Changeset 8955

Timestamp:

09/07/10 13:55:28 (21 months ago)

Author:

CrawfordCurrie

Message:

Item3499: Item9601: support different domain for access control, for example, ALLOWTOPICCOMMENT instead of ALLOWTOPICCHANGE. Item4423: Item9591: Item9592: add AJAX example Item9568: Item9569: eliminate commonSlagsHandler, convert to REST handler instead of piggybacking save and using beforeSaveHandler. This gives us a lot more control over the return value and access control checking, and manages the interaction with other plugins much better.

Location:

trunk/CommentPlugin

Files:

• data/System/CommentPlugin.txt (modified) (10 diffs)
• data/System/CommentPluginTemplate.txt (modified) (3 diffs)
• data/System/VarCOMMENT.txt (modified) (1 diff)
• lib/Foswiki/Plugins/CommentPlugin.pm (modified) (2 diffs)
• lib/Foswiki/Plugins/CommentPlugin/Comment.pm (modified) (6 diffs)
• lib/Foswiki/Plugins/CommentPlugin/Config.spec (modified) (1 diff)
• lib/Foswiki/Plugins/CommentPlugin/MANIFEST (modified) (2 diffs)
• pub/System/CommentPlugin/comment_src.js (modified) (1 diff)
• test/unit/CommentPlugin/CommentPluginTests.pm (modified) (22 diffs)

trunk/CommentPlugin/data/System/CommentPlugin.txt

@@ -17 +17 @@
    * signed or unsigned, dated or undated (as defined by a template),
    * in other topics, or other positions within the current topic.
+
+Supports the definition of custom templates for prompts and for formatting
+what is placed into topics.
+
+Supports custom access controls, allowing you to use it to add content to
+topics where the commenting user doesn't have CHANGE permissions.
 
 ---++ Syntax
@@ -82 +88 @@
    * some familiarity with the [[%SYSTEMWEB%.SkinTemplates][Skin Templates]].
 
-To define a comment type, you have to provide two simple template definitions in the template file; one for the prompt box, and one for the generated output. If we have a template type "mytype", these are named =PROMPT:mytype= and =OUTPUT:mytype= respectively. See =comments.tmpl= in the templates directory for examples.
+To define a comment type, you have to provide at least two simple template definitions in the template file; one for the prompt box, and one for the generated output. If we have a template type "mytype", these are named =PROMPT:mytype= and =OUTPUT:mytype= respectively. See =comments.tmpl= in the templates directory for examples.
 
 The plugin picks up these template definitions from a standard template file, =templates/comments.tmpl=. This allows different templates to be defined for different Foswiki skins.
@@ -130 +136 @@
 The =PROMPT= template defines the contents of an HTML form that is used to capture the comment. This form invokes the comment generator when submitted. Parameters to the comment generator are defined using standard HTML input fields, such as =input=, =textarea= and =select=. The user enters values for these parameters, and these are then available when the =OUTPUT= template is expanded, in the form of <code>%<nop>URLPARAM%</code>s.
 
-Only the input fields of the form need be defined. The plugin automatically generates the <code>&lt;form&gt;</code> and <code>&lt;/form&gt;</code> tags, unless you specify =noform="on"=, in which case you have to provide them yourself. *Note* that you must define a "submit" button if you want the form to work!
+---+++ The =FORM= template
+The =FORM= template can optionally be provided if you want to explicitly
+define the form (the <code>&lt;form&gt;</code> and <code>&lt;/form&gt;</code> tHTML ags) that wraps around the =PROMPT= template. If you don't define
+a =FORM=template, one is automatically generated for you (unless the =noform="on"= parameter is given).
 
 #MoreAttrs
@@ -152 +161 @@
     | =%<nop>DISABLED%= | Set to 'disabled' when you cannot comment (e.g. in preview mode). |
     | =%<nop>MESSAGE%= | The text specified by =default=. This may be overridden by a helpful message when the prompt is DISABLED. |
+
+Within a =FORM= definition, the body of the prompt is expanded to replace
+the =%<nop>COMMENTPROMPT%= macro.
 
 *EXPERT* Note that when a comment is saved, the =save= script is invoked on the target topic, with a number of parameters provided by the comment form. Normally the CommentPlugin will provide these fields in the form, but experts can also provide the fields themselves in order to get finer control over what is submitted, or you might want to define your own HTML forms that do comment submission. The parameters that the CommentPlugin recognises are as follows:
@@ -193 +205 @@
 <verbatim class="tml">
 %COMMENT{
-   noform="on"
    type="example"
    templatetopic="Sandbox.CommentPluginTemplateExample"
@@ -215 +226 @@
     
 All the [[TemplateTopics#TemplateTopicsVars][usual macros]] that can be used in a topic template can also be used in an =OUTPUT= template.
+
+---+++ Custom access controls
+Using =configure=, the plugin can be configured to use a different access control domain than the default CHANGE. This allows you to use the plugin to add content to topics where the commenting user does not have CHANGE (or even VIEW) access.
 
 ---++ Settings
@@ -228 +242 @@
 
 #Installation
----++ Plugin Installation Instructions
-   * This plugin is pre-installed in most releases. However if you need to upgrade the plugin for any reason:
-   * Download the archive file from the Extensions web (see below)
-   * Unpack the archive in your Foswiki installation directory.
-      * You may need to correct file permissions
-   * Run ==%TOPIC%_installer== to automatically check and install other modules that this module depends on, and enable the plugin.
-   * Alternatively,
-      * Manually resolve the dependencies listed below.
-      %$DEPENDENCIES%
-   * Use =configure= to enable the plugin
+---++ Installation Instructions
+%$INSTALL_INSTRUCTIONS%
 
 Note that if you want to use the =action= template then you must also:
@@ -243 +249 @@
    1 Put the !CommentPlugin *before* the !ActionTrackerPlugin in the ={PluginsOrder}= configuration option (in =configure=)
 
----++ Plugin Info
+---++ Info
 
 Another great extension from the <a style="text-decoration:none" href="http://wikiring.com"><img src="%ATTACHURLPATH%/wikiringlogo20x20.png" alt="" /> *WikiRing* </a> - working together to improve your wiki experience!
@@ -253 +259 @@
 |  Version: | %$VERSION% |
 |  Change History: | |
+|  31 Aug 2010 | Foswikitask:Item3499: support COMMENT (and other) ACL preferences. Foswikitask:Item9592: added AJAX example. |
 |  31 Jul 2010 | Foswikitask:Item9415 - Documentation updates |
 |  27 May 2010 | Moved example topic Sandbox.CommentPluginExamples to Sandbox web. | 
@@ -265 +272 @@
 |  Support: | http://foswiki.org/Support/%TOPIC% |
 
