From 17fce9d5158d7607dff93ac916ea444c2b3fd3be Mon Sep 17 00:00:00 2001 From: Vincent Fretin Date: Tue, 24 Aug 2010 11:25:17 +0000 Subject: [PATCH] Rewrote all tal:condition in comments.pt. The authenticated user has the reply button and the comment form if he has the "Reply to item" permission and the conversation is currently enabled. Warning: There is a security hole at the moment. Any authenticated user having the zope2.View permission or anonymous user without captcha can add a comment by creating a post request. svn path=/plone.app.discussion/trunk/; revision=38888 --- plone/app/discussion/browser/comments.pt | 11 ++++++----- plone/app/discussion/browser/comments.py | 2 +- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/plone/app/discussion/browser/comments.pt b/plone/app/discussion/browser/comments.pt index 800fda7..24ea7f6 100644 --- a/plone/app/discussion/browser/comments.pt +++ b/plone/app/discussion/browser/comments.pt @@ -25,7 +25,7 @@
+ tal:condition="has_replies">
@@ -94,7 +94,7 @@ action="" method="post" style="display: inline;" - tal:condition="view/can_manage" + tal:condition="canManage" tal:attributes="action string:${reply/absolute_url}/@@moderate-delete-comment"> @@ -129,7 +130,7 @@
+ tal:condition="python:isDiscussionAllowed and (isAnon and not isAnonymousDiscussionAllowed)">
-
+
diff --git a/plone/app/discussion/browser/comments.py b/plone/app/discussion/browser/comments.py index 9443e0c..3903ba8 100644 --- a/plone/app/discussion/browser/comments.py +++ b/plone/app/discussion/browser/comments.py @@ -223,7 +223,7 @@ class CommentsViewlet(ViewletBase): def has_replies(self, workflow_actions=False): """Returns true if there are replies. """ - if self.get_replies(workflow_actions): + if self.get_replies(workflow_actions) is not None: try: self.get_replies(workflow_actions).next() return True