mirror of
https://github.com/overleaf/overleaf.git
synced 2024-11-07 20:31:06 -05:00
Only show users controls they have permission to use
This commit is contained in:
James Allen
parent
953371ad2d
commit
e7ab92b7c9
8 changed files with 41 additions and 13 deletions
|
|
@ -233,7 +233,8 @@ module.exports = class Router
|
||||||
webRouter.get "/project/:project_id/messages", AuthorizationMiddlewear.ensureUserCanReadProject, ChatController.getMessages
|
webRouter.get "/project/:project_id/messages", AuthorizationMiddlewear.ensureUserCanReadProject, ChatController.getMessages
|
||||||
webRouter.post "/project/:project_id/messages", AuthorizationMiddlewear.ensureUserCanReadProject, ChatController.sendMessage
|
webRouter.post "/project/:project_id/messages", AuthorizationMiddlewear.ensureUserCanReadProject, ChatController.sendMessage
|
||||||
|
|
||||||
webRouter.post "/project/:project_id/thread/:thread_id/messages", AuthorizationMiddlewear.ensureUserCanWriteProjectContent, CommentsController.sendComment
|
# Note: Read only users can still comment
|
||||||
|
webRouter.post "/project/:project_id/thread/:thread_id/messages", AuthorizationMiddlewear.ensureUserCanReadProject, CommentsController.sendComment
|
||||||
webRouter.get "/project/:project_id/threads", AuthorizationMiddlewear.ensureUserCanReadProject, CommentsController.getThreads
|
webRouter.get "/project/:project_id/threads", AuthorizationMiddlewear.ensureUserCanReadProject, CommentsController.getThreads
|
||||||
webRouter.post "/project/:project_id/thread/:thread_id/resolve", AuthorizationMiddlewear.ensureUserCanWriteProjectContent, CommentsController.resolveThread
|
webRouter.post "/project/:project_id/thread/:thread_id/resolve", AuthorizationMiddlewear.ensureUserCanWriteProjectContent, CommentsController.resolveThread
|
||||||
webRouter.post "/project/:project_id/thread/:thread_id/reopen", AuthorizationMiddlewear.ensureUserCanWriteProjectContent, CommentsController.reopenThread
|
webRouter.post "/project/:project_id/thread/:thread_id/reopen", AuthorizationMiddlewear.ensureUserCanWriteProjectContent, CommentsController.reopenThread
|
||||||
|
|
|
||||||
|
|
@ -9,12 +9,19 @@
|
||||||
on-unresolve="unresolveComment(threadId);"
|
on-unresolve="unresolveComment(threadId);"
|
||||||
on-delete="deleteComment(entryId, threadId);"
|
on-delete="deleteComment(entryId, threadId);"
|
||||||
is-loading="reviewPanel.dropdown.loading"
|
is-loading="reviewPanel.dropdown.loading"
|
||||||
|
permissions="permissions"
|
||||||
)
|
)
|
||||||
span.review-panel-toolbar-label(ng-click="toggleTrackChanges(true)", ng-if="editor.wantTrackChanges === false") Track Changes is
|
span.review-panel-toolbar-label(ng-if="permissions.write")
|
||||||
strong off
|
span(ng-click="toggleTrackChanges(true)", ng-if="editor.wantTrackChanges === false") Track Changes is
|
||||||
span.review-panel-toolbar-label(ng-click="toggleTrackChanges(false)", ng-if="editor.wantTrackChanges === true") Track Changes is
|
strong off
|
||||||
strong on
|
span(ng-click="toggleTrackChanges(false)", ng-if="editor.wantTrackChanges === true") Track Changes is
|
||||||
review-panel-toggle(ng-if="editor.wantTrackChanges == editor.trackChanges", ng-model="editor.wantTrackChanges", on-toggle="toggleTrackChanges")
