From 4823252df41e76b92dcd5099dc525353c98cec9f Mon Sep 17 00:00:00 2001
From: uhensler <none@none>
Date: Tue, 20 Feb 2018 16:25:48 +0100
Subject: [PATCH] OO-3323: Pool manager and pool owner should be able to remove
 question from pool, pool manager and group member should be able to remove
 question from group

---
 .../qpool/security/ProcesslessSecurityCallback.java |  7 ++++++-
 .../security/ReviewProcessSecurityCallback.java     |  6 ++++--
 .../qpool/ui/datasource/PoolItemsSource.java        |  4 ++++
 .../qpool/ui/tree/BusinessGroupTreeNode.java        |  8 +-------
 .../olat/modules/qpool/ui/tree/PoolTreeNode.java    | 13 +++----------
 5 files changed, 18 insertions(+), 20 deletions(-)

diff --git a/src/main/java/org/olat/modules/qpool/security/ProcesslessSecurityCallback.java b/src/main/java/org/olat/modules/qpool/security/ProcesslessSecurityCallback.java
index 6b51acfcbb8..54635978bfd 100644
--- a/src/main/java/org/olat/modules/qpool/security/ProcesslessSecurityCallback.java
+++ b/src/main/java/org/olat/modules/qpool/security/ProcesslessSecurityCallback.java
@@ -19,6 +19,7 @@
  */
 package org.olat.modules.qpool.security;
 
+import org.olat.modules.qpool.QPoolService;
 import org.olat.modules.qpool.QuestionItemSecurityCallback;
 import org.olat.modules.qpool.QuestionItemView;
 import org.olat.modules.qpool.QuestionPoolModule;
@@ -44,6 +45,8 @@ public class ProcesslessSecurityCallback implements QuestionItemSecurityCallback
 
 	@Autowired
 	private QuestionPoolModule qpoolModule;
+	@Autowired
+	private QPoolService qpoolService;
 	
 	@Override
 	public void setQuestionItemView(QuestionItemView itemView) {
@@ -161,7 +164,9 @@ public class ProcesslessSecurityCallback implements QuestionItemSecurityCallback
 	@Override
 	public boolean canRemove() {
 		return  questionItemSource.isRemoveEnabled()
-				&& (admin || itemView.isAuthor());
+				|| admin
+				|| poolAdmin
+				|| itemView.isAuthor();
 	}
 
 	@Override
diff --git a/src/main/java/org/olat/modules/qpool/security/ReviewProcessSecurityCallback.java b/src/main/java/org/olat/modules/qpool/security/ReviewProcessSecurityCallback.java
index 1469e45c69b..d21d0f0e77d 100644
--- a/src/main/java/org/olat/modules/qpool/security/ReviewProcessSecurityCallback.java
+++ b/src/main/java/org/olat/modules/qpool/security/ReviewProcessSecurityCallback.java
@@ -160,8 +160,10 @@ public class ReviewProcessSecurityCallback implements QuestionItemSecurityCallba
 
 	@Override
 	public boolean canRemove() {
-		return questionItemSource.isRemoveEnabled()
-				&& (admin || itemView.isAuthor() || (poolAdmin && qpoolModule.isPoolAdminAllowedToEditStatus()));
+		return  questionItemSource.isRemoveEnabled()
+				|| admin
+				|| poolAdmin
+				|| itemView.isAuthor();
 	}
 
 	@Override
diff --git a/src/main/java/org/olat/modules/qpool/ui/datasource/PoolItemsSource.java b/src/main/java/org/olat/modules/qpool/ui/datasource/PoolItemsSource.java
index 85217be35e1..e931da62f33 100644
--- a/src/main/java/org/olat/modules/qpool/ui/datasource/PoolItemsSource.java
+++ b/src/main/java/org/olat/modules/qpool/ui/datasource/PoolItemsSource.java
@@ -46,6 +46,10 @@ public class PoolItemsSource extends DefaultItemsSource {
 		getDefaultParams().setPoolKey(pool.getKey());
 	}
 	
