Author: tchemit Date: 2014-04-09 11:38:33 +0200 (Wed, 09 Apr 2014) New Revision: 1871 Url: http://forge.codelutin.com/projects/wao/repository/revisions/1871 Log: refs #4487 edit contact (security) Modified: trunk/wao-persistence/src/main/resources/i18n/wao-persistence_en_GB.properties trunk/wao-services/src/main/java/fr/ifremer/wao/services/AuthenticatedWaoUser.java trunk/wao-web/src/main/java/fr/ifremer/wao/web/action/obsmer/EditContactAction.java trunk/wao-web/src/main/resources/i18n/wao-web_en_GB.properties trunk/wao-web/src/main/resources/i18n/wao-web_fr_FR.properties trunk/wao-web/src/main/webapp/WEB-INF/content/obsmer/contacts.jsp trunk/wao-web/src/main/webapp/WEB-INF/content/obsmer/edit-contact-input.jsp Modified: trunk/wao-persistence/src/main/resources/i18n/wao-persistence_en_GB.properties =================================================================== --- trunk/wao-persistence/src/main/resources/i18n/wao-persistence_en_GB.properties 2014-04-09 06:59:21 UTC (rev 1870) +++ trunk/wao-persistence/src/main/resources/i18n/wao-persistence_en_GB.properties 2014-04-09 09:38:33 UTC (rev 1871) @@ -138,8 +138,8 @@ fr.ifremer.wao.entity.TerrestrialDivision=Terrestrial divisions fr.ifremer.wao.entity.TerrestrialLocation=Terrestrial locations wao.business.other= -wao.date.formatter=%1$td-%1$tm/%1$tY -wao.datetime.formatter=%1$td-%1$tm/%1$tY %1$tH\:%1$tM +wao.date.formatter=%1$td-%1$tm-%1$tY +wao.datetime.formatter=%1$td-%1$tm-%1$tY %1$tH\:%1$tM wao.month.formatter=%1$tm-%1$tY wao.month.pattern=MM-yyyy wao.time.formatter=%1$tH\:%1$tM Modified: trunk/wao-services/src/main/java/fr/ifremer/wao/services/AuthenticatedWaoUser.java =================================================================== --- trunk/wao-services/src/main/java/fr/ifremer/wao/services/AuthenticatedWaoUser.java 2014-04-09 06:59:21 UTC (rev 1870) +++ trunk/wao-services/src/main/java/fr/ifremer/wao/services/AuthenticatedWaoUser.java 2014-04-09 09:38:33 UTC (rev 1871) @@ -215,6 +215,10 @@ return authorizedToViewBoatDetails; } + public boolean isAuthorizedToEditOrDeleteContact(Contact contact) { + return isAuthorizedToEditContact(contact) || isAuthorizedToDeleteContact(contact); + } + public boolean isAuthorizedToEditContact(Contact contact) { boolean canEdit = getCanWrite() && @@ -281,5 +285,33 @@ } } + public boolean isAuthorizedToDisplayContactSecondaryObservers(Contact contact) { + boolean showSecondaryObservers = true; + if (contact.getSampleRow().isPhoneCall()) { + // when phoning, we are always single + showSecondaryObservers = false; + } + return showSecondaryObservers; + } + public boolean isAuthorizedToDisplayContactDataReliability() { + return isAdmin() || isCoordinator(); + } + + public boolean isAuthorizedToEditContactDataReliability(Contact contact) { + boolean result = isAdmin() // coordinator can see the value + && BooleanUtils.isTrue(contact.getValidationCompany()) + && contact.getValidationProgram() == null; + return result; + } + + public boolean isAuthorizedToEditContactObservers(Contact contact) { + return isCoordinatorOrObserver() && + contact.getValidationProgram() == null; + } + + public boolean isAuthorizedToEditObservationReport(Contact contact) { + return isCoordinatorOrObserver() && + contact.getValidationCompany() == null; + } } Modified: trunk/wao-web/src/main/java/fr/ifremer/wao/web/action/obsmer/EditContactAction.java =================================================================== --- trunk/wao-web/src/main/java/fr/ifremer/wao/web/action/obsmer/EditContactAction.java 2014-04-09 06:59:21 UTC (rev 1870) +++ trunk/wao-web/src/main/java/fr/ifremer/wao/web/action/obsmer/EditContactAction.java 2014-04-09 09:38:33 UTC (rev 1871) @@ -25,7 +25,6 @@ import com.google.common.base.Strings; import com.opensymphony.xwork2.Preparable; import fr.ifremer.wao.WaoUtils; -import fr.ifremer.wao.entity.Contact; import fr.ifremer.wao.entity.ContactState; import fr.ifremer.wao.entity.ContactStateMotif; import fr.ifremer.wao.entity.DataReliability; @@ -59,7 +58,6 @@ import fr.ifremer.wao.services.service.administration.ReferentialService; import