From 93568b2b1f0316e7e74953be2477b983ddf3ded1 Mon Sep 17 00:00:00 2001
From: Russ Housley <housley@vigilsec.com>
Date: Sat, 31 Oct 2015 07:20:26 +0000
Subject: [PATCH] Add check to addcomment for WG/RG chair or secretary; Commit
 ready for merge  - Legacy-Id: 10343

---
 ietf/doc/views_doc.py | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/ietf/doc/views_doc.py b/ietf/doc/views_doc.py
index 7f264d413..a93f83a0c 100644
--- a/ietf/doc/views_doc.py
+++ b/ietf/doc/views_doc.py
@@ -905,6 +905,18 @@ def add_comment(request, name):
 
     login = request.user.person
 
+    if doc.type_id == "draft" and doc.group != None:
+        can_add_comment = bool(has_role(request.user, ("Area Director", "Secretariat", "IRTF Chair", "IANA", "RFC Editor")) or (
+            request.user.is_authenticated() and
+            Role.objects.filter(name__in=("chair", "secr"),
+                group__acronym=doc.group.acronym,
+                person__user=request.user)))
+    else:
+        can_add_comment = has_role(request.user, ("Area Director", "Secretariat", "IRTF Chair"))
+    if not can_add_comment:
+        # The user is a chair or secretary, but not for this WG or RG
+        return HttpResponseForbidden("You need to be a chair or secretary of this group to add a comment.")
+
     if request.method == 'POST':
         form = AddCommentForm(request.POST)
         if form.is_valid():