Migrate trans.delete_comment permission check to new model

Signed-off-by: Michal Čihař <michal@cihar.com>

Migrate trans.delete_comment permission check to new model
Signed-off-by: Michal Čihař <michal@cihar.com>
cade73fa · Michal Čihař · 90ff5df2 · cade73fa · cade73fa · cade73fa
Commit cade73fa authored Apr 17, 2015 by Michal Čihař
5 changed files
--- a/weblate/html/list-checks.html
+++ b/weblate/html/list-checks.html
 {% load i18n %}
+{% load permissions %}
+
 {% can_ignore_check user check.project as user_can_ignore_check %}

 {% for check in checks %}

--- a/weblate/html/list-comments.html
+++ b/weblate/html/list-comments.html
 {% load translations %}
 {% load i18n %}
+{% load permissions %}
+
+{% can_delete_comment user unit.translation.subproject.project as user_can_delete_comment %}

 {% for comment in comments %}
 <div>
@@ -13,7 +16,7 @@
 {% endif %}
 </span>
 </div>
-{% if perms.trans.delete_comment %}
+{% if user_can_delete_comment %}
 <form method="POST" action="{% url 'delete-comment' pk=comment.pk %}">
 {% csrf_token %}
 <input type="hidden" name="next" value="{{ next_url }}" />

--- a/weblate/trans/permissions.py
+++ b/weblate/trans/permissions.py
@@ -224,3 +224,11 @@ def can_ignore_check(user, project):
    Checks whether user can edit translation priority.
    """
    return check_permission(user, project, 'trans.ignore_check')
+
+
+@cache_permission
+def can_delete_comment(user, project):
+    """
+    Checks whether user can edit translation priority.
+    """
+    return check_permission(user, project, 'trans.delete_comment')
--- a/weblate/trans/templatetags/permissions.py
+++ b/weblate/trans/templatetags/permissions.py
@@ -106,3 +106,8 @@ def can_edit_priority(user, project):
 @register.assignment_tag
 def can_ignore_check(user, project):
    return weblate.trans.permissions.can_ignore_check(user, project)
+
+
+@register.assignment_tag
+def can_delete_comment(user, project):
+    return weblate.trans.permissions.can_delete_comment(user, project)
--- a/weblate/trans/views/edit.py
+++ b/weblate/trans/views/edit.py
@@ -25,6 +25,7 @@ from django.http import HttpResponseRedirect, HttpResponse
 from django.contrib import messages
 from django.contrib.auth.decorators import login_required, permission_required
 from django.utils import formats
+from django.core.exceptions import PermissionDenied
 import uuid
 import time

@@ -43,7 +44,7 @@ from weblate.trans.checks import CHECKS
 from weblate.trans.util import join_plural
 from weblate.trans.permissions import (
    can_translate, can_suggest, can_accept_suggestion, can_delete_suggestion,
-    can_vote_suggestion,
+    can_vote_suggestion, can_delete_comment,
 )


@@ -693,6 +694,9 @@ def delete_comment(request, pk):
    comment_obj = get_object_or_404(Comment, pk=pk)
    comment_obj.project.check_acl(request)

+    if not can_delete_comment(request.user, comment_obj.project):
+        raise PermissionDenied()
+
    units = get_related_units(comment_obj)
    if units.exists():
        fallback_url = units[0].get_absolute_url()