Cannot delete comments - browser view is never called

I'm trying to debug an issue on a Plone 4 site where plone.app.discussion does not delete comments. I am using plone.app.discussion 2.2.20, because that is the version that comes with the latest Plone 4 (though it is totally unclear from PyPI what the 2.3.x, 2.4.x and 3.0.x versions are for).

There are absolutely no messages or tracebacks being logged either in the Zope log or the browser console.

The issue seems to be that plone.app.discussion.broser.moderation.DeleteComment is never called. At least, a breakpoint set in the __call__ method never trips. However, I can replay the request to http://localhost:9087/home/foo/bar/++conversation++default/....comment-id...../@@moderate-delete-comment with either a GET or a POST method, and I get a 302 response with no error. Indeed, the @@moderate-delete-comment browser view ends with return self.context.REQUEST.RESPONSE.redirect(came_from), so that's right. But the comment is not deleted. It disappears from the page because there is some javascript that deletes it from the DOM, but server-side it never gets deleted. So when you reload the moderation page it's still there.

Why is my pdb.set_trace() not tripped? Where is the 302 coming from, if the browser view does not execute?

Here is a checklist of things I have verified:

1. I am connected directly to a zope instance running in fg, no front-end web server or reverse proxy or load balancer involved.
2. I put other pdb.set_trace() calls in other methods in the same file (plone.app.discussion.browser.moderation.py) and they all get hit in the appropriate code paths, just not the one in DeleteComment.
3. I have tried adding IDisableCSRFProtection to the request with alsoProvides. Although the request already has a X-CSRF-TOKEN, plus there are no errors in the log. No difference.
4. I also tried putting a breakpoint in plone4.csrffixes.transform.Protect4Transform.transform, and it does get hit when I call the @@moderate-delete-comment view, but I couldn't get out of those weeds.
5. I inspected the comment object with Products.PDBDebugMode, and checked that all the ZCML discriminators for the <browser:page name="moderate-delete-comment" ... > are fulfilled, i.e. for, layer and permission.
6. The site has a Diazo theme, but I don't see how that could affect a view being called, since it's being called from AJAX, and I see the request leaving the browser.
7. I have replayed requests using Postman with all the same headers that the browser sends, to try and exclude any browser caching issue.
8. On my local development site I do not see this issue, only on remote production and staging sites.

Help!?
Thanks!
Fulvio

I have no answers for you.

I would approach the problem as follows:

• perform a search on the source tree for all registrations for moderate-delete-comment
• put a breakpoint on any definition for this view
• step through the view and look what happens.

Thanks, @dieter. That is one thing I forgot to add to the checklist. I actually did exactly what you suggest, and there is no other registration for moderate-delete-comment anywhere other than in plone.app.discussion.

Then, you should arrive in plone.app.discussion.browser.moderation.DeleteComment.__call__.

Should this not happen, I would emulate the request (in bin/client1 debug) and debug the request processing - especially the view lookup.

We have just been bitten by this in an old site.

The reason is the Products.PloneHotfix20160830 hotfix. Just upgrade that hotfix to 1.3 to fix your issues.

The patch replaces the code of the __call__ method in the DeleteComment view.