From febf192fff96c3b0963fc1ffa7c871cca4633b6f Mon Sep 17 00:00:00 2001 From: Yung Han Khoe Date: Tue, 7 Oct 2008 09:53:50 +0000 Subject: [PATCH] rfe: Thingy Private Rows --- docs/changelog/7.x.x.txt | 1 + lib/WebGUI/Asset/Wobject/Thingy.pm | 141 +++++++++++++++++++----- lib/WebGUI/i18n/English/Asset_Thingy.pm | 19 ++-- 3 files changed, 124 insertions(+), 37 deletions(-) diff --git a/docs/changelog/7.x.x.txt b/docs/changelog/7.x.x.txt index cc270b0c6..93d435de6 100644 --- a/docs/changelog/7.x.x.txt +++ b/docs/changelog/7.x.x.txt @@ -24,6 +24,7 @@ - fixed: Search asset shows blank page after searching - rfe: Updated Thingy's edit instructions and search description fields to HTMLAreas (SDH Consulting Group) + - rfe: Thingy Private Rows (SDH Consulting Group) 7.6.0 - added: users may now customize the post received page for the CS diff --git a/lib/WebGUI/Asset/Wobject/Thingy.pm b/lib/WebGUI/Asset/Wobject/Thingy.pm index 7900911af..0d7a3d81e 100644 --- a/lib/WebGUI/Asset/Wobject/Thingy.pm +++ b/lib/WebGUI/Asset/Wobject/Thingy.pm @@ -1428,10 +1428,11 @@ sub www_editThing { my $self = shift; my $warning = shift; my $session = $self->session; - my ($tabForm, $output, %properties, $tab, %afterSave, %defaultView, $fields); + my ($tabForm, $output, %properties, $tab, %afterSave, %defaultView, $fields, %editViewOptions); my ($fieldsHTML, $fieldsViewScreen, $fieldsSearchScreen); my (@hasHeightWidth,@hasSize,@hasVertical,@hasValues); tie %afterSave, 'Tie::IxHash'; + tie %editViewOptions, 'Tie::IxHash'; return $session->privilege->insufficient() unless $self->canEdit; my $i18n = WebGUI::International->new($session, "Asset_Thingy"); @@ -1659,11 +1660,18 @@ sub www_editThing { -hoverHelp=> $i18n->get('who can add description'), -label => $i18n->get('who can add label') ); - $tab->group( + + # create the options hash for the 'Who can edit' and 'Who can view' selectBoxes. + %editViewOptions = ('owner'=>'owner',$session->db->buildHash( + "select groupId,groupName from groups where showInForms=1 order by groupName" + )); + + $tab->selectBox( -name=> "groupIdEdit", -value=> $properties{groupIdEdit}, -hoverHelp=> $i18n->get('who can edit description'), - -label => $i18n->get('who can edit label') + -label => $i18n->get('who can edit label'), + -options => \%editViewOptions, ); $tab->text( -name => 'saveButtonLabel', @@ -1730,11 +1738,12 @@ sub www_editThing { $tabForm->addTab('view', $i18n->get('view screen tab label')); $tab = $tabForm->getTab('view'); - $tab->group( + $tab->selectBox( -name=> "groupIdView", -value=> $properties{groupIdView}, -hoverHelp=> $i18n->get('who can view description'), - -label => $i18n->get('who can view label') + -label => $i18n->get('who can view label'), + -options => \%editViewOptions, ); $tab->template( -name=>"viewTemplateId", @@ -2012,12 +2021,24 @@ sub www_editThingData { Checks if the user can edit thing data. +=head3 thingId + +The unique id of a thing. + +=head3 thingDataId + +The unique id of a row of thing data. + +=head3 thingProperties + +A hashRef containing the properties of a thing. =cut sub canEditThingData { my $self = shift; - my $thingId = shift || $self->session->form->process('thingId'); - my $thingDataId = shift || $self->session->form->process('thingDataId') || "new"; + my $session = $self->session; + my $thingId = shift || $session->form->process('thingId'); + my $thingDataId = shift || $session->form->process('thingDataId') || "new"; my $thingProperties = shift || $self->getThing($thingId); my ($privilegedGroup); @@ -2025,11 +2046,69 @@ sub canEditThingData { $privilegedGroup = $thingProperties->{groupIdAdd}; } else { - $privilegedGroup = $thingProperties->{groupIdEdit}; + if ($thingProperties->{groupIdEdit} eq 'owner'){ + my $owner = $session->db->quickScalar("select createdById " + ."from ".$session->db->dbh->quote_identifier("Thingy_".