branch develop updated (5e0d885 -> c489e6a)
This is an automated email from the git hooks/post-receive script. New change to branch develop in repository coselmar. See http://git.codelutin.com/coselmar.git from 5e0d885 fixes #6504 change application title new 844afae supervisor can create client user new f13b8d3 allow supervisor to add client user from ui new 289e7d4 merge changes from develop new 78b17b9 supervisor is able to edit client profile new c489e6a fixes #6308 : Merge branch 'feature/6308-supervisor-can-create-client' into develop The 5 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference. Detailed log of new commits: commit c489e6a27a09922fc976f55f73f9ec2bfad8290c Merge: 5e0d885 78b17b9 Author: Yannick Martel <martel@©odelutin.com> Date: Tue Jan 20 15:17:13 2015 +0100 fixes #6308 : Merge branch 'feature/6308-supervisor-can-create-client' into develop commit 78b17b9621323d355d56c65f8564b56c09144f32 Author: Yannick Martel <martel@©odelutin.com> Date: Tue Jan 20 15:11:55 2015 +0100 supervisor is able to edit client profile commit 289e7d4e9928059ad06ebd6e947c4c983a283a5d Merge: f13b8d3 5e0d885 Author: Yannick Martel <martel@©odelutin.com> Date: Tue Jan 20 12:03:02 2015 +0100 merge changes from develop commit f13b8d3bb43a404bd46189546de68a4f73160d0f Author: Yannick Martel <martel@©odelutin.com> Date: Tue Jan 20 11:47:31 2015 +0100 allow supervisor to add client user from ui commit 844afae500a09f5c8fa15c8eb2f5a9c151d641a2 Author: Yannick Martel <martel@©odelutin.com> Date: Mon Jan 19 13:22:46 2015 +0100 supervisor can create client user Summary of changes: .../coselmar/services/v1/UsersWebService.java | 61 ++++++++-- coselmar-ui/src/main/webapp/index.html | 12 +- .../src/main/webapp/js/coselmar-controllers.js | 8 +- .../views/users/{users.html => adminUsers.html} | 14 +-- .../src/main/webapp/views/users/edituser.html | 13 ++- .../users/{users.html => supervisorUsers.html} | 49 ++------ coselmar-ui/src/main/webapp/views/users/users.html | 123 +-------------------- 7 files changed, 95 insertions(+), 185 deletions(-) copy coselmar-ui/src/main/webapp/views/users/{users.html => adminUsers.html} (94%) copy coselmar-ui/src/main/webapp/views/users/{users.html => supervisorUsers.html} (72%) -- To stop receiving notification emails like this one, please contact codelutin.com SCM administrator <admin+scm@codelutin.com>.
This is an automated email from the git hooks/post-receive script. New commit to branch develop in repository coselmar. See http://git.codelutin.com/coselmar.git commit 844afae500a09f5c8fa15c8eb2f5a9c151d641a2 Author: Yannick Martel <martel@©odelutin.com> Date: Mon Jan 19 13:22:46 2015 +0100 supervisor can create client user --- .../coselmar/services/v1/UsersWebService.java | 34 ++++++++++++++++++++-- .../src/main/webapp/js/coselmar-controllers.js | 9 +++++- .../src/main/webapp/views/users/edituser.html | 13 ++++++++- 3 files changed, 52 insertions(+), 4 deletions(-) diff --git a/coselmar-rest/src/main/java/fr/ifremer/coselmar/services/v1/UsersWebService.java b/coselmar-rest/src/main/java/fr/ifremer/coselmar/services/v1/UsersWebService.java index dcfcdcf..4f31179 100644 --- a/coselmar-rest/src/main/java/fr/ifremer/coselmar/services/v1/UsersWebService.java +++ b/coselmar-rest/src/main/java/fr/ifremer/coselmar/services/v1/UsersWebService.java @@ -93,7 +93,21 @@ public class UsersWebService extends CoselmarWebServiceSupport { return userBean; } - public List<UserBean> getUsers(UserSearchBean search) { + public List<UserBean> getUsers(UserSearchBean search) throws InvalidCredentialException, UnauthorizedException { + + // Check authentication + String authorization = getContext().getHeader("Authorization"); + UserWebToken