FIX: do not required event edit permissions for self event registration
This commit is contained in:
parent
2966635b4b
commit
90bae7eeeb
|
|
@ -8,19 +8,21 @@ DashboardModule = (function () {
|
||||||
let start = async function(){
|
let start = async function(){
|
||||||
await load_templates();
|
await load_templates();
|
||||||
let etypes = await load_event_types_async();
|
let etypes = await load_event_types_async();
|
||||||
let events = await load_events();
|
if(check_for_permission_async("modules.event_management.view")){
|
||||||
$(events).each(function(){
|
let events = await load_events();
|
||||||
let etype = this.etype;
|
$(events).each(function(){
|
||||||
let name;
|
let etype = this.etype;
|
||||||
$(etypes).each(function(){
|
let name;
|
||||||
if(this.type_id === etype){
|
$(etypes).each(function(){
|
||||||
name = this.name;
|
if(this.type_id === etype){
|
||||||
return false;
|
name = this.name;
|
||||||
}
|
return false;
|
||||||
|
}
|
||||||
|
});
|
||||||
|
this.etype_name = name;
|
||||||
});
|
});
|
||||||
this.etype_name = name;
|
$(".events_registered_future").append(templates.event_list(events));
|
||||||
});
|
}
|
||||||
$(".events_registered_future").append(templates.event_list(events));
|
|
||||||
};
|
};
|
||||||
let load_templates = async function(){
|
let load_templates = async function(){
|
||||||
let res = await $.get("/templates/dashboard_event_list.hbs");
|
let res = await $.get("/templates/dashboard_event_list.hbs");
|
||||||
|
|
|
||||||
|
|
@ -283,10 +283,8 @@ EventListModule = ( function() {
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
let check_edit_permission_callback = function(has_permission){
|
let check_edit_permission_callback = function(has_permission){
|
||||||
console.log("Test"+has_permission);
|
|
||||||
if(has_permission === true){
|
if(has_permission === true){
|
||||||
$(".eventlist_navtabs").each(function(){
|
$(".eventlist_navtabs").each(function(){
|
||||||
console.log("test2");
|
|
||||||
$(this).append("<li class=\"nav-item\"><a class=\"nav-link\" href=\"/portal/em/event?id="+$(this).data("entity-id")+"\">Einsatz bearbeiten</a></li>")
|
$(this).append("<li class=\"nav-item\"><a class=\"nav-link\" href=\"/portal/em/event?id="+$(this).data("entity-id")+"\">Einsatz bearbeiten</a></li>")
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -39,6 +39,26 @@ function check_for_permission(callback, permission, entity_id){
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
async function check_for_permission_async(permission, entity_id){
|
||||||
|
let optional_entity = "";
|
||||||
|
if(entity_id){
|
||||||
|
optional_entity = "&entity_id="+entity_id;
|
||||||
|
}
|
||||||
|
|
||||||
|
const res = $.ajax({
|
||||||
|
type: "GET",
|
||||||
|
url: "/api/info/caller/permissions?permission="+permission+optional_entity,
|
||||||
|
contentType: 'application/json',
|
||||||
|
timeout: 3000,
|
||||||
|
error: function () {
|
||||||
|
alert("Verbindung zum Server unterbrochen!");
|
||||||
|
},
|
||||||
|
});
|
||||||
|
if(is_ok(res)) {
|
||||||
|
return res;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
let get_member = async function (entity_id){
|
let get_member = async function (entity_id){
|
||||||
const res = await $.ajax({
|
const res = await $.ajax({
|
||||||
type: "GET",
|
type: "GET",
|
||||||
|
|
|
||||||
|
|
@ -1 +1 @@
|
||||||
v0.2-20-g84971cf
|
v0.2-22-g2966635
|
||||||
|
|
|
||||||
|
|
@ -34,9 +34,9 @@ pub fn read_positions_for_instance(
|
||||||
instance_id: String,
|
instance_id: String,
|
||||||
) -> Result<Json<Vec<EventUnitInstancePosition>>, Json<ApiErrorWrapper>> {
|
) -> Result<Json<Vec<EventUnitInstancePosition>>, Json<ApiErrorWrapper>> {
|
||||||
let caller = parse_member_cookie(cookie.member)?;
|
let caller = parse_member_cookie(cookie.member)?;
|
||||||
if !caller.has_permission(crate::permissions::modules::event_management::events::EDIT.to_string()) {
|
if !caller.has_permission(crate::permissions::modules::event_management::events::VIEW.to_string()) {
|
||||||
return Err(Json(
|
return Err(Json(
|
||||||
ApiError::new(403, "Keine Berechtigung Einsätze zu bearbeiten!".to_string()).to_wrapper(),
|
ApiError::new(403, "Keine Berechtigung Einsätze abzurufen!".to_string()).to_wrapper(),
|
||||||
));
|
));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -53,9 +53,9 @@ pub fn read_vehicle_positions_for_instance(
|
||||||
instance_id: String,
|
instance_id: String,
|
||||||
) -> Result<Json<Vec<EventUnitInstanceVehiclePosition>>, Json<ApiErrorWrapper>> {
|
) -> Result<Json<Vec<EventUnitInstanceVehiclePosition>>, Json<ApiErrorWrapper>> {
|
||||||
let caller = parse_member_cookie(cookie.member)?;
|
let caller = parse_member_cookie(cookie.member)?;
|
||||||
if !caller.has_permission(crate::permissions::modules::event_management::events::EDIT.to_string()) {
|
if !caller.has_permission(crate::permissions::modules::event_management::events::VIEW.to_string()) {
|
||||||
return Err(Json(
|
return Err(Json(
|
||||||
ApiError::new(403, "Keine Berechtigung Einsätze zu bearbeiten!".to_string()).to_wrapper(),
|
ApiError::new(403, "Keine Berechtigung Einsätze abzurufen!".to_string()).to_wrapper(),
|
||||||
));
|
));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue