From 52a1602a7ccd446a9cbf6186997d3c06537870d3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sybren=20A=2E=20St=C3=BCvel?= <sybren@stuvel.eu>
Date: Fri, 11 Nov 2016 15:51:08 +0100
Subject: [PATCH] Allow overriding whether the user can comment from URL.

Not really secure (user can still post comments via API and by changing the
URL and re-requesting the embedded comment form), but at least normal users
are blocked from commenting this way.
---
 pillar/web/nodes/custom/comments.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/pillar/web/nodes/custom/comments.py b/pillar/web/nodes/custom/comments.py
index 338acfaa..fcb89e49 100644
--- a/pillar/web/nodes/custom/comments.py
+++ b/pillar/web/nodes/custom/comments.py
@@ -170,6 +170,8 @@ def comments_for_node(node_id):
     node = Node.find(node_id, api=api)
     project = Project({'_id': node.project})
     can_post_comments = project.node_type_has_method('comment', 'POST', api=api)
+    can_comment_override = request.args.get('can_comment', 'True') == 'True'
+    can_post_comments = can_post_comments and can_comment_override
 
     # Query for all children, i.e. comments on the node.
     comments = Node.all({