Index: modules/comment/comment.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/comment/comment.module,v
retrieving revision 1.611
diff -u -p -r1.611 comment.module
--- modules/comment/comment.module	28 Dec 2007 12:02:51 -0000	1.611
+++ modules/comment/comment.module	4 Jan 2008 11:33:40 -0000
@@ -1757,23 +1757,33 @@ function theme_comment_thread_expanded($
  */
 function theme_comment_post_forbidden($node) {
   global $user;
-  if ($user->uid) {
-    return t("you can't post comments");
-  }
-  else {
-    // we cannot use drupal_get_destination() because these links sometimes appear on /node and taxo listing pages
-    if (variable_get('comment_form_location_'. $node->type, COMMENT_FORM_SEPARATE_PAGE) == COMMENT_FORM_SEPARATE_PAGE) {
-      $destination = "destination=". drupal_urlencode("comment/reply/$node->nid#comment-form");
-    }
-    else {
-      $destination = "destination=". drupal_urlencode("node/$node->nid#comment-form");
+  static $authenticated_post_comments;
+  
+  if (!$user->uid) {
+    if (!isset($authenticated_post_comments)) {
+      // We only output any link if we are certain, that users get permission
+      // to post comments by logging in. We also locally cache this information.
+      $authenticated_post_comments = array_key_exists(DRUPAL_AUTHENTICATED_RID, user_roles(TRUE, 'post comments') + user_roles(TRUE, 'post comments without approval'));
     }
+    
+    if ($authenticated_post_comments) {
+      // We cannot use drupal_get_destination() because these links
+      // sometimes appear on /node and taxonomy listing pages.
+      if (variable_get('comment_form_location_'. $node->type, COMMENT_FORM_SEPARATE_PAGE) == COMMENT_FORM_SEPARATE_PAGE) {
+        $destination = 'destination='. drupal_urlencode("comment/reply/$node->nid#comment-form");
+      }
+      else {
+        $destination = 'destination='. drupal_urlencode("node/$node->nid#comment-form");
+      }
 
-    if (variable_get('user_register', 1)) {
-      return t('<a href="@login">Login</a> or <a href="@register">register</a> to post comments', array('@login' => url('user/login', array('query' => $destination)), '@register' => url('user/register', array('query' => $destination))));
-    }
-    else {
-      return t('<a href="@login">Login</a> to post comments', array('@login' => url('user/login', array('query' => $destination))));
+      if (variable_get('user_register', 1)) {
+        // Users can register themselfs.
+        return t('<a href="@login">Login</a> or <a href="@register">register</a> to post comments', array('@login' => url('user/login', array('query' => $destination)), '@register' => url('user/register', array('query' => $destination))));
+      }
+      else {
+        // Only admins can add new users, no public registration.
+        return t('<a href="@login">Login</a> to post comments', array('@login' => url('user/login', array('query' => $destination))));
+      }
     }
   }
 }