userWebToken = checkAuthentication(authorization); + + // Who is allowed here ? Admin and user himself + if (!StringUtils.equals(userWebToken.getRole(), CoselmarUserRole.ADMIN.name()) + && !StringUtils.equals(userWebToken.getRole(), CoselmarUserRole.SUPERVISOR.name())) { + if (log.isDebugEnabled()) { + String message = String.format("A non admin, non supervisor user is trying to access users list"); + log.debug(message); + } + throw new UnauthorizedException("Not allowed to see users"); + } List<CoselmarUser> userList; if (search != null) { @@ -123,9 +137,25 @@ public class UsersWebService extends CoselmarWebServiceSupport { return result; } - public void addUser(UserBean user) throws InvalidParameterException { + public void addUser(UserBean user) throws InvalidParameterException, InvalidCredentialException, UnauthorizedException { Preconditions.checkNotNull(user); + // Check authentication + String authorization = getContext().getHeader("Authorization"); + UserWebToken userWebToken = checkAuthentication(authorization); + + // Who is allowed here ? Admin and user himself + if (!StringUtils.equals(userWebToken.getRole(), CoselmarUserRole.ADMIN.name()) + && (StringUtils.equals(userWebToken.getRole(), CoselmarUserRole.SUPERVISOR.name()) + && !StringUtils.equals(user.getRole(), CoselmarUserRole.CLIENT.name())) + ) { + if (log.isDebugEnabled()) { + String message = String.format("A non admin, non supervisor user is trying to access users list"); + log.debug(message); + } + throw new UnauthorizedException("Not allowed to see users"); + } + CoselmarUser userEntity = getCoselmarUserDao().create(); userEntity.setFirstname(user.getFirstName()); diff --git a/coselmar-ui/src/main/webapp/js/coselmar-controllers.js b/coselmar-ui/src/main/webapp/js/coselmar-controllers.js index 849873f..d1ae64b 100644 --- a/coselmar-ui/src/main/webapp/js/coselmar-controllers.js +++ b/coselmar-ui/src/main/webapp/js/coselmar-controllers.js @@ -286,7 +286,14 @@ coselmarControllers.controller("UsersCtrl", ['$scope', '$route', '$routeParams', // Controller for new user View coselmarControllers.controller("NewUserCtrl", ['$scope', '$route', '$location', 'userService', function($scope, $route, $location, userService){ - $scope.user = {'role' : 'EXPERT'}; + console.log($scope.currentUser); + if ($scope.currentUser.role == 'ADMIN') { + $scope.user = {'role' : 'EXPERT'}; + } else if ($scope.currentUser.role == 'SUPERVISOR') { + $scope.user = {'role' : 'CLIENT'}; + } else { + $location.path("403"); + } $scope.saveUser = function(isValidForm){ diff --git a/coselmar-ui/src/main/webapp/views/users/edituser.html b/coselmar-ui/src/main/webapp/views/users/edituser.html index 4bc5827..0c9f91e 100644 --- a/coselmar-ui/src/main/webapp/views/users/edituser.html +++ b/coselmar-ui/src/main/webapp/views/users/edituser.html @@ -21,7 +21,7 @@ <http://www.gnu.org/licenses/gpl-3.0.html>. #L% --> - <div class=""> + <div class="" ng-if="currentUser.role == 'ADMIN' || currentUser.role == 'SUPERVISOR'"> <form name="userForm" class="form-horizontal" role="form" ng-submit="saveUser(userForm.$valid)"> @@ -62,6 +62,17 @@ </div> + <div class="form-group" ng-if="currentUser.role == 'SUPERVISOR'"> + <label class="col-md-4 control-label">Role *</label> + + <div class="col-md-5"> + <select class="form-control" name="role" ng-model="user.role" required> + <option value="CLIENT">Client</option> + </select> + </div> + + </div> + <div class="form-group" ng-class="{'has-error' : userForm.mail.$invalid && !userForm.mail.$pristine}"> <label class="col-md-4 control-label">Mail *</label> -- To stop receiving notification emails like this one, please contact codelutin.com SCM administrator <admin+scm@codelutin.com>.
