1 год назад · d3c2f2bd0d
--- a/apps/app/src/client/components/PageComment/CommentEditor.tsx
+++ b/apps/app/src/client/components/PageComment/CommentEditor.tsx
@@ -32,7 +32,8 @@ import { useCommentEditorDirtyMap } from '~/stores/ui';
 
				 import loggerFactory from '~/utils/logger';
			
 
				 
			
 
				 import { NotAvailableForGuest } from '../NotAvailableForGuest';
			
 
				-import { NotAvailableForReadOnlyUser } from '../NotAvailableForReadOnlyUser';
			
 
				+import { NotAvailableIfReadOnlyUserNotAllowedToComment } from '../NotAvailableForReadOnlyUser';
			
 
				+// import { NotAvailableIfReadOnlyUserNotAllowedToComment } from '../NotAvailableIfReadOnlyUserNotAllowedToComment';
			
 
				 
			
 
				 import { CommentPreview } from './CommentPreview';
			
 
				 import { SwitchingButtonGroup } from './SwitchingButtonGroup';
			
@@ -330,7 +331,7 @@ export const CommentEditorPre = (props: CommentEditorProps): JSX.Element => {
 
				     return (
			
 
				       <CommentEditorLayout>
			
 
				         <NotAvailableForGuest>
			
 
				-          <NotAvailableForReadOnlyUser>
			
 
				+          <NotAvailableIfReadOnlyUserNotAllowedToComment>
			
 
				             <button
			
 
				               type="button"
			
 
				               className="btn btn-outline-primary w-100 text-start py-3"
			
@@ -341,7 +342,7 @@ export const CommentEditorPre = (props: CommentEditorProps): JSX.Element => {
 
				               <span className="material-symbols-outlined me-1 fs-5">add_comment</span>
			
 
				               <small>{t('page_comment.add_a_comment')}...</small>
			
 
				             </button>
			
 
				-          </NotAvailableForReadOnlyUser>
			
 
				+          </NotAvailableIfReadOnlyUserNotAllowedToComment>
			
 
				         </NotAvailableForGuest>
			
 
				       </CommentEditorLayout>
			
 
				     );
			
--- a/apps/app/src/server/middlewares/exclude-read-only-user.ts
+++ b/apps/app/src/server/middlewares/exclude-read-only-user.ts
@@ -27,7 +27,7 @@ export const excludeReadOnlyUser = (req: Request, res: Response & { apiv3Err },
 
				   return next();
			
 
				 };
			
 
				 
			
 
				-export const excludeReadOnlyUserWhenCommentNotAllowed = (req: Request, res: Response & { apiv3Err }, next: () => NextFunction): NextFunction => {
			
 
				+export const excludeReadOnlyUserIfCommentNotAllowed = (req: Request, res: Response & { apiv3Err }, next: () => NextFunction): NextFunction => {
			
 
				   const user = req.user;
			
 
				 
			
 
				   const isRomUserAllowedToComment = configManager.getConfig('crowi', 'security:isRomUserAllowedToComment');
			
--- a/apps/app/src/server/routes/index.js
+++ b/apps/app/src/server/routes/index.js
@@ -5,7 +5,7 @@ import { middlewareFactory as rateLimiterFactory } from '~/features/rate-limiter
 
				 
			
 
				 import { generateAddActivityMiddleware } from '../middlewares/add-activity';
			
 
				 import apiV1FormValidator from '../middlewares/apiv1-form-validator';
			
 
				-import { excludeReadOnlyUser, excludeReadOnlyUserWhenCommentNotAllowed } from '../middlewares/exclude-read-only-user';
			
 
				+import { excludeReadOnlyUser, excludeReadOnlyUserIfCommentNotAllowed } from '../middlewares/exclude-read-only-user';
			
 
				 import injectResetOrderByTokenMiddleware from '../middlewares/inject-reset-order-by-token-middleware';
			
 
				 import injectUserRegistrationOrderByTokenMiddleware from '../middlewares/inject-user-registration-order-by-token-middleware';
			
 
				 import * as loginFormValidator from '../middlewares/login-form-validator';
			
@@ -131,9 +131,9 @@ module.exports = function(crowi, app) {
 
				   apiV1Router.get('/tags.search'         , accessTokenParser, loginRequired, tag.api.search);
			
 
				   apiV1Router.post('/tags.update'        , accessTokenParser, loginRequiredStrictly, excludeReadOnlyUser, addActivity, tag.api.update);
			
 
				   apiV1Router.get('/comments.get'        , accessTokenParser , loginRequired , comment.api.get);
			
 
				-  apiV1Router.post('/comments.add'       , comment.api.validators.add(), accessTokenParser , loginRequiredStrictly , excludeReadOnlyUserWhenCommentNotAllowed, addActivity, comment.api.add);
			
 
				-  apiV1Router.post('/comments.update'    , comment.api.validators.add(), accessTokenParser , loginRequiredStrictly , excludeReadOnlyUserWhenCommentNotAllowed, addActivity, comment.api.update);
			
 
				-  apiV1Router.post('/comments.remove'    , accessTokenParser , loginRequiredStrictly , excludeReadOnlyUserWhenCommentNotAllowed, addActivity, comment.api.remove);
			
 
				+  apiV1Router.post('/comments.add'       , comment.api.validators.add(), accessTokenParser , loginRequiredStrictly , excludeReadOnlyUserIfCommentNotAllowed, addActivity, comment.api.add);
			
 
				+  apiV1Router.post('/comments.update'    , comment.api.validators.add(), accessTokenParser , loginRequiredStrictly , excludeReadOnlyUserIfCommentNotAllowed, addActivity, comment.api.update);
			
 
				+  apiV1Router.post('/comments.remove'    , accessTokenParser , loginRequiredStrictly , excludeReadOnlyUserIfCommentNotAllowed, addActivity, comment.api.remove);
			
 
				 
			
 
				   apiV1Router.post('/attachments.uploadProfileImage'   , uploads.single('file'), autoReap, accessTokenParser, loginRequiredStrictly , excludeReadOnlyUser, attachmentApi.uploadProfileImage);
			
 
				   apiV1Router.post('/attachments.remove'               , accessTokenParser , loginRequiredStrictly , excludeReadOnlyUser, addActivity ,attachmentApi.remove);