|
strong on
|
||||||
|
review-panel-toggle(ng-if="editor.wantTrackChanges == editor.trackChanges", ng-model="editor.wantTrackChanges", on-toggle="toggleTrackChanges")
|
||||||
|
span.review-panel-toolbar-label.review-panel-toolbar-label-disabled(ng-if="!permissions.write")
|
||||||
|
span(ng-if="editor.wantTrackChanges === false") Track Changes is
|
||||||
|
strong off
|
||||||
|
span(ng-if="editor.wantTrackChanges === true") Track Changes is
|
||||||
|
strong on
|
||||||
span.review-panel-toolbar-spinner(ng-if="editor.wantTrackChanges != editor.trackChanges")
|
span.review-panel-toolbar-spinner(ng-if="editor.wantTrackChanges != editor.trackChanges")
|
||||||
i.fa.fa-spin.fa-spinner
|
i.fa.fa-spin.fa-spinner
|
||||||
|
|
||||||
|
|
@ -34,6 +41,7 @@
|
||||||
on-reject="rejectChange(entry_id);"
|
on-reject="rejectChange(entry_id);"
|
||||||
on-accept="acceptChange(entry_id);"
|
on-accept="acceptChange(entry_id);"
|
||||||
on-indicator-click="toggleReviewPanel();"
|
on-indicator-click="toggleReviewPanel();"
|
||||||
|
permissions="permissions"
|
||||||
)
|
)
|
||||||
|
|
||||||
div(ng-if="entry.type === 'comment'")
|
div(ng-if="entry.type === 'comment'")
|
||||||
|
|
@ -43,9 +51,10 @@
|
||||||
on-resolve="resolveComment(entry, entry_id)"
|
on-resolve="resolveComment(entry, entry_id)"
|
||||||
on-reply="submitReply(entry, entry_id);"
|
on-reply="submitReply(entry, entry_id);"
|
||||||
on-indicator-click="toggleReviewPanel();"
|
on-indicator-click="toggleReviewPanel();"
|
||||||
|
permissions="permissions"
|
||||||
)
|
)
|
||||||
|
|
||||||
div(ng-if="entry.type === 'add-comment'")
|
div(ng-if="entry.type === 'add-comment' && permissions.comment")
|
||||||
add-comment-entry(
|
add-comment-entry(
|
||||||
on-start-new="startNewComment();"
|
on-start-new="startNewComment();"
|
||||||
on-submit="submitNewComment(content);"
|
on-submit="submitNewComment(content);"
|
||||||
|
|
@ -76,6 +85,7 @@
|
||||||
user="users[entry.metadata.user_id]"
|
user="users[entry.metadata.user_id]"
|
||||||
on-indicator-click="toggleReviewPanel();"
|
on-indicator-click="toggleReviewPanel();"
|
||||||
ng-click="gotoEntry(doc_id, entry)"
|
ng-click="gotoEntry(doc_id, entry)"
|
||||||
|
permissions="permissions"
|
||||||
)
|
)
|
||||||
|
|
||||||
div(ng-if="entry.type === 'comment'")
|
div(ng-if="entry.type === 'comment'")
|
||||||
|
|
@ -85,6 +95,7 @@
|
||||||
on-reply="submitReply(entry, entry_id);"
|
on-reply="submitReply(entry, entry_id);"
|
||||||
on-indicator-click="toggleReviewPanel();"
|
on-indicator-click="toggleReviewPanel();"
|
||||||
ng-click="gotoEntry(doc_id, entry)"
|
ng-click="gotoEntry(doc_id, entry)"
|
||||||
|
permissions="permissions"
|
||||||
)
|
)
|
||||||
|
|
||||||
.rp-nav
|
.rp-nav
|
||||||
|
|
@ -132,7 +143,7 @@ script(type='text/ng-template', id='changeEntryTemplate')
|
||||||
.rp-entry-metadata
|
.rp-entry-metadata
|
||||||
| {{ entry.metadata.ts | date : 'MMM d, y h:mm a' }} •
|
| {{ entry.metadata.ts | date : 'MMM d, y h:mm a' }} •
|
||||||
span.rp-entry-user(style="color: hsl({{ user.hue }}, 70%, 40%);") {{ user.name }}
|
span.rp-entry-user(style="color: hsl({{ user.hue }}, 70%, 40%);") {{ user.name }}
