diff --git a/frappe/core/doctype/comment/test_comment.py b/frappe/core/doctype/comment/test_comment.py index f40f1659b3..ee2d473210 100644 --- a/frappe/core/doctype/comment/test_comment.py +++ b/frappe/core/doctype/comment/test_comment.py @@ -3,7 +3,10 @@ import json import frappe -from frappe.tests.utils import FrappeTestCase +from frappe.templates.includes.comments.comments import add_comment +from frappe.tests.test_model_utils import set_user +from frappe.tests.utils import FrappeTestCase, change_settings +from frappe.website.doctype.blog_post.test_blog_post import make_test_blog class TestComment(FrappeTestCase): @@ -39,14 +42,10 @@ class TestComment(FrappeTestCase): # test via blog def test_public_comment(self): - from frappe.website.doctype.blog_post.test_blog_post import make_test_blog - test_blog = make_test_blog() frappe.db.delete("Comment", {"reference_doctype": "Blog Post"}) - from frappe.templates.includes.comments.comments import add_comment - frappe.form_dict.comment = "Good comment with 10 chars" frappe.form_dict.comment_email = "test@test.com" frappe.form_dict.comment_by = "Good Tester" @@ -102,3 +101,32 @@ class TestComment(FrappeTestCase): ) test_blog.delete() + + @change_settings("Blog Settings", {"allow_guest_to_comment": 0}) + def test_guest_cannot_comment(self): + test_blog = make_test_blog() + with set_user("Guest"): + frappe.form_dict.comment = "Good comment with 10 chars" + frappe.form_dict.comment_email = "mail@example.org" + frappe.form_dict.comment_by = "Good Tester" + frappe.form_dict.reference_doctype = "Blog Post" + frappe.form_dict.reference_name = test_blog.name + frappe.form_dict.route = test_blog.route + frappe.local.request_ip = "127.0.0.1" + + self.assertEqual(add_comment(), None) + + def test_user_not_logged_in(self): + some_system_user = frappe.db.get_value("User", {}) + + test_blog = make_test_blog() + with set_user("Guest"): + frappe.form_dict.comment = "Good comment with 10 chars" + frappe.form_dict.comment_email = some_system_user + frappe.form_dict.comment_by = "Good Tester" + frappe.form_dict.reference_doctype = "Blog Post" + frappe.form_dict.reference_name = test_blog.name + frappe.form_dict.route = test_blog.route + frappe.local.request_ip = "127.0.0.1" + + self.assertRaises(frappe.ValidationError, add_comment) diff --git a/frappe/templates/includes/comments/comments.py b/frappe/templates/includes/comments/comments.py index 3a056761f3..d76b6d1a48 100644 --- a/frappe/templates/includes/comments/comments.py +++ b/frappe/templates/includes/comments/comments.py @@ -18,10 +18,17 @@ EMAIL_PATTERN = re.compile(r"(^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+$)" @frappe.whitelist(allow_guest=True) @rate_limit(key="reference_name", limit=get_comment_limit, seconds=60 * 60) def add_comment(comment, comment_email, comment_by, reference_doctype, reference_name, route): - doc = frappe.get_doc(reference_doctype, reference_name) + if frappe.session.user == "Guest": + if reference_doctype not in ("Blog Post", "Web Page"): + return - if frappe.session.user == "Guest" and doc.doctype not in ["Blog Post", "Web Page"]: - return + if reference_doctype == "Blog Post" and not frappe.db.get_single_value( + "Blog Settings", "allow_guest_to_comment" + ): + return + + if frappe.db.exists("User", comment_email): + frappe.throw(_("Please login to post a comment.")) if not comment.strip(): frappe.msgprint(_("The comment cannot be empty")) @@ -31,6 +38,7 @@ def add_comment(comment, comment_email, comment_by, reference_doctype, reference frappe.msgprint(_("Comments cannot have links or email addresses")) return False + doc = frappe.get_doc(reference_doctype, reference_name) comment = doc.add_comment( text=clean_html(comment), comment_email=comment_email, comment_by=comment_by ) @@ -50,9 +58,7 @@ def add_comment(comment, comment_email, comment_by, reference_doctype, reference url, _("View Comment") ) - if doc.doctype == "Blog Post" and not doc.enable_email_notification: - pass - else: + if doc.doctype != "Blog Post" or doc.enable_email_notification: # notify creator creator_email = frappe.db.get_value("User", doc.owner, "email") or doc.owner subject = _("New Comment on {0}: {1}").format(doc.doctype, doc.get_title())