Commit e6d4b196 authored by Piotr Gawron's avatar Piotr Gawron
Browse files

Merge branch '766-delete-comments-without-privileges' into 'devel_12.2.x'

remove comment is disabled for users without proper privileges

See merge request !722
parents 68d0aff2 1923e54e
Pipeline #9569 passed with stages
in 21 minutes and 3 seconds
......@@ -4,8 +4,12 @@ minerva (12.2.1) stable; urgency=medium
* Bug fix: removing active plugin didn't switch plugin tab to the next loaded
plugin (#757)
* Bug fix: closed submap will not be reopened after page refresh (#763)
* Bug fix: comment remove button is disabled for users without proper
privileges (#766)
* Bug fix: invalid pubmed identifier could break clicking on element
containing it (#764, #765, #769)
* Bug fix: cache for API queries is explicitly disabled - some queries could
be mistakenly cached and the system behaviour might get unstable (#771)
-- Piotr Gawron <piotr.gawron@uni.lu> Mon, 1 Apr 2019 17:00:00 +0200
......
......@@ -4,6 +4,7 @@ var AbstractGuiElement = require('../AbstractGuiElement');
var Functions = require('../../Functions');
var GuiConnector = require('../../GuiConnector');
var PrivilegeType = require('../../map/data/PrivilegeType');
// noinspection JSUnusedLocalSymbols
var logger = require('../../logger');
......@@ -16,7 +17,7 @@ var xss = require('xss');
* @param {Object} params
* @param {HTMLElement} params.element
* @param {Configuration} params.configuration
* @param {Project} [params.project]
* @param {Project} params.project
* @param {ServerConnector} [params.serverConnector]
*
* @constructor
......@@ -93,7 +94,7 @@ CommentsAdminPanel.prototype._createGui = function () {
*/
CommentsAdminPanel.prototype.init = function () {
var self = this;
return self.refreshProjects();
return self.refreshComments();
};
/**
......@@ -112,6 +113,12 @@ CommentsAdminPanel.prototype.refreshComments = function () {
data.push(self.commentToTableRow(comments[i]));
}
dataTable.clear().rows.add(data).draw();
return self.getServerConnector().getLoggedUser();
}).then(function (user) {
var type = self.getConfiguration().getPrivilegeType(PrivilegeType.EDIT_COMMENTS_PROJECT);
if (!user.hasPrivilege(type, self.getProject().getId())) {
$("[name='removeComment']", self.getElement()).attr("disabled", true);
}
});
};
......
......@@ -33,6 +33,7 @@ var xss = require('xss');
function EditProjectDialog(params) {
AbstractGuiElement.call(this, params);
var self = this;
guiUtils.setConfiguration(params.configuration);
self.setConfiguration(params.configuration);
self.registerListenerType("onSave");
$(self.getElement()).addClass("minerva-edit-project-dialog");
......
......@@ -37,6 +37,8 @@ PrivilegeType.PROJECT_MANAGEMENT = 'PROJECT_MANAGEMENT';
PrivilegeType.ADD_MAP = 'ADD_MAP';
PrivilegeType.USER_MANAGEMENT = 'USER_MANAGEMENT';
PrivilegeType.LAYOUT_MANAGEMENT = 'LAYOUT_MANAGEMENT';
PrivilegeType.EDIT_COMMENTS_PROJECT = 'EDIT_COMMENTS_PROJECT';
/**
*
......
......@@ -14,11 +14,13 @@ var assert = chai.assert;
describe('CommentsAdminPanel', function () {
function createDialog() {
return ServerConnector.getConfiguration().then(function (configuration) {
return ServerConnector.getProject().then(function (project) {
return new CommentsAdminPanel({
element: testDiv,
configuration: configuration,
customMap: null
configuration: helper.getConfiguration(),
customMap: null,
project: project,
serverConnector: ServerConnector
});
});
}
......@@ -75,4 +77,29 @@ describe('CommentsAdminPanel', function () {
});
});
});
describe('remove comment', function () {
it('admin can remove', function () {
helper.loginAsAdmin();
var dialog;
return createDialog().then(function (result) {
dialog = result;
return dialog.init();
}).then(function () {
assert.ok($("[name='removeComment']").is(':enabled'));
return dialog.destroy();
});
});
it('anonymous cannot remove', function () {
var dialog;
return createDialog().then(function (result) {
dialog = result;
return dialog.init();
}).then(function () {
assert.ok($("[name='removeComment']").is(':disabled'));
return dialog.destroy();
});
});
});
});
......@@ -13,7 +13,7 @@ import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.Logger;
/**
* This filter enables x-frames from another domain if necessary.
* This filter disables caching for API queries.
*
* @author Piotr Gawron
*
......@@ -33,7 +33,12 @@ public class ApiAccessControlFilter implements Filter {
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException {
HttpServletResponse response = (HttpServletResponse) res;
//caching on Safari
response.addHeader("Vary", "*");
// generic cache prevent mechanism
response.addHeader("Cache-Control", "no-cache, no-store, must-revalidate");
response.addHeader("Pragma", "no-cache");
response.addHeader("Expires", "0");
chain.doFilter(req, response);
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment