Hide assignee and milestone pulldown for not writable users.

src/main/scala/app/IssuesController.scala

@@ -79,6 +79,7 @@ trait IssuesControllerBase extends ControllerBase {
         (getCollaborators(owner, repository) :+ owner).sorted,
         getMilestones(owner, repository),
         getLabels(owner, repository),
+        hasWritePermission(owner, repository, context.loginAccount),
         _)
     } getOrElse NotFound
   })
@@ -110,15 +111,12 @@ trait IssuesControllerBase extends ControllerBase {
     val owner      = params("owner")
     val repository = params("repository")
     val issueId    = params("id").toInt
-    val writable   = hasWritePermission(owner, repository, context.loginAccount)
 
     getIssue(owner, repository, issueId.toString).map { issue =>
-      if(writable || issue.openedUserName == context.loginAccount.get.userName){
+      if(hasWritePermission(owner, repository, context.loginAccount) || issue.openedUserName == context.loginAccount.get.userName){
         updateIssue(owner, repository, issueId, form.title, form.content)
         redirect("/%s/%s/issues/_data/%d".format(owner, repository, issueId))
-      } else {
+      } else Unauthorized
-        Unauthorized
-      }
     } getOrElse NotFound
   })
 
@@ -139,50 +137,55 @@ trait IssuesControllerBase extends ControllerBase {
     val owner      = params("owner")
     val repository = params("repository")
     val commentId  = params("id").toInt
-    val writable   = hasWritePermission(owner, repository, context.loginAccount)
 
     getComment(commentId.toString).map { comment =>
-      if(writable || comment.commentedUserName == context.loginAccount.get.userName){
+      if(hasWritePermission(owner, repository, context.loginAccount) || comment.commentedUserName == context.loginAccount.get.userName){
         updateComment(commentId, form.content)
         redirect("/%s/%s/issue_comments/_data/%d".format(owner, repository, commentId))
-      } else {
+      } else Unauthorized
-        Unauthorized
-      }
     } getOrElse NotFound
   })
 
-  // TODO Authenticator
+  ajaxGet("/:owner/:repository/issues/_data/:id")(readableUsersOnly {
-  ajaxGet("/:owner/:repository/issues/_data/:id"){
+    val owner      = params("owner")
-    getIssue(params("owner"), params("repository"), params("id")) map { x =>
+    val repository = params("repository")
-      params.get("dataType") collect {
-        case t if t == "html" => issues.html.editissue(
-            x.title, x.content, x.issueId, x.userName, x.repositoryName)
-      } getOrElse {
-        contentType = formats("json")
-        org.json4s.jackson.Serialization.write(
-            Map("title"   -> x.title,
-                "content" -> view.Markdown.toHtml(x.content getOrElse "No description given.",
-                    getRepository(x.userName, x.repositoryName, baseUrl).get, false, true, true)
-            ))
-      }
-    } getOrElse NotFound
-  }
 
-  // TODO Authenticator
+    getIssue(params("owner"), params("repository"), params("id")) map { x =>
-  ajaxGet("/:owner/:repository/issue_comments/_data/:id"){
+      if(hasWritePermission(owner, repository, context.loginAccount) || x.openedUserName == context.loginAccount.get.userName){
-    getComment(params("id")) map { x =>
+        params.get("dataType") collect {
-      params.get("dataType") collect {
+          case t if t == "html" => issues.html.editissue(
-        case t if t == "html" => issues.html.editcomment(
+              x.title, x.content, x.issueId, x.userName, x.repositoryName)
-            x.content, x.commentId, x.userName, x.repositoryName)
+        } getOrElse {
-      } getOrElse {
+          contentType = formats("json")
-        contentType = formats("json")
+          org.json4s.jackson.Serialization.write(
-        org.json4s.jackson.Serialization.write(
+              Map("title"   -> x.title,
-            Map("content" -> view.Markdown.toHtml(x.content,
+                  "content" -> view.Markdown.toHtml(x.content getOrElse "No description given.",
-                getRepository(x.userName, x.repositoryName, baseUrl).get, false, true, true)
+                      getRepository(x.userName, x.repositoryName, baseUrl).get, false, true, true)
-            ))
+              ))
-      }
+        }
+      } else Unauthorized
     } getOrElse NotFound
-  }
+  })
+
+  ajaxGet("/:owner/:repository/issue_comments/_data/:id")(readableUsersOnly {
+    val owner      = params("owner")
+    val repository = params("repository")
+
+    getComment(params("id")) map { x =>
+      if(hasWritePermission(owner, repository, context.loginAccount) || x.commentedUserName == context.loginAccount.get.userName){
+        params.get("dataType") collect {
+          case t if t == "html" => issues.html.editcomment(
+              x.content, x.commentId, x.userName, x.repositoryName)
+        } getOrElse {
+          contentType = formats("json")
+          org.json4s.jackson.Serialization.write(
+              Map("content" -> view.Markdown.toHtml(x.content,
+                  getRepository(x.userName, x.repositoryName, baseUrl).get, false, true, true)
+              ))
+        }
+      } else Unauthorized
+    } getOrElse NotFound
+  })
 
   ajaxPost("/:owner/:repository/issues/:id/label/new")(collaboratorsOnly {
     val owner = params("owner")

src/main/twirl/issues/create.scala.html

@@ -1,6 +1,7 @@
 @(collaborators: List[String],
   milestones: List[model.Milestone],
   labels: List[model.Label],
+  hasWritePermission: Boolean,
   repository: service.RepositoryService.RepositoryInfo)(implicit context: app.Context)
 @import context._
 @import view.helpers._
@@ -16,22 +17,26 @@
           <input type="text" name="title" value="" placeholder="Title" style="width: 650px;"/>
           <div>
             <span id="label-assigned">No one is assigned</span>
-            <input type="hidden" name="assignedUserName" value=""/>
+            @if(hasWritePermission){
-            @helper.html.dropdown {
+              <input type="hidden" name="assignedUserName" value=""/>
-              <li><a href="javascript:void(0);" class="assign" data-name="">Clear assignee</a></li>
+              @helper.html.dropdown {
-              <li class="divider"></li>
+                <li><a href="javascript:void(0);" class="assign" data-name="">Clear assignee</a></li>
-              @collaborators.map { collaborator =>
+                <li class="divider"></li>
-                <li><a href="javascript:void(0);" class="assign" data-name="@collaborator">@collaborator</a></li>
+                @collaborators.map { collaborator =>
+                  <li><a href="javascript:void(0);" class="assign" data-name="@collaborator">@collaborator</a></li>
+                }
               }
             }
             <div class="pull-right">
               <span id="label-milestone">No milestone</span>
-              <input type="hidden" name="milestoneId" value=""/>
+              @if(hasWritePermission){
-              @helper.html.dropdown {
+                <input type="hidden" name="milestoneId" value=""/>
-                <li><a href="javascript:void(0);" class="milestone" data-id="">No milestone</a></li>
+                @helper.html.dropdown {
-                <li class="divider"></li>
+                  <li><a href="javascript:void(0);" class="milestone" data-id="">No milestone</a></li>
-                @milestones.map { milestone =>
+                  <li class="divider"></li>
-                  <li><a href="javascript:void(0);" class="milestone" data-id="@milestone.milestoneId">@milestone.title</a></li>
+                  @milestones.map { milestone =>
+                    <li><a href="javascript:void(0);" class="milestone" data-id="@milestone.milestoneId">@milestone.title</a></li>
+                  }
                 }
               }
             </div>
@@ -43,22 +48,24 @@
       <input type="submit" class="btn btn-success" value="Submit new issue"/>
     </div>
     <div class="span3">
-      <strong>Add Labels</strong>
+      @if(hasWritePermission){
-      <div>
+        <strong>Add Labels</strong>
-        <div id="label-list">
+        <div>
-          <ul class="label-list nav nav-pills nav-stacked">
+          <div id="label-list">
-            @labels.map { label =>
+            <ul class="label-list nav nav-pills nav-stacked">
-              <li>
+              @labels.map { label =>
-                <a href="javascript:void(0);" class="toggle-label" data-label="@label.labelName" data-bgcolor="@label.color" data-fgcolor="@label.fontColor">
+                <li>
-                  <span style="background-color: #@label.color;" class="label-color">&nbsp;&nbsp;</span>
+                  <a href="javascript:void(0);" class="toggle-label" data-label="@label.labelName" data-bgcolor="@label.color" data-fgcolor="@label.fontColor">
-                  @label.labelName
+                    <span style="background-color: #@label.color;" class="label-color">&nbsp;&nbsp;</span>
-                </a>
+                    @label.labelName
-              </li>
+                  </a>
-            }
+                </li>
-          </ul>
+              }
-          <input type="hidden" name="labelNames" value=""/>
+            </ul>
+            <input type="hidden" name="labelNames" value=""/>
+          </div>
         </div>
-      </div>
+      }
     </div>
   </div>
   </form>