From add1c8b9b387eb9f14d88c982b35c6b00f6f9bdc Mon Sep 17 00:00:00 2001
From: Francesco Siddi <francesco.siddi@gmail.com>
Date: Sun, 28 May 2017 19:04:11 +0200
Subject: [PATCH] Make ROLES_FOR_COMMENT_VOTING a config value

This way we can override it when extending Pillar for other projects that might not require the 'subscriber' or 'demo' roles.
---
 pillar/api/nodes/custom/comment.py | 3 +--
 pillar/config.py                   | 1 +
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/pillar/api/nodes/custom/comment.py b/pillar/api/nodes/custom/comment.py
index b4897883..3a089729 100644
--- a/pillar/api/nodes/custom/comment.py
+++ b/pillar/api/nodes/custom/comment.py
@@ -10,7 +10,6 @@ from pillar.api.utils import authorization, authentication, jsonify
 from . import register_patch_handler
 
 log = logging.getLogger(__name__)
-ROLES_FOR_COMMENT_VOTING = {'subscriber', 'demo'}
 COMMENT_VOTING_OPS = {'upvote', 'downvote', 'revoke'}
 VALID_COMMENT_OPERATIONS = COMMENT_VOTING_OPS.union({'edit'})
 
@@ -180,7 +179,7 @@ def assert_is_valid_patch(node_id, patch):
         return
 
     # See whether the user is allowed to patch
-    if authorization.user_matches_roles(ROLES_FOR_COMMENT_VOTING):
+    if authorization.user_matches_roles(current_app.config['ROLES_FOR_COMMENT_VOTING']):
         log.debug('User is allowed to upvote/downvote comment')
         return
 
diff --git a/pillar/config.py b/pillar/config.py
index d7bc08e7..7f18eb3b 100644
--- a/pillar/config.py
+++ b/pillar/config.py
@@ -125,6 +125,7 @@ FILESIZE_LIMIT_BYTES_NONSUBS = 32 * 2 ** 20
 # Unless they have one of those roles.
 ROLES_FOR_UNLIMITED_UPLOADS = {'subscriber', 'demo', 'admin'}
 
+ROLES_FOR_COMMENT_VOTING = {'subscriber', 'demo'}
 
 #############################################
 # Old pillar-web config: