From 5358f3d9273843c5b346094e1ee399bec4285d3f Mon Sep 17 00:00:00 2001
From: Faris Ansari <netchampfaris@users.noreply.github.com>
Date: Mon, 18 Dec 2017 15:02:02 +0530
Subject: [PATCH] [fix] Edit Comment (#4648)

fixes frappe/erpnext#12012
---
 frappe/desk/form/utils.py                       | 11 +++++++++++
 frappe/public/js/frappe/form/footer/timeline.js | 11 +++--------
 2 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/frappe/desk/form/utils.py b/frappe/desk/form/utils.py
index 999a83a2fe..683791534d 100644
--- a/frappe/desk/form/utils.py
+++ b/frappe/desk/form/utils.py
@@ -59,6 +59,17 @@ def add_comment(doc):
 
 	return doc.as_dict()
 
+@frappe.whitelist()
+def update_comment(name, content):
+	"""allow only owner to update comment"""
+	doc = frappe.get_doc('Communication', name)
+
+	if frappe.session.user not in ['Administrator', doc.owner]:
+		frappe.throw(_('Comment can only be edited by the owner'), frappe.PermissionError)
+
+	doc.content = content
+	doc.save(ignore_permissions=True)
+
 @frappe.whitelist()
 def get_next(doctype, value, prev, filters=None, order_by="modified desc"):
 
diff --git a/frappe/public/js/frappe/form/footer/timeline.js b/frappe/public/js/frappe/form/footer/timeline.js
index 02b540a8c8..24e19c7fc5 100644
--- a/frappe/public/js/frappe/form/footer/timeline.js
+++ b/frappe/public/js/frappe/form/footer/timeline.js
@@ -612,15 +612,10 @@ frappe.ui.form.Timeline = Class.extend({
 	 */
 	update_comment: function(name, content)
 	{
-		// TODO: is there a frappe.client.update function?
 		return frappe.call({
-			method: 'frappe.client.set_value',
-			args: {
-				doctype: 'Communication',
-				name: name,
-				fieldname: 'content',
-				value: content,
-			}, callback: function(r) {
+			method: 'frappe.desk.form.utils.update_comment',
+			args: { name, content },
+			callback: function(r) {
 				if(!r.exc) {
 					frappe.utils.play_sound('click');
 				}