From 4667d0ecce413f432c7f1efbff1e5fa2e0184320 Mon Sep 17 00:00:00 2001
From: Deimos <deimos@tildes.net>
Date: Thu, 9 Aug 2018 07:09:48 -0600
Subject: [PATCH] Refactor Comment ACL

The previous approach to writing ACLs made them difficult to follow,
which resulted in making it easy to make mistakes (like allowing users
to reply to themselves in locked threads). This approach should work
much better.
---
 tildes/tildes/models/comment/comment.py | 65 +++++++++++++++++--------
 1 file changed, 44 insertions(+), 21 deletions(-)

diff --git a/tildes/tildes/models/comment/comment.py b/tildes/tildes/models/comment/comment.py
index ca51e09..9d5cf5b 100644
--- a/tildes/tildes/models/comment/comment.py
+++ b/tildes/tildes/models/comment/comment.py
@@ -148,34 +148,57 @@ class Comment(DatabaseModel):
         """Pyramid security ACL."""
         acl = []
 
-        if not (self.is_deleted or self.is_removed):
-            acl.append((Allow, Everyone, 'view'))
+        # nobody has any permissions on deleted comments
+        if self.is_deleted:
+            acl.append(DENY_ALL)
+
+        # view:
+        #  - removed comments can only be viewed by admins and the author
+        #  - otherwise, everyone can view
+        if self.is_removed:
+            acl.append((Allow, 'admin', 'view'))
+            acl.append((Allow, self.user_id, 'view'))
+            acl.append((Deny, Everyone, 'view'))
 
-            if not self.topic.is_locked:
-                acl.append((Allow, Authenticated, 'reply'))
-            else:
-                acl.append((Allow, 'admin', 'reply'))
+        acl.append((Allow, Everyone, 'view'))
 
-            acl.append((Allow, Authenticated, 'mark_read'))
+        # vote:
+        #  - removed comments can't be voted on by anyone
+        #  - otherwise, logged-in users except the author can vote
+        if self.is_removed:
+            acl.append((Deny, Everyone, 'vote'))
 
-            acl.append((Allow, self.user_id, 'edit'))
-            acl.append((Allow, self.user_id, 'delete'))
+        acl.append((Deny, self.user_id, 'vote'))
+        acl.append((Allow, Authenticated, 'vote'))
 
-            # everyone except the comment's author can vote on it
-            acl.append((Deny, self.user_id, 'vote'))
-            acl.append((Allow, Authenticated, 'vote'))
+        # tag:
+        #  - temporary: nobody can tag comments
+        acl.append((Deny, Everyone, 'tag'))
 
-            # temporary - nobody can tag comments
-            acl.append((Deny, Everyone, 'tag'))
+        # reply:
+        #  - removed comments can't be replied to by anyone
+        #  - if the topic is locked, only admins can reply
+        #  - otherwise, logged-in users can reply
+        if self.is_removed:
+            acl.append((Deny, Everyone, 'reply'))
 
-        if not self.is_deleted:
-            acl.append((Allow, 'admin', 'view'))
+        if self.topic.is_locked:
+            acl.append((Allow, 'admin', 'reply'))
+            acl.append((Deny, Everyone, 'reply'))
 
-            acl.append((Allow, self.user_id, 'view'))
-            if not self.topic.is_locked:
-                acl.append((Allow, self.user_id, 'reply'))
-            acl.append((Allow, self.user_id, 'edit'))
-            acl.append((Allow, self.user_id, 'delete'))
+        acl.append((Allow, Authenticated, 'reply'))
+
+        # edit:
+        #  - only the author can edit
+        acl.append((Allow, self.user_id, 'edit'))
+
+        # delete:
+        #  - only the author can delete
+        acl.append((Allow, self.user_id, 'delete'))
+
+        # mark_read:
+        #  - logged-in users can mark comments read
+        acl.append((Allow, Authenticated, 'mark_read'))
 
         acl.append(DENY_ALL)