Update to Drupal 8.0.0-beta15. For more information, see: https://www.drupal.org/node/2563023

2015-09-04 13:20:09 -07:00 · 2015-09-04 13:20:09 -07:00 · f3791f1da3
commit f3791f1da3
parent 2720a9ec4b
1898 changed files with 54300 additions and 11481 deletions
--- a/core/modules/comment/src/CommentAccessControlHandler.php
+++ b/core/modules/comment/src/CommentAccessControlHandler.php
@ -80,15 +80,26 @@ class CommentAccessControlHandler extends EntityAccessControlHandler {
      // No user can change read-only fields.
      $read_only_fields = array(
        'hostname',
-        'uuid',
+        'changed',
        'cid',
        'thread',
+      );
+      // These fields can be edited during comment creation.
+      $create_only_fields = [
        'comment_type',
-        'pid',
+        'uuid',
        'entity_id',
        'entity_type',
        'field_name',
-      );
+        'pid',
+      ];
+      if ($items && ($entity = $items->getEntity()) && $entity->isNew() && in_array($field_definition->getName(), $create_only_fields, TRUE)) {
+        // We are creating a new comment, user can edit create only fields.
+        return AccessResult::allowedIfHasPermission($account, 'post comments')->addCacheableDependency($entity);
+      }
+      // We are editing an existing comment - create only fields are now read
+      // only.
+      $read_only_fields = array_merge($read_only_fields, $create_only_fields);
      if (in_array($field_definition->getName(), $read_only_fields, TRUE)) {
        return AccessResult::forbidden();
      }