Rewrote all tal:condition in comments.pt. The authenticated user has
the reply button and the comment form if he has the "Reply to item" permission and the conversation is currently enabled. Warning: There is a security hole at the moment. Any authenticated user having the zope2.View permission or anonymous user without captcha can add a comment by creating a post request. svn path=/plone.app.discussion/trunk/; revision=38888
This commit is contained in:
parent
1579064ee6
commit
17fce9d515
@ -25,7 +25,7 @@
|
||||
|
||||
<div class="discussion"
|
||||
tal:attributes="class python: showCommenterImage and 'discussion showCommenterImage' or 'discussion';"
|
||||
tal:condition="python:replies or (userHasReplyPermission and isDiscussionAllowed) or (isAnon and not userHasReplyPermission and isDiscussionAllowed)">
|
||||
tal:condition="has_replies">
|
||||
<tal:getreplies repeat="reply_dict replies">
|
||||
|
||||
<div class="comment"
|
||||
@ -85,7 +85,7 @@
|
||||
|
||||
<div class="commentActions">
|
||||
<button class="context reply-to-comment-button hide allowMultiSubmit"
|
||||
tal:condition="python:userHasReplyPermission and isDiscussionAllowed or isAnonymousDiscussionAllowed"
|
||||
tal:condition="python:isDiscussionAllowed and (isAnon and isAnonymousDiscussionAllowed or userHasReplyPermission)"
|
||||
i18n:translate="label_reply">
|
||||
Reply
|
||||
</button>
|
||||
@ -94,7 +94,7 @@
|
||||
action=""
|
||||
method="post"
|
||||
style="display: inline;"
|
||||
tal:condition="view/can_manage"
|
||||
tal:condition="canManage"
|
||||
tal:attributes="action string:${reply/absolute_url}/@@moderate-delete-comment">
|
||||
<input name="form.button.DeleteComment"
|
||||
class="destructive"
|
||||
@ -109,6 +109,7 @@
|
||||
action=""
|
||||
method="get"
|
||||
style="display: inline;"
|
||||
tal:condition="canManage"
|
||||
tal:repeat="action reply_dict/actions|nothing"
|
||||
tal:attributes="action string:${reply/absolute_url}/@@moderate-publish-comment;
|
||||
name action/id">
|
||||
@ -129,7 +130,7 @@
|
||||
</div>
|
||||
|
||||
<div class="reply"
|
||||
tal:condition="python: isAnon and not isAnonymousDiscussionAllowed and has_replies">
|
||||
tal:condition="python:isDiscussionAllowed and (isAnon and not isAnonymousDiscussionAllowed)">
|
||||
<form tal:attributes="action view/login_action">
|
||||
<input class="standalone"
|
||||
style="margin-bottom: 1.25em;"
|
||||
@ -140,7 +141,7 @@
|
||||
</form>
|
||||
</div>
|
||||
|
||||
<div id="commenting" class="reply" tal:condition="python: isAnon and isAnonymousDiscussionAllowed or not isAnon">
|
||||
<div id="commenting" class="reply" tal:condition="python:isDiscussionAllowed and (isAnon and isAnonymousDiscussionAllowed or userHasReplyPermission)">
|
||||
|
||||
<fieldset>
|
||||
|
||||
|
@ -223,7 +223,7 @@ class CommentsViewlet(ViewletBase):
|
||||
def has_replies(self, workflow_actions=False):
|
||||
"""Returns true if there are replies.
|
||||
"""
|
||||
if self.get_replies(workflow_actions):
|
||||
if self.get_replies(workflow_actions) is not None:
|
||||
try:
|
||||
self.get_replies(workflow_actions).next()
|
||||
return True
|
||||
|
Loading…
Reference in New Issue
Block a user