← Back to team overview

dhis2-devs team mailing list archive

[Branch ~dhis2-devs-core/dhis2/trunk] Rev 13084: finished implementing deletion of comments. proper authorization check of ip/ip-comment deletion.

 

------------------------------------------------------------
revno: 13084
committer: Morten Olav Hansen <mortenoh@xxxxxxxxx>
branch nick: dhis2
timestamp: Sun 2013-12-01 16:05:10 +0100
message:
  finished implementing deletion of comments. proper authorization check of ip/ip-comment deletion.
modified:
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/interpretation/InterpretationService.java
  dhis-2/dhis-services/dhis-service-reporting/src/main/java/org/hisp/dhis/interpretation/impl/DefaultInterpretationService.java
  dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/InterpretationController.java
  dhis-2/dhis-web/dhis-web-dashboard-integration/src/main/webapp/dhis-web-dashboard-integration/interpretationFeed.vm
  dhis-2/dhis-web/dhis-web-dashboard-integration/src/main/webapp/dhis-web-dashboard-integration/javascript/interpretation.js


--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk

Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/interpretation/InterpretationService.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/interpretation/InterpretationService.java	2013-10-08 17:16:47 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/interpretation/InterpretationService.java	2013-12-01 15:05:10 +0000
@@ -52,7 +52,7 @@
 
     List<Interpretation> getInterpretations( int first, int max );
 
-    void addInterpretationComment( String uid, String text );
+    InterpretationComment addInterpretationComment( String uid, String text );
 
     void updateCurrentUserLastChecked();
 

=== modified file 'dhis-2/dhis-services/dhis-service-reporting/src/main/java/org/hisp/dhis/interpretation/impl/DefaultInterpretationService.java'
--- dhis-2/dhis-services/dhis-service-reporting/src/main/java/org/hisp/dhis/interpretation/impl/DefaultInterpretationService.java	2013-10-08 17:16:47 +0000
+++ dhis-2/dhis-services/dhis-service-reporting/src/main/java/org/hisp/dhis/interpretation/impl/DefaultInterpretationService.java	2013-12-01 15:05:10 +0000
@@ -143,7 +143,8 @@
         return interpretationStore.getAllOrderedLastUpdated( first, max );
     }
 
-    public void addInterpretationComment( String uid, String text )
+    @Override
+    public InterpretationComment addInterpretationComment( String uid, String text )
     {
         Interpretation interpretation = getInterpretation( uid );
 
@@ -161,6 +162,8 @@
         interpretation.addComment( comment );
 
         interpretationStore.update( interpretation );
+
+        return comment;
     }
 
     public void updateCurrentUserLastChecked()

=== modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/InterpretationController.java'
--- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/InterpretationController.java	2013-12-01 14:16:04 +0000
+++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/InterpretationController.java	2013-12-01 15:05:10 +0000
@@ -49,6 +49,7 @@
 import org.hisp.dhis.user.CurrentUserService;
 import org.hisp.dhis.user.User;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.AccessDeniedException;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestBody;
@@ -67,7 +68,7 @@
  * @author Lars Helge Overland
  */
 @Controller
-@RequestMapping( value = InterpretationController.RESOURCE_PATH )
+@RequestMapping(value = InterpretationController.RESOURCE_PATH)
 public class InterpretationController
     extends AbstractCrudController<Interpretation>
 {
@@ -122,22 +123,9 @@
         return entityList;
     }
 
-    @Override
-    public void deleteObject( HttpServletResponse response, HttpServletRequest request, @PathVariable( "uid" ) String uid ) throws Exception
-    {
-        Interpretation interpretation = interpretationService.getInterpretation( uid );
-
-        if ( interpretation == null )
-        {
-            throw new NotFoundException( uid );
-        }
-
-        interpretationService.deleteInterpretation( interpretation );
-    }
-
-    @RequestMapping( value = "/chart/{uid}", method = RequestMethod.POST, consumes = { "text/html", "text/plain" } )
+    @RequestMapping(value = "/chart/{uid}", method = RequestMethod.POST, consumes = { "text/html", "text/plain" })
     public void shareChartInterpretation(
-        @PathVariable( "uid" ) String chartUid,
+        @PathVariable("uid") String chartUid,
         @RequestBody String text, HttpServletResponse response )
     {
         Chart chart = chartService.getChart( chartUid );
@@ -164,9 +152,9 @@
         ContextUtils.createdResponse( response, "Interpretation created", InterpretationController.RESOURCE_PATH + "/" + interpretation.getUid() );
     }
 
