From a679f8dec0a17dd5dcbaf2e3a433c82de5f7fe0d Mon Sep 17 00:00:00 2001
From: uhensler <urs.hensler@frentix.com>
Date: Tue, 17 Jul 2018 14:01:32 +0200
Subject: [PATCH] OO-3304: Define user rights in quality management module

---
 .../quality/QualitySecurityCallback.java      | 15 +++--
 ...urriculumElementQualityContextBuilder.java |  3 +-
 .../ui/DataCollectionListController.java      |  4 +-
 .../quality/ui/QualityMainController.java     |  2 +-
 .../ui/QualitySecurityCallbackImpl.java       | 59 +++++++++++--------
 5 files changed, 49 insertions(+), 34 deletions(-)

diff --git a/src/main/java/org/olat/modules/quality/QualitySecurityCallback.java b/src/main/java/org/olat/modules/quality/QualitySecurityCallback.java
index 186d0fbc7ba..220f7128752 100644
--- a/src/main/java/org/olat/modules/quality/QualitySecurityCallback.java
+++ b/src/main/java/org/olat/modules/quality/QualitySecurityCallback.java
@@ -29,6 +29,8 @@ public interface QualitySecurityCallback {
 
 	public boolean canViewDataCollections();
 	
+	public boolean canCreateDataCollections();
+	
 	public boolean canEditDataCollections();
 	
 	public boolean canUpdateBaseConfiguration(QualityDataCollectionLight dataCollection);
@@ -41,17 +43,18 @@ public interface QualitySecurityCallback {
 	
 	public boolean canSetFinished(QualityDataCollectionLight dataCollection);
 	
-	public boolean canAddParticipants(QualityDataCollectionLight dataCollection);
-
-	public boolean canEditReminders();
-
-	public boolean canEditReminder(QualityDataCollectionLight dataCollection, QualityReminder reminder);
-	
 	public boolean canDeleteDataCollections();
 	
 	public boolean canDeleteDataCollection(QualityDataCollectionLight dataCollection);
 	
+	public boolean canAddParticipants(QualityDataCollectionLight dataCollection);
+	
 	public boolean canRevomeParticipation(QualityDataCollectionLight dataCollection);
 
+	public boolean canEditReminders();
+
+	public boolean canEditReminder(QualityDataCollectionLight dataCollection, QualityReminder reminder);
+
 	public boolean canExecute(QualityExecutorParticipation participation);
+
 }
diff --git a/src/main/java/org/olat/modules/quality/manager/CurriculumElementQualityContextBuilder.java b/src/main/java/org/olat/modules/quality/manager/CurriculumElementQualityContextBuilder.java
index 96240789b92..701a0a39fbc 100644
--- a/src/main/java/org/olat/modules/quality/manager/CurriculumElementQualityContextBuilder.java
+++ b/src/main/java/org/olat/modules/quality/manager/CurriculumElementQualityContextBuilder.java
@@ -63,6 +63,8 @@ class CurriculumElementQualityContextBuilder extends ForwardingQualityContextBui
 
