Index: modules/comment/comment.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/comment/comment.module,v
retrieving revision 1.920
diff -u -p -r1.920 comment.module
--- modules/comment/comment.module	23 Nov 2010 06:02:06 -0000	1.920
+++ modules/comment/comment.module	27 Nov 2010 00:18:32 -0000
@@ -690,7 +690,7 @@ function comment_node_view($node, $view_
     // page. We compare $node and $page_node to ensure that comments are not
     // appended to other nodes shown on the page, for example a node_reference
     // displayed in 'full' view mode within another node.
-    if ($node->comment && $view_mode == 'full' && node_is_page($node) && empty($node->in_preview) && user_access('access comments')) {
+    if ($node->comment && $view_mode == 'full' && node_is_page($node) && empty($node->in_preview)) {
       $node->content['comments'] = comment_node_page_additions($node);
     }
   }
@@ -708,7 +708,7 @@ function comment_node_page_additions($no
   // Only attempt to render comments if the node has visible comments.
   // Unpublished comments are not included in $node->comment_count, so show
   // comments unconditionally if the user is an administrator.
-  if ($node->comment_count || user_access('administer comments')) {
+  if (($node->comment_count && user_access('access comments')) || user_access('administer comments')) {
     $mode = variable_get('comment_default_mode_' . $node->type, COMMENT_MODE_THREADED);
     $comments_per_page = variable_get('comment_default_per_page_' . $node->type, 50);
     if ($cids = comment_get_thread($node, $mode, $comments_per_page)) {
Index: modules/comment/comment.pages.inc
===================================================================
RCS file: /cvs/drupal/drupal/modules/comment/comment.pages.inc,v
retrieving revision 1.40
diff -u -p -r1.40 comment.pages.inc
--- modules/comment/comment.pages.inc	9 Sep 2010 23:01:48 -0000	1.40
+++ modules/comment/comment.pages.inc	27 Nov 2010 00:18:32 -0000
@@ -33,26 +33,26 @@ function comment_reply($node, $pid = NUL
   $op = isset($_POST['op']) ? $_POST['op'] : '';
   $build = array();
 
-  if (user_access('access comments')) {
-    // The user is previewing a comment prior to submitting it.
-    if ($op == t('Preview')) {
-      if (user_access('post comments')) {
-        $build['comment_form'] = drupal_get_form("comment_node_{$node->type}_form", (object) array('pid' => $pid, 'nid' => $node->nid));
-      }
-      else {
-        drupal_set_message(t('You are not authorized to post comments.'), 'error');
-        drupal_goto("node/$node->nid");
-      }
+  // The user is previewing a comment prior to submitting it.
+  if ($op == t('Preview')) {
+    if (user_access('post comments')) {
+      $build['comment_form'] = drupal_get_form("comment_node_{$node->type}_form", (object) array('pid' => $pid, 'nid' => $node->nid));
     }
     else {
-      // $pid indicates that this is a reply to a comment.
-      if ($pid) {
+      drupal_set_message(t('You are not authorized to post comments.'), 'error');
+      drupal_goto("node/$node->nid");
+    }
+  }
+  else {
+    // $pid indicates that this is a reply to a comment.
+    if ($pid) {
+      if (user_access('access comments')) {
         // Load the comment whose cid = $pid
         $comment = db_query('SELECT c.*, u.uid, u.name AS registered_name, u.signature, u.signature_format, u.picture, u.data FROM {comment} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.cid = :cid AND c.status = :status', array(
           ':cid' => $pid,
           ':status' => COMMENT_PUBLISHED,
         ))->fetchObject();
-        if ( $comment ) {
+        if ($comment) {
           // If that comment exists, make sure that the current comment and the
           // parent comment both belong to the same parent node.
           if ($comment->nid != $node->nid) {
@@ -71,29 +71,29 @@ function comment_reply($node, $pid = NUL
           drupal_goto("node/$node->nid");
         }
       }
-      // This is the case where the comment is in response to a node. Display the node.
-      elseif (user_access('access content')) {
-        $build['comment_node'] = node_view($node);
-      }
-
-      // Should we show the reply box?
-      if ($node->comment != COMMENT_NODE_OPEN) {
-        drupal_set_message(t("This discussion is closed: you can't post new comments."), 'error');
-        drupal_goto("node/$node->nid");
-      }
-      elseif (user_access('post comments')) {
-        $edit = array('nid' => $node->nid, 'pid' => $pid);
-        $build['comment_form'] = drupal_get_form("comment_node_{$node->type}_form", (object) $edit);
-      }
       else {
-        drupal_set_message(t('You are not authorized to post comments.'), 'error');
+        drupal_set_message(t('You are not authorized to view comments.'), 'error');
         drupal_goto("node/$node->nid");
       }
     }
-  }
-  else {
-    drupal_set_message(t('You are not authorized to view comments.'), 'error');
-    drupal_goto("node/$node->nid");
+    // This is the case where the comment is in response to a node. Display the node.
+    elseif (user_access('access content')) {
+      $build['comment_node'] = node_view($node);
+    }
+
+    // Should we show the reply box?
+    if ($node->comment != COMMENT_NODE_OPEN) {
+      drupal_set_message(t("This discussion is closed: you can't post new comments."), 'error');
+      drupal_goto("node/$node->nid");
+    }
+    elseif (user_access('post comments')) {
+      $edit = array('nid' => $node->nid, 'pid' => $pid);
+      $build['comment_form'] = drupal_get_form("comment_node_{$node->type}_form", (object) $edit);
+    }
+    else {
+      drupal_set_message(t('You are not authorized to post comments.'), 'error');
+      drupal_goto("node/$node->nid");
+    }
   }
 
