ajung/plone.app.discussion
0
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

provide "delete own comments" as a configurable option

Browse Source
This commit is contained in:
Guido A.J. Stevens
2013-09-19 08:39:52 +00:00
parent e6172a219e
commit 82a473c138
10 changed files with 220 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files
plone/app/discussion/browser/comments.pt
+3 -2
View File
@@ -36,7 +36,8 @@
has_author_link python:author_home_url and not isAnon;
portrait_url python:view.get_commenter_portrait(reply.author_username);
review_state python:wtool.getInfoFor(reply, 'review_state', 'none');
canEdit python:view.can_edit(reply)"
canEdit python:view.can_edit(reply);
canDelete python:view.can_delete(reply)"
tal:attributes="class python:'comment replyTreeLevel'+str(depth)+' state-'+str(review_state);
id string:${reply/getId}"
tal:condition="python:canReview or review_state == 'published'">
@@ -89,7 +90,7 @@
action=""
method="post"
class="commentactionsform"
tal:condition="python:canReview"
tal:condition="python:canDelete"
tal:attributes="action string:${reply/absolute_url}/@@moderate-delete-comment">
<input name="form.button.DeleteComment"
class="destructive"
plone/app/discussion/browser/comments.py
+17 -1
View File
@@ -299,12 +299,28 @@ class CommentsViewlet(ViewletBase):
aq_inner(self.context))
def can_edit(self, reply):
"""Returns true if current user has the 'Delete objects'
"""Returns true if current user has the 'Edit comments'
permission.
"""
return getSecurityManager().checkPermission('Edit comments',
aq_inner(reply))
def can_delete(self, reply):
"""By default requires 'Review comments'.
If 'delete own comments' is enabled, requires 'Edit comments'.
"""
if self.is_delete_own_comment_allowed():
permission = 'Edit comments'
else:
permission = 'Review comments'
return getSecurityManager().checkPermission(permission,
aq_inner(reply))
def is_delete_own_comment_allowed(self):
registry = queryUtility(IRegistry)
settings = registry.forInterface(IDiscussionSettings, check=False)
return settings.delete_own_comment_enabled
def is_discussion_allowed(self):
context = aq_inner(self.context)
return context.restrictedTraverse('@@conversation_view').enabled()
plone/app/discussion/browser/configure.zcml
+4 -2
View File
@@ -80,13 +80,15 @@
permission="plone.app.discussion.EditComments"
/>
<!-- Delete comment view -->
<!-- Delete comment view
has conditional security dependent on controlpanel settings.
-->
<browser:page
for="plone.app.discussion.interfaces.IComment"
name="moderate-delete-comment"
layer="..interfaces.IDiscussionLayer"
class=".moderation.DeleteComment"
permission="plone.app.discussion.ReviewComments"
permission="zope2.DeleteObjects"
/>
<!-- Publish comment view -->
plone/app/discussion/browser/controlpanel.py
+2
View File
@@ -54,6 +54,8 @@ class DiscussionSettingsEditForm(controlpanel.RegistryEditForm):
SingleCheckBoxFieldWidget
self.fields['edit_comment_enabled'].widgetFactory = \
SingleCheckBoxFieldWidget
self.fields['delete_own_comment_enabled'].widgetFactory = \
SingleCheckBoxFieldWidget
self.fields['anonymous_comments'].widgetFactory = \
SingleCheckBoxFieldWidget
self.fields['show_commenter_image'].widgetFactory = \
plone/app/discussion/browser/moderation.py
+29 -5
View File
@@ -1,5 +1,7 @@
# -*- coding: utf-8 -*-
from Acquisition import aq_inner, aq_parent
from AccessControl import getSecurityManager
from zope.component import queryUtility
from Products.Five.browser import BrowserView
from Products.Five.browser.pagetemplatefile import ViewPageTemplateFile
@@ -8,6 +10,8 @@ from Products.CMFCore.utils import getToolByName
from Products.statusmessages.interfaces import IStatusMessage
from plone.registry.interfaces import IRegistry
from plone.app.discussion.interfaces import IDiscussionSettings
from plone.app.discussion.interfaces import _
from plone.app.discussion.interfaces import IComment
@@ -94,17 +98,37 @@ class DeleteComment(BrowserView):
comment = aq_inner(self.context)
conversation = aq_parent(comment)
content_object = aq_parent(conversation)
del conversation[comment.id]
content_object.reindexObject()
IStatusMessage(self.context.REQUEST).addStatusMessage(
_("Comment deleted."),
type="info")
# conditional security
# base ZCML condition zope2.deleteObject allows 'delete own object'
# modify this for 'delete_own_comment_allowed' controlpanel setting
if self.can_delete(comment):
del conversation[comment.id]
content_object.reindexObject()
IStatusMessage(self.context.REQUEST).addStatusMessage(
_("Comment deleted."),
type="info")
came_from = self.context.REQUEST.HTTP_REFERER
# if the referrer already has a came_from in it, don't redirect back
if len(came_from) == 0 or 'came_from=' in came_from:
came_from = content_object.absolute_url()
return self.context.REQUEST.RESPONSE.redirect(came_from)
def can_delete(self, reply):
"""By default requires 'Review comments'.
If 'delete own comments' is enabled, requires 'Edit comments'.
"""
if self.is_delete_own_comment_allowed():
permission = 'Edit comments'
else:
permission = 'Review comments'
return getSecurityManager().checkPermission(permission,
aq_inner(reply))
def is_delete_own_comment_allowed(self):
registry = queryUtility(IRegistry)
settings = registry.forInterface(IDiscussionSettings, check=False)
return settings.delete_own_comment_enabled
class PublishComment(BrowserView):
"""Publish a comment.