diff --git a/docs/changelog/7.x.x.txt b/docs/changelog/7.x.x.txt
index cc270b0c6..93d435de6 100644
--- a/docs/changelog/7.x.x.txt
+++ b/docs/changelog/7.x.x.txt
@@ -24,6 +24,7 @@
- fixed: Search asset shows blank page after searching
- rfe: Updated Thingy's edit instructions and search description fields to
HTMLAreas (SDH Consulting Group)
+ - rfe: Thingy Private Rows (SDH Consulting Group)
7.6.0
- added: users may now customize the post received page for the CS
diff --git a/lib/WebGUI/Asset/Wobject/Thingy.pm b/lib/WebGUI/Asset/Wobject/Thingy.pm
index 7900911af..0d7a3d81e 100644
--- a/lib/WebGUI/Asset/Wobject/Thingy.pm
+++ b/lib/WebGUI/Asset/Wobject/Thingy.pm
@@ -1428,10 +1428,11 @@ sub www_editThing {
my $self = shift;
my $warning = shift;
my $session = $self->session;
- my ($tabForm, $output, %properties, $tab, %afterSave, %defaultView, $fields);
+ my ($tabForm, $output, %properties, $tab, %afterSave, %defaultView, $fields, %editViewOptions);
my ($fieldsHTML, $fieldsViewScreen, $fieldsSearchScreen);
my (@hasHeightWidth,@hasSize,@hasVertical,@hasValues);
tie %afterSave, 'Tie::IxHash';
+ tie %editViewOptions, 'Tie::IxHash';
return $session->privilege->insufficient() unless $self->canEdit;
my $i18n = WebGUI::International->new($session, "Asset_Thingy");
@@ -1659,11 +1660,18 @@ sub www_editThing {
-hoverHelp=> $i18n->get('who can add description'),
-label => $i18n->get('who can add label')
);
- $tab->group(
+
+ # create the options hash for the 'Who can edit' and 'Who can view' selectBoxes.
+ %editViewOptions = ('owner'=>'owner',$session->db->buildHash(
+ "select groupId,groupName from groups where showInForms=1 order by groupName"
+ ));
+
+ $tab->selectBox(
-name=> "groupIdEdit",
-value=> $properties{groupIdEdit},
-hoverHelp=> $i18n->get('who can edit description'),
- -label => $i18n->get('who can edit label')
+ -label => $i18n->get('who can edit label'),
+ -options => \%editViewOptions,
);
$tab->text(
-name => 'saveButtonLabel',
@@ -1730,11 +1738,12 @@ sub www_editThing {
$tabForm->addTab('view', $i18n->get('view screen tab label'));
$tab = $tabForm->getTab('view');
- $tab->group(
+ $tab->selectBox(
-name=> "groupIdView",
-value=> $properties{groupIdView},
-hoverHelp=> $i18n->get('who can view description'),
- -label => $i18n->get('who can view label')
+ -label => $i18n->get('who can view label'),
+ -options => \%editViewOptions,
);
$tab->template(
-name=>"viewTemplateId",
@@ -2012,12 +2021,24 @@ sub www_editThingData {
Checks if the user can edit thing data.
+=head3 thingId
+
+The unique id of a thing.
+
+=head3 thingDataId
+
+The unique id of a row of thing data.
+
+=head3 thingProperties
+
+A hashRef containing the properties of a thing.
=cut
sub canEditThingData {
my $self = shift;
- my $thingId = shift || $self->session->form->process('thingId');
- my $thingDataId = shift || $self->session->form->process('thingDataId') || "new";
+ my $session = $self->session;
+ my $thingId = shift || $session->form->process('thingId');
+ my $thingDataId = shift || $session->form->process('thingDataId') || "new";
my $thingProperties = shift || $self->getThing($thingId);
my ($privilegedGroup);
@@ -2025,11 +2046,69 @@ sub canEditThingData {
$privilegedGroup = $thingProperties->{groupIdAdd};
}
else {
- $privilegedGroup = $thingProperties->{groupIdEdit};
+ if ($thingProperties->{groupIdEdit} eq 'owner'){
+ my $owner = $session->db->quickScalar("select createdById "
+ ."from ".$session->db->dbh->quote_identifier("Thingy_".$thingId)
+ ." where thingDataId = ?",[$thingDataId]);
+ if ($session->user->userId eq $owner || $self->canEdit){
+ return 1;
+ }
+ else{
+ return undef;
+ }
+ }
+ else{
+ $privilegedGroup = $thingProperties->{groupIdEdit};
+ }
}
return $self->hasPrivileges($privilegedGroup);
}
+#-------------------------------------------------------------------
+
+=head2 canViewThingData ( )
+
+Checks if the user can view a specific row of thing data.
