--- a/app/controllers/comments_controller.rb	Wed Jan 23 13:11:25 2013 +0000
+++ b/app/controllers/comments_controller.rb	Thu Jun 20 13:14:14 2013 +0100
@@ -1,3 +1,20 @@
+# Redmine - project management software
+# Copyright (C) 2006-2012  Jean-Philippe Lang
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+
 class CommentsController < ApplicationController
   default_search_scope :news
   model_object News
@@ -5,8 +22,9 @@
   before_filter :find_project_from_association
   before_filter :authorize
 
-  verify :method => :post, :only => :create, :render => {:nothing => true, :status => :method_not_allowed }
   def create
+    raise Unauthorized unless @news.commentable?
+
     @comment = Comment.new
     @comment.safe_attributes = params[:comment]
     @comment.author = User.current
@@ -17,7 +35,6 @@
     redirect_to :controller => 'news', :action => 'show', :id => @news
   end
 
-  verify :method => :delete, :only => :destroy, :render => {:nothing => true, :status => :method_not_allowed }
   def destroy
     @news.comments.find(params[:comment_id]).destroy
     redirect_to :controller => 'news', :action => 'show', :id => @news
@@ -33,5 +50,4 @@
     @comment = nil
     @news
   end
-
 end