This is an automated email from the git hooks/post-receive script. New commit to branch develop in repository pollen. See http://git.chorem.org/pollen.git commit 59e2c4b70cf1a9e9a8d1327195ab8693aa6049f9 Author: Adrien Garandel <a.garandel@dralagen.fr> Date: Wed Jul 30 17:05:14 2014 +0200 Improve permission for delete choice --- .../chorem/pollen/services/bean/ChoiceBean.java | 10 ++++++++++ .../pollen/services/service/ChoiceService.java | 2 ++ .../services/service/security/SecurityService.java | 23 ++++++++++++++-------- .../src/main/webapp/js/controllers/pollCtrl.js | 16 ++++----------- .../src/main/webapp/partials/poll-popupChoice.html | 2 +- 5 files changed, 32 insertions(+), 21 deletions(-) diff --git a/pollen-services/src/main/java/org/chorem/pollen/services/bean/ChoiceBean.java b/pollen-services/src/main/java/org/chorem/pollen/services/bean/ChoiceBean.java index 5b2ffb4..b469956 100644 --- a/pollen-services/src/main/java/org/chorem/pollen/services/bean/ChoiceBean.java +++ b/pollen-services/src/main/java/org/chorem/pollen/services/bean/ChoiceBean.java @@ -43,6 +43,8 @@ public class ChoiceBean extends PollenBean<Choice> { protected String description; + protected boolean choiceIsDeletable; + public ChoiceBean() { super(Choice.class); } @@ -164,4 +166,12 @@ public class ChoiceBean extends PollenBean<Choice> { public void setChoiceOrder(int choiceOrder) { this.choiceOrder = choiceOrder; } + + public boolean isChoiceIsDeletable() { + return choiceIsDeletable; + } + + public void setChoiceIsDeletable(boolean choiceIsDeletable) { + this.choiceIsDeletable = choiceIsDeletable; + } } diff --git a/pollen-services/src/main/java/org/chorem/pollen/services/service/ChoiceService.java b/pollen-services/src/main/java/org/chorem/pollen/services/service/ChoiceService.java index b081f6a..c6ce328 100644 --- a/pollen-services/src/main/java/org/chorem/pollen/services/service/ChoiceService.java +++ b/pollen-services/src/main/java/org/chorem/pollen/services/service/ChoiceService.java @@ -56,6 +56,8 @@ public class ChoiceService extends PollenServiceSupport { input.setChoiceValue(getPollenResourceService().getReduceIdByTopiaId(input.getChoiceValue())); } + input.setChoiceIsDeletable(isPermitted(PermissionVerb.deleteChoice, input.getEntityId())); + return input; } }; diff --git a/pollen-services/src/main/java/org/chorem/pollen/services/service/security/SecurityService.java b/pollen-services/src/main/java/org/chorem/pollen/services/service/security/SecurityService.java index 2fb04c8..c2e3342 100644 --- a/pollen-services/src/main/java/org/chorem/pollen/services/service/security/SecurityService.java +++ b/pollen-services/src/main/java/org/chorem/pollen/services/service/security/SecurityService.java @@ -463,14 +463,6 @@ public class SecurityService extends PollenServiceSupport { // creator has all rights on the poll, choices and comments, but can only read votes permissions.add(createWildcardSubjectPermission(poll)); - // add choices permissions - - List<Choice> choices = getChoiceDao().forPollEquals(poll).findAll(); - if (CollectionUtils.isNotEmpty(choices)) { - for (Choice choice : choices) { - permissions.add(createWildcardSubjectPermission(choice)); - } - } // add comment permissions @@ -490,6 +482,21 @@ public class SecurityService extends PollenServiceSupport { } } + // add choices permissions + + List<Choice> choices = getChoiceDao().forPollEquals(poll).findAll(); + if (CollectionUtils.isNotEmpty(choices)) { + for (Choice choice : choices) { + if (CollectionUtils.isEmpty(votes)) { + permissions.add(createWildcardSubjectPermission(choice)); + } + else { + // can only read or edit the choice because have vote + permissions.add(createSubjectPermission(PermissionVerb.readChoice, choice)); + permissions.add(createSubjectPermission(PermissionVerb.editChoice, choice)); + } + } + } } return permissions; diff --git a/pollen-ui-angular/src/main/webapp/js/controllers/pollCtrl.js b/pollen-ui-angular/src/main/webapp/js/controllers/pollCtrl.js index bd9b1f6..3a14bdf 100644 --- a/pollen-ui-angular/src/main/webapp/js/controllers/pollCtrl.js +++ b/pollen-ui-angular/src/main/webapp/js/controllers/pollCtrl.js @@ -347,7 +347,8 @@ angular.module('pollControllers', ['ngRoute', 'pollenServices', 'pascalprecht.tr var initChoice = function () { return { choiceType : $scope.globalVariables.lastType, - choiceValue : '' + choiceValue : '', + choiceIsDeletable: true }; } @@ -407,7 +408,7 @@ angular.module('pollControllers', ['ngRoute', 'pollenServices', 'pascalprecht.tr } $scope.deleteChoice = function (choice) { - if (angular.isDefined($routeParams.pollId)) { + if (angular.isDefined($routeParams.pollId) && angular.isDefined(choice.id)) { PollChoice.remove({pollId:$routeParams.pollId, permission:$scope.globalVariables.pollToken, choiceId: choice.id}, function () { $rootScope.$broadcast('newSuccess', 'poll.saved'); deleteChoice(choice); @@ -994,16 +995,7 @@ angular.module('pollControllers', ['ngRoute', 'pollenServices', 'pascalprecht.tr ch = $scope.postReceiveChoice(ch); }) $scope.data.vote = {}; - $scope.data.vote.choice = $scope.data.choices; - }); - - PollVote.query({pollId:$routeParams.pollId}, function (votes) { - $scope.data.votants = votes; - angular.forEach($scope.data.votants, function (vote) { - angular.forEach(vote.choice, function (choice) { - choice.voteValue = $scope.getChoiceValue(choice.voteValue); - }) - }); + $scope.data.vote.choice = angular.copy($scope.data.choices); }); }; $scope.pollDeferred.promise.then(function () { diff --git a/pollen-ui-angular/src/main/webapp/partials/poll-popupChoice.html b/pollen-ui-angular/src/main/webapp/partials/poll-popupChoice.html index 07c7d20..86f7dd8 100644 --- a/pollen-ui-angular/src/main/webapp/partials/poll-popupChoice.html +++ b/pollen-ui-angular/src/main/webapp/partials/poll-popupChoice.html @@ -69,7 +69,7 @@ </div> </div> <div class="modal-footer"> - <button type="button" class="btn btn-danger" ng-click="deleteChoice(choice)"><span class="glyphicon glyphicon-trash"></span> Supprimer</button> + <button type="button" class="btn btn-danger" ng-if="choice.choiceIsDeletable" ng-click="deleteChoice(choice)"><span class="glyphicon glyphicon-trash"></span> Supprimer</button> <button type="button" class="btn btn-default" ng-click="cancelChoice()"><span class="glyphicon glyphicon-remove"></span> Annuler</button> <button type="button" class="btn btn-primary" ng-click="saveChoice()"><span class="glyphicon glyphicon-save"></span> Sauvegarder</button> </div> -- To stop receiving notification emails like this one, please contact chorem.org SCM administrator <admin+scm@chorem.org>.