Commit @a43bdbb5b5e26ac59c00f94b7d4de93861aba283

doortts 2017-02-21

security: Apply 'application.hide.project.listing' option to org

@a43bdbb5b5e26ac59c00f94b7d4de93861aba283

c56945b

a43bdbb

app/controllers/SearchApp.java

--- app/controllers/SearchApp.java

+++ app/controllers/SearchApp.java


 
         Organization organization = Organization.findByName(organizationName);
         User user = UserApp.currentUser();
+
+        if (Application.HIDE_PROJECT_LISTING) {
+            if (!user.isMemberOf(organization) || !user.isAdminOf(organization)) {
+                return badRequest();
+            }
+        }
+
         SearchType searchType = SearchType.getValue(searchTypeValue);
 
         if(searchType == SearchType.NA || organization == null) {

c56945b

a43bdbb

app/models/Organization.java

--- app/models/Organization.java

+++ app/models/Organization.java


  */
 package models;
 
+import controllers.Application;
 import models.enumeration.RequestState;
 import models.enumeration.ResourceType;
 import models.resource.GlobalResource;

                 }
             }
         } else {
-            for(Project project : this.projects) {
-                if(project.isPublic() || user.isMemberOf(project)) {
-                    result.add(project);
+            if(!Application.HIDE_PROJECT_LISTING){
+                for(Project project : this.projects) {
+                    if(project.isPublic() || user.isMemberOf(project)) {
+                        result.add(project);
+                    }
                 }
             }
         }

c56945b

a43bdbb

app/models/Search.java

--- app/models/Search.java

+++ app/models/Search.java


 import com.avaje.ebean.ExpressionList;
 import com.avaje.ebean.Junction;
 import com.avaje.ebean.Page;
+import controllers.Application;
 import models.enumeration.Operation;
 import models.enumeration.ProjectScope;
 import models.enumeration.UserState;

 
     private static ExpressionList<Project> projectsEL(String keyword, User user) {
         ExpressionList<Project> el = Project.find.where();
-        if(user.isAnonymous()) {
+        if(user.isAnonymous() && !Application.HIDE_PROJECT_LISTING) {
             el.eq("projectScope", ProjectScope.PUBLIC);
             el.disjunction()
                 .icontains("overview", keyword)

         } else {
             Junction<Project> junction = el.conjunction();
             Junction<Project> pj = junction.disjunction();
-            pj.add(Expr.eq("projectScope", ProjectScope.PUBLIC)); // public
+            if (!Application.HIDE_PROJECT_LISTING) {
+                pj.add(Expr.eq("projectScope", ProjectScope.PUBLIC)); // public
+            }
             List<Organization> orgs = Organization.findOrganizationsByUserLoginId(user.loginId); // protected
-            if(!orgs.isEmpty()) {
+            if (!orgs.isEmpty()) {
                 pj.and(Expr.in("organization", orgs), Expr.eq("projectScope", ProjectScope.PROTECTED));
             }
             pj.add(Expr.eq("projectUser.user.id", user.id)); // private
             pj.endJunction();
             junction.disjunction()
-                .icontains("overview", keyword)
-                .icontains("name", keyword)
-            .endJunction();
+                    .icontains("overview", keyword)
+                    .icontains("name", keyword)
+                    .endJunction();
             junction.endJunction();
         }
         el.orderBy().asc("name");

c56945b

a43bdbb

app/views/common/navbar.scala.html

--- app/views/common/navbar.scala.html

+++ app/views/common/navbar.scala.html


                             }
                             } 
                             @if(org != null) {
-                            <li>
-                                <a href="#" data-toggle="search-scope" data-action="@routes.SearchApp.searchInAGroup(org.name)">
-                                    @Messages("search.scope.group")
-                                </a>
-                            </li>
+                                @if(Application.HIDE_PROJECT_LISTING) {
+                                    @if(UserApp.currentUser().isMemberOf(org) || UserApp.currentUser().isAdminOf(org)){
+                                        <li>
+                                            <a href="#" data-toggle="search-scope" data-action="@routes.SearchApp.searchInAGroup(org.name)">
+                                            @Messages("search.scope.group")
+                                            </a>
+                                        </li>
+                                    }
+                                }
+
                             }
+                            @if(!Application.HIDE_PROJECT_LISTING || UserApp.currentUser().isSiteManager) {
                             <li>
                                 <a href="#" data-toggle="search-scope" data-action="@routes.SearchApp.searchInAll()">
                                     @Messages("search.scope.all")
                                 </a>
                             </li>
+                            }
                         </ul>
                     </div>
                     }

c56945b

a43bdbb

app/views/organization/view.scala.html

--- app/views/organization/view.scala.html

+++ app/views/organization/view.scala.html


                 </ul>
             </div>
             <div class="span3 span-hard-wrap">
+            @if(UserApp.currentUser().isMemberOf(org)) {
                 <div class="bubble-wrap gray project-home">
                     <div class="inner member-info">
                         <header>

                         </div>
                     </div>
                 </div>
+                }
             </div>
         </div>
     </div>

Add a comment

Open 0
Closed 0

List

...	...	@@ -123,6 +123,13 @@
123	123
124	124	Organization organization = Organization.findByName(organizationName);
125	125	User user = UserApp.currentUser();
	126	+
	127	+ if (Application.HIDE_PROJECT_LISTING) {
	128	+ if (!user.isMemberOf(organization) \|\| !user.isAdminOf(organization)) {
	129	+ return badRequest();
	130	+ }
	131	+ }
	132	+
126	133	SearchType searchType = SearchType.getValue(searchTypeValue);
127	134
128	135	if(searchType == SearchType.NA \|\| organization == null) {

...	...	@@ -20,6 +20,7 @@
20	20	*/
21	21	package models;
22	22
	23	+import controllers.Application;
23	24	import models.enumeration.RequestState;
24	25	import models.enumeration.ResourceType;
25	26	import models.resource.GlobalResource;
...	...	@@ -112,9 +113,11 @@
112	113	}
113	114	}
114	115	} else {
115		- for(Project project : this.projects) {
116		- if(project.isPublic() \|\| user.isMemberOf(project)) {
117		- result.add(project);
	116	+ if(!Application.HIDE_PROJECT_LISTING){
	117	+ for(Project project : this.projects) {
	118	+ if(project.isPublic() \|\| user.isMemberOf(project)) {
	119	+ result.add(project);
	120	+ }
118	121	}
119	122	}
120	123	}

...	...	@@ -24,6 +24,7 @@
24	24	import com.avaje.ebean.ExpressionList;
25	25	import com.avaje.ebean.Junction;
26	26	import com.avaje.ebean.Page;
	27	+import controllers.Application;
27	28	import models.enumeration.Operation;
28	29	import models.enumeration.ProjectScope;
29	30	import models.enumeration.UserState;
...	...	@@ -496,7 +497,7 @@
496	497
497	498	private static ExpressionList<Project> projectsEL(String keyword, User user) {
498	499	ExpressionList<Project> el = Project.find.where();
499		- if(user.isAnonymous()) {
	500	+ if(user.isAnonymous() && !Application.HIDE_PROJECT_LISTING) {
500	501	el.eq("projectScope", ProjectScope.PUBLIC);
501	502	el.disjunction()
502	503	.icontains("overview", keyword)
...	...	@@ -505,17 +506,19 @@
505	506	} else {
506	507	Junction<Project> junction = el.conjunction();
507	508	Junction<Project> pj = junction.disjunction();
508		- pj.add(Expr.eq("projectScope", ProjectScope.PUBLIC)); // public
	509	+ if (!Application.HIDE_PROJECT_LISTING) {
	510	+ pj.add(Expr.eq("projectScope", ProjectScope.PUBLIC)); // public
	511	+ }
509	512	List<Organization> orgs = Organization.findOrganizationsByUserLoginId(user.loginId); // protected
510		- if(!orgs.isEmpty()) {
	513	+ if (!orgs.isEmpty()) {
511	514	pj.and(Expr.in("organization", orgs), Expr.eq("projectScope", ProjectScope.PROTECTED));
512	515	}
513	516	pj.add(Expr.eq("projectUser.user.id", user.id)); // private
514	517	pj.endJunction();
515	518	junction.disjunction()
516		- .icontains("overview", keyword)
517		- .icontains("name", keyword)
518		- .endJunction();
	519	+ .icontains("overview", keyword)
	520	+ .icontains("name", keyword)
	521	+ .endJunction();
519	522	junction.endJunction();
520	523	}
521	524	el.orderBy().asc("name");

...	...	@@ -94,17 +94,24 @@
94	94	}
95	95	}
96	96	@if(org != null) {
97		- <li>
98		- <a href="#" data-toggle="search-scope" data-action="@routes.SearchApp.searchInAGroup(org.name)">
99		- @Messages("search.scope.group")
100		- </a>
101		- </li>
	97	+ @if(Application.HIDE_PROJECT_LISTING) {
	98	+ @if(UserApp.currentUser().isMemberOf(org) \|\| UserApp.currentUser().isAdminOf(org)){
	99	+ <li>
	100	+ <a href="#" data-toggle="search-scope" data-action="@routes.SearchApp.searchInAGroup(org.name)">
	101	+ @Messages("search.scope.group")
	102	+ </a>
	103	+ </li>
	104	+ }
	105	+ }
	106	+
102	107	}
	108	+ @if(!Application.HIDE_PROJECT_LISTING \|\| UserApp.currentUser().isSiteManager) {
103	109	<li>
104	110	<a href="#" data-toggle="search-scope" data-action="@routes.SearchApp.searchInAll()">
105	111	@Messages("search.scope.all")
106	112	</a>
107	113	</li>
	114	+ }
108	115	</ul>
109	116	</div>
110	117	}

...	...	@@ -137,6 +137,7 @@
137	137	</ul>
138	138	</div>
139	139	<div class="span3 span-hard-wrap">
	140	+ @if(UserApp.currentUser().isMemberOf(org)) {
140	141	<div class="bubble-wrap gray project-home">
141	142	<div class="inner member-info">
142	143	<header>
...	...	@@ -168,6 +169,7 @@
168	169	</div>
169	170	</div>
170	171	</div>
	172	+ }
171	173	</div>
172	174	</div>
173	175	</div>

Delete comment