+
+=head3 thingId
+
+The unique id of a thing.
+
+=head3 thingDataId
+
+The unique id of a row of thing data.
+
+=head3 thingProperties
+
+A hashRef containing the properties of a thing.
+
+=cut
+
+
+sub canViewThingData {
+ my $self = shift;
+ my $session = $self->session;
+ my $thingId = shift || $session->form->process('thingId');
+ my $thingDataId = shift || $session->form->process('thingDataId') || "new";
+ my $thingProperties = shift || $self->getThing($thingId);
+
+ if ($thingProperties->{groupIdView} eq 'owner'){
+ my $owner = $session->db->quickScalar("select createdById "
+ ."from ".$session->db->dbh->quote_identifier("Thingy_".$thingId)
+ ." where thingDataId = ?",[$thingDataId]);
+ if ($session->user->userId eq $owner || $self->canEdit){
+ return 1;
+ }
+ else{
+ return undef;
+ }
+ }
+ else{
+ return $self->hasPrivileges($thingProperties->{groupIdView});
+ }
+}
+
+
#-------------------------------------------------------------------
=head2 editThingData ( )
@@ -2045,6 +2124,9 @@ sub editThingData {
my $thingId = shift || $session->form->process('thingId');
my $thingDataId = shift || $session->form->process('thingDataId') || "new";
my $thingProperties = shift || $self->getThing($thingId);
+
+ return $session->privilege->insufficient() unless $self->canEditThingData($thingId, $thingDataId, $thingProperties);
+
my (%thingData, $fields,@field_loop,$fieldValue, $privilegedGroup);
my $var = $self->get;
my $url = $self->getUrl;
@@ -2141,13 +2223,8 @@ sub www_editThingDataSave {
my $i18n = WebGUI::International->new($self->session, "Asset_Thingy");
my $thingProperties = $self->getThing($thingId);
- if ($thingDataId eq "new"){
- $privilegedGroup = $thingProperties->{groupIdAdd};
- }
- else{
- $privilegedGroup = $thingProperties->{groupIdEdit};
- }
- return $session->privilege->insufficient() unless $self->hasPrivileges($privilegedGroup);
+ return $session->privilege->insufficient() unless $self->canEditThingData($thingId, $thingDataId
+ ,$thingProperties);
($newThingDataId,$errors) = $self->editThingDataSave($thingId,$thingDataId);
@@ -2211,15 +2288,9 @@ sub www_editThingDataSaveViaAjax {
my $thingProperties = $self->getThing($thingId);
if ($thingProperties->{thingId}){
my ($privilegedGroup,$workflowId);
-
- if ($thingDataId eq "new"){
- $privilegedGroup = $thingProperties->{groupIdAdd};
- }
- else{
- $privilegedGroup = $thingProperties->{groupIdEdit};
- }
- return $session->privilege->insufficient() unless $self->hasPrivileges($privilegedGroup);
-
+
+ return $session->privilege->insufficient() unless $self->canEditThingData($thingId, $thingDataId
+ ,$thingProperties);
my ($newThingDataId,$errors) = $self->editThingDataSave($thingId,$thingDataId);
if ($errors){
@@ -2890,7 +2961,16 @@ sequenceNumber');
$currentUrl .= ";orderBy=".$orderBy if ($orderBy);
$p = WebGUI::Paginator->new($self->session,$currentUrl,$thingProperties->{thingsPerPage}, undef, $paginatePage);
- $p->setDataByQuery($query) if ! $noFields;
+
+ my $sth = $self->session->db->read($query) if ! $noFields;
+ my @visibleResults;
+ while (my $result = $sth->hashRef){
+ if ($self->canViewThingData($thingId,$result->{thingDataId})){
+ push(@visibleResults,$result);
+ }
+ }
+ $p->setDataByArrayRef(\@visibleResults) if ! $noFields;
+
$searchResults = $p->getPageData($paginatePage);
foreach my $searchResult (@$searchResults){
my (@field_loop);
@@ -2909,7 +2989,8 @@ sequenceNumber');
.$thingId.';thingDataId='.$thingDataId),
"searchResult_field_loop" => \@field_loop,
);
- if ($self->hasPrivileges($thingProperties->{groupIdEdit})){
+ if ($self->canEditThingData($thingId,$thingDataId,$thingProperties)){
+ $templateVars{canEditThingData} = 1;
$templateVars{searchResult_delete_icon} = $session->icon->delete('func=deleteThingDataConfirm;thingId='
