Closes #509: guest users cannot share and unshare

2024-11-22 05:57:57 +01:00 · 2021-01-21 17:58:36 +01:00 · 2021-01-21 17:58:36 +01:00 · a6cbacae72
commit a6cbacae72
parent 1e0f8e2484
4 changed files with 12 additions and 8 deletions
--- a/docs-web/src/main/java/com/sismics/docs/rest/resource/ShareResource.java
+++ b/docs-web/src/main/java/com/sismics/docs/rest/resource/ShareResource.java
@ -55,7 +55,7 @@ public class ShareResource extends BaseResource {
    public Response add(
            @FormParam("id") String documentId,
            @FormParam("name") String name) {
-        if (!authenticate()) {
+        if (!authenticate() || principal.isGuest()) {
            throw new ForbiddenClientException();
        }

@ -119,7 +119,7 @@ public class ShareResource extends BaseResource {
    @Path("{id: [a-z0-9\\-]+}")
    public Response delete(
            @PathParam("id") String id) {
-        if (!authenticate()) {
+        if (!authenticate() || principal.isGuest()) {
            throw new ForbiddenClientException();
        }

--- a/docs-web/src/main/webapp/src/app/docs/controller/Login.js
+++ b/docs-web/src/main/webapp/src/app/docs/controller/Login.js
@ -28,9 +28,10 @@ angular.module('docs').controller('Login', function(Restangular, $scope, $rootSc
      });

      if($stateParams.redirectState !== undefined && $stateParams.redirectParams !== undefined) {
-        $state.go($stateParams.redirectState, JSON.parse($stateParams.redirectParams)).catch(function(){
-          $state.go('document.default');
-        });
+        $state.go($stateParams.redirectState, JSON.parse($stateParams.redirectParams))
+          .catch(function() {
+            $state.go('document.default');
+          });
      } else {
        $state.go('document.default');
      }
--- a/docs-web/src/main/webapp/src/app/docs/controller/document/DocumentView.js
+++ b/docs-web/src/main/webapp/src/app/docs/controller/document/DocumentView.js
@ -3,7 +3,7 @@
 /**
 * Document view controller.
 */
-angular.module('docs').controller('DocumentView', function ($scope, $state, $stateParams, $location, $dialog, $uibModal, Restangular, $translate) {
+angular.module('docs').controller('DocumentView', function ($scope, $rootScope, $state, $stateParams, $location, $dialog, $uibModal, Restangular, $translate) {
  // Load document data from server
  Restangular.one('document', $stateParams.id).get().then(function (data) {
    $scope.document = data;
@ -111,10 +111,13 @@ angular.module('docs').controller('DocumentView', function ($scope, $state, $sta
    var title = $translate.instant('document.view.shared_document_title');
    var msg = $translate.instant('document.view.shared_document_message', { link: link });
    var btns = [
-      {result: 'unshare', label: $translate.instant('unshare'), cssClass: 'btn-danger'},
      {result: 'close', label: $translate.instant('close')}
    ];

+    if ($rootScope.userInfo.username !== 'guest') {
+      btns.unshift({result: 'unshare', label: $translate.instant('unshare'), cssClass: 'btn-danger'});
+    }
+
    $dialog.messageBox(title, msg, btns, function (result) {
      if (result === 'unshare') {
        // Unshare this document and update the local shares
--- a/docs-web/src/main/webapp/src/partial/docs/document.view.html
+++ b/docs-web/src/main/webapp/src/partial/docs/document.view.html
@ -50,7 +50,7 @@
    </h1>

 	  <p ng-show="document.writable">
-	    <button class="btn btn-sm btn-info" ng-click="share()">
+	    <button class="btn btn-sm btn-info" ng-click="share()" ng-show="userInfo.username != 'guest'">
        <span class="fas fa-share"></span> {{ 'share' | translate }}
      </button>