From 44973ef3a9bbacd120ce25ca0bf7873ef92edfb4 Mon Sep 17 00:00:00 2001
From: gkolokythas <gkolokythas@cite.gr>
Date: Mon, 26 Aug 2019 16:52:05 +0300
Subject: [PATCH] Disables Grant's "Funder" property edit by other than
 creation user.

---
 .../eudat/logic/managers/DataManagementPlanManager.java   | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/dmp-backend/web/src/main/java/eu/eudat/logic/managers/DataManagementPlanManager.java b/dmp-backend/web/src/main/java/eu/eudat/logic/managers/DataManagementPlanManager.java
index 51756def3..cb6403921 100644
--- a/dmp-backend/web/src/main/java/eu/eudat/logic/managers/DataManagementPlanManager.java
+++ b/dmp-backend/web/src/main/java/eu/eudat/logic/managers/DataManagementPlanManager.java
@@ -453,6 +453,14 @@ public class DataManagementPlanManager {
                 }
             }
         }
+
+        if (newDmp.getGrant().getId() != null) {
+            Grant grant = apiContext.getOperationsContext().getDatabaseRepository().getGrantDao().find(newDmp.getGrant().getId());
+            if ( !grant.getFunder().getId().equals(newDmp.getGrant().getFunder().getId()) && !newDmp.getGrant().getCreationUser().getId().equals(user.getId())){
+                throw new Exception("User is not the owner of the Grant therefore, cannot edit it");
+            }
+        }
+
         newDmp = apiContext.getOperationsContext().getDatabaseRepository().getDmpDao().createOrUpdate(newDmp);
 
         // Dataset manipulation for when the DMP is set to be finalized.