diff --git a/module/VuFind/src/VuFind/Controller/AbstractBase.php b/module/VuFind/src/VuFind/Controller/AbstractBase.php
index dbf4da32eaf88580624bc9303f79c7e9d22ea83e..58b2428cde0e416a755ae275b5cc7b1a09dbfa94 100644
--- a/module/VuFind/src/VuFind/Controller/AbstractBase.php
+++ b/module/VuFind/src/VuFind/Controller/AbstractBase.php
@@ -525,6 +525,17 @@ class AbstractBase extends AbstractActionController
return $this->getServiceLocator()->get('VuFind\Search\Memory');
}
+ /**
+ * Are comments enabled?
+ *
+ * @return bool
+ */
+ protected function commentsEnabled()
+ {
+ $check = $this->getServiceLocator()->get('VuFind\AccountCapabilities');
+ return $check->getCommentSetting() !== 'disabled';
+ }
+
/**
* Are lists enabled?
*
diff --git a/module/VuFind/src/VuFind/Controller/AbstractRecord.php b/module/VuFind/src/VuFind/Controller/AbstractRecord.php
index 44b3e3b292c3f4c669f90e742c81a5bbe12fd241..78d2949eeb1ce4b9a3e797b73a483105ce116fbc 100644
--- a/module/VuFind/src/VuFind/Controller/AbstractRecord.php
+++ b/module/VuFind/src/VuFind/Controller/AbstractRecord.php
@@ -26,7 +26,8 @@
* @link https://vufind.org/wiki/development:plugins:controllers Wiki
*/
namespace VuFind\Controller;
-use VuFind\Exception\Mail as MailException,
+use VuFind\Exception\Forbidden as ForbiddenException,
+ VuFind\Exception\Mail as MailException,
VuFind\RecordDriver\AbstractBase as AbstractRecordDriver;
/**
@@ -104,6 +105,11 @@ class AbstractRecord extends AbstractBase
*/
public function addcommentAction()
{
+ // Make sure comments are enabled:
+ if (!$this->commentsEnabled()) {
+ throw new ForbiddenException('Comments disabled');
+ }
+
// Force login:
if (!($user = $this->getUser())) {
// Remember comment since POST data will be lost:
@@ -145,6 +151,11 @@ class AbstractRecord extends AbstractBase
*/
public function deletecommentAction()
{
+ // Make sure comments are enabled:
+ if (!$this->commentsEnabled()) {
+ throw new ForbiddenException('Comments disabled');
+ }
+
// Force login:
if (!($user = $this->getUser())) {
return $this->forceLogin();
@@ -168,7 +179,7 @@ class AbstractRecord extends AbstractBase
{
// Make sure tags are enabled:
if (!$this->tagsEnabled()) {
- throw new \Exception('Tags disabled');
+ throw new ForbiddenException('Tags disabled');
}
// Force login:
@@ -203,7 +214,7 @@ class AbstractRecord extends AbstractBase
{
// Make sure tags are enabled:
if (!$this->tagsEnabled()) {
- throw new \Exception('Tags disabled');
+ throw new ForbiddenException('Tags disabled');
}
// Force login:
@@ -311,7 +322,7 @@ class AbstractRecord extends AbstractBase
{
// Fail if lists are disabled:
if (!$this->listsEnabled()) {
- throw new \Exception('Lists disabled');
+ throw new ForbiddenException('Lists disabled');
}
// Process form submission:
diff --git a/module/VuFind/src/VuFind/Controller/AjaxController.php b/module/VuFind/src/VuFind/Controller/AjaxController.php
index 0393c52166d7bc3eae37886c1ba8c7f6382efdb9..23e0d2d2c797e4c53470d5ca1332f4304dd3b972 100644
--- a/module/VuFind/src/VuFind/Controller/AjaxController.php
+++ b/module/VuFind/src/VuFind/Controller/AjaxController.php
@@ -1026,6 +1026,15 @@ class AjaxController extends AbstractBase
*/
protected function commentRecordAjax()
{
+ // Make sure comments are enabled:
+ if (!$this->commentsEnabled()) {
+ return $this->output(
+ $this->translate('Comments disabled'),
