Add results_delete permission

Check permission on frontend to show delete buttons

Signed-off-by: Ferdinand Thiessen <[email protected]>

docs/DataStructure.md

@@ -141,11 +141,12 @@ The actual answers of users on submission.
 
 ## Permissions
 Array of permissions, the user has on the form. Permissions are named by resp. routes on frontend.
-| Permission | Description |
-| -----------|-------------|
-| edit       | User is allowed to edit the form |
-| results    | User is allowed to access the form results |
-| submit     | User is allowed to submit to the form |
+| Permission     | Description |
+| ---------------|-------------|
+| edit           | User is allowed to edit the form |
+| results        | User is allowed to access the form results |
+| results_delete | User is allowed to delete form submissions |
+| submit         | User is allowed to submit to the form |
 
 ## Access Object
 Defines some extended options of sharing / access

lib/Constants.php

@@ -115,11 +115,13 @@ class Constants {
 	// Define Form Permissions
 	public const PERMISSION_EDIT = 'edit';
 	public const PERMISSION_RESULTS = 'results';
+	public const PERMISSION_RESULTS_DELETE = 'results_delete';
 	public const PERMISSION_SUBMIT = 'submit';
 
 	public const PERMISSION_ALL = [
 		self::PERMISSION_EDIT,
 		self::PERMISSION_RESULTS,
+		self::PERMISSION_RESULTS_DELETE,
 		self::PERMISSION_SUBMIT
 	];
 

src/components/Results/Submission.vue

@@ -25,7 +25,7 @@
 		<div class="submission-head">
 			<h3>{{ submission.userDisplayName }}</h3>
 			<NcActions class="submission-menu" :force-menu="true">
-				<NcActionButton @click="onDelete">
+				<NcActionButton v-if="canDeleteSubmission" @click="onDelete">
 					<template #icon>
 						<IconDelete :size="20" />
 					</template>
@@ -71,6 +71,10 @@ export default {
 			type: Array,
 			required: true,
 		},
+		canDeleteSubmission: {
+			type: Boolean,
+			required: true,
+		},
 	},
 
 	computed: {

src/mixins/PermissionTypes.js

@@ -29,8 +29,9 @@ export default {
 			PERMISSION_TYPES: {
 				PERMISSION_EDIT: 'edit',
 				PERMISSION_RESULTS: 'results',
+				PERMISSION_RESULTS_DELETE: 'results_delete',
 				PERMISSION_SUBMIT: 'submit',
-				PERMISSION_ALL: [this.PERMISSION_EDIT, this.PERMISSION_RESULTS, this.PERMISSION_SUBMIT],
+				PERMISSION_ALL: [this.PERMISSION_EDIT, this.PERMISSION_RESULTS, this.PERMISSION_RESULTS_DELETE, this.PERMISSION_SUBMIT],
 			},
 		}
 	},

src/views/Results.vue

@@ -81,7 +81,7 @@
 						</template>
 						{{ t('forms', 'Download CSV') }}
 					</NcActionButton>
-					<NcActionButton @click="deleteAllSubmissions">
+					<NcActionButton v-if="canDeleteSubmissions" @click="deleteAllSubmissions">
 						<template #icon>
 							<IconDelete :size="20" />
 						</template>
@@ -123,6 +123,7 @@
 				:key="submission.id"
 				:submission="submission"
 				:questions="form.questions"
+				:can-delete-submission="canDeleteSubmissions"
 				@delete="deleteSubmission(submission.id)" />
 		</section>
 	</NcAppContent>
@@ -155,6 +156,7 @@ import answerTypes from '../models/AnswerTypes.js'
 import logger from '../utils/Logger.js'
 import SetWindowTitle from '../utils/SetWindowTitle.js'
 import OcsResponse2Data from '../utils/OcsResponse2Data.js'
+import PermissionTypes from '../mixins/PermissionTypes.js'
 
 const picker = getFilePickerBuilder(t('forms', 'Save CSV to Files'))
 	.setMultiSelect(false)
@@ -183,7 +185,7 @@ export default {
 		TopBar,
 	},
 
-	mixins: [ViewsMixin],
+	mixins: [PermissionTypes, ViewsMixin],
 
 	data() {
 		return {
@@ -193,6 +195,10 @@ export default {
 	},
 
 	computed: {
+		canDeleteSubmissions() {
+			return this.form.permissions.includes(this.PERMISSION_TYPES.PERMISSION_RESULTS_DELETE)
+		},
+
 		noSubmissions() {
 			return this.form.submissions?.length === 0
 		},

tests/Integration/Api/ApiV2Test.php

@@ -24,7 +24,7 @@
  */
 namespace OCA\Forms\Tests\Integration\Api;
 
-use OCA\Forms\Db\Form;
+use OCA\Forms\Constants;
 use OCA\Forms\Db\FormMapper;
 
 use OCP\DB\QueryBuilder\IQueryBuilder;
@@ -356,11 +356,7 @@ public function dataGetForms() {
 					'hash' => 'abcdefg',
 					'title' => 'Title of a Form',
 					'expires' => 0,
-					'permissions' => [
-						'edit',
-						'results',
-						'submit'
-					],
+					'permissions' => Constants::PERMISSION_ALL,
 					'partial' => true,
 					'submissionCount' => 3
 				]]
@@ -460,11 +456,7 @@ public function dataGetNewForm() {
 					'submitMultiple' => false,
 					'showExpiration' => false,
 					'canSubmit' => true,
-					'permissions' => [
-						'edit',
-						'results',
-						'submit'
-					],
+					'permissions' => Constants::PERMISSION_ALL,
 					'questions' => [],
 					'shares' => [],
 					'submissionCount' => 0,
@@ -515,11 +507,7 @@ public function dataGetFullForm() {
 					'submitMultiple' => false,
 					'showExpiration' => false,
 					'canSubmit' => true,
-					'permissions' => [
-						'edit',
-						'results',
-						'submit'
-					],
+					'permissions' => Constants::PERMISSION_ALL,
 					'questions' => [
 						[
 							'type' => 'short',

tests/Unit/Service/FormsServiceTest.php

@@ -204,11 +204,7 @@ public function dataGetForm() {
 						'displayName' => 'Some User'
 					]
 				],
-				'permissions' => [
-					'edit',
-					'results',
-					'submit'
-				]
+				'permissions' => Constants::PERMISSION_ALL
 			]]
 		];
 	}
@@ -319,7 +315,7 @@ public function dataGetPartialForm() {
 				'hash' => 'abcdefg',
 				'title' => 'Form 1',
 				'expires' => 0,
-				'permissions' => ['edit', 'results', 'submit'],
+				'permissions' => Constants::PERMISSION_ALL,
 				'submissionCount' => 123,
 				'partial' => true
 			]]
@@ -494,7 +490,7 @@ public function dataGetPermissions() {
 					'showToAllUsers' => false,
 				],
 				'shares' => [],
-				'expected' => ['edit', 'results', 'submit'],
+				'expected' => Constants::PERMISSION_ALL,
 			],
 			'allUsersCanSubmit' => [
 				'ownerId' => 'someOtherUser',