This is an automated email from the git hooks/post-receive script. New commit to branch develop in repository coselmar. See http://git.codelutin.com/coselmar.git commit f13b8d3bb43a404bd46189546de68a4f73160d0f Author: Yannick Martel <martel@©odelutin.com> Date: Tue Jan 20 11:47:31 2015 +0100 allow supervisor to add client user from ui --- coselmar-ui/src/main/webapp/index.html | 12 +- .../src/main/webapp/js/coselmar-controllers.js | 1 - .../views/users/{users.html => adminUsers.html} | 14 +-- .../users/{users.html => supervisorUsers.html} | 51 +-------- coselmar-ui/src/main/webapp/views/users/users.html | 123 +-------------------- 5 files changed, 19 insertions(+), 182 deletions(-) diff --git a/coselmar-ui/src/main/webapp/index.html b/coselmar-ui/src/main/webapp/index.html index bd194a0..ca492a1 100644 --- a/coselmar-ui/src/main/webapp/index.html +++ b/coselmar-ui/src/main/webapp/index.html @@ -35,7 +35,6 @@ <script src="webjars/angularjs/1.3.6/angular-route.js"></script> <script src="webjars/angularjs/1.3.6/angular-resource.js"></script> <script src="webjars/angularjs/1.3.6/angular-messages.js"></script> - <!--<script src="nuiton-js/angular-ui-bootstrap.js"></script>--> <script src="webjars/bootstrap/3.3.1/js/bootstrap.js"></script> <!--TODO ymartel 20141203 : extract version, or use wro --> @@ -75,12 +74,18 @@ <nav class="hidden-xs"> <ul class="nav navbar-nav"> <a href="#" role="button" class="navbar-brand">Coselmar Traceability</a> - <li ng-if="currentUser.role == 'ADMIN'"> - <a href="#/users" class="dropdown-toggle">User</a> + <li class="dropdown" ng-if="currentUser.role == 'ADMIN' || currentUser.role == 'SUPERVISOR'"> + <a class="dropdown-toggle" data-toggle="dropdown">Users<span class="caret"></span></a> + <ul class="dropdown-menu" role="menu"> + <li><a href="#/users" role="menuitem">List</a></li> + <li><a href="#/users/new" role="menuitem" ng-if="currentUser.role == 'ADMIN'">Add an user</a></li> + <li><a href="#/users/new" role="menuitem" ng-if="currentUser.role == 'SUPERVISOR'">Add a client</a></li> + </ul> </li> <li ng-if="currentUser"> <a href="#/documents" role="button" class="dropdown-toggle">Documents</a> </li> + <li class="dropdown" ng-if="currentUser"> <a class="dropdown-toggle" data-toggle="dropdown">Questions<span class="caret"></span></a> <ul class="dropdown-menu" role="menu"> @@ -88,6 +93,7 @@ <li><a href="#/questions/new" role="menuitem" ng-if="currentUser.role == 'SUPERVISOR'">Add a question</a></li> </ul> </li> + <li ng-if="currentUser"> <a href="#/referential" role="button" class="dropdown-toggle">Referential Search</a> </li> diff --git a/coselmar-ui/src/main/webapp/js/coselmar-controllers.js b/coselmar-ui/src/main/webapp/js/coselmar-controllers.js index d1ae64b..5d40401 100644 --- a/coselmar-ui/src/main/webapp/js/coselmar-controllers.js +++ b/coselmar-ui/src/main/webapp/js/coselmar-controllers.js @@ -286,7 +286,6 @@ coselmarControllers.controller("UsersCtrl", ['$scope', '$route', '$routeParams', // Controller for new user View coselmarControllers.controller("NewUserCtrl", ['$scope', '$route', '$location', 'userService', function($scope, $route, $location, userService){ - console.log($scope.currentUser); if ($scope.currentUser.role == 'ADMIN') { $scope.user = {'role' : 'EXPERT'}; } else if ($scope.currentUser.role == 'SUPERVISOR') { diff --git a/coselmar-ui/src/main/webapp/views/users/users.html b/coselmar-ui/src/main/webapp/views/users/adminUsers.html similarity index 94% copy from coselmar-ui/src/main/webapp/views/users/users.html copy to coselmar-ui/src/main/webapp/views/users/adminUsers.html index adff98a..766faa2 100644 --- a/coselmar-ui/src/main/webapp/views/users/users.html +++ b/coselmar-ui/src/main/webapp/views/users/adminUsers.html @@ -21,15 +21,8 @@ <http://www.gnu.org/licenses/gpl-3.0.html>. #L% --> -<div style="padding: 0px 0px 0px 30px"> - <div class="page-header" style="margin: 0"> - <h1> - <!