RenJuan/TASKPM
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

ItEr45S09CUAsignarUsuarioAProxectoPlanificacionItEr44S14: Block the delete button when there's no write permission.

Browse source 
The delete operation can't be finished without edit permission over the order,
and the button is disabled.
This commit is contained in:
Jacobo Aragunde Pérez 2010-01-27 12:05:27 +01:00 committed by Javier Moran Rua
parent ad5376aebc
commit a582ff170a
3 changed files with 58 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
navalplanner-webapp/src/main/java/org/navalplanner/web/orders/IOrderModel.java
View file

@ -119,4 +119,6 @@ public interface IOrderModel {
boolean userCanRead(Order order, String loginName);
boolean userCanWrite(Order order, String loginName);
}

54
navalplanner-webapp/src/main/java/org/navalplanner/web/orders/OrderCRUDController.java
View file

@ -471,16 +471,26 @@ public class OrderCRUDController extends GenericForwardComposer {
}
public void confirmRemove(Order order) {
try {
int status = Messagebox.show(_("Confirm deleting {0}. Are you sure?", order.getName()), "Delete",
Messagebox.OK | Messagebox.CANCEL, Messagebox.QUESTION);
if (Messagebox.OK == status) {
remove(order);
if(orderModel.userCanWrite(order, SecurityUtils.getSessionUserLoginName())) {
try {
int status = Messagebox.show(_("Confirm deleting {0}. Are you sure?", order.getName()),
"Delete", Messagebox.OK | Messagebox.CANCEL, Messagebox.QUESTION);
if (Messagebox.OK == status) {
remove(order);
}
} catch (InterruptedException e) {
messagesForUser.showMessage(
Level.ERROR, e.getMessage());
LOG.error(_("Error on showing removing element: ", order.getId()), e);
}
}
else {
try {
Messagebox.show(_("You don't have permissions to edit this order"),
_("Information"), Messagebox.OK, Messagebox.INFORMATION);
} catch (InterruptedException e) {
throw new RuntimeException(e);
}
} catch (InterruptedException e) {
messagesForUser.showMessage(
Level.ERROR, e.getMessage());
LOG.error(_("Error on showing removing element: ", order.getId()), e);
}
}
@ -732,18 +742,20 @@ public class OrderCRUDController extends GenericForwardComposer {
}
private void appendButtonDelete(final Hbox hbox, final Order order) {
Button buttonDelete = new Button();
buttonDelete.setSclass("icono");
buttonDelete.setImage("/common/img/ico_borrar1.png");
buttonDelete.setHoverImage("/common/img/ico_borrar.png");
buttonDelete.setTooltiptext(_("Delete"));
buttonDelete.addEventListener("onClick",new EventListener() {
@Override
public void onEvent(Event event) throws Exception {
confirmRemove(order);
}
});
hbox.appendChild(buttonDelete);
if(orderModel.userCanWrite(order, SecurityUtils.getSessionUserLoginName())) {
Button buttonDelete = new Button();
buttonDelete.setSclass("icono");
buttonDelete.setImage("/common/img/ico_borrar1.png");
buttonDelete.setHoverImage("/common/img/ico_borrar.png");
buttonDelete.setTooltiptext(_("Delete"));
buttonDelete.addEventListener("onClick",new EventListener() {
@Override
public void onEvent(Event event) throws Exception {
confirmRemove(order);
}
});
hbox.appendChild(buttonDelete);
}
}
private void appendButtonPlan(final Hbox hbox, final Order order) {

23
navalplanner-webapp/src/main/java/org/navalplanner/web/orders/OrderModel.java
View file

@ -720,4 +720,27 @@ public class OrderModel implements IOrderModel {
return false;
}
@Override
@Transactional(readOnly = true)
public boolean userCanWrite(Order order, String loginName) {
if (SecurityUtils.isUserInRole(UserRole.ROLE_EDIT_ALL_ORDERS)) {
return true;
}
try {
User user = userDAO.findByLoginName(loginName);
for(OrderAuthorization authorization :
orderAuthorizationDAO.listByOrderUserAndItsProfiles(order, user)) {
if(authorization.getAuthorizationType() ==
OrderAuthorizationType.WRITE_AUTHORIZATION) {
return true;
}
}
}
catch(InstanceNotFoundException e) {
//this case shouldn't happen, because it would mean that there isn't a logged user
//anyway, if it happenned we don't allow the user to pass
}
return false;
}
}