+ self::STATUS_ERROR,
+ 403
+ );
+ }
+
$user = $this->getUser();
if ($user === false) {
return $this->output(
@@ -1061,6 +1070,15 @@ class AjaxController extends AbstractBase
*/
protected function deleteRecordCommentAjax()
{
+ // Make sure comments are enabled:
+ if (!$this->commentsEnabled()) {
+ return $this->output(
+ $this->translate('Comments disabled'),
+ self::STATUS_ERROR,
+ 403
+ );
+ }
+
$user = $this->getUser();
if ($user === false) {
return $this->output(
diff --git a/module/VuFind/src/VuFind/Controller/BrowseController.php b/module/VuFind/src/VuFind/Controller/BrowseController.php
index cd966ba0dbde41a383a31e857bcc48a9cb143f93..e27045bb1363eca50f0f374e5df63519b68da7b1 100644
--- a/module/VuFind/src/VuFind/Controller/BrowseController.php
+++ b/module/VuFind/src/VuFind/Controller/BrowseController.php
@@ -26,6 +26,7 @@
* @link https://vufind.org/wiki/development:plugins:controllers Wiki
*/
namespace VuFind\Controller;
+use VuFind\Exception\Forbidden as ForbiddenException;
/**
* BrowseController Class
@@ -283,7 +284,7 @@ class BrowseController extends AbstractBase
public function tagAction()
{
if (!$this->tagsEnabled()) {
- throw new \Exception('Tags disabled.');
+ throw new ForbiddenException('Tags disabled.');
}
$this->setCurrentAction('Tag');
diff --git a/module/VuFind/src/VuFind/Controller/CartController.php b/module/VuFind/src/VuFind/Controller/CartController.php
index dfadc07a704b279acc68ab8013969ed9aaf03065..0b96f80d62cf2bb5b4b6da0d4171be2cd0ea69e6 100644
--- a/module/VuFind/src/VuFind/Controller/CartController.php
+++ b/module/VuFind/src/VuFind/Controller/CartController.php
@@ -26,7 +26,8 @@
* @link https://vufind.org Main Site
*/
namespace VuFind\Controller;
-use VuFind\Exception\Mail as MailException;
+use VuFind\Exception\Forbidden as ForbiddenException,
+ VuFind\Exception\Mail as MailException;
/**
* Book Bag / Bulk Action Controller
@@ -403,7 +404,7 @@ class CartController extends AbstractBase
{
// Fail if lists are disabled:
if (!$this->listsEnabled()) {
- throw new \Exception('Lists disabled');
+ throw new ForbiddenException('Lists disabled');
}
// Load record information first (no need to prompt for login if we just
diff --git a/module/VuFind/src/VuFind/Controller/MyResearchController.php b/module/VuFind/src/VuFind/Controller/MyResearchController.php
index 21d48a5bfa269b8d1d631a67345cdec475b38499..059b8ff828f659b173fa050d02ccae6151c967a8 100644
--- a/module/VuFind/src/VuFind/Controller/MyResearchController.php
+++ b/module/VuFind/src/VuFind/Controller/MyResearchController.php
@@ -28,6 +28,7 @@
namespace VuFind\Controller;
use VuFind\Exception\Auth as AuthException,
+ VuFind\Exception\Forbidden as ForbiddenException,
VuFind\Exception\Mail as MailException,
VuFind\Exception\ListPermission as ListPermissionException,
VuFind\Exception\RecordMissing as RecordMissingException,
@@ -295,7 +296,7 @@ class MyResearchController extends AbstractBase
$sessId = $this->getServiceLocator()->get('VuFind\SessionManager')->getId();
$row = $searchTable->getOwnedRowById($searchId, $sessId, $userId);
if (empty($row)) {
- throw new \Exception('Access denied.');
+ throw new ForbiddenException('Access denied.');
}
$row->saved = $saved ? 1 : 0;
$row->user_id = $userId;
@@ -312,7 +313,7 @@ class MyResearchController extends AbstractBase
// Fail if saved searches are disabled.
