Changeset 7017


Ignore:
Timestamp:
Nov 18, 2015, 9:48:00 AM (7 years ago)
Author:
Nicklas Nordborg
Message:

References #1966: The user that delete an item should see the item in the trashcan

Defined filter ownedOrRemovedBy that is used by the traschcan instead of the ownedBy filter. This filter should return items that are either owner or removed by the current user.

Items that are ChildItem:s or not Ownable still require special handling. For child items we check the owner of the parent item. For items that are not ownable we only check if the user has delete permission or not (as before).

Location:
trunk/src/core/net/sf/basedb/core
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/core/net/sf/basedb/core/HibernateUtil.java

    r7015 r7017  
    453453      Class<?> c = Class.forName(className);
    454454      Item itemType = Item.fromClass(c);
    455       log.info("Adding 'denyAll' filter to "+c.getName());
    456455      if (itemType == null) return;
    457456     
     457      log.info("Adding 'denyAll' filter to "+c.getName());
    458458      defineFilter(classTag, itemType, "denyAll", "`id` != `id`", filterTemplate);
    459459      if (NewsData.class.isAssignableFrom(c))
     
    467467        log.info("Adding 'ownedBy' filter to " + c.getName());
    468468        defineFilter(classTag, itemType, "ownedBy", ":owner = `to_user_id`", filterTemplate);
     469        defineFilter(classTag, itemType, "ownedOrRemovedBy", "(:user = `to_user_id` OR :user = `removed_by`)", filterTemplate);
    469470      }
    470471      if (AnnotationData.class.isAssignableFrom(c))
     
    477478        log.info("Adding 'isRemoved' filter to "+c.getName());
    478479        defineFilter(classTag, itemType, "isRemoved", ":removed <> (`removed_by` IS NULL)", filterTemplate);
     480        if (OwnableData.class.isAssignableFrom(c))
     481        {
     482          defineFilter(classTag, itemType, "ownedOrRemovedBy", "(:user = `owner` OR :user = `removed_by`)", filterTemplate);
     483        }
    479484      }
    480485      if (AnnotatableData.class.isAssignableFrom(c))
  • trunk/src/core/net/sf/basedb/core/Trashcan.java

    r7015 r7017  
    8888      org.hibernate.Session session = dc.getHibernateSession();
    8989      SessionControl sc = dc.getSessionControl();
    90      
    91       List<RemovableData> removed = null;
    92      
    93       // Only load items owned by the logged in user
    94       org.hibernate.Filter filter = HibernateUtil.enableFilter(session, "ownedBy");
    95       filter.setParameter("owner", dc.getSessionControl().getLoggedInUserId());
    96      
    97       if (itemTypes != null && itemTypes.size() > 0)
    98       {
    99         removed = new ArrayList<RemovableData>();
    100         for (Item item : itemTypes)
     90
     91      if (itemTypes == null || itemTypes.size() == 0) itemTypes = Metadata.getRemovableItems();
     92
     93      // Only load items owned or removed by the logged in user
     94      org.hibernate.Filter filter = HibernateUtil.enableFilter(session, "ownedOrRemovedBy");
     95      filter.setParameter("user", sc.getLoggedInUserId());
     96      List<RemovableData> removed = new ArrayList<RemovableData>();
     97      for (Item item : itemTypes)
     98      {
     99        if (RemovableData.class.isAssignableFrom(item.getDataClass()))
    101100        {
    102           if (RemovableData.class.isAssignableFrom(item.getDataClass()))
    103           {
    104             org.hibernate.Query query = HibernateUtil.createQuery(session,
    105               "SELECT trash FROM " + item.getDataClass().getName() + " trash " +
    106               "WHERE NOT trash.removedBy IS NULL");
    107             removed.addAll(HibernateUtil.loadList(RemovableData.class, query, sc));
    108           }
     101          org.hibernate.Query query = HibernateUtil.createQuery(session,
     102            "SELECT trash FROM " + item.getDataClass().getName() + " trash " +
     103            "WHERE NOT trash.removedBy IS NULL");
     104          removed.addAll(HibernateUtil.loadList(RemovableData.class, query, sc));
    109105        }
    110106      }
    111       else
    112       {
    113         org.hibernate.Query query = HibernateUtil.getPredefinedQuery(session, "GET_REMOVED_ITEMS");
    114         /*
    115           SELECT trash
    116           FROM RemovableData trash
    117           WHERE NOT trash.removedBy IS NULL
    118         */
    119         removed = HibernateUtil.loadList(RemovableData.class, query, sc);
    120       }
    121       HibernateUtil.disableFilter(session, "ownedBy");
     107      HibernateUtil.disableFilter(session, "ownedOrRemovedBy");
    122108     
    123109      List<Removable> items = new ArrayList<Removable>(removed.size());
     
    134120          if (item.hasPermission(Permission.DELETE))
    135121          {
    136             // The 'ownedBy' filter isn't supported on ChildItem:s
     122            // The 'ownedOrRemovedBy' filter isn't supported on ChildItem:s
    137123            // so we have to check the owner of parent item
    138             SharedItem parent = item instanceof ChildItem ?
     124            SharedItem parent = rd.getRemovedBy() != sc.getLoggedInUserId() && item instanceof ChildItem ?
    139125                dc.getItem(SharedItem.class, ((ChildItem)item).getSharedParent()) : null;
    140126           
  • trunk/src/core/net/sf/basedb/core/filter-def-template.xml

    r6934 r7017  
    6565  <filter-def name="ownedBy">
    6666    <filter-param name="owner" type="int" />
     67  </filter-def>
     68 
     69  <!--
     70    Filter Ownable+Removable items on the owner to only return
     71    items owned by or removed by the logged in user.
     72    Typical condition is ":user = owner OR :user = removedBy"
     73  -->
     74  <filter-def name="ownedOrRemovedBy">
     75    <filter-param name="user" type="int" />
    6776  </filter-def>
    6877
Note: See TracChangeset for help on using the changeset viewer.