user without admin/curator privileges shouldn't be able to access logs

2d2e6154 · Piotr Gawron · 0a4fb7c6 · 2d2e6154 · 2d2e6154 · 2d2e6154
Commit 2d2e6154 authored Aug 21, 2019 by Piotr Gawron
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -2,6 +2,8 @@ minerva (14.0.0~beta.0) unstable; urgency=low
  * Bug fix: fetching list of miRnas resulted sometimes in "Internal Server 
    Error" (#889)
  * Bug fix: user without admin right can accept terms of service (#893)
+  * Bug fix: user without admin or curator privileges shouldn't be able to 
+    check logs (#894)

 -- Piotr Gawron <piotr.gawron@uni.lu>  Mon, 21 Aug 2019 21:00:00 +0200


--- a/frontend-js/src/main/js/gui/admin/MapsAdminPanel.js
+++ b/frontend-js/src/main/js/gui/admin/MapsAdminPanel.js
@@ -9,7 +9,6 @@ var EditProjectDialog = require('./EditProjectDialog');
 var LogListDialog = require('./LogListDialog');
 var PrivilegeType = require('../../map/data/PrivilegeType');
 var ConfigurationType = require('../../ConfigurationType');
-var UserPreferences = require('../../map/data/UserPreferences');

 // noinspection JSUnusedLocalSymbols
 var logger = require('../../logger');
@@ -228,15 +227,26 @@ MapsAdminPanel.prototype.projectToTableRow = function (project, row, user) {
  if (project.getStatus().toLowerCase() !== "ok" && project.getStatus().toLowerCase() !== "failure") {
    status += ' (' + project.getProgress().toFixed(2) + ' %)';
  }
+
+  var isAdmin = user.hasPrivilege(self.getConfiguration().getPrivilegeType(PrivilegeType.IS_ADMIN)) ||
+    user.hasPrivilege(self.getConfiguration().getPrivilegeType(PrivilegeType.IS_CURATOR));
+
+  var icon;
  if (project.hasErrors()) {
-    status += "<a name='showErrors' href='#' data='" + project.getProjectId() + "'>" +
-      "<i class='fa fa-exclamation-triangle' style='font-size:18px; font-weight:400; padding-right:10px;color:red'></i>" +
-      "</a>";
+    icon = "<i class='fa fa-exclamation-triangle' style='font-size:18px; font-weight:400; padding-right:10px;color:red'></i>";
+    if (isAdmin) {
+      status += "<a name='showErrors' href='#' data='" + project.getProjectId() + "'>" + icon + "</a>";
+    } else {
+      status += icon;
+    }
  }
  if (project.hasWarnings()) {
-    status += "<a name='showWarnings' href='#' data='" + project.getProjectId() + "'>" +
-      "<i class='fa fa-exclamation-triangle' style='font-size:18px; font-weight:400; padding-right:10px;color:black'></i>" +
-      "</a>";
+    icon = "<i class='fa fa-exclamation-triangle' style='font-size:18px; font-weight:400; padding-right:10px;color:black'></i>";
+    if (isAdmin) {
+      status += "<a name='showWarnings' href='#' data='" + project.getProjectId() + "'>" + icon + "</a>";
+    } else {
+      status += icon;
+    }
  }

  row[0] = formattedProjectId;
@@ -488,6 +498,7 @@ MapsAdminPanel.prototype.getLogDialog = function (projectId, level) {
      element: Functions.createElement({
        type: "div"
      }),
+      configuration: self.getConfiguration(),
      projectId: projectId,
      customMap: null,
      level: level

--- a/frontend-js/src/main/js/map/data/PrivilegeType.js
+++ b/frontend-js/src/main/js/map/data/PrivilegeType.js
@@ -30,10 +30,30 @@ function PrivilegeType(data, name) {
 PrivilegeType.prototype = Object.create(ObjectWithListeners.prototype);
 PrivilegeType.prototype.constructor = PrivilegeType;

+/**
+ *
+ * @type {string}
+ */
 PrivilegeType.READ_PROJECT = 'READ_PROJECT';
+/**
+ *
+ * @type {string}
+ */
 PrivilegeType.WRITE_PROJECT = 'WRITE_PROJECT';
+/**
+ *
+ * @type {string}
+ */
 PrivilegeType.IS_ADMIN = 'IS_ADMIN';
+/**
+ *
+ * @type {string}
+ */
 PrivilegeType.IS_CURATOR = 'IS_CURATOR';
+/**
+ *
+ * @type {string}
+ */
 PrivilegeType.CAN_CREATE_OVERLAYS = 'CAN_CREATE_OVERLAYS';