diff --git a/src/main/java/alfio/controller/api/admin/SettingsApiController.java b/src/main/java/alfio/controller/api/admin/SettingsApiController.java index 56fd87d440..ddf8b6eefc 100644 --- a/src/main/java/alfio/controller/api/admin/SettingsApiController.java +++ b/src/main/java/alfio/controller/api/admin/SettingsApiController.java @@ -101,6 +101,12 @@ public List updatePluginConfiguration(@RequestBody List mapEmptyKeys(Configura public void deleteKey(String key) { configurationRepository.deleteByKey(key); } + + public void deleteOrganizationLevelByKey(String key, int organizationId, String username) { + Validate.isTrue(userManager.isOwnerOfOrganization(userManager.findUserByUsername(username), organizationId), "User is not owner of the organization. Therefore, delete is not allowed."); + configurationRepository.deleteOrganizationLevelByKey(key, organizationId); + } } diff --git a/src/main/java/alfio/manager/user/UserManager.java b/src/main/java/alfio/manager/user/UserManager.java index db6e32cfea..a8e58f677c 100644 --- a/src/main/java/alfio/manager/user/UserManager.java +++ b/src/main/java/alfio/manager/user/UserManager.java @@ -117,6 +117,10 @@ public boolean isOwner(User user) { return checkRole(user, a -> a.getRole().equals(AuthorityRepository.ROLE_ADMIN) || a.getRole().equals(AuthorityRepository.ROLE_OWNER)); } + public boolean isOwnerOfOrganization(User user, int organizationId) { + return isAdmin(user) || (isOwner(user) && userOrganizationRepository.findByUserId(user.getId()).stream().anyMatch(uo -> uo.getOrganizationId() == organizationId)); + } + private boolean checkRole(User user, Predicate matcher) { return getUserAuthorities(user).stream().anyMatch(matcher); } diff --git a/src/main/java/alfio/repository/system/ConfigurationRepository.java b/src/main/java/alfio/repository/system/ConfigurationRepository.java index ba9109e971..91f7bf0a7d 100644 --- a/src/main/java/alfio/repository/system/ConfigurationRepository.java +++ b/src/main/java/alfio/repository/system/ConfigurationRepository.java @@ -78,6 +78,9 @@ List findByTicketCategoryAndKey(@Bind("organizationId") int organ @Query("DELETE FROM configuration where c_key = :key") void deleteByKey(@Bind("key") String key); + @Query("DELETE FROM configuration_organization where c_key = :key and organization_id_fk = :organizationId") + void deleteOrganizationLevelByKey(@Bind("key") String key, @Bind("organizationId") int organizationId); + @Query(INSERT_STATEMENT) int insert(@Bind("key") String key, @Bind("value") String value, @Bind("description") String description); diff --git a/src/main/webapp/resources/angular-templates/admin/partials/configuration/index.html b/src/main/webapp/resources/angular-templates/admin/partials/configuration/index.html index bfe8c1405c..5e2890b8e8 100644 --- a/src/main/webapp/resources/angular-templates/admin/partials/configuration/index.html +++ b/src/main/webapp/resources/angular-templates/admin/partials/configuration/index.html @@ -23,7 +23,7 @@

General

- +
@@ -48,17 +48,17 @@

E-Mail

- +
- +
- +
- +
@@ -69,7 +69,7 @@

Payment

- +
@@ -82,7 +82,7 @@

Plugins

- +
diff --git a/src/main/webapp/resources/angular-templates/admin/partials/configuration/setting.html b/src/main/webapp/resources/angular-templates/admin/partials/configuration/setting.html index f8c2850691..2535c83f3f 100644 --- a/src/main/webapp/resources/angular-templates/admin/partials/configuration/setting.html +++ b/src/main/webapp/resources/angular-templates/admin/partials/configuration/setting.html @@ -1,10 +1,10 @@
-
+
-
- +
+
\ No newline at end of file diff --git a/src/main/webapp/resources/js/admin/directive/admin-directive.js b/src/main/webapp/resources/js/admin/directive/admin-directive.js index b402808da4..d89cd1af7c 100644 --- a/src/main/webapp/resources/js/admin/directive/admin-directive.js +++ b/src/main/webapp/resources/js/admin/directive/admin-directive.js @@ -529,15 +529,17 @@ restrict: 'E', scope: { setting: '=obj', - displayDeleteIfNeeded: '=' + displayDeleteIfNeeded: '=', + organization: '=' }, templateUrl:'/resources/angular-templates/admin/partials/configuration/setting.html', link: angular.noop, controller: function($scope, $rootScope, ConfigurationService) { $scope.displayDelete = $scope.displayDeleteIfNeeded && angular.isDefined($scope.setting) && !angular.isDefined($scope.setting.pluginId); - $scope.removeConfigurationKey = function(key) { + $scope.removeConfiguration = function(config) { $scope.loading = true; - ConfigurationService.remove(key).then(function() {$rootScope.$broadcast('ReloadSettings');}); + var promise = angular.isDefined($scope.organization) ? ConfigurationService.removeOrganizationConfig(config, $scope.organization) : ConfigurationService.remove(config); + promise.then(function() {$rootScope.$broadcast('ReloadSettings');}); }; } } diff --git a/src/main/webapp/resources/js/admin/feature/configuration/configuration.js b/src/main/webapp/resources/js/admin/feature/configuration/configuration.js index 41d609f06e..1028460f98 100644 --- a/src/main/webapp/resources/js/admin/feature/configuration/configuration.js +++ b/src/main/webapp/resources/js/admin/feature/configuration/configuration.js @@ -30,8 +30,11 @@ updateOrganizationConfig: function(organization, settings) { return $http.post('/admin/api/configuration/organizations/'+organization.id+'/update', settings).error(HttpErrorHandler.handle); }, - remove: function(key) { - return $http['delete']('/admin/api/configuration/key/' + key).error(HttpErrorHandler.handle); + remove: function(conf) { + return $http['delete']('/admin/api/configuration/key/' + conf.configurationKey).error(HttpErrorHandler.handle); + }, + removeOrganizationConfig: function(conf, organization) { + return $http['delete']('/admin/api/configuration/organization/'+organization.id+'/key/' + conf.configurationKey).error(HttpErrorHandler.handle); }, loadPlugins: function() { return $http.get('/admin/api/configuration/plugin/load').error(HttpErrorHandler.handle);