Welcome to the Splat alpha!

I have code for this one.

Work dump:

- buttons in comment_issue.html, display:none by default
- displaying probably done in review.js, in open_state
- initiated by the js snippet in comment_issue.html
  - calls $.fn.commentIssue in review.js
  - whether or not fixed/drop buttons are shown is determined by self.interactive
  - that is set by the js snippet in comment_issue.html
  - called from comment_issue reviewtags.py:

      if user and user.is_authenticated() and \
          user == review_request.submitter:

  - review_request is "class ReviewRequest" models.py
    doesn't seem to be able to refer to comments
    where is the class for the "comment" var?
    - FileAttachmentComment inherting from BaseComment in models.py
- looks like we can get the creator of a comment only indirectly, via its review:
  - c.review.get().user

- GUI change DONE

- now we have to allow the closing via the API (it currently gives 403 forbidden)
  - URL is /api/review-requests/1/reviews/8/file-attachment-comments/8/ 403 (FORBIDDEN) 
  - call order (all reviewboard/webapi/resources.py):
    ReviewRequestResource.has_modify_permissions
    BaseCommentResource.update_issue_status
    ReviewRequestResource.has_modify_permissions (why twice?)
  - determined by ReviewRequest.is_mutable_by models.py
    - but no this allows to modify the *whole* review request, not only the single comment
    - probably have to put it into ReviewRequestResource.has_modify_permissions
    - no, that is still for the whole request, so instead in BaseCommentResource.update_issue_status?

- API access DONE

• Tags:

  +	Component-Reviews

Fixed in master (d0ff70d).

• Status:

  +	Fixed

• Duplicates:

  +	3162 - Allow reviews to fix and drop own issues