#21 -- Fix permissions

src/main/java/ru/ulstu/report/controller/ReportValueController.java

@@ -7,6 +7,7 @@ import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
+import ru.ulstu.aspirant.service.AspirantService;
 import ru.ulstu.report.model.dto.ReportValueDto;
 import ru.ulstu.report.service.ReportValueService;
 
@@ -16,9 +17,11 @@ import java.io.IOException;
 @RequestMapping("report-value")
 public class ReportValueController {
     private final ReportValueService reportValueService;
+    private final AspirantService aspirantService;
 
-    public ReportValueController(ReportValueService reportValueService) {
+    public ReportValueController(ReportValueService reportValueService, AspirantService aspirantService) {
         this.reportValueService = reportValueService;
+        this.aspirantService = aspirantService;
     }
 
     @GetMapping("edit-report-value/{reportId}/{indicatorId}")
@@ -26,6 +29,7 @@ public class ReportValueController {
                                  @PathVariable("indicatorId") Integer indicatorId,
                                  Model model) {
         model.addAttribute("reportValue", reportValueService.getByIndicatorId(reportId, indicatorId));
+        model.addAttribute("canEdit", reportValueService.canEdit(reportId));
         return "report/editReportValue";
     }
 

src/main/java/ru/ulstu/report/service/ReportValueService.java

@@ -7,6 +7,7 @@ import ru.ulstu.indicator.service.IndicatorService;
 import ru.ulstu.report.model.ReportValue;
 import ru.ulstu.report.model.dto.ReportValueDto;
 import ru.ulstu.report.repository.ReportValueRepository;
+import ru.ulstu.user.UserService;
 
 import java.io.IOException;
 import java.util.List;
@@ -17,15 +18,17 @@ public class ReportValueService {
     private final IndicatorService indicatorService;
     private final FileService fileService;
     private final ReportService reportService;
+    private final UserService userService;
 
     public ReportValueService(ReportValueRepository reportValueRepository,
                               IndicatorService indicatorService,
                               FileService fileService,
-                              ReportService reportService) {
+                              ReportService reportService, UserService userService) {
         this.reportValueRepository = reportValueRepository;
         this.indicatorService = indicatorService;
         this.fileService = fileService;
         this.reportService = reportService;
+        this.userService = userService;
     }
 
     public ReportValue saveReportValue(ReportValueDto reportValueDto) throws IOException {
@@ -66,4 +69,8 @@ public class ReportValueService {
         }
         return new ReportValueDto(reportValue, reportId);
     }
+
+    public boolean canEdit(Integer reportId) {
+        return reportService.getReportById(reportId).getAspirant().getUser().equals(userService.getCurrentUser());
+    }
 }

src/main/resources/templates/report/editReportValue.html

@@ -11,7 +11,7 @@
         <input type="hidden" th:field="*{reportId}">
         <input type="hidden" th:field="*{indicator.id}">
 
-        <div class="row">
+        <div class="row" th:if="${canEdit}">
             <div class="col col-md-6">
                 <div class="form-group">
                     <label class="form-label" for="loader">Загрузка подтверждающих документов</label>
@@ -34,7 +34,7 @@
                     <input type="hidden"
                            th:field="*{files[__${rowStat.index}__].tmpFileName}"/>
                     <div class="col col-md-1 m-1">
-                        <a class="btn btn-danger float-right"
+                        <a class="btn btn-danger float-right" th:if="${canEdit}"
                            th:onclick="|$('#files${rowStat.index}\\.deleted').val('true'); $('#files${rowStat.index}').hide(); |">
                             <span><i class="fa fa-times"></i></span>
                         </a>