# HG changeset patch
# User Sandrine Ribeau <sandrine.ribeau@logilab.fr>
# Date 1258570159 28800
#      Wed Nov 18 10:49:19 2009 -0800
# Node ID 22a9f1384610c99bebc34d341b9fd989354295eb
# Parent  07509c3a1b719cd13b6bdfaa798344e486c21774
[action] ticket #493227, only authenticated user should be able to delete a
         comment if it has the permission to do it

diff --git a/views.py b/views.py
--- a/views.py
+++ b/views.py
@@ -16,7 +16,8 @@
 
 from cubicweb.selectors import (one_line_rset, but_etype, implements,
                                 has_permission, relation_possible, yes,
-                                match_kwargs, score_entity)
+                                match_kwargs, score_entity,
+                                authenticated_user)
 from cubicweb.view import EntityView
 from cubicweb.common.uilib import rql_for_eid, cut, safe_cut
 from cubicweb.common.mixins import TreeViewMixIn
@@ -319,6 +320,7 @@
 class DeleteCommentAction(Action):
     id = 'delete_comment'
     __select__ = implements('Comment') & \
+                 authenticated_user() & \
                  score_entity(lambda x: not x.reverse_comments and x.has_perm('delete'))
 
     title = _('delete comment')