[webui] users now need to sign in before posting a comment

src/webui/app/controllers/package_controller.rb

@@ -10,7 +10,7 @@ class PackageController < ApplicationController
   before_filter :require_project, :except => [:rawlog, :rawsourcefile, :submit_request, :devel_project]
   before_filter :require_package, :except => [:rawlog, :rawsourcefile, :submit_request, :save_new_link, :save_new, :devel_project ]
   # make sure it's after the require_, it requires both
-  before_filter :require_login, :only => [:branch]
+  before_filter :require_login, :only => [:branch, :save_comments]
   prepend_before_filter :lockout_spiders, :only => [:revisions, :dependency, :rdiff, :binary, :binaries, :requests]
 
   def show

src/webui/app/controllers/project_controller.rb

@@ -16,7 +16,7 @@ class ProjectController < ApplicationController
     :autocomplete_projects, :autocomplete_incidents, :clear_failed_comment, :edit_comment_form, :index,
     :list, :list_all, :list_public, :new, :package_buildresult, :save_new, :save_prjconf,
     :rebuild_time_png, :new_incident, :show]
-  before_filter :require_login, :only => [:save_new, :toggle_watch, :delete, :new]
+  before_filter :require_login, :only => [:save_new, :toggle_watch, :delete, :new, :save_comments]
   before_filter :require_available_architectures, :only => [:add_repository, :add_repository_from_default_list,
                                                             :edit_repository, :update_target]
 

src/webui/app/controllers/request_controller.rb

@@ -3,6 +3,7 @@
 class RequestController < ApplicationController
   include ApplicationHelper
   include CommentsHelper
+  before_filter :require_login, :only => [:save_comments]
 
   def add_reviewer_dialog
     @request_id = params[:id]

src/webui/test/functional/package_controller_test.rb

@@ -58,4 +58,11 @@ def delete_and_recreate_kdelibs
     page.wont_have_text '<person userid="Iggy" role="bugowner"/>'
   end
 
+  test "comment creation without login" do
+    logout
+    visit "/package/comments/home:Iggy/TestPack"
+    find_button("Add comment").click
+    find('#flash-messages').must_have_text "Please login to access the requested page."
+  end
+
 end

src/webui/test/functional/project_controller_test.rb

@@ -238,4 +238,12 @@ def create_subproject
     visit project_status_path(project: "LocalProject")
     page.must_have_text "Include version updates" # just don't crash
   end
+
+  test "comment creation without login" do
+    logout
+    visit "/project/comments/home:adrian"
+    find_button("Add comment").click
+    find('#flash-messages').must_have_text "Please login to access the requested page."
+  end
+
 end

src/webui/test/functional/request_controller_test.rb

@@ -151,4 +151,11 @@ def test_my_involved_requests
     # diff is expanded
     page.must_have_text "+DummyContent"
   end
+
+  test "comment creation without login" do
+    logout
+    visit "/request/comments/1000"
+    find_button("Add comment").click
+    find('#flash-messages').must_have_text "Please login to access the requested page."
+  end
 end