From 4bbfe677e4d3b5b32f6a90e0918f95999fbefedf Mon Sep 17 00:00:00 2001
From: Timo Stollenwerk <timo@zmag.de>
Date: Wed, 6 Oct 2010 13:55:57 +0000
Subject: [PATCH] Replace the can_manage method with a can_review method that
 checks the 'Review comments' permission. This fixes
 http://dev.plone.org/plone/ticket/11145.

svn path=/plone.app.discussion/trunk/; revision=40534
---
 plone/app/discussion/browser/comments.pt         | 12 ++++++------
 plone/app/discussion/browser/comments.py         | 10 +++++++---
 .../discussion/tests/test_comments_viewlet.py    | 16 ++++++++++------
 3 files changed, 23 insertions(+), 15 deletions(-)

diff --git a/plone/app/discussion/browser/comments.pt b/plone/app/discussion/browser/comments.pt
index 84dc12e..5495099 100644
--- a/plone/app/discussion/browser/comments.pt
+++ b/plone/app/discussion/browser/comments.pt
@@ -4,9 +4,9 @@
 <tal:block define="userHasReplyPermission view/can_reply;
                    isAnonymousDiscussionAllowed view/anonymous_discussion_allowed;
                    isAnon view/is_anonymous;
-                   canManage view/can_manage;
-                   replies python:view.get_replies(canManage);
-                   has_replies python:view.has_replies(canManage);
+                   canReview view/can_review;
+                   replies python:view.get_replies(canReview);
+                   has_replies python:view.has_replies(canReview);
                    showCommenterImage view/show_commenter_image;
                    errors options/state/getErrors|nothing;
                    wtool context/@@plone_tools/workflow;">
@@ -38,7 +38,7 @@
                  tal:attributes="class python:'comment replyTreeLevel'+str(depth)+' state-'+str(review_state);
                                  style string:margin-left: ${depth}em;
                                  id string:${reply/getId}"
-                 tal:condition="python:canManage or review_state == 'published'">
+                 tal:condition="python:canReview or review_state == 'published'">
 
                 <div class="commentImage" tal:condition="showCommenterImage">
                     <a href="" tal:condition="has_author_link"
@@ -87,7 +87,7 @@
                               action=""
                               method="post"
                               style="display: inline;"
-                              tal:condition="canManage"
+                              tal:condition="canReview"
                               tal:attributes="action string:${reply/absolute_url}/@@moderate-delete-comment">
                             <input name="form.button.DeleteComment"
                                    class="destructive"
@@ -102,7 +102,7 @@
                               action=""
                               method="get"
                               style="display: inline;"
-                              tal:condition="canManage"
+                              tal:condition="canReview"
                               tal:repeat="action reply_dict/actions|nothing"
                               tal:attributes="action string:${reply/absolute_url}/@@moderate-publish-comment;
                                               name action/id">
diff --git a/plone/app/discussion/browser/comments.py b/plone/app/discussion/browser/comments.py
index b0fe8db..ad4cc36 100644
--- a/plone/app/discussion/browser/comments.py
+++ b/plone/app/discussion/browser/comments.py
@@ -241,13 +241,17 @@ class CommentsViewlet(ViewletBase):
                                     mimetype=mimetype).getData()
     
     def can_reply(self):
+        """Returns true if current user has the 'Reply to item' permission.
+        """        
         return getSecurityManager().checkPermission('Reply to item', 
                                                     aq_inner(self.context))
 
-    def can_manage(self):
-        return getSecurityManager().checkPermission('Manage portal', 
+    def can_review(self):
+        """Returns true if current user has the 'Review comments' permission.
+        """
+        return getSecurityManager().checkPermission('Review comments', 
                                                     aq_inner(self.context))
-
+        
     def is_discussion_allowed(self):
         context = aq_inner(self.context)
         conversation = IConversation(context)
diff --git a/plone/app/discussion/tests/test_comments_viewlet.py b/plone/app/discussion/tests/test_comments_viewlet.py
index 2fa1af6..75d46af 100644
--- a/plone/app/discussion/tests/test_comments_viewlet.py
+++ b/plone/app/discussion/tests/test_comments_viewlet.py
@@ -206,13 +206,17 @@ class TestCommentsViewlet(PloneTestCase):
         # Anonymous users can not reply
         self.failIf(self.viewlet.can_reply())
 
-    def test_can_manage(self):
-        # Portal owner has manage rights
-        self.failUnless(self.viewlet.can_manage())
+    def test_can_review(self):
+        # Portal owner has 'can review' permission
+        self.failUnless(self.viewlet.can_review())
         self.logout()
-        # Anonymous has no manage rights
-        self.failIf(self.viewlet.can_manage())
-    
+        # Anonymous has no 'can review' permission
+        self.failIf(self.viewlet.can_review())
+        # The reviewer role has the 'Review comments' permission
+        self.portal.acl_users._doAddUser('reviewer', 'secret', ['Reviewer'], [])
+        self.login('reviewer')
+        self.failUnless(self.viewlet.can_review())        
+            
     def test_is_discussion_allowed(self):
         # By default, discussion is disabled
         self.failIf(self.viewlet.is_discussion_allowed())