From e9df3db1ef40140f1cf2bb59b4222c723333f484 Mon Sep 17 00:00:00 2001
From: Tom Moor <tom.moor@gmail.com>
Date: Mon, 1 Apr 2024 20:51:13 -0400
Subject: [PATCH] Remove comment for guests with read-only permissions

---
 server/policies/document.ts | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/server/policies/document.ts b/server/policies/document.ts
index a50c25b9b..2c0f64704 100644
--- a/server/policies/document.ts
+++ b/server/policies/document.ts
@@ -53,8 +53,11 @@ allow(User, "download", Document, (actor, document) =>
 
 allow(User, "comment", Document, (actor, document) =>
   and(
-    //
-    can(actor, "read", document),
+    // TODO: We'll introduce a separate permission for commenting
+    or(
+      and(can(actor, "read", document), !actor.isGuest),
+      and(can(actor, "update", document), actor.isGuest)
+    ),
     isTeamMutable(actor),
     !!document?.isActive,
     !document?.template