Merge pull request #3061 from FinnStutzenstein/Issue3036
Let users with comments management perms edit them (fixes #3036)
This commit is contained in:
Emanuel Schütze
GitHub
commit
b8742bcb8f
@ -581,6 +581,7 @@ div.projector-image {
|
||||
background-size: contain;
|
||||
background-repeat: no-repeat;
|
||||
background-position: 50% 50%;
|
||||
background-color: #fff;
|
||||
}
|
||||
|
||||
.video-container {
|
||||
|
||||
@ -446,7 +446,11 @@ angular.module('OpenSlidesApp.motions', [
|
||||
* - unsupport
|
||||
* - change_state
|
||||
* - reset_state
|
||||
* - change_comments
|
||||
* - change_recommendation
|
||||
* - can_manage
|
||||
* - can_see_amendments
|
||||
* - can_create_amendments
|
||||
*
|
||||
* NOTE: If you update this function please think about
|
||||
* server permissions, see motions/views.py.
|
||||
@ -469,8 +473,6 @@ angular.module('OpenSlidesApp.motions', [
|
||||
this.state.allow_submitter_edit
|
||||
)
|
||||
);
|
||||
case 'quickedit':
|
||||
return operator.hasPerms('motions.can_manage');
|
||||
case 'delete':
|
||||
return operator.hasPerms('motions.can_manage');
|
||||
case 'create_poll':
|
||||
@ -492,6 +494,8 @@ angular.module('OpenSlidesApp.motions', [
|
||||
return operator.hasPerms('motions.can_manage');
|
||||
case 'reset_state':
|
||||
return operator.hasPerms('motions.can_manage');
|
||||
case 'change_comments':
|
||||
return operator.hasPerms('motions.can_see_and_manage_comments');
|
||||
case 'change_recommendation':
|
||||
return operator.hasPerms('motions.can_manage');
|
||||
case 'can_manage':
|
||||
|
||||
@ -86,24 +86,20 @@ angular.module('OpenSlidesApp.motions.motionservices', ['OpenSlidesApp.motions',
|
||||
};
|
||||
|
||||
obj.enable = function () {
|
||||
if (motion.isAllowed('update')) {
|
||||
obj.active = true;
|
||||
obj.isEditable = true;
|
||||
obj.ckeditorOptions.language = gettextCatalog.getCurrentLanguage();
|
||||
obj.editor = CKEDITOR.inline(selector, obj.ckeditorOptions);
|
||||
obj.editor.on('change', function () {
|
||||
$timeout(function() {
|
||||
if (obj.editor.getData() != obj.originalHtml) {
|
||||
obj.changed = true;
|
||||
} else {
|
||||
obj.changed = false;
|
||||
}
|
||||
});
|
||||
obj.active = true;
|
||||
obj.isEditable = true;
|
||||
obj.ckeditorOptions.language = gettextCatalog.getCurrentLanguage();
|
||||
obj.editor = CKEDITOR.inline(selector, obj.ckeditorOptions);
|
||||
obj.editor.on('change', function () {
|
||||
$timeout(function() {
|
||||
if (obj.editor.getData() != obj.originalHtml) {
|
||||
obj.changed = true;
|
||||
} else {
|
||||
obj.changed = false;
|
||||
}
|
||||
});
|
||||
obj.revert();
|
||||
} else {
|
||||
obj.disable();
|
||||
}
|
||||
});
|
||||
obj.revert();
|
||||
};
|
||||
|
||||
obj.disable = function () {
|
||||
@ -143,10 +139,6 @@ angular.module('OpenSlidesApp.motions.motionservices', ['OpenSlidesApp.motions',
|
||||
};
|
||||
|
||||
obj.save = function () {
|
||||
if (!motion.isAllowed('update')) {
|
||||
throw 'No permission to update motion';
|
||||
}
|
||||
|
||||
saveData(obj);
|
||||
obj.disable();
|
||||
|
||||
@ -195,6 +187,9 @@ angular.module('OpenSlidesApp.motions.motionservices', ['OpenSlidesApp.motions',
|
||||
return motion['comment ' + field.name];
|
||||
},
|
||||
function (obj) {
|
||||
motion.title = motion.getTitle(-1);
|
||||
motion.text = motion.getText(-1);
|
||||
motion.reason = motion.getReason(-1);
|
||||
motion['comment ' + field.name] = obj.editor.getData();
|
||||
}
|
||||
);
|
||||
|
||||
@ -1289,7 +1289,8 @@ angular.module('OpenSlidesApp.motions.site', [
|
||||
function (obj) {
|
||||
motion.reason = motion.getReason(-1);
|
||||
motion.setTextStrippingLineBreaks(obj.editor.getData());
|
||||
motion.disable_versioning = (obj.trivialChange && Config.get('motions_allow_disable_versioning').value);
|
||||
motion.disable_versioning = (obj.trivialChange &&
|
||||
Config.get('motions_allow_disable_versioning').value);
|
||||
}
|
||||
);
|
||||
$scope.commentsInlineEditing = MotionCommentsInlineEditing.createInstances($scope, motion);
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
<div class="row">
|
||||
<!-- inline editing toolbar -->
|
||||
<div class="motion-toolbar">
|
||||
<div class="pull-right inline-editing-activator" ng-if="motion.isAllowed('update')">
|
||||
<div class="pull-right inline-editing-activator" ng-if="motion.isAllowed('change_comments')">
|
||||
<button ng-if="!commentsInlineEditing.active()" ng-click="commentsInlineEditing.enable()"
|
||||
class="btn btn-sm btn-default">
|
||||
<i class="fa fa-pencil-square-o"></i>
|
||||
|
||||
@ -152,8 +152,8 @@ class MotionViewSet(ModelViewSet):
|
||||
|
||||
# Check permissions.
|
||||
if (not has_perm(request.user, 'motions.can_manage') and
|
||||
not (motion.is_submitter(request.user) and
|
||||
motion.state.allow_submitter_edit)):
|
||||
not (motion.is_submitter(request.user) and motion.state.allow_submitter_edit) and
|
||||
not has_perm(request.user, 'motions.can_see_and_manage_comments')):
|
||||
self.permission_denied(request)
|
||||
|
||||
# Check permission to send only some data.
|
||||
@ -161,12 +161,16 @@ class MotionViewSet(ModelViewSet):
|
||||
# Remove fields that the user is not allowed to change.
|
||||
# The list() is required because we want to use del inside the loop.
|
||||
keys = list(request.data.keys())
|
||||
whitelist = (
|
||||
'title',
|
||||
'text',
|
||||
'reason',
|
||||
whitelist = [
|
||||
'comments', # This is checked later.
|
||||
)
|
||||
]
|
||||
# Add title, text and reason to the whitelist only, if the user is the submitter.
|
||||
if motion.is_submitter(request.user) and motion.state.allow_submitter_edit:
|
||||
whitelist.extend((
|
||||
'title',
|
||||
'text',
|
||||
'reason',
|
||||
))
|
||||
for key in keys:
|
||||
if key not in whitelist:
|
||||
del request.data[key]
|
||||
|
||||
Loading…
Reference in New Issue
Block a user