$check = $this->getServiceLocator()->get('VuFind\AccountCapabilities');
if ($check->getSavedSearchSetting() === 'disabled') {
- throw new \Exception('Saved searches disabled.');
+ throw new ForbiddenException('Saved searches disabled.');
}
$user = $this->getUser();
@@ -643,7 +644,7 @@ class MyResearchController extends AbstractBase
{
// Fail if lists are disabled:
if (!$this->listsEnabled()) {
- throw new \Exception('Lists disabled');
+ throw new ForbiddenException('Lists disabled');
}
// Check for "delete item" request; parameter may be in GET or POST depending
@@ -775,7 +776,7 @@ class MyResearchController extends AbstractBase
{
// Fail if lists are disabled:
if (!$this->listsEnabled()) {
- throw new \Exception('Lists disabled');
+ throw new ForbiddenException('Lists disabled');
}
// User must be logged in to edit list:
@@ -816,7 +817,7 @@ class MyResearchController extends AbstractBase
{
// Fail if lists are disabled:
if (!$this->listsEnabled()) {
- throw new \Exception('Lists disabled');
+ throw new ForbiddenException('Lists disabled');
}
// Get requested list ID:
diff --git a/module/VuFind/src/VuFind/Controller/TagController.php b/module/VuFind/src/VuFind/Controller/TagController.php
index e12730e24bec776d7093737158df874ebd2ccb5d..a844d6634ee4eae400ca883ccb10b95c1bebc223 100644
--- a/module/VuFind/src/VuFind/Controller/TagController.php
+++ b/module/VuFind/src/VuFind/Controller/TagController.php
@@ -26,6 +26,7 @@
* @link https://vufind.org Main Site
*/
namespace VuFind\Controller;
+use VuFind\Exception\Forbidden as ForbiddenException;
/**
* Tag Controller
@@ -55,7 +56,7 @@ class TagController extends AbstractSearch
public function homeAction()
{
if (!$this->tagsEnabled()) {
- throw new \Exception('Tags disabled');
+ throw new ForbiddenException('Tags disabled');
}
return $this->resultsAction();
}
diff --git a/module/VuFind/src/VuFind/Exception/ListPermission.php b/module/VuFind/src/VuFind/Exception/ListPermission.php
index 337ad6056a1fecbe0b79e95cda85c53ae71a9b69..44da98acb0057b3e88d72f49a84050ff5f7ea501 100644
--- a/module/VuFind/src/VuFind/Exception/ListPermission.php
+++ b/module/VuFind/src/VuFind/Exception/ListPermission.php
@@ -36,6 +36,6 @@ namespace VuFind\Exception;
* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License
* @link https://vufind.org/wiki/development Wiki
*/
-class ListPermission extends \Exception
+class ListPermission extends Forbidden
{
}
diff --git a/module/VuFind/src/VuFind/Exception/LoginRequired.php b/module/VuFind/src/VuFind/Exception/LoginRequired.php
index 4f44b4e7d8e0e08d780824151ea9cf6b16761ca6..e4f82e1a687b0de3172f65c039bdb21b29a0836f 100644
--- a/module/VuFind/src/VuFind/Exception/LoginRequired.php
+++ b/module/VuFind/src/VuFind/Exception/LoginRequired.php
@@ -36,6 +36,6 @@ namespace VuFind\Exception;
* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License
* @link https://vufind.org/wiki/development Wiki
*/
-class LoginRequired extends \Exception
+class LoginRequired extends Forbidden
{
}