From e7ab92b7c99c7a3a687616af3770ee3f9d853a53 Mon Sep 17 00:00:00 2001 From: James Allen Date: Thu, 12 Jan 2017 11:52:39 +0100 Subject: [PATCH] Only show users controls they have permission to use --- services/web/app/coffee/router.coffee | 3 +- .../views/project/editor/review-panel.jade | 34 +++++++++++++------ .../ide/permissions/PermissionsManager.coffee | 7 ++++ .../directives/changeEntry.coffee | 1 + .../directives/commentEntry.coffee | 1 + .../directives/resolvedCommentEntry.coffee | 1 + .../resolvedCommentsDropdown.coffee | 1 + .../stylesheets/app/editor/review-panel.less | 6 +++- 8 files changed, 41 insertions(+), 13 deletions(-) diff --git a/services/web/app/coffee/router.coffee b/services/web/app/coffee/router.coffee index d98f9579e1..a9105a1d46 100644 --- a/services/web/app/coffee/router.coffee +++ b/services/web/app/coffee/router.coffee @@ -233,7 +233,8 @@ module.exports = class Router webRouter.get "/project/:project_id/messages", AuthorizationMiddlewear.ensureUserCanReadProject, ChatController.getMessages webRouter.post "/project/:project_id/messages", AuthorizationMiddlewear.ensureUserCanReadProject, ChatController.sendMessage - webRouter.post "/project/:project_id/thread/:thread_id/messages", AuthorizationMiddlewear.ensureUserCanWriteProjectContent, CommentsController.sendComment + # Note: Read only users can still comment + webRouter.post "/project/:project_id/thread/:thread_id/messages", AuthorizationMiddlewear.ensureUserCanReadProject, CommentsController.sendComment webRouter.get "/project/:project_id/threads", AuthorizationMiddlewear.ensureUserCanReadProject, CommentsController.getThreads webRouter.post "/project/:project_id/thread/:thread_id/resolve", AuthorizationMiddlewear.ensureUserCanWriteProjectContent, CommentsController.resolveThread webRouter.post "/project/:project_id/thread/:thread_id/reopen", AuthorizationMiddlewear.ensureUserCanWriteProjectContent, CommentsController.reopenThread diff --git a/services/web/app/views/project/editor/review-panel.jade b/services/web/app/views/project/editor/review-panel.jade index 8d92ede03f..98d9dd1e3e 100644 --- a/services/web/app/views/project/editor/review-panel.jade +++ b/services/web/app/views/project/editor/review-panel.jade @@ -9,12 +9,19 @@ on-unresolve="unresolveComment(threadId);" on-delete="deleteComment(entryId, threadId);" is-loading="reviewPanel.dropdown.loading" + permissions="permissions" ) - span.review-panel-toolbar-label(ng-click="toggleTrackChanges(true)", ng-if="editor.wantTrackChanges === false") Track Changes is - strong off - span.review-panel-toolbar-label(ng-click="toggleTrackChanges(false)", ng-if="editor.wantTrackChanges === true") Track Changes is - strong on - review-panel-toggle(ng-if="editor.wantTrackChanges == editor.trackChanges", ng-model="editor.wantTrackChanges", on-toggle="toggleTrackChanges") + span.review-panel-toolbar-label(ng-if="permissions.write") + span(ng-click="toggleTrackChanges(true)", ng-if="editor.wantTrackChanges === false") Track Changes is + strong off + span(ng-click="toggleTrackChanges(false)", ng-if="editor.wantTrackChanges === true") Track Changes is + strong on + review-panel-toggle(ng-if="editor.wantTrackChanges == editor.trackChanges", ng-model="editor.wantTrackChanges", on-toggle="toggleTrackChanges") + span.review-panel-toolbar-label.review-panel-toolbar-label-disabled(ng-if="!permissions.write") + span(ng-if="editor.wantTrackChanges === false") Track Changes is + strong off + span(ng-if="editor.wantTrackChanges === true") Track Changes is + strong on span.review-panel-toolbar-spinner(ng-if="editor.wantTrackChanges != editor.trackChanges") i.fa.fa-spin.fa-spinner @@ -34,6 +41,7 @@ on-reject="rejectChange(entry_id);" on-accept="acceptChange(entry_id);" on-indicator-click="toggleReviewPanel();" + permissions="permissions" ) div(ng-if="entry.type === 'comment'") @@ -43,9 +51,10 @@ on-resolve="resolveComment(entry, entry_id)" on-reply="submitReply(entry, entry_id);" on-indicator-click="toggleReviewPanel();" + permissions="permissions" ) - div(ng-if="entry.type === 'add-comment'") + div(ng-if="entry.type === 'add-comment' && permissions.comment") add-comment-entry( on-start-new="startNewComment();" on-submit="submitNewComment(content);" @@ -76,6 +85,7 @@ user="users[entry.metadata.user_id]" on-indicator-click="toggleReviewPanel();" ng-click="gotoEntry(doc_id, entry)" + permissions="permissions" ) div(ng-if="entry.type === 'comment'") @@ -85,6 +95,7 @@ on-reply="submitReply(entry, entry_id);" on-indicator-click="toggleReviewPanel();" ng-click="gotoEntry(doc_id, entry)" + permissions="permissions" ) .rp-nav @@ -132,7 +143,7 @@ script(type='text/ng-template', id='changeEntryTemplate') .rp-entry-metadata | {{ entry.metadata.ts | date : 'MMM d, y h:mm a' }} •  span.rp-entry-user(style="color: hsl({{ user.hue }}, 70%, 40%);") {{ user.name }} - .rp-entry-actions + .rp-entry-actions(ng-if="permissions.write") a.rp-entry-button(href, ng-click="onReject();") i.fa.fa-times |  Reject @@ -163,7 +174,7 @@ script(type='text/ng-template', id='commentEntryTemplate') | {{ comment.content }} .rp-entry-metadata | {{ comment.timestamp | date : 'MMM d, y h:mm a' }} - .rp-comment-reply + .rp-comment-reply(ng-if="permissions.comment") textarea.rp-comment-input( ng-model="entry.replyContent" ng-keypress="handleCommentReplyKeyPress($event);" @@ -171,10 +182,10 @@ script(type='text/ng-template', id='commentEntryTemplate') placeholder="{{ 'Hit \"Enter\" to reply' + (entry.resolved ? ' and re-open' : '') }}" ) .rp-entry-actions - a.rp-entry-button(href, ng-click="onResolve();") + a.rp-entry-button(href, ng-click="onResolve();", ng-if="permissions.comment && permissions.write") i.fa.fa-inbox |  Resolve - a.rp-entry-button(href, ng-click="onReply();") + a.rp-entry-button(href, ng-click="onReply();", ng-if="permissions.comment") i.fa.fa-reply |  Reply @@ -205,7 +216,7 @@ script(type='text/ng-template', id='resolvedCommentEntryTemplate') .rp-entry-metadata | {{ thread.resolved_at | date : 'MMM d, y h:mm a' }} - .rp-entry-actions + .rp-entry-actions(ng-if="permissions.comment && permissions.write") a.rp-entry-button( href ng-click="onUnresolve({ 'threadId': thread.threadId });" @@ -278,6 +289,7 @@ script(type='text/ng-template', id='resolvedCommentsDropdownTemplate') thread="thread" on-unresolve="handleUnresolve(threadId);" on-delete="handleDelete(entryId, threadId);" + permissions="permissions" ) .rp-loading(ng-if="!resolvedComments.length") | No resolved threads. diff --git a/services/web/public/coffee/ide/permissions/PermissionsManager.coffee b/services/web/public/coffee/ide/permissions/PermissionsManager.coffee index 096f15babe..88dea13084 100644 --- a/services/web/public/coffee/ide/permissions/PermissionsManager.coffee +++ b/services/web/public/coffee/ide/permissions/PermissionsManager.coffee @@ -5,15 +5,22 @@ define [], () -> read: false write: false admin: false + comment: false @$scope.