   return $build;
Index: modules/comment/comment.test
===================================================================
RCS file: /cvs/drupal/drupal/modules/comment/comment.test,v
retrieving revision 1.92
diff -u -p -r1.92 comment.test
--- modules/comment/comment.test	8 Nov 2010 21:36:45 -0000	1.92
+++ modules/comment/comment.test	27 Nov 2010 00:19:08 -0000
@@ -605,11 +605,12 @@ class CommentAnonymous extends CommentHe
     $this->assertTrue($this->commentExists($anonymous_comment2), t('Anonymous comment with contact info (optional) found.'));
 
     // Ensure anonymous users cannot post in the name of registered users.
+    $langcode = LANGUAGE_NONE;
     $edit = array(
       'name' => $this->admin_user->name,
       'mail' => $this->randomName() . '@example.com',
       'subject' => $this->randomName(),
-      'comment_body[' . LANGUAGE_NONE . '][0][value]' => $this->randomName(),
+      "comment_body[$langcode][0][value]" => $this->randomName(),
     );
     $this->drupalPost('comment/reply/' . $this->node->nid, $edit, t('Save'));
     $this->assertText(t('The name you used belongs to a registered user.'));
@@ -669,14 +670,14 @@ class CommentAnonymous extends CommentHe
     // NOTE: if authenticated user has permission to post comments, then a
     // "Login or register to post comments" type link may be shown.
     $this->drupalGet('node/' . $this->node->nid);
-    $this->assertNoPattern('/<div ([^>]*?)id="comments"([^>]*?)>/', t('Comments were not displayed.'));
+    $this->assertNoPattern('@<h2[^>]*>Comments</h2>@', t('Comments were not displayed.'));
     $this->assertNoLink('Add new comment', t('Link to add comment was found.'));
 
     // Attempt to view node-comment form while disallowed.
     $this->drupalGet('comment/reply/' . $this->node->nid);
-    $this->assertText('You are not authorized to view comments', t('Error attempting to post comment.'));
+    $this->assertText('You are not authorized to post comments', t('Error attempting to post comment.'));
     $this->assertNoFieldByName('subject', '', t('Subject field not found.'));
-    $this->assertNoFieldByName('comment[value]', '', t('Comment field not found.'));
+    $this->assertNoFieldByName("comment_body[$langcode][0][value]", '', t('Comment field not found.'));
 
     user_role_change_permissions(DRUPAL_ANONYMOUS_RID, array(
       'access comments' => TRUE,
@@ -684,9 +685,23 @@ class CommentAnonymous extends CommentHe
       'skip comment approval' => FALSE,
     ));
     $this->drupalGet('node/' . $this->node->nid);
-    $this->assertPattern('/<div ([^>]*?)id="comments"([^>]*?)>/', t('Comments were displayed.'));
+    $this->assertPattern('@<h2[^>]*>Comments</h2>@', t('Comments were displayed.'));
     $this->assertLink('Log in', 1, t('Link to log in was found.'));
     $this->assertLink('register', 1, t('Link to register was found.'));
+
+    user_role_change_permissions(DRUPAL_ANONYMOUS_RID, array(
+      'access comments' => FALSE,
+      'post comments' => TRUE,
+      'skip comment approval' => TRUE,
+    ));
+    $this->drupalGet('node/' . $this->node->nid);
+    $this->assertNoPattern('@<h2[^>]*>Comments</h2>@', t('Comments were not displayed.'));
+    $this->assertFieldByName('subject', '', t('Subject field found.'));
+    $this->assertFieldByName("comment_body[$langcode][0][value]", '', t('Comment field found.'));
+
+    $this->drupalGet('comment/reply/' . $this->node->nid . '/' . $anonymous_comment3->id);
+    $this->assertText('You are not authorized to view comments', t('Error attempting to post reply.'));
+    $this->assertNoText($author_name, t('Comment not displayed.'));
   }
 }