Replace the can_manage method with a can_review method that checks the 'Review comments' permission. This fixes http://dev.plone.org/plone/ticket/11145.
svn path=/plone.app.discussion/trunk/; revision=40534
This commit is contained in:
parent
3e73903a8d
commit
4bbfe677e4
@ -4,9 +4,9 @@
|
|||||||
<tal:block define="userHasReplyPermission view/can_reply;
|
<tal:block define="userHasReplyPermission view/can_reply;
|
||||||
isAnonymousDiscussionAllowed view/anonymous_discussion_allowed;
|
isAnonymousDiscussionAllowed view/anonymous_discussion_allowed;
|
||||||
isAnon view/is_anonymous;
|
isAnon view/is_anonymous;
|
||||||
canManage view/can_manage;
|
canReview view/can_review;
|
||||||
replies python:view.get_replies(canManage);
|
replies python:view.get_replies(canReview);
|
||||||
has_replies python:view.has_replies(canManage);
|
has_replies python:view.has_replies(canReview);
|
||||||
showCommenterImage view/show_commenter_image;
|
showCommenterImage view/show_commenter_image;
|
||||||
errors options/state/getErrors|nothing;
|
errors options/state/getErrors|nothing;
|
||||||
wtool context/@@plone_tools/workflow;">
|
wtool context/@@plone_tools/workflow;">
|
||||||
@ -38,7 +38,7 @@
|
|||||||
tal:attributes="class python:'comment replyTreeLevel'+str(depth)+' state-'+str(review_state);
|
tal:attributes="class python:'comment replyTreeLevel'+str(depth)+' state-'+str(review_state);
|
||||||
style string:margin-left: ${depth}em;
|
style string:margin-left: ${depth}em;
|
||||||
id string:${reply/getId}"
|
id string:${reply/getId}"
|
||||||
tal:condition="python:canManage or review_state == 'published'">
|
tal:condition="python:canReview or review_state == 'published'">
|
||||||
|
|
||||||
<div class="commentImage" tal:condition="showCommenterImage">
|
<div class="commentImage" tal:condition="showCommenterImage">
|
||||||
<a href="" tal:condition="has_author_link"
|
<a href="" tal:condition="has_author_link"
|
||||||
@ -87,7 +87,7 @@
|
|||||||
action=""
|
action=""
|
||||||
method="post"
|
method="post"
|
||||||
style="display: inline;"
|
style="display: inline;"
|
||||||
tal:condition="canManage"
|
tal:condition="canReview"
|
||||||
tal:attributes="action string:${reply/absolute_url}/@@moderate-delete-comment">
|
tal:attributes="action string:${reply/absolute_url}/@@moderate-delete-comment">
|
||||||
<input name="form.button.DeleteComment"
|
<input name="form.button.DeleteComment"
|
||||||
class="destructive"
|
class="destructive"
|
||||||
@ -102,7 +102,7 @@
|
|||||||
action=""
|
action=""
|
||||||
method="get"
|
method="get"
|
||||||
style="display: inline;"
|
style="display: inline;"
|
||||||
tal:condition="canManage"
|
tal:condition="canReview"
|
||||||
tal:repeat="action reply_dict/actions|nothing"
|
tal:repeat="action reply_dict/actions|nothing"
|
||||||
tal:attributes="action string:${reply/absolute_url}/@@moderate-publish-comment;
|
tal:attributes="action string:${reply/absolute_url}/@@moderate-publish-comment;
|
||||||
name action/id">
|
name action/id">
|
||||||
|
@ -241,11 +241,15 @@ class CommentsViewlet(ViewletBase):
|
|||||||
mimetype=mimetype).getData()
|
mimetype=mimetype).getData()
|
||||||
|
|
||||||
def can_reply(self):
|
def can_reply(self):
|
||||||
|
"""Returns true if current user has the 'Reply to item' permission.
|
||||||
|
"""
|
||||||
return getSecurityManager().checkPermission('Reply to item',
|
return getSecurityManager().checkPermission('Reply to item',
|
||||||
aq_inner(self.context))
|
aq_inner(self.context))
|
||||||
|
|
||||||
def can_manage(self):
|
def can_review(self):
|
||||||
return getSecurityManager().checkPermission('Manage portal',
|
"""Returns true if current user has the 'Review comments' permission.
|
||||||
|
"""
|
||||||
|
return getSecurityManager().checkPermission('Review comments',
|
||||||
aq_inner(self.context))
|
aq_inner(self.context))
|
||||||
|
|
||||||
def is_discussion_allowed(self):
|
def is_discussion_allowed(self):
|
||||||
|
@ -206,12 +206,16 @@ class TestCommentsViewlet(PloneTestCase):
|
|||||||
# Anonymous users can not reply
|
# Anonymous users can not reply
|
||||||
self.failIf(self.viewlet.can_reply())
|
self.failIf(self.viewlet.can_reply())
|
||||||
|
|
||||||
def test_can_manage(self):
|
def test_can_review(self):
|
||||||
# Portal owner has manage rights
|
# Portal owner has 'can review' permission
|
||||||
self.failUnless(self.viewlet.can_manage())
|
self.failUnless(self.viewlet.can_review())
|
||||||
self.logout()
|
self.logout()
|
||||||
# Anonymous has no manage rights
|
# Anonymous has no 'can review' permission
|
||||||
self.failIf(self.viewlet.can_manage())
|
self.failIf(self.viewlet.can_review())
|
||||||
|
# The reviewer role has the 'Review comments' permission
|
||||||
|
self.portal.acl_users._doAddUser('reviewer', 'secret', ['Reviewer'], [])
|
||||||
|
self.login('reviewer')
|
||||||
|
self.failUnless(self.viewlet.can_review())
|
||||||
|
|
||||||
def test_is_discussion_allowed(self):
|
def test_is_discussion_allowed(self):
|
||||||
# By default, discussion is disabled
|
# By default, discussion is disabled
|
||||||
|
Loading…
Reference in New Issue
Block a user