 	private void initBuilder(EvaluationFormParticipation evaluationFormParticipation, CurriculumElement curriculumElement,
 			CurriculumRoles role) {
+		curriculumElement = curriculumService.getCurriculumElement(curriculumElement);
+		
 		QualityContextRole contextRole = QualityContextRole.valueOf(role.name());
 		builder.withRole(contextRole);
 		builder.withAudiencCurriculumElement(curriculumElement);
@@ -70,7 +72,6 @@ class CurriculumElementQualityContextBuilder extends ForwardingQualityContextBui
 		List<QualityContext> contextToDelete = qualityContextDao
 				.loadByAudienceCurriculumElement(evaluationFormParticipation, curriculumElement, contextRole);
 		contextToDelete.forEach(c -> builder.addToDelete(c));
-		
 		builder.addCurriculumElement(curriculumElement);
 		Curriculum curriculum = curriculumElement.getCurriculum();
 		builder.addCurriculum(curriculum);
diff --git a/src/main/java/org/olat/modules/quality/ui/DataCollectionListController.java b/src/main/java/org/olat/modules/quality/ui/DataCollectionListController.java
index 3423275e773..4cf9afa98e2 100644
--- a/src/main/java/org/olat/modules/quality/ui/DataCollectionListController.java
+++ b/src/main/java/org/olat/modules/quality/ui/DataCollectionListController.java
@@ -108,7 +108,7 @@ public class DataCollectionListController extends FormBasicController implements
 		numParticipantsColumn.setAlignment(FlexiColumnModel.ALIGNMENT_RIGHT);
 		numParticipantsColumn.setHeaderAlignment(FlexiColumnModel.ALIGNMENT_RIGHT);
 		columnsModel.addFlexiColumnModel(numParticipantsColumn);
-		if (secCallback.canEditDataCollections()) {
+		if (secCallback.canEditDataCollections() || secCallback.canViewDataCollections()) {
 			DefaultFlexiColumnModel editColumn = new DefaultFlexiColumnModel(DataCollectionCols.edit.i18nHeaderKey(),
 					DataCollectionCols.edit.ordinal(), CMD_EDIT,
 					new BooleanCellRenderer(
@@ -135,7 +135,7 @@ public class DataCollectionListController extends FormBasicController implements
 
 	@Override
 	public void initTools() {
-		if (secCallback.canEditDataCollections()) {
+		if (secCallback.canCreateDataCollections()) {
 			createDataCollectionLink = LinkFactory.createToolLink("data.collection.create", translate("data.collection.create"), this);
 			createDataCollectionLink.setIconLeftCSS("o_icon o_icon-lg o_icon_qual_dc_create");
 			stackPanel.addTool(createDataCollectionLink, Align.left);
diff --git a/src/main/java/org/olat/modules/quality/ui/QualityMainController.java b/src/main/java/org/olat/modules/quality/ui/QualityMainController.java
index 50c28b79160..8a9ba413635 100644
--- a/src/main/java/org/olat/modules/quality/ui/QualityMainController.java
+++ b/src/main/java/org/olat/modules/quality/ui/QualityMainController.java
@@ -65,7 +65,7 @@ public class QualityMainController extends MainLayoutBasicController implements
 	
 	public QualityMainController(UserRequest ureq, WindowControl wControl) {
 		super(ureq, wControl);
-		this.secCallback = new QualitySecurityCallbackImpl();
+		this.secCallback = new QualitySecurityCallbackImpl(ureq.getUserSession().getRoles());
 		
 		mainVC = createVelocityContainer("main");
 		
diff --git a/src/main/java/org/olat/modules/quality/ui/QualitySecurityCallbackImpl.java b/src/main/java/org/olat/modules/quality/ui/QualitySecurityCallbackImpl.java
index 79a72e7d772..f7d0e419588 100644
--- a/src/main/java/org/olat/modules/quality/ui/QualitySecurityCallbackImpl.java
+++ b/src/main/java/org/olat/modules/quality/ui/QualitySecurityCallbackImpl.java
@@ -23,6 +23,7 @@ import static org.olat.modules.quality.QualityDataCollectionStatus.FINISHED;
 import static org.olat.modules.quality.QualityDataCollectionStatus.PREPARATION;
 import static org.olat.modules.quality.QualityDataCollectionStatus.READY;
 
+import org.olat.core.id.Roles;
 import org.olat.modules.quality.QualityDataCollectionLight;
 import org.olat.modules.quality.QualityDataCollectionStatus;
 import org.olat.modules.quality.QualityExecutorParticipation;
@@ -38,73 +39,84 @@ import org.olat.modules.quality.QualitySecurityCallback;
  */
 public class QualitySecurityCallbackImpl implements QualitySecurityCallback {
 
+	private final Roles roles;
+
+	public QualitySecurityCallbackImpl(Roles roles) {
+		this.roles = roles;
+	}
+
 	@Override
 	public boolean canViewDataCollections() {
-		return true;
+		return canEditDataCollections() || roles.isPrincipal();
 	}
 
 	@Override
 	public boolean canEditDataCollections() {
-		return true;
+		return roles.isQualityManager() || roles.isAdministrator();
 	}
 
+	@Override
+	public boolean canCreateDataCollections() {
+		return canEditDataCollections();
+	}
+	
 	@Override
 	public boolean canUpdateBaseConfiguration(QualityDataCollectionLight dataCollection) {
-		return PREPARATION.equals(dataCollection.getStatus());
+		return canEditDataCollections() && PREPARATION.equals(dataCollection.getStatus());
 	}
 
 	@Override
 	public boolean canSetPreparation(QualityDataCollectionLight dataCollection) {
-		return READY.equals(dataCollection.getStatus());
+		return canEditDataCollections() && READY.equals(dataCollection.getStatus());
 	}
 
 	@Override
 	public boolean canSetReady(QualityDataCollectionLight dataCollection) {
-		return PREPARATION.equals(dataCollection.getStatus());
+		return canEditDataCollections() && PREPARATION.equals(dataCollection.getStatus());
 	}
 
 	@Override
 	public boolean canSetRunning(QualityDataCollectionLight dataCollection) {
-		return isNotStarted(dataCollection);
+		return canEditDataCollections() && isNotRunning(dataCollection);
 	}
 
 	@Override
 	public boolean canSetFinished(QualityDataCollectionLight dataCollection) {
-		return isNotFinished(dataCollection);
+		return canEditDataCollections() && isNotFinished(dataCollection);
 	}
 
 	@Override
-	public boolean canAddParticipants(QualityDataCollectionLight dataCollection) {
-		return isNotFinished(dataCollection);
+	public boolean canDeleteDataCollections() {
+		return canEditDataCollections();
 	}
 
 	@Override
-	public boolean canEditReminders() {
-		return true;
+	public boolean canDeleteDataCollection(QualityDataCollectionLight dataCollection) {
+		return canEditDataCollections() && isNotRunning(dataCollection);
 	}
 
 	@Override
-	public boolean canEditReminder(QualityDataCollectionLight dataCollection, QualityReminder reminder) {
-		return canEditReminders() && isNotSent(reminder) && isNotFinished(dataCollection);
+	public boolean canAddParticipants(QualityDataCollectionLight dataCollection) {
+		return canEditDataCollections() && isNotFinished(dataCollection);
 	}
 
-	private boolean isNotSent(QualityReminder reminder) {
-		return reminder == null || !reminder.isSent();
+	@Override
+	public boolean canRevomeParticipation(QualityDataCollectionLight dataCollection) {
+		return canEditDataCollections() && isNotRunning(dataCollection);
 	}
 
 	@Override
-	public boolean canDeleteDataCollections() {
-		return true;
+	public boolean canEditReminders() {
+		return canEditDataCollections();
 	}
 
 	@Override
-	public boolean canDeleteDataCollection(QualityDataCollectionLight dataCollection) {
-		return isNotStarted(dataCollection);
+	public boolean canEditReminder(QualityDataCollectionLight dataCollection, QualityReminder reminder) {
+		return canEditReminders() && isNotSent(reminder) && isNotFinished(dataCollection);
 	}
 
-	@Override
-	public boolean canRevomeParticipation(QualityDataCollectionLight dataCollection) {
-		return isNotStarted(dataCollection);
+	private boolean isNotSent(QualityReminder reminder) {
+		return reminder == null || !reminder.isSent();
 	}
 
 	@Override
@@ -114,7 +126,7 @@ public class QualitySecurityCallbackImpl implements QualitySecurityCallback {
 				|| QualityExecutorParticipationStatus.PARTICIPATING.equals(status);
 	}
 
-	private boolean isNotStarted(QualityDataCollectionLight dataCollection) {
+	private boolean isNotRunning(QualityDataCollectionLight dataCollection) {
 		QualityDataCollectionStatus status = dataCollection.getStatus();
 		return PREPARATION.equals(status) || READY.equals(status);
 	}
@@ -122,5 +134,4 @@ public class QualitySecurityCallbackImpl implements QualitySecurityCallback {
 	private boolean isNotFinished(QualityDataCollectionLight dataCollection) {
 		return !FINISHED.equals(dataCollection.getStatus());
 	}
-	
 }
-- 
GitLab