$thingId) + ." where thingDataId = ?",[$thingDataId]); + if ($session->user->userId eq $owner || $self->canEdit){ + return 1; + } + else{ + return undef; + } + } + else{ + $privilegedGroup = $thingProperties->{groupIdEdit}; + } } return $self->hasPrivileges($privilegedGroup); } +#------------------------------------------------------------------- + +=head2 canViewThingData ( ) + +Checks if the user can view a specific row of thing data. + +=head3 thingId + +The unique id of a thing. + +=head3 thingDataId + +The unique id of a row of thing data. + +=head3 thingProperties + +A hashRef containing the properties of a thing. + +=cut + + +sub canViewThingData { + my $self = shift; + my $session = $self->session; + my $thingId = shift || $session->form->process('thingId'); + my $thingDataId = shift || $session->form->process('thingDataId') || "new"; + my $thingProperties = shift || $self->getThing($thingId); + + if ($thingProperties->{groupIdView} eq 'owner'){ + my $owner = $session->db->quickScalar("select createdById " + ."from ".$session->db->dbh->quote_identifier("Thingy_".$thingId) + ." where thingDataId = ?",[$thingDataId]); + if ($session->user->userId eq $owner || $self->canEdit){ + return 1; + } + else{ + return undef; + } + } + else{ + return $self->hasPrivileges($thingProperties->{groupIdView}); + } +} + + #------------------------------------------------------------------- =head2 editThingData ( ) @@ -2045,6 +2124,9 @@ sub editThingData { my $thingId = shift || $session->form->process('thingId'); my $thingDataId = shift || $session->form->process('thingDataId') || "new"; my $thingProperties = shift || $self->getThing($thingId); + + return $session->privilege->insufficient() unless $self->canEditThingData($thingId, $thingDataId, $thingProperties); + my (%thingData, $fields,@field_loop,$fieldValue, $privilegedGroup); my $var = $self->get; my $url = $self->getUrl; @@ -2141,13 +2223,8 @@ sub www_editThingDataSave { my $i18n = WebGUI::International->new($self->session, "Asset_Thingy"); my $thingProperties = $self->getThing($thingId); - if ($thingDataId eq "new"){ - $privilegedGroup = $thingProperties->{groupIdAdd}; - } - else{ - $privilegedGroup = $thingProperties->{groupIdEdit}; - } - return $session->privilege->insufficient() unless $self->hasPrivileges($privilegedGroup); + return $session->privilege->insufficient() unless $self->canEditThingData($thingId, $thingDataId + ,$thingProperties); ($newThingDataId,$errors) = $self->editThingDataSave($thingId,$thingDataId); @@ -2211,15 +2288,9 @@ sub www_editThingDataSaveViaAjax { my $thingProperties = $self->getThing($thingId); if ($thingProperties->{thingId}){ my ($privilegedGroup,$workflowId); - - if ($thingDataId eq "new"){ - $privilegedGroup = $thingProperties->{groupIdAdd}; - } - else{ - $privilegedGroup = $thingProperties->{groupIdEdit}; - } - return $session->privilege->insufficient() unless $self->hasPrivileges($privilegedGroup); - + + return $session->privilege->insufficient() unless $self->canEditThingData($thingId, $thingDataId + ,$thingProperties); my ($newThingDataId,$errors) = $self->editThingDataSave($thingId,$thingDataId); if ($errors){ @@ -2890,7 +2961,16 @@ sequenceNumber'); $currentUrl .= ";orderBy=".$orderBy if ($orderBy); $p = WebGUI::Paginator->new($self->session,$currentUrl,$thingProperties->{thingsPerPage}, undef, $paginatePage); - $p->setDataByQuery($query) if ! $noFields; + + my $sth = $self->session->db->read($query) if ! $noFields; + my @visibleResults; + while (my $result = $sth->hashRef){ + if ($self->canViewThingData($thingId,$result->{thingDataId})){ + push(@visibleResults,$result); + } + } + $p->setDataByArrayRef(\@visibleResults) if ! $noFields; + $searchResults = $p->getPageData($paginatePage); foreach my $searchResult (@$searchResults){ my (@field_loop); @@ -2909,7 +2989,8 @@ sequenceNumber'); .$thingId.';thingDataId='.