Rewrote all tal:condition in comments.pt. The authenticated user has

the reply button and the comment form if he has the "Reply to item"
permission and the conversation is currently enabled.

Warning:
There is a security hole at the moment. Any authenticated user having the
zope2.View permission or anonymous user without captcha can add a comment
by creating a post request.

svn path=/plone.app.discussion/trunk/; revision=38888
This commit is contained in:
Vincent Fretin 2010-08-24 11:25:17 +00:00
parent 1579064ee6
commit 17fce9d515
2 changed files with 7 additions and 6 deletions

View File

@ -25,7 +25,7 @@
<div class="discussion"
tal:attributes="class python: showCommenterImage and 'discussion showCommenterImage' or 'discussion';"
tal:condition="python:replies or (userHasReplyPermission and isDiscussionAllowed) or (isAnon and not userHasReplyPermission and isDiscussionAllowed)">
tal:condition="has_replies">
<tal:getreplies repeat="reply_dict replies">
<div class="comment"
@ -85,7 +85,7 @@
<div class="commentActions">
<button class="context reply-to-comment-button hide allowMultiSubmit"
tal:condition="python:userHasReplyPermission and isDiscussionAllowed or isAnonymousDiscussionAllowed"
tal:condition="python:isDiscussionAllowed and (isAnon and isAnonymousDiscussionAllowed or userHasReplyPermission)"
i18n:translate="label_reply">
Reply
</button>
@ -94,7 +94,7 @@
action=""
method="post"
style="display: inline;"
tal:condition="view/can_manage"
tal:condition="canManage"
tal:attributes="action string:${reply/absolute_url}/@@moderate-delete-comment">
<input name="form.button.DeleteComment"
class="destructive"
@ -109,6 +109,7 @@
action=""
method="get"
style="display: inline;"
tal:condition="canManage"
tal:repeat="action reply_dict/actions|nothing"
tal:attributes="action string:${reply/absolute_url}/@@moderate-publish-comment;
name action/id">
@ -129,7 +130,7 @@
</div>
<div class="reply"
tal:condition="python: isAnon and not isAnonymousDiscussionAllowed and has_replies">
tal:condition="python:isDiscussionAllowed and (isAnon and not isAnonymousDiscussionAllowed)">
<form tal:attributes="action view/login_action">
<input class="standalone"
style="margin-bottom: 1.25em;"
@ -140,7 +141,7 @@
</form>
</div>
<div id="commenting" class="reply" tal:condition="python: isAnon and isAnonymousDiscussionAllowed or not isAnon">
<div id="commenting" class="reply" tal:condition="python:isDiscussionAllowed and (isAnon and isAnonymousDiscussionAllowed or userHasReplyPermission)">
<fieldset>

View File

@ -223,7 +223,7 @@ class CommentsViewlet(ViewletBase):
def has_replies(self, workflow_actions=False):
"""Returns true if there are replies.
"""
if self.get_replies(workflow_actions):
if self.get_replies(workflow_actions) is not None:
try:
self.get_replies(workflow_actions).next()
return True