dhis2-devs team mailing list archive
-
dhis2-devs team
-
Mailing list archive
-
Message #26405
[Branch ~dhis2-devs-core/dhis2/trunk] Rev 13084: finished implementing deletion of comments. proper authorization check of ip/ip-comment deletion.
------------------------------------------------------------
revno: 13084
committer: Morten Olav Hansen <mortenoh@xxxxxxxxx>
branch nick: dhis2
timestamp: Sun 2013-12-01 16:05:10 +0100
message:
finished implementing deletion of comments. proper authorization check of ip/ip-comment deletion.
modified:
dhis-2/dhis-api/src/main/java/org/hisp/dhis/interpretation/InterpretationService.java
dhis-2/dhis-services/dhis-service-reporting/src/main/java/org/hisp/dhis/interpretation/impl/DefaultInterpretationService.java
dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/InterpretationController.java
dhis-2/dhis-web/dhis-web-dashboard-integration/src/main/webapp/dhis-web-dashboard-integration/interpretationFeed.vm
dhis-2/dhis-web/dhis-web-dashboard-integration/src/main/webapp/dhis-web-dashboard-integration/javascript/interpretation.js
--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk
Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/interpretation/InterpretationService.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/interpretation/InterpretationService.java 2013-10-08 17:16:47 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/interpretation/InterpretationService.java 2013-12-01 15:05:10 +0000
@@ -52,7 +52,7 @@
List<Interpretation> getInterpretations( int first, int max );
- void addInterpretationComment( String uid, String text );
+ InterpretationComment addInterpretationComment( String uid, String text );
void updateCurrentUserLastChecked();
=== modified file 'dhis-2/dhis-services/dhis-service-reporting/src/main/java/org/hisp/dhis/interpretation/impl/DefaultInterpretationService.java'
--- dhis-2/dhis-services/dhis-service-reporting/src/main/java/org/hisp/dhis/interpretation/impl/DefaultInterpretationService.java 2013-10-08 17:16:47 +0000
+++ dhis-2/dhis-services/dhis-service-reporting/src/main/java/org/hisp/dhis/interpretation/impl/DefaultInterpretationService.java 2013-12-01 15:05:10 +0000
@@ -143,7 +143,8 @@
return interpretationStore.getAllOrderedLastUpdated( first, max );
}
- public void addInterpretationComment( String uid, String text )
+ @Override
+ public InterpretationComment addInterpretationComment( String uid, String text )
{
Interpretation interpretation = getInterpretation( uid );
@@ -161,6 +162,8 @@
interpretation.addComment( comment );
interpretationStore.update( interpretation );
+
+ return comment;
}
public void updateCurrentUserLastChecked()
=== modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/InterpretationController.java'
--- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/InterpretationController.java 2013-12-01 14:16:04 +0000
+++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/InterpretationController.java 2013-12-01 15:05:10 +0000
@@ -49,6 +49,7 @@
import org.hisp.dhis.user.CurrentUserService;
import org.hisp.dhis.user.User;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.AccessDeniedException;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestBody;
@@ -67,7 +68,7 @@
* @author Lars Helge Overland
*/
@Controller
-@RequestMapping( value = InterpretationController.RESOURCE_PATH )
+@RequestMapping(value = InterpretationController.RESOURCE_PATH)
public class InterpretationController
