Closes #13: Don't show tags from other users

This commit is contained in:
jendib 2015-05-09 21:52:01 +02:00
parent 072dd7b280
commit 52387d93ac
2 changed files with 25 additions and 15 deletions

View File

@ -75,16 +75,18 @@ public class TagDao {
* @return
*/
@SuppressWarnings("unchecked")
public List<TagDto> getByDocumentId(String documentId) {
public List<TagDto> getByDocumentId(String documentId, String userId) {
EntityManager em = ThreadLocalContext.get().getEntityManager();
StringBuilder sb = new StringBuilder("select t.TAG_ID_C, t.TAG_NAME_C, t.TAG_COLOR_C from T_DOCUMENT_TAG dt ");
sb.append(" join T_TAG t on t.TAG_ID_C = dt.DOT_IDTAG_C ");
sb.append(" where dt.DOT_IDDOCUMENT_C = :documentId and t.TAG_DELETEDATE_D is null ");
sb.append(" and t.TAG_IDUSER_C = :userId ");
sb.append(" order by t.TAG_NAME_C ");
// Perform the query
Query q = em.createNativeQuery(sb.toString());
q.setParameter("documentId", documentId);
q.setParameter("userId", userId);
List<Object[]> l = q.getResultList();
// Assemble results

View File

@ -105,9 +105,13 @@ public class DocumentResource extends BaseResource {
document.put("language", documentDb.getLanguage());
document.put("creator", userDao.getById(documentDb.getUserId()).getUsername());
// Add tags
if (principal.isAnonymous()) {
// No tags in anonymous mode (sharing)
document.put("tags", new ArrayList<JSONObject>());
} else {
// Add tags added by the current user on this document
TagDao tagDao = new TagDao();
List<TagDto> tagDtoList = tagDao.getByDocumentId(documentId);
List<TagDto> tagDtoList = tagDao.getByDocumentId(documentId, principal.getId());
List<JSONObject> tags = new ArrayList<>();
for (TagDto tagDto : tagDtoList) {
JSONObject tag = new JSONObject();
@ -117,6 +121,7 @@ public class DocumentResource extends BaseResource {
tags.add(tag);
}
document.put("tags", tags);
}
// Add ACL
List<AclDto> aclDtoList = aclDao.getBySourceId(documentId);
@ -130,7 +135,10 @@ public class DocumentResource extends BaseResource {
acl.put("type", aclDto.getTargetType());
aclList.add(acl);
if (aclDto.getTargetId().equals(principal.getId()) && aclDto.getPerm() == PermType.WRITE) {
if (!principal.isAnonymous()
&& aclDto.getTargetId().equals(principal.getId())
&& aclDto.getPerm() == PermType.WRITE) {
// The document is writable for the current user
writable = true;
}
}
@ -186,8 +194,8 @@ public class DocumentResource extends BaseResource {
document.put("language", documentDto.getLanguage());
document.put("file_count", documentDto.getFileCount());
// Get tags
List<TagDto> tagDtoList = tagDao.getByDocumentId(documentDto.getId());
// Get tags added by the current user on this document
List<TagDto> tagDtoList = tagDao.getByDocumentId(documentDto.getId(), principal.getId());
List<JSONObject> tags = new ArrayList<>();
for (TagDto tagDto : tagDtoList) {
JSONObject tag = new JSONObject();