SRSoftware/Umbrella
1
0
Fork 0
Code Issues Pull Requests Actions Projects Releases Wiki Activity

implementing selections by guest user

Browse Source 
Signed-off-by: Stephan Richter <s.richter@srsoftware.de>
This commit is contained in:
Stephan Richter
2026-03-06 08:46:20 +01:00
parent 702b9dadd5
commit 69d3aacc53
3 changed files with 31 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
frontend/src/App.svelte
View File

@@ -145,6 +145,7 @@
{/if}
<Route path="/user/reset/pw" component={ResetPw} />
<Route path="/oidc_callback" component={Callback} />
<Route path="/poll/:id/view" component={ViewPoll} />
<Route path="/wiki/:key/view" component={WikiGuest} />
<Route>
<Login />

4
frontend/src/routes/poll/View.svelte
View File

@@ -46,12 +46,12 @@
<fieldset>
<legend>{t('User')}</legend>
{#if user}
{#if user.name}
<div>{t('logged in as: {user}',{user:user.name})}</div>
{:else}
<label>
<input type="text" bind:value={editor.name} />
{t('Your name')}
<input type="text" bind:value={editor.name} />
</label>
{/if}
</fieldset>

59
poll/src/main/java/de/srsoftware/umbrella/poll/PollModule.java
View File

@@ -29,10 +29,7 @@ import de.srsoftware.umbrella.core.model.UmbrellaUser;
import org.json.JSONObject;
import java.io.IOException;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.*;
public class PollModule extends BaseHandler implements PollService {
@@ -50,14 +47,13 @@ public class PollModule extends BaseHandler implements PollService {
addCors(ex);
try {
Optional<Token> token = SessionToken.from(ex).map(Token::of);
var user = userService().loadUser(token);
if (user.isEmpty()) return unauthorized(ex);
var head = path.pop();
var user = userService().loadUser(token).orElse(null);
return switch (head) {
case EVALUATE -> getPollEvaluation(ex,user.get(), path);
case LIST -> getPollList(ex,user.get());
case EVALUATE -> getPollEvaluation(ex,user, path);
case LIST -> getPollList(ex,user);
case null -> super.doGet(path,ex);
default -> getPoll(ex,user.get(),head);
default -> getPoll(ex,user,head);
};
} catch (UmbrellaException e){
return send(ex,e);
@@ -97,15 +93,19 @@ public class PollModule extends BaseHandler implements PollService {
}
}
private boolean getPoll(HttpExchange ex, UmbrellaUser user, String id) throws IOException {
return sendContent(ex,loadPoll(user,id));
private boolean getPoll(HttpExchange ex, UmbrellaUser user, String pollId) throws IOException {
var poll = pollDb.loadPoll(pollId);
var permitted = !poll.isPrivate() || poll.owner().equals(user);
if (!permitted && poll.permissions().get(user) == null) throw forbidden(Text.NOT_ALLOWED_TO_EDIT, Field.OBJECT,Text.POLL);
return sendContent(ex,poll);
}
private boolean getPollEvaluation(HttpExchange ex, UmbrellaUser user, Path path) throws IOException {
if (user == null) return unauthorized(ex);
if (path.empty()) throw missingField(ID);
var poll = loadPoll(user,path.pop());
LOG.log(WARNING,"Mising permission check for poll evaluation");
// TODO: check permissions
var poll = pollDb.loadPoll(path.pop());
var permitted = poll.owner().equals(user);
if (!permitted && !Set.of(Permission.EDIT, Permission.OWNER).contains(poll.permissions().get(user))) throw forbidden(Text.NOT_ALLOWED_TO_EDIT, Field.OBJECT,Text.POLL);
var result = new HashMap<>(poll.toMap());
var evaluation = pollDb.loadEvaluation(poll.id());
result.put(Field.EVALUATION,evaluation.toMap());
@@ -113,22 +113,16 @@ public class PollModule extends BaseHandler implements PollService {
}
private boolean getPollList(HttpExchange ex, UmbrellaUser user) throws IOException {
if (user == null) return unauthorized(ex);
var list = pollDb.listPolls(user).stream().map(Poll::toMap);
return sendContent(ex,list);
}
private Poll loadPoll(UmbrellaUser user, String pollId) {
private boolean patchPoll(HttpExchange ex, UmbrellaUser user, String pollId, Path path) throws IOException {
var poll = pollDb.loadPoll(pollId);
var permitted = user.equals(poll.owner());
if (!permitted) {
var permission = poll.permissions().get(user);
if (permission == null || permission == READ_ONLY) throw forbidden(Text.NOT_ALLOWED_TO_EDIT, Field.OBJECT,Text.POLL);
}
return poll;
}
var permitted = poll.owner().equals(user);
if (!permitted && !Set.of(Permission.EDIT, Permission.OWNER).contains(poll.permissions().get(user))) throw forbidden(Text.NOT_ALLOWED_TO_EDIT, Field.OBJECT,Text.POLL);
private boolean patchPoll(HttpExchange ex, UmbrellaUser user, String id, Path path) throws IOException {
var poll = loadPoll(user,id);
var head = path.pop();
return switch (head){
case null -> patchPoll(ex, poll);
@@ -203,18 +197,19 @@ public class PollModule extends BaseHandler implements PollService {
}
private boolean postToPoll(HttpExchange ex, UmbrellaUser user, String id, Path path) throws IOException {
if (user == null) return unauthorized(ex);
var poll = pollDb.loadPoll(id);
var permitted = user.equals(poll.owner());
if (!permitted) {
var permission = poll.permissions().get(user);
if (permission == null || permission == READ_ONLY) throw forbidden(Text.NOT_ALLOWED_TO_EDIT, Field.OBJECT,Text.POLL);
}
var head = path.pop();
var poll = pollDb.loadPoll(id);
if (user == null) {
if (SELECT.equals(head)) {
if (poll.isPrivate() && poll.permissions().get(user) == null) return unauthorized(ex);
postSelection(ex, poll, user);
}
}
var permitted = poll.owner().equals(user);
if (!permitted && !Set.of(Permission.OWNER, Permission.EDIT).contains(poll.permissions().get(user))) throw forbidden(Text.NOT_ALLOWED_TO_EDIT, Field.OBJECT,Text.POLL);
return switch (head){
case PERMISSIONS -> postPermission(ex, poll, user);
case OPTION -> postOption(ex, poll);
case SELECT -> postSelection(ex, poll, user);
case null, default -> notFound(ex);
};
}