fr.ifremer.wao.services.service.administration.WaoUsersService; import fr.ifremer.wao.web.WaoJspActionSupport; -import org.apache.commons.lang3.BooleanUtils; import org.apache.struts2.convention.annotation.Result; import org.apache.struts2.convention.annotation.Results; @@ -289,37 +287,6 @@ } } - public boolean isDisplaySecondaryObservers() { - boolean showSecondaryObservers = true; - if (updateContactCommand.getContact().getSampleRow().isPhoneCall()) { - // when phoning, we are always single - showSecondaryObservers = false; - } - return showSecondaryObservers; - } - - public boolean isDisplayDataReliability() { - return getAuthenticatedWaoUser().isAdmin() || getAuthenticatedWaoUser().isCoordinator(); - } - - public boolean canEditDataReliability() { - Contact contact = updateContactCommand.getContact(); - boolean result = getAuthenticatedWaoUser().isAdmin() // coordinator can see the value - && BooleanUtils.isTrue(contact.getValidationCompany()) - && contact.getValidationProgram() == null; - return result; - } - - public boolean canEditObservers() { - return getAuthenticatedWaoUser().isCoordinatorOrObserver() && - updateContactCommand.getContact().getValidationProgram() == null; - } - - public boolean canEditObservationReport() { - return getAuthenticatedWaoUser().isCoordinatorOrObserver() && - updateContactCommand.getContact().getValidationCompany() == null; - } - @Override public String execute() throws Exception { Modified: trunk/wao-web/src/main/resources/i18n/wao-web_en_GB.properties =================================================================== --- trunk/wao-web/src/main/resources/i18n/wao-web_en_GB.properties 2014-04-09 06:59:21 UTC (rev 1870) +++ trunk/wao-web/src/main/resources/i18n/wao-web_en_GB.properties 2014-04-09 09:38:33 UTC (rev 1871) @@ -116,7 +116,7 @@ wao.ui.chart.numberOfBoatsWithBoardings=Number of boats with x observations wao.ui.chooseUserProfile=Choose your user profile wao.ui.contact.creation=Creation of a contact -wao.ui.contact.edition=Edtion of contact %s +wao.ui.contact.edition=Edtion of contact wao.ui.contact.lastContact=Last observation with this boat for your company wao.ui.contacts.FishingZone.facadeName=Fishing zone Facade wao.ui.contacts.FishingZone.sectorName=Fishing zone Sector Modified: trunk/wao-web/src/main/resources/i18n/wao-web_fr_FR.properties =================================================================== --- trunk/wao-web/src/main/resources/i18n/wao-web_fr_FR.properties 2014-04-09 06:59:21 UTC (rev 1870) +++ trunk/wao-web/src/main/resources/i18n/wao-web_fr_FR.properties 2014-04-09 09:38:33 UTC (rev 1871) @@ -116,7 +116,7 @@ wao.ui.chart.numberOfBoatsWithBoardings=Nombre de navires avec x embarquements wao.ui.chooseUserProfile=Choisissez votre rôle wao.ui.contact.creation=Création d'u contact -wao.ui.contact.edition=Modification du contact %s +wao.ui.contact.edition=Modification du contact wao.ui.contact.lastContact=Dernière observation concernant ce navire pour votre société (tous programmes confondus) wao.ui.contacts.FishingZone.facadeName=Façade wao.ui.contacts.FishingZone.sectorName=Zone Modified: trunk/wao-web/src/main/webapp/WEB-INF/content/obsmer/contacts.jsp =================================================================== --- trunk/wao-web/src/main/webapp/WEB-INF/content/obsmer/contacts.jsp 2014-04-09 06:59:21 UTC (rev 1870) +++ trunk/wao-web/src/main/webapp/WEB-INF/content/obsmer/contacts.jsp 2014-04-09 09:38:33 UTC (rev 1871) @@ -524,7 +524,7 @@ <b class="caret"></b> </a> <ul class="dropdown-menu"> - <s:if test="authenticatedWaoUser.isAuthorizedToEditContact(#contact) || authenticatedWaoUser.isAuthorizedToDeleteContact(#contact)"> + <s:if test="authenticatedWaoUser.isAuthorizedToEditOrDeleteContact(#contact)"> <li> <s:if test="authenticatedWaoUser.admin"> <s:set name="focusAnchor">adminFocus</s:set> Modified: trunk/wao-web/src/main/webapp/WEB-INF/content/obsmer/edit-contact-input.jsp =================================================================== --- trunk/wao-web/src/main/webapp/WEB-INF/content/obsmer/edit-contact-input.jsp 2014-04-09 06:59:21 UTC (rev 1870) +++ trunk/wao-web/src/main/webapp/WEB-INF/content/obsmer/edit-contact-input.jsp 2014-04-09 09:38:33 UTC (rev 1871) @@ -25,12 +25,10 @@ <head> <title> <s:if test="updateContactCommand.creation"> - <s:text name="wao.ui.sampleRow.creation"/> + <s:text name="wao.ui.contact.creation"/> </s:if> <s:else> - <s:text name="wao.ui.contact.edition"> - <s:param value="updateContactCommand.contact.mainObserver.fullName"/> - </s:text> + <s:text name="wao.ui.contact.edition"/> </s:else> </title> <script> @@ -42,15 +40,12 @@ </script> </head> - <h1> <s:if test="updateContactCommand.creation"> <s:text name="wao.ui.contact.creation"/> </s:if> <s:else> - <s:text name="wao.ui.contact.edition"> - <s:param value="updateContactCommand.contact.mainObserver.fullName"/> - </s:text> + <s:text name="wao.ui.contact.edition"/> </s:else> </h1> @@ -60,7 +55,7 @@ <fieldset> - <legend><s:text name="wao.ui.form.contact.boat.information"/></legend> + <legend><s:text name="wao.ui.misc.information"/></legend> <s:textfield name="updateContactCommand.contact.boat.name" label="%{getText('wao.ui.field.Boat.name')}" @@ -79,12 +74,9 @@ value="%{'' + updateContactCommand.contact.boat.buildYear}" label="%{getText('wao.ui.field.Boat.buildYear')}" readonly="true"/> - </fieldset> - <fieldset> + <hr/> - <legend><s:text name="wao.ui.form.contact.sampleRow.information"/></legend> - <s:textfield name="updateContactCommand.contact.sampleRow.professionDescription" label="%{getText('wao.ui.field.SampleRow.profession')}" readonly="true"/> @@ -94,22 +86,23 @@ <s:textfield name="updateContactCommand.contact.sampleRow.periodBegin" label="%{getText('wao.ui.field.SampleRow.periodBegin')}" value="%{formatMonth(updateContactCommand.contact.sampleRow.periodBegin)}" - readonly="true" - cssClass="input-small"/> + cssClass="input-small" + readonly="true"/> <s:textfield name="updateContactCommand.contact.sampleRow.periodEnd" label="%{getText('wao.ui.field.SampleRow.periodEnd')}" value="%{formatMonth(updateContactCommand.contact.sampleRow.periodEnd)}" - readonly="true" - cssClass="input-small"/> - </fieldset> + cssClass="input-small" + readonly="true"/> - <s:textfield name="updateContactCommand.contact.creationDate" - label="%{getText('wao.ui.field.Contact.creationDate')}" - value="%{formatDateTime(updateContactCommand.contact.sampleRow.periodEnd)}" - readonly="true"/> + <hr/> + <s:textfield name="updateContactCommand.contact.creationDate" + label="%{getText('wao.ui.field.Contact.creationDate')}" + value="%{formatDate(updateContactCommand.contact.creationDate)}" + readonly="true"/> + </fieldset> - <%--TODO Editable if canEditObservers()--%> + <%--TODO Editable (cssClass edit-observers) if authenticatedWaoUser.isAuthorizedToEditContactObservers(updateContactCommand.contact)--%> <fieldset> <legend><s:text name="wao.ui.misc.observers"/></legend> @@ -117,49 +110,56 @@ value="%{updateContactCommand.contact.mainObserver.topiaId}" label="%{getText('wao.ui.field.Contact.mainObserver')}" list="observers" - emptyOption="true"/> + emptyOption="true" + cssClass="edit-observers"/> - <s:if test="displaySecondaryObservers"> + <s:if test="authenticatedWaoUser.isAuthorizedToDisplayContactSecondaryObservers(updateContactCommand.contact)"> <s:select name="updateContactCommand.contact.secondaryObservers" value="%{updateContactCommand.contact.secondaryObserversTopiaIds}" label="%{getText('wao.ui.field.Contact.secondaryObservers')}" list="observers" - multiple="true"/> + multiple="true" + cssClass="edit-observers"/> </s:if> </fieldset> - <%--TODO Editable if canEditObservationReport()--%> + <%--TODO Editable (cssClass edit-observationReport) if authenticatedWaoUser.authorizedToEditObservationReport(updateContactCommand.contactcontact)--%> <fieldset id="coordinatorFocus"> <legend><s:text name="wao.ui.misc.observationReport"/></legend> <s:textfield name="updateContactCommand.contact.observationBeginDate" label="%{getText('wao.ui.field.Contact.beginDate')}" value="%{formatDateTime(updateContactCommand.contact.observationBeginDate)}" - placeholder="%{getDateTimePlaceholder()}"/> + placeholder="%{getDateTimePlaceholder()}" + cssClass="edit-observationReport"/> <s:textfield