This is an automated email from the git hooks/post-receive script. New commit to branch hotfix/3.0.1 in repository pollen. See https://gitlab.nuiton.org/chorem/pollen.git commit b1ba1d22f597e297b0137664cbda9342379d6a46 Author: Sylvain Bavencoff <bavencoff@codelutin.com> Date: Tue Oct 3 09:33:56 2017 +0200 correction vote pour un sondage restreint par le créateur connecté avec le token d'un autre invité --- .../pollen/services/service/VoteService.java | 93 ++++++++++++++++------ .../services/service/security/SecurityService.java | 32 ++++++-- pollen-ui-riot-js/src/main/web/js/Poll.js | 44 +++++----- 3 files changed, 116 insertions(+), 53 deletions(-) diff --git a/pollen-services/src/main/java/org/chorem/pollen/services/service/VoteService.java b/pollen-services/src/main/java/org/chorem/pollen/services/service/VoteService.java index c2e2838e..3d5b4eb2 100644 --- a/pollen-services/src/main/java/org/chorem/pollen/services/service/VoteService.java +++ b/pollen-services/src/main/java/org/chorem/pollen/services/service/VoteService.java @@ -24,6 +24,7 @@ package org.chorem.pollen.services.service; import org.apache.commons.collections4.CollectionUtils; import org.chorem.pollen.persistence.entity.Choice; import org.chorem.pollen.persistence.entity.Poll; +import org.chorem.pollen.persistence.entity.PollType; import org.chorem.pollen.persistence.entity.PollenPrincipal; import org.chorem.pollen.persistence.entity.PollenUser; import org.chorem.pollen.persistence.entity.Polls; @@ -84,23 +85,43 @@ public class VoteService extends PollenServiceSupport { PollenPrincipal mainPrincipal = getSecurityContext().getMainPrincipal(); PollenUser connectedUser = getConnectedUser(); - if (mainPrincipal != null) { - - voteBean.setVoterName(mainPrincipal.getName()); + Poll poll = getPollService().getPoll0(pollId); + if (poll.getPollType() == PollType.RESTRICTED) { + // si si le mainPrincipal a voté List<VoterListMember> voterListMembers = getVoterListMemberDao() .forEquals(VoterListMember.PROPERTY_MEMBER + "." + PollenPrincipal.PROPERTY_EMAIL, mainPrincipal.getEmail()) .addEquals(VoterListMember.PROPERTY_VOTER_LIST + "." + VoterList.PROPERTY_POLL + "." + Poll.PROPERTY_TOPIA_ID, pollId) .findAll(); - if (voterListMembers != null) { + + + if (CollectionUtils.isNotEmpty(voterListMembers) && !getVoteDao().forPollEquals(poll).addEquals(Vote.PROPERTY_VOTER, mainPrincipal).exists()) { + voteBean.setVoterName(mainPrincipal.getName()); voteBean.setVoterListMembers(voterListMembers); - // fixme bavencoff 17/05/2017 faut-il toujour garder le poid sur le vote ?? et pas sur le VoterListMember - //voteBean.setWeight(voterListMember.getWeight()); + } else { + voteBean.setVoterName(connectedUser.getName()); } - } else if (connectedUser != null) { - voteBean.setVoterName(connectedUser.getName()); - + } else { + + if (mainPrincipal != null) { + + voteBean.setVoterName(mainPrincipal.getName()); + + List<VoterListMember> voterListMembers = getVoterListMemberDao() + .forEquals(VoterListMember.PROPERTY_MEMBER + "." + PollenPrincipal.PROPERTY_EMAIL, mainPrincipal.getEmail()) + .addEquals(VoterListMember.PROPERTY_VOTER_LIST + "." + VoterList.PROPERTY_POLL + "." + Poll.PROPERTY_TOPIA_ID, pollId) + .findAll(); + if (voterListMembers != null) { + voteBean.setVoterListMembers(voterListMembers); + // fixme bavencoff 17/05/2017 faut-il toujour garder le poid sur le vote ?? et pas sur le VoterListMember + //voteBean.setWeight(voterListMember.getWeight()); + } + } else if (connectedUser != null) { + + voteBean.setVoterName(connectedUser.getName()); + + } } return voteBean; @@ -285,29 +306,55 @@ public class VoteService extends PollenServiceSupport { toSave = getVote(poll, vote.getEntityId()); } else { - toSave = getVoteDao().create(); // toSave.setPostDate(serviceContext.getNow()); - PollenPrincipal principal = getSecurityContext().getMainPrincipal(); - if (principal != null) { - List<VoterListMember> voterListMembers = getVoterListMemberDao().forMemberEquals(principal) + PollenPrincipal mainPrincipal = getSecurityContext().getMainPrincipal(); + + if (Polls.isPollRestricted(poll)) { + + // si si le mainPrincipal a voté + List<VoterListMember> voterListMembers = getVoterListMemberDao() + .forEquals(VoterListMember.PROPERTY_MEMBER + "." + PollenPrincipal.PROPERTY_EMAIL, mainPrincipal.getEmail()) .addEquals(VoterListMember.PROPERTY_VOTER_LIST + "." + VoterList.PROPERTY_POLL, poll) .findAll(); - if (!voterListMembers.isEmpty()) { + + + if (CollectionUtils.isNotEmpty(voterListMembers) && !getVoteDao().forPollEquals(poll).addEquals(Vote.PROPERTY_VOTER, mainPrincipal).exists()) { + // vote pour le mainPrincipal + toSave.setVoterListMember(voterListMembers); + toSave.setVoter(mainPrincipal); + } else { + // vote pour le connectedUser + voterListMembers = getVoterListMemberDao() + .forEquals(VoterListMember.PROPERTY_MEMBER + "." + PollenPrincipal.PROPERTY_POLLEN_USER, getConnectedUser()) + .addEquals(VoterListMember.PROPERTY_VOTER_LIST + "." + VoterList.PROPERTY_POLL, poll) + .findAll(); toSave.setVoterListMember(voterListMembers); + toSave.setVoter(voterListMembers.get(0).getMember()); + } + + } else { + + if (mainPrincipal != null) { + List<VoterListMember> voterListMembers = getVoterListMemberDao().forMemberEquals(mainPrincipal) + .addEquals(VoterListMember.PROPERTY_VOTER_LIST + "." + VoterList.PROPERTY_POLL, poll) + .findAll(); + if (!voterListMembers.isEmpty()) { + toSave.setVoterListMember(voterListMembers); - // FIXME bavencoff 17/05/2017 ne poids ne devrai plus etre enregistré dans le vote - //toSave.setWeight(voterListMember.getWeight()); - toSave.setVoter(principal); + // FIXME bavencoff 17/05/2017 ne poids ne devrai plus etre enregistré dans le vote + //toSave.setWeight(voterListMember.getWeight()); + toSave.setVoter(mainPrincipal); + } } - } - // -- author -- // - if (toSave.getVoter() == null) { - toSave.setWeight(1); - PollenPrincipal author = getSecurityService().generatePollenPrincipal(); - toSave.setVoter(author); + // -- author -- // + if (toSave.getVoter() == null) { + toSave.setWeight(1); + PollenPrincipal author = getSecurityService().generatePollenPrincipal(); + toSave.setVoter(author); + } } toSave.setPoll(poll); diff --git a/pollen-services/src/main/java/org/chorem/pollen/services/service/security/SecurityService.java b/pollen-services/src/main/java/org/chorem/pollen/services/service/security/SecurityService.java index f351b350..bb9c6da5 100644 --- a/pollen-services/src/main/java/org/chorem/pollen/services/service/security/SecurityService.java +++ b/pollen-services/src/main/java/org/chorem/pollen/services/service/security/SecurityService.java @@ -58,6 +58,8 @@ import org.chorem.pollen.persistence.entity.ResultVisibility; import org.chorem.pollen.persistence.entity.SessionToken; import org.chorem.pollen.persistence.entity.Vote; import org.chorem.pollen.persistence.entity.VoteVisibility; +import org.chorem.pollen.persistence.entity.VoterList; +import org.chorem.pollen.persistence.entity.VoterListMember; import org.chorem.pollen.services.PollenServiceContext; import org.chorem.pollen.services.bean.PaginationParameterBean; import org.chorem.pollen.services.bean.PollenEntityRef; @@ -589,7 +591,7 @@ public class SecurityService extends PollenServiceSupport { } for (Poll poll : invitedPoll) { - generatePollVoterPermission(permissions, poll); + generatePollVoterPermission(permissions, poll, principals); } PrincipalByType principalByType = resolvePrincipals(principals); @@ -666,11 +668,7 @@ public class SecurityService extends PollenServiceSupport { for (Vote vote : principalByType.votes) { permissions.add(createWildcardSubjectPermission(vote)); if (vote.getPoll().getVoteVisibility() == VoteVisibility.VOTER) { - generatePollVoterPermission(permissions, vote.getPoll()); - } - - if (vote.getPoll().getPollType() != PollType.FREE) { - permissions.remove(createSubjectPermission(PermissionVerb.addVote, vote.getPoll())); + generatePollVoterPermission(permissions, vote.getPoll(), principals); } } @@ -729,9 +727,29 @@ public class SecurityService extends PollenServiceSupport { } - protected void generatePollVoterPermission(Set<String> permissions, Poll poll) { + protected void generatePollVoterPermission(Set<String> permissions, Poll poll, Set<PollenPrincipal> principals) { generatePollPublicPermission(permissions, poll); + if (poll.getPollType() != PollType.FREE) { + + boolean removeAddVote = principals.stream() + .map(principal -> + !getVoterListMemberDao() + .forMemberEquals(principal) + .addEquals(VoterListMember.PROPERTY_VOTER_LIST + "." + VoterList.PROPERTY_POLL, poll) + .exists() + || + getVoteDao().forPollEquals(poll).addEquals(Vote.PROPERTY_VOTER, principal).exists()) + .reduce(true, (a, b) -> a && b); + + if (removeAddVote) { + + permissions.remove(createSubjectPermission(PermissionVerb.addVote, poll)); + + } + } + + if (poll.getCommentVisibility() == CommentVisibility.VOTER) { permissions.add(createSubjectPermission(PermissionVerb.readComment, poll)); diff --git a/pollen-ui-riot-js/src/main/web/js/Poll.js b/pollen-ui-riot-js/src/main/web/js/Poll.js index 7c46a2e5..25518a5c 100644 --- a/pollen-ui-riot-js/src/main/web/js/Poll.js +++ b/pollen-ui-riot-js/src/main/web/js/Poll.js @@ -8,12 +8,12 @@ * it under the terms of the GNU Affero General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. - * + * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. - * + * * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see <http://www.gnu.org/licenses/>. * #L% @@ -47,9 +47,7 @@ class Poll { delete this.votePermission; Object.assign(this, result); this.voteId = voteId; - if (!this.permission) { - this.votePermission = permission; - } + this.votePermission = permission; this.choices = undefined; this.comments = undefined; this.results = undefined; @@ -61,12 +59,12 @@ class Poll { } getPermission() { - return this.permission || this.votePermission; + return this.votePermission || this.permission; } reloadPoll() { if (this.id) { - return pollService.getPoll(this.id, this.permission || this.votePermission).then(result => { + return pollService.getPoll(this.id, this.getPermission()).then(result => { Object.assign(this, result); bus.trigger("poll", this); return Promise.resolve(this); @@ -91,7 +89,7 @@ class Poll { loadChoices() { if (this.id) { - return choiceService.getChoices(this.id, this.permission || this.votePermission) + return choiceService.getChoices(this.id, this.getPermission()) .then(result => { this.choices = result; bus.trigger("poll", this); @@ -133,7 +131,7 @@ class Poll { promise = Promise.resolve(choice); } return promise.then(choice2 => { - return choiceService.addChoice(this.id, choice2, this.permission || this.votePermission).then(() => { + return choiceService.addChoice(this.id, choice2, this.getPermission()).then(() => { return Promise.all([this.reloadPoll(), this.loadChoices()]); }); }); @@ -143,7 +141,7 @@ class Poll { loadLazyVotes(pagination) { if (this._initPromise) { - return voteService.getVotes(this.id, pagination, this.votePermission || this.permission).then((result) => { + return voteService.getVotes(this.id, pagination, this.getPermission()).then((result) => { if (this.voteIsVisible) { this.voteCount = result.pagination.count; } @@ -157,14 +155,14 @@ class Poll { if (this._initPromise) { return this._initPromise.then(() => { var promises = [ - choiceService.getChoices(this.id, this.permission || this.votePermission), + choiceService.getChoices(this.id, this.getPermission()), voteCountingTypeService.getVoteCountingType(this.voteCountingType) ]; if (this.resultIsVisible) { - promises.push(resultService.getResults(this.id, this.permission || this.votePermission)); + promises.push(resultService.getResults(this.id, this.getPermission())); } if (this.canVote) { - promises.push(voteService.getNewVote(this.id, this.permission || this.votePermission)); + promises.push(voteService.getNewVote(this.id, this.getPermission())); } return Promise.all(promises).then(resultsArray => { let indexResult = 0; @@ -218,8 +216,8 @@ class Poll { return this._initPromise.then(() => { if (this.resultIsVisible) { return Promise.all([ - choiceService.getChoices(this.id, this.permission || this.votePermission), - resultService.getResults(this.id, this.permission || this.votePermission)]).then(resultsArray => { + choiceService.getChoices(this.id, this.getPermission()), + resultService.getResults(this.id, this.getPermission())]).then(resultsArray => { this.choices = resultsArray[0]; this.choiceCount = this.choices.length; this.results = resultsArray[1]; @@ -263,7 +261,7 @@ class Poll { loadCommentAuthorName() { if (this._initPromise) { return this._initPromise.then(() => { - return commentService.getNewComment(this.id, this.permission || this.votePermission).then((result) => { + return commentService.getNewComment(this.id, this.getPermission()).then((result) => { this.authorName = result.authorName; pageTracker.trackComments(); bus.trigger("poll", this); @@ -277,7 +275,7 @@ class Poll { loadLazyComments(pagination) { if (this._initPromise) { return this._initPromise.then(() => { - return commentService.getComments(this.id, pagination, this.permission || this.votePermission).then((result) => { + return commentService.getComments(this.id, pagination, this.getPermission()).then((result) => { this.commentCount = result.pagination.count; bus.trigger("poll", this); return result; @@ -289,7 +287,7 @@ class Poll { addVote(vote) { if (this.id) { - return voteService.addVote(this.id, vote, this.votePermission || this.permission).then((result) => { + return voteService.addVote(this.id, vote, this.getPermission()).then((result) => { pageTracker.trackVote(); this.voteId = result.id; @@ -302,7 +300,7 @@ class Poll { updateVote(vote) { if (this.id) { - return voteService.updateVote(this.id, vote, this.votePermission || this.permission || vote.permission || "").then(() => { + return voteService.updateVote(this.id, vote, this.getPermission() || vote.permission || "").then(() => { return this.reloadPoll(); }); } @@ -311,7 +309,7 @@ class Poll { deleteVote(vote) { if (this.id) { - return voteService.deleteVote(this.id, vote.id, this.votePermission || this.permission || vote.permission || "").then(() => { + return voteService.deleteVote(this.id, vote.id, this.getPermission() || vote.permission || "").then(() => { return this.reloadPoll(); }); } @@ -328,7 +326,7 @@ class Poll { authorName: authorName, text: text }; - return commentService.createComment(this.id, form, this.permission || this.votePermission).then((comment) => { + return commentService.createComment(this.id, form, this.getPermission()).then((comment) => { pageTracker.trackAddComment(); return comment; }); @@ -338,14 +336,14 @@ class Poll { updateComment(comment) { if (this.id) { - return commentService.updateComment(this.id, comment, this.permission || comment.permission || ""); + return commentService.updateComment(this.id, comment, this.getPermission() || ""); } return Promise.reject("Init poll after update comment"); } deleteComment(comment) { if (this.id) { - return commentService.deleteComment(this.id, comment.id, this.permission || comment.permission || ""); + return commentService.deleteComment(this.id, comment.id, this.getPermission() || ""); } return Promise.reject("Init poll after delete comment"); } -- To stop receiving notification emails like this one, please contact chorem.org SCM administrator <admin+scm@chorem.org>.