Skip to content
This repository has been archived by the owner on Jan 24, 2019. It is now read-only.

Commit

Permalink
Bug 1038144 - Inform the user if they don't have permission to edit a…
Browse files Browse the repository at this point in the history 
…n event
  • Loading branch information
Christopher De Cairos committed Jul 29, 2014
1 parent 1a02581 commit bf504b2
Show file tree
Hide file tree
Showing 5 changed files with 60 additions and 32 deletions.
37 changes: 11 additions & 26 deletions app/js/controllers.js
View file
Expand Up @@ -42,25 +42,12 @@ angular.module('myApp.controllers', [])
};
}
])
.controller('userController', ['$scope', '$rootScope', '$routeParams', 'eventService',
function ($scope, $rootScope, $routeParams, eventService) {
.controller('userController', ['$scope', '$rootScope', '$routeParams', 'eventService', 'eventEditableService',
function ($scope, $rootScope, $routeParams, eventService, eventEditableService) {
$scope.username = $routeParams.id;

$scope.isCoorganizer = function (event) {
return event.coorganizers.some(function (c) {
return c.userId === $rootScope._user.id;
});
};

$scope.isMentor = function (event) {
return event.mentors.some(function (m) {
return m.userId === $rootScope._user.id;
});
};

$scope.isOrganizer = function (event) {
return event.organizerId === $rootScope._user.username;
};
$scope.canEdit = eventEditableService.canEdit;
$scope.isMentor = eventEditableService.isMentor;

eventService().query({
organizerId: $scope.username
Expand Down Expand Up @@ -167,8 +154,8 @@ angular.module('myApp.controllers', [])
};
}
])
.controller('addUpdateController', ['$scope', '$location', '$rootScope', '$routeParams', 'moment', 'eventService', 'eventFormatter', 'usernameService', 'analytics', 'attendeeListService', 'dateIsToday',
function ($scope, $location, $rootScope, $routeParams, moment, eventService, eventFormatter, usernameService, analytics, attendeeListService, dateIsToday) {
.controller('addUpdateController', ['$scope', '$location', '$rootScope', '$routeParams', 'moment', 'eventService', 'eventFormatter', 'usernameService', 'analytics', 'attendeeListService', 'dateIsToday', 'eventEditableService',
function ($scope, $location, $rootScope, $routeParams, moment, eventService, eventFormatter, usernameService, analytics, attendeeListService, dateIsToday, eventEditableService) {

$scope.event = {};
$scope.eventID = $routeParams.id;
Expand Down Expand Up @@ -393,13 +380,15 @@ angular.module('myApp.controllers', [])
});
}
};

$scope.canEdit = eventEditableService.canEdit;
}
])
.controller('eventListController', ['$scope',
function ($scope) {}
])
.controller('eventDetailController', ['$scope', '$rootScope', '$http', '$routeParams', '$sanitize', 'eventService', 'moment', 'config', 'dateIsToday',
function ($scope, $rootScope, $http, $routeParams, $sanitize, eventService, moment, config, dateIsToday) {
.controller('eventDetailController', ['$scope', '$rootScope', '$http', '$routeParams', '$sanitize', 'eventService', 'moment', 'config', 'dateIsToday', 'eventEditableService',
function ($scope, $rootScope, $http, $routeParams, $sanitize, eventService, moment, config, dateIsToday, eventEditableService) {
eventService().get({
id: $routeParams.id
}, function (data) {
Expand Down Expand Up @@ -447,11 +436,7 @@ angular.module('myApp.controllers', [])
// Right now random IDs are created as a hook for varying detail view header colors.
$scope.eventData.competencyID = Math.floor(Math.random() * 16);

$scope.isCoorganizer = function () {
return $scope.eventData.coorganizers.some(function (c) {
return c.userId === $rootScope._user.id;
});
};
$scope.canEdit = eventEditableService.canEdit;

$scope.$on('rsvpChange', function (event, data) {
$scope.$broadcast('rsvpChanged', data);
Expand Down
37 changes: 37 additions & 0 deletions app/js/services.js
View file
Expand Up @@ -250,4 +250,41 @@ angular.module('myApp.services', ['ngResource'])

return auth;
}
])
.factory('eventEditableService', ['$rootScope',
function ($rootScope) {
function isCoorganizer(event) {
if (!event.coorganizers) {
return false;
}
return event.coorganizers.some(function (c) {
return c.userId === $rootScope._user.id;
});
}

function isOrganizer(event) {
return event.organizerId === $rootScope._user.username;
}

