Editor should have access to view an activity.

AtlasOfLivingAustralia · Dec 10, 2024 · 84e792e · 84e792e
1 parent dda70af
commit 84e792e
Showing 1 changed file with 21 additions and 1 deletion.
diff --git a/grails-app/controllers/au/org/ala/biocollect/BioActivityController.groovy b/grails-app/controllers/au/org/ala/biocollect/BioActivityController.groovy
@@ -595,9 +595,29 @@ class BioActivityController {
         return result
     }
 
+    private Map checkUserViewPermission (Map project, Map pActivity, Map activity) {
+        Map result = [ message: "Access denied: You are not allowed to edit activity", authorized: false ]
+        String userId = userService.getCurrentUserId()
+        String projectId = project?.projectId
+        Boolean embargoed = (activity.embargoed == true) || projectActivityService.isEmbargoed(pActivity)
+
+        if (!userId) {
+            result.message =  "Only members associated to this project can submit record. For more information, please contact ${grailsApplication.config.biocollect.support.email.address}"
+        } else if (!activity || activity.error) {
+            result.message =  "Invalid activity - ${id}"
+        } else if (embargoed) {
+            result.message = "Access denied: This activity is embargoed."
+        } else if (projectService.isUserEditorForProjects(userId, projectId) || activityService.isUserOwnerForActivity(userId, activity?.activityId)) {
+            result.message = "User is authorized to edit activity"
+            result.authorized = true
+        }
+
+        return result
+    }
+
     private Map checkUserPermission (Map project, Map pActivity, Map activity) {
         if (activity) {
-            return checkUserEditPermission(project, activity)
+            return checkUserViewPermission(project, pActivity, activity)
         } else {
             return checkUserCreatePermission(project, pActivity)
         }