Project

General

Profile

« Previous | Next » 

Revision 9c239e1b

Added by Andreas Kohlbecker about 6 years ago

fix #7359 CdmEditorPresenters check user permissions to set the editor to readoly if persission is insufficient

  • also removing bug by which per-entity-permissions where granted to users when opening an editor

View differences:

src/main/java/eu/etaxonomy/vaadin/mvp/AbstractCdmEditorPresenter.java
21 21 
import eu.etaxonomy.cdm.debug.PersistentContextAnalyzer;
22 22 
import eu.etaxonomy.cdm.model.ICdmCacher;
23 23 
import eu.etaxonomy.cdm.model.common.CdmBase;
24 
import eu.etaxonomy.cdm.model.common.User;
24 25 
import eu.etaxonomy.cdm.persistence.hibernate.permission.CRUD;
25 26 
import eu.etaxonomy.cdm.persistence.hibernate.permission.CdmAuthority;
26 27 
import eu.etaxonomy.cdm.service.CdmStore;
......
79 80 
            UUID uuidIdentifier = (UUID)identifier;
80 81 
            // CdmAuthority is needed before the bean is loaded into the session.
81 82 
            // otherwise adding the authority to the user would cause a flush
82 
            guaranteePerEntityCRUDPermissions(uuidIdentifier);
83 83 
            cdmEntitiy = loadCdmEntity(uuidIdentifier);
84 84 
        } else {
85 85 
            cdmEntitiy = loadCdmEntity(null);
......
87 87 
                guaranteePerEntityCRUDPermissions(cdmEntitiy);
88 88 
            }
89 89 
        }
90 

  		




  91
  
  
    

  		




  
  90
  
    
        adaptToUserPermission(cdmEntitiy);


  		




  92
  91
  
    
        cache = new CdmTransientEntityCacher(this);


  		




  93
  92
  
    
        // need to use load but put see #7214


  		




  94
  93
  
    
        cdmEntitiy = cache.load(cdmEntitiy);


  		




  ......




  97
  96
  
    
        return cdmEntitiy;


  		




  98
  97
  
    
    }


  		




  99
  98
  
    

  		




  
  99
  
    
    /**


  		




  
  100
  
    
     * @param cdmEntitiy


  		




  
  101
  
    
     */


  		




  
  102
  
    
    private void adaptToUserPermission(DTO cdmEntitiy) {


  		




  
  103
  
    
        UserHelper userHelper = UserHelper.fromSession();


  		




  
  104
  
    
        boolean canDelte = userHelper.userHasPermission(cdmEntitiy, CRUD.DELETE);


  		




  
  105
  
    
        boolean canEdit = userHelper.userHasPermission(cdmEntitiy, CRUD.UPDATE);


  		




  
  106
  
    

  		




  
  107
  
    
        User user = userHelper.user();


  		




  
  108
  
    

  		




  
  109
  
    
        if(AbstractCdmPopupEditor.class.isAssignableFrom(getView().getClass())){


  		




  
  110
  
    
            AbstractCdmPopupEditor popupView = ((AbstractCdmPopupEditor)getView());


  		




  
  111
  
    

  		




  
  112
  
    
            if(!canEdit){


  		




  
  113
  
    
                popupView.setReadOnly(true); // never reset true to false here!


  		




  
  114
  
    
                logger.debug("setting editor to readonly");


  		




  
  115
  
    
            }


  		




  
  116
  
    
            if(!canDelte){


  		




  
  117
  
    
                popupView.withDeleteButton(false);


  		




  
  118
  
    
                logger.debug("removing delete button");


  		




  
  119
  
    
            }


  		




  
  120
  
    
        }


  		




  
  121
  
    

  		




  
  122
  
    
    }


  		




  100
  123
  
    

  		




  101
  124
  
    
    /**


  		




  102
  125
  
    
     * @param identifier


  		












Also available in:  Unified diff