MOBILE-3200 database: Check permissions on add and edit entry
parent
b0b806280b
commit
cb4eac9a17
|
@ -507,11 +507,13 @@
|
||||||
"addon.mod_data.foundrecords": "data",
|
"addon.mod_data.foundrecords": "data",
|
||||||
"addon.mod_data.gettinglocation": "local_moodlemobileapp",
|
"addon.mod_data.gettinglocation": "local_moodlemobileapp",
|
||||||
"addon.mod_data.latlongboth": "data",
|
"addon.mod_data.latlongboth": "data",
|
||||||
|
"addon.mod_data.locationnotenabled": "local_moodlemobileapp",
|
||||||
"addon.mod_data.locationpermissiondenied": "local_moodlemobileapp",
|
"addon.mod_data.locationpermissiondenied": "local_moodlemobileapp",
|
||||||
"addon.mod_data.menuchoose": "data",
|
"addon.mod_data.menuchoose": "data",
|
||||||
"addon.mod_data.modulenameplural": "data",
|
"addon.mod_data.modulenameplural": "data",
|
||||||
"addon.mod_data.more": "data",
|
"addon.mod_data.more": "data",
|
||||||
"addon.mod_data.mylocation": "local_moodlemobileapp",
|
"addon.mod_data.mylocation": "local_moodlemobileapp",
|
||||||
|
"addon.mod_data.noaccess": "data",
|
||||||
"addon.mod_data.nomatch": "data",
|
"addon.mod_data.nomatch": "data",
|
||||||
"addon.mod_data.norecords": "data",
|
"addon.mod_data.norecords": "data",
|
||||||
"addon.mod_data.notapproved": "data",
|
"addon.mod_data.notapproved": "data",
|
||||||
|
|
|
@ -28,6 +28,7 @@
|
||||||
"modulenameplural": "Databases",
|
"modulenameplural": "Databases",
|
||||||
"more": "More",
|
"more": "More",
|
||||||
"mylocation": "My location",
|
"mylocation": "My location",
|
||||||
|
"noaccess": "You do not have access to this page",
|
||||||
"nomatch": "No matching entries found!",
|
"nomatch": "No matching entries found!",
|
||||||
"norecords": "No entries in database",
|
"norecords": "No entries in database",
|
||||||
"notapproved": "Entry is not approved yet.",
|
"notapproved": "Entry is not approved yet.",
|
||||||
|
|
|
@ -18,8 +18,8 @@
|
||||||
</ion-select>
|
</ion-select>
|
||||||
</ion-item>
|
</ion-item>
|
||||||
|
|
||||||
<div class="addon-data-contents addon-data-entries-{{data.id}}" *ngIf="data">
|
<div class="addon-data-contents {{cssClass}}" *ngIf="data">
|
||||||
<core-style [css]="data.csstemplate" prefix=".addon-data-entries-{{data.id}}"></core-style>
|
<core-style [css]="data.csstemplate" prefix=".{{cssClass}}"></core-style>
|
||||||
|
|
||||||
<form (ngSubmit)="save($event)" [formGroup]="editForm" #editFormEl>
|
<form (ngSubmit)="save($event)" [formGroup]="editForm" #editFormEl>
|
||||||
<core-compile-html [text]="editFormRender" [jsData]="jsData" [extraImports]="extraImports"></core-compile-html>
|
<core-compile-html [text]="editFormRender" [jsData]="jsData" [extraImports]="extraImports"></core-compile-html>
|
||||||
|
|
|
@ -93,7 +93,7 @@ export class AddonModDataEditPage {
|
||||||
* View loaded.
|
* View loaded.
|
||||||
*/
|
*/
|
||||||
ionViewDidLoad(): void {
|
ionViewDidLoad(): void {
|
||||||
this.fetchEntryData();
|
this.fetchEntryData(true);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -126,38 +126,78 @@ export class AddonModDataEditPage {
|
||||||
/**
|
/**
|
||||||
* Fetch the entry data.
|
* Fetch the entry data.
|
||||||
*
|
*
|
||||||
|
* @param [refresh] To refresh all downloaded data.
|
||||||
* @return Resolved when done.
|
* @return Resolved when done.
