Solve bug with undefined users (#208)

Anders Breid · web-flow · commit 98c5f9f99cff · 2019-05-15T16:16:17.000+02:00
* Solve bug with undefined users
- Validation weather user may or may not edit/delete subscription is
  made in seperate function.
- Valitation of usernames is made to enusre they are defined and not null.
* Update subscription buttons, cleanup code fix faulty bootstrap icons for buttons, rearange buttons, grouped always on buttons.
diff --git a/src/main/resources/static/js/common.js b/src/main/resources/static/js/common.js
@@ -224,7 +224,7 @@ function doIfUserLoggedIn(user) {
     $("#ldapUserName").text(user);
     $("#loginBlock").hide();
     $("#logoutBlock").show();
-    $(".show_if_authorized").prop('disabled', false); 
+    $(".show_if_authorized").prop('disabled', false);
 }
 
 function doIfUserLoggedOut() {
@@ -246,8 +246,8 @@ function doIfSecurityOff() {
 function checkBackendSecured() {
     var callback = {
         success: function (responseData, textStatus) {
-            var isSecured = JSON.parse(ko.toJSON(responseData)).security;
-            if (isSecured == true) {
+            var ldapEnabled = JSON.parse(ko.toJSON(responseData)).security;
+            if (ldapEnabled == true) {
                 checkLoggedInUser();
             } else {
                 doIfSecurityOff();
diff --git a/src/main/resources/static/js/login.js b/src/main/resources/static/js/login.js
@@ -7,8 +7,8 @@ jQuery(document).ready(function () {
             },
             success: function (responseData, textStatus) {
                 var currentUser = localStorage.getItem("currentUser");
-                var isSecured = responseData.security;
-                if (isSecured == false || (isSecured == true && currentUser != null)) {
+                var ldapEnabled = responseData.security;
+                if (ldapEnabled == false || (ldapEnabled == true && currentUser != null)) {
                     router.navigate('subscriptions');
                 }
             },
diff --git a/src/main/resources/static/js/subscription.js b/src/main/resources/static/js/subscription.js
@@ -82,15 +82,15 @@ jQuery(document).ready(function () {
         $('#check-all').prop("disabled", disabled);
         $('.data-check').prop("disabled", disabled);
     }
-    
+
     var previousStatus;
     function updateTable(currentStatus) {
         var statusChanged = (previousStatus != currentStatus);
-        if(statusChanged && !currentStatus){
-    	    table.clear().draw();
+        if(statusChanged && !currentStatus && table != undefined){
+            table.clear().draw();
         }
         if(statusChanged && currentStatus){
-    	    reload_table();    		
+            reload_table();
         }
         previousStatus = currentStatus;
     }
@@ -357,8 +357,8 @@ jQuery(document).ready(function () {
     function checkSecurityAndDrawTable() {
         var callback = {
             success: function (responseData, textStatus) {
-                isSecured = JSON.parse(ko.toJSON(responseData)).security;
-                drawTable(isSecured);
+                var ldapEnabled = JSON.parse(ko.toJSON(responseData)).security;
+                drawTable(ldapEnabled);
             },
             error: function (XMLHttpRequest, textStatus, errorThrown) {
                 drawTable(false);
@@ -375,8 +375,7 @@ jQuery(document).ready(function () {
     }
 
     // /Start ## Datatables ##################################################
-    function drawTable(isSecured) {
-        var currentUser = sessionStorage.getItem("currentUser");
+    function drawTable(ldapEnabled) {
         table = $('#table').DataTable({
             "responsive": true,
             "autoWidth": false,
@@ -466,23 +465,27 @@ jQuery(document).ready(function () {
                     "title": "Action",
                     "data": null,
                     "render": function (data, type, row, meta) {
-                        var unsecureEditAll = isSecured == false;
-                        var securedEditOwn = row.ldapUserName == currentUser && row.ldapUserName != null;
-                        var allUserEditNoOwner = row.ldapUserName.length == 0 && currentUser != undefined;                        
-                        var disableButton = unsecureEditAll || securedEditOwn || allUserEditNoOwner;
-                        
-                        var disablingText = "";                        
-                        if(disableButton == false){                        	
-                        	disablingText = " disabled";
-                        } 
-                        return '<button id="view-' + data.subscriptionName + '" class="btn btn-sm btn-success view_record table-btn">View</button> '
-                            + '<button id="edit-' + data.subscriptionName + '" class="btn btn-sm btn-primary edit_record table-btn"' + disablingText + '>Edit</button> '
-                            + '<button id="delete-' + data.subscriptionName + '" class="btn btn-sm btn-danger delete_record table-btn"' + disablingText + '>Delete</button>';
+                        if (data == undefined || row == undefined) {
+                            window.logMessages("Error: Subscription data is not defined");
+                            return ''
+                        }
+                        subscriptionOwner = row.ldapUserName
+                        subscriptionName = data.subscriptionName
+
+                        disableEditDeleteButtons = isEditAndDeleteButtonsDisabled(subscriptionOwner, subscriptionName, ldapEnabled)
+                        var disablingText = "";
+                        if(disableEditDeleteButtons == true){
+                            disablingText = " disabled";
+                        }
+
+                        return '<button id="view-' + subscriptionName + '" class="btn btn-sm btn-success view_record table-btn">View</button> '
+                            + '<button id="edit-' + subscriptionName + '" class="btn btn-sm btn-primary edit_record table-btn"' + disablingText + '>Edit</button> '
+                            + '<button id="delete-' + subscriptionName + '" class="btn btn-sm btn-danger delete_record table-btn"' + disablingText + '>Delete</button>';
                     }
                 }
             ],
             "initComplete": function () {
-                if (isSecured == false) {
+                if (ldapEnabled == false) {
                     table.column(2).visible(false);
                 }
             }
@@ -495,6 +498,51 @@ jQuery(document).ready(function () {
         table.responsive.recalc();
     });
 
