WIP: allow editing of submission by the user

appinfo/routes.php

@@ -331,6 +331,14 @@
 				'apiVersion' => 'v2(\.[1-3])?'
 			]
 		],
+		[
+			'name' => 'api#updateSubmission',
+			'url' => '/api/{apiVersion}/submission/update',
+			'verb' => 'POST',
+			'requirements' => [
+				'apiVersion' => 'v2(\.1)?'
+			]
+		],
 		[
 			'name' => 'api#deleteSubmission',
 			'url' => '/api/{apiVersion}/submission/{id}',

docs/DataStructure.md

@@ -18,6 +18,7 @@ This document describes the Object-Structure, that is used within the Forms App
 | expires     | unix-timestamp  |               | When the form should expire. Timestamp `0` indicates _never_ |
 | isAnonymous | Boolean         |               | If Answers will be stored anonymously |
 | submitMultiple  | Boolean     |               | If users are allowed to submit multiple times to the form |
+| allowEdit   | Boolean         |               | If users are allowed to edit or delete their response |
 | showExpiration | Boolean      |               | If the expiration date will be shown on the form |
 | canSubmit   | Boolean         |               | If the user can Submit to the form, i.e. calculated information out of `submitMultiple` and existing submissions. |
 | permissions | Array of [Permissions](#permissions) | Array of permissions regarding the form |
@@ -37,6 +38,7 @@ This document describes the Object-Structure, that is used within the Forms App
   "expires": 0,
   "isAnonymous": false,
   "submitMultiple": true,
+  "allowEdit": false,
   "showExpiration": false,
   "canSubmit": true,
   "permissions": [

lib/Controller/ApiController.php

@@ -27,6 +27,7 @@
 
 namespace OCA\Forms\Controller;
 
+use OCA\Forms\Activity\ActivityManager;
 use OCA\Forms\Constants;
 use OCA\Forms\Db\Answer;
 use OCA\Forms\Db\AnswerMapper;
@@ -70,6 +71,7 @@ public function __construct(
 		string $appName,
 		IRequest $request,
 		IUserSession $userSession,
+		private ActivityManager $activityManager,
 		private AnswerMapper $answerMapper,
 		private FormMapper $formMapper,
 		private OptionMapper $optionMapper,
@@ -212,6 +214,7 @@ public function newForm(): DataResponse {
 			'showToAllUsers' => false,
 		]);
 		$form->setSubmitMultiple(false);
+		$form->setAllowEdit(false);
 		$form->setShowExpiration(false);
 		$form->setExpires(0);
 		$form->setIsAnonymous(false);
@@ -958,39 +961,95 @@ public function getSubmissions(string $hash): DataResponse {
 		return new DataResponse($response);
 	}
 
+
 	/**
-	 * Insert answers for a question
+	 * @CORS
+	 * @PublicCORSFix
+	 * @NoAdminRequired
+	 * @PublicPage
+	 * Insert or update answers for a question
 	 *
 	 * @param int $submissionId
 	 * @param array $question
 	 * @param array $answerArray [arrayOfString]
+	 * @param bool $update
 	 */
-	private function storeAnswersForQuestion($submissionId, array $question, array $answerArray) {
-		foreach ($answerArray as $answer) {
-			$answerText = '';
+	private function storeAnswersForQuestion($submissionId, array $question, array $answerArray, bool $update) {
+
+		// get stored answers for this question
+		$storedAnswers = [];
+		if ($update) {
+			$storedAnswers = $this->answerMapper->findBySubmissionAndQuestion($submissionId, $question['id']);
+		}
+
+		// Are we using answer ids as values
+		if (in_array($question['type'], Constants::ANSWER_TYPES_PREDEFINED)) {
+
+			$newAnswerTexts = array();
+
+			