MOBILE-3200 database: Check permissions on add and edit entry

main
Pau Ferrer Ocaña 2020-09-29 15:40:27 +02:00
parent b0b806280b
commit cb4eac9a17
5 changed files with 72 additions and 28 deletions

View File

@ -507,11 +507,13 @@
"addon.mod_data.foundrecords": "data", "addon.mod_data.foundrecords": "data",
"addon.mod_data.gettinglocation": "local_moodlemobileapp", "addon.mod_data.gettinglocation": "local_moodlemobileapp",
"addon.mod_data.latlongboth": "data", "addon.mod_data.latlongboth": "data",
"addon.mod_data.locationnotenabled": "local_moodlemobileapp",
"addon.mod_data.locationpermissiondenied": "local_moodlemobileapp", "addon.mod_data.locationpermissiondenied": "local_moodlemobileapp",
"addon.mod_data.menuchoose": "data", "addon.mod_data.menuchoose": "data",
"addon.mod_data.modulenameplural": "data", "addon.mod_data.modulenameplural": "data",
"addon.mod_data.more": "data", "addon.mod_data.more": "data",
"addon.mod_data.mylocation": "local_moodlemobileapp", "addon.mod_data.mylocation": "local_moodlemobileapp",
"addon.mod_data.noaccess": "data",
"addon.mod_data.nomatch": "data", "addon.mod_data.nomatch": "data",
"addon.mod_data.norecords": "data", "addon.mod_data.norecords": "data",
"addon.mod_data.notapproved": "data", "addon.mod_data.notapproved": "data",

View File

@ -28,6 +28,7 @@
"modulenameplural": "Databases", "modulenameplural": "Databases",
"more": "More", "more": "More",
"mylocation": "My location", "mylocation": "My location",
"noaccess": "You do not have access to this page",
"nomatch": "No matching entries found!", "nomatch": "No matching entries found!",
"norecords": "No entries in database", "norecords": "No entries in database",
"notapproved": "Entry is not approved yet.", "notapproved": "Entry is not approved yet.",

View File

@ -18,8 +18,8 @@
</ion-select> </ion-select>
</ion-item> </ion-item>
<div class="addon-data-contents addon-data-entries-{{data.id}}" *ngIf="data"> <div class="addon-data-contents {{cssClass}}" *ngIf="data">
<core-style [css]="data.csstemplate" prefix=".addon-data-entries-{{data.id}}"></core-style> <core-style [css]="data.csstemplate" prefix=".{{cssClass}}"></core-style>
<form (ngSubmit)="save($event)" [formGroup]="editForm" #editFormEl> <form (ngSubmit)="save($event)" [formGroup]="editForm" #editFormEl>
<core-compile-html [text]="editFormRender" [jsData]="jsData" [extraImports]="extraImports"></core-compile-html> <core-compile-html [text]="editFormRender" [jsData]="jsData" [extraImports]="extraImports"></core-compile-html>

