[FIX] website_blog: employee can't post a comment

bzr revid: chm@openerp.com-20140114105802-ztc2d398zuz100z0

diff --git a/addons/website_blog/controllers/main.py b/addons/website_blog/controllers/main.py
index 00835d1..fc48266 100644 (file)
--- a/addons/website_blog/controllers/main.py
+++ b/addons/website_blog/controllers/main.py
@@ -23,6 +23,7 @@ from openerp.addons.web import http
 from openerp.addons.web.http import request
 from openerp.addons.website.models import website
 from openerp.tools.translate import _
+from openerp import SUPERUSER_ID
 
 import werkzeug
 
@@ -218,16 +219,23 @@ class WebsiteBlog(http.Controller):
         }
         return request.website.render("website_blog.blog_post_complete", values)
 
-    @website.route(['/blogpost/<int:blog_post_id>/comment'], type='http', auth="public")
-    def blog_post_comment(self, blog_post_id, **post):
+    @website.route(['/blogpost/comment'], type='http', auth="public", methods=['POST'])
+    def blog_post_comment(self, blog_post_id=0, **post):
         cr, uid, context = request.cr, request.uid, request.context
         if post.get('comment'):
-            request.registry['blog.post'].message_post(
-                cr, uid, blog_post_id,
-                body=post.get('comment'),
-                type='comment',
-                subtype='mt_comment',
-                context=dict(context, mail_create_nosubcribe=True))
+            user = request.registry['res.users'].browse(cr, SUPERUSER_ID, uid, context=context)
+            group_ids = user.groups_id
+            group_id = request.registry["ir.model.data"].get_object_reference(cr, uid, 'website_mail', 'group_comment')[1]
+            if group_id in [group.id for group in group_ids]:
+                blog_post = request.registry['blog.post']
+                blog_post.check_access_rights(cr, uid, 'read')
+                blog_post.message_post(
+                    cr, SUPERUSER_ID, int(blog_post_id),
+                    body=post.get('comment'),
+                    type='comment',
+                    subtype='mt_comment',
+                    author_id=user.partner_id.id,
+                    context=dict(context, mail_create_nosubcribe=True))
         return werkzeug.utils.redirect(request.httprequest.referrer + "#comments")
 
     @website.route('/blogpost/new', type='http', auth="public", multilang=True)

diff --git a/addons/website_blog/views/website_blog_templates.xml b/addons/website_blog/views/website_blog_templates.xml
index 4fe5123..a3afdcb 100644 (file)
--- a/addons/website_blog/views/website_blog_templates.xml
+++ b/addons/website_blog/views/website_blog_templates.xml
@@ -218,10 +218,10 @@
 <template id="opt_blog_post_complete_comment" name="Allow Comments"
         inherit_option_id="website_blog.blog_post_complete" inherit_id="website_blog.blog_post_complete"
         groups="website_mail.group_comment">
-    <xpath expr="//ul[@id='comments-list']" position="after">
+    <xpath expr="//ul[@id='comments-list']" position="before">
         <section class="mb32 css_editable_mode_hidden">
-            <form id="comment" t-attf-action="/blogpost/#{blog_post.id}/comment"
-                    method="POST">
+            <form id="comment" t-attf-action="/blogpost/comment" method="POST">
+                <input name="blog_post_id" t-att-value="blog_post.id" type="hidden"/>
                 <img class="img pull-left img-rounded" t-att-src="'/website/image?model=res.partner&amp;field=image_small&amp;id='+str(user_id.partner_id.id)" style="width: 50px; margin-right: 10px;"/>
                 <div class="pull-left mb32" style="width: 75%%">
                     <textarea rows="3" name="comment" class="form-control" placeholder="Write a comment..."></textarea>