Refactor out approval checking from ReviewCommand

PublishComments already does some approval verification.  This change
places the burden of this verification there instead of on
ReviewCommand.

Change-Id: Iaf4fb7b6c073b3fbaed64a34263f71d8d2d57507

gerrit-server/src/main/java/com/google/gerrit/server/patch/PublishComments.java

@@ -164,7 +164,8 @@ public class PublishComments implements Callable<VoidResult> {
     db.patchComments().update(drafts);
   }
 
-  private void publishApprovals(ChangeControl ctl) throws OrmException {
+  private void publishApprovals(ChangeControl ctl)
+      throws InvalidChangeOperationException, OrmException {
     ChangeUtil.updated(change);
 
     final Set<ApprovalCategory.Id> dirty = new HashSet<ApprovalCategory.Id>();
@@ -201,6 +202,11 @@ public class PublishComments implements Callable<VoidResult> {
       if (!ApprovalCategory.SUBMIT.equals(a.getCategoryId())) {
         functionState.normalize(types.byId(a.getCategoryId()), a);
       }
+      if (want.get() != a.getValue()) {
+        throw new InvalidChangeOperationException(
+            types.byId(a.getCategoryId()).getCategory().getLabelName()
+            + "=" + want.get() + " not permitted");
+      }
       if (o != a.getValue()) {
         // Value changed, ensure we update the database.
         //