ag-admin/OpenSlides
0
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Prevent drag and final versions without perms

Browse Source 
Fixes an issue where users without manage rights
were able to use the drag and drop feature of the
list of speakers.
Also hides "modified final version" prints without
sufficient permissions.

Alters OSPerms to support "and" operators,
so "perm" and "other condition" is now possible
This commit is contained in:
Sean Engelhardt 2019-03-08 11:53:25 +01:00
parent 83ff758977
commit 985fe9cc8b
6 changed files with 41 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
client/src/app/shared/components/sorting-list/sorting-list.component.html
View File

@ -1,9 +1,9 @@
<div cdkDropList class="os-card" (cdkDropListDropped)="drop($event)"> <div cdkDropList class="os-card" [cdkDropListDisabled]="!enable" (cdkDropListDropped)="drop($event)">
<div class="box line" *ngIf="!array.length"> <div class="box line" *ngIf="!array.length">
<span translate>No data</span> <span translate>No data</span>
</div> </div>
<div class="box line" *ngFor="let item of array; let i = index" cdkDrag> <div class="box line" *ngFor="let item of array; let i = index" cdkDrag>
<div class="section-one" cdkDragHandle> <div class="section-one" cdkDragHandle *ngIf="enable">
<mat-icon>drag_indicator</mat-icon> <mat-icon>drag_indicator</mat-icon>
</div> </div>
<div class="section-two"> <div class="section-two">

6
client/src/app/shared/components/sorting-list/sorting-list.component.ts
View File

@ -59,6 +59,12 @@ export class SortingListComponent implements OnInit, OnDestroy {
@Input() @Input()
public count = false; public count = false;
/**
* Can be set to false to disable drag n drop
*/
@Input()
public enable = true;
/** /**
* The Input List Values * The Input List Values
* *

21
client/src/app/shared/directives/perms.directive.ts
View File

@ -47,6 +47,12 @@ export class PermsDirective implements OnInit, OnDestroy {
*/ */
private complement: boolean; private complement: boolean;
/**
* Add a true-false-condition additional to osPerms
* `*osPerms="'motions.can_manage';and:isRecoMode(ChangeRecoMode.Final)"`
*/
private and = true;
private operatorSubscription: Subscription | null; private operatorSubscription: Subscription | null;
/** /**
@ -110,6 +116,16 @@ export class PermsDirective implements OnInit, OnDestroy {
this.updateView(); this.updateView();
} }
/**
* Comes from the view.
* `;and:` turns into osPermsAnd during runtime.
*/
@Input('osPermsAnd')
public set osPermsAnd(value: boolean) {
this.and = value;
this.updateView();
}
/** /**
* Shows or hides certain content in the view. * Shows or hides certain content in the view.
*/ */
@ -133,7 +149,10 @@ export class PermsDirective implements OnInit, OnDestroy {
* Returns true if the users permissions fit. * Returns true if the users permissions fit.
*/ */
private checkPermissions(): boolean { private checkPermissions(): boolean {
const hasPerms = this.permissions.length === 0 || this.operator.hasPerms(...this.permissions); const hasPerms = this.and
? this.permissions.length === 0 || this.operator.hasPerms(...this.permissions)
: false;
if (this.complement) { if (this.complement) {
return !hasPerms; return !hasPerms;
} else { } else {

8
client/src/app/site/agenda/components/list-of-speakers/list-of-speakers.component.html
View File

@ -60,7 +60,13 @@
<!-- Waiting speakers --> <!-- Waiting speakers -->
<div> <div>
<div class="waiting-list" *ngIf="speakers && speakers.length > 0"> <div class="waiting-list" *ngIf="speakers && speakers.length > 0">
<os-sorting-list [input]="speakers" [live]="true" [count]="true" (sortEvent)="onSortingChange($event)"> <os-sorting-list
[input]="speakers"
[live]="true"
[count]="true"
[enable]="opCanManage()"
(sortEvent)="onSortingChange($event)"
>
<!-- implicit item references into the component using ng-template slot --> <!-- implicit item references into the component using ng-template slot -->
<ng-template let-item> <ng-template let-item>
<span *osPerms="'agenda.can_manage_list_of_speakers'"> <span *osPerms="'agenda.can_manage_list_of_speakers'">

4
client/src/app/site/agenda/components/list-of-speakers/list-of-speakers.component.ts
View File

@ -176,6 +176,10 @@ export class ListOfSpeakersComponent extends BaseViewComponent implements OnInit
}); });
} }
public opCanManage(): boolean {
return this.op.hasPerms('agenda.can_manage_list_of_speakers');
}
/** /**
* Check the URL to determine a current list of Speakers * Check the URL to determine a current list of Speakers
*/ */

4
client/src/app/site/motions/modules/motion-detail/components/motion-detail/motion-detail.component.html
View File

@ -495,7 +495,7 @@
type="button" type="button"
mat-icon-button mat-icon-button
matTooltip="{{ 'Create final print template' | translate }}" matTooltip="{{ 'Create final print template' | translate }}"
*ngIf="isRecoMode(ChangeRecoMode.Final)" *osPerms="'motions.can_manage';and:isRecoMode(ChangeRecoMode.Final)"
(click)="createModifiedFinalVersion()" (click)="createModifiedFinalVersion()"
> >
<mat-icon>description</mat-icon> <mat-icon>description</mat-icon>
@ -878,7 +878,7 @@
<button <button
mat-menu-item mat-menu-item
translate translate
*ngIf="motion?.modified_final_version" *osPerms="'motions.can_manage';and:isRecoMode(ChangeRecoMode.Final)"
(click)="setChangeRecoMode(ChangeRecoMode.ModifiedFinal)" (click)="setChangeRecoMode(ChangeRecoMode.ModifiedFinal)"
[ngClass]="{ selected: motion?.crMode === ChangeRecoMode.ModifiedFinal }" [ngClass]="{ selected: motion?.crMode === ChangeRecoMode.ModifiedFinal }"
> >