From 97355f761e005b880a66cfea9a59d8f496b19019 Mon Sep 17 00:00:00 2001
From: Alex ORLUC <alex.orluc@maarch.org>
Date: Fri, 8 Mar 2019 12:10:17 +0100
Subject: [PATCH] FIX #9685 add restriced note model by destination
---
rest/index.php | 3 +-
src/app/note/controllers/NoteController.php | 36 +++++++++++++++----
.../close-mail-action.component.html | 2 +-
.../app/notes/note-editor.component.ts | 18 +++++++---
4 files changed, 46 insertions(+), 13 deletions(-)
diff --git a/rest/index.php b/rest/index.php
index c259f4b10dc..4aaa230fdc2 100755
--- a/rest/index.php
+++ b/rest/index.php
@@ -214,7 +214,8 @@ $app->get('/listTemplates/types/{typeId}/roles', \Entity\controllers\ListTemplat
$app->put('/listTemplates/types/{typeId}/roles', \Entity\controllers\ListTemplateController::class . ':updateTypeRoles');
//Notes
-$app->get('/notes/templates', \Note\controllers\NoteController::class . ':getTemplateList');
+$app->get('/res/{resId}/notes/templates', \Note\controllers\NoteController::class . ':getTemplateListByResId');
+$app->get('/notes/templates', \Note\controllers\NoteController::class . ':getAllTemplateList');
$app->get('/res/{resId}/notes', \Note\controllers\NoteController::class . ':getByResId');
$app->post('/res/{resId}/notes', \Note\controllers\NoteController::class . ':create');
diff --git a/src/app/note/controllers/NoteController.php b/src/app/note/controllers/NoteController.php
index 96d20781f3f..cd3daee09b7 100755
--- a/src/app/note/controllers/NoteController.php
+++ b/src/app/note/controllers/NoteController.php
@@ -26,6 +26,8 @@ use History\controllers\HistoryController;
use Resource\controllers\ResController;
use SrcCore\models\ValidatorModel;
use User\models\UserModel;
+use Template\models\TemplateModel;
+use Resource\models\ResModel;
class NoteController
{
@@ -124,15 +126,37 @@ class NoteController
return ['encodedDocument' => base64_encode($fileContent)];
}
- public static function getTemplateList(Request $request, Response $response, array $aArgs)
+ public static function getTemplateListByResId(Request $request, Response $response, array $aArgs)
{
- //get user entities
- $userEntities = UserModel::getEntitiesById(['userId' => $GLOBALS['userId']]);
+ $check = Validator::intVal()->notEmpty()->validate($aArgs['resId']);
+ if (!$check) {
+ return $response->withStatus(400)->withJson(['errors' => 'resId is empty or not an integer']);
+ }
+
+ if (!empty($aArgs['resId']) && !ResController::hasRightByResId(['resId' => $aArgs['resId'], 'userId' => $GLOBALS['userId']])) {
+ return $response->withStatus(403)->withJson(['errors' => 'Document out of perimeter']);
+ }
- $userEntities = array_column($userEntities, 'entity_id');
+ //get all templates note
+ $tmpAllNotes = TemplateModel::getByTarget(['template_target' => 'notes', 'select' => ['template_id', 'template_label', 'template_content']]);
- //get templates note
- $aReturn = NoteModel::getTemplateList(['entityIds' => $userEntities, 'select' => ['template_label', 'template_content']]);
+ //get entity resource
+ $resEntity = ResModel::getById(['resId' => $aArgs['resId'], 'select' => ['destination']]);
+
+ if (!empty($resEntity['destination'])) {
+ //get retricted templates note
+ $aReturn = TemplateModel::getWithAssociation(['select' => ['DISTINCT(templates.template_id), template_label', 'template_content'], 'where' => ['template_target = ?', 'value_field = ?', 'templates.template_id = templates_association.template_id'], 'data' => ['notes', $resEntity['destination']], 'orderBy' => ['template_label']]);
+ } else {
+ $aReturn = TemplateModel::getByTarget(['template_target' => 'notes', 'select' => ['template_label', 'template_content']]);
+ }
+
+ return $response->withJson($aReturn);
+ }
+
+ public static function getAllTemplateList(Request $request, Response $response)
+ {
+ //get all templates note
+ $aReturn = TemplateModel::getByTarget(['template_target' => 'notes', 'select' => ['template_label', 'template_content']]);
return $response->withJson($aReturn);
}
diff --git a/src/frontend/app/actions/close-mail-action/close-mail-action.component.html b/src/frontend/app/actions/close-mail-action/close-mail-action.component.html
index 6fab57c9ead..fd4d61b8866 100644
--- a/src/frontend/app/actions/close-mail-action/close-mail-action.component.html
+++ b/src/frontend/app/actions/close-mail-action/close-mail-action.component.html
@@ -11,7 +11,7 @@
<div class="alert-message alert-message-success" role="alert" style="margin-top: 30px;" [innerHTML]="lang.updateClosingDate"></div>
</div>
<div class="col-md-12">
- <app-note-editor #noteEditor></app-note-editor>
+ <app-note-editor #noteEditor [resIds]="data.selectedRes"></app-note-editor>
</div>
</div>
</div>
diff --git a/src/frontend/app/notes/note-editor.component.ts b/src/frontend/app/notes/note-editor.component.ts
index abd8c1fdaab..a5ac467c83a 100644
--- a/src/frontend/app/notes/note-editor.component.ts
+++ b/src/frontend/app/notes/note-editor.component.ts
@@ -18,7 +18,7 @@ export class NoteEditorComponent implements AfterViewInit {
content: string = '';
- @Input('mode') mode: any;
+ @Input('resIds') resIds: any[];
constructor(public http: HttpClient) { }
@@ -49,10 +49,18 @@ export class NoteEditorComponent implements AfterViewInit {
getTemplatesNote() {
if (this.templatesNote.length == 0) {
- this.http.get("../../rest/notes/templates")
- .subscribe((data: any) => {
- this.templatesNote = data;
- });
+ if (this.resIds.length == 1) {
+ this.http.get("../../rest/res/" + this.resIds[0] + "/notes/templates")
+ .subscribe((data: any) => {
+ this.templatesNote = data;
+ });
+ } else {
+ this.http.get("../../rest/notes/templates")
+ .subscribe((data: any) => {
+ this.templatesNote = data;
+ });
+ }
+
}
}
}
\ No newline at end of file
--
GitLab