|
|
@@ -319,16 +319,24 @@ class PODApiController(BaseController):
|
|
319
|
319
|
loApiController = pld.PODUserFilteredApiController(loCurrentUser.user_id)
|
|
320
|
320
|
|
|
321
|
321
|
loNode = loApiController.getNode(node_id)
|
|
322
|
|
- # loNode._lRights = list()
|
|
323
|
322
|
|
|
324
|
|
- # SHARE IS OFF, so deactivate the document share (and do not change "shared-with" group configuration
|
|
325
|
|
- if is_shared=='off':
|
|
326
|
|
- loNode.is_shared = False
|
|
327
|
|
- pm.DBSession.flush()
|
|
328
|
|
- redirect(lurl('/document/%s#tab-accessmanagement'%(loNode.node_id)))
|
|
|
323
|
+ is_shared_b = False if is_shared=='off' else True
|
|
|
324
|
+ print(is_shared_b)
|
|
|
325
|
+ print(loNode.is_shared)
|
|
|
326
|
+ print(loNode.owner_id)
|
|
|
327
|
+ print(loCurrentUser.user_id)
|
|
|
328
|
+
|
|
|
329
|
+ # Only the node owner can modify is_shared
|
|
|
330
|
+ if is_shared_b != loNode.is_shared and loNode.owner_id != loCurrentUser.user_id:
|
|
|
331
|
+ self.back_with_error(_("You can't share a document that doesn't belong to you."))
|
|
|
332
|
+ else:
|
|
|
333
|
+ loNode.is_shared = is_shared_b
|
|
|
334
|
+ if not is_shared_b:
|
|
|
335
|
+ # SHARE IS OFF, so deactivate the document share (and do not change "shared-with" group configuration
|
|
|
336
|
+ pm.DBSession.flush()
|
|
|
337
|
+ redirect(lurl('/document/%s#tab-accessmanagement'%(loNode.node_id)))
|
|
329
|
338
|
|
|
330
|
|
- # SHARE IS ON, so remove all current shares and set the new ones
|
|
331
|
|
- loNode.is_shared = True
|
|
|
339
|
+ # remove all current shares and set the new ones
|
|
332
|
340
|
|
|
333
|
341
|
for loRight in loNode._lRights:
|
|
334
|
342
|
pm.DBSession.delete(loRight)
|
|
|
@@ -344,12 +352,24 @@ class PODApiController(BaseController):
|
|
344
|
352
|
liOldValue = ldNewRights[liGroupId]
|
|
345
|
353
|
ldNewRights[liGroupId] = liOldValue + pma.Rights.WRITE_ACCESS
|
|
346
|
354
|
|
|
|
355
|
+ user_list = loApiController._getUserIdListForFiltering()
|
|
|
356
|
+ comments = pm.DBSession.query(pmd.PBNode).filter(pmd.PBNode.parent_id==node_id).\
|
|
|
357
|
+ filter((pmd.PBNode.owner_id.in_(user_list)) | (pma.user_group_table.c.user_id.in_(user_list))).\
|
|
|
358
|
+ filter(pmd.PBNode.node_type=='comment').all()
|
|
|
359
|
+ for comment in comments:
|
|
|
360
|
+ pm.DBSession.add(comment)
|
|
|
361
|
+
|
|
347
|
362
|
for liGroupId, liRightLevel in ldNewRights.items():
|
|
348
|
363
|
loNewRight = loApiController.createRight()
|
|
349
|
364
|
loNewRight.group_id = liGroupId
|
|
350
|
365
|
loNewRight.node_id = node_id
|
|
351
|
366
|
loNewRight.rights = liRightLevel
|
|
352
|
367
|
loNode._lRights.append(loNewRight)
|
|
|
368
|
+ for comment in comments:
|
|
|
369
|
+ comment_right = loApiController.createRight()
|
|
|
370
|
+ comment_right.group_id = liGroupId
|
|
|
371
|
+ comment_right.node_id = comment.node_id
|
|
|
372
|
+ comment_right.rights = liRightLevel
|
|
353
|
373
|
|
|
354
|
374
|
redirect(lurl('/document/%s#tab-accessmanagement'%(loNode.node_id)))
|
|
355
|
375
|
|
sferot