SRSoftware/Umbrella
1
0
Fork 0
Code Issues Pull Requests Actions Projects Releases Wiki Activity

fine-tuning permissions stuff

Browse Source 
Signed-off-by: Stephan Richter <s.richter@srsoftware.de>
This commit is contained in:
Stephan Richter
2026-03-06 13:23:40 +01:00
parent 69d3aacc53
commit 9ab1e479eb
4 changed files with 31 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
poll/src/main/java/de/srsoftware/umbrella/poll/PollModule.java
View File

@@ -97,6 +97,7 @@ public class PollModule extends BaseHandler implements PollService {
var poll = pollDb.loadPoll(pollId);
var permitted = !poll.isPrivate() || poll.owner().equals(user);
if (!permitted && poll.permissions().get(user) == null) throw forbidden(Text.NOT_ALLOWED_TO_EDIT, Field.OBJECT,Text.POLL);
var eval = pollDb.loadEvaluation(pollId);
return sendContent(ex,poll);
}
@@ -104,8 +105,15 @@ public class PollModule extends BaseHandler implements PollService {
if (user == null) return unauthorized(ex);
if (path.empty()) throw missingField(ID);
var poll = pollDb.loadPoll(path.pop());
var permitted = poll.owner().equals(user);
if (!permitted && !Set.of(Permission.EDIT, Permission.OWNER).contains(poll.permissions().get(user))) throw forbidden(Text.NOT_ALLOWED_TO_EDIT, Field.OBJECT,Text.POLL);
if (!poll.owner().equals(user)) {
switch (poll.permissions().get(user)) {
case Permission.EDIT:
case Permission.OWNER:
break;
case null, default:
throw forbidden(Text.NOT_ALLOWED_TO_EVALUATE, Field.OBJECT, Text.POLL);
}
}
var result = new HashMap<>(poll.toMap());
var evaluation = pollDb.loadEvaluation(poll.id());
result.put(Field.EVALUATION,evaluation.toMap());
@@ -199,11 +207,9 @@ public class PollModule extends BaseHandler implements PollService {
private boolean postToPoll(HttpExchange ex, UmbrellaUser user, String id, Path path) throws IOException {
var head = path.pop();
var poll = pollDb.loadPoll(id);
if (user == null) {
if (SELECT.equals(head)) {
if (poll.isPrivate() && poll.permissions().get(user) == null) return unauthorized(ex);
postSelection(ex, poll, user);
}
if (SELECT.equals(head)) {
if (user == null && poll.isPrivate()) return unauthorized(ex);
return postSelection(ex, poll, null);
}
var permitted = poll.owner().equals(user);
if (!permitted && !Set.of(Permission.OWNER, Permission.EDIT).contains(poll.permissions().get(user))) throw forbidden(Text.NOT_ALLOWED_TO_EDIT, Field.OBJECT,Text.POLL);
@@ -246,16 +252,14 @@ public class PollModule extends BaseHandler implements PollService {
if (!(job.get(key) instanceof Integer weight)) throw invalidField(Field.WEIGHT,Text.NUMBER);
map.put(optionId,weight);
}
if (user != null) {
pollDb.saveSelection(poll, map, user);
} else {
if (user == null) {
if (!json.has(Field.EDITOR)) throw missingField(Field.EDITOR);
if (!(json.get(Field.EDITOR) instanceof JSONObject editor)) throw invalidField(Field.EDITOR,JSON);
if (!editor.has(Field.NAME)) throw missingField(format("{0}.{1}}",Field.EDITOR,Field.NAME));
if (!(editor.get(Field.NAME) instanceof String name)) throw invalidField(format("{0}.{1}",Field.EDITOR,Field.NAME),Text.STRING);
pollDb.saveSelection(poll, map, name);
}
return notFound(ex);
} else pollDb.saveSelection(poll, map, user);
return sendContent(ex,poll);
}
private boolean postOption(HttpExchange ex, Poll poll) throws IOException {