Merge pull request #3061 from FinnStutzenstein/Issue3036

Let users with comments management perms edit them (fixes #3036)
This commit is contained in:
Emanuel Schütze 2017-03-21 10:49:13 +01:00 committed by GitHub
commit b8742bcb8f
6 changed files with 37 additions and 32 deletions

View File

@ -581,6 +581,7 @@ div.projector-image {
background-size: contain; background-size: contain;
background-repeat: no-repeat; background-repeat: no-repeat;
background-position: 50% 50%; background-position: 50% 50%;
background-color: #fff;
} }
.video-container { .video-container {

View File

@ -446,7 +446,11 @@ angular.module('OpenSlidesApp.motions', [
* - unsupport * - unsupport
* - change_state * - change_state
* - reset_state * - reset_state
* - change_comments
* - change_recommendation * - change_recommendation
* - can_manage
* - can_see_amendments
* - can_create_amendments
* *
* NOTE: If you update this function please think about * NOTE: If you update this function please think about
* server permissions, see motions/views.py. * server permissions, see motions/views.py.
@ -469,8 +473,6 @@ angular.module('OpenSlidesApp.motions', [
this.state.allow_submitter_edit this.state.allow_submitter_edit
) )
); );
case 'quickedit':
return operator.hasPerms('motions.can_manage');
case 'delete': case 'delete':
return operator.hasPerms('motions.can_manage'); return operator.hasPerms('motions.can_manage');
case 'create_poll': case 'create_poll':
@ -492,6 +494,8 @@ angular.module('OpenSlidesApp.motions', [
return operator.hasPerms('motions.can_manage'); return operator.hasPerms('motions.can_manage');
case 'reset_state': case 'reset_state':
return operator.hasPerms('motions.can_manage'); return operator.hasPerms('motions.can_manage');
case 'change_comments':
return operator.hasPerms('motions.can_see_and_manage_comments');
case 'change_recommendation': case 'change_recommendation':
return operator.hasPerms('motions.can_manage'); return operator.hasPerms('motions.can_manage');
case 'can_manage': case 'can_manage':

View File

@ -86,24 +86,20 @@ angular.module('OpenSlidesApp.motions.motionservices', ['OpenSlidesApp.motions',
}; };
obj.enable = function () { obj.enable = function () {
if (motion.isAllowed('update')) { obj.active = true;
obj.active = true; obj.isEditable = true;
obj.isEditable = true; obj.ckeditorOptions.language = gettextCatalog.getCurrentLanguage();
obj.ckeditorOptions.language = gettextCatalog.getCurrentLanguage(); obj.editor = CKEDITOR.inline(selector, obj.ckeditorOptions);
obj.editor = CKEDITOR.inline(selector, obj.ckeditorOptions); obj.editor.on('change', function () {
obj.editor.on('change', function () { $timeout(function() {
$timeout(function() { if (obj.editor.getData() != obj.originalHtml) {
if (obj.editor.getData() != obj.originalHtml) { obj.changed = true;
obj.changed = true; } else {
} else { obj.changed = false;
obj.changed = false; }
}
});
}); });
obj.revert(); });
} else { obj.revert();
obj.disable();
}
}; };
obj.disable = function () { obj.disable = function () {
@ -143,10 +139,6 @@ angular.module('OpenSlidesApp.motions.motionservices', ['OpenSlidesApp.motions',
}; };
obj.save = function () { obj.save = function () {
if (!motion.isAllowed('update')) {
throw 'No permission to update motion';
}
saveData(obj); saveData(obj);
obj.disable(); obj.disable();
@ -195,6 +187,9 @@ angular.module('OpenSlidesApp.motions.motionservices', ['OpenSlidesApp.motions',
return motion['comment ' + field.name]; return motion['comment ' + field.name];
}, },
function (obj) { function (obj) {
motion.title = motion.getTitle(-1);
motion.text = motion.getText(-1);
motion.reason = motion.getReason(-1);
motion['comment ' + field.name] = obj.editor.getData(); motion['comment ' + field.name] = obj.editor.getData();
} }
); );

View File

@ -1289,7 +1289,8 @@ angular.module('OpenSlidesApp.motions.site', [
function (obj) { function (obj) {
motion.reason = motion.getReason(-1); motion.reason = motion.getReason(-1);
motion.setTextStrippingLineBreaks(obj.editor.getData()); motion.setTextStrippingLineBreaks(obj.editor.getData());
motion.disable_versioning = (obj.trivialChange && Config.get('motions_allow_disable_versioning').value); motion.disable_versioning = (obj.trivialChange &&
Config.get('motions_allow_disable_versioning').value);
} }
); );
$scope.commentsInlineEditing = MotionCommentsInlineEditing.createInstances($scope, motion); $scope.commentsInlineEditing = MotionCommentsInlineEditing.createInstances($scope, motion);

View File

@ -2,7 +2,7 @@
<div class="row"> <div class="row">
<!-- inline editing toolbar --> <!-- inline editing toolbar -->
<div class="motion-toolbar"> <div class="motion-toolbar">
<div class="pull-right inline-editing-activator" ng-if="motion.isAllowed('update')"> <div class="pull-right inline-editing-activator" ng-if="motion.isAllowed('change_comments')">
<button ng-if="!commentsInlineEditing.active()" ng-click="commentsInlineEditing.enable()" <button ng-if="!commentsInlineEditing.active()" ng-click="commentsInlineEditing.enable()"
class="btn btn-sm btn-default"> class="btn btn-sm btn-default">
<i class="fa fa-pencil-square-o"></i> <i class="fa fa-pencil-square-o"></i>

View File

@ -152,8 +152,8 @@ class MotionViewSet(ModelViewSet):
# Check permissions. # Check permissions.
if (not has_perm(request.user, 'motions.can_manage') and if (not has_perm(request.user, 'motions.can_manage') and
not (motion.is_submitter(request.user) and not (motion.is_submitter(request.user) and motion.state.allow_submitter_edit) and
motion.state.allow_submitter_edit)): not has_perm(request.user, 'motions.can_see_and_manage_comments')):
self.permission_denied(request) self.permission_denied(request)
# Check permission to send only some data. # Check permission to send only some data.
@ -161,12 +161,16 @@ class MotionViewSet(ModelViewSet):
# Remove fields that the user is not allowed to change. # Remove fields that the user is not allowed to change.
# The list() is required because we want to use del inside the loop. # The list() is required because we want to use del inside the loop.
keys = list(request.data.keys()) keys = list(request.data.keys())
whitelist = ( whitelist = [
'title',
'text',
'reason',
'comments', # This is checked later. 'comments', # This is checked later.
) ]
# Add title, text and reason to the whitelist only, if the user is the submitter.
if motion.is_submitter(request.user) and motion.state.allow_submitter_edit:
whitelist.extend((
'title',
'text',
'reason',
))
for key in keys: for key in keys:
if key not in whitelist: if key not in whitelist:
del request.data[key] del request.data[key]