You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@esme.apache.org by rh...@apache.org on 2011/03/11 12:17:07 UTC
svn commit: r1080526 - in /esme/trunk/server/src/main: scala/org/apache/esme/lib/AccessPoolMgr.scala webapp/pools_view/index.html

Author: rhirsch
Date: Fri Mar 11 11:17:07 2011
New Revision: 1080526

URL: http://svn.apache.org/viewvc?rev=1080526&view=rev
Log:
[ESME-337] User with no admin rights to a pool shouldn't be able to edit it.
Patch from Vladimir Ivanov

Modified:
    esme/trunk/server/src/main/scala/org/apache/esme/lib/AccessPoolMgr.scala
    esme/trunk/server/src/main/webapp/pools_view/index.html

Modified: esme/trunk/server/src/main/scala/org/apache/esme/lib/AccessPoolMgr.scala
URL: http://svn.apache.org/viewvc/esme/trunk/server/src/main/scala/org/apache/esme/lib/AccessPoolMgr.scala?rev=1080526&r1=1080525&r2=1080526&view=diff
==============================================================================
--- esme/trunk/server/src/main/scala/org/apache/esme/lib/AccessPoolMgr.scala (original)
+++ esme/trunk/server/src/main/scala/org/apache/esme/lib/AccessPoolMgr.scala Fri Mar 11 11:17:07 2011
@@ -349,13 +349,21 @@ object AccessPoolMgr {
     val accessPool = AccessPool.find(By(AccessPool.id, poolId.is))  
     Privilege.findAll(By(Privilege.pool, poolId.is), NotBy(Privilege.permission, Permission.Denied)) match {
       case Nil => NodeSeq.Empty
-      case xs => bind("pool", in,
-                      "user" -> 
-                      (lst => xs.flatMap(i => bind("user", lst,
-                                                   "name" -> User.find(i.user).map(
-                                                             _.nickname.is).getOrElse(""),
-                                                   "privilege" -> i.permission.is.toString
-                      ))))
+      case xs => {
+        def userNamePrivilege(lst : NodeSeq) : NodeSeq = {
+          xs.flatMap(i => bind("user", lst,
+                               "name" -> User.find(i.user).map(
+                                         _.nickname.is).getOrElse(""),
+                               "privilege" -> i.permission.is.toString
+                          ))
+        }
+
+        def renderEditButton(in : NodeSeq) : NodeSeq = if(Privilege.findAdminPools(user.open_!.id).contains(poolId.is)) in else NodeSeq.Empty
+
+        bind("pool", in,
+          "user" -> userNamePrivilege _,
+          "action" -> renderEditButton _)
+      }
     }
     }
 

Modified: esme/trunk/server/src/main/webapp/pools_view/index.html
URL: http://svn.apache.org/viewvc/esme/trunk/server/src/main/webapp/pools_view/index.html?rev=1080526&r1=1080525&r2=1080526&view=diff
==============================================================================
--- esme/trunk/server/src/main/webapp/pools_view/index.html (original)
+++ esme/trunk/server/src/main/webapp/pools_view/index.html Fri Mar 11 11:17:07 2011
@@ -122,11 +122,13 @@
 								</pool:user>
 							</tbody>
 						</table>
+                    <pool:action>
 					<div class="post-form-row">
 						<div class="submit-btn tipelement" title="Add a user to an existing pool." >
 							<input type="image" onclick="javascript:$('#dialog-form-user').dialog('open')" id="create-user" src="../images/edit.gif"/>
 						</div>
 					</div>
+                    </pool:action>
 				</lift:poolUsers>
 			</div>
 			<div class="pool_select">