SRSoftware/Umbrella
1
0
Fork 0
Code Issues Pull Requests Actions Projects Releases Wiki Activity

implementing selections by guest user

Browse Source 
Signed-off-by: Stephan Richter <s.richter@srsoftware.de>
This commit is contained in:
Stephan Richter
2026-03-06 08:46:20 +01:00
parent 702b9dadd5
commit 69d3aacc53
3 changed files with 31 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
frontend/src/App.svelte
View File

@@ -145,6 +145,7 @@
{/if} {/if}
<Route path="/user/reset/pw" component={ResetPw} /> <Route path="/user/reset/pw" component={ResetPw} />
<Route path="/oidc_callback" component={Callback} /> <Route path="/oidc_callback" component={Callback} />
<Route path="/poll/:id/view" component={ViewPoll} />
<Route path="/wiki/:key/view" component={WikiGuest} /> <Route path="/wiki/:key/view" component={WikiGuest} />
<Route> <Route>
<Login /> <Login />

6
frontend/src/routes/poll/View.svelte
View File

@@ -46,12 +46,12 @@
<fieldset> <fieldset>
<legend>{t('User')}</legend> <legend>{t('User')}</legend>
{#if user} {#if user.name}
<div>{t('logged in as: {user}',{user:user.name})}</div> <div>{t('logged in as: {user}',{user:user.name})}</div>
{:else} {:else}
<label> <label>
<input type="text" bind:value={editor.name} />
{t('Your name')} {t('Your name')}
<input type="text" bind:value={editor.name} />
</label> </label>
{/if} {/if}
</fieldset> </fieldset>