$watch "permissionsLevel", (permissionsLevel) => if permissionsLevel? if permissionsLevel == "readOnly" @$scope.permissions.read = true + @$scope.permissions.comment = true else if permissionsLevel == "readAndWrite" @$scope.permissions.read = true @$scope.permissions.write = true + @$scope.permissions.comment = true else if permissionsLevel == "owner" @$scope.permissions.read = true @$scope.permissions.write = true @$scope.permissions.admin = true + @$scope.permissions.comment = true + + if @$scope.anonymous + @$scope.permissions.comment = false diff --git a/services/web/public/coffee/ide/review-panel/directives/changeEntry.coffee b/services/web/public/coffee/ide/review-panel/directives/changeEntry.coffee index d436a34b2c..0ff205a7ec 100644 --- a/services/web/public/coffee/ide/review-panel/directives/changeEntry.coffee +++ b/services/web/public/coffee/ide/review-panel/directives/changeEntry.coffee @@ -7,6 +7,7 @@ define [ scope: entry: "=" user: "=" + permissions: "=" onAccept: "&" onReject: "&" onIndicatorClick: "&" diff --git a/services/web/public/coffee/ide/review-panel/directives/commentEntry.coffee b/services/web/public/coffee/ide/review-panel/directives/commentEntry.coffee index 2ee7862379..b74180b719 100644 --- a/services/web/public/coffee/ide/review-panel/directives/commentEntry.coffee +++ b/services/web/public/coffee/ide/review-panel/directives/commentEntry.coffee @@ -7,6 +7,7 @@ define [ scope: entry: "=" threads: "=" + permissions: "=" onResolve: "&" onReply: "&" onIndicatorClick: "&" diff --git a/services/web/public/coffee/ide/review-panel/directives/resolvedCommentEntry.coffee b/services/web/public/coffee/ide/review-panel/directives/resolvedCommentEntry.coffee index 76da5b2913..fedf17bb94 100644 --- a/services/web/public/coffee/ide/review-panel/directives/resolvedCommentEntry.coffee +++ b/services/web/public/coffee/ide/review-panel/directives/resolvedCommentEntry.coffee @@ -6,5 +6,6 @@ define [ templateUrl: "resolvedCommentEntryTemplate" scope: thread: "=" + permissions: "=" onUnresolve: "&" onDelete: "&" \ No newline at end of file diff --git a/services/web/public/coffee/ide/review-panel/directives/resolvedCommentsDropdown.coffee b/services/web/public/coffee/ide/review-panel/directives/resolvedCommentsDropdown.coffee index c7d1813f34..251db60df1 100644 --- a/services/web/public/coffee/ide/review-panel/directives/resolvedCommentsDropdown.coffee +++ b/services/web/public/coffee/ide/review-panel/directives/resolvedCommentsDropdown.coffee @@ -9,6 +9,7 @@ define [ threads : "=" resolvedIds : "=" docs : "=" + permissions: "=" onOpen : "&" onUnresolve : "&" onDelete : "&" diff --git a/services/web/public/stylesheets/app/editor/review-panel.less b/services/web/public/stylesheets/app/editor/review-panel.less index 47784df152..849c6736d3 100644 --- a/services/web/public/stylesheets/app/editor/review-panel.less +++ b/services/web/public/stylesheets/app/editor/review-panel.less @@ -119,10 +119,13 @@ } .review-panel-toolbar-label { cursor: pointer; - margin-right: 5px; text-align: right; flex-grow: 1; } + .review-panel-toolbar-label-disabled { + cursor: auto; + margin-right: 5px; + } .rp-entry-list { .rp-size-expanded & { @@ -574,6 +577,7 @@ .rp-toggle { display: inline-block; vertical-align: middle; + margin-left: 5px; } .rp-toggle-hidden-input { display: none;