-- Heading goes here --> - All Users - </h1> - </div> - <div class="table-responsive"> + <div class="table-responsive" ng-if="currentUser.role == 'ADMIN'"> <div class="row"> <div class="form-group col-md-5"> <a href="#/users/new" class="form-inline navbar-left btn btn-primary">Add an user</a> @@ -103,7 +96,7 @@ <th class="col-md-1"></th> </tr> <tr ng-repeat="user in users"> - <td><a href="#/users/{{user.id}}">{{user.firstname}} {{user.name}}</a></td> + <td><a href="#/users/{{user.id}}">{{user.firstName}} {{user.name}}</a></td> <td>{{user.mail}}</td> <td>{{user.qualification}}</td> <td>{{user.organization}}</td> @@ -127,5 +120,4 @@ </td> </tr> </table> - </div> -</div> \ No newline at end of file + </div> \ No newline at end of file diff --git a/coselmar-ui/src/main/webapp/views/users/users.html b/coselmar-ui/src/main/webapp/views/users/supervisorUsers.html similarity index 68% copy from coselmar-ui/src/main/webapp/views/users/users.html copy to coselmar-ui/src/main/webapp/views/users/supervisorUsers.html index adff98a..e28eb42 100644 --- a/coselmar-ui/src/main/webapp/views/users/users.html +++ b/coselmar-ui/src/main/webapp/views/users/supervisorUsers.html @@ -1,38 +1,8 @@ -<!-- - #%L - Coselmar :: UI - $Id:$ - $HeadURL:$ - %% - Copyright (C) 2014 Ifremer, Code Lutin - %% - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as - published by the Free Software Foundation, either version 3 of the - License, or (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public - License along with this program. If not, see - <http://www.gnu.org/licenses/gpl-3.0.html>. - #L% - --> -<div style="padding: 0px 0px 0px 30px"> - <div class="page-header" style="margin: 0"> - <h1> - <!-- Heading goes here --> - All Users - </h1> - </div> - <div class="table-responsive"> + <div class="table-responsive" ng-if="currentUser.role == 'SUPERVISOR'"> <div class="row"> <div class="form-group col-md-5"> - <a href="#/users/new" class="form-inline navbar-left btn btn-primary">Add an user</a> + <a href="#/users/new" class="form-inline navbar-left btn btn-primary">Add a client</a> </div> <form class="form-inline cold-md-7" name="userOptions" role="userOptions" ng-submit="searchUsers()" ng-if="!advanced"> <div class="form-group"> @@ -103,7 +73,7 @@ <th class="col-md-1"></th> </tr> <tr ng-repeat="user in users"> - <td><a href="#/users/{{user.id}}">{{user.firstname}} {{user.name}}</a></td> + <td>{{user.firstName}} {{user.name}}</td> <td>{{user.mail}}</td> <td>{{user.qualification}}</td> <td>{{user.organization}}</td> @@ -111,21 +81,10 @@ <td ng-if="user.active">Active</td> <td ng-if="!user.active">Disable</td> <td> - <a class="btn btn-action btn-edit" href="#/users/{{user.id}}?edit"> + <a class="btn btn-action btn-edit" href="#/users/{{user.id}}?edit" ng-if="user.role == 'CLIENT'"> <span class="glyphicon glyphicon-edit" aria-hidden="true"></span>Modify </a> - <a class="btn btn-action btn-disable" ng-if="user.active" - ng-confirm-message="Do you really want to disable this user ?" - ng-confirm-click="disableUser(user)"> - <span class="glyphicon glyphicon-remove" aria-hidden="true"></span>Disable - </a> - <a class="btn btn-action" ng-if="!user.active" - ng-click="enableUser(user)"> - <span class="glyphicon glyphicon-remove" aria-hidden="true"></span>Enable - </a> - <!