-    @RequestMapping( value = "/map/{uid}", method = RequestMethod.POST, consumes = { "text/html", "text/plain" } )
+    @RequestMapping(value = "/map/{uid}", method = RequestMethod.POST, consumes = { "text/html", "text/plain" })
     public void shareMapInterpretation(
-        @PathVariable( "uid" ) String mapUid,
+        @PathVariable("uid") String mapUid,
         @RequestBody String text, HttpServletResponse response )
     {
         Map map = mappingService.getMap( mapUid );
@@ -184,11 +172,11 @@
         ContextUtils.createdResponse( response, "Interpretation created", InterpretationController.RESOURCE_PATH + "/" + interpretation.getUid() );
     }
 
-    @RequestMapping( value = "/reportTable/{uid}", method = RequestMethod.POST, consumes = { "text/html", "text/plain" } )
+    @RequestMapping(value = "/reportTable/{uid}", method = RequestMethod.POST, consumes = { "text/html", "text/plain" })
     public void shareReportTableInterpretation(
-        @PathVariable( "uid" ) String reportTableUid,
-        @RequestParam( value = "pe", required = false ) String isoPeriod,
-        @RequestParam( value = "ou", required = false ) String orgUnitUid,
+        @PathVariable("uid") String reportTableUid,
+        @RequestParam(value = "pe", required = false) String isoPeriod,
+        @RequestParam(value = "ou", required = false) String orgUnitUid,
         @RequestBody String text, HttpServletResponse response )
     {
         ReportTable reportTable = reportTableService.getReportTable( reportTableUid );
@@ -221,11 +209,11 @@
         ContextUtils.createdResponse( response, "Interpretation created", InterpretationController.RESOURCE_PATH + "/" + interpretation.getUid() );
     }
 
-    @RequestMapping( value = "/dataSetReport/{uid}", method = RequestMethod.POST, consumes = { "text/html", "text/plain" } )
+    @RequestMapping(value = "/dataSetReport/{uid}", method = RequestMethod.POST, consumes = { "text/html", "text/plain" })
     public void shareDataSetReportInterpretation(
-        @PathVariable( "uid" ) String dataSetUid,
-        @RequestParam( "pe" ) String isoPeriod,
-        @RequestParam( "ou" ) String orgUnitUid,
+        @PathVariable("uid") String dataSetUid,
+        @RequestParam("pe") String isoPeriod,
+        @RequestParam("ou") String orgUnitUid,
         @RequestBody String text, HttpServletResponse response )
     {
         DataSet dataSet = dataSetService.getDataSet( dataSetUid );
@@ -259,8 +247,26 @@
         ContextUtils.createdResponse( response, "Interpretation created", InterpretationController.RESOURCE_PATH + "/" + interpretation.getUid() );
     }
 
-    @RequestMapping( value = "/{uid}/comments/{cuid}", method = RequestMethod.DELETE )
-    public void deleteComment( @PathVariable( "uid" ) String uid, @PathVariable( "cuid" ) String cuid ) throws NotFoundException
+    @Override
+    public void deleteObject( HttpServletResponse response, HttpServletRequest request, @PathVariable("uid") String uid ) throws Exception
+    {
+        Interpretation interpretation = interpretationService.getInterpretation( uid );
+
+        if ( interpretation == null )
+        {
+            throw new NotFoundException( uid );
+        }
+
+        if ( !currentUserService.getCurrentUser().equals( interpretation.getUser() ) )
+        {
+            throw new AccessDeniedException( "You are not allowed to delete this interpretation." );
+        }
+
+        interpretationService.deleteInterpretation( interpretation );
+    }
+
+    @RequestMapping(value = "/{uid}/comments/{cuid}", method = RequestMethod.DELETE)
+    public void deleteComment( @PathVariable("uid") String uid, @PathVariable("cuid") String cuid ) throws NotFoundException
     {
         Interpretation interpretation = interpretationService.getInterpretation( uid );
 
