From 0cc7a72f3991a6a9ef947f646bfb2d3c976a260b Mon Sep 17 00:00:00 2001
From: Adam Coldrick <adam.coldrick@codethink.co.uk>
Date: Wed, 6 Jul 2016 10:08:42 +0000
Subject: [PATCH] Allow superusers to delete comments

This removes the ability for users to delete their own comments in
favour of allowing superusers to delete any comment.

Change-Id: I0f6f4a0670b32cbadf9d8eb42c619b3a519d70fa
---
 storyboard/api/v1/timeline.py | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/storyboard/api/v1/timeline.py b/storyboard/api/v1/timeline.py
index e6876afa..b9de6496 100644
--- a/storyboard/api/v1/timeline.py
+++ b/storyboard/api/v1/timeline.py
@@ -261,7 +261,7 @@ class CommentsController(rest.RestController):
         return wmodels.Comment.from_db_model(updated_comment)
 
     @decorators.db_exceptions
-    @secure(checks.authenticated)
+    @secure(checks.superuser)
     @wsme_pecan.wsexpose(wmodels.Comment, int, int, status_code=204)
     def delete(self, story_id, comment_id):
         """Update an existing comment.
@@ -270,11 +270,6 @@ class CommentsController(rest.RestController):
         :param comment_id: The id of a Comment to be updated.
         """
 
-        comment = comments_api.comment_get(comment_id)
-
-        if request.current_user_id != comment.author_id:
-            abort(403, _("You are not allowed to delete this comment."))
-
         comments_api.comment_delete(comment_id)
 
     @decorators.db_exceptions