#21 -- Fix permissions
This commit is contained in:
parent
633d5ad58f
commit
9a6e8e1478
@ -7,6 +7,7 @@ import org.springframework.web.bind.annotation.GetMapping;
|
||||
import org.springframework.web.bind.annotation.PathVariable;
|
||||
import org.springframework.web.bind.annotation.PostMapping;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import ru.ulstu.aspirant.service.AspirantService;
|
||||
import ru.ulstu.report.model.dto.ReportValueDto;
|
||||
import ru.ulstu.report.service.ReportValueService;
|
||||
|
||||
@ -16,9 +17,11 @@ import java.io.IOException;
|
||||
@RequestMapping("report-value")
|
||||
public class ReportValueController {
|
||||
private final ReportValueService reportValueService;
|
||||
private final AspirantService aspirantService;
|
||||
|
||||
public ReportValueController(ReportValueService reportValueService) {
|
||||
public ReportValueController(ReportValueService reportValueService, AspirantService aspirantService) {
|
||||
this.reportValueService = reportValueService;
|
||||
this.aspirantService = aspirantService;
|
||||
}
|
||||
|
||||
@GetMapping("edit-report-value/{reportId}/{indicatorId}")
|
||||
@ -26,6 +29,7 @@ public class ReportValueController {
|
||||
@PathVariable("indicatorId") Integer indicatorId,
|
||||
Model model) {
|
||||
model.addAttribute("reportValue", reportValueService.getByIndicatorId(reportId, indicatorId));
|
||||
model.addAttribute("canEdit", reportValueService.canEdit(reportId));
|
||||
return "report/editReportValue";
|
||||
}
|
||||
|
||||
|
||||
@ -7,6 +7,7 @@ import ru.ulstu.indicator.service.IndicatorService;
|
||||
import ru.ulstu.report.model.ReportValue;
|
||||
import ru.ulstu.report.model.dto.ReportValueDto;
|
||||
import ru.ulstu.report.repository.ReportValueRepository;
|
||||
import ru.ulstu.user.UserService;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.List;
|
||||
@ -17,15 +18,17 @@ public class ReportValueService {
|
||||
private final IndicatorService indicatorService;
|
||||
private final FileService fileService;
|
||||
private final ReportService reportService;
|
||||
private final UserService userService;
|
||||
|
||||
public ReportValueService(ReportValueRepository reportValueRepository,
|
||||
IndicatorService indicatorService,
|
||||
FileService fileService,
|
||||
ReportService reportService) {
|
||||
ReportService reportService, UserService userService) {
|
||||
this.reportValueRepository = reportValueRepository;
|
||||
this.indicatorService = indicatorService;
|
||||
this.fileService = fileService;
|
||||
this.reportService = reportService;
|
||||
this.userService = userService;
|
||||
}
|
||||
|
||||
public ReportValue saveReportValue(ReportValueDto reportValueDto) throws IOException {
|
||||
@ -66,4 +69,8 @@ public class ReportValueService {
|
||||
}
|
||||
return new ReportValueDto(reportValue, reportId);
|
||||
}
|
||||
|
||||
public boolean canEdit(Integer reportId) {
|
||||
return reportService.getReportById(reportId).getAspirant().getUser().equals(userService.getCurrentUser());
|
||||
}
|
||||
}
|
||||
|
||||
@ -11,7 +11,7 @@
|
||||
<input type="hidden" th:field="*{reportId}">
|
||||
<input type="hidden" th:field="*{indicator.id}">
|
||||
|
||||
<div class="row">
|
||||
<div class="row" th:if="${canEdit}">
|
||||
<div class="col col-md-6">
|
||||
<div class="form-group">
|
||||
<label class="form-label" for="loader">Загрузка подтверждающих документов</label>
|
||||
@ -34,7 +34,7 @@
|
||||
<input type="hidden"
|
||||
th:field="*{files[__${rowStat.index}__].tmpFileName}"/>
|
||||
<div class="col col-md-1 m-1">
|
||||
<a class="btn btn-danger float-right"
|
||||
<a class="btn btn-danger float-right" th:if="${canEdit}"
|
||||
th:onclick="|$('#files${rowStat.index}\\.deleted').val('true'); $('#files${rowStat.index}').hide(); |">
|
||||
<span><i class="fa fa-times"></i></span>
|
||||
</a>
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user