improving note lsit

Signed-off-by: Stephan Richter <s.richter@srsoftware.de>
Merge commit '2adba956debba2792a3e88ebb70226071949ef0a' into accounting
2026-05-06 09:25:45 +02:00 · 2026-05-06 08:43:04 +02:00 · 2026-05-06 08:37:24 +02:00 · 2026-05-06 08:20:37 +02:00 · 2026-05-06 08:20:37 +02:00 · 2026-05-06 08:20:37 +02:00
8 changed files with 38 additions and 13 deletions
@@ -3,6 +3,7 @@ package de.srsoftware.umbrella.accounting;
 import de.srsoftware.umbrella.core.model.Account;
 import de.srsoftware.umbrella.core.model.Transaction;
 import de.srsoftware.umbrella.core.model.UmbrellaUser;
 import java.util.Collection;
 import java.util.List;
 import java.util.Optional;
@@ -13,6 +14,8 @@ public interface AccountDb {
 	void dropTransactionTag(long transactionId, String tag);
 	Collection<UmbrellaUser> getMembers(long accountId);
 	Optional<Transaction> lastTransaction(long accountId, String source, String dest, double amount);
 	Collection<Account> listAccounts(long userId);
@@ -7,11 +7,9 @@ import static de.srsoftware.umbrella.core.ConnectionProvider.connect;
 import static de.srsoftware.umbrella.core.ModuleRegistry.tagService;
 import static de.srsoftware.umbrella.core.ModuleRegistry.userService;
 import static de.srsoftware.umbrella.core.constants.Path.*;
-import static de.srsoftware.umbrella.core.exceptions.UmbrellaException.invalidField;
+import static de.srsoftware.umbrella.core.exceptions.UmbrellaException.*;
 import static de.srsoftware.umbrella.core.exceptions.UmbrellaException.missingField;
 import static de.srsoftware.umbrella.messagebus.MessageBus.messageBus;
 import static de.srsoftware.umbrella.messagebus.events.Event.EventType.CREATE;
 import static java.lang.System.Logger.Level.WARNING;
 import com.sun.net.httpserver.HttpExchange;
 import de.srsoftware.configuration.Configuration;
@@ -55,6 +53,7 @@ public class AccountingModule extends BaseHandler implements AccountingService {
 				case TRANSACTION -> {
 					try {
 						var transaction = accountDb.loadTransaction(Long.parseLong(path.pop()));
 						if (!accountDb.getMembers(transaction.accountId()).contains(user.get())) throw forbidden("You are not allowed to access account {id}",Field.ID,transaction.accountId());
 						yield dropTransaction(transaction, user.get(), path, ex);
 					} catch (NumberFormatException ignored) {
 						yield super.doDelete(path,ex);
@@ -128,6 +127,7 @@ public class AccountingModule extends BaseHandler implements AccountingService {
 				default -> {
 					try {
 						var accountId = Long.parseLong(head);
 						if (!accountDb.getMembers(accountId).contains(user.get())) throw forbidden("You are not allowed to access account {id}",Field.ID,accountId);
 						yield postToAccount(accountId,path,user.get(),ex);
 					} catch (NumberFormatException ignored) {
 						yield super.doPost(path,ex);
@@ -156,7 +156,6 @@ public class AccountingModule extends BaseHandler implements AccountingService {
 	}
 	private boolean dropTransactionTag(UmbrellaUser user, Transaction transaction, HttpExchange ex) throws IOException {
 		LOG.log(WARNING,"Missing permission check in AccountModule.dropTransactionTag!");
 		var json = json(ex);
 		if (!json.has(Field.TAG)) throw missingField(Field.TAG);
 		var tag = json.getString(Field.TAG);
@@ -186,7 +185,7 @@ public class AccountingModule extends BaseHandler implements AccountingService {
 	}
 	private boolean getAccount(UmbrellaUser user, long accountId, HttpExchange ex) throws IOException {
-		LOG.log(WARNING,"Missing authorization check in AccountingModule.getAccount(…)!");
+		if (!accountDb.getMembers(accountId).contains(user)) throw forbidden("You are not allowed to access account {id}",Field.ID,accountId);