+	public Pool getPool() {
+		return pool;
+	}
+
 	@Override
 	public void removeFromSource(List<QuestionItemShort> items) {
 		qpoolService.removeItemsInPool(items, pool);
diff --git a/src/main/java/org/olat/modules/qpool/ui/tree/BusinessGroupTreeNode.java b/src/main/java/org/olat/modules/qpool/ui/tree/BusinessGroupTreeNode.java
index 1f8619c0501..74cbd57e352 100644
--- a/src/main/java/org/olat/modules/qpool/ui/tree/BusinessGroupTreeNode.java
+++ b/src/main/java/org/olat/modules/qpool/ui/tree/BusinessGroupTreeNode.java
@@ -26,7 +26,6 @@ import org.olat.core.gui.components.tree.GenericTreeNode;
 import org.olat.core.gui.control.Controller;
 import org.olat.core.gui.control.WindowControl;
 import org.olat.core.id.Identity;
-import org.olat.core.id.Roles;
 import org.olat.core.id.context.BusinessControlFactory;
 import org.olat.group.BusinessGroup;
 import org.olat.group.BusinessGroupService;
@@ -93,11 +92,6 @@ public class BusinessGroupTreeNode extends GenericTreeNode implements Controller
 	
 	private boolean isShareAdmin(UserRequest ureq, BusinessGroup group) {
 		Identity identity = ureq.getIdentity();
-		Roles roles = ureq.getUserSession().getRoles();
-		return roles != null &&
-				(  roles.isOLATAdmin()
-				|| roles.isPoolAdmin()
-				|| businessGroupService.isIdentityInBusinessGroup(identity, group.getKey(), true, false, null)
-				);
+		return businessGroupService.isIdentityInBusinessGroup(identity, group.getKey(), true, false, null);
 	}
 }
diff --git a/src/main/java/org/olat/modules/qpool/ui/tree/PoolTreeNode.java b/src/main/java/org/olat/modules/qpool/ui/tree/PoolTreeNode.java
index bac68c3f8f8..03a5d5bfec5 100644
--- a/src/main/java/org/olat/modules/qpool/ui/tree/PoolTreeNode.java
+++ b/src/main/java/org/olat/modules/qpool/ui/tree/PoolTreeNode.java
@@ -26,7 +26,6 @@ import org.olat.core.gui.components.tree.GenericTreeNode;
 import org.olat.core.gui.control.Controller;
 import org.olat.core.gui.control.WindowControl;
 import org.olat.core.id.Identity;
-import org.olat.core.id.Roles;
 import org.olat.core.id.context.BusinessControlFactory;
 import org.olat.modules.qpool.Pool;
 import org.olat.modules.qpool.QPoolSecurityCallback;
@@ -79,7 +78,7 @@ public class PoolTreeNode extends GenericTreeNode implements ControllerTreeNode
 					ureq.getIdentity(),
 					ureq.getUserSession().getRoles(),
 					pool);
-			source.setRemoveEnabled(isPoolAdmin(ureq, pool));
+			source.setRemoveEnabled(isRemoveEnabled(ureq, pool));
 			WindowControl swControl = BusinessControlFactory.getInstance().createBusinessWindowControl(ureq, pool, null,
 					wControl, true);
 			questionsCtrl = new QuestionsController(ureq, swControl, stackPanel, source, securityCallback,
@@ -90,15 +89,9 @@ public class PoolTreeNode extends GenericTreeNode implements ControllerTreeNode
 		return questionsCtrl;
 	}
 	
-	private boolean isPoolAdmin(UserRequest ureq, Pool pool) {
+	private boolean isRemoveEnabled(UserRequest ureq, Pool pool) {
 		Identity identity = ureq.getIdentity();
-		Roles roles = ureq.getUserSession().getRoles();
-		return roles != null &&
-				(  roles.isOLATAdmin()
-				|| roles.isPoolAdmin()
-				|| pool.isPublicPool()
-				|| qpoolService.isOwner(identity, pool)
-				);
+		return pool.isPublicPool() || qpoolService.isOwner(identity, pool);
 	}
 
 }
-- 
GitLab