name="updateContactCommand.contact.observationEndDate" label="%{getText('wao.ui.field.Contact.endDate')}" value="%{formatDateTime(updateContactCommand.contact.observationEndDate)}" - placeholder="%{getDateTimePlaceholder()}"/> + placeholder="%{getDateTimePlaceholder()}" + cssClass="observationReport"/> <s:select name="updateContactCommand.contact.contactState" label="%{getText('wao.ui.field.Contact.contactState')}" requiredLabel="true" list="contactStates" - emptyOption="true"/> + cssClass="edit-observationReport"/> <s:select name="updateContactCommand.contact.contactStateMotif" value="%{updateContactCommand.contact.contactState.topiaId}" label="%{getText('wao.ui.field.Contact.contactStateMotif')}" list="contactStateMotives" - emptyOption="true"/> + emptyOption="true" + cssClass="edit-observationReport"/> <s:checkbox name="updateContactCommand.contact.mammalsObservation" - label="%{getText('wao.ui.field.Contact.mammalsObservation')}"/> + label="%{getText('wao.ui.field.Contact.mammalsObservation')}" + cssClass="edit-observationReport"/> <s:checkbox name="updateContactCommand.contact.mammalsCapture" - label="%{getText('wao.ui.field.Contact.mammalsCapture')}"/> + label="%{getText('wao.ui.field.Contact.mammalsCapture')}" + cssClass="edit-observationReport"/> <%--TODO onclick="updateMammalsInfoBox(this);" />--%> <%--<span style="color: red;">--%> @@ -167,48 +167,54 @@ <%--</span>--%> <s:textarea name="updateContactCommand.contact.mammalsInfo" - label="%{getText('wao.ui.field.Contact.mammalsInfo')}"/> + label="%{getText('wao.ui.field.Contact.mammalsInfo')}" + cssClass="edit-observationReport"/> <s:textfield name="updateContactCommand.contact.dataInputDate" label="%{getText('wao.ui.field.Contact.dataInputDate')}" value="%{formatDate(updateContactCommand.contact.dataInputDate)}" - placeholder="%{getDatePlaceholder()}"/> + placeholder="%{getDatePlaceholder()}" + cssClass="edit-observationReport"/> <%--TODO Editable for authenticatedWaoUser.coordinator--%> <s:select name="updateContactCommand.contact.observedDataControl" label="%{getText('wao.ui.field.Contact.observedDataControl')}" list="observedDataControls" - emptyOption="true"/> + emptyOption="true" + cssClass="edit-observationReport"/> <s:textfield name="updateContactCommand.contact.restitution" label="%{getText('wao.ui.field.Contact.restitution')}" value="%{formatDate(updateContactCommand.contact.restitution)}" - placeholder="%{getDatePlaceholder()}"/> + placeholder="%{getDatePlaceholder()}" + cssClass="edit-observationReport"/> - <%--TODO Editable for authenticatedWaoUser.coordinatorOrObserver--%> <s:textarea name="updateContactCommand.contact.comment" - label="%{getText('wao.ui.field.Contact.comment')}"/> + label="%{getText('wao.ui.field.Contact.comment')}" + readonly="%{!authenticatedWaoUser.coordinatorOrObserver}" + cssClass="edit-observationReport"/> - <%--TODO Editable for authenticatedWaoUser.coordinator--%> <s:textarea name="updateContactCommand.contact.commentCoordinator" - label="%{getText('wao.ui.field.Contact.commentCoordinator')}"/> + label="%{getText('wao.ui.field.Contact.commentCoordinator')}" + readonly="%{!authenticatedWaoUser.coordinator}" + cssClass="edit-observationReport"/> </fieldset> <fieldset name="adminFocus"> <legend><s:text name="wao.ui.form.programEvaluation"/></legend> - <%--TODO Editable for canEditDataReliability()--%> - <s:if test="displayDataReliability"> + <s:if test="authenticatedWaoUser.authorizedToDisplayContactDataReliability"> + <%--TODO Editable for authenticatedWaoUser.isAuthorizedToEditContactDataReliability(updateContactCommand.contact)--%> <s:select name="updateContactCommand.contact.dataReliability" label="%{getText('wao.ui.field.Contact.dataReliability')}" list="dataReliabilities" emptyOption="true"/> </s:if> - <%--TODO Editable for authenticatedWaoUser.admin--%> <s:textarea name="updateContactCommand.contact.commentAdmin" - label="%{getText('wao.ui.field.Contact.commentAdmin')}"/> + label="%{getText('wao.ui.field.Contact.commentAdmin')}" + readonly="%{!authenticatedWaoUser.admin}"/> </fieldset> <div class="form-actions">