|
||||||
.rp-entry-actions
|
.rp-entry-actions(ng-if="permissions.write")
|
||||||
a.rp-entry-button(href, ng-click="onReject();")
|
a.rp-entry-button(href, ng-click="onReject();")
|
||||||
i.fa.fa-times
|
i.fa.fa-times
|
||||||
| Reject
|
| Reject
|
||||||
|
|
@ -163,7 +174,7 @@ script(type='text/ng-template', id='commentEntryTemplate')
|
||||||
| {{ comment.content }}
|
| {{ comment.content }}
|
||||||
.rp-entry-metadata
|
.rp-entry-metadata
|
||||||
| {{ comment.timestamp | date : 'MMM d, y h:mm a' }}
|
| {{ comment.timestamp | date : 'MMM d, y h:mm a' }}
|
||||||
.rp-comment-reply
|
.rp-comment-reply(ng-if="permissions.comment")
|
||||||
textarea.rp-comment-input(
|
textarea.rp-comment-input(
|
||||||
ng-model="entry.replyContent"
|
ng-model="entry.replyContent"
|
||||||
ng-keypress="handleCommentReplyKeyPress($event);"
|
ng-keypress="handleCommentReplyKeyPress($event);"
|
||||||
|
|
@ -171,10 +182,10 @@ script(type='text/ng-template', id='commentEntryTemplate')
|
||||||
placeholder="{{ 'Hit \"Enter\" to reply' + (entry.resolved ? ' and re-open' : '') }}"
|
placeholder="{{ 'Hit \"Enter\" to reply' + (entry.resolved ? ' and re-open' : '') }}"
|
||||||
)
|
)
|
||||||
.rp-entry-actions
|
.rp-entry-actions
|
||||||
a.rp-entry-button(href, ng-click="onResolve();")
|
a.rp-entry-button(href, ng-click="onResolve();", ng-if="permissions.comment && permissions.write")
|
||||||
i.fa.fa-inbox
|
i.fa.fa-inbox
|
||||||
| Resolve
|
| Resolve
|
||||||
a.rp-entry-button(href, ng-click="onReply();")
|
a.rp-entry-button(href, ng-click="onReply();", ng-if="permissions.comment")
|
||||||
i.fa.fa-reply
|
i.fa.fa-reply
|
||||||
| Reply
|
| Reply
|
||||||
|
|
||||||
|
|
@ -205,7 +216,7 @@ script(type='text/ng-template', id='resolvedCommentEntryTemplate')
|
||||||
.rp-entry-metadata
|
.rp-entry-metadata
|
||||||
| {{ thread.resolved_at | date : 'MMM d, y h:mm a' }}
|
| {{ thread.resolved_at | date : 'MMM d, y h:mm a' }}
|
||||||
|
|
||||||
.rp-entry-actions
|
.rp-entry-actions(ng-if="permissions.comment && permissions.write")
|
||||||
a.rp-entry-button(
|
a.rp-entry-button(
|
||||||
href
|
href
|
||||||
ng-click="onUnresolve({ 'threadId': thread.threadId });"
|
ng-click="onUnresolve({ 'threadId': thread.threadId });"
|
||||||
|
|
@ -278,6 +289,7 @@ script(type='text/ng-template', id='resolvedCommentsDropdownTemplate')
|
||||||
thread="thread"
|
thread="thread"
|
||||||
on-unresolve="handleUnresolve(threadId);"
|
on-unresolve="handleUnresolve(threadId);"
|
||||||
on-delete="handleDelete(entryId, threadId);"
|
on-delete="handleDelete(entryId, threadId);"
|
||||||
|
permissions="permissions"
|
||||||
)
|
)
|
||||||
.rp-loading(ng-if="!resolvedComments.length")
|
.rp-loading(ng-if="!resolvedComments.length")
|
||||||
| No resolved threads.
|
| No resolved threads.
|
||||||
|
|
|
||||||
|
|
@ -5,15 +5,22 @@ define [], () ->
|
||||||
read: false
|
read: false
|
||||||
write: false
|
write: false
|
||||||
admin: false
|
admin: false
|
||||||
|
comment: false
|
||||||
@$scope.$watch "permissionsLevel", (permissionsLevel) =>
|
@$scope.$watch "permissionsLevel", (permissionsLevel) =>
|
||||||
|
|
||||||
if permissionsLevel?
|
if permissionsLevel?
