Index: modules/comment/comment.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/comment/comment.module,v
retrieving revision 1.664
diff -u -p -r1.664 comment.module
--- modules/comment/comment.module  16 Nov 2008 19:41:14 -0000  1.664
+++ modules/comment/comment.module  18 Nov 2008 22:02:54 -0000
@@ -257,6 +257,10 @@ function comment_perm() {
       'title' => t('Post comments without approval'),
       'description' => t('Add comments to content (no approval required).'),
     ),
+    'edit own comments' => array(
+      'title' => t('Edit own comments'),
+      'description' => t('Edit comment created by the user, as long as no one has replied directly to it.'),
+    )
   );
 }

@@ -686,7 +690,7 @@ function comment_access($op, $comment) {
   global $user;

   if ($op == 'edit') {
-    return ($user->uid && $user->uid == $comment->uid && comment_num_replies($comment->cid) == 0) || user_access('administer comments');
+    return ($user->uid && $user->uid == $comment->uid && comment_num_replies($comment->cid) == 0 && user_access('edit own comments')) || user_access('administer comments');
   }
 }

Index: modules/comment/comment.test
===================================================================
RCS file: /cvs/drupal/drupal/modules/comment/comment.test,v
retrieving revision 1.17
diff -u -p -r1.17 comment.test
--- modules/comment/comment.test  11 Nov 2008 16:49:37 -0000  1.17
+++ modules/comment/comment.test  18 Nov 2008 22:02:54 -0000
@@ -4,6 +4,7 @@
 class CommentHelperCase extends DrupalWebTestCase {
   protected $admin_user;
   protected $web_user;
+  protected $web_user_limited;
   protected $node;

   /**
@@ -13,8 +14,10 @@ class CommentHelperCase extends DrupalWe
     parent::setUp('comment');
     // Create users.
     $this->admin_user = $this->drupalCreateUser(array('administer content types', 'administer comments', 'administer permissions'));
-    $this->web_user = $this->drupalCreateUser(array('access comments', 'post comments', 'create article content'));
-
+    $this->web_user = $this->drupalCreateUser(array('access comments', 'post comments', 'edit own comments', 'create article content'));
+    $this->web_user_limited = $this->drupalCreateUser(array('access comments', 'post comments', 'create article content'));
+    // Remove 'edit own comment' from the Authenticated User role.
+    db_query("DELETE FROM {role_permission} WHERE rid = %d AND permission = '%s'", 2, 'edit own comments');
     $this->drupalLogin($this->web_user);
     $this->node = $this->drupalCreateNode(array('type' => 'article', 'promote' => 1));
     $this->drupalLogout();
@@ -344,6 +347,16 @@ class CommentInterfaceTest extends Comme
     $this->drupalGet('node/' . $this->node->nid);
     $this->assertFalse($this->commentExists($comment), t('Comment not found.'));
     $this->assertFalse($this->commentExists($reply, TRUE), t('Reply not found.'));
+
+    // Create comment by limited user.
+    $this->drupalLogout();
+    $this->drupalLogin($this->web_user_limited);
+    $comment_limited = $this->postComment($this->node, $this->randomName(), $this->randomName());
+    $this->assertTrue($this->commentExists($comment_limited), t('Comment found.'));
+
+    // Attempt edit and check whether access denied.
+    $this->drupalGet('comment/edit/' . $comment_limited->id);
+    $this->assertResponse(403, t('Comment editing prohibited.'));
   }
 }

Index: modules/system/system.install
===================================================================
RCS file: /cvs/drupal/drupal/modules/system/system.install,v
retrieving revision 1.280
diff -u -p -r1.280 system.install
--- modules/system/system.install 15 Nov 2008 13:01:10 -0000  1.280
+++ modules/system/system.install 18 Nov 2008 22:02:55 -0000
@@ -375,6 +375,7 @@ function system_install() {
   db_query("INSERT INTO {role_permission} (rid, permission) VALUES (%d, '%s')", 2, 'access content');
   db_query("INSERT INTO {role_permission} (rid, permission) VALUES (%d, '%s')", 2, 'post comments');
   db_query("INSERT INTO {role_permission} (rid, permission) VALUES (%d, '%s')", 2, 'post comments without approval');
+  db_query("INSERT INTO {role_permission} (rid, permission) VALUES (%d, '%s')", 2, 'edit own comments');

   db_query("INSERT INTO {variable} (name, value) VALUES ('%s', '%s')", 'theme_default', 's:7:"garland";');
   db_query("UPDATE {system} SET status = %d WHERE type = '%s' AND name = '%s'", 1, 'theme', 'garland');
@@ -3097,6 +3098,16 @@ function system_update_7012() {
 }

 /**
+ * Add 'edit own comments' permission as default for authenticated users.
+ */
+function system_update_7017() {
+  $ret = array();
+  db_query("INSERT INTO {role_permission} (rid, permission) VALUES (%d, '%s')", 2, 'edit own comments');
+  $ret[] = array('success' => TRUE, 'query' => "Added 'edit own comments' permission for authenticated users.");
+  return $ret;
+}
+
+/**
  * @} End of "defgroup updates-6.x-to-7.x"
  * The next series of updates should start at 8000.
  */