 		return sendContent(ex, loadAccount(accountId));
 	}
@@ -225,7 +224,7 @@ public class AccountingModule extends BaseHandler implements AccountingService {
 	private boolean patchTransaction(UmbrellaUser user, long transactionId, HttpExchange ex) throws IOException {
 		var transaction = accountDb.loadTransaction(transactionId);
-		LOG.log(WARNING,"Missing permission check in patchTransaction(…)!");
+		if (!accountDb.getMembers(transaction.accountId()).contains(user)) throw forbidden("You are not allowed to access account {id}",Field.ID,transaction.accountId());
 		var oldData = transaction.toMap();
 		var json = json(ex);
 		if (json.has(Field.AMOUNT)) transaction.amount(json.getDouble(Field.AMOUNT));
@@ -337,7 +336,6 @@ public class AccountingModule extends BaseHandler implements AccountingService {
 	}
 	private boolean postSearchTags(long accountId, UmbrellaUser user, HttpExchange ex) throws IOException {
 		LOG.log(WARNING,"Missing authorization check in AccountingModule.getAccount(…)!");
 		var key = body(ex);
 		if (!key.trim().startsWith("{")) { // search tags that contain value of body
 			var tags = accountDb.searchTagsContaining(key, accountId);
@@ -7,6 +7,7 @@ import static de.srsoftware.tools.jdbc.Condition.*;
 import static de.srsoftware.tools.jdbc.Query.*;
 import static de.srsoftware.tools.jdbc.Query.SelectQuery.ALL;
 import static de.srsoftware.umbrella.accounting.Constants.*;
 import static de.srsoftware.umbrella.core.ModuleRegistry.userService;
 import static de.srsoftware.umbrella.core.constants.Field.*;
 import static de.srsoftware.umbrella.core.exceptions.UmbrellaException.*;
 import static de.srsoftware.umbrella.core.model.Translatable.t;
@@ -19,6 +20,7 @@ import de.srsoftware.umbrella.core.constants.Field;
 import de.srsoftware.umbrella.core.constants.Text;
 import de.srsoftware.umbrella.core.model.Account;
 import de.srsoftware.umbrella.core.model.Transaction;
 import de.srsoftware.umbrella.core.model.UmbrellaUser;
 import java.sql.Connection;
 import java.sql.SQLException;
 import java.time.ZoneOffset;
@@ -146,6 +148,27 @@ public class SqliteDb extends BaseDb implements AccountDb {
 		}
 	}
 	@Override
 	public Collection<UmbrellaUser> getMembers(long accountId) {
 		try {
 			var userIds = new HashSet<Long>();
 			var rs = select("DISTINCT "+ SOURCE).from(TABLE_TRANSACTIONS).where(ACCOUNT,equal(accountId)).exec(db);
 			while (rs.next()) try {
 				userIds.add(Long.parseLong(rs.getString(1)));
 			} catch (NumberFormatException ignored) {}
 			rs.close();
 			rs = select("DISTINCT "+ DESTINATION).from(TABLE_TRANSACTIONS).where(ACCOUNT,equal(accountId)).exec(db);
 			while (rs.next()) try {
 				userIds.add(Long.parseLong(rs.getString(1)));
 			} catch (NumberFormatException ignored) {}
 			rs.close();
 			var us = userService();
 			return userIds.stream().map(us::loadUser).toList();
 		} catch (SQLException e) {
 			throw failedToLoadMembers(Text.ACCOUNT);
 		}
 	}
 	@Override
 	public Optional<Transaction> lastTransaction(long accountId, String source, String dest, double amount) {
 		try {
@@ -53,10 +53,9 @@ public class TransactionEvent extends Event<Transaction> {
 	private Translatable describeDetail(){
 		var tr = payload();
 		var head = subject();
-		var message = "{head}:\n\n{source}: {source_name}\n{destination}: {dest_name}\n{amount}: {value}\n{purpose}: {purpose_val}\n\n{link}";
+		var message = "{source}: {source_name}\n{destination}: {dest_name}\n{amount}: {value}\n{purpose}: {purpose_val}\n\n{link}";
-		return t(message,Field.HEAD, head, SOURCE,t(Text.SOURCE), "source_name",tr.source(), DESTINATION,t(Text.DESTINATION),"dest_name",tr.destination(), AMOUNT,t(Text.AMOUNT), VALUE,tr.amount(), PURPOSE,t(Text.PURPOSE),"purpose_val",tr.purpose(),"link",link());