@@ -277,6 +283,11 @@
 
             if ( comment.getUid().equals( cuid ) )
             {
+                if ( !currentUserService.getCurrentUser().equals( comment.getUser() ) )
+                {
+                    throw new AccessDeniedException( "You are not allowed to delete this comment." );
+                }
+
                 iterator.remove();
             }
         }
@@ -284,9 +295,9 @@
         interpretationService.updateInterpretation( interpretation );
     }
 
-    @RequestMapping( value = "/{uid}/comment", method = RequestMethod.POST, consumes = { "text/html", "text/plain" } )
+    @RequestMapping(value = "/{uid}/comment", method = RequestMethod.POST, consumes = { "text/html", "text/plain" })
     public void postComment(
-        @PathVariable( "uid" ) String uid,
+        @PathVariable("uid") String uid,
         @RequestBody String text, HttpServletResponse response )
     {
         Interpretation interpretation = interpretationService.getInterpretation( uid );
@@ -297,8 +308,12 @@
             return;
         }
 
-        interpretationService.addInterpretationComment( uid, text );
-
-        ContextUtils.createdResponse( response, "Commented created", InterpretationController.RESOURCE_PATH + "/" + uid );
+        InterpretationComment comment = interpretationService.addInterpretationComment( uid, text );
+
+        StringBuilder builder = new StringBuilder();
+        builder.append( InterpretationController.RESOURCE_PATH ).append( "/" ).append( uid );
+        builder.append( "/comments/" ).append( comment.getUid() );
+
+        ContextUtils.createdResponse( response, "Commented created", builder.toString() );
     }
 }

=== modified file 'dhis-2/dhis-web/dhis-web-dashboard-integration/src/main/webapp/dhis-web-dashboard-integration/interpretationFeed.vm'
--- dhis-2/dhis-web/dhis-web-dashboard-integration/src/main/webapp/dhis-web-dashboard-integration/interpretationFeed.vm	2013-12-01 14:21:58 +0000
+++ dhis-2/dhis-web/dhis-web-dashboard-integration/src/main/webapp/dhis-web-dashboard-integration/interpretationFeed.vm	2013-12-01 15:05:10 +0000
@@ -23,13 +23,14 @@
     }
   });
 
-  jQuery('.gearDropDown').on('click', function( e ) {
+  jQuery('.interpretationContainer').on('click', '.gearDropDown', function( e ) {
     var jqTarget = jQuery(e.target);
 
     while( !jqTarget.hasClass('gearDropDown') ) {
       jqTarget = jqTarget.parent();
     }
 
+    jQuery('.gearDropDown').removeClass('active');
     jqTarget.addClass('active');
 
     dropDown.show();
@@ -54,24 +55,33 @@
 }
 
 function deleteIp( e ) {
-  var jqTarget = jQuery(e.target);
   var jqActiveGearDropDown = jQuery('.gearDropDown.active');
-  var isHeader = jqActiveGearDropDown.parents('.interpretationName').length != 0;
+  var isHeader = jqActiveGearDropDown.parents('.interpretationContent').length != 0;
   var isComment = jqActiveGearDropDown.parents('.interpretationCommentArea').length != 0;
-  var jqInterpretation = jqActiveGearDropDown.parents('.interpretation');
-  var uid = jqInterpretation.data('ip-uid');
+  var jqInterpretation = jqActiveGearDropDown.parents('.interpretationContainer');
+  var jqInterpretationComment = jqActiveGearDropDown.parents('.interpretationComment');
+
+  var ipUid = jqInterpretation.data('ip-uid');
+  var ipCommentUid = jqInterpretationComment.data('ip-comment-uid');
 