59
poll/src/main/java/de/srsoftware/umbrella/poll/PollModule.java
View File

@@ -29,10 +29,7 @@ import de.srsoftware.umbrella.core.model.UmbrellaUser;
import org.json.JSONObject; import org.json.JSONObject;
import java.io.IOException; import java.io.IOException;
import java.util.HashMap; import java.util.*;
import java.util.List;
import java.util.Map;
import java.util.Optional;
public class PollModule extends BaseHandler implements PollService { public class PollModule extends BaseHandler implements PollService {
@@ -50,14 +47,13 @@ public class PollModule extends BaseHandler implements PollService {
addCors(ex); addCors(ex);
try { try {
Optional<Token> token = SessionToken.from(ex).map(Token::of); Optional<Token> token = SessionToken.from(ex).map(Token::of);
var user = userService().loadUser(token);
if (user.isEmpty()) return unauthorized(ex);
var head = path.pop(); var head = path.pop();
var user = userService().loadUser(token).orElse(null);
return switch (head) { return switch (head) {
case EVALUATE -> getPollEvaluation(ex,user.get(), path); case EVALUATE -> getPollEvaluation(ex,user, path);
case LIST -> getPollList(ex,user.get()); case LIST -> getPollList(ex,user);
case null -> super.doGet(path,ex); case null -> super.doGet(path,ex);
default -> getPoll(ex,user.get(),head); default -> getPoll(ex,user,head);
}; };
} catch (UmbrellaException e){ } catch (UmbrellaException e){
return send(ex,e); return send(ex,e);
@@ -97,15 +93,19 @@ public class PollModule extends BaseHandler implements PollService {
} }
} }
private boolean getPoll(HttpExchange ex, UmbrellaUser user, String id) throws IOException { private boolean getPoll(HttpExchange ex, UmbrellaUser user, String pollId) throws IOException {
return sendContent(ex,loadPoll(user,id)); var poll = pollDb.loadPoll(pollId);
var permitted = !poll.isPrivate() || poll.owner().equals(user);
if (!permitted && poll.permissions().get(user) == null) throw forbidden(Text.NOT_ALLOWED_TO_EDIT, Field.OBJECT,Text.POLL);
return sendContent(ex,poll);
} }
private boolean getPollEvaluation(HttpExchange ex, UmbrellaUser user, Path path) throws IOException { private boolean getPollEvaluation(HttpExchange ex, UmbrellaUser user, Path path) throws IOException {
if (user == null) return unauthorized(ex);
if (path.empty()) throw missingField(ID); if (path.empty()) throw missingField(ID);
var poll = loadPoll(user,path.pop()); var poll = pollDb.loadPoll(path.pop());
LOG.log(WARNING,"Mising permission check for poll evaluation"); var permitted = poll.owner().equals(user);
// TODO: check permissions if (!permitted && !Set.of(Permission.EDIT, Permission.OWNER).contains(poll.permissions().get(user))) throw forbidden(Text.NOT_ALLOWED_TO_EDIT, Field.OBJECT,Text.POLL);
var result = new HashMap<>(poll.toMap()); var result = new HashMap<>(poll.toMap());
var evaluation = pollDb.loadEvaluation(poll.id()); var evaluation = pollDb.loadEvaluation(poll.id());
result.put(Field.EVALUATION,evaluation.toMap()); result.put(Field.EVALUATION,evaluation.toMap());
@@ -113,22 +113,16 @@ public class PollModule extends BaseHandler implements PollService {
} }
private boolean getPollList(HttpExchange ex, UmbrellaUser user) throws IOException { private boolean getPollList(HttpExchange ex, UmbrellaUser user) throws IOException {
if (user == null) return unauthorized(ex);
var list = pollDb.listPolls(user).stream().map(Poll::toMap); var list = pollDb.listPolls(user).stream().map(Poll::toMap);
return sendContent(ex,list); return sendContent(ex,list);
} }
private Poll loadPoll(UmbrellaUser user, String pollId) { private boolean patchPoll(HttpExchange ex, UmbrellaUser user, String pollId, Path path) throws IOException {
var poll = pollDb.loadPoll(pollId); var poll = pollDb.loadPoll(pollId);
var permitted = user.equals(poll.owner()); var permitted = poll.owner().equals(user);
if (!permitted) { if (!permitted && !Set.of(Permission.EDIT, Permission.OWNER).contains(poll.permissions().get(user))) throw forbidden(Text.NOT_ALLOWED_TO_EDIT, Field.OBJECT,Text.POLL);
var permission = poll.permissions().get(user);
if (permission == null || permission == READ_ONLY) throw forbidden(Text.NOT_ALLOWED_TO_EDIT, Field.OBJECT,Text.POLL);
}
return poll;
}
private boolean patchPoll(HttpExchange ex, UmbrellaUser user, String id, Path path) throws IOException {
var poll = loadPoll(user,id);
var head = path.pop(); var head = path.pop();
return switch (head){ return switch (head){
case null -> patchPoll(ex, poll); case null -> patchPoll(ex, poll);
@@ -203,18 +197,19 @@ public class PollModule extends BaseHandler implements PollService {
} }
private boolean postToPoll(HttpExchange ex, UmbrellaUser user, String id, Path path) throws IOException { private boolean postToPoll(HttpExchange ex, UmbrellaUser user, String id, Path path) throws IOException {
if (user == null) return unauthorized(ex);
var poll = pollDb.loadPoll(id);
var permitted = user.equals(poll.owner());
if (!permitted) {
var permission = poll.permissions().get(user);
if (permission == null || permission == READ_ONLY) throw forbidden(Text.NOT_ALLOWED_TO_EDIT, Field.OBJECT,Text.POLL);
}
var head = path.pop(); var head = path.pop();
var poll = pollDb.loadPoll(id);
if (user == null) {
if (SELECT.equals(head)) {
if (poll.isPrivate() && poll.permissions().get(user) == null) return unauthorized(ex);
postSelection(ex, poll, user);
}
}
var permitted = poll.owner().equals(user);
if (!permitted && !Set.of(Permission.OWNER, Permission.EDIT).contains(poll.permissions().get(user))) throw forbidden(Text.NOT_ALLOWED_TO_EDIT, Field.OBJECT,Text.POLL);
return switch (head){ return switch (head){
case PERMISSIONS -> postPermission(ex, poll, user); case PERMISSIONS -> postPermission(ex, poll, user);
case OPTION -> postOption(ex, poll); case OPTION -> postOption(ex, poll);
case SELECT -> postSelection(ex, poll, user);
case null, default -> notFound(ex); case null, default -> notFound(ex);
}; };
} }