|
||||||
*/
|
*/
|
||||||
protected fetchEntryData(): Promise<any> {
|
protected async fetchEntryData(refresh: boolean = false): Promise<void> {
|
||||||
return this.dataProvider.getDatabase(this.courseId, this.module.id).then((data) => {
|
try {
|
||||||
this.title = data.name || this.title;
|
this.data = await this.dataProvider.getDatabase(this.courseId, this.module.id);
|
||||||
this.data = data;
|
this.title = this.data.name || this.title;
|
||||||
this.cssClass = 'addon-data-entries-' + data.id;
|
this.cssClass = 'addon-data-entries-' + this.data.id;
|
||||||
|
|
||||||
return this.dataProvider.getDatabaseAccessInformation(data.id, {cmId: this.module.id});
|
this.fieldsArray = await this.dataProvider.getFields(this.data.id, {cmId: this.module.id});
|
||||||
}).then((accessData) => {
|
this.fields = this.utils.arrayToObject(this.fieldsArray, 'id');
|
||||||
if (this.entryId) {
|
|
||||||
return this.groupsProvider.getActivityGroupInfo(this.data.coursemodule).then((groupInfo) => {
|
const entry = await this.dataHelper.fetchEntry(this.data, this.fieldsArray, this.entryId);
|
||||||
this.groupInfo = groupInfo;
|
|
||||||
this.selectedGroup = this.groupsProvider.validateGroupId(this.selectedGroup, groupInfo);
|
|
||||||
});
|
|
||||||
}
|
|
||||||
}).then(() => {
|
|
||||||
return this.dataProvider.getFields(this.data.id, {cmId: this.module.id});
|
|
||||||
}).then((fieldsData) => {
|
|
||||||
this.fieldsArray = fieldsData;
|
|
||||||
this.fields = this.utils.arrayToObject(fieldsData, 'id');
|
|
||||||
|
|
||||||
return this.dataHelper.fetchEntry(this.data, fieldsData, this.entryId);
|
|
||||||
}).then((entry) => {
|
|
||||||
this.entry = entry.entry;
|
this.entry = entry.entry;
|
||||||
|
|
||||||
|
// Load correct group.
|
||||||
|
this.selectedGroup = this.selectedGroup == null ? this.entry.groupid : this.selectedGroup;
|
||||||
|
|
||||||
|
// Check permissions when adding a new entry or offline entry.
|
||||||
|
if (!this.isEditing) {
|
||||||
|
let haveAccess = false;
|
||||||
|
|
||||||
|
if (refresh) {
|
||||||
|
this.groupInfo = await this.groupsProvider.getActivityGroupInfo(this.data.coursemodule);
|
||||||
|
this.selectedGroup = this.groupsProvider.validateGroupId(this.selectedGroup, this.groupInfo);
|
||||||
|
this.initialSelectedGroup = this.selectedGroup;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (this.groupInfo.groups.length > 0) {
|
||||||
|
if (refresh) {
|
||||||
|
const canAddGroup = {};
|
||||||
|
|
||||||
|
await Promise.all(this.groupInfo.groups.map(async (group) => {
|
||||||
|
const accessData = await this.dataProvider.getDatabaseAccessInformation(this.data.id, {
|
||||||
|
cmId: this.module.id, groupId: group.id});
|
||||||
|
|
||||||
|
canAddGroup[group.id] = accessData.canaddentry;
|
||||||
|
}));
|
||||||
|
|
||||||
|
this.groupInfo.groups = this.groupInfo.groups.filter((group) => {
|
||||||
|
return !!canAddGroup[group.id];
|
||||||
|
});
|
||||||
|
|
||||||
|
haveAccess = canAddGroup[this.selectedGroup];
|
||||||
|
} else {
|
||||||
|
// Groups already filtered, so it have access.
|
||||||
|
haveAccess = true;
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
const accessData = await this.dataProvider.getDatabaseAccessInformation(this.data.id, {cmId: this.module.id});
|
||||||
|
haveAccess = accessData.canaddentry;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!haveAccess) {
|
||||||
|
// You shall not pass, go back.
|
||||||
|
this.domUtils.showErrorModal('addon.mod_data.noaccess', true);
|
||||||
|
|
||||||
|
// Go back to entry list.
|
||||||
|
this.forceLeave = true;
|
||||||
|
this.navCtrl.pop();
|
||||||
|
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
this.editFormRender = this.displayEditFields();
|
this.editFormRender = this.displayEditFields();
|
||||||
}).catch((message) => {
|
} catch (message) {
|
||||||
this.domUtils.showErrorModalDefault(message, 'core.course.errorgetmodule', true);
|
this.domUtils.showErrorModalDefault(message, 'core.course.errorgetmodule', true);
|
||||||
}).finally(() => {
|
}
|
||||||
this.loaded = true;
|
|
||||||
});
|
this.loaded = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -166,7 +206,7 @@ export class AddonModDataEditPage {
|
||||||
* @param e Event.
|
* @param e Event.
|
||||||
* @return Resolved when done.
|
* @return Resolved when done.
|
||||||
*/
|
*/
|
||||||
save(e: Event): Promise<any> {
|
save(e: Event): Promise<void> {
|
||||||
e.preventDefault();
|
e.preventDefault();
|
||||||
e.stopPropagation();
|
e.stopPropagation();
|
||||||
|
|
||||||
|
|
|
@ -513,6 +513,7 @@
|
||||||
"addon.mod_data.modulenameplural": "Databases",
|
"addon.mod_data.modulenameplural": "Databases",
|
||||||
"addon.mod_data.more": "More",
|
"addon.mod_data.more": "More",
|
||||||
"addon.mod_data.mylocation": "My location",
|
"addon.mod_data.mylocation": "My location",
|
||||||
|
"addon.mod_data.noaccess": "You do not have access to this page",
|
||||||
"addon.mod_data.nomatch": "No matching entries found!",
|
"addon.mod_data.nomatch": "No matching entries found!",
|
||||||
"addon.mod_data.norecords": "No entries in database",
|
"addon.mod_data.norecords": "No entries in database",
|
||||||
"addon.mod_data.notapproved": "Entry is not approved yet.",
|
"addon.mod_data.notapproved": "Entry is not approved yet.",
|
||||||
|
|
Loading…
Reference in New Issue