+		return t(message,SOURCE,t(Text.SOURCE), "source_name",tr.source(), DESTINATION,t(Text.DESTINATION),"dest_name",tr.destination(), AMOUNT,t(Text.AMOUNT), VALUE,tr.amount(), PURPOSE,t(Text.PURPOSE),"purpose_val",tr.purpose(),"link",link());
 	}
 	private Translatable link() {
@@ -132,7 +132,7 @@
        color: orange;
        border: 1px solid orange;
        border-radius: 5px;
-        z-index: 50;
+        z-index: 65;
        list-style: none;
        padding: 4px;
        margin: 0;
@@ -155,7 +155,7 @@
    {/if}
 {:else}
    <Display classes={{editable}} markdown={value} {onclick} {oncontextmenu} title={t('right_click_to_edit')} wrapper={type} />
-    {#if !value.display}
+    {#if !value.rendered}
    <button onclick={oncontextmenu}>{t('add_object',{object:t('content')})}</button>
    {/if}
 {/if}
@@ -33,6 +33,7 @@
            authors    = {...authors, ...data.authors};
            loader.offset += loader.limit;
            loader.active  = false;
            console.log({authors});
            yikes();
            if (Object.keys(data.notes).length) onscroll(null); // when notes were received, check whether they fill up the page
@@ -78,4 +79,4 @@
 </svelte:head>
 <svelte:window {onscroll} />
-<List {notes} />
+<List {notes} {authors} />
@@ -64,6 +64,7 @@
    <legend class="entity" onclick={() => goToEntity(note)}>{title(note)}</legend>
    {/if}
    <legend class="time">
        {#if !module} {authors[note.user_id].name} – {/if}
        {note.timestamp.replace('T',' ')}
        {#if user.id == note.user_id}
        <button class="symbol" onclick={() => drop(note.id)}></button>
Author	SHA1	Message	Date
StephanRichter	fe57749d9c	improving note lsit Build Docker Image / Docker-Build (push) Successful in 2m39s Details Build Docker Image / Clean-Registry (push) Successful in 3s Details Signed-off-by: Stephan Richter <s.richter@srsoftware.de>	2026-05-06 09:25:45 +02:00
StephanRichter	d3f9ca2c5d	Merge commit '2adba956debba2792a3e88ebb70226071949ef0a' into accounting Build Docker Image / Docker-Build (push) Successful in 2m33s Details Build Docker Image / Clean-Registry (push) Successful in 3s Details	2026-05-06 08:43:04 +02:00
StephanRichter	fe18cb8dc2	implemented security measures for account management Signed-off-by: Stephan Richter <s.richter@srsoftware.de>	2026-05-06 08:37:24 +02:00
StephanRichter	20f47055f6	minor css fix Signed-off-by: Stephan Richter <s.richter@srsoftware.de>	2026-05-06 08:20:37 +02:00
StephanRichter	c6caf7aacc	improving messages Signed-off-by: Stephan Richter <s.richter@srsoftware.de>	2026-05-06 08:20:37 +02:00
StephanRichter	cc3a3a23a2	implemented proper messages for accounting events Signed-off-by: Stephan Richter <s.richter@srsoftware.de>	2026-05-06 08:20:37 +02:00
StephanRichter	cfd5362b1d	implemented message on transaction creation/update Signed-off-by: Stephan Richter <s.richter@srsoftware.de>	2026-05-06 08:20:37 +02:00
StephanRichter	ca24ada1fd	implemented transaction propagation via event bus Signed-off-by: Stephan Richter <s.richter@srsoftware.de>	2026-05-06 08:20:37 +02:00
StephanRichter	2adba956de	minor css fix Signed-off-by: Stephan Richter <s.richter@srsoftware.de>	2026-05-05 22:56:19 +02:00
StephanRichter	3a2ab75b15	improving messages Signed-off-by: Stephan Richter <s.richter@srsoftware.de>	2026-05-05 20:34:47 +02:00
StephanRichter	80311c8493	fixed css class Build Docker Image / Docker-Build (push) Successful in 2m31s Details Build Docker Image / Clean-Registry (push) Successful in 3s Details Signed-off-by: Stephan Richter <s.richter@srsoftware.de>	2026-05-05 08:27:06 +02:00