extends AbstractCrudController<Interpretation>
{
@@ -122,22 +123,9 @@
return entityList;
}
- @Override
- public void deleteObject( HttpServletResponse response, HttpServletRequest request, @PathVariable( "uid" ) String uid ) throws Exception
- {
- Interpretation interpretation = interpretationService.getInterpretation( uid );
-
- if ( interpretation == null )
- {
- throw new NotFoundException( uid );
- }
-
- interpretationService.deleteInterpretation( interpretation );
- }
-
- @RequestMapping( value = "/chart/{uid}", method = RequestMethod.POST, consumes = { "text/html", "text/plain" } )
+ @RequestMapping(value = "/chart/{uid}", method = RequestMethod.POST, consumes = { "text/html", "text/plain" })
public void shareChartInterpretation(
- @PathVariable( "uid" ) String chartUid,
+ @PathVariable("uid") String chartUid,
@RequestBody String text, HttpServletResponse response )
{
Chart chart = chartService.getChart( chartUid );
@@ -164,9 +152,9 @@
ContextUtils.createdResponse( response, "Interpretation created", InterpretationController.RESOURCE_PATH + "/" + interpretation.getUid() );
}
- @RequestMapping( value = "/map/{uid}", method = RequestMethod.POST, consumes = { "text/html", "text/plain" } )
+ @RequestMapping(value = "/map/{uid}", method = RequestMethod.POST, consumes = { "text/html", "text/plain" })
public void shareMapInterpretation(
- @PathVariable( "uid" ) String mapUid,
+ @PathVariable("uid") String mapUid,
@RequestBody String text, HttpServletResponse response )
{
Map map = mappingService.getMap( mapUid );
@@ -184,11 +172,11 @@
ContextUtils.createdResponse( response, "Interpretation created", InterpretationController.RESOURCE_PATH + "/" + interpretation.getUid() );
}
- @RequestMapping( value = "/reportTable/{uid}", method = RequestMethod.POST, consumes = { "text/html", "text/plain" } )
+ @RequestMapping(value = "/reportTable/{uid}", method = RequestMethod.POST, consumes = { "text/html", "text/plain" })
public void shareReportTableInterpretation(
- @PathVariable( "uid" ) String reportTableUid,
- @RequestParam( value = "pe", required = false ) String isoPeriod,
- @RequestParam( value = "ou", required = false ) String orgUnitUid,
+ @PathVariable("uid") String reportTableUid,
+ @RequestParam(value = "pe", required = false) String isoPeriod,
+ @RequestParam(value = "ou", required = false) String orgUnitUid,
@RequestBody String text, HttpServletResponse response )
{
ReportTable reportTable = reportTableService.getReportTable( reportTableUid );
@@ -221,11 +209,11 @@
ContextUtils.createdResponse( response, "Interpretation created", InterpretationController.RESOURCE_PATH + "/" + interpretation.getUid() );
}
- @RequestMapping( value = "/dataSetReport/{uid}", method = RequestMethod.POST, consumes = { "text/html", "text/plain" } )
+ @RequestMapping(value = "/dataSetReport/{uid}", method = RequestMethod.POST, consumes = { "text/html", "text/plain" })
public void shareDataSetReportInterpretation(
- @PathVariable( "uid" ) String dataSetUid,
- @RequestParam( "pe" ) String isoPeriod,
- @RequestParam( "ou" ) String orgUnitUid,
+ @PathVariable("uid") String dataSetUid,
+ @RequestParam("pe") String isoPeriod,
+ @RequestParam("ou") String orgUnitUid,
@RequestBody String text, HttpServletResponse response )
{
DataSet dataSet = dataSetService.getDataSet( dataSetUid );
@@ -259,8 +247,26 @@
ContextUtils.createdResponse( response, "Interpretation created", InterpretationController.RESOURCE_PATH + "/" + interpretation.getUid() );
}