--<a class="btn btn-primary" ng-if="!user.active" ng-click="enableUser(user.id)">Enable</a>--> </td> </tr> </table> - </div> -</div> \ No newline at end of file + </div> \ No newline at end of file diff --git a/coselmar-ui/src/main/webapp/views/users/users.html b/coselmar-ui/src/main/webapp/views/users/users.html index adff98a..3ca0c0e 100644 --- a/coselmar-ui/src/main/webapp/views/users/users.html +++ b/coselmar-ui/src/main/webapp/views/users/users.html @@ -1,26 +1,3 @@ -<!-- - #%L - Coselmar :: UI - $Id:$ - $HeadURL:$ - %% - Copyright (C) 2014 Ifremer, Code Lutin - %% - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as - published by the Free Software Foundation, either version 3 of the - License, or (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public - License along with this program. If not, see - <http://www.gnu.org/licenses/gpl-3.0.html>. - #L% - --> <div style="padding: 0px 0px 0px 30px"> <div class="page-header" style="margin: 0"> <h1> @@ -29,103 +6,7 @@ </h1> </div> - <div class="table-responsive"> - <div class="row"> - <div class="form-group col-md-5"> - <a href="#/users/new" class="form-inline navbar-left btn btn-primary">Add an user</a> - </div> - <form class="form-inline cold-md-7" name="userOptions" role="userOptions" ng-submit="searchUsers()" ng-if="!advanced"> - <div class="form-group"> - <input type="checkbox" class="form-control" ng-model="search.showDisable" /> - <span>Show Disable</span> - </div> - <div class="form-group"> - <input type="search" class="form-control" placeholder="Search an user" ng-model="search.searchKeyword" /> - </div> - <div class="form-group"> - <button type="submit" class="btn btn-default glyphicon glyphicon-search"></button> - </div> - </form> - </div> - <div class="row"> - <div class="form-group col-md-5" ng-show="!advanced"> - <a ng-click="advanced=true" class="fa fa-sort-down">Advanced Search</a> - </div> - <div class="form-group col-md-5" ng-show="advanced"> - <a ng-click="advanced=false" class="fa fa-sort-up">Simple Search</a> - </div> - </div> + <div ng-include="src='views/users/adminUsers.html'" ng-if="currentUser.role == 'ADMIN'"></div> + <div ng-include="src='views/users/supervisorUsers.html'" ng-if="currentUser.role == 'SUPERVISOR'"></div> - <br/> - <table class="table"> - <tr ng-if="advanced"> - <form class="form-inline" name="userFullOption" role="userFullOptions" ng-submit="advancedSearchUsers()"> - <td class="form-group"> - <input type="search" class="form-control" placeholder="Name" ng-model="example.name" /> - </td> - <td class="form-group"> - <input type="search" class="form-control" placeholder="Mail" ng-model="example.mail" /> - </td> - <td class="form-group"> - <input type="search" class="form-control" placeholder="Qualification" ng-model="example.qualification" /> - </td> - <td class="form-group"> - <input type="search" class="form-control" placeholder="Organization" ng-model="example.organization" /> - </td> - <td class="form-group"> - <select class="form-control" name="role" ng-model="example.role" title="role" > - <option value="ALL">All</option> - <option value="ADMIN">Admin</option> - <option value="SUPERVISOR">Supervisor</option> - <option value="EXPERT">Expert</option> - <option value="MEMBER">Member</option> - <option value="CLIENT">Client</option> - </select> - </td> - <td