From 6e5a8b68b0e26a49a27d950233c292b988891c3a Mon Sep 17 00:00:00 2001
From: Deimos <deimos@tildes.net>
Date: Sat, 24 Nov 2018 16:40:31 -0700
Subject: [PATCH] Enable granting ability to remove topics/comments

---
 tildes/tests/test_comment.py            |  4 ++--
 tildes/tests/test_topic_permissions.py  |  8 ++++----
 tildes/tildes/models/comment/comment.py |  6 +++++-
 tildes/tildes/models/topic/topic.py     | 10 ++++++++--
 4 files changed, 19 insertions(+), 9 deletions(-)

diff --git a/tildes/tests/test_comment.py b/tildes/tests/test_comment.py
index 24b057f..d1f575d 100644
--- a/tildes/tests/test_comment.py
+++ b/tildes/tests/test_comment.py
@@ -83,10 +83,10 @@ def test_deleted_comment_permissions_removed(comment):
 
 
 def test_removed_comment_view_permission(comment):
-    """Ensure a removed comment can only be viewed by its author and admins."""
+    """Ensure a removed comment can only be viewed by certain users."""
     comment.is_removed = True
     principals = principals_allowed_by_permission(comment, "view")
-    assert principals == {"admin", comment.user_id}
+    assert principals == {"admin", comment.user_id, "comment.remove"}
 
 
 def test_edit_grace_period(comment):
diff --git a/tildes/tests/test_topic_permissions.py b/tildes/tests/test_topic_permissions.py
index 5663f33..24411ea 100644
--- a/tildes/tests/test_topic_permissions.py
+++ b/tildes/tests/test_topic_permissions.py
@@ -46,10 +46,10 @@ def test_topic_view_author_permission(text_topic):
 
 
 def test_removed_topic_view_author_permission(topic):
-    """Ensure only admins and the author can view a removed topic's author."""
+    """Ensure only a removed topic's author can only be viewed by certain users."""
     topic.is_removed = True
     principals = principals_allowed_by_permission(topic, "view_author")
-    assert principals == {"admin", topic.user_id}
+    assert principals == {"admin", topic.user_id, "topic.remove"}
 
 
 def test_topic_view_content_permission(text_topic):
@@ -59,10 +59,10 @@ def test_topic_view_content_permission(text_topic):
 
 
 def test_removed_topic_view_content_permission(topic):
-    """Ensure only admins and the author can view a removed topic's content."""
+    """Ensure a removed topic's content can only be viewed by certain users."""
     topic.is_removed = True
     principals = principals_allowed_by_permission(topic, "view_content")
-    assert principals == {"admin", topic.user_id}
+    assert principals == {"admin", topic.user_id, "topic.remove"}
 
 
 def test_topic_comment_permission(text_topic):
diff --git a/tildes/tildes/models/comment/comment.py b/tildes/tildes/models/comment/comment.py
index cf11c9f..0044404 100644
--- a/tildes/tildes/models/comment/comment.py
+++ b/tildes/tildes/models/comment/comment.py
@@ -147,11 +147,13 @@ class Comment(DatabaseModel):
             acl.append(DENY_ALL)
 
         # view:
-        #  - removed comments can only be viewed by admins and the author
+        #  - removed comments can only be viewed by admins, the author, and users with
+        #    remove permission
         #  - otherwise, everyone can view
         if self.is_removed:
             acl.append((Allow, "admin", "view"))
             acl.append((Allow, self.user_id, "view"))
+            acl.append((Allow, "comment.remove", "view"))
             acl.append((Deny, Everyone, "view"))
 
         acl.append((Allow, Everyone, "view"))
@@ -209,6 +211,8 @@ class Comment(DatabaseModel):
 
         # tools that require specifically granted permissions
         acl.append((Allow, "admin", "remove"))
+        acl.append((Allow, "comment.remove", "remove"))
+
         acl.append((Allow, "admin", "view_labels"))
 
         acl.append(DENY_ALL)
diff --git a/tildes/tildes/models/topic/topic.py b/tildes/tildes/models/topic/topic.py
index 58b4c8c..fb926be 100644
--- a/tildes/tildes/models/topic/topic.py
+++ b/tildes/tildes/models/topic/topic.py
@@ -230,21 +230,25 @@ class Topic(DatabaseModel):
         acl.append((Allow, Everyone, "view"))
 
         # view_author:
-        #  - removed topics' author is only visible to the author and admins
+        #  - removed topics' author is only visible to the author, admins, and users
+        #    with remove permission
         #  - otherwise, everyone can view the author
         if self.is_removed:
             acl.append((Allow, "admin", "view_author"))
             acl.append((Allow, self.user_id, "view_author"))
+            acl.append((Allow, "topic.remove", "view_author"))
             acl.append((Deny, Everyone, "view_author"))
 
         acl.append((Allow, Everyone, "view_author"))
 
         # view_content:
-        #  - removed topics' content is only visible to the author and admins
+        #  - removed topics' content is only visible to the author, admins and users
+        #    with remove permissions
         #  - otherwise, everyone can view the content
         if self.is_removed:
             acl.append((Allow, "admin", "view_content"))
             acl.append((Allow, self.user_id, "view_content"))
+            acl.append((Allow, "topic.remove", "view_content"))
             acl.append((Deny, Everyone, "view_content"))
 
         acl.append((Allow, Everyone, "view_content"))
@@ -289,8 +293,10 @@ class Topic(DatabaseModel):
 
         # tools that require specifically granted permissions
         acl.append((Allow, "admin", "lock"))
+        acl.append((Allow, "topic.lock", "lock"))
 
         acl.append((Allow, "admin", "remove"))
+        acl.append((Allow, "topic.remove", "remove"))
 
         acl.append((Allow, "admin", "move"))
         acl.append((Allow, "topic.move", "move"))