MOBILE-3200 database: Check permissions on add and edit entry

crazyserver · crazyserver · commit cb4eac9a17c5 · 2020-10-02T11:48:47.000+02:00
diff --git a/scripts/langindex.json b/scripts/langindex.json
@@ -507,11 +507,13 @@
   "addon.mod_data.foundrecords": "data",
   "addon.mod_data.gettinglocation": "local_moodlemobileapp",
   "addon.mod_data.latlongboth": "data",
+  "addon.mod_data.locationnotenabled": "local_moodlemobileapp",
   "addon.mod_data.locationpermissiondenied": "local_moodlemobileapp",
   "addon.mod_data.menuchoose": "data",
   "addon.mod_data.modulenameplural": "data",
   "addon.mod_data.more": "data",
   "addon.mod_data.mylocation": "local_moodlemobileapp",
+  "addon.mod_data.noaccess": "data",
   "addon.mod_data.nomatch": "data",
   "addon.mod_data.norecords": "data",
   "addon.mod_data.notapproved": "data",
diff --git a/src/addon/mod/data/lang/en.json b/src/addon/mod/data/lang/en.json
@@ -28,6 +28,7 @@
     "modulenameplural": "Databases",
     "more": "More",
     "mylocation": "My location",
+    "noaccess": "You do not have access to this page",
     "nomatch": "No matching entries found!",
     "norecords": "No entries in database",
     "notapproved": "Entry is not approved yet.",
diff --git a/src/addon/mod/data/pages/edit/edit.html b/src/addon/mod/data/pages/edit/edit.html
@@ -18,8 +18,8 @@
             </ion-select>
         </ion-item>
 
-        <div class="addon-data-contents addon-data-entries-{{data.id}}" *ngIf="data">
-            <core-style [css]="data.csstemplate" prefix=".addon-data-entries-{{data.id}}"></core-style>
+        <div class="addon-data-contents {{cssClass}}" *ngIf="data">
+            <core-style [css]="data.csstemplate" prefix=".{{cssClass}}"></core-style>
 
             <form (ngSubmit)="save($event)" [formGroup]="editForm" #editFormEl>
                 <core-compile-html [text]="editFormRender" [jsData]="jsData" [extraImports]="extraImports"></core-compile-html>
diff --git a/src/addon/mod/data/pages/edit/edit.ts b/src/addon/mod/data/pages/edit/edit.ts
@@ -93,7 +93,7 @@ export class AddonModDataEditPage {
      * View loaded.
      */
     ionViewDidLoad(): void {
-        this.fetchEntryData();
+        this.fetchEntryData(true);
     }
 
     /**
@@ -126,38 +126,78 @@ export class AddonModDataEditPage {
     /**
      * Fetch the entry data.
      *
+     * @param [refresh] To refresh all downloaded data.
      * @return Resolved when done.
      */
-    protected fetchEntryData(): Promise<any> {
-        return this.dataProvider.getDatabase(this.courseId, this.module.id).then((data) => {
-            this.title = data.name || this.title;
-            this.data = data;
-            this.cssClass = 'addon-data-entries-' + data.id;
-
-            return this.dataProvider.getDatabaseAccessInformation(data.id, {cmId: this.module.id});
-        }).then((accessData) => {
-            if (this.entryId) {
-                return this.groupsProvider.getActivityGroupInfo(this.data.coursemodule).then((groupInfo) => {
-                    this.groupInfo = groupInfo;
-                    this.selectedGroup = this.groupsProvider.validateGroupId(this.selectedGroup, groupInfo);
-                });
-            }
-        }).then(() => {
-            return this.dataProvider.getFields(this.data.id, {cmId: this.module.id});
-        }).then((fieldsData) => {
-            this.fieldsArray = fieldsData;
-            this.fields = this.utils.arrayToObject(fieldsData, 'id');
-
-            return this.dataHelper.fetchEntry(this.data, fieldsData, this.entryId);
-        }).then((entry) => {
+    protected async fetchEntryData(refresh: boolean = false): Promise<void> {
+        try {
+            this.data = await this.dataProvider.getDatabase(this.courseId, this.module.id);
+            this.title = this.data.name || this.title;
+            this.cssClass = 'addon-data-entries-' + this.data.id;
+
+            this.fieldsArray = await this.dataProvider.getFields(this.data.id, {cmId: this.module.id});
+            this.fields = this.utils.arrayToObject(this.fieldsArray, 'id');
+
+            const entry = await this.dataHelper.fetchEntry(this.data, this.fieldsArray, this.entryId);
+
             this.entry = entry.entry;
 
+            // Load correct group.
+            this.selectedGroup = this.selectedGroup == null ? this.entry.groupid : this.selectedGroup;
+
+            // Check permissions when adding a new entry or offline entry.
+            if (!this.isEditing) {
+                let haveAccess = false;
+
+                if (refresh) {
+                    this.groupInfo = await this.groupsProvider.getActivityGroupInfo(this.data.coursemodule);
+                    this.selectedGroup = this.groupsProvider.validateGroupId(this.selectedGroup, this.groupInfo);
+                    this.initialSelectedGroup = this.selectedGroup;
+                }
+
+                if (this.groupInfo.groups.length > 0) {
+                    if (refresh) {
+                        const canAddGroup = {};
+
+                        await Promise.all(this.groupInfo.groups.map(async (group) => {
+                            const accessData = await this.dataProvider.getDatabaseAccessInformation(this.data.id, {
+                                cmId: this.module.id, groupId: group.id});
+
+                            canAddGroup[group.id] = accessData.canaddentry;
+                        }));
+
+                        this.groupInfo.groups = this.groupInfo.groups.filter((group) => {
+                            return !!canAddGroup[group.id];
+                        });
+
+                        haveAccess = canAddGroup[this.selectedGroup];
+                    } else {
+                        // Groups already filtered, so it have access.
+                        haveAccess = true;
+                    }
+                } else {
+                    const accessData = await this.dataProvider.getDatabaseAccessInformation(this.data.id, {cmId: this.module.id});
+                    haveAccess = accessData.canaddentry;
+                }
+
+                if (!haveAccess) {
+                    // You shall not pass, go back.
+                    this.domUtils.showErrorModal('addon.mod_data.noaccess', true);
+
+                    // Go back to entry list.
+                    this.forceLeave = true;
+                    this.navCtrl.pop();
+
+                    return;
+                }
+            }
+
             this.editFormRender = this.displayEditFields();
-        }).catch((message) => {
+        } catch (message) {
             this.domUtils.showErrorModalDefault(message, 'core.course.errorgetmodule', true);
-        }).finally(() => {
-            this.loaded = true;
-        });
+        }
+
+        this.loaded = true;
     }
 
     /**
@@ -166,7 +206,7 @@ export class AddonModDataEditPage {
      * @param e Event.
      * @return Resolved when done.
      */
-    save(e: Event): Promise<any> {
+    save(e: Event): Promise<void> {
         e.preventDefault();
         e.stopPropagation();
 
diff --git a/src/assets/lang/en.json b/src/assets/lang/en.json
@@ -513,6 +513,7 @@
     "addon.mod_data.modulenameplural": "Databases",
     "addon.mod_data.more": "More",
     "addon.mod_data.mylocation": "My location",
+    "addon.mod_data.noaccess": "You do not have access to this page",
     "addon.mod_data.nomatch": "No matching entries found!",
     "addon.mod_data.norecords": "No entries in database",
     "addon.mod_data.notapproved": "Entry is not approved yet.",
