Merge pull request #3061 from FinnStutzenstein/Issue3036
Let users with comments management perms edit them (fixes #3036)
This commit is contained in:
commit
b8742bcb8f
@ -581,6 +581,7 @@ div.projector-image {
|
|||||||
background-size: contain;
|
background-size: contain;
|
||||||
background-repeat: no-repeat;
|
background-repeat: no-repeat;
|
||||||
background-position: 50% 50%;
|
background-position: 50% 50%;
|
||||||
|
background-color: #fff;
|
||||||
}
|
}
|
||||||
|
|
||||||
.video-container {
|
.video-container {
|
||||||
|
@ -446,7 +446,11 @@ angular.module('OpenSlidesApp.motions', [
|
|||||||
* - unsupport
|
* - unsupport
|
||||||
* - change_state
|
* - change_state
|
||||||
* - reset_state
|
* - reset_state
|
||||||
|
* - change_comments
|
||||||
* - change_recommendation
|
* - change_recommendation
|
||||||
|
* - can_manage
|
||||||
|
* - can_see_amendments
|
||||||
|
* - can_create_amendments
|
||||||
*
|
*
|
||||||
* NOTE: If you update this function please think about
|
* NOTE: If you update this function please think about
|
||||||
* server permissions, see motions/views.py.
|
* server permissions, see motions/views.py.
|
||||||
@ -469,8 +473,6 @@ angular.module('OpenSlidesApp.motions', [
|
|||||||
this.state.allow_submitter_edit
|
this.state.allow_submitter_edit
|
||||||
)
|
)
|
||||||
);
|
);
|
||||||
case 'quickedit':
|
|
||||||
return operator.hasPerms('motions.can_manage');
|
|
||||||
case 'delete':
|
case 'delete':
|
||||||
return operator.hasPerms('motions.can_manage');
|
return operator.hasPerms('motions.can_manage');
|
||||||
case 'create_poll':
|
case 'create_poll':
|
||||||
@ -492,6 +494,8 @@ angular.module('OpenSlidesApp.motions', [
|
|||||||
return operator.hasPerms('motions.can_manage');
|
return operator.hasPerms('motions.can_manage');
|
||||||
case 'reset_state':
|
case 'reset_state':
|
||||||
return operator.hasPerms('motions.can_manage');
|
return operator.hasPerms('motions.can_manage');
|
||||||
|
case 'change_comments':
|
||||||
|
return operator.hasPerms('motions.can_see_and_manage_comments');
|
||||||
case 'change_recommendation':
|
case 'change_recommendation':
|
||||||
return operator.hasPerms('motions.can_manage');
|
return operator.hasPerms('motions.can_manage');
|
||||||
case 'can_manage':
|
case 'can_manage':
|
||||||
|
@ -86,24 +86,20 @@ angular.module('OpenSlidesApp.motions.motionservices', ['OpenSlidesApp.motions',
|
|||||||
};
|
};
|
||||||
|
|
||||||
obj.enable = function () {
|
obj.enable = function () {
|
||||||
if (motion.isAllowed('update')) {
|
obj.active = true;
|
||||||
obj.active = true;
|
obj.isEditable = true;
|
||||||
obj.isEditable = true;
|
obj.ckeditorOptions.language = gettextCatalog.getCurrentLanguage();
|
||||||
obj.ckeditorOptions.language = gettextCatalog.getCurrentLanguage();
|
obj.editor = CKEDITOR.inline(selector, obj.ckeditorOptions);
|
||||||
obj.editor = CKEDITOR.inline(selector, obj.ckeditorOptions);
|
obj.editor.on('change', function () {
|
||||||
obj.editor.on('change', function () {
|
$timeout(function() {
|
||||||
$timeout(function() {
|
if (obj.editor.getData() != obj.originalHtml) {
|
||||||
if (obj.editor.getData() != obj.originalHtml) {
|
obj.changed = true;
|
||||||
obj.changed = true;
|
} else {
|
||||||
} else {
|
obj.changed = false;
|
||||||
obj.changed = false;
|
}
|
||||||
}
|
|
||||||
});
|
|
||||||
});
|
});
|
||||||
obj.revert();
|
});
|
||||||
} else {
|
obj.revert();
|
||||||
obj.disable();
|
|
||||||
}
|
|
||||||
};
|
};
|
||||||
|
|
||||||
obj.disable = function () {
|
obj.disable = function () {
|
||||||
@ -143,10 +139,6 @@ angular.module('OpenSlidesApp.motions.motionservices', ['OpenSlidesApp.motions',
|
|||||||
};
|
};
|
||||||
|
|
||||||
obj.save = function () {
|
obj.save = function () {
|
||||||
if (!motion.isAllowed('update')) {
|
|
||||||
throw 'No permission to update motion';
|
|
||||||
}
|
|
||||||
|
|
||||||
saveData(obj);
|
saveData(obj);
|
||||||
obj.disable();
|