-*Related Topics:* %USERSWEB%.SitePreferences, [[%SYSTEMWEB%.Plugins][Plugins]]
-
 %META:FILEATTACHMENT{name="wikiringlogo20x20.png" attr="h" comment="" version="1"}%

trunk/CommentPlugin/data/System/CommentPluginTemplate.txt

@@ -1 +1 @@
 %META:TOPICINFO{author="ProjectContributor" date="1166310108" format="1.1" version="$Rev$"}%
 %META:TOPICPARENT{name="CommentPlugin"}%
+
+<!-- %JQREQUIRE{"chili"}% -->
 
 ---+!! Templates for CommentPlugin
@@ -371 +373 @@
 </verbatim>
 
+---++++ ajax
+Post to the current topic using AJAX. This template is paired with
+comment_src.js (in the pub area for
+the plugin). The template is very similar to 'above', except that it uses an
+asynchronous save and the topic is not refreshed, instead the Javascript
+inserts a "temporary" comment in the DOM. It is intended as an example
+which you can copy to create your own wowie-zowie jquery comment box. And
+contribute it back to the community, of course!
+
+<verbatim class="tml">
+%TMPL:DEF{FORM:ajax}%%TMPL:P{"LIBJS" id="COMMENTPLUGIN_AJAX" id="CommentPlugin/comment"}%<form class="commentPluginForm" action="%SCRIPTURL{rest}%/CommentPlugin/comment">
+<input type="hidden" name="topic" value="%WEB%.%TOPIC%"/>
+<input type="hidden" name="comment_ajax" value="1"/>
+%COMMENTPROMPT%</form>%TMPL:END%
+%TMPL:DEF{PROMPT:ajax}%
+<div class="commentPlugin commentPluginPromptBox">
+ <table border="0" cellpadding="0" cellspacing="0">
+  <tr valign="middle">
+    <td>
+      <textarea %DISABLED% rows="%rows|3%" cols="%cols|70%"\
+        name="comment" class="commentPluginAjax foswikiInputField"\
+        wrap="soft" title="%MESSAGE%">%MESSAGE%</textarea>
+    </td>
+    <td>&nbsp;<input %DISABLED% type="button"\
+      value="%button|Add comment%" class="commentPluginAjax foswikiButton" />
+      <br/><small class="commentPluginStatusResponse"></small>
+    </td>
+  </tr>
+ </table>
+</div><!--/commentPlugin-->%TMPL:END%
+</verbatim>
+<verbatim class="tml">
+%TMPL:DEF{OUTPUT:ajax}%%POS:BEFORE%%TMPL:P{OUTPUT:threadmode}%%TMPL:END%
+</verbatim>
+
 %ICON{"hand"}% See rendered template [[Sandbox.CommentPluginExamples#return][return]]
 
 
-
-
 ---++ Include !UserComments
 
@@ -381 +416 @@
 
 <verbatim class="tml">%TMPL:INCLUDE{"UserComments"}%</verbatim>
-<!-- %JQREQUIRE{"chili"}% -->
+

trunk/CommentPlugin/data/System/VarCOMMENT.txt

@@ -8 +8 @@
      | *Name* | *Description* | *Default* |
      | =type= | This is the name of the template to use for this comment. Comment templates are defined in a Foswiki template - see [[CommentPlugin#TemPlates][Customisation]], below. If this attribute is not defined, the type is whatever is defined by COMMENTPLUGIN_DEFAULT_TYPE, either in this topic or in your WebPreferences. | =below= |
-     | =default= | Default text to put into the textarea of the prompt. | |
+     | =default= | Default text to put into the prompt. | |
      | =target= | Name of the topic to add the comment to | the current topic |
      | =location= | Regular expression specifying the comment location in the target topic. Read _carefully_ the CommentPlugin documentation! | |
      | =mode= | For compatibility with older versions only, synonymous with =type= | |
      | =nonotify= | Set to "on" to disable change notification for target topics | =off= |
-     | =noform= | Set to "on" to disable the automatic form that encloses your comment block - _remember_ to insert =<form>= tags yourself! See [[Sandbox.CommentPluginExamples#noform][CommentPluginExamples:noform]] for an example. | =off= |
+     | =noform= | Set to "on" to disable the automatic form that is generated around your comment prompt if you don't provide a =FORM= template. See [[Sandbox.CommentPluginExamples#noform][CommentPluginExamples:noform]] for an example. | =off= |
      | =nopost= | Set to "on" to disable insertion of the posted text into the topic. | =off= |
      | =remove= | Set to "on" to remove the comment prompt after the first time it is clicked. | =off= |

trunk/CommentPlugin/lib/Foswiki/Plugins/CommentPlugin.pm

@@ -7 +7 @@
 use strict;
 use warnings;
+use Assert;
+use Error ':try';
 
 use Foswiki::Func    ();
@@ -12 +14 @@
 
 our $VERSION = '$Rev$';
-our $RELEASE = '31 Jul 2010';
+our $RELEASE = '31 Aug 2010';
 our $SHORTDESCRIPTION =
   'Quickly post comments to a page without an edit/save cycle';
 our $NO_PREFS_IN_TOPIC = 1;
 
+# Reset when the plugin is reset, this counter counts the instances of the
+# %COMMENT macro and indexes them.
+our $commentIndex;
+
 sub initPlugin {
 
-    #my ( $topic, $web, $user, $installWeb ) = @_;
+    my ( $topic, $web, $user, $installWeb ) = @_;
+    $commentIndex = 0;
+
+    Foswiki::Func::registerTagHandler('COMMENT', \&_COMMENT);
+    Foswiki::Func::registerRESTHandler('comment', \&_restSave);
+
+    if ((DEBUG) && $web eq $Foswiki::cfg{SystemWebName}
+          && $topic eq 'InstalledPlugins') {
+        # Compilation check
+        require Foswiki::Plugins::CommentPlugin::Comment;
+    }
     return 1;
 }
 