class="form-group"> - <select class="form-control" name="active" ng-model="example.active" title="active" > - <option value="true">Active</option> - <option value="false">Inactive</option> - </select> - </td> - <td class="form-group text-center"> - <button type="submit" class="btn btn-default fa fa-search" ng-click="advancedSearchUsers()">Search</button> - </td> - </form> - </tr> - <tr> - <th class="col-md-2">Name</th> - <th class="col-md-2">Mail</th> - <th class="col-md-2">Qualification</th> - <th class="col-md-2">Organization</th> - <th class="col-md-2">Role</th> - <th class="col-md-1">Status</th> - <th class="col-md-1"></th> - </tr> - <tr ng-repeat="user in users"> - <td><a href="#/users/{{user.id}}">{{user.firstname}} {{user.name}}</a></td> - <td>{{user.mail}}</td> - <td>{{user.qualification}}</td> - <td>{{user.organization}}</td> - <td>{{user.role}}</td> - <td ng-if="user.active">Active</td> - <td ng-if="!user.active">Disable</td> - <td> - <a class="btn btn-action btn-edit" href="#/users/{{user.id}}?edit"> - <span class="glyphicon glyphicon-edit" aria-hidden="true"></span>Modify - </a> - <a class="btn btn-action btn-disable" ng-if="user.active" - ng-confirm-message="Do you really want to disable this user ?" - ng-confirm-click="disableUser(user)"> - <span class="glyphicon glyphicon-remove" aria-hidden="true"></span>Disable - </a> - <a class="btn btn-action" ng-if="!user.active" - ng-click="enableUser(user)"> - <span class="glyphicon glyphicon-remove" aria-hidden="true"></span>Enable - </a> - <!--<a class="btn btn-primary" ng-if="!user.active" ng-click="enableUser(user.id)">Enable</a>--> - </td> - </tr> - </table> - </div> </div> \ No newline at end of file -- To stop receiving notification emails like this one, please contact codelutin.com SCM administrator <admin+scm@codelutin.com>.
This is an automated email from the git hooks/post-receive script. New commit to branch develop in repository coselmar. See http://git.codelutin.com/coselmar.git commit 289e7d4e9928059ad06ebd6e947c4c983a283a5d Merge: f13b8d3 5e0d885 Author: Yannick Martel <martel@©odelutin.com> Date: Tue Jan 20 12:03:02 2015 +0100 merge changes from develop coselmar-ui/src/main/webapp/index.html | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --cc coselmar-ui/src/main/webapp/index.html index ca492a1,f4a19ce..c7c1808 --- a/coselmar-ui/src/main/webapp/index.html +++ b/coselmar-ui/src/main/webapp/index.html @@@ -73,14 -74,9 +74,15 @@@ </div> <nav class="hidden-xs"> <ul class="nav navbar-nav"> - <a href="#" role="button" class="navbar-brand">Coselmar Traceability</a> + <a href="#" role="button" class="navbar-brand">Coselmar Platform</a> - <li ng-if="currentUser.role == 'ADMIN'"> - <a href="#/users" class="dropdown-toggle">User</a> ++ + <li class="dropdown" ng-if="currentUser.role == 'ADMIN' || currentUser.role == 'SUPERVISOR'"> + <a class="dropdown-toggle" data-toggle="dropdown">Users<span class="caret"></span></a> + <ul class="dropdown-menu" role="menu"> + <li><a href="#/users" role="menuitem">List</a></li> + <li><a href="#/users/new" role="menuitem" ng-if="currentUser.role == 'ADMIN'">Add an user</a></li> + <li><a href="#/users/new" role="menuitem" ng-if="currentUser.role == 'SUPERVISOR'">Add a client</a></li> + </ul> </li> <li ng-if="currentUser"> <a href="#/documents" role="button" class="dropdown-toggle">Documents</a> -- To stop receiving notification emails like this one, please contact codelutin.com SCM administrator <admin+scm@codelutin.com>.
