#275 security access control to inquiries

src/main/webapp/src/components/account/account.service.js

@@ -1,6 +1,6 @@
 angular.module('DojoIBL')
 
-    .service('AccountService', function ($q, Account, CacheFactory,UserService) {
+    .service('AccountService', function ($q, Account, CacheFactory) {
 
         CacheFactory('accountCache', {
             maxAge: 24 * 60 * 60 * 1000, // Items added to this cache expire after 1 day

src/main/webapp/src/components/activity/activity.controller.js

@@ -21,8 +21,8 @@ angular.module('DojoIBL')
                 //}else{
 
                     toaster.success({
-                        title: UserService.getUser(data.userEmail).name+' added a response',
-                        body: UserService.getUser(data.userEmail).name+' has contributed to an activity.'
+                        title: UserService.getUser($stateParams.runId, data.userEmail).name+' added a response',
+                        body: UserService.getUser($stateParams.runId, data.userEmail).name+' has contributed to an activity.'
                     });
                 //}
 

src/main/webapp/src/components/message/message.service.js

@@ -64,7 +64,7 @@ angular.module('DojoIBL')
 
                                     var message = data.messages[i];
 
-                                    messages[runId][message.messageId].user = UserService.getUser(data.messages[i].senderProviderId+":"+data.messages[i].senderId);
+                                    messages[runId][message.messageId].user = UserService.getUser(runId, data.messages[i].senderProviderId+":"+data.messages[i].senderId);
                                 }else{
                                     delete messages[runId][data.messages[i].messageId];
                                 }
@@ -88,7 +88,7 @@ angular.module('DojoIBL')
 
                                     var message = data.messages[i];
 
-                                    messages[runId][message.messageId].user = UserService.getUser(data.messages[i].senderProviderId+":"+data.messages[i].senderId);
+                                    messages[runId][message.messageId].user = UserService.getUser(runId, data.messages[i].senderProviderId+":"+data.messages[i].senderId);
                                 }else{
                                     delete messages[runId][data.messages[i].messageId];
                                 }
@@ -114,7 +114,7 @@ angular.module('DojoIBL')
                         function(data){
                             dataCache.put(messageId, data);
                             messages[data.runId][data.messageId] = data;
-                            messages[data.runId][data.messageId].user = UserService.getUser(data.senderProviderId+":"+data.senderId);
+                            messages[data.runId][data.messageId].user = UserService.getUser(data.runId, data.senderProviderId+":"+data.senderId);
                             deferred.resolve(data);
                         }
                     );

src/main/webapp/src/components/response/response.service.js

@@ -60,7 +60,7 @@ angular.module('DojoIBL')
                     responses[runId+"_"+itemId] = {};
                 }
                 responses[runId+"_"+itemId][response.responseId] = response;
-                responses[runId+"_"+itemId][response.responseId].user = UserService.getUser(response.userEmail);
+                responses[runId+"_"+itemId][response.responseId].user = UserService.getUser(runId, response.userEmail);
                 dataCache.put(response.responseId, responses[runId+"_"+itemId][response.responseId]);
             },
             refreshResponse: function(response, runId, itemId) {
@@ -94,7 +94,7 @@ angular.module('DojoIBL')
                                         responses[runId+"_"+itemId][id] = {};
                                     }
                                     responses[runId+"_"+itemId][id] = data;
-                                    responses[runId+"_"+itemId][id].user = UserService.getUser(data.userEmail);
+                                    responses[runId+"_"+itemId][id].user = UserService.getUser(runId, data.userEmail);
                                     dataCache.put(id, responses[runId+"_"+itemId][id]);
                                 }
                             }
@@ -126,7 +126,7 @@ angular.module('DojoIBL')
                                 if (!data.responses[i].deleted) {
                                     dataCache.put(data.responses[i].responseId, data.responses[i]);
                                     responses[runId+"_"+itemId][data.responses[i].responseId] = data.responses[i];
-                                    responses[runId+"_"+itemId][data.responses[i].responseId].user = UserService.getUser(data.responses[i].userEmail);
+                                    responses[runId+"_"+itemId][data.responses[i].responseId].user = UserService.getUser(runId, data.responses[i].userEmail);
                                 }else{
                                     delete [runId+"_"+itemId][data.responses[i].responseId];
                                 }
@@ -148,7 +148,7 @@ angular.module('DojoIBL')
                                     dataCache.put(data.responses[i].responseId, data.responses[i]);
                                     responses[runId+"_"+itemId][data.responses[i].responseId] = data.responses[i];
                                     //console.log(data.responses[i]);
-                                    responses[runId+"_"+itemId][data.responses[i].responseId].user = UserService.getUser(data.responses[i].userEmail);
+                                    responses[runId+"_"+itemId][data.responses[i].responseId].user = UserService.getUser(runId, data.responses[i].userEmail);
                                 }else{
                                     delete [runId+"_"+itemId][data.responses[i].responseId];
                                 }
@@ -199,7 +199,7 @@ angular.module('DojoIBL')
                                     //    console.log("Es hijo de: ",data.responses[i].parentId)
                                     //}
 