   if( isHeader ) {
     jQuery.ajax({
-      url: '../api/interpretations/' + uid,
+      url: '../api/interpretations/' + ipUid,
       type: 'DELETE'
     }).done(function() {
-      jqInterpretation.parents('.interpretationContainer').remove();
+      jqInterpretation.remove();
     }).error(function() {
       setHeaderDelayMessage('Could not delete interpretation, please try again later');
     });
   } else if( isComment ) {
-
+    jQuery.ajax({
+      url: '../api/interpretations/' + ipUid + '/comments/' + ipCommentUid,
+      type: 'DELETE'
+    }).done(function() {
+      jqInterpretationComment.remove();
+    }).error(function() {
+      setHeaderDelayMessage('Could not delete interpretation comment, please try again later');
+    });
   }
 }
 </script>
@@ -150,48 +160,49 @@
 
 #set( $maxComments = 4 )
 #foreach( $ip in $interpretations )
-<div class="interpretationContainer">
+<div class="interpretationContainer" data-ip-uid="$ip.uid">
     #if( $ip.organisationUnit )#set( $ou = "&ou=" + $ip.organisationUnit.uid )#else#set( $ou = "" )#end
     #if( $ip.period )#set( $pe = "&pe=" + $ip.period.isoDate )#else#set( $pe = "" )#end
 
-    <div class="interpretation" data-ip-uid="$ip.uid">
-	    <div class="interpretationName">
-	    	<div class="interpretationSymbol">
-	    	  #getSymbol( $ip )
-	    	</div>
-	    	<div class="interpretationUser">
-           <a class="bold userLink" href="profile.action?id=${ip.user.uid}">${encoder.htmlEncode( $ip.user.name )}</a><br>
-           <span class="tipText">${format.formatDate( $ip.created )}</span>
-        </div>
-        #gearDropDown( $ip.user )
-	    </div>
-	    <div class="interpretationText">
-	        $!dhisTextUtils.htmlify( ${ip.text} )
-	    </div>
-	    <div class="interpretationItem">
-	    #if( $ip.chartInterpretation )
-	        <a href="../dhis-web-visualizer/app/index.html?id=${ip.chart.uid}&date=${format.formatDate( $ip.created )}">
-	        <img style="cursor:pointer"
-	            src="../api/charts/${ip.chart.uid}/data?date=${format.formatDate( $ip.created )}&width=558&height=300${ou}"
-	            title="$i18n.getString( 'click_to_view_in_data_visualizer' )"></a>
-	    #elseif( $ip.mapInterpretation )
-	        <a href="../dhis-web-mapping/app/index.html?id=${ip.map.uid}">
-	        <img style="cursor:pointer"
-	            src="../api/maps/${ip.map.uid}/data?date=${format.formatDate( $ip.created )}&width=558"
-	            title="$i18n.getString( 'click_to_view_in_gis' )"></a>
-	    #elseif( $ip.reportTableInterpretation )
-	        <a class="bold"
-	           title="$i18n.getString( 'click_to_view_report_table' )"
-	           href="../dhis-web-pivot/app/index.html?id=${ip.reportTable.uid}${pe}${ou}">
-	           $encoder.htmlEncode( $ip.reportTable.name )</a>
-	    #elseif( $ip.dataSetReportInterpretation )
-	        <a class="bold"
-	           title="$i18n.getString( 'click_to_view_data_set_report' )"
-	           href="../dhis-web-reporting/showDataSetReportForm.action?ds=${ip.dataSet.uid}&pe=${ip.period.isoDate}&ou=${ip.organisationUnit.uid}">
-	           $encoder.htmlEncode( $ip.dataSet.name )</a>
-	    #end
-	    </div>
-
+    <div class="interpretation">
+      <div class="interpretationContent">
+        <div class="interpretationName">
+          <div class="interpretationSymbol">
+            #getSymbol( $ip )
+          </div>
+          <div class="interpretationUser">
+             <a class="bold userLink" href="profile.action?id=${ip.user.uid}">${encoder.htmlEncode( $ip.user.name )}</a><br>
+             <span class="tipText">${format.formatDate( $ip.created )}</span>
+          </div>
+          #gearDropDown( $ip.user )
+        </div>
+        <div class="interpretationText">
+            $!dhisTextUtils.htmlify( ${ip.text} )
+        </div>
+        <div class="interpretationItem">
+        #if( $ip.chartInterpretation )
+            <a href="../dhis-web-visualizer/app/index.html?id=${ip.chart.uid}&date=${format.formatDate( $ip.created )}">
+            <img style="cursor:pointer"
+                src="../api/charts/${ip.chart.uid}/data?date=${format.formatDate( $ip.created )}&width=558&height=300${ou}"
+                title="$i18n.getString( 'click_to_view_in_data_visualizer' )"></a>
+        #elseif( $ip.mapInterpretation )
+            <a href="../dhis-web-mapping/app/index.html?id=${ip.map.uid}">
+            <img style="cursor:pointer"
+                src="../api/maps/${ip.map.uid}/data?date=${format.formatDate( $ip.created )}&width=558"
+                title="$i18n.getString( 'click_to_view_in_gis' )"></a>
+        #elseif( $ip.reportTableInterpretation )
+            <a class="bold"
+               title="$i18n.getString( 'click_to_view_report_table' )"
+               href="../dhis-web-pivot/app/index.html?id=${ip.reportTable.uid}${pe}${ou}">
+               $encoder.htmlEncode( $ip.reportTable.name )</a>
+        #elseif( $ip.dataSetReportInterpretation )
+            <a class="bold"
+               title="$i18n.getString( 'click_to_view_data_set_report' )"
+               href="../dhis-web-reporting/showDataSetReportForm.action?ds=${ip.dataSet.uid}&pe=${ip.period.isoDate}&ou=${ip.organisationUnit.uid}">
+               $encoder.htmlEncode( $ip.dataSet.name )</a>
+        #end
+        </div>
+      </div>
 	    #set( $comments = $ip.comments )
 	    #set( $commentStartPos = ( $comments.size() - $maxComments ) )
 	    <div class="interpretationCommentArea">