This is an automated email from the git hooks/post-receive script. New commit to branch develop in repository coselmar. See http://git.codelutin.com/coselmar.git commit 78b17b9621323d355d56c65f8564b56c09144f32 Author: Yannick Martel <martel@©odelutin.com> Date: Tue Jan 20 15:11:55 2015 +0100 supervisor is able to edit client profile --- .../coselmar/services/v1/UsersWebService.java | 27 ++++++++++++++++------ .../main/webapp/views/users/supervisorUsers.html | 16 ++++++++++--- 2 files changed, 33 insertions(+), 10 deletions(-) diff --git a/coselmar-rest/src/main/java/fr/ifremer/coselmar/services/v1/UsersWebService.java b/coselmar-rest/src/main/java/fr/ifremer/coselmar/services/v1/UsersWebService.java index 4f31179..77c55b1 100644 --- a/coselmar-rest/src/main/java/fr/ifremer/coselmar/services/v1/UsersWebService.java +++ b/coselmar-rest/src/main/java/fr/ifremer/coselmar/services/v1/UsersWebService.java @@ -75,9 +75,12 @@ public class UsersWebService extends CoselmarWebServiceSupport { String authorization = getContext().getHeader("Authorization"); UserWebToken userWebToken = checkAuthentication(authorization); - // Who is allowed here ? Admin and user himself - if (!StringUtils.equals(userWebToken.getRole(), CoselmarUserRole.ADMIN.name()) - && !StringUtils.equals(userWebToken.getUserId(), userId)) { + // Who is allowed here ? Admin and user himself and Supervisor if user wanted is client + boolean isAdmin = StringUtils.equals(userWebToken.getRole(), CoselmarUserRole.ADMIN.name()); + boolean isSupervisor = StringUtils.equals(userWebToken.getRole(), CoselmarUserRole.SUPERVISOR.name()); + boolean isHimself = StringUtils.equals(userWebToken.getUserId(), userId); + + if (!isAdmin && !isSupervisor && !isHimself) { if (log.isDebugEnabled()) { String message = String.format("A non admin user try to see account details with shortId '%s'", userId); log.debug(message); @@ -89,6 +92,15 @@ public class UsersWebService extends CoselmarWebServiceSupport { String fullId = CoselmarUser.class.getCanonicalName() + getPersistenceContext().getTopiaIdFactory().getSeparator() + userId; CoselmarUser user = getCoselmarUserDao().forTopiaIdEquals(fullId).findUnique(); + + if (isSupervisor && user.getRole() != CoselmarUserRole.CLIENT) { + if (log.isDebugEnabled()) { + String message = String.format("A supervisor user try to see non client account details with shortId '%s'", userId); + log.debug(message); + } + throw new UnauthorizedException("Not allowed to see user details"); + } + UserBean userBean = BeanEntityConverter.toBean(userId, user); return userBean; } @@ -203,6 +215,7 @@ public class UsersWebService extends CoselmarWebServiceSupport { UserWebToken userWebToken = checkAuthentication(authorization); boolean isAdmin = StringUtils.equals(userWebToken.getRole(), CoselmarUserRole.ADMIN.name()); + boolean isSupervisor4Client = StringUtils.equals(userWebToken.getRole(), CoselmarUserRole.SUPERVISOR.name()) && StringUtils.equals(user.getRole(), CoselmarUserRole.CLIENT.name()); String userId = user.getId(); if (StringUtils.isBlank(userId)) { @@ -210,12 +223,12 @@ public class UsersWebService extends CoselmarWebServiceSupport { } // Admin does not need to give password, he should not know it anyway ! - if (StringUtils.isBlank(user.getPassword()) && !isAdmin) { + if (StringUtils.isBlank(user.getPassword()) && !isAdmin && !isSupervisor4Client) { throw new InvalidParameterException("User.password is mandatory"); } - // Who is allowed here ? Admin and user himself only - if (!isAdmin && !StringUtils.equals(userWebToken.getUserId(), userId)) { + // Who is allowed here ? Admin and user himself only and Supervisor if it is a "client" type user + if (!isAdmin && !StringUtils.equals(userWebToken.getUserId(), userId) && !isSupervisor4Client) { if (log.isDebugEnabled()) { String message = String.format("A non admin user try to modify account details with shortId '%s'", userId); log.debug(message); @@ -229,7 +242,7 @@ public class UsersWebService extends CoselmarWebServiceSupport { CoselmarUser coselmarUser = getCoselmarUserDao().forTopiaIdEquals(fullId).findAny(); // Last check : the password - if (!isAdmin) { + if (!isAdmin && !isSupervisor4Client) { checkPassword(coselmarUser.getPassword(), coselmarUser.getSalt(), user.getPassword()); } diff --git a/coselmar-ui/src/main/webapp/views/users/supervisorUsers.html b/coselmar-ui/src/main/webapp/views/users/supervisorUsers.html index e28eb42..cfc613b 100644 --- a/coselmar-ui/src/main/webapp/views/users/supervisorUsers.html +++ b/coselmar-ui/src/main/webapp/views/users/supervisorUsers.html @@ -80,11 +80,21 @@ <td>{{user.role}}</td> <td ng-if="user.active">Active</td> <td ng-if="!user.active">Disable</td> - <td> - <a class="btn btn-action btn-edit" href="#/users/{{user.id}}?edit" ng-if="user.role == 'CLIENT'"> - <span class="glyphicon glyphicon-edit" aria-hidden="true"></span>Modify + <td ng-if="user.role == 'CLIENT'"> + <a class="btn btn-action btn-edit" href="#/users/{{user.id}}?edit"> + <span class="fa fa-edit" aria-hidden="true"></span>Modify + </a> + <a class="btn btn-action btn-disable" ng-if="user.active" + ng-confirm-message="Do you really want to disable this user ?" + ng-confirm-click="disableUser(user)"> + <span class="fa fa-remove" aria-hidden="true"></span>Disable + </a> + <a class="btn btn-action" ng-if="!user.active" + ng-click="enableUser(user)"> + <span class="fa fa-remove" aria-hidden="true"></span>Enable </a> </td> + <td ng-if="user.role != 'CLIENT'"></td> </tr> </table> </div> \ No newline at end of file -- To stop receiving notification emails like this one, please contact codelutin.com SCM administrator <admin+scm@codelutin.com>.
This is an automated email from the git hooks/post-receive script. New commit to branch develop in repository coselmar. See http://git.codelutin.com/coselmar.git commit c489e6a27a09922fc976f55f73f9ec2bfad8290c Merge: 5e0d885 78b17b9 Author: Yannick Martel <martel@©odelutin.com> Date: Tue Jan 20 15:17:13 2015 +0100 fixes #6308 : Merge branch 'feature/6308-supervisor-can-create-client' into develop .../coselmar/services/v1/UsersWebService.java | 61 ++++++++-- coselmar-ui/src/main/webapp/index.html | 12 +- .../src/main/webapp/js/coselmar-controllers.js | 8 +- .../views/users/{users.html => adminUsers.html} | 14 +-- .../src/main/webapp/views/users/edituser.html | 13 ++- .../users/{users.html => supervisorUsers.html} | 49 ++------ coselmar-ui/src/main/webapp/views/users/users.html | 123 +-------------------- 7 files changed, 95 insertions(+), 185 deletions(-) -- To stop receiving notification emails like this one, please contact codelutin.com SCM administrator <admin+scm@codelutin.com>.
participants (1)
-
codelutin.com scm