From 3cbc63371e1f54b5056625d082a0407f9ec10d3f Mon Sep 17 00:00:00 2001
From: hylom <hylom@users.sourceforge.jp>
Date: Thu, 5 Oct 2017 19:53:16 +0900
Subject: [PATCH]  * Controller::API::Comment: check comment allowed when post

---
 src/newslash_web/lib/Newslash/Web/Controller/API/Comment.pm | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/src/newslash_web/lib/Newslash/Web/Controller/API/Comment.pm b/src/newslash_web/lib/Newslash/Web/Controller/API/Comment.pm
index b3be962d..062b5a62 100644
--- a/src/newslash_web/lib/Newslash/Web/Controller/API/Comment.pm
+++ b/src/newslash_web/lib/Newslash/Web/Controller/API/Comment.pm
@@ -48,15 +48,21 @@ EOT
     $message = "no comment!" if !$params->{comment};
 
     my $discussion = $discussions->select(discussion_id => $params->{discussion_id});
-    $c->apply_seclev_filter("discussions", $discussion);
+    #$c->apply_seclev_filter("discussions", $discussion);
 
     if (!$discussion) {
-        $message = "invalid discussion";
+        $message = "invalid_discussion";
     }
     else {
-        $message = "discussion is archived" if $discussion->{type} eq 'archived';
+        $message = "discussion_is_archived" if $discussion->{type} eq 'archived';
     }
 
+    if (!$discussions->is_comment_allowed(discussion => $discussion,
+                                          uid => $user->{uid})) {
+        $message = "not_allowed";
+    }
+
+
     if (length($message) > 0) {
         $c->render(json => { err => 1, message => $message });
         $c->rendered(400);
-- 
2.11.0