-sub commonTagsHandler {
-    my ( $text, $topic, $web, $meta ) = @_;
-
+sub _COMMENT {
+    my ( $session, $params, $topic, $web ) = @_;
+    
+    # Indexing each macro instance
+    $params->{comment_index} = $commentIndex++;
+    
+    # Check the context has 'view' script
+    my $context = Foswiki::Func::getContext();
+    my $disabled = '';
+    if ($context->{command_line}) {
+        $disabled = Foswiki::Func::expandCommonVariables(
+            '%MAKETEXT{"Commenting is disabled while running from the command line"}%');
+    } elsif (!$context->{view}) {
+        $disabled =  Foswiki::Func::expandCommonVariables(
+            '%MAKETEXT{"Commenting is disabled when not in view context"}%');
+    } elsif (!($Foswiki::cfg{Plugins}{CommentPlugin}{GuestCanComment}
+                 || $context->{authenticated})) {
+        $disabled =  Foswiki::Func::expandCommonVariables(
+            '%MAKETEXT{"Commenting is disabled while not logged in"}%');
+    }
+    
     require Foswiki::Plugins::CommentPlugin::Comment;
-
-    my $query = Foswiki::Func::getCgiQuery();
-    return unless ( defined($query) );
-
-    return unless $_[0] =~ m/%COMMENT({.*?})?%/o;
-
-    # SMELL: Nasty, tacky way to find out where we were invoked from
-    my $scriptname = $ENV{'SCRIPT_NAME'} || '';
-
-    # SMELL: unreliable
-    my $previewing = ( $scriptname =~ /\/(preview|gnusave|rdiff|compare)/ );
-    Foswiki::Plugins::CommentPlugin::Comment::prompt( $previewing, $_[0], $web,
-        $topic );
+    
+    Foswiki::Plugins::CommentPlugin::Comment::prompt(
+        $params, $web, $topic, $disabled );
 }
 
-sub beforeSaveHandler {
+# REST handler for save operator. We use a REST handler because we need
+# to be able to bypass the permissions checking that the save script
+# would do. We handle the return in several different ways; first, if
+# everything is OK, we set a 200 status and drop back to allow any
+# endPoint to be handled. Second, if we get an exception, and the
+# 'comment_ajax' parameter is set, we return a 500 status. If the
+# parameter is not set, we pass the exception on to the UI package.
 
-    #my ( $text, $topic, $web ) = @_;
+sub _restSave {
+    my $session = shift;
+    my $response = $session->{response};
+    my $query = Foswiki::Func::getCgiQuery();
+    my ($web, $topic) = Foswiki::Func::normalizeWebTopicName(
+        undef, $query->param('topic'));
+    
+    try {
+        require Foswiki::Plugins::CommentPlugin::Comment;
 
-    require Foswiki::Plugins::CommentPlugin::Comment;
+        my ($meta, $text) = Foswiki::Func::readTopic($web, $topic);
 
-    my $query = Foswiki::Func::getCgiQuery();
-    return unless $query;
-
-    my $action = $query->param('comment_action');
-
-    return unless ( defined($action) && $action eq 'save' );
-
-    # Stop it being applied again
-    $query->delete('comment_action');
-
-    Foswiki::Plugins::CommentPlugin::Comment::save(@_);
+        # The save function does access control checking
+        $text = Foswiki::Plugins::CommentPlugin::Comment::save(
+            $text, $web, $topic);
+        
+        Foswiki::Func::saveTopic($web, $topic, $meta, $text,
+                                 { ignorepermissions => 1 });
+        
+        $response->header(-status => 200);
+        $response->body("$web.$topic");
+    } catch Foswiki::AccessControlException with {
+        if ($query->param('comment_ajax')) {
+            $response->header(-status => 404);
+            $response->body(shift);
+        } else {
+            shift->throw;
+        }
+    } otherwise {
+        if ($query->param('comment_ajax')) {
+            $response->header(-status => 500);
+            $response->body(shift);
+        } else {
+            shift->throw;
+        }
+    };
+    return undef;
 }
 

trunk/CommentPlugin/lib/Foswiki/Plugins/CommentPlugin/Comment.pm

@@ -5 +5 @@
 use strict;
 use warnings;
+use Assert;
+use Error ':try';
 
 use Foswiki;
 use Foswiki::Plugins;
 use Foswiki::Store;
-use Foswiki::Attrs;
+
 use CGI qw( -any );
 
 package Foswiki::Plugins::CommentPlugin::Comment;
-
-# PUBLIC save the given comment.
-sub save {
-
-    #my ( $text, $topic, $web ) = @_;
-
-    my $wikiName = Foswiki::Func::getWikiName();
-    if (
-        !Foswiki::Func::checkAccessPermission(
-            'change', $wikiName, '', $_[1], $_[2]
-        )
-      )
-    {
-
-        # user has no permission to change the topic
-        throw Foswiki::OopsException(
-            'accessdenied',
-            def   => 'topic_access',
-            web   => $_[2],
-            topic => $_[1]
-        );
-    }
-    else {
-        _buildNewTopic(@_);
-    }
-}
 
 # PUBLIC STATIC convert COMMENT statements to form prompts
 sub prompt {
-
-    #my ( $previewing, $text, $web, $topic ) = @_;
-
-    my $defaultType =
-      Foswiki::Func::getPreferencesValue('COMMENTPLUGIN_DEFAULT_TYPE')
-      || 'above';
-
-    my $message = '';
-
-    # Is commenting disabled?
-    my $disable = '';
-    if ( $_[0] ) {
-
-        # We are in Preview mode
-        $message = "(Edit - Preview)";
-        $disable = 'disabled';
-    }
-
-    my $idx = 0;
-    $_[1] =~
-s/%COMMENT({.*?})?%/_handleInput($1,$_[2],$_[3],\$idx,$message,$disable,$defaultType)/eg;
-}
-
-=pod
-
-Parses a templatetopic attribute and returns a "Web.Topic" string.
-
-=cut
-
-sub _getTemplateLocation {
-    my ( $attrtemplatetopic, $web ) = @_;
-
-    my $templatetopic = '';
-    my $templateweb = $web || '';
-    if ($attrtemplatetopic) {
+    my ( $attrs, $web, $topic, $disabled ) = @_;
+
+    my $type = $attrs->{type} || $attrs->{mode}
+      || Foswiki::Func::getPreferencesValue('COMMENTPLUGIN_DEFAULT_TYPE')
+        || 'above';
+
+    my $templatetopic;
+    if ($attrs->{templatetopic}) {
         my ( $templocweb, $temploctopic ) =
-          Foswiki::Func::normalizeWebTopicName( $templateweb,
-            $attrtemplatetopic );
+          Foswiki::Func::normalizeWebTopicName(
+              $web, $attrs->{templatetopic} );
         $templatetopic = "$templocweb.$temploctopic";
     }
-    return $templatetopic;
-}
-
-# PRIVATE generate an input form for a %COMMENT tag
-sub _handleInput {
-    my ( $attributes, $web, $topic, $pidx, $message, $disable, $defaultType ) =
-      @_;
-
-    $attributes =~ s/^{(.*)}$/$1/ if ($attributes);
-
-    my $attrs = new Foswiki::Attrs( $attributes, 1 );
-    my $type = $attrs->remove('type') || $attrs->remove('mode') || $defaultType;
-    my $silent            = $attrs->remove('nonotify');
-    my $location          = $attrs->remove('location');
-    my $remove            = $attrs->remove('remove');
-    my $nopost            = $attrs->remove('nopost');
-    my $default           = $attrs->remove('default');
-    my $attrtemplatetopic = $attrs->remove('templatetopic') || '';
-    my $templatetopic     = _getTemplateLocation( $attrtemplatetopic, $web );
-
-    $message ||= $default || '';
-    $message ||= $default || '';
-    $disable ||= '';
+
+    # Get the templates.
+    my $templateFile =
+      $templatetopic
+        || Foswiki::Func::getPreferencesValue('COMMENTPLUGIN_TEMPLATES')
+          || 'comments';
+    
+    unless( Foswiki::Func::loadTemplate($templateFile) ) {
+        Foswiki::Func::writeWarning(
+            "Could not read template file '$templateFile'");
+        return _alert("Could not read templates from '$templateFile'");
+    }
+
+    my $message = $attrs->{default} || '';
+    $message = $disabled if $disabled;
 
