From 297263737cfa03b918ac6b627043d09e9a1531cd Mon Sep 17 00:00:00 2001
From: uhensler <none@none>
Date: Mon, 29 Jan 2018 13:57:31 +0100
Subject: [PATCH] OO-3116: Allow only authors to create tests

---
 .../modules/qpool/QPoolSecurityCallback.java  |  8 +++++---
 .../QPoolSecurityCallbackFactory.java         |  3 +--
 .../security/QPoolSecurityCallbackImpl.java   | 20 +++++++++++--------
 .../qpool/ui/QuestionListController.java      |  4 +++-
 4 files changed, 21 insertions(+), 14 deletions(-)

diff --git a/src/main/java/org/olat/modules/qpool/QPoolSecurityCallback.java b/src/main/java/org/olat/modules/qpool/QPoolSecurityCallback.java
index 4bae90c1f72..11c3d38651e 100644
--- a/src/main/java/org/olat/modules/qpool/QPoolSecurityCallback.java
+++ b/src/main/java/org/olat/modules/qpool/QPoolSecurityCallback.java
@@ -19,6 +19,8 @@
  */
 package org.olat.modules.qpool;
 
+import org.olat.core.id.Roles;
+
 /**
  * 
  * Initial date: 05.12.2017<br>
@@ -27,10 +29,8 @@ package org.olat.modules.qpool;
  */
 public interface QPoolSecurityCallback {
 	
-	public void setAdmin(boolean admin);
+	public void setRoles(Roles roles);
 	
-	public void setPoolAdmin(boolean poolAdmin);
-
 	boolean canUseCollections();
 
 	boolean canUsePools();
@@ -38,6 +38,8 @@ public interface QPoolSecurityCallback {
 	boolean canUseGroups();
 
 	boolean canUseReviewProcess();
+	
+	boolean canCreateTest();
 
 	boolean canEditAllQuestions();
 	
diff --git a/src/main/java/org/olat/modules/qpool/security/QPoolSecurityCallbackFactory.java b/src/main/java/org/olat/modules/qpool/security/QPoolSecurityCallbackFactory.java
index 9c1aaded4cc..5db8350b72c 100644
--- a/src/main/java/org/olat/modules/qpool/security/QPoolSecurityCallbackFactory.java
+++ b/src/main/java/org/olat/modules/qpool/security/QPoolSecurityCallbackFactory.java
@@ -59,8 +59,7 @@ public class QPoolSecurityCallbackFactory {
 
 	public QPoolSecurityCallback createQPoolSecurityCallback(Roles roles) {
 		QPoolSecurityCallback securityCallback = CoreSpringFactory.getImpl(QPoolSecurityCallbackImpl.class);
-		securityCallback.setAdmin(roles.isOLATAdmin());
-		securityCallback.setPoolAdmin(roles.isPoolAdmin());
+		securityCallback.setRoles(roles);
 		return securityCallback;
 	}
 
diff --git a/src/main/java/org/olat/modules/qpool/security/QPoolSecurityCallbackImpl.java b/src/main/java/org/olat/modules/qpool/security/QPoolSecurityCallbackImpl.java
index bde9a0c40a3..dec40e22cfd 100644
--- a/src/main/java/org/olat/modules/qpool/security/QPoolSecurityCallbackImpl.java
+++ b/src/main/java/org/olat/modules/qpool/security/QPoolSecurityCallbackImpl.java
@@ -19,6 +19,7 @@
  */
 package org.olat.modules.qpool.security;
 
+import org.olat.core.id.Roles;
 import org.olat.modules.qpool.QPoolSecurityCallback;
 import org.olat.modules.qpool.QuestionPoolModule;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -37,18 +38,16 @@ public class QPoolSecurityCallbackImpl implements QPoolSecurityCallback {
 
 	private boolean admin = false;
 	private boolean poolAdmin = false;
+	private boolean olatAuthor = false;
 	
 	@Autowired
 	private QuestionPoolModule qpoolModule;
 
 	@Override
-	public void setAdmin(boolean admin) {
-		this.admin = admin;
-	}
-
-	@Override
-	public void setPoolAdmin(boolean poolAdmin) {
-		this.poolAdmin = poolAdmin;
+	public void setRoles(Roles roles) {
+		this.admin = roles.isOLATAdmin();
+		this.poolAdmin = roles.isPoolAdmin();
+		this.olatAuthor = roles.isAuthor();
 	}
 
 	@Override
@@ -71,6 +70,12 @@ public class QPoolSecurityCallbackImpl implements QPoolSecurityCallback {
 		return qpoolModule.isReviewProcessEnabled();
 	}
 
+	@Override
+	public boolean canCreateTest() {
+		return admin || olatAuthor;
+	}
+
+
 	@Override
 	public boolean canEditAllQuestions() {
 		return admin || (poolAdmin && qpoolModule.isPoolAdminAllowedToEditMetadata());
@@ -105,5 +110,4 @@ public class QPoolSecurityCallbackImpl implements QPoolSecurityCallback {
 	public boolean canConfigLicences() {
 		return admin || (poolAdmin && qpoolModule.isPoolAdminAllowedToConfigLicenses());
 	}
-
 }
diff --git a/src/main/java/org/olat/modules/qpool/ui/QuestionListController.java b/src/main/java/org/olat/modules/qpool/ui/QuestionListController.java
index 4a48528a5b9..56c1dc400d8 100644
--- a/src/main/java/org/olat/modules/qpool/ui/QuestionListController.java
+++ b/src/main/java/org/olat/modules/qpool/ui/QuestionListController.java
@@ -224,7 +224,9 @@ public class QuestionListController extends AbstractItemListController implement
 		if (getSecurityCallback().canUseCollections()) {
 			list = uifactory.addFormLink("list", formLayout, Link.BUTTON);
 		}
-		createTest = uifactory.addFormLink("create.test", formLayout, Link.BUTTON);
+		if (getSecurityCallback().canCreateTest()) {
+			createTest = uifactory.addFormLink("create.test", formLayout, Link.BUTTON);
+		}
 		exportItem = uifactory.addFormLink("export.item", formLayout, Link.BUTTON);
 		if (getSecurityCallback().canUsePools() || getSecurityCallback().canUseGroups()) {
 			shareItem = uifactory.addFormLink("share.item", formLayout, Link.BUTTON);
-- 
GitLab