From 3c03c001e2aac7f3394adb8b3b9219d125657d09 Mon Sep 17 00:00:00 2001
From: rr- <rr-@sakuya.pl>
Date: Tue, 23 Aug 2016 22:04:18 +0200
Subject: [PATCH] client/auth: fix tag forms reachable via URL

---
 client/js/events.js         |  3 +++
 client/js/views/tag_view.js | 43 ++++++++++++++++++++++++-------------
 2 files changed, 31 insertions(+), 15 deletions(-)

diff --git a/client/js/events.js b/client/js/events.js
index ed8ee523..e395214b 100644
--- a/client/js/events.js
+++ b/client/js/events.js
@@ -14,6 +14,9 @@ class EventTarget {
 };
 
 function proxyEvent(source, target, sourceEventType, targetEventType) {
+    if (!source.addEventListener) {
+        return;
+    }
     if (!targetEventType) {
         targetEventType = sourceEventType;
     }
diff --git a/client/js/views/tag_view.js b/client/js/views/tag_view.js
index 4421db12..fe9d4c1f 100644
--- a/client/js/views/tag_view.js
+++ b/client/js/views/tag_view.js
@@ -6,6 +6,7 @@ const TagSummaryView = require('./tag_summary_view.js');
 const TagEditView = require('./tag_edit_view.js');
 const TagMergeView = require('./tag_merge_view.js');
 const TagDeleteView = require('./tag_delete_view.js');
+const EmptyView = require('../views/empty_view.js');
 
 const template = views.getTemplate('tag');
 
@@ -32,23 +33,35 @@ class TagView extends events.EventTarget {
 
         ctx.hostNode = this._hostNode.querySelector('.tag-content-holder');
         if (ctx.section === 'edit') {
-            this._view = new TagEditView(ctx);
-            this._view.addEventListener('submit', e => {
-                this.dispatchEvent(
-                    new CustomEvent('submit', {detail: e.detail}));
-            });
+            if (!this._ctx.canEditAnything) {
+                this._view = new EmptyView();
+                this._view.showError(
+                    'You don\'t have privileges to edit tags.');
+            } else {
+                this._view = new TagEditView(ctx);
+                events.proxyEvent(this._view, this, 'submit');
+            }
+
         } else if (ctx.section === 'merge') {
-            this._view = new TagMergeView(ctx);
-            this._view.addEventListener('submit', e => {
-                this.dispatchEvent(
-                    new CustomEvent('merge', {detail: e.detail}));
-            });
+            if (!this._ctx.canMerge) {
+                this._view = new EmptyView();
+                this._view.showError(
+                    'You don\'t have privileges to merge tags.');
+            } else {
+                this._view = new TagMergeView(ctx);
+                events.proxyEvent(this._view, this, 'submit', 'merge');
+            }
+
         } else if (ctx.section === 'delete') {
-            this._view = new TagDeleteView(ctx);
-            this._view.addEventListener('submit', e => {
-                this.dispatchEvent(
-                    new CustomEvent('delete', {detail: e.detail}));
-            });
+            if (!this._ctx.canDelete) {
+                this._view = new EmptyView();
+                this._view.showError(
+                    'You don\'t have privileges to delete tags.');
+            } else {
+                this._view = new TagDeleteView(ctx);
+                events.proxyEvent(this._view, this, 'submit', 'delete');
+            }
+
         } else {
             this._view = new TagSummaryView(ctx);
         }