Enable granting ability to remove topics/comments

tildes/tests/test_comment.py

@@ -83,10 +83,10 @@ def test_deleted_comment_permissions_removed(comment):
 
 
 def test_removed_comment_view_permission(comment):
-    """Ensure a removed comment can only be viewed by its author and admins."""
+    """Ensure a removed comment can only be viewed by certain users."""
     comment.is_removed = True
     principals = principals_allowed_by_permission(comment, "view")
-    assert principals == {"admin", comment.user_id}
+    assert principals == {"admin", comment.user_id, "comment.remove"}
 
 
 def test_edit_grace_period(comment):

tildes/tests/test_topic_permissions.py

@@ -46,10 +46,10 @@ def test_topic_view_author_permission(text_topic):
 
 
 def test_removed_topic_view_author_permission(topic):
-    """Ensure only admins and the author can view a removed topic's author."""
+    """Ensure only a removed topic's author can only be viewed by certain users."""
     topic.is_removed = True
     principals = principals_allowed_by_permission(topic, "view_author")
-    assert principals == {"admin", topic.user_id}
+    assert principals == {"admin", topic.user_id, "topic.remove"}
 
 
 def test_topic_view_content_permission(text_topic):
@@ -59,10 +59,10 @@ def test_topic_view_content_permission(text_topic):
 
 
 def test_removed_topic_view_content_permission(topic):
-    """Ensure only admins and the author can view a removed topic's content."""
+    """Ensure a removed topic's content can only be viewed by certain users."""
     topic.is_removed = True
     principals = principals_allowed_by_permission(topic, "view_content")
-    assert principals == {"admin", topic.user_id}
+    assert principals == {"admin", topic.user_id, "topic.remove"}
 
 
 def test_topic_comment_permission(text_topic):

tildes/tildes/models/comment/comment.py

@@ -147,11 +147,13 @@ class Comment(DatabaseModel):
             acl.append(DENY_ALL)
 
         # view:
-        #  - removed comments can only be viewed by admins and the author
+        #  - removed comments can only be viewed by admins, the author, and users with
+        #    remove permission
         #  - otherwise, everyone can view
         if self.is_removed:
             acl.append((Allow, "admin", "view"))
             acl.append((Allow, self.user_id, "view"))
+            acl.append((Allow, "comment.remove", "view"))
             acl.append((Deny, Everyone, "view"))
 
         acl.append((Allow, Everyone, "view"))
@@ -209,6 +211,8 @@ class Comment(DatabaseModel):
 
         # tools that require specifically granted permissions
         acl.append((Allow, "admin", "remove"))
+        acl.append((Allow, "comment.remove", "remove"))
+
         acl.append((Allow, "admin", "view_labels"))
 
         acl.append(DENY_ALL)

tildes/tildes/models/topic/topic.py

@@ -230,21 +230,25 @@ class Topic(DatabaseModel):
         acl.append((Allow, Everyone, "view"))
 
         # view_author:
-        #  - removed topics' author is only visible to the author and admins
+        #  - removed topics' author is only visible to the author, admins, and users
+        #    with remove permission
         #  - otherwise, everyone can view the author
         if self.is_removed:
             acl.append((Allow, "admin", "view_author"))
             acl.append((Allow, self.user_id, "view_author"))
+            acl.append((Allow, "topic.remove", "view_author"))
             acl.append((Deny, Everyone, "view_author"))
 
         acl.append((Allow, Everyone, "view_author"))
 
         # view_content:
-        #  - removed topics' content is only visible to the author and admins
+        #  - removed topics' content is only visible to the author, admins and users
+        #    with remove permissions
         #  - otherwise, everyone can view the content
         if self.is_removed:
             acl.append((Allow, "admin", "view_content"))
             acl.append((Allow, self.user_id, "view_content"))
+            acl.append((Allow, "topic.remove", "view_content"))
             acl.append((Deny, Everyone, "view_content"))
 
         acl.append((Allow, Everyone, "view_content"))
@@ -289,8 +293,10 @@ class Topic(DatabaseModel):
 
         # tools that require specifically granted permissions
         acl.append((Allow, "admin", "lock"))
+        acl.append((Allow, "topic.lock", "lock"))
 
         acl.append((Allow, "admin", "remove"))
+        acl.append((Allow, "topic.remove", "remove"))
 
         acl.append((Allow, "admin", "move"))
         acl.append((Allow, "topic.move", "move"))