From 3a8aa8c887941ed48e8258f8dc563e8741f396b1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E7=8E=8B=E5=81=A5=E8=BE=89?=
 <40563566+WangJianhui666@users.noreply.github.com>
Date: Fri, 15 Mar 2019 14:47:34 +0800
Subject: [PATCH] modify file comment permission (#3116)

---
 seahub/api2/endpoints/file_comment.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/seahub/api2/endpoints/file_comment.py b/seahub/api2/endpoints/file_comment.py
index da9950b6cb..d62c7045c2 100644
--- a/seahub/api2/endpoints/file_comment.py
+++ b/seahub/api2/endpoints/file_comment.py
@@ -16,6 +16,7 @@ from seahub.avatar.settings import AVATAR_DEFAULT_SIZE
 from seahub.base.models import FileComment
 from seahub.utils.repo import is_repo_owner
 from seahub.views import check_folder_permission
+from seahub.constants import PERMISSION_READ_WRITE
 
 logger = logging.getLogger(__name__)
 
@@ -87,8 +88,7 @@ class FileCommentView(APIView):
             return api_error(status.HTTP_404_NOT_FOUND, error_msg)
 
         # permission check
-        username = request.user.username
-        if username != file_comment.author and not is_repo_owner(request, repo_id, username):
+        if check_folder_permission(request, repo_id, '/') != PERMISSION_READ_WRITE:
             error_msg = 'Permission denied.'
             return api_error(status.HTTP_403_FORBIDDEN, error_msg)