|
||||||
if permissionsLevel == "readOnly"
|
if permissionsLevel == "readOnly"
|
||||||
@$scope.permissions.read = true
|
@$scope.permissions.read = true
|
||||||
|
@$scope.permissions.comment = true
|
||||||
else if permissionsLevel == "readAndWrite"
|
else if permissionsLevel == "readAndWrite"
|
||||||
@$scope.permissions.read = true
|
@$scope.permissions.read = true
|
||||||
@$scope.permissions.write = true
|
@$scope.permissions.write = true
|
||||||
|
@$scope.permissions.comment = true
|
||||||
else if permissionsLevel == "owner"
|
else if permissionsLevel == "owner"
|
||||||
@$scope.permissions.read = true
|
@$scope.permissions.read = true
|
||||||
@$scope.permissions.write = true
|
@$scope.permissions.write = true
|
||||||
@$scope.permissions.admin = true
|
@$scope.permissions.admin = true
|
||||||
|
@$scope.permissions.comment = true
|
||||||
|
|
||||||
|
if @$scope.anonymous
|
||||||
|
@$scope.permissions.comment = false
|
||||||
|
|
|
||||||
|
|
@ -7,6 +7,7 @@ define [
|
||||||
scope:
|
scope:
|
||||||
entry: "="
|
entry: "="
|
||||||
user: "="
|
user: "="
|
||||||
|
permissions: "="
|
||||||
onAccept: "&"
|
onAccept: "&"
|
||||||
onReject: "&"
|
onReject: "&"
|
||||||
onIndicatorClick: "&"
|
onIndicatorClick: "&"
|
||||||
|
|
|
||||||
|
|
@ -7,6 +7,7 @@ define [
|
||||||
scope:
|
scope:
|
||||||
entry: "="
|
entry: "="
|
||||||
threads: "="
|
threads: "="
|
||||||
|
permissions: "="
|
||||||
onResolve: "&"
|
onResolve: "&"
|
||||||
onReply: "&"
|
onReply: "&"
|
||||||
onIndicatorClick: "&"
|
onIndicatorClick: "&"
|
||||||
|
|
|
||||||
|
|
@ -6,5 +6,6 @@ define [
|
||||||
templateUrl: "resolvedCommentEntryTemplate"
|
templateUrl: "resolvedCommentEntryTemplate"
|
||||||
scope:
|
scope:
|
||||||
thread: "="
|
thread: "="
|
||||||
|
permissions: "="
|
||||||
onUnresolve: "&"
|
onUnresolve: "&"
|
||||||
onDelete: "&"
|
onDelete: "&"
|
||||||
|
|
@ -9,6 +9,7 @@ define [
|
||||||
threads : "="
|
threads : "="
|
||||||
resolvedIds : "="
|
resolvedIds : "="
|
||||||
docs : "="
|
docs : "="
|
||||||
|
permissions: "="
|
||||||
onOpen : "&"
|
onOpen : "&"
|
||||||
onUnresolve : "&"
|
onUnresolve : "&"
|
||||||
onDelete : "&"
|
onDelete : "&"
|
||||||
|
|
|
||||||
|
|
@ -119,10 +119,13 @@
|
||||||
}
|
}
|
||||||
.review-panel-toolbar-label {
|
.review-panel-toolbar-label {
|
||||||
cursor: pointer;
|
cursor: pointer;
|
||||||
margin-right: 5px;
|
|
||||||
text-align: right;
|
text-align: right;
|
||||||
flex-grow: 1;
|
flex-grow: 1;
|
||||||
}
|
}
|
||||||
|
.review-panel-toolbar-label-disabled {
|
||||||
|
cursor: auto;
|
||||||
|
margin-right: 5px;
|
||||||
|
}
|
||||||
|
|
||||||
.rp-entry-list {
|
.rp-entry-list {
|
||||||
.rp-size-expanded & {
|
.rp-size-expanded & {
|
||||||
|
|
@ -574,6 +577,7 @@
|
||||||
.rp-toggle {
|
.rp-toggle {
|
||||||
display: inline-block;
|
display: inline-block;
|
||||||
vertical-align: middle;
|
vertical-align: middle;
|
||||||
|
margin-left: 5px;
|
||||||
}
|
}
|
||||||
.rp-toggle-hidden-input {
|
.rp-toggle-hidden-input {
|
||||||
display: none;
|
display: none;
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue