This looks fine though I think we need to discuss if we want to reuse the change_reviewrequest permission or if we want something else. The change_reviewrequest is generally meant for the admin UI, but reusing it is probably okay.
Allows a user other than the submitter to edit a review request if he has permissions.
Review Request #386 — Created May 15, 2008 and submitted
This is a very little patch to allow a user that has permissions to edit a review. The djblet (ifuserorperm) was already there to help doing it. I just replaced 'ifequal request.user review_request.submitter' by 'ifuserorperm review_request.submitter "reviews.<some permission>"' in a few places. I could not find documentation that explain the meaning of each permission. So verify that I used them in the right context. Note that I allowed a user that has change_review_request but not can_change_status to Publish a review request. It didn't make sense to me to allow them to change but not to publish. The option that need to be set under the admin page to allow access is: "reviews | review request | can change review" (update - 2nd patch) To be consistent with your comments, I've added a permission and modified the is_mutable_by() function. I haven't seen any side effects. It seems like the function was mainly using the first conditional.
It's been tested on our server by opening reviews with users that both have the permission and that don't have it.
Committed as r1375. Thanks!