Replace the can_manage method with a can_review method that checks the 'Review comments' permission. This fixes http://dev.plone.org/plone/ticket/11145.

svn path=/plone.app.discussion/trunk/; revision=40534
This commit is contained in:
Timo Stollenwerk 2010-10-06 13:55:57 +00:00
parent 3e73903a8d
commit 4bbfe677e4
3 changed files with 23 additions and 15 deletions

View File

@ -4,9 +4,9 @@
<tal:block define="userHasReplyPermission view/can_reply; <tal:block define="userHasReplyPermission view/can_reply;
isAnonymousDiscussionAllowed view/anonymous_discussion_allowed; isAnonymousDiscussionAllowed view/anonymous_discussion_allowed;
isAnon view/is_anonymous; isAnon view/is_anonymous;
canManage view/can_manage; canReview view/can_review;
replies python:view.get_replies(canManage); replies python:view.get_replies(canReview);
has_replies python:view.has_replies(canManage); has_replies python:view.has_replies(canReview);
showCommenterImage view/show_commenter_image; showCommenterImage view/show_commenter_image;
errors options/state/getErrors|nothing; errors options/state/getErrors|nothing;
wtool context/@@plone_tools/workflow;"> wtool context/@@plone_tools/workflow;">
@ -38,7 +38,7 @@
tal:attributes="class python:'comment replyTreeLevel'+str(depth)+' state-'+str(review_state); tal:attributes="class python:'comment replyTreeLevel'+str(depth)+' state-'+str(review_state);
style string:margin-left: ${depth}em; style string:margin-left: ${depth}em;
id string:${reply/getId}" id string:${reply/getId}"
tal:condition="python:canManage or review_state == 'published'"> tal:condition="python:canReview or review_state == 'published'">
<div class="commentImage" tal:condition="showCommenterImage"> <div class="commentImage" tal:condition="showCommenterImage">
<a href="" tal:condition="has_author_link" <a href="" tal:condition="has_author_link"
@ -87,7 +87,7 @@
action="" action=""
method="post" method="post"
style="display: inline;" style="display: inline;"
tal:condition="canManage" tal:condition="canReview"
tal:attributes="action string:${reply/absolute_url}/@@moderate-delete-comment"> tal:attributes="action string:${reply/absolute_url}/@@moderate-delete-comment">
<input name="form.button.DeleteComment" <input name="form.button.DeleteComment"
class="destructive" class="destructive"
@ -102,7 +102,7 @@
action="" action=""
method="get" method="get"
style="display: inline;" style="display: inline;"
tal:condition="canManage" tal:condition="canReview"
tal:repeat="action reply_dict/actions|nothing" tal:repeat="action reply_dict/actions|nothing"
tal:attributes="action string:${reply/absolute_url}/@@moderate-publish-comment; tal:attributes="action string:${reply/absolute_url}/@@moderate-publish-comment;
name action/id"> name action/id">

View File

@ -241,11 +241,15 @@ class CommentsViewlet(ViewletBase):
mimetype=mimetype).getData() mimetype=mimetype).getData()
def can_reply(self): def can_reply(self):
"""Returns true if current user has the 'Reply to item' permission.
"""
return getSecurityManager().checkPermission('Reply to item', return getSecurityManager().checkPermission('Reply to item',
aq_inner(self.context)) aq_inner(self.context))
def can_manage(self): def can_review(self):
return getSecurityManager().checkPermission('Manage portal', """Returns true if current user has the 'Review comments' permission.
"""
return getSecurityManager().checkPermission('Review comments',
aq_inner(self.context)) aq_inner(self.context))
def is_discussion_allowed(self): def is_discussion_allowed(self):

View File

@ -206,12 +206,16 @@ class TestCommentsViewlet(PloneTestCase):
# Anonymous users can not reply # Anonymous users can not reply
self.failIf(self.viewlet.can_reply()) self.failIf(self.viewlet.can_reply())
def test_can_manage(self): def test_can_review(self):
# Portal owner has manage rights # Portal owner has 'can review' permission
self.failUnless(self.viewlet.can_manage()) self.failUnless(self.viewlet.can_review())
self.logout() self.logout()
# Anonymous has no manage rights # Anonymous has no 'can review' permission
self.failIf(self.viewlet.can_manage()) self.failIf(self.viewlet.can_review())
# The reviewer role has the 'Review comments' permission
self.portal.acl_users._doAddUser('reviewer', 'secret', ['Reviewer'], [])
self.login('reviewer')
self.failUnless(self.viewlet.can_review())
def test_is_discussion_allowed(self): def test_is_discussion_allowed(self):
# By default, discussion is disabled # By default, discussion is disabled