Hide assignee and milestone pulldown for not writable users.

2025-11-06 21:45:50 +01:00 · 2013-07-03 02:44:01 +09:00
parent 8890c28fa3
commit ee7e059067
2 changed files with 77 additions and 67 deletions
--- a/src/main/scala/app/IssuesController.scala
+++ b/src/main/scala/app/IssuesController.scala
@@ -79,6 +79,7 @@ trait IssuesControllerBase extends ControllerBase {
        (getCollaborators(owner, repository) :+ owner).sorted,
        getMilestones(owner, repository),
        getLabels(owner, repository),
+        hasWritePermission(owner, repository, context.loginAccount),
        _)
    } getOrElse NotFound
  })
@@ -110,15 +111,12 @@ trait IssuesControllerBase extends ControllerBase {
    val owner      = params("owner")
    val repository = params("repository")
    val issueId    = params("id").toInt
-    val writable   = hasWritePermission(owner, repository, context.loginAccount)

    getIssue(owner, repository, issueId.toString).map { issue =>
-      if(writable || issue.openedUserName == context.loginAccount.get.userName){
+      if(hasWritePermission(owner, repository, context.loginAccount) || issue.openedUserName == context.loginAccount.get.userName){
        updateIssue(owner, repository, issueId, form.title, form.content)
        redirect("/%s/%s/issues/_data/%d".format(owner, repository, issueId))
-      } else {
-        Unauthorized
-      }
+      } else Unauthorized
    } getOrElse NotFound
  })

@@ -139,21 +137,21 @@ trait IssuesControllerBase extends ControllerBase {
    val owner      = params("owner")
    val repository = params("repository")
    val commentId  = params("id").toInt
-    val writable   = hasWritePermission(owner, repository, context.loginAccount)

    getComment(commentId.toString).map { comment =>
-      if(writable || comment.commentedUserName == context.loginAccount.get.userName){
+      if(hasWritePermission(owner, repository, context.loginAccount) || comment.commentedUserName == context.loginAccount.get.userName){
        updateComment(commentId, form.content)
        redirect("/%s/%s/issue_comments/_data/%d".format(owner, repository, commentId))
-      } else {
-        Unauthorized
-      }
+      } else Unauthorized
    } getOrElse NotFound
  })

-  // TODO Authenticator
-  ajaxGet("/:owner/:repository/issues/_data/:id"){
+  ajaxGet("/:owner/:repository/issues/_data/:id")(readableUsersOnly {
+    val owner      = params("owner")
+    val repository = params("repository")
+
    getIssue(params("owner"), params("repository"), params("id")) map { x =>
+      if(hasWritePermission(owner, repository, context.loginAccount) || x.openedUserName == context.loginAccount.get.userName){
        params.get("dataType") collect {
          case t if t == "html" => issues.html.editissue(
              x.title, x.content, x.issueId, x.userName, x.repositoryName)
@@ -165,12 +163,16 @@ trait IssuesControllerBase extends ControllerBase {
                      getRepository(x.userName, x.repositoryName, baseUrl).get, false, true, true)
              ))
        }
+      } else Unauthorized
    } getOrElse NotFound
-  }
+  })
+
+  ajaxGet("/:owner/:repository/issue_comments/_data/:id")(readableUsersOnly {
+    val owner      = params("owner")
+    val repository = params("repository")

-  // TODO Authenticator
-  ajaxGet("/:owner/:repository/issue_comments/_data/:id"){
    getComment(params("id")) map { x =>
+      if(hasWritePermission(owner, repository, context.loginAccount) || x.commentedUserName == context.loginAccount.get.userName){
        params.get("dataType") collect {
          case t if t == "html" => issues.html.editcomment(
              x.content, x.commentId, x.userName, x.repositoryName)
@@ -181,8 +183,9 @@ trait IssuesControllerBase extends ControllerBase {
                  getRepository(x.userName, x.repositoryName, baseUrl).get, false, true, true)
              ))
        }
+      } else Unauthorized
    } getOrElse NotFound
-  }
+  })

  ajaxPost("/:owner/:repository/issues/:id/label/new")(collaboratorsOnly {
    val owner = params("owner")
--- a/src/main/twirl/issues/create.scala.html
+++ b/src/main/twirl/issues/create.scala.html
@@ -1,6 +1,7 @@
@(collaborators: List[String],
  milestones: List[model.Milestone],
  labels: List[model.Label],
+  hasWritePermission: Boolean,
  repository: service.RepositoryService.RepositoryInfo)(implicit context: app.Context)
@import context._
@import view.helpers._
@@ -16,6 +17,7 @@
          <input type="text" name="title" value="" placeholder="Title" style="width: 650px;"/>
          <div>
            <span id="label-assigned">No one is assigned</span>
+            @if(hasWritePermission){
              <input type="hidden" name="assignedUserName" value=""/>
              @helper.html.dropdown {
                <li><a href="javascript:void(0);" class="assign" data-name="">Clear assignee</a></li>
@@ -24,8 +26,10 @@
                  <li><a href="javascript:void(0);" class="assign" data-name="@collaborator">@collaborator</a></li>
                }
              }
+            }
            <div class="pull-right">
              <span id="label-milestone">No milestone</span>
+              @if(hasWritePermission){
                <input type="hidden" name="milestoneId" value=""/>
                @helper.html.dropdown {
                  <li><a href="javascript:void(0);" class="milestone" data-id="">No milestone</a></li>
@@ -34,6 +38,7 @@
                    <li><a href="javascript:void(0);" class="milestone" data-id="@milestone.milestoneId">@milestone.title</a></li>
                  }
                }
+              }
            </div>
          </div>
          <hr>
@@ -43,6 +48,7 @@
      <input type="submit" class="btn btn-success" value="Submit new issue"/>
    </div>
    <div class="span3">
+      @if(hasWritePermission){
        <strong>Add Labels</strong>
        <div>
          <div id="label-list">
@@ -59,6 +65,7 @@
            <input type="hidden" name="labelNames" value=""/>
          </div>
        </div>
+      }
    </div>
  </div>
  </form>