- @RequestMapping( value = "/{uid}/comments/{cuid}", method = RequestMethod.DELETE )
- public void deleteComment( @PathVariable( "uid" ) String uid, @PathVariable( "cuid" ) String cuid ) throws NotFoundException
+ @Override
+ public void deleteObject( HttpServletResponse response, HttpServletRequest request, @PathVariable("uid") String uid ) throws Exception
+ {
+ Interpretation interpretation = interpretationService.getInterpretation( uid );
+
+ if ( interpretation == null )
+ {
+ throw new NotFoundException( uid );
+ }
+
+ if ( !currentUserService.getCurrentUser().equals( interpretation.getUser() ) )
+ {
+ throw new AccessDeniedException( "You are not allowed to delete this interpretation." );
+ }
+
+ interpretationService.deleteInterpretation( interpretation );
+ }
+
+ @RequestMapping(value = "/{uid}/comments/{cuid}", method = RequestMethod.DELETE)
+ public void deleteComment( @PathVariable("uid") String uid, @PathVariable("cuid") String cuid ) throws NotFoundException
{
Interpretation interpretation = interpretationService.getInterpretation( uid );
@@ -277,6 +283,11 @@
if ( comment.getUid().equals( cuid ) )
{
+ if ( !currentUserService.getCurrentUser().equals( comment.getUser() ) )
+ {
+ throw new AccessDeniedException( "You are not allowed to delete this comment." );
+ }
+
iterator.remove();
}
}
@@ -284,9 +295,9 @@
interpretationService.updateInterpretation( interpretation );
}
- @RequestMapping( value = "/{uid}/comment", method = RequestMethod.POST, consumes = { "text/html", "text/plain" } )
+ @RequestMapping(value = "/{uid}/comment", method = RequestMethod.POST, consumes = { "text/html", "text/plain" })
public void postComment(
- @PathVariable( "uid" ) String uid,
+ @PathVariable("uid") String uid,
@RequestBody String text, HttpServletResponse response )
{
Interpretation interpretation = interpretationService.getInterpretation( uid );
@@ -297,8 +308,12 @@
return;
}
- interpretationService.addInterpretationComment( uid, text );
-
- ContextUtils.createdResponse( response, "Commented created", InterpretationController.RESOURCE_PATH + "/" + uid );
+ InterpretationComment comment = interpretationService.addInterpretationComment( uid, text );
+
+ StringBuilder builder = new StringBuilder();
+ builder.append( InterpretationController.RESOURCE_PATH ).append( "/" ).append( uid );
+ builder.append( "/comments/" ).append( comment.getUid() );
+
+ ContextUtils.createdResponse( response, "Commented created", builder.toString() );
}
}
=== modified file 'dhis-2/dhis-web/dhis-web-dashboard-integration/src/main/webapp/dhis-web-dashboard-integration/interpretationFeed.vm'
--- dhis-2/dhis-web/dhis-web-dashboard-integration/src/main/webapp/dhis-web-dashboard-integration/interpretationFeed.vm 2013-12-01 14:21:58 +0000
+++ dhis-2/dhis-web/dhis-web-dashboard-integration/src/main/webapp/dhis-web-dashboard-integration/interpretationFeed.vm 2013-12-01 15:05:10 +0000
@@ -23,13 +23,14 @@
}
});
- jQuery('.gearDropDown').on('click', function( e ) {
+ jQuery('.interpretationContainer').on('click', '.gearDropDown', function( e ) {
var jqTarget = jQuery(e.target);
while( !jqTarget.hasClass('gearDropDown') ) {
jqTarget = jqTarget.parent();
}
+ jQuery('.gearDropDown').removeClass('active');
jqTarget.addClass('active');
dropDown.show();
@@ -54,24 +55,33 @@
}
function deleteIp( e ) {
- var jqTarget = jQuery(e.target);
var jqActiveGearDropDown = jQuery('.gearDropDown.active');
- var isHeader = jqActiveGearDropDown.parents('.interpretationName').length != 0;
