From 52387d93acb0821df329fc241993ef211e606b3f Mon Sep 17 00:00:00 2001 From: jendib Date: Sat, 9 May 2015 21:52:01 +0200 Subject: [PATCH] Closes #13: Don't show tags from other users --- .../com/sismics/docs/core/dao/jpa/TagDao.java | 4 ++- .../docs/rest/resource/DocumentResource.java | 36 +++++++++++-------- 2 files changed, 25 insertions(+), 15 deletions(-) diff --git a/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/TagDao.java b/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/TagDao.java index b8d5b2fd..c2a66103 100644 --- a/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/TagDao.java +++ b/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/TagDao.java @@ -75,16 +75,18 @@ public class TagDao { * @return */ @SuppressWarnings("unchecked") - public List getByDocumentId(String documentId) { + public List getByDocumentId(String documentId, String userId) { EntityManager em = ThreadLocalContext.get().getEntityManager(); StringBuilder sb = new StringBuilder("select t.TAG_ID_C, t.TAG_NAME_C, t.TAG_COLOR_C from T_DOCUMENT_TAG dt "); sb.append(" join T_TAG t on t.TAG_ID_C = dt.DOT_IDTAG_C "); sb.append(" where dt.DOT_IDDOCUMENT_C = :documentId and t.TAG_DELETEDATE_D is null "); + sb.append(" and t.TAG_IDUSER_C = :userId "); sb.append(" order by t.TAG_NAME_C "); // Perform the query Query q = em.createNativeQuery(sb.toString()); q.setParameter("documentId", documentId); + q.setParameter("userId", userId); List l = q.getResultList(); // Assemble results diff --git a/docs-web/src/main/java/com/sismics/docs/rest/resource/DocumentResource.java b/docs-web/src/main/java/com/sismics/docs/rest/resource/DocumentResource.java index 61c3cc06..3e876c99 100644 --- a/docs-web/src/main/java/com/sismics/docs/rest/resource/DocumentResource.java +++ b/docs-web/src/main/java/com/sismics/docs/rest/resource/DocumentResource.java @@ -105,18 +105,23 @@ public class DocumentResource extends BaseResource { document.put("language", documentDb.getLanguage()); document.put("creator", userDao.getById(documentDb.getUserId()).getUsername()); - // Add tags - TagDao tagDao = new TagDao(); - List tagDtoList = tagDao.getByDocumentId(documentId); - List tags = new ArrayList<>(); - for (TagDto tagDto : tagDtoList) { - JSONObject tag = new JSONObject(); - tag.put("id", tagDto.getId()); - tag.put("name", tagDto.getName()); - tag.put("color", tagDto.getColor()); - tags.add(tag); + if (principal.isAnonymous()) { + // No tags in anonymous mode (sharing) + document.put("tags", new ArrayList()); + } else { + // Add tags added by the current user on this document + TagDao tagDao = new TagDao(); + List tagDtoList = tagDao.getByDocumentId(documentId, principal.getId()); + List tags = new ArrayList<>(); + for (TagDto tagDto : tagDtoList) { + JSONObject tag = new JSONObject(); + tag.put("id", tagDto.getId()); + tag.put("name", tagDto.getName()); + tag.put("color", tagDto.getColor()); + tags.add(tag); + } + document.put("tags", tags); } - document.put("tags", tags); // Add ACL List aclDtoList = aclDao.getBySourceId(documentId); @@ -130,7 +135,10 @@ public class DocumentResource extends BaseResource { acl.put("type", aclDto.getTargetType()); aclList.add(acl); - if (aclDto.getTargetId().equals(principal.getId()) && aclDto.getPerm() == PermType.WRITE) { + if (!principal.isAnonymous() + && aclDto.getTargetId().equals(principal.getId()) + && aclDto.getPerm() == PermType.WRITE) { + // The document is writable for the current user writable = true; } } @@ -186,8 +194,8 @@ public class DocumentResource extends BaseResource { document.put("language", documentDto.getLanguage()); document.put("file_count", documentDto.getFileCount()); - // Get tags - List tagDtoList = tagDao.getByDocumentId(documentDto.getId()); + // Get tags added by the current user on this document + List tagDtoList = tagDao.getByDocumentId(documentDto.getId(), principal.getId()); List tags = new ArrayList<>(); for (TagDto tagDto : tagDtoList) { JSONObject tag = new JSONObject();