Allow PUT method for owner on comment creation

Make use of the permission system and allow PUT method for the creator
of a Node of type comment. This enables comment owners to edit their
own posts.

pillar/api/nodes/comments.py

@@ -149,6 +149,12 @@ def post_node_comment(parent_id: bson.ObjectId, markdown_msg: str, attachments:
             rating_positive=0,
             rating_negative=0,
             attachments=attachments,
+        ),
+        permissions=dict(
+            users=[dict(
+                user=current_user.objectid,
+                methods=['PUT'])
+            ]
         )
     )
     r, _, _, status = current_app.post_internal('nodes', comment)

tests/test_api/test_comments.py

@@ -70,6 +70,22 @@ class CommentEditTest(AbstractPillarTest):
 
         self.user_uid = self.create_user(24 * 'b', groups=[ctd.EXAMPLE_ADMIN_GROUP_ID],
                                          token='user-token')
+        self.other_user_uid = self.create_user(24 * 'c',token='other-user-token')
+
+        # Add world POST permission to comments for the project
+        # This allows any user to post a comment
+        for node_type in self.project['node_types']:
+            if node_type['name'] != 'comment':
+                continue
+            node_type['permissions'] = {'world': ['POST']}
+
+        with self.app.app_context():
+            proj_coll = self.app.db('projects')
+            proj_coll.update(
+                {'_id': self.pid},
+                {'$set': {
+                    'node_types': self.project['node_types'],
+                }})
 
     def test_edit_comment(self):
         # Create the comment
@@ -86,7 +102,50 @@ class CommentEditTest(AbstractPillarTest):
             payload = json.loads(resp.data)
             comment_id = payload['id']
 
-            comment_url = flask.url_for('nodes_api.patch_node_comment', node_path=str(self.node_id), comment_path=comment_id)
+            comment_url = flask.url_for('nodes_api.patch_node_comment', node_path=str(self.node_id),
+                                        comment_path=comment_id)
+            # Edit the comment
+            resp = self.patch(
+                comment_url,
+                json={
+                    'msg': 'Edited comment',
+                },
+                expected_status=200,
+            )
+
+            self.assertEqual(200, resp.status_code)
+            payload = json.loads(resp.data)
+            self.assertEqual('Edited comment', payload['msg_markdown'])
+            self.assertEqual('<p>Edited comment</p>\n', payload['msg_html'])
+
+    def test_edit_comment_non_admin(self):
+        """Verify that a comment can be edited by a regular user."""
+        # Create the comment
+        with self.login_as(self.other_user_uid):
+            comment_url = flask.url_for('nodes_api.post_node_comment', node_path=str(self.node_id))
+            resp = self.post(
+                comment_url,
+                json={
+                    'msg': 'There is no place like [home](https://cloud.blender.org/)',
+                },
+                expected_status=201,
+            )
+
+            payload = json.loads(resp.data)
+
+            # Check that the comment has edit (PUT) permission for the current user
+            with self.app.app_context():
+                nodes_coll = self.app.db('nodes')
+                db_node = nodes_coll.find_one(ObjectId(payload['id']))
+                expected_permissions = {'users': [{
+                    'user': self.other_user_uid,
+                    'methods': ['PUT']
+                }]}
+                self.assertEqual(db_node['permissions'], expected_permissions)
+
+            comment_id = payload['id']
+            comment_url = flask.url_for('nodes_api.patch_node_comment', node_path=str(self.node_id),
+                                        comment_path=comment_id)
             # Edit the comment
             resp = self.patch(
                 comment_url,