     # clean off whitespace
-    $type =~ m/(\S*)/;
-    $type = $1;
+    $type =~ s/\s+//;
 
     # Expand the template in the context of the web where the comment
     # box is (not the target of the comment!)
-    my $input = _getTemplate( "PROMPT:$type", $web, $topic, $templatetopic )
-      || '';
-    return $input if $input =~ m/^%RED%/so;
+    my $input = Foswiki::Func::expandTemplate("PROMPT:$type");
+    return _alert("No such template def 'PROMPT:$type'")
+      unless ( defined($input) && $input ne '' );
 
     # Expand special attributes as required
     $input =~ s/%([a-z]\w+)\|(.*?)%/_expandPromptParams($1, $2, $attrs)/ieg;
+
+    # Build the endpoint before we munge the web and topic
+    my $endPoint = "$web.$topic";
 
     # see if this comment is targeted at a different topic, and
     # change the url if it is.
     my $anchor = undef;
-    my $target = $attrs->remove('target');
+    my $target = $attrs->{target};
     if ($target) {
 
@@ -137 +80 @@
     }
 
-    my $url = '';
-    if ( $disable eq '' ) {
-        $url = Foswiki::Func::getScriptUrl( $web, $topic, 'save' );
-    }
-
-    my $noform = $attrs->remove('noform') || '';
+    # See if a save url has been defined in the template
+    my $url = Foswiki::Func::expandTemplate('save_url');
+
+    # Default it to a rest url if not
+    $url ||= Foswiki::Func::getScriptUrl('CommentPlugin', 'comment', 'rest' );
+
+    $url = '' if $disabled;
+
+    my $noform = $attrs->{noform} || '';
     if ( $input !~ m/^%RED%/ ) {
-        $input =~ s/%DISABLED%/$disable/g;
+        $input =~ s/%DISABLED%/$disabled ? 'disabled' : '' /ge;
         $input =~ s/%MESSAGE%/$message/g;
-        my $n = $$pidx + 0;
-
-        if ( $disable eq '' ) {
+        my $idx = $attrs->{comment_index};
+
+        unless( $disabled ) {
             my $hiddenFields = "";
             $hiddenFields .=
-              "\n" . CGI::hidden( -name => 'comment_action', -value => 'save' );
+              CGI::hidden( -name => 'topic', -value => "$web.$topic");
+
             $hiddenFields .=
-              "\n" . CGI::hidden( -name => 'comment_type', -value => $type );
-            if ( defined($silent) ) {
-                $hiddenFields .=
-                  "\n" . CGI::hidden( -name => 'comment_nonotify', value => 1 );
+              CGI::hidden( -name => 'comment_action', -value => 'save' );
+
+            $hiddenFields .=
+              CGI::hidden( -name => 'endPoint', -value => $endPoint );
+
+            $hiddenFields .=
+              CGI::hidden( -name => 'comment_type', -value => $type );
+
+            if ( defined($attrs->{nonotify}) ) {
+                $hiddenFields .=
+                  CGI::hidden( -name => 'comment_nonotify', value => 1 );
             }
             if ($templatetopic) {
-                $hiddenFields .= "\n"
-                  . CGI::hidden(
-                    -name  => 'comment_templatetopic',
-                    -value => $templatetopic
-                  );
-            }
-            if ($location) {
-                $hiddenFields .= "\n"
-                  . CGI::hidden(
-                    -name  => 'comment_location',
-                    -value => $location
-                  );
+                $hiddenFields .= 
+                  CGI::hidden(
+                      -name  => 'comment_templatetopic',
+                      -value => $templatetopic
+                     );
+            }
+            if ($attrs->{location}) {
+                $hiddenFields .=
+                  CGI::hidden(
+                      -name  => 'comment_location',
+                      -value => $attrs->{location}
+                     );
             }
             elsif ($anchor) {
-                $hiddenFields .= "\n"
-                  . CGI::hidden( -name => 'comment_anchor', -value => $anchor );
+                $hiddenFields .=
+                  CGI::hidden( -name => 'comment_anchor', -value => $anchor );
             }
             else {
-                $hiddenFields .= "\n"
-                  . CGI::hidden( -name => 'comment_index', -value => $$pidx );
-            }
-            if ($nopost) {
-                $hiddenFields .= "\n"
-                  . CGI::hidden( -name => 'comment_nopost', -value => $nopost );
-            }
-            if ($remove) {
-                $hiddenFields .= "\n"
-                  . CGI::hidden( -name => 'comment_remove', -value => $$pidx );
+                $hiddenFields .=
+                  CGI::hidden( -name => 'comment_index', -value => $idx );
+            }
+            if ($attrs->{nopost}) {
+                $hiddenFields .=
+                  CGI::hidden( -name => 'comment_nopost',
+                               -value => $attrs->{nopost} );
+            }
+            if ($attrs->{remove}) {
+                $hiddenFields .=
+                  CGI::hidden( -name => 'comment_remove', -value => $idx );
             }
             $input .= $hiddenFields;
         }
-        if ($noform) {
-            my $form =
-              _getTemplate( "FORM:$type", $topic, $web, $templatetopic, 'off' )
-              || '';
+
+        # SMELL: would have been more elegant to split this into
+        # FORM:head:type and FORM:tail:type. Too late now :-(
+        my $form = Foswiki::Func::expandTemplate("FORM:$type");
+
+        if ( $noform || $form) {
             if ($form) {
                 $form =~ s/%COMMENTPROMPT%/$input/;
                 $input = $form;
-            }
-        }
-        unless ( $noform eq 'on' ) {
+            } else {
+                $input = "NOFORM $form $input";
+            }
+        } else {
             $input = CGI::start_form(
-                -name   => $type . $n,
-                -id     => $type . $n,
+                -name   => $type . $idx,
+                -id     => $type . $idx,
                 -action => $url,
                 -method => 'post'
-              )
+               )
               . $input
-              . CGI::end_form();
-        }
-    }
-    $$pidx++;
+                . CGI::end_form();
+        }
+    }
     return $input;
 }
 
