Refactor Comment ACL

The previous approach to writing ACLs made them difficult to follow,
which resulted in making it easy to make mistakes (like allowing users
to reply to themselves in locked threads). This approach should work
much better.

tildes/tildes/models/comment/comment.py

@@ -148,34 +148,57 @@ class Comment(DatabaseModel):
         """Pyramid security ACL."""
         acl = []
 
-        if not (self.is_deleted or self.is_removed):
-            acl.append((Allow, Everyone, 'view'))
+        # nobody has any permissions on deleted comments
+        if self.is_deleted:
+            acl.append(DENY_ALL)
+
+        # view:
+        #  - removed comments can only be viewed by admins and the author
+        #  - otherwise, everyone can view
+        if self.is_removed:
+            acl.append((Allow, 'admin', 'view'))
+            acl.append((Allow, self.user_id, 'view'))
+            acl.append((Deny, Everyone, 'view'))
 
-            if not self.topic.is_locked:
-                acl.append((Allow, Authenticated, 'reply'))
-            else:
-                acl.append((Allow, 'admin', 'reply'))
+        acl.append((Allow, Everyone, 'view'))
 
-            acl.append((Allow, Authenticated, 'mark_read'))
+        # vote:
+        #  - removed comments can't be voted on by anyone
+        #  - otherwise, logged-in users except the author can vote
+        if self.is_removed:
+            acl.append((Deny, Everyone, 'vote'))
 
-            acl.append((Allow, self.user_id, 'edit'))
-            acl.append((Allow, self.user_id, 'delete'))
+        acl.append((Deny, self.user_id, 'vote'))
+        acl.append((Allow, Authenticated, 'vote'))
 
-            # everyone except the comment's author can vote on it
-            acl.append((Deny, self.user_id, 'vote'))
-            acl.append((Allow, Authenticated, 'vote'))
+        # tag:
+        #  - temporary: nobody can tag comments
+        acl.append((Deny, Everyone, 'tag'))
 
-            # temporary - nobody can tag comments
-            acl.append((Deny, Everyone, 'tag'))
+        # reply:
+        #  - removed comments can't be replied to by anyone
+        #  - if the topic is locked, only admins can reply
+        #  - otherwise, logged-in users can reply
+        if self.is_removed:
+            acl.append((Deny, Everyone, 'reply'))
 
-        if not self.is_deleted:
-            acl.append((Allow, 'admin', 'view'))
+        if self.topic.is_locked:
+            acl.append((Allow, 'admin', 'reply'))
+            acl.append((Deny, Everyone, 'reply'))
 
-            acl.append((Allow, self.user_id, 'view'))
-            if not self.topic.is_locked:
-                acl.append((Allow, self.user_id, 'reply'))
-            acl.append((Allow, self.user_id, 'edit'))
-            acl.append((Allow, self.user_id, 'delete'))
+        acl.append((Allow, Authenticated, 'reply'))
+
+        # edit:
+        #  - only the author can edit
+        acl.append((Allow, self.user_id, 'edit'))
+
+        # delete:
+        #  - only the author can delete
+        acl.append((Allow, self.user_id, 'delete'))
+
+        # mark_read:
+        #  - logged-in users can mark comments read
+        acl.append((Allow, Authenticated, 'mark_read'))
 
         acl.append(DENY_ALL)