-                                    responses[runId+"_"+itemId][data.responses[i].responseId].user = UserService.getUser(data.responses[i].userEmail);
+                                    responses[runId+"_"+itemId][data.responses[i].responseId].user = UserService.getUser(runId, data.responses[i].userEmail);
                                     dataCache.put(data.responses[i].responseId, responses[runId+"_"+itemId][data.responses[i].responseId]);
                                 }else{
                                     delete [runId+"_"+itemId][data.responses[i].responseId];

src/main/webapp/src/components/run/timeline.controller.js

@@ -36,7 +36,7 @@ angular.module('DojoIBL')
                 //UserService.getUserByAccount($stateParams.runId, data.userEmail.split(':')[1]).then(function(user){
                 //    data.user = user;
                 //});
-                data.user = UserService.getUser(data.userEmail);
+                data.user = UserService.getUser($stateParams.runId, data.userEmail);
 
 
                 responses.push(data);
@@ -82,7 +82,7 @@ angular.module('DojoIBL')
                         //    resp.user = data;
                         //});
 
-                        resp.user = UserService.getUser(resp.userEmail);
+                        resp.user = UserService.getUser($stateParams.runId, resp.userEmail);
 
                         responses.push(resp);
                     });

src/main/webapp/src/components/user/user.service.js

@@ -1,6 +1,6 @@
 angular.module('DojoIBL')
 
-    .service('UserService', function ($q, User, CacheFactory) {
+    .service('UserService', function ($q, User, CacheFactory, AccountService, toaster, $location, $stateParams) {
 
         CacheFactory('usersCache', {
             maxAge: 24 * 60 * 60 * 1000, // Items added to this cache expire after 1 day
@@ -14,22 +14,29 @@ angular.module('DojoIBL')
         var usersId = dataCache.keys();
         for (var i=0; i < usersId.length; i++) {
             var user = dataCache.get(usersId[i]);
-            users[user.accountType+":"+user.localId] = user || {} ;
+            users[user.runId] = users[user.runId] || {} ;
+            users[user.runId][user.accountType+":"+user.localId] = user;
         }
 
         return {
             getUsersForRun: function (runId) {
                 var dataCache = CacheFactory.get('usersCache');
                 var deferred = $q.defer();
                 var self = this;
+
+                users[runId] = users[runId] || {};
+
                 User.getUsersRun({id: runId}).$promise.then(
                     function (data) {
 
                         var filtered_users =[];
 