function isAdmin() {
return $rootScope._user.isAdmin;
}

return {
isMentor: function (event) {
if (!event.mentors) {
return false;
}
return event.mentors.some(function (m) {
return m.userId === $rootScope._user.id;
});
},
isCoorganizer: isCoorganizer,
isOrganizer: isOrganizer,
isAdmin: isAdmin,
canEdit: function (event) {
return isCoorganizer(event) || isOrganizer(event) || isAdmin();
}
};
}
]);
6 changes: 4 additions & 2 deletions app/views/add-update.html
View file
Expand Up @@ -7,9 +7,11 @@ <h1 ng-if="isUpdate">{{ '_editing_event_' | i18n }}</h1>
<div ng-if="isAdd" class="alert alert-info" ng-hide="_user.email" data-ng-click="login()" ng-bind-html="'_need_to_login_to_add_' | i18n "></div>
<div ng-if="isUpdate" class="alert alert-info" ng-hide="_user.email" data-ng-click="login()" ng-bind-html="'_need_to_login_to_edit_' | i18n "></div>

<div class="alert alert-info" ng-hide="!_user.email || (event && canEdit(event))" ng-bind-html="'_not_authorized_to_edit_' | i18n "></div>

<div class="alert alert-danger" ng-show="addEventForm.$invalid && attemptedToSubmit">{{ '_some_errors_' | i18n }}</div>

<form name="addEventForm" role="form" novalidate ng-show="_user.username">
<form name="addEventForm" role="form" novalidate ng-show="_user.email && event && canEdit(event)">

<header class="page-header">
<h3>{{ '_basics_' | i18n }}</h3>
Expand Down Expand Up @@ -367,7 +369,7 @@ <h3>After an event</h3>

</form>

<div ng-if="isUpdate" class="alert alert-danger">
<div ng-if="isUpdate" class="alert alert-danger" ng-show="_user.email && (event && canEdit(event))">
<p ng-bind-html="'_careful_delete_message_' | i18n"></p>
<a href="#" ng-click="deleteEvent()" class="btn btn-danger btn-mobile-block">
{{ '_delete_event_' | i18n }}
Expand Down
8 changes: 4 additions & 4 deletions app/views/detail.html
View file
@@ -1,10 +1,10 @@
<div class="check-in-banner highlighted" ng-if="eventIsToday && (_user.username === eventData.organizerId || _user.isAdmin)">
<div class="check-in-banner highlighted" ng-if="eventIsToday && isOrganizer(eventData) || isAdmin()">
<div class="container">
<p class="larger"><span>{{ '_today_the_day_' | i18n }}</span> <a class="btn btn-primary" href="#!/check-in/{{ eventID }}">{{ '_check_yo_attendees_' | i18n }}</a></p>
</div>
</div>

<div class="check-in-banner" ng-if="_user.username === eventData.organizerId || _user.isAdmin">
<div class="check-in-banner" ng-if="canEdit(eventData)">
<div class="container add-vertical-padding">
<div ng-show="freshEvent">
<div class="clearfix">
Expand Down Expand Up @@ -37,7 +37,7 @@ <h1>{{ '_thx_for_adding_' | i18n }}</h1>
<a href="https://plus.google.com/share?url={{ eventURL | uriEncode }}" target="_blank"><i class="fa fa-google-plus"></i></a>
</div>

<a ng-show="_user.username === eventData.organizerId || _user.isAdmin || isCoorganizer()" class="btn btn-primary" href="#!/edit/{{ eventID }}"><span class="fa fa-pencil"></span> &nbsp;{{ '_edit_them_details_' | i18n }}</a>
<a ng-show="canEdit(eventData)" class="btn btn-primary" href="#!/edit/{{ eventID }}"><span class="fa fa-pencil"></span> &nbsp;{{ '_edit_them_details_' | i18n }}</a>
</div>
</div>
</div>
Expand Down Expand Up @@ -92,7 +92,7 @@ <h4>{{ eventData.address }} <a href="https://maps.google.com/?q={{ eventData.add

<a ng-if="eventData.isEmailPublic" class="btn btn-xs btn-info add-bottom-margin" href="mailto:{{ eventData.organizer }}">{{ '_contact_org_' | i18n }}</a>

<div ng-if="_user.username === eventData.organizerId || _user.isAdmin || isCoorganizer()" class="add-bottom-margin">
<div ng-if="canEdit(eventData)" class="add-bottom-margin">
<p>{{ 'People who can edit this event' | i18n }}</p>
<table class="table table-striped table-middle">
<tr ng-repeat="coorganizer in eventData.coorganizers">
Expand Down
4 changes: 4 additions & 0 deletions locale/en_US/events2.json
View file
Expand Up @@ -946,5 +946,9 @@
"_no_events_found_": {
"message": "No events found! Would you like to <a href=\"#!/add\">create one</a>?",
"description": "If no events are found, suggest the user create one"
},
"_not_authorized_to_edit_": {
"message": "Your account does not have permission to edit this event",
"description": "The logged in user cannot edit the current event"
}
}

0 comments on commit bf504b2

Please sign in to comment.