make comment's postId uneditable in schema (fix #1231)

packages/telescope-comments/lib/comments.js

@@ -143,7 +143,7 @@ Comments.schema = new SimpleSchema({
     optional: true,
     // regEx: SimpleSchema.RegEx.Id,
     max: 500,
-    editableBy: ["member", "admin"], // TODO: should users be able to set postId, but not modify it?
+    // editableBy: ["member", "admin"], // TODO: should users be able to set postId, but not modify it?
     autoform: {
       omit: true // never show this
     }

packages/telescope-comments/lib/methods.js

@@ -111,9 +111,14 @@ Meteor.methods({
     // clear restricted properties
     _.keys(comment).forEach(function (fieldName) {
 
-      var field = schema[fieldName];
-      if (!Users.can.submitField(user, field)) {
-        throw new Meteor.Error("disallowed_property", i18n.t('disallowed_property_detected') + ": " + fieldName);
+      // make an exception for postId, which should be setable but not modifiable
+      if (fieldName === "postId") {
+        // ok
+      } else {
+        var field = schema[fieldName];
+        if (!Users.can.submitField(user, field)) {
+          throw new Meteor.Error("disallowed_property", i18n.t('disallowed_property_detected') + ": " + fieldName);
+        }
       }
 
     });