mirror of
https://github.com/lukevella/rallly.git
synced 2025-08-06 09:59:00 +02:00
Prevent users from accidentally updated other participants (#199)
This commit is contained in:
Luke Vella
GitHub
parent
83b95717e4
commit
c4cbf2f6bb
1 changed files with 64 additions and 49 deletions
|
|
@ -199,54 +199,6 @@ const MobilePoll: React.VoidFunctionComponent = () => {
|
|||
</Listbox.Options>
|
||||
</div>
|
||||
</Listbox>
|
||||
{!poll.closed && !isEditing ? (
|
||||
selectedParticipant &&
|
||||
(role === "admin" ||
|
||||
session.ownsObject(selectedParticipant) ||
|
||||
isUnclaimed(selectedParticipant)) ? (
|
||||
<div className="flex space-x-3">
|
||||
<Button
|
||||
icon={<Pencil />}
|
||||
onClick={() => {
|
||||
setIsEditing(true);
|
||||
reset({
|
||||
name: selectedParticipant.name,
|
||||
votes: optionIds.map((optionId) => ({
|
||||
optionId,
|
||||
type: getVote(selectedParticipant.id, optionId),
|
||||
})),
|
||||
});
|
||||
}}
|
||||
>
|
||||
Edit
|
||||
</Button>
|
||||
<Button
|
||||
icon={<Trash />}
|
||||
data-testid="delete-participant-button"
|
||||
type="danger"
|
||||
onClick={() => {
|
||||
if (selectedParticipant) {
|
||||
confirmDeleteParticipant(selectedParticipant.id);
|
||||
}
|
||||
}}
|
||||
/>
|
||||
</div>
|
||||
) : (
|
||||
<Button
|
||||
type="primary"
|
||||
icon={<PlusCircle />}
|
||||
onClick={() => {
|
||||
reset({
|
||||
name: "",
|
||||
votes: [],
|
||||
});
|
||||
setIsEditing(true);
|
||||
}}
|
||||
>
|
||||
New
|
||||
</Button>
|
||||
)
|
||||
) : null}
|
||||
{isEditing ? (
|
||||
<Button
|
||||
onClick={() => {
|
||||
|
|
@ -256,7 +208,70 @@ const MobilePoll: React.VoidFunctionComponent = () => {
|
|||
>
|
||||
Cancel
|
||||
</Button>
|
||||
) : null}
|
||||
) : selectedParticipant ? (
|
||||
<div className="flex space-x-3">
|
||||
<Button
|
||||
icon={<Pencil />}
|
||||
disabled={
|
||||
poll.closed ||
|
||||
// if user is participant (not admin)
|
||||
(role === "participant" &&
|
||||
// and does not own this participant
|
||||
!session.ownsObject(selectedParticipant) &&
|
||||
// and the participant has been claimed by a different user
|
||||
!isUnclaimed(selectedParticipant))
|
||||
// not allowed to edit
|
||||
}
|
||||
onClick={() => {
|
||||
setIsEditing(true);
|
||||
reset({
|
||||
name: selectedParticipant.name,
|
||||
votes: optionIds.map((optionId) => ({
|
||||
optionId,
|
||||
type: getVote(selectedParticipant.id, optionId),
|
||||
})),
|
||||
});
|
||||
}}
|
||||
>
|
||||
Edit
|
||||
</Button>
|
||||
<Button
|
||||
icon={<Trash />}
|
||||
disabled={
|
||||
poll.closed ||
|
||||
// if user is participant (not admin)
|
||||
(role === "participant" &&
|
||||
// and does not own this participant
|
||||
!session.ownsObject(selectedParticipant) &&
|
||||
// or the participant has been claimed by a different user
|
||||
!isUnclaimed(selectedParticipant))
|
||||
// not allowed to edit
|
||||
}
|
||||
data-testid="delete-participant-button"
|
||||
type="danger"
|
||||
onClick={() => {
|
||||
if (selectedParticipant) {
|
||||
confirmDeleteParticipant(selectedParticipant.id);
|
||||
}
|
||||
}}
|
||||
/>
|
||||
</div>
|
||||
) : (
|
||||
<Button
|
||||
type="primary"
|
||||
icon={<PlusCircle />}
|
||||
disabled={poll.closed}
|
||||
onClick={() => {
|
||||
reset({
|
||||
name: "",
|
||||
votes: [],
|
||||
});
|
||||
setIsEditing(true);
|
||||
}}
|
||||
>
|
||||
New
|
||||
</Button>
|
||||
)}
|
||||
</div>
|
||||
{timeZone ? (
|
||||
<TimeZonePicker
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue