Project

General

Profile

Revision 9c239e1b

ID9c239e1b6f406e7fab637657a12e9682c2754646
Parent 2ffe661a
Child f951fe45

Added by Andreas Kohlbecker over 2 years ago

fix #7359 CdmEditorPresenters check user permissions to set the editor to readoly if persission is insufficient
- also removing bug by which per-entity-permissions where granted to users when opening an editor

View differences:

src/main/java/eu/etaxonomy/vaadin/mvp/AbstractCdmEditorPresenter.java
21 21
import eu.etaxonomy.cdm.debug.PersistentContextAnalyzer;
22 22
import eu.etaxonomy.cdm.model.ICdmCacher;
23 23
import eu.etaxonomy.cdm.model.common.CdmBase;
24
import eu.etaxonomy.cdm.model.common.User;
24 25
import eu.etaxonomy.cdm.persistence.hibernate.permission.CRUD;
25 26
import eu.etaxonomy.cdm.persistence.hibernate.permission.CdmAuthority;
26 27
import eu.etaxonomy.cdm.service.CdmStore;
......
79 80
            UUID uuidIdentifier = (UUID)identifier;
80 81
            // CdmAuthority is needed before the bean is loaded into the session.
81 82
            // otherwise adding the authority to the user would cause a flush
82
            guaranteePerEntityCRUDPermissions(uuidIdentifier);
83 83
            cdmEntitiy = loadCdmEntity(uuidIdentifier);
84 84
        } else {
85 85
            cdmEntitiy = loadCdmEntity(null);
......
87 87
                guaranteePerEntityCRUDPermissions(cdmEntitiy);
88 88
            }
89 89
        }
90

  
91

  
90
        adaptToUserPermission(cdmEntitiy);
92 91
        cache = new CdmTransientEntityCacher(this);
93 92
        // need to use load but put see #7214
94 93
        cdmEntitiy = cache.load(cdmEntitiy);
......
97 96
        return cdmEntitiy;
98 97
    }
99 98

  
99
    /**
100
     * @param cdmEntitiy
101
     */
102
    private void adaptToUserPermission(DTO cdmEntitiy) {
103
        UserHelper userHelper = UserHelper.fromSession();
104
        boolean canDelte = userHelper.userHasPermission(cdmEntitiy, CRUD.DELETE);
105
        boolean canEdit = userHelper.userHasPermission(cdmEntitiy, CRUD.UPDATE);
106

  
107
        User user = userHelper.user();
108

  
109
        if(AbstractCdmPopupEditor.class.isAssignableFrom(getView().getClass())){
110
            AbstractCdmPopupEditor popupView = ((AbstractCdmPopupEditor)getView());
111

  
112
            if(!canEdit){
113
                popupView.setReadOnly(true); // never reset true to false here!
114
                logger.debug("setting editor to readonly");
115
            }
116
            if(!canDelte){
117
                popupView.withDeleteButton(false);
118
                logger.debug("removing delete button");
119
            }
120
        }
121

  
122
    }
100 123

  
101 124
    /**
102 125
     * @param identifier
src/main/java/eu/etaxonomy/vaadin/mvp/AbstractCdmPopupEditor.java
15 15

  
16 16
import com.vaadin.server.FontAwesome;
17 17
import com.vaadin.shared.ui.MarginInfo;
18
import com.vaadin.ui.AbstractComponentContainer;
18 19
import com.vaadin.ui.Button;
19 20
import com.vaadin.ui.Component;
20 21
import com.vaadin.ui.Layout;
......
104 105
    @Override
105 106
    public void setReadOnly(boolean readOnly) {
106 107
        super.setReadOnly(readOnly);
107
        getFieldLayout().iterator().forEachRemaining(c -> c.setReadOnly(readOnly));
108
        recursiveReadonly(readOnly, (AbstractComponentContainer)getFieldLayout());
109
    }
110

  
111
    /**
112
     * @param readOnly
113
     * @param layout
114
     */
115
    protected void recursiveReadonly(boolean readOnly, AbstractComponentContainer layout) {
116
        for(Component c : layout){
117
            c.setReadOnly(readOnly);
118
            if(c instanceof AbstractComponentContainer){
119
                recursiveReadonly(readOnly, layout);
120
            }
121
        }
108 122
    }
109 123

  
110 124

  

Also available in: Unified diff

Add picture from clipboard (Maximum size: 40 MB)