Archives/Athou_commafeed
1
0
Fork 1
mirror of https://github.com/Athou/commafeed.git synced 2026-03-21 21:37:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

make sure the user owns the modified data

Browse Source
This commit is contained in:
Athou
2013-04-10 22:07:44 +02:00
parent b3edfb955f
commit 013922b96d
4 changed files with 34 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/main/java/com/commafeed/backend/dao/FeedSubscriptionService.java
View File

@@ -100,6 +100,16 @@ public class FeedSubscriptionService extends GenericDAO<FeedSubscription> {
return criteria.getResultList(); return criteria.getResultList();
} }
public List<FeedSubscription> findByCategory(User user,
FeedCategory category) {
EasyCriteria<FeedSubscription> criteria = EasyCriteriaFactory
.createQueryCriteria(em, getType());
criteria.andEquals(MF.i(proxy().getUser()), user);
criteria.andEquals(MF.i(proxy().getCategory()), category);
return criteria.getResultList();
}
public List<FeedSubscription> findWithoutCategories(User user) { public List<FeedSubscription> findWithoutCategories(User user) {
EasyCriteria<FeedSubscription> criteria = EasyCriteriaFactory EasyCriteria<FeedSubscription> criteria = EasyCriteriaFactory
.createQueryCriteria(em, getType()); .createQueryCriteria(em, getType());

25
src/main/java/com/commafeed/frontend/rest/resources/SubscriptionsREST.java
View File

@@ -81,8 +81,14 @@ public class SubscriptionsREST extends AbstractREST {
@GET @GET
@Path("unsubscribe") @Path("unsubscribe")
public Response unsubscribe(@QueryParam("id") Long subscriptionId) { public Response unsubscribe(@QueryParam("id") Long subscriptionId) {
feedSubscriptionService.deleteById(subscriptionId); FeedSubscription sub = feedSubscriptionService.findById(getUser(),
return Response.ok(Status.OK).build(); subscriptionId);
if (sub != null) {
feedSubscriptionService.delete(sub);
return Response.ok(Status.OK).build();
} else {
return Response.status(Status.NOT_FOUND).build();
}
} }
@GET @GET
@@ -137,8 +143,19 @@ public class SubscriptionsREST extends AbstractREST {
@GET @GET
@Path("deleteCategory") @Path("deleteCategory")
public Response deleteCategory(@QueryParam("id") Long id) { public Response deleteCategory(@QueryParam("id") Long id) {
feedCategoryService.deleteById(id); FeedCategory cat = feedCategoryService.findById(getUser(), id);
return Response.ok().build(); if (cat != null) {
List<FeedSubscription> subs = feedSubscriptionService
.findByCategory(getUser(), cat);
for (FeedSubscription sub : subs) {
sub.setCategory(null);
}
feedSubscriptionService.update(subs);
feedCategoryService.delete(cat);
return Response.ok().build();
} else {
return Response.status(Status.NOT_FOUND).build();
}
} }
@POST @POST

2
src/main/webapp/directives/category.html
View File

@@ -1,5 +1,5 @@
<li> <li>
<div ng-mouseenter="hovered=node" ng-mouseleave="hovered=null" class="pointer"> <div ng-mouseenter="hovered=node && node.id != 'all'" ng-mouseleave="hovered=null" class="pointer">
<div class="dropdown pull-right"> <div class="dropdown pull-right">
<a dropdown-toggle class="pull-right"> <a dropdown-toggle class="pull-right">
<i ng-show="hovered==node" class="icon icon-chevron-down"></i> <i ng-show="hovered==node" class="icon icon-chevron-down"></i>

2
src/main/webapp/js/directives.js
View File

@@ -149,6 +149,8 @@ module.directive('category', function($compile) {
if (result == 'ok') { if (result == 'ok') {
SubscriptionService.deleteCategory({ SubscriptionService.deleteCategory({
id : category.id id : category.id
}, function() {
SubscriptionService.init();
}); });
} }
}); });