implementing selections by guest user
Signed-off-by: Stephan Richter <s.richter@srsoftware.de>
This commit is contained in:
@@ -29,10 +29,7 @@ import de.srsoftware.umbrella.core.model.UmbrellaUser;
|
||||
import org.json.JSONObject;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Optional;
|
||||
import java.util.*;
|
||||
|
||||
public class PollModule extends BaseHandler implements PollService {
|
||||
|
||||
@@ -50,14 +47,13 @@ public class PollModule extends BaseHandler implements PollService {
|
||||
addCors(ex);
|
||||
try {
|
||||
Optional<Token> token = SessionToken.from(ex).map(Token::of);
|
||||
var user = userService().loadUser(token);
|
||||
if (user.isEmpty()) return unauthorized(ex);
|
||||
var head = path.pop();
|
||||
var user = userService().loadUser(token).orElse(null);
|
||||
return switch (head) {
|
||||
case EVALUATE -> getPollEvaluation(ex,user.get(), path);
|
||||
case LIST -> getPollList(ex,user.get());
|
||||
case EVALUATE -> getPollEvaluation(ex,user, path);
|
||||
case LIST -> getPollList(ex,user);
|
||||
case null -> super.doGet(path,ex);
|
||||
default -> getPoll(ex,user.get(),head);
|
||||
default -> getPoll(ex,user,head);
|
||||
};
|
||||
} catch (UmbrellaException e){
|
||||
return send(ex,e);
|
||||
@@ -97,15 +93,19 @@ public class PollModule extends BaseHandler implements PollService {
|
||||
}
|
||||
}
|
||||
|
||||
private boolean getPoll(HttpExchange ex, UmbrellaUser user, String id) throws IOException {
|
||||
return sendContent(ex,loadPoll(user,id));
|
||||
private boolean getPoll(HttpExchange ex, UmbrellaUser user, String pollId) throws IOException {
|
||||
var poll = pollDb.loadPoll(pollId);
|
||||
var permitted = !poll.isPrivate() || poll.owner().equals(user);
|
||||
if (!permitted && poll.permissions().get(user) == null) throw forbidden(Text.NOT_ALLOWED_TO_EDIT, Field.OBJECT,Text.POLL);
|
||||
return sendContent(ex,poll);
|
||||
}
|
||||
|
||||
private boolean getPollEvaluation(HttpExchange ex, UmbrellaUser user, Path path) throws IOException {
|
||||
if (user == null) return unauthorized(ex);
|
||||
if (path.empty()) throw missingField(ID);
|
||||
var poll = loadPoll(user,path.pop());
|
||||
LOG.log(WARNING,"Mising permission check for poll evaluation");
|
||||
// TODO: check permissions
|
||||
var poll = pollDb.loadPoll(path.pop());
|
||||
var permitted = poll.owner().equals(user);
|
||||
if (!permitted && !Set.of(Permission.EDIT, Permission.OWNER).contains(poll.permissions().get(user))) throw forbidden(Text.NOT_ALLOWED_TO_EDIT, Field.OBJECT,Text.POLL);
|
||||
var result = new HashMap<>(poll.toMap());
|
||||
var evaluation = pollDb.loadEvaluation(poll.id());
|
||||
result.put(Field.EVALUATION,evaluation.toMap());
|
||||
@@ -113,22 +113,16 @@ public class PollModule extends BaseHandler implements PollService {
|
||||
}
|
||||
|
||||
private boolean getPollList(HttpExchange ex, UmbrellaUser user) throws IOException {
|
||||
if (user == null) return unauthorized(ex);
|
||||
var list = pollDb.listPolls(user).stream().map(Poll::toMap);
|
||||
return sendContent(ex,list);
|
||||
}
|
||||
|
||||
private Poll loadPoll(UmbrellaUser user, String pollId) {
|
||||
private boolean patchPoll(HttpExchange ex, UmbrellaUser user, String pollId, Path path) throws IOException {
|
||||
var poll = pollDb.loadPoll(pollId);
|
||||
var permitted = user.equals(poll.owner());
|
||||
if (!permitted) {
|
||||
var permission = poll.permissions().get(user);
|
||||
if (permission == null || permission == READ_ONLY) throw forbidden(Text.NOT_ALLOWED_TO_EDIT, Field.OBJECT,Text.POLL);
|
||||
}
|
||||
return poll;
|
||||
}
|
||||
var permitted = poll.owner().equals(user);
|
||||
if (!permitted && !Set.of(Permission.EDIT, Permission.OWNER).contains(poll.permissions().get(user))) throw forbidden(Text.NOT_ALLOWED_TO_EDIT, Field.OBJECT,Text.POLL);
|
||||
|
||||
private boolean patchPoll(HttpExchange ex, UmbrellaUser user, String id, Path path) throws IOException {
|
||||
var poll = loadPoll(user,id);
|
||||
var head = path.pop();
|
||||
return switch (head){
|
||||
case null -> patchPoll(ex, poll);
|
||||
@@ -203,18 +197,19 @@ public class PollModule extends BaseHandler implements PollService {
|
||||
}
|
||||
|
||||
private boolean postToPoll(HttpExchange ex, UmbrellaUser user, String id, Path path) throws IOException {
|
||||
if (user == null) return unauthorized(ex);
|
||||
var poll = pollDb.loadPoll(id);
|
||||
var permitted = user.equals(poll.owner());
|
||||
if (!permitted) {
|
||||
var permission = poll.permissions().get(user);
|
||||
if (permission == null || permission == READ_ONLY) throw forbidden(Text.NOT_ALLOWED_TO_EDIT, Field.OBJECT,Text.POLL);
|
||||
}
|
||||
var head = path.pop();
|
||||
var poll = pollDb.loadPoll(id);
|
||||
if (user == null) {
|
||||
if (SELECT.equals(head)) {
|
||||
if (poll.isPrivate() && poll.permissions().get(user) == null) return unauthorized(ex);
|
||||
postSelection(ex, poll, user);
|
||||
}
|
||||
}
|
||||
var permitted = poll.owner().equals(user);
|
||||
if (!permitted && !Set.of(Permission.OWNER, Permission.EDIT).contains(poll.permissions().get(user))) throw forbidden(Text.NOT_ALLOWED_TO_EDIT, Field.OBJECT,Text.POLL);
|
||||
return switch (head){
|
||||
case PERMISSIONS -> postPermission(ex, poll, user);
|
||||
case OPTION -> postOption(ex, poll);
|
||||
case SELECT -> postSelection(ex, poll, user);
|
||||
case null, default -> notFound(ex);
|
||||
};
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user