obj.disable();
|
||||||
|
|
||||||
@ -195,6 +187,9 @@ angular.module('OpenSlidesApp.motions.motionservices', ['OpenSlidesApp.motions',
|
|||||||
return motion['comment ' + field.name];
|
return motion['comment ' + field.name];
|
||||||
},
|
},
|
||||||
function (obj) {
|
function (obj) {
|
||||||
|
motion.title = motion.getTitle(-1);
|
||||||
|
motion.text = motion.getText(-1);
|
||||||
|
motion.reason = motion.getReason(-1);
|
||||||
motion['comment ' + field.name] = obj.editor.getData();
|
motion['comment ' + field.name] = obj.editor.getData();
|
||||||
}
|
}
|
||||||
);
|
);
|
||||||
|
@ -1289,7 +1289,8 @@ angular.module('OpenSlidesApp.motions.site', [
|
|||||||
function (obj) {
|
function (obj) {
|
||||||
motion.reason = motion.getReason(-1);
|
motion.reason = motion.getReason(-1);
|
||||||
motion.setTextStrippingLineBreaks(obj.editor.getData());
|
motion.setTextStrippingLineBreaks(obj.editor.getData());
|
||||||
motion.disable_versioning = (obj.trivialChange && Config.get('motions_allow_disable_versioning').value);
|
motion.disable_versioning = (obj.trivialChange &&
|
||||||
|
Config.get('motions_allow_disable_versioning').value);
|
||||||
}
|
}
|
||||||
);
|
);
|
||||||
$scope.commentsInlineEditing = MotionCommentsInlineEditing.createInstances($scope, motion);
|
$scope.commentsInlineEditing = MotionCommentsInlineEditing.createInstances($scope, motion);
|
||||||
|
@ -2,7 +2,7 @@
|
|||||||
<div class="row">
|
<div class="row">
|
||||||
<!-- inline editing toolbar -->
|
<!-- inline editing toolbar -->
|
||||||
<div class="motion-toolbar">
|
<div class="motion-toolbar">
|
||||||
<div class="pull-right inline-editing-activator" ng-if="motion.isAllowed('update')">
|
<div class="pull-right inline-editing-activator" ng-if="motion.isAllowed('change_comments')">
|
||||||
<button ng-if="!commentsInlineEditing.active()" ng-click="commentsInlineEditing.enable()"
|
<button ng-if="!commentsInlineEditing.active()" ng-click="commentsInlineEditing.enable()"
|
||||||
class="btn btn-sm btn-default">
|
class="btn btn-sm btn-default">
|
||||||
<i class="fa fa-pencil-square-o"></i>
|
<i class="fa fa-pencil-square-o"></i>
|
||||||
|
@ -152,8 +152,8 @@ class MotionViewSet(ModelViewSet):
|
|||||||
|
|
||||||
# Check permissions.
|
# Check permissions.
|
||||||
if (not has_perm(request.user, 'motions.can_manage') and
|
if (not has_perm(request.user, 'motions.can_manage') and
|
||||||
not (motion.is_submitter(request.user) and
|
not (motion.is_submitter(request.user) and motion.state.allow_submitter_edit) and
|
||||||
motion.state.allow_submitter_edit)):
|
not has_perm(request.user, 'motions.can_see_and_manage_comments')):
|
||||||
self.permission_denied(request)
|
self.permission_denied(request)
|
||||||
|
|
||||||
# Check permission to send only some data.
|
# Check permission to send only some data.
|
||||||
@ -161,12 +161,16 @@ class MotionViewSet(ModelViewSet):
|
|||||||
# Remove fields that the user is not allowed to change.
|
# Remove fields that the user is not allowed to change.
|
||||||
# The list() is required because we want to use del inside the loop.
|
# The list() is required because we want to use del inside the loop.
|
||||||
keys = list(request.data.keys())
|
keys = list(request.data.keys())
|
||||||
whitelist = (
|
whitelist = [
|
||||||
'title',
|
|
||||||
'text',
|
|
||||||
'reason',
|
|
||||||
'comments', # This is checked later.
|
'comments', # This is checked later.
|
||||||
)
|
]
|
||||||
|
# Add title, text and reason to the whitelist only, if the user is the submitter.
|
||||||
|
if motion.is_submitter(request.user) and motion.state.allow_submitter_edit:
|
||||||
|
whitelist.extend((
|
||||||
|
'title',
|
||||||
|
'text',
|
||||||
|
'reason',
|
||||||
|
))
|
||||||
for key in keys:
|
for key in keys:
|
||||||
if key not in whitelist:
|
if key not in whitelist:
|
||||||
del request.data[key]
|
del request.data[key]
|
||||||
|
Loading…
Reference in New Issue
Block a user