From 6952923b1e61831e4586a397aaa8cd5a8d8c5f38 Mon Sep 17 00:00:00 2001
From: Maurits van Rees <maurits@vanrees.org>
Date: Thu, 9 Jun 2016 19:26:06 +0200
Subject: [PATCH] Reset the required setting of the author_email widget each
 time.

Otherwise, the email field might get set to required when an anonymous
user visits, and then remain required when an authenticated user
visits, making it impossible for an authenticated user to fill in the
form without validation error.  Or when in the control panel the field
is set as not required anymore, that change would have no effect until
the instance was restarted.
---
 CHANGES.rst                                   |  8 ++-
 plone/app/discussion/browser/comments.py      | 14 +++++
 .../tests/functional_test_comments.txt        | 57 +++++++++++++++++++
 3 files changed, 78 insertions(+), 1 deletion(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index e7f6da9..789ef5f 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -14,7 +14,13 @@ New features:
 
 Bug fixes:
 
-- *add item here*
+- Reset the required setting of the author_email widget each time.
+  Otherwise, the email field might get set to required when an
+  anonymous user visits, and then remain required when an
+  authenticated user visits, making it impossible for an authenticated
+  user to fill in the form without validation error.  Or when in the
+  control panel the field is set as not required anymore, that change
+  would have no effect until the instance was restarted.  [maurits]
 
 
 2.4.14 (2016-06-06)
diff --git a/plone/app/discussion/browser/comments.py b/plone/app/discussion/browser/comments.py
index a1c80af..7d9695c 100644
--- a/plone/app/discussion/browser/comments.py
+++ b/plone/app/discussion/browser/comments.py
@@ -87,6 +87,20 @@ class CommentForm(extensible.ExtensibleForm, form.Form):
         self.widgets['in_reply_to'].mode = interfaces.HIDDEN_MODE
         self.widgets['text'].addClass('autoresize')
         self.widgets['user_notification'].label = _(u'')
+        # Reset widget field settings to their defaults, which may be changed
+        # further on.  Otherwise, the email field might get set to required
+        # when an anonymous user visits, and then remain required when an
+        # authenticated user visits, making it impossible for an authenticated
+        # user to fill in the form without validation error.  Or when in the
+        # control panel the field is set as not required anymore, that change
+        # would have no effect until the instance was restarted.  Note that the
+        # widget is new each time, but the field is the same item in memory as
+        # the previous time.
+        self.widgets['author_email'].field.required = False
+        # The widget is new, but its 'required' setting is based on the
+        # previous value on the field, so we need to reset it here.  Changing
+        # the field in updateFields does not help.
+        self.widgets['author_email'].required = False
 
         # Rename the id of the text widgets because there can be css-id
         # clashes with the text field of documents when using and overlay
diff --git a/plone/app/discussion/tests/functional_test_comments.txt b/plone/app/discussion/tests/functional_test_comments.txt
index ccdb4ff..6aa6b81 100644
--- a/plone/app/discussion/tests/functional_test_comments.txt
+++ b/plone/app/discussion/tests/functional_test_comments.txt
@@ -479,3 +479,60 @@ Make sure the edit was successful.
 
     >>> 'Lorem ipsum' in browser.contents
     True
+
+
+Require anonymous email
+-----------------------
+
+Edit the control panel.
+
+    >>> browser.open(portal_url + '/logout')
+    >>> browser.open(portal_url + '/login_form')
+    >>> browser.getControl(name='__ac_name').value = 'admin'
+    >>> browser.getControl(name='__ac_password').value = 'secret'
+    >>> browser.getControl(name='submit').click()
+    >>> browser.open(portal_url+'/@@discussion-controlpanel')
+    >>> browser.getControl(name='form.widgets.anonymous_email_enabled:list').value = [True]
+    >>> browser.getControl(name='form.buttons.save').click()
+    >>> browser.open(portal_url + '/logout')
+
+Post an anonymous comment without setting the email.
+
+    >>> unprivileged_browser.open(urldoc1)
+    >>> unprivileged_browser.getControl(name='form.widgets.text').value = "This is an anonymous comment without email"
+    >>> unprivileged_browser.getControl(name='form.buttons.comment').click()
+    >>> 'Required input is missing' in unprivileged_browser.contents
+    True
+
+Try again.
+
+    >>> unprivileged_browser.getControl(name='form.widgets.text').value = "This is an anonymous comment with email"
+    >>> unprivileged_browser.getControl(name='form.widgets.author_email').value = "email@example.org"
+    >>> unprivileged_browser.getControl(name='form.buttons.comment').click()
+    >>> 'Required input missing' in unprivileged_browser.contents
+    False
+    >>> 'Your comment awaits moderator approval' in unprivileged_browser.contents
+    True
+
+Posting as member should still work.  Especially it should not
+complain about missing input for an invisible author_email field.
+Login as user 'jim'.
+
+    >>> browser_member.open(portal_url + '/login_form')
+    >>> browser_member.getControl(name='__ac_name').value = 'jim'
+    >>> browser_member.getControl(name='__ac_password').value = 'secret'
+    >>> browser_member.getControl(name='submit').click()
+
+Post a comment as user jim.
+
+    >>> browser_member.open(urldoc1)
+    >>> browser_member.getControl(name='form.widgets.text').value = "Use the ZODB, Luke!"
+    >>> submit = browser_member.getControl(name='form.buttons.comment')
+    >>> submit.click()
+
+Check if there are no validation errors.
+
+    >>> 'Required input missing' in browser_member.contents
+    False
+    >>> 'Your comment awaits moderator approval' in browser_member.contents
+    True