This is an automated email from the git hooks/post-receive script. New commit to branch develop in repository coselmar. See http://git.codelutin.com/coselmar.git commit 241094674b215001268cdad6615275c141a0de27 Author: Yannick Martel <martel@©odelutin.com> Date: Tue Dec 16 11:24:23 2014 +0100 review access on question --- .../coselmar/services/v1/QuestionsWebService.java | 22 +++++++++++----- .../src/main/webapp/js/coselmar-controllers.js | 17 ++++++++++--- .../src/main/webapp/views/questions/questions.html | 29 ++++++++++++++-------- .../main/webapp/views/questions/viewquestion.html | 4 +-- .../src/main/webapp/views/users/edituser.html | 2 +- 5 files changed, 52 insertions(+), 22 deletions(-) diff --git a/coselmar-rest/src/main/java/fr/ifremer/coselmar/services/v1/QuestionsWebService.java b/coselmar-rest/src/main/java/fr/ifremer/coselmar/services/v1/QuestionsWebService.java index 9bce405..ed57270 100644 --- a/coselmar-rest/src/main/java/fr/ifremer/coselmar/services/v1/QuestionsWebService.java +++ b/coselmar-rest/src/main/java/fr/ifremer/coselmar/services/v1/QuestionsWebService.java @@ -318,8 +318,8 @@ public class QuestionsWebService extends CoselmarWebServiceSupport { // Client can get the question (not the documents) if he is client of the question. String userRole = userWebToken.getRole(); - if (!StringUtils.equalsIgnoreCase(CoselmarUserRole.SUPERVISOR.name(), userRole) - && StringUtils.equalsIgnoreCase(CoselmarUserRole.ADMIN.name(), userRole)) { + // Member cannot access to question + if (StringUtils.equalsIgnoreCase(CoselmarUserRole.MEMBER.name(), userRole)) { String message = String.format("User %s %s ('%s') is not allowed to view question", userWebToken.getFirstName(), userWebToken.getLastName(), userWebToken.getUserId()); if (log.isWarnEnabled()) { @@ -347,19 +347,28 @@ public class QuestionsWebService extends CoselmarWebServiceSupport { String fullQuestionId = getFullIdFromShort(Question.class, questionId); Question question = getQuestionDao().forTopiaIdEquals(fullQuestionId).findUnique(); - // Check client authorization on the document - checkIsClient(question, currentUser); + if (CoselmarUserRole.CLIENT == currentUser.getRole()) { + // Client User can access if it is client of question + checkIsClientAllowed(question, currentUser); + + } QuestionBean result = BeanEntityConverter.toBean(getPersistenceContext().getTopiaIdFactory(), question);; // Client is not allowed to see documents - if (CoselmarUserRole.CLIENT == currentUser.getRole()) { + if (CoselmarUserRole.CLIENT == currentUser.getRole() + || (question.getClients() != null && question.getClients().contains(currentUser))) { + + // clients does not have to see all documents result.setRelatedDocuments(null); // If document is private, only participants could check it } else if (CoselmarUserRole.EXPERT == currentUser.getRole() && question.getPrivacy() == Privacy.PRIVATE) { + CoselmarUserGroup participants = question.getParticipants(); + if (participants == null || !participants.getMembers().contains(currentUser)) { + // Non participant only see title, privacy and hierarchy result = new QuestionBean(); result.setTitle(question.getTitle()); result.setPrivacy(question.getPrivacy().name()); @@ -709,11 +718,12 @@ public class QuestionsWebService extends CoselmarWebServiceSupport { } } - protected void checkIsClient(Question question, CoselmarUser currentUser) throws UnauthorizedException { + protected void checkIsClientAllowed(Question question, CoselmarUser currentUser) throws UnauthorizedException { String userRole = currentUser.getRole().name(); Set<CoselmarUser> questionsClients = question.getClients(); if (StringUtils.equalsIgnoreCase(CoselmarUserRole.CLIENT.name(), userRole) + && questionsClients != null && !questionsClients.contains(currentUser)) { String message = String.format("Client %s %s ('%s') is not allowed to access question %s", diff --git a/coselmar-ui/src/main/webapp/js/coselmar-controllers.js b/coselmar-ui/src/main/webapp/js/coselmar-controllers.js index cf7e392..f106eeb 100644 --- a/coselmar-ui/src/main/webapp/js/coselmar-controllers.js +++ b/coselmar-ui/src/main/webapp/js/coselmar-controllers.js @@ -424,9 +424,11 @@ coselmarControllers.controller("QuestionCtrl", ['$scope', '$route', '$routeParam } // call refresh for init - $scope.refreshExperts(""); - $scope.refreshClients(""); - $scope.refreshSupervisors(""); + if ($scope.editSession) { + $scope.refreshExperts(""); + $scope.refreshClients(""); + $scope.refreshSupervisors(""); + } // function to be sure to have same user objects in list var bindUsers = function(toDeal, index) { @@ -652,6 +654,15 @@ coselmarControllers.controller("QuestionCtrl", ['$scope', '$route', '$routeParam } } + $scope.isClient = function() { + var isClient = false; + angular.forEach($scope.question.clients, function(client) { + if (client.id == $scope.currentUser.id) { + isClient = true; + } + }); + return isClient; + } }]); diff --git a/coselmar-ui/src/main/webapp/views/questions/questions.html b/coselmar-ui/src/main/webapp/views/questions/questions.html index 970a32b..faec1db 100644 --- a/coselmar-ui/src/main/webapp/views/questions/questions.html +++ b/coselmar-ui/src/main/webapp/views/questions/questions.html @@ -43,32 +43,41 @@ <th>Submission Date</th> <th>Themes</th> <th>DeadLine</th> - <th>Clients</th> - <th>Participants</th> - <th>Documents</th> + <th ng-if="currentUser.role != 'MEMBER' && currentUser.role != 'CLIENT'">Clients</th> + <th ng-if="currentUser.role != 'MEMBER' && currentUser.role != 'CLIENT'">Participants</th> + <th ng-if="currentUser.role != 'MEMBER' && currentUser.role != 'CLIENT'">Documents</th> + <th ng-if="currentUser.role == 'MEMBER' || currentUser.role == 'CLIENT'">Status</th> <th></th> </tr> <tr ng-repeat="question in questions" > - <td><a href="#/questions/{{question.id}}" tooltip-placement="bottom" tooltip-html-unsafe="{{question.summary}}">{{question.title}}</a></td> + <td ng-if="currentUser.role != 'MEMBER'"><a href="#/questions/{{question.id}}" tooltip-placement="bottom" tooltip-html-unsafe="{{question.summary}}">{{question.title}}</a></td> + <td ng-if="currentUser.role == 'MEMBER'">{{question.title}}</td> + <td>{{question.submissionDate | date:'mediumDate'}}</td> + <td><span ng-repeat="theme in question.themes">{{theme}}, </span></td> + <td>{{question.deadline | date:'mediumDate'}}</td> + <!-- clients : we use ng-if for better tooltip management --> - <td ng-if="question.clients"> + <td ng-if="question.clients && currentUser.role != 'MEMBER' && currentUser.role != 'CLIENT'"> <span tooltip-placement="bottom" tooltip-html-unsafe="{{getUserNames(question.clients)}}" >{{question.clients.length}}</span> </td> - <td ng-if="!question.clients">0</td> + <td ng-if="!question.clients && currentUser.role != 'MEMBER' && currentUser.role != 'CLIENT'">0</td> + <!-- participants --> - <td ng-if="question.participants"> + <td ng-if="question.participants && currentUser.role != 'MEMBER' && currentUser.role != 'CLIENT'"> <span tooltip-placement="bottom" tooltip-html-unsafe="{{getUserNames(question.participants)}}" >{{question.participants.length}}</span> </td> - <td ng-if="!question.participants">0</td> + <td ng-if="!question.participants && currentUser.role != 'MEMBER' && currentUser.role != 'CLIENT'">0</td> <!-- related documents --> - <td ng-if="question.relatedDocuments"> + <td ng-if="question.relatedDocuments && currentUser.role != 'MEMBER' && currentUser.role != 'CLIENT'"> <span tooltip-placement="bottom" tooltip-html-unsafe="{{getDocumentTitles(question.relatedDocuments)}}" tooltip-trigger="mouseenter" >{{question.relatedDocuments.length}}</span> </td> - <td ng-if="!question.relatedDocuments">0</td> + <td ng-if="!question.relatedDocuments && currentUser.role != 'MEMBER' && currentUser.role != 'CLIENT'">0</td> + + <td ng-if="currentUser.role == 'MEMBER' || currentUser.role == 'CLIENT'">{{question.status}}</td> <td> <!--<a class="btn btn-action btn-disable" ng-click="closeQuestion(question.id)"--> diff --git a/coselmar-ui/src/main/webapp/views/questions/viewquestion.html b/coselmar-ui/src/main/webapp/views/questions/viewquestion.html index b1a5cc3..14e7c78 100644 --- a/coselmar-ui/src/main/webapp/views/questions/viewquestion.html +++ b/coselmar-ui/src/main/webapp/views/questions/viewquestion.html @@ -138,8 +138,8 @@ </div> </div> - <div class="form-group col-md-12" - ng-if="currentUser.role == 'SUPERVISOR' || currentUser.role == 'EXPERT'"> + <div class="form-group col-md-12" ng-if="currentUser.role == 'SUPERVISOR' + || (currentUser.role == 'EXPERT' && !isClient) "> <dl> <dt>Related Documents</dt> diff --git a/coselmar-ui/src/main/webapp/views/users/edituser.html b/coselmar-ui/src/main/webapp/views/users/edituser.html index 0d66e5a..057f72e 100644 --- a/coselmar-ui/src/main/webapp/views/users/edituser.html +++ b/coselmar-ui/src/main/webapp/views/users/edituser.html @@ -76,7 +76,7 @@ <div class="col-md-5"> <input type="text" class="form-control" name="phoneNumber" - ng-model="user.phoneNumber" required/> + ng-model="user.phoneNumber" /> </div> </div> -- To stop receiving notification emails like this one, please contact codelutin.com SCM administrator <admin+scm@codelutin.com>.