View File

@ -93,7 +93,7 @@ export class AddonModDataEditPage {
* View loaded. * View loaded.
*/ */
ionViewDidLoad(): void { ionViewDidLoad(): void {
this.fetchEntryData(); this.fetchEntryData(true);
} }
/** /**
@ -126,38 +126,78 @@ export class AddonModDataEditPage {
/** /**
* Fetch the entry data. * Fetch the entry data.
* *
* @param [refresh] To refresh all downloaded data.
* @return Resolved when done. * @return Resolved when done.
*/ */
protected fetchEntryData(): Promise<any> { protected async fetchEntryData(refresh: boolean = false): Promise<void> {
return this.dataProvider.getDatabase(this.courseId, this.module.id).then((data) => { try {
this.title = data.name || this.title; this.data = await this.dataProvider.getDatabase(this.courseId, this.module.id);
this.data = data; this.title = this.data.name || this.title;
this.cssClass = 'addon-data-entries-' + data.id; this.cssClass = 'addon-data-entries-' + this.data.id;
return this.dataProvider.getDatabaseAccessInformation(data.id, {cmId: this.module.id}); this.fieldsArray = await this.dataProvider.getFields(this.data.id, {cmId: this.module.id});
}).then((accessData) => { this.fields = this.utils.arrayToObject(this.fieldsArray, 'id');
if (this.entryId) {
return this.groupsProvider.getActivityGroupInfo(this.data.coursemodule).then((groupInfo) => { const entry = await this.dataHelper.fetchEntry(this.data, this.fieldsArray, this.entryId);
this.groupInfo = groupInfo;
this.selectedGroup = this.groupsProvider.validateGroupId(this.selectedGroup, groupInfo);
});
}
}).then(() => {
return this.dataProvider.getFields(this.data.id, {cmId: this.module.id});
}).then((fieldsData) => {
this.fieldsArray = fieldsData;
this.fields = this.utils.arrayToObject(fieldsData, 'id');
return this.dataHelper.fetchEntry(this.data, fieldsData, this.entryId);
}).then((entry) => {
this.entry = entry.entry; this.entry = entry.entry;
// Load correct group.
this.selectedGroup = this.selectedGroup == null ? this.entry.groupid : this.selectedGroup;
// Check permissions when adding a new entry or offline entry.
if (!this.isEditing) {
let haveAccess = false;
if (refresh) {
this.groupInfo = await this.groupsProvider.getActivityGroupInfo(this.data.coursemodule);
this.selectedGroup = this.groupsProvider.validateGroupId(this.selectedGroup, this.groupInfo);
this.initialSelectedGroup = this.selectedGroup;
}
if (this.groupInfo.groups.length > 0) {
if (refresh) {
const canAddGroup = {};
await Promise.all(this.groupInfo.groups.map(async (group) => {
const accessData = await this.dataProvider.getDatabaseAccessInformation(this.data.id, {
cmId: this.module.id, groupId: group.id});
canAddGroup[group.id] = accessData.canaddentry;
}));
this.groupInfo.groups = this.groupInfo.groups.filter((group) => {
return !!canAddGroup[group.id];
});
haveAccess = canAddGroup[this.selectedGroup];
} else {
// Groups already filtered, so it have access.
haveAccess = true;
}
} else {
const accessData = await this.dataProvider.getDatabaseAccessInformation(this.data.id, {cmId: this.module.id});
haveAccess = accessData.canaddentry;
}
if (!haveAccess) {
// You shall not pass, go back.
this.domUtils.showErrorModal('addon.mod_data.noaccess', true);
// Go back to entry list.
this.forceLeave = true;
this.navCtrl.pop();
return;
}
}
this.editFormRender = this.displayEditFields(); this.editFormRender = this.displayEditFields();
}).catch((message) => { } catch (message) {
this.domUtils.showErrorModalDefault(message, 'core.course.errorgetmodule', true); this.domUtils.showErrorModalDefault(message, 'core.course.errorgetmodule', true);
}).finally(() => { }
this.loaded = true;
}); this.loaded = true;
} }
/** /**
@ -166,7 +206,7 @@ export class AddonModDataEditPage {
* @param e Event. * @param e Event.
* @return Resolved when done. * @return Resolved when done.
*/ */
save(e: Event): Promise<any> { save(e: Event): Promise<void> {
e.preventDefault(); e.preventDefault();
e.stopPropagation(); e.stopPropagation();

View File

@ -513,6 +513,7 @@
"addon.mod_data.modulenameplural": "Databases", "addon.mod_data.modulenameplural": "Databases",
"addon.mod_data.more": "More", "addon.mod_data.more": "More",
"addon.mod_data.mylocation": "My location", "addon.mod_data.mylocation": "My location",
"addon.mod_data.noaccess": "You do not have access to this page",
"addon.mod_data.nomatch": "No matching entries found!", "addon.mod_data.nomatch": "No matching entries found!",
"addon.mod_data.norecords": "No entries in database", "addon.mod_data.norecords": "No entries in database",
"addon.mod_data.notapproved": "Entry is not approved yet.", "addon.mod_data.notapproved": "Entry is not approved yet.",