+ var isHeader = jqActiveGearDropDown.parents('.interpretationContent').length != 0;
var isComment = jqActiveGearDropDown.parents('.interpretationCommentArea').length != 0;
- var jqInterpretation = jqActiveGearDropDown.parents('.interpretation');
- var uid = jqInterpretation.data('ip-uid');
+ var jqInterpretation = jqActiveGearDropDown.parents('.interpretationContainer');
+ var jqInterpretationComment = jqActiveGearDropDown.parents('.interpretationComment');
+
+ var ipUid = jqInterpretation.data('ip-uid');
+ var ipCommentUid = jqInterpretationComment.data('ip-comment-uid');
if( isHeader ) {
jQuery.ajax({
- url: '../api/interpretations/' + uid,
+ url: '../api/interpretations/' + ipUid,
type: 'DELETE'
}).done(function() {
- jqInterpretation.parents('.interpretationContainer').remove();
+ jqInterpretation.remove();
}).error(function() {
setHeaderDelayMessage('Could not delete interpretation, please try again later');
});
} else if( isComment ) {
-
+ jQuery.ajax({
+ url: '../api/interpretations/' + ipUid + '/comments/' + ipCommentUid,
+ type: 'DELETE'
+ }).done(function() {
+ jqInterpretationComment.remove();
+ }).error(function() {
+ setHeaderDelayMessage('Could not delete interpretation comment, please try again later');
+ });
}
}
</script>
@@ -150,48 +160,49 @@
#set( $maxComments = 4 )
#foreach( $ip in $interpretations )
-<div class="interpretationContainer">
+<div class="interpretationContainer" data-ip-uid="$ip.uid">
#if( $ip.organisationUnit )#set( $ou = "&ou=" + $ip.organisationUnit.uid )#else#set( $ou = "" )#end
#if( $ip.period )#set( $pe = "&pe=" + $ip.period.isoDate )#else#set( $pe = "" )#end
- <div class="interpretation" data-ip-uid="$ip.uid">
- <div class="interpretationName">
- <div class="interpretationSymbol">
- #getSymbol( $ip )
- </div>
- <div class="interpretationUser">
- <a class="bold userLink" href="profile.action?id=${ip.user.uid}">${encoder.htmlEncode( $ip.user.name )}</a><br>
- <span class="tipText">${format.formatDate( $ip.created )}</span>
- </div>
- #gearDropDown( $ip.user )
- </div>
- <div class="interpretationText">
- $!dhisTextUtils.htmlify( ${ip.text} )
- </div>
- <div class="interpretationItem">
- #if( $ip.chartInterpretation )
- <a href="../dhis-web-visualizer/app/index.html?id=${ip.chart.uid}&date=${format.formatDate( $ip.created )}">
- <img style="cursor:pointer"
- src="../api/charts/${ip.chart.uid}/data?date=${format.formatDate( $ip.created )}&width=558&height=300${ou}"
- title="$i18n.getString( 'click_to_view_in_data_visualizer' )"></a>
- #elseif( $ip.mapInterpretation )
- <a href="../dhis-web-mapping/app/index.html?id=${ip.map.uid}">
- <img style="cursor:pointer"
- src="../api/maps/${ip.map.uid}/data?date=${format.formatDate( $ip.created )}&width=558"
- title="$i18n.getString( 'click_to_view_in_gis' )"></a>
- #elseif( $ip.reportTableInterpretation )
- <a class="bold"
- title="$i18n.getString( 'click_to_view_report_table' )"
- href="../dhis-web-pivot/app/index.html?id=${ip.reportTable.uid}${pe}${ou}">
- $encoder.htmlEncode( $ip.reportTable.name )</a>
- #elseif( $ip.dataSetReportInterpretation )
- <a class="bold"
- title="$i18n.getString( 'click_to_view_data_set_report' )"
- href="../dhis-web-reporting/showDataSetReportForm.action?ds=${ip.dataSet.uid}&pe=${ip.period.isoDate}&ou=${ip.organisationUnit.uid}">
- $encoder.htmlEncode( $ip.dataSet.name )</a>
- #end
- </div>
-
+ <div class="interpretation">
+ <div class="interpretationContent">
+ <div class="interpretationName">
+ <div class="interpretationSymbol">
+ #getSymbol( $ip )
+ </div>
+ <div class="interpretationUser">
+ <a class="bold userLink" href="profile.action?id=${ip.user.uid}">${encoder.htmlEncode( $ip.user.name )}</a><br>
+ <span class="tipText">${format.formatDate( $ip.created )}</span>
+ </div>
+ #gearDropDown( $ip.user )
+ </div>
+ <div class="interpretationText">
+ $!dhisTextUtils.htmlify( ${ip.text} )
+ </div>
+ <div class="interpretationItem">
+ #if( $ip.chartInterpretation )
+ <a href="../dhis-web-visualizer/app/index.html?id=${ip.chart.uid}&date=${format.formatDate( $ip.created )}">
+ <img style="cursor:pointer"
+ src="../api/charts/${ip.chart.uid}/data?date=${format.formatDate( $ip.created )}&width=558&height=300${ou}"
+ title="$i18n.getString( 'click_to_view_in_data_visualizer' )"></a>
+ #elseif( $ip.mapInterpretation )
+ <a href="../dhis-web-mapping/app/index.html?id=${ip.map.uid}">
+ <img style="cursor:pointer"
+ src="../api/maps/${ip.map.uid}/data?date=${format.formatDate( $ip.created )}&width=558"
+ title="$i18n.getString( 'click_to_view_in_gis' )"></a>
+ #elseif( $ip.reportTableInterpretation )
+ <a class="bold"
+ title="$i18n.getString( 'click_to_view_report_table' )"
+ href="../dhis-web-pivot/app/index.html?id=${ip.reportTable.uid}${pe}${ou}">
+ $encoder.htmlEncode( $ip.reportTable.name )</a>
+ #elseif( $ip.dataSetReportInterpretation )
+ <a class="bold"
+ title="$i18n.getString( 'click_to_view_data_set_report' )"
+ href="../dhis-web-reporting/showDataSetReportForm.action?ds=${ip.dataSet.uid}&pe=${ip.period.isoDate}&ou=${ip.organisationUnit.uid}">
+ $encoder.htmlEncode( $ip.dataSet.name )</a>
+ #end
+ </div>
+ </div>
#set( $comments = $ip.comments )
#set( $commentStartPos = ( $comments.size() - $maxComments ) )
<div class="interpretationCommentArea">
=== modified file 'dhis-2/dhis-web/dhis-web-dashboard-integration/src/main/webapp/dhis-web-dashboard-integration/javascript/interpretation.js'
--- dhis-2/dhis-web/dhis-web-dashboard-integration/src/main/webapp/dhis-web-dashboard-integration/javascript/interpretation.js 2012-11-14 11:33:27 +0000
+++ dhis-2/dhis-web/dhis-web-dashboard-integration/src/main/webapp/dhis-web-dashboard-integration/javascript/interpretation.js 2013-12-01 15:05:10 +0000
@@ -63,21 +63,28 @@
var url = "../api/interpretations/" + uid + "/comment";
var created = getCurrentDate();
-
+
+ var gearBox = "<div class=\"gearDropDown\">\n <span><i class=\"fa fa-gear\"></i> <i class=\"fa fa-caret-down\"></i></span>\n</div>\n";
+
if ( text.length && $.trim( text ).length )
{
$.ajax( url, {
type: "POST",
contentType: "text/html",
data: $.trim( text ),
- success: function() {
- var template =
+ success: function(data, textStatus, request) {
+ var locationArray = request.getResponseHeader('Location').split('/');
+ var commentUid = locationArray[locationArray.length-1];
+
+ var template =
+ "<div class='interpretationComment' data-ip-comment-uid='" + commentUid + "'>" +
"<div><div class=\"interpretationName\">" +
"<a class=\"bold userLink\" href=\"profile.action?id=${userUid}\">${userName}</a> " +
- "<span class=\"grey\">${created}<\/span><\/div><\/div>" +
- "<div class=\"interpretationText\">${text}<\/div>";
-
- $.tmpl( template, {
+ "<span class=\"grey\">${created}<\/span>" + gearBox + "<\/div><\/div>" +
+ "<div class=\"interpretationText\">${text}<\/div>" +
+ "</div>";
+
+ $.tmpl( template, {
"userId": currentUser.id,
"userUid": currentUser.uid,
"userName": currentUser.name,