=== modified file 'dhis-2/dhis-web/dhis-web-dashboard-integration/src/main/webapp/dhis-web-dashboard-integration/javascript/interpretation.js'
--- dhis-2/dhis-web/dhis-web-dashboard-integration/src/main/webapp/dhis-web-dashboard-integration/javascript/interpretation.js	2012-11-14 11:33:27 +0000
+++ dhis-2/dhis-web/dhis-web-dashboard-integration/src/main/webapp/dhis-web-dashboard-integration/javascript/interpretation.js	2013-12-01 15:05:10 +0000
@@ -63,21 +63,28 @@
 	var url = "../api/interpretations/" + uid + "/comment";
 	
 	var created = getCurrentDate();
-	
+
+  var gearBox = "<div class=\"gearDropDown\">\n  <span><i class=\"fa fa-gear\"></i> <i class=\"fa fa-caret-down\"></i></span>\n</div>\n";
+
 	if ( text.length && $.trim( text ).length )
 	{
 		$.ajax( url, {
 			type: "POST",
 			contentType: "text/html",
 			data: $.trim( text ),
-			success: function() {			
-				var template = 
+			success: function(data, textStatus, request) {
+        var locationArray = request.getResponseHeader('Location').split('/');
+        var commentUid = locationArray[locationArray.length-1];
+
+				var template =
+          "<div class='interpretationComment' data-ip-comment-uid='" + commentUid + "'>" +
 					"<div><div class=\"interpretationName\">" +
 					"<a class=\"bold userLink\" href=\"profile.action?id=${userUid}\">${userName}</a>&nbsp;" +
-					"<span class=\"grey\">${created}<\/span><\/div><\/div>" +
-					"<div class=\"interpretationText\">${text}<\/div>";
-				
-				$.tmpl( template, { 
+					"<span class=\"grey\">${created}<\/span>" + gearBox + "<\/div><\/div>" +
+					"<div class=\"interpretationText\">${text}<\/div>" +
+          "</div>";
+
+				$.tmpl( template, {
 					"userId": currentUser.id,
 					"userUid": currentUser.uid,
 					"userName": currentUser.name,