$thingDataId), "searchResult_field_loop" => \@field_loop, ); - if ($self->hasPrivileges($thingProperties->{groupIdEdit})){ + if ($self->canEditThingData($thingId,$thingDataId,$thingProperties)){ + $templateVars{canEditThingData} = 1; $templateVars{searchResult_delete_icon} = $session->icon->delete('func=deleteThingDataConfirm;thingId=' .$thingId.';thingDataId='.$thingDataId,$self->get("url"),$i18n->get('delete thing data warning')); $templateVars{searchResult_edit_icon} = $session->icon->edit('func=editThingData;thingId=' @@ -2917,7 +2998,6 @@ sequenceNumber'); } push(@searchResult_loop,\%templateVars); } - $var->{canEditThingData} = $self->hasPrivileges($thingProperties->{groupIdEdit}); $var->{searchResult_loop} = \@searchResult_loop; $p->appendTemplateVars($var); @@ -2931,7 +3011,6 @@ sequenceNumber'); $var->{displayInSearchFields_loop} = \@displayInSearchFields_loop; $self->appendThingsVars($var, $thingId); return $var; - #return $self->processTemplate($var,$thingProperties->{searchTemplateId}); } #------------------------------------------------------------------- @@ -3061,7 +3140,8 @@ sub www_viewThingData { my $i18n = WebGUI::International->new($self->session, "Asset_Thingy"); my $thingProperties = $self->getThing($thingId); - return $self->session->privilege->insufficient() unless $self->canViewThing($thingId, $thingProperties->{groupIdView}); + return $self->session->privilege->insufficient() unless $self->canViewThingData( + $thingId, $thingDataId, $thingProperties); $var->{canEditThings} = $self->canEdit; $var->{"addThing_url"} = $session->url->append($url, 'func=editThing;thingId=new'); @@ -3120,7 +3200,8 @@ sub www_viewThingDataViaAjax { my $thingProperties = $self->getThing($thingId); if ($thingProperties->{thingId}){ - return $session->privilege->insufficient() unless $self->canViewThing($thingId, $thingProperties->{groupIdView}); + return $self->session->privilege->insufficient() unless $self->canViewThingData( + $thingId, $thingDataId, $thingProperties); my $output = $self->getViewThingVars($thingId,$thingDataId); diff --git a/lib/WebGUI/i18n/English/Asset_Thingy.pm b/lib/WebGUI/i18n/English/Asset_Thingy.pm index d63074a94..8fc42ce63 100644 --- a/lib/WebGUI/i18n/English/Asset_Thingy.pm +++ b/lib/WebGUI/i18n/English/Asset_Thingy.pm @@ -128,8 +128,10 @@ our $I18N = { }, 'who can edit description' => { - message => q|The group that can edit this thing.|, - lastUpdated => 1104630516, + message => q|Select either:
- 'owner' if this things data should only be editable by the person who added it +
or
- a group that can edit all the data in this thing.
A user who can edit this Thingy +wobject can always view and edit all data.|, + lastUpdated => 1223372150, }, 'save button label label' => { @@ -229,8 +231,10 @@ our $I18N = { }, 'who can view description' => { - message => q|The group that can view this thing.|, - lastUpdated => 1104630516, + message => q|Select either:
- 'owner' if this things data should only be viewable by the person who +added it
or
- a group that can view all the data in this thing.
A user who can edit this Thingy +wobject can always view and edit all data.|, + lastUpdated => 1223372150, }, 'view template label' => { @@ -419,8 +423,9 @@ our $I18N = { }, 'default value description' => { - message => q|Enter the default value (if any) for the field. For Yes/No fields, enter "yes" to select "Yes" and "no" to select "No".|, - lastUpdated => 1119156590, + message => q|Enter the default value (if any) for the field. If you have defined the possible values for +this field using a hash, then the default value has to be a key in that hash, and not a value. For Yes/No fields, enter "yes" to select "Yes" and "no" to select "No".|, + lastUpdated => 1223372150, }, 'default value subtext' => { @@ -542,7 +547,7 @@ formatted as follows: } Braces, quotes and all. You simply replace "key1"/"value1" with your own name/value pairs}, - lastUpdated => 1104630516, + lastUpdated => 1223372150, }, 'possible values subtext' => {