.$thingId.';thingDataId='.$thingDataId,$self->get("url"),$i18n->get('delete thing data warning'));
$templateVars{searchResult_edit_icon} = $session->icon->edit('func=editThingData;thingId='
@@ -2917,7 +2998,6 @@ sequenceNumber');
}
push(@searchResult_loop,\%templateVars);
}
- $var->{canEditThingData} = $self->hasPrivileges($thingProperties->{groupIdEdit});
$var->{searchResult_loop} = \@searchResult_loop;
$p->appendTemplateVars($var);
@@ -2931,7 +3011,6 @@ sequenceNumber');
$var->{displayInSearchFields_loop} = \@displayInSearchFields_loop;
$self->appendThingsVars($var, $thingId);
return $var;
- #return $self->processTemplate($var,$thingProperties->{searchTemplateId});
}
#-------------------------------------------------------------------
@@ -3061,7 +3140,8 @@ sub www_viewThingData {
my $i18n = WebGUI::International->new($self->session, "Asset_Thingy");
my $thingProperties = $self->getThing($thingId);
- return $self->session->privilege->insufficient() unless $self->canViewThing($thingId, $thingProperties->{groupIdView});
+ return $self->session->privilege->insufficient() unless $self->canViewThingData(
+ $thingId, $thingDataId, $thingProperties);
$var->{canEditThings} = $self->canEdit;
$var->{"addThing_url"} = $session->url->append($url, 'func=editThing;thingId=new');
@@ -3120,7 +3200,8 @@ sub www_viewThingDataViaAjax {
my $thingProperties = $self->getThing($thingId);
if ($thingProperties->{thingId}){
- return $session->privilege->insufficient() unless $self->canViewThing($thingId, $thingProperties->{groupIdView});
+ return $self->session->privilege->insufficient() unless $self->canViewThingData(
+ $thingId, $thingDataId, $thingProperties);
my $output = $self->getViewThingVars($thingId,$thingDataId);
diff --git a/lib/WebGUI/i18n/English/Asset_Thingy.pm b/lib/WebGUI/i18n/English/Asset_Thingy.pm
index d63074a94..8fc42ce63 100644
--- a/lib/WebGUI/i18n/English/Asset_Thingy.pm
+++ b/lib/WebGUI/i18n/English/Asset_Thingy.pm
@@ -128,8 +128,10 @@ our $I18N = {
},
'who can edit description' => {
- message => q|The group that can edit this thing.|,
- lastUpdated => 1104630516,
+ message => q|Select either:
- 'owner' if this things data should only be editable by the person who added it
+
or
- a group that can edit all the data in this thing.
A user who can edit this Thingy
+wobject can always view and edit all data.|,
+ lastUpdated => 1223372150,
},
'save button label label' => {
@@ -229,8 +231,10 @@ our $I18N = {
},
'who can view description' => {
- message => q|The group that can view this thing.|,
- lastUpdated => 1104630516,
+ message => q|Select either:
- 'owner' if this things data should only be viewable by the person who
+added it
or
- a group that can view all the data in this thing.
A user who can edit this Thingy
+wobject can always view and edit all data.|,
+ lastUpdated => 1223372150,
},
'view template label' => {
@@ -419,8 +423,9 @@ our $I18N = {
},
'default value description' => {
- message => q|Enter the default value (if any) for the field. For Yes/No fields, enter "yes" to select "Yes" and "no" to select "No".|,
- lastUpdated => 1119156590,
+ message => q|Enter the default value (if any) for the field. If you have defined the possible values for
+this field using a hash, then the default value has to be a key in that hash, and not a value. For Yes/No fields, enter "yes" to select "Yes" and "no" to select "No".|,
+ lastUpdated => 1223372150,
},
'default value subtext' => {
@@ -542,7 +547,7 @@ formatted as follows:
}
Braces, quotes and all. You simply replace "key1"/"value1" with your own name/value pairs},
- lastUpdated => 1104630516,
+ lastUpdated => 1223372150,
},
'possible values subtext' => {