Determines permissibility of a GUI attachment operation, such as: ADD button, EDIT button, DESCRIPTION modification, or DELETE button
Attachment Methods
public boolean ucAllowAttachmentOperation(
String operation, // ADD, EDIT, MODIFY_DESCRIPTION, DELETE
String layoutType, // ADD_PROBLEM, EDIT
Attachment attachment, // if available, an attachment id
SesameSession session, // current session
Connection dbconn, // DB connection
Map selectedVals // current issue state
) throws Exception;
There are three environments (layoutType) that this may be invoked from ADD_PROBLEM screen, EDIT_PROBLEM screen, EDIT_ATTACHMENT popup. The Attachment object is passed in when available. It is not available for the ADD button, otherwise, it is non-null, then the usual parameters are passed in. This method RETURNS true if operation permitted, false if not.
public boolean ucAllowAttachmentOperation(
String operation, // ADD, EDIT, MODIFY_DESCRIPTION, DELETE
String layoutType, // ADD_PROBLEM, EDIT
Attachment attachment, // if available, an attachment id
SesameSession session, // current session
Connection dbconn, // DB connection
Map selectedVals) // current issue state
throws Exception
{
String role = session.getUserRole();
String userId = session.getUserId();
// TESTER role should only have the ability to delete attachements
// submitted by same user for issues that in queue.
if ("DELETE".equals(operation) && "TESTER".equals(role) )
{
String attachmentUserId = attachment.getUserId();
if (! userId.equals(attachmentUserId) )
{
Z.log.writeToLog(Z.log.WARN, "Disallow delete of attachment submitted by " +
attachmentUserId + " for user " + userId);
return false;
}
}
return true;
}