branch develop updated (3dc7016 -> 6f71fb0)
This is an automated email from the git hooks/post-receive script. New change to branch develop in repository coselmar. See http://git.codelutin.com/coselmar.git from 3dc7016 fixes #7910 allow multi-add on keywords and themes new 6f71fb0 fixes #7915 be able to see every user information The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference. Detailed log of new commits: commit 6f71fb0f750f4a9357279924d7e469c2da9edece Author: Yannick Martel <martel@©odelutin.com> Date: Fri Jan 15 17:38:46 2016 +0100 fixes #7915 be able to see every user information Summary of changes: .../persistence/entity/QuestionTopiaDao.java | 2 +- .../coselmar/services/v1/UsersWebService.java | 30 +++++++++++----------- coselmar-ui/src/main/webapp/views/users/user.html | 7 ++++- 3 files changed, 22 insertions(+), 17 deletions(-) -- To stop receiving notification emails like this one, please contact codelutin.com SCM administrator <admin+scm@codelutin.com>.
This is an automated email from the git hooks/post-receive script. New commit to branch develop in repository coselmar. See http://git.codelutin.com/coselmar.git commit 6f71fb0f750f4a9357279924d7e469c2da9edece Author: Yannick Martel <martel@©odelutin.com> Date: Fri Jan 15 17:38:46 2016 +0100 fixes #7915 be able to see every user information --- .../persistence/entity/QuestionTopiaDao.java | 2 +- .../coselmar/services/v1/UsersWebService.java | 30 +++++++++++----------- coselmar-ui/src/main/webapp/views/users/user.html | 7 ++++- 3 files changed, 22 insertions(+), 17 deletions(-) diff --git a/coselmar-persistence/src/main/java/fr/ifremer/coselmar/persistence/entity/QuestionTopiaDao.java b/coselmar-persistence/src/main/java/fr/ifremer/coselmar/persistence/entity/QuestionTopiaDao.java index b854077..5ce33ab 100644 --- a/coselmar-persistence/src/main/java/fr/ifremer/coselmar/persistence/entity/QuestionTopiaDao.java +++ b/coselmar-persistence/src/main/java/fr/ifremer/coselmar/persistence/entity/QuestionTopiaDao.java @@ -143,7 +143,7 @@ public class QuestionTopiaDao extends AbstractQuestionTopiaDao<Question> { String clientCondition = DaoUtils.andAttributeContains("Q", Question.PROPERTY_CLIENTS, args, client); - hqlBuilder.append(" WHERE 1=1 AND (" + clientCondition + " ) "); + hqlBuilder.append(" WHERE 1=1 " + clientCondition + " "); if (searchExample != null) { String finerHql = refineSearch(searchExample, "Q", args); diff --git a/coselmar-rest/src/main/java/fr/ifremer/coselmar/services/v1/UsersWebService.java b/coselmar-rest/src/main/java/fr/ifremer/coselmar/services/v1/UsersWebService.java index 6d5ffd6..e4c72e6 100644 --- a/coselmar-rest/src/main/java/fr/ifremer/coselmar/services/v1/UsersWebService.java +++ b/coselmar-rest/src/main/java/fr/ifremer/coselmar/services/v1/UsersWebService.java @@ -87,27 +87,27 @@ public class UsersWebService extends CoselmarWebServiceSupport { boolean isAdmin = StringUtils.equals(userWebToken.getRole(), CoselmarUserRole.ADMIN.name()); boolean isSupervisor = StringUtils.equals(userWebToken.getRole(), CoselmarUserRole.SUPERVISOR.name()); boolean isHimself = StringUtils.equals(userWebToken.getUserId(), userId); - - if (!isAdmin && !isSupervisor && !isHimself) { - if (log.isDebugEnabled()) { - String message = String.format("A non admin user try to see account details with shortId '%s'", userId); - log.debug(message); - } - throw new UnauthorizedException("Not allowed to see user details"); - } +// +// if (!isAdmin && !isSupervisor && !isHimself) { +// if (log.isDebugEnabled()) { +// String message = String.format("A non admin user try to see account details with shortId '%s'", userId); +// log.debug(message); +// } +// throw new UnauthorizedException("Not allowed to see user details"); +// } // reconstitute full id String fullId = CoselmarUser.class.getCanonicalName() + getPersistenceContext().getTopiaIdFactory().getSeparator() + userId; CoselmarUser user = getCoselmarUserDao().forTopiaIdEquals(fullId).findUnique(); - if (isSupervisor && user.getRole() != CoselmarUserRole.CLIENT && !isHimself) { - if (log.isDebugEnabled()) { - String message = String.format("A supervisor user try to see non client account details with shortId '%s'", userId); - log.debug(message); - } - throw new UnauthorizedException("Not allowed to see user details"); - } +// if (isSupervisor && user.getRole() != CoselmarUserRole.CLIENT && !isHimself) { +// if (log.isDebugEnabled()) { +// String message = String.format("A supervisor user try to see non client account details with shortId '%s'", userId); +// log.debug(message); +// } +// throw new UnauthorizedException("Not allowed to see user details"); +// } UserBean userBean = BeanEntityConverter.toBean(userId, user); return userBean; diff --git a/coselmar-ui/src/main/webapp/views/users/user.html b/coselmar-ui/src/main/webapp/views/users/user.html index c30de13..b0e926c 100644 --- a/coselmar-ui/src/main/webapp/views/users/user.html +++ b/coselmar-ui/src/main/webapp/views/users/user.html @@ -56,7 +56,12 @@ </tr> </table> <div class="actions"> - <a class="btn btn-action btn-edit" ng-click="modifyUser()" ng-if="user.active">{{ 'common.button.edit' | translate }}</a> + <a class="btn btn-action btn-edit" ng-click="modifyUser()" + ng-if="user.active + && (context.currentUser.role == 'ADMIN' + || (context.currentUser.role == 'SUPERVISOR' && user.role == 'CLIENT') + || (context.currentUser.userId == user.id) + )">{{ 'common.button.edit' | translate }}</a> <a class="btn btn-action btn-edit" ng-confirm-message="user.message.disable" ng-confirm-click="disableUser()" -- To stop receiving notification emails like this one, please contact codelutin.com SCM administrator <admin+scm@codelutin.com>.
participants (1)
-
codelutin.com scm