+    function isEditAndDeleteButtonsDisabled(subscriptionOwner, subscriptionName, ldapEnabled) {
+        if (ldapEnabled == false) {
+            // LDAP is NOT activated
+            return false
+        }
+
+        // Check if subscriptionOwner is defined
+        var isSubscriptionOwnerDefined = isUserNameDefined(subscriptionOwner)
+        if (isSubscriptionOwnerDefined == false) {
+            // LDAP is NOT activated or is anonymous subscription
+            return false
+        }
+
+        // Check if current user is logged in
+        var currentUser = sessionStorage.getItem("currentUser");
+        var isCurrentUserLoggedIn = isUserNameDefined(currentUser)
+        if (isCurrentUserLoggedIn == false) {
+            // Current user is not logged in
+            console.log("User must be logged in to edit subscription: '" + subscriptionName + "'." )
+            return true
+        }
+
+        var isUserSubscriptionOwner = subscriptionOwner == currentUser
+        if (isUserSubscriptionOwner == false) {
+            // Back end is secured, but current user is not owner to subscription
+            console.log("User is not owner of subscription: '" + subscriptionName + "'." )
+            return true
+        }
+
+        return false
+    }
+
+    function isUserNameDefined(username) {
+        var isDefined = false
+        var userNameIsString = isString(username)
+        if (userNameIsString == true) {
+            isDefined = username.length != 0
+        }
+        return isDefined
+    }
+
+    function isString(value) {
+        var isString = typeof value === 'string' || value instanceof String
+        return isString
+    }
     // /Stop ## Datatables ##################################################
 
     // /Start ## Add Subscription ########################################
@@ -672,11 +720,11 @@ jQuery(document).ready(function () {
             createUploadWindow();
         }
     });
-    // /END ## upload_subscriptions ################################################# 
+    // /END ## upload_subscriptions #################################################
     // /Start ## Reload Datatables ###########################################
     function reload_table() {
         if(table != undefined) {
-    	    table.ajax.reload(null, false); // reload datatable ajax
+            table.ajax.reload(null, false); // reload datatable ajax
         }
     }
     // /Stop ## Reload Datatables ############################################
diff --git a/src/main/resources/templates/subscription.html b/src/main/resources/templates/subscription.html
@@ -26,19 +26,19 @@ <h3 id="subData">Subscription Data</h3>
         </div>
         <div id="subButtons" class="pb-1 col-12 hidden_by_default">
             <button id="addSubscription" class="mt-1 btn btn-success add_subscription show_if_authorized">
-                <i class="glyphicon glyphicon-plus"></i> Add Subscription
+                <i class="fa fa-fw fa-plus"></i> Add Subscription
             </button>
-            <button id="reloadButton" class="mt-1 btn btn-default table_reload">
-                <i class="glyphicon glyphicon-refresh"></i> Reload
+            <button id="uploadSubscription" class="mt-1 btn btn-success upload_subscriptions show_if_authorized">
+                <i class="fa fa-fw fa-upload"></i>Upload Subscriptions
             </button>
             <button id="bulkDelete" class="mt-1 btn btn-danger bulk_delete show_if_authorized">
-                <i class="glyphicon glyphicon-trash"></i> Bulk Delete
+                <i class="fa fa-fw fa-trash"></i> Bulk Delete
             </button>
-            <button id="getTemplateButton" class="mt-1 btn btn-primary get_subscription_template">
-                <i class="glyphicon glyphicon-download"></i> Get Template
+            <button id="reloadButton" class="mt-1 btn btn-info table_reload">
+                <i class="fa fa-fw fa-refresh"></i> Reload
             </button>
-            <button id="uploadSubscription" class="mt-1 btn btn-info upload_subscriptions show_if_authorized">
-                <i class="glyphicon glyphicon-upload"></i>Upload Subscriptions
+            <button id="getTemplateButton" class="mt-1 btn btn-info get_subscription_template">
+                <i class="fa fa-fw fa-download"></i> Get Template
             </button>
             <input class="hide" type='file' id='upload_sub' name='file' />
         </div>