                         angular.forEach(data.users, function(user){
                             if(!user.deleted){
-                                users[user.accountType+":"+user.localId] = user;
+
+                                user.runId = runId;
+
+                                users[runId][user.accountType+":"+user.localId] = user;
                                 filtered_users.push(user)
                             }
                         });
@@ -43,8 +50,8 @@ angular.module('DojoIBL')
                 var dataCache = CacheFactory.get('usersCache');
                 return dataCache.get(accountId);
             },
-            getUser: function(fullAccountId) {
-              return users[fullAccountId];
+            getUser: function(runId, fullAccountId) {
+              return users[runId][fullAccountId];
             },
             getUserByAccount: function(runId, accountId) {
                 var deferred = $q.defer();
@@ -54,13 +61,99 @@ angular.module('DojoIBL')
                 } else {
                     User.getUserByAccount({ runId: runId, accountId:accountId }).$promise.then(
                         function(data){
-                            dataCache.put(accountId, data);
-                            users[data.accountType+":"+data.localId] = data;
-                            deferred.resolve(data);
+
+                            if (data.deleted) {
+                                delete users[runId][data.accountType+":"+data.localId];
+                                dataCache.remove(accountId);
+                            }else{
+
+                                if(angular.isUndefined(users[runId])){
+                                    users[runId] = {};
+                                }
+
+                                data.runId = runId;
+
+                                dataCache.put(accountId, data);
+                                users[runId][data.accountType+":"+data.localId] = data;
+                                deferred.resolve(data);
+                            }
                         }
                     );
                 }
                 return deferred.promise;
+            },
+            checkAccess: function() {
+                var runId = $stateParams.runId;
+                var self = this;
+                AccountService.myDetails().then(function(me){
+                    console.log(runId, me);
+                    self.getUsersForRun(runId).then(function(data){
+                        console.log(arrayObjectIndexOf(data, me.localId, "localId"));
+                        if(arrayObjectIndexOf(data, me.localId, "localId") == -1){
+                            $location.path('home');
+                            toaster.error({
+                                title: 'No access ',
+                                body: 'You do not have access to this inquiry.'
+                            });
+                        }
+                    });
+                });
+
+                function arrayObjectIndexOf(myArray, searchTerm, property) {
+                    for(var i = 0, len = myArray.length; i < len; i++) {
+                        if (myArray[i][property] === searchTerm) return i;
+                    }
+                    return -1;
+                }
+
+
+                //console.log(users);
+                //
+                //if(angular.isUndefined(users[runId])){
+                //    console.log("user runId undefined")
+                //
+                //    users[runId] = {};
+                //    this.getUsersForRun(runId).$promise.then(function (results) {
+                //        if(angular.isUndefined(users[runId][data.accountType+":"+data.localId])){
+                //            console.log("user runId was undefined y user undefined")
+                //
+                //            //console.log("salida 2")
+                //            //return !angular.isUndefined(users[runId][data.accountType+":"+data.localId]);
+                //            return false;
+                //        }else{
+                //            console.log("user runId was undefined y user exists")
+                //
+                //            return true;
+                //        }
+                //    });
+                //}else{
+                //    console.log("user runId exists", angular.isUndefined(users[runId][data.accountType+":"+data.localId]), users[runId], data.accountType+":"+data.localId, users[runId][data.accountType+":"+data.localId])
+                //
+                //    if(angular.isUndefined(users[runId][data.accountType+":"+data.localId])){
+                //        console.log("user runId exists y user undefined")
+                //
+                //        return false;
+                //    }else{
+                //        console.log("user runId exists y user exists")
+                //
+                //        return true;
+                //    }
+                //}
+                //
+                //if(angular.isUndefined(users[runId])){
+                //    users[runId] = {};
+                //    this.getUsersForRun(runId).$promise.then(function (results) {
+                //        console.log("salida 2")
+                //        return !angular.isUndefined(users[runId][data.accountType+":"+data.localId]);
+                //    });
+                //}else{
+                //    console.log("salida 1")
+                //    return !angular.isUndefined(users[runId][data.accountType+":"+data.localId]);
+                //}
+                //
+                //
+                //
+                //return !angular.isUndefined(users[runId]) && !angular.isUndefined(users[runId][data.accountType+":"+data.localId])
             }
             //refreshAccount: function(account) {
             //    console.log(account)

src/main/webapp/src/routes.js

@@ -25,6 +25,38 @@ angular.module('DojoIBL')
                 controller: 'InquiryController',
                 ncyBreadcrumb: {
                     label: "{{'dibl.toolbar.phases' | translate}} "
+                },
+                resolve: {
+                    security: ['$q', '$stateParams', 'AccountService', 'UserService', 'toaster', '$location'
+                        , function($q, $stateParams, AccountService, UserService, toaster,$location){
+
+                            UserService.checkAccess();
+
+                        //AccountService.myDetails().then(function(me){
+                        //    console.log($stateParams.runId, me);
+                        //    UserService.getUsersForRun($stateParams.runId).then(function(data){
+                        //        console.log(arrayObjectIndexOf(data, me.localId, "localId"));
+                        //        if(arrayObjectIndexOf(data, me.localId, "localId") == -1){
+                        //            $location.path('home');
+                        //            toaster.error({
+                        //                title: 'No access ',
+                        //                body: 'You do not have access to this inquiry.'
+                        //            });
+                        //        }
+                        //    });
+                        //});
+                        //
+                        //function arrayObjectIndexOf(myArray, searchTerm, property) {
+                        //    for(var i = 0, len = myArray.length; i < len; i++) {
+                        //        if (myArray[i][property] === searchTerm) return i;
+                        //    }
+                        //    return -1;
+                        //}
+
+                        //if(){
+                        //    return $q.reject("Not Authorized");
+                        //}
+                    }]
                 }
             })
             .state('inquiry.phase', {