 'artbox-comment/delete',
+ 'comment_id' => $this->comment_id,
+ ]);
+ }
+ }
+
}
diff --git a/common/modules/comment/rbac/ArtboxCommentDeleteOwnRule.php b/common/modules/comment/rbac/ArtboxCommentDeleteOwnRule.php
index e1c55c2..b9bc3cc 100644
--- a/common/modules/comment/rbac/ArtboxCommentDeleteOwnRule.php
+++ b/common/modules/comment/rbac/ArtboxCommentDeleteOwnRule.php
@@ -11,7 +11,12 @@
public function execute($user, $item, $params)
{
- return true;
+ if(!empty($params['comment'])) {
+ if($params['comment']->user_id == \Yii::$app->user->id) {
+ return true;
+ }
+ }
+ return false;
}
}
\ No newline at end of file
diff --git a/common/modules/comment/rbac/ArtboxCommentDeleteRule.php b/common/modules/comment/rbac/ArtboxCommentDeleteRule.php
index 283e297..2fa5a63 100644
--- a/common/modules/comment/rbac/ArtboxCommentDeleteRule.php
+++ b/common/modules/comment/rbac/ArtboxCommentDeleteRule.php
@@ -2,6 +2,8 @@
namespace common\modules\comment\rbac;
+ use common\models\User;
+ use yii\db\ActiveRecord;
use yii\rbac\Rule;
class ArtboxCommentDeleteRule extends Rule
@@ -11,7 +13,21 @@
public function execute($user, $item, $params)
{
- return true;
+ /**
+ * @var ActiveRecord $model
+ */
+ if(!empty($params['model']) && !empty($params['model_id'])) {
+ $model = new $params['model'];
+ if($model instanceof ActiveRecord) {
+ $model = $model::findOne($params['model_id']);
+ if($model->hasAttribute('user_id') && $model->user_id == \Yii::$app->user->id) {
+ return true;
+ } elseif($model instanceof User && $model->id == \Yii::$app->user->id) {
+ return true;
+ }
+ }
+ }
+ return false;
}
}
\ No newline at end of file
diff --git a/common/modules/comment/widgets/views/_review_comment_view.php b/common/modules/comment/widgets/views/_review_comment_view.php
index 7c186c6..3f1b93c 100644
--- a/common/modules/comment/widgets/views/_review_comment_view.php
+++ b/common/modules/comment/widgets/views/_review_comment_view.php
@@ -11,6 +11,7 @@
* @var User $user
*/
$user = $model->user;
+ $model->buildButtons();
?>
text ?>
+
+ buttons['delete'])) {
+ echo Html::a('Удалить', $model->buttons['delete'], ['data-method' => 'post', 'data-confirm' => 'Really?']);
+ }
+ ?>
+
--
libgit2 0.21.4