Users that can't "comment without approval" can bypass it by editing their comments after initial approval

This is another method to handle the same problem: http://drupal.org/node/79693
This bug its, at this moment, in Drupal 4.7 and 5.1. But I'm patching for 4.7.
__________________________

In this case, I don't add any feature. Only correcting the bug itself.

The bug is, that, if a user that is not allowed to post a comment without approval, in some cases, HE CAN edit their comments without ANY approval by the admin.

Adding a "edit approval queue" is a feature itself (and very interesting) will be the better solution for this problem, but I believe that this feature must be in future versions of drupal.

_________________________________

My code don't allow users to edit their posts, if they doesn't have the "post comments without approval". Because if they can't post comments without approval, then, they aren't allowed to edit their posts without approval too.

This patch applies only to the comment.module, and only to the "comment_access" function.

Here is the original function at Drupal 4.7.6 comment.module:

function comment_access($op, $comment) {
   global $user;

   if ($op == 'edit') {
     return ($user->uid && $user->uid == $comment->uid && comment_num_replies($comment->cid) == 0) || user_access('administer comments');
   }
 }

And the modified version:

function comment_access($op, $comment) {
   global $user;

   if ($op == 'edit') {
     return ($user->uid && $user->uid == $comment->uid && user_access('post comments without approval') && comment_num_replies($comment->cid) == 0) || user_access('administer comments');
   }
 }

Note that, I've only added a "&& user_access('post comments without approval') " to the return line. This is the unique modification needed to correct this bug.

_________

PD: The code is untested yet. If someone test it under Drupal 4.7.6, reply to this issue.