-# PRIVATE get the given template and do standard expansions
-sub _getTemplate {
-    my ( $name, $topic, $web, $templatetopic, $warn ) = @_;
-
-    $warn ||= '';
-
-    # Get the templates.
-    my $templateFile =
-         $templatetopic
-      || Foswiki::Func::getPreferencesValue('COMMENTPLUGIN_TEMPLATES')
-      || 'comments';
-
-    my $templates = Foswiki::Func::loadTemplate($templateFile);
-    if ( !$templates ) {
-        Foswiki::Func::writeWarning(
-            "Could not read template file '$templateFile'");
-        return;
-    }
-
-    my $t = Foswiki::Func::expandTemplate($name);
-    return "%RED%No such template def TMPL:DEF{$name}%ENDCOLOR%"
-      unless ( defined($t) && $t ne '' ) || $warn eq 'off';
-
-    return $t;
+sub _alert {
+    my $mess = shift;
+    return "<span class='foswikiAlert'> $mess </span>";
 }
 
@@ -249 +185 @@
 }
 
-# PRIVATE STATIC Performs comment insertion in the topic.
-sub _buildNewTopic {
-
-    #my ( $text, $topic, $web ) = @_;
-    my ( $topic, $web ) = ( $_[1], $_[2] );
+# PUBLIC build new topic text
+sub save {
+
+    my ( $text, $web, $topic ) = @_;
+
+    my $wikiName = Foswiki::Func::getWikiName();
+    my $mode = $Foswiki::cfg{Plugins}{CommentPlugin}{RequiredForSave}
+      || 'change';
+    my $access = Foswiki::Func::checkAccessPermission(
+        $mode, $wikiName, $text, $topic, $web);
+    unless ($access) {
+        # user has no permission to change the topic
+        throw Foswiki::AccessControlException(
+            $mode,
+            $wikiName,
+            web   => $web,
+            topic => $topic,
+            '' );
+    }
 
     my $query = Foswiki::Func::getCgiQuery();
     return unless $query;
 
+    # The type of the comment dictates where in the target topic it
+    # will be saved.
     my $type =
-         $query->param('comment_type')
-      || Foswiki::Func::getPreferencesValue('COMMENTPLUGIN_DEFAULT_TYPE')
-      || 'above';
+      $query->param('comment_type')
+        || Foswiki::Func::getPreferencesValue('COMMENTPLUGIN_DEFAULT_TYPE')
+          || 'above';
+
+    # Indexing comment instances depends on macro expansion 
+    # inside-out-left-right order and INCLUDE and SECTION expansion
+    # being correctly handled. Only relevant if the comment is being
+    # inserted relative to the instance, of course.
     my $index         = $query->param('comment_index') || 0;
+
     my $anchor        = $query->param('comment_anchor');
     my $location      = $query->param('comment_location');
     my $remove        = $query->param('comment_remove');
     my $nopost        = $query->param('comment_nopost');
-    my $templatetopic = $query->param('comment_templatetopic') || '';
-
-    my $output = _getTemplate( "OUTPUT:$type", $topic, $web, $templatetopic );
-    if ( $output =~ m/^%RED%/ ) {
-        die $output;
-    }
+    my $templatetopic = $query->param('comment_templatetopic');
+
+    if ($templatetopic) {
+        my ( $templocweb, $temploctopic ) =
+          Foswiki::Func::normalizeWebTopicName(
+              $web, $templatetopic );
+        $templatetopic = "$templocweb.$temploctopic";
+    }
+
+    # Get the templates.
+    my $templateFile =
+      $templatetopic
+        || Foswiki::Func::getPreferencesValue('COMMENTPLUGIN_TEMPLATES')
+          || 'comments';
+
+    Foswiki::Func::loadTemplate($templateFile);
+
+    my $output = Foswiki::Func::expandTemplate("OUTPUT:$type");
+    die _alert("No such template def 'OUTPUT:$type'") unless $output;
 
     # Expand the template
@@ -290 +261 @@
     # methods in the core. Fortunately this will work even if there is
     # no embedded meta-data.
-    # Note: because this is Dakar, and has sensible semantics for handling
-    # the =text= parameter to =save=, there is no longer any need to re-read
-    # the topic. The text is automatically defaulted to the existing topic
-    # text if the =text= parameter isn't specified - which for comments,
-    # it isn't.
     my $premeta  = '';
     my $postmeta = '';
     my $inpost   = 0;
-    my $text     = '';
-    foreach my $line ( split( /\r?\n/, $_[0] ) ) {
-        if ( $line =~ /^%META:[A-Z]+{[^}]*}%/ ) {
+    my $innerText     = '';
+    foreach my $line ( split( /\r?\n/, $text ) ) {
+        if ( $line =~ /^%META:[A-Z]+{[^}]*}%$/ ) {
             if ($inpost) {
                 $postmeta .= $line . "\n";
@@ -309 +275 @@
         }
         else {
-            $text .= $line . "\n";
+            $innerText .= $line . "\n";
             $inpost = 1;
         }
     }
+    $text = $innerText;
 
     #make sure the anchor or location exits
@@ -390 +357 @@
     }
 
-    $_[0] = $premeta . $text . $postmeta;
+    return $premeta . $text . $postmeta;
 }
 

trunk/CommentPlugin/lib/Foswiki/Plugins/CommentPlugin/Config.spec

@@ -16 +16 @@
 # a comment is saved.
 $Foswiki::cfg{Plugins}{CommentPlugin}{GuestCanComment} = 1;
+# ---+ Extensions
+# ---++ CommentPlugin
+# **SELECT CHANGE,COMMENT**
+# Access control permissions that are required to be able to add a comment
+# to a topic. CHANGE is the default, the same as for an adit, but you can
+# also select COMMENT which will check e.g. ALLOWTOPICCOMMENT. This lets you
+# grant users COMMENT access without giving them open access to edit the
+# topic. <strong>Note</strong>Foswiki 1.1 and later only. This feature is
+# not supported when the plugin is installed in earlier releases. These
+# releases require CHANGE permission on all writable topics.
+$Foswiki::cfg{Plugins}{CommentPlugin}{RequiredForSave} = 'CHANGE';
+# **BOOLEAN**
+# If this option is disabled, the guest user will not be offered the
+# comment prompt *even if access controls permit them to save*. Note that
+# even if this option is true, access controls will still be checked when
+# a comment is saved.
+$Foswiki::cfg{Plugins}{CommentPlugin}{GuestCanComment} = 1;

trunk/CommentPlugin/lib/Foswiki/Plugins/CommentPlugin/MANIFEST

@@ +1 @@
+!noci
 data/System/CommentPlugin.txt 0644 Plugin doc page
 data/System/VarCOMMENT.txt 0644 Comment tag doc page
@@ -8 +9 @@
 lib/Foswiki/Plugins/CommentPlugin.pm 0444 Plugin Perl module 
 lib/Foswiki/Plugins/CommentPlugin/Comment.pm 0444 Plugin Perl module 
-
+lib/Foswiki/Plugins/CommentPlugin/Config.spec 0444 Configuration module
 pub/System/CommentPlugin/wikiringlogo20x20.png 0660
+pub/System/CommentPlugin/comment_src.js 0660

trunk/CommentPlugin/pub/System/CommentPlugin/comment_src.js

@@ +1 @@
+/*
+Foswiki - The Free and Open Source Wiki, http://foswiki.org/
+
+Copyright (C) 2010 Foswiki Contributors. Foswiki Contributors
+are listed in the AUTHORS file in the root of this distribution.
+NOTE: Please extend that file, not this notice.
+
+This program is free software; you can redistribute it and/or
+modify it under the terms of the GNU General Public License
+as published by the Free Software Foundation; either version 2
+of the License, or (at your option) any later version. For
+more details read LICENSE in the root of this distribution.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+As per the GPL, removal of this notice is prohibited.
+
+This is an example of a simple AJAX comment submission.
+
+*/
+(function($) {
+    $(document).ready(
+        function() {
+            $("textarea.commentPluginAjax")
+                .blur(
+                    function() {
+                        if (this.value == '')
+                            this.value = this.title;
+                    })
+                .focus(
+                    function() {
+                        if (this.value == this.title)
+                            this.value = '';
+                    })
+                .keypress(
+                    function() {
+                        var form = $(this).parents("form")[0];
+                        $(form).find(".commentPluginStatusResponse").html('');
+                    });
+            $("input.commentPluginAjax").click(
+                function(e) {
+                    var form = $(this).parents("form")[0];
+                    // Remove the endpoint; we want a status report
+                    $(form).find("input[name='endPoint']").remove();
+                    $.post(form.action, $(form).serialize(),
+                           function() {
+                               // Fake the format of the comment that was
+                               // added to the topic
+                               $(form).before(
+                                   "<p/>" + $(form).find(
+                                       "textarea.commentPluginAjax").text()
+                                   + "<p />-- "
+                                   + foswiki.getPreference("WIKINAME"));
+                           });
+                });
+        });
+})(jQuery);
 /*
 Foswiki - The Free and Open Source Wiki, http://foswiki.org/

trunk/CommentPlugin/test/unit/CommentPlugin/CommentPluginTests.pm

@@ -7 +7 @@
 use FoswikiFnTestCase;
 our @ISA = qw( FoswikiFnTestCase );
+use Error ':try';
 
 use Unit::Request;
@@ -27 +28 @@
     $webObject->populateNewWeb();
 
+    Foswiki::Func::getContext()->{view} = 1;
+    $Foswiki::cfg{Plugins}{CommentPlugin}{RequiredForSave} = 'CHANGE';
+    $Foswiki::cfg{Plugins}{CommentPlugin}{GuestCanComment} = 1;
+
     return;
 }
@@ -64 +69 @@
     my ( $this, $type, $web, $topic, $anchor, $location ) = @_;
 
-    my $eidx   = 1;
+    my $eidx   = $Foswiki::Plugins::CommentPlugin::commentIndex;
     my $sattrs = "";
 
@@ -70 +75 @@
     $topic ||= $this->{test_topic};
 
-    if ( $web ne $this->{test_web} || $topic ne $this->{test_topic} || $anchor )
+    if ( $web ne $this->{test_web} || $topic ne $this->{test_topic}
+           || $anchor )
     {
 
@@ -85 +91 @@
     }
 
-    my $url = Foswiki::Func::getScriptUrl( $web, $topic, 'save' );
+    my $url = Foswiki::Func::getScriptUrl( 'CommentPlugin', 'comment', 'rest' );
 
     if ($location) {
@@ -94 +100 @@
     $sattrs .= 'type="' . $type . '" ';
 
-    my $commentref = '%COMMENT{' . $sattrs . ' refmark="here"}%';
+    my $commentref = '%COMMENT{' . $sattrs .
+      ' refmark="here" default="The Message"}%';
 
     # Build the target topic
     my $sample = <<"HERE";
 TopOfTopic
-%COMMENT{$sattrs}%
+$commentref
 HERE
     if ($anchor) {
@@ -116 +123 @@
 HERE
 
-    $this->writeTopic( $web, $topic, $sample );
-    my $pidx = $eidx;
-    my $html =
-      Foswiki::Plugins::CommentPlugin::Comment::_handleInput( $sattrs,
-        $this->{test_web}, $this->{test_topic}, \$pidx, "The Message", "",
-        "bottom" );
+    Foswiki::Func::saveTopic( $web, $topic, undef, $sample );
+
+    my $html = Foswiki::Func::expandCommonVariables($commentref);
 
     $html = removeEscapes($html);
-    $this->assert( $pidx == $eidx + 1, $html );
-
-    $this->assert( scalar( $html =~ s/^<form(.*?)>//sio ) );
+
+    $this->assert( scalar( $html =~ s/^<form(.*?)>//sio ), $html );
     my $dattrs = $1;
     $this->assert( scalar( $html =~ s/<\/form>\s*$//sio ) );
@@ -137 +140 @@
     $dattrs =~ s#application/x-www-form-urlencoded#multipart/form-data#;
     $this->assert_str_equals(
-        'enctype="multipart/form-data" id="' . $type . '1"',
+        'enctype="multipart/form-data" id="' . $type . '0"',
         trim($dattrs) );
 
@@ -216 +219 @@
             'comment_type'   => $type,
             'comment'        => $comm,
-        }
-    );
-    $query->path_info("/$web/$topic");
+            'topic'          => "$web.$topic",
+        }
+    );
+    $query->path_info("/CommentPlugin/comment");
     if ($anchor) {
         $query->param( -name => 'comment_anchor', -value => $anchor );
@@ -229 +233 @@
     }
 
-    my $session = Foswiki->new( $Foswiki::cfg{DefaultUserLoginName}, $query );
+    my $session = Foswiki->new( $Foswiki::cfg{DefaultUserLogin}, $query );
     my $text = "Ignore this text";
 
     # invoke the save handler
-    $this->captureWithKey( save => $this->getUIFn('save'), $session );
+    $this->captureWithKey( rest => $this->getUIFn('rest'), $session );
 
     $text = Foswiki::Func::readTopicText( $web, $topic );
@@ -340 +344 @@
 # id: This gives a unique name for a COMMENT, in case you have more than one COMMENT tag in a topic (mandatory with > 1 COMMENT)
 
-    my $pidx = 0;
-    my $html = Foswiki::Plugins::CommentPlugin::Comment::_handleInput(
-        "rows=99 cols=104 mode=after button=HoHo id=sausage",
-        , $this->{test_topic}, $this->{test_web}, \$pidx, "The Message", "",
-        "bottom" );
+    my $comment = '%COMMENT{type="after" rows="99" cols="104" mode="after" button="HoHo" id="sausage"}%';
+    my $html = Foswiki::Func::expandCommonVariables( $comment );
     $html = removeEscapes($html);
     $this->assert_matches( qr/form [^>]*name=\"after0\"/,        $html );
@@ -356 +357 @@
 sub test_locationOverridesAnchor {
     my $this = shift;
-    my $pidx = 0;
-    my $html = Foswiki::Plugins::CommentPlugin::Comment::_handleInput(
-        "target=\"$this->{test_web}.ATopic#AAnchor\" location=\"AnRE\"",
-        $this->{test_topic},
-        $this->{test_web},
-        \$pidx,
-        "The Message",
-        "",
-        "bottom"
-    );
+    my $html = Foswiki::Func::expandCommonVariables("%COMMENT{type=\"bottom\" target=\"$this->{test_web}.ATopic#AAnchor\" location=\"AnRE\"}%");
+
     $this->assert_matches( qr/<input ([^>]*name="comment_location".*?)\s*\/>/,
         $html );
@@ -380 +373 @@
 after
 HERE
-    $this->writeTopic( $this->{test_web}, $this->{test_topic}, $sample );
-    my $pidx = 0;
+    Foswiki::Func::saveTopic(
+        $this->{test_web}, $this->{test_topic}, undef, $sample );
     my $html =
-      Foswiki::Plugins::CommentPlugin::Comment::_handleInput( 'nopost="on"',
-        $this->{test_web}, $this->{test_topic}, \$pidx, "The Message", "",
-        "bottom" );
+      Foswiki::Func::expandCommonVariables( '%COMMENT{nopost="on"}%');
+
     $this->assert_matches(
         qr/<input type="hidden" name="comment_nopost" value="on"/, $html );
@@ -397 +389 @@
             'comment'        => $comm,
             'comment_nopost' => 'on',
-        }
-    );
-    $query->path_info("/$this->{test_web}/$this->{test_topic}");
-
-    my $session = Foswiki->new( $Foswiki::cfg{DefaultUserLoginName}, $query );
+            'topic'          => "$this->{test_web}.$this->{test_topic}"
+        }
+    );
+    $query->path_info("/CommentPlugin/comment");
+
+    my $session = Foswiki->new( $Foswiki::cfg{DefaultUserLogin}, $query );
     my $text = "Ignore this text";
 
     # invoke the save handler
-    $this->captureWithKey( save => $this->getUIFn('save'), $session );
+    $this->captureWithKey( rest => $this->getUIFn('rest'), $session );
 
     $text =
@@ -425 +418 @@
 after
 HERE
-    $this->writeTopic( $this->{test_web}, $this->{test_topic}, $sample );
-    my $pidx = 99;
+    Foswiki::Func::saveTopic(
+        $this->{test_web}, $this->{test_topic}, undef, $sample );
     my $html =
-      Foswiki::Plugins::CommentPlugin::Comment::_handleInput( 'remove="on"',
-        $this->{test_web}, $this->{test_topic}, \$pidx, "The Message", "",
-        "bottom" );
+      Foswiki::Func::expandCommonVariables( '%COMMENT{remove="on"}%');
+
     $this->assert_matches(
-        qr/<input type="hidden" name="comment_remove" value="99"/, $html );
+        qr/<input type="hidden" name="comment_remove" value="0"/, $html );
 
     # Compose the query
@@ -443 +435 @@
             'comment_remove' => '0',
             'comment_index'  => '99',
-        }
-    );
-    $query->path_info("/$this->{test_web}/$this->{test_topic}");
-
-    my $session = Foswiki->new( $Foswiki::cfg{DefaultUserLoginName}, $query );
+            'topic'          => "$this->{test_web}/$this->{test_topic}",
+        }
+    );
+    $query->path_info("/CommentPlugin/comment");
+
+    my $session = Foswiki->new( $Foswiki::cfg{DefaultUserLogin}, $query );
     my $text = "Ignore this text";
 
     # invoke the save handler
-    $this->captureWithKey( save => $this->getUIFn('save'), $session );
+    $this->captureWithKey( rest => $this->getUIFn('rest'), $session );
 
     $text =
@@ -477 +470 @@
 after
 HERE
-    $this->writeTopic( $this->{test_web}, $this->{test_topic}, $sample );
-    my $pidx = 99;
-    my $html = Foswiki::Plugins::CommentPlugin::Comment::_handleInput(
-        'default="wibble"', $this->{test_web}, $this->{test_topic}, \$pidx,
-        undef, "", "bottom" );
+    Foswiki::Func::saveTopic(
+        $this->{test_web}, $this->{test_topic}, undef, $sample );
+    my $html = Foswiki::Func::expandCommonVariables('%COMMENT{default="wibble"}%');
+
     $this->assert_matches( qr#>wibble</textarea>#, $html );
 
@@ -495 +487 @@
 after
 HERE
-    $this->writeTopic( $this->{test_web}, $this->{test_topic}, $sample );
-    my $pidx = 99;
+    Foswiki::Func::saveTopic(
+        $this->{test_web}, $this->{test_topic}, undef, $sample );
     my $html =
-      Foswiki::Plugins::CommentPlugin::Comment::_handleInput( 'remove="on"',
-        $this->{test_web}, $this->{test_topic}, \$pidx, "The Message", "",
-        "bottom" );
+      Foswiki::Func::expandCommonVariables( '%COMMENT{remove="on"}%');
+
     $this->assert_matches(
-        qr/<input type="hidden" name="comment_remove" value="99"/, $html );
+        qr/<input type="hidden" name="comment_remove" value="0"/, $html );
 
     # Compose the query
@@ -512 +503 @@
             'comment'        => $comm,
             'comment_anchor' => '#LatestComment',
-        }
-    );
-    $query->path_info("/$this->{test_web}/$this->{test_topic}");
-
-    my $session = Foswiki->new( $Foswiki::cfg{DefaultUserLoginName}, $query );
+            'topic'          => "$this->{test_web}.$this->{test_topic}",
+        }
+    );
+    $query->path_info("/CommentPlugin/comment");
+
+    my $session = Foswiki->new( $Foswiki::cfg{DefaultUserLogin}, $query );
     my $text = "Ignore this text";
 
     # invoke the save handler
-    $this->captureWithKey( save => $this->getUIFn('save'), $session );
+    $this->captureWithKey( rest => $this->getUIFn('rest'), $session );
 
     $text =
@@ -551 +543 @@
 after
 HERE
-    $this->writeTopic( $this->{test_web}, $this->{test_topic}, $sample );
-    my $pidx = 99;
+    Foswiki::Func::saveTopic(
+        $this->{test_web}, $this->{test_topic}, undef, $sample );
     my $html =
-      Foswiki::Plugins::CommentPlugin::Comment::_handleInput( 'remove="on"',
-        $this->{test_web}, $this->{test_topic}, \$pidx, "The Message", "",
-        "bottom" );
+      Foswiki::Func::expandCommonVariables( '%COMMENT{remove="on"}%');
+
     $html = removeEscapes($html);
     $this->assert_matches(
-        qr/<input type="hidden" name="comment_remove" value="99"/, $html );
+        qr/<input type="hidden" name="comment_remove" value="0"/, $html );
 
     # Compose the query
@@ -569 +560 @@
             'comment'        => $comm,
             'comment_anchor' => '#LatestComment',
-
-        }
-    );
-    $query->path_info("/$this->{test_web}/$this->{test_topic}");
-
-    my $session = Foswiki->new( $Foswiki::cfg{DefaultUserLoginName}, $query );
+            'topic'          => "$this->{test_web}.$this->{test_topic}",
+        }
+    );
+    $query->path_info("/CommentPlugin/comment");
+
+    my $session = Foswiki->new( $Foswiki::cfg{DefaultUserLogin}, $query );
     my $text = "Ignore this text";
 
     # invoke the save handler
-    $this->captureWithKey( save => $this->getUIFn('save'), $session );
+    $this->captureWithKey( rest => $this->getUIFn('rest'), $session );
 
     $text =
@@ -600 +591 @@
 }
 
+sub test_acl_COMMENT {
+    my $this = shift;
+
+    my $sample = <<HERE;
+   * Set DENYTOPICCHANGE = $Foswiki::cfg{DefaultUserWikiName}
+   * Set DENYTOPICVIEW = $Foswiki::cfg{DefaultUserWikiName}
+   * Set ALLOWTOPICCOMMENT = $Foswiki::cfg{DefaultUserWikiName}
+%COMMENT%
+HERE
+    Foswiki::Func::saveTopic(
+        $this->{test_web}, $this->{test_topic}, undef, $sample );
+
+    # Compose the query
+    my $comm  = "This is the comment";
+    my $query = Unit::Request->new(
+        {
+            'comment_action' => 'save',
+            'comment_type'   => 'above',
+            'comment'        => $comm,
+            topic => "$this->{test_web}.$this->{test_topic}",
+        }
+    );
+    $query->path_info("/CommentPlugin/comment");
+
+    $Foswiki::cfg{Plugins}{CommentPlugin}{RequiredForSave} = 'CHANGE';
+
+    my ($responseText, $result, $stdout, $stderr, $session);
+    # First make sure we can't *change* it
+    $session = Foswiki->new( $Foswiki::cfg{DefaultUserLogin}, $query );
+
+    # invoke the save handler
+
+    eval {
+        ($responseText, $result, $stdout, $stderr) =
+          $this->captureWithKey( rest => $this->getUIFn('rest'), $session );
+    };
+
+    $this->assert($@);
+    $this->assert_matches(qr"OopsException\(accessdenied/topic_access", $@);
+
+    # Now make sure we *can* change it, given COMMENT access
+    $Foswiki::cfg{Plugins}{CommentPlugin}{RequiredForSave} = 'COMMENT';
+
+    $session = Foswiki->new( $Foswiki::cfg{DefaultUserLogin}, $query );
+
+    # invoke the save handler
+    ($responseText, $result, $stdout, $stderr) =
+      $this->captureWithKey( rest => $this->getUIFn('rest'), $session );
+    $this->assert_matches(qr/Status: 200/, $responseText);
+
+    my ( $meta, $text ) =
+      Foswiki::Func::readTopic( $this->{test_web}, $this->{test_topic} );
+    $text =~ s/- \d\d [A-Z][a-z]{2} \d{4}/- DATE/;
+    $this->assert_str_equals(<<HERE, $text);
+   * Set DENYTOPICCHANGE = WikiGuest
+   * Set DENYTOPICVIEW = $Foswiki::cfg{DefaultUserWikiName}
+   * Set ALLOWTOPICCOMMENT = WikiGuest
+
+
+This is the comment
+
+-- TemporaryCommentPluginTestsUsersWeb.WikiGuest - DATE
+%COMMENT%
+HERE
+}
+
+sub test_rest_control_modes {
+    my $this = shift;
+    my $sample = <<HERE;
+   * Set DENYTOPICCHANGE = $Foswiki::cfg{DefaultUserWikiName}
+%COMMENT%
+HERE
+    Foswiki::Func::saveTopic(
+        $this->{test_web}, $this->{test_topic}, undef, $sample );
+
+    # other tests have already covered the non-ajax, no endpoint mode
+    my $query = Unit::Request->new(
+        {
+            'comment_action' => 'save',
+            'comment_type'   => 'above',
+            'comment'        => "Arfle barfle gloop",
+            'comment_ajax'   => 1,
+            topic => "$this->{test_web}.$this->{test_topic}",
+        }
+    );
+    $query->path_info("/CommentPlugin/comment");
+    my ($responseText, $result, $stdout, $stderr);
+    my $session = new Foswiki(undef, $query);
+    eval {
+        ($responseText, $result, $stdout, $stderr) =
+          $this->captureWithKey( rest => $this->getUIFn('rest'), $session );
+    };
+    $this->assert_matches(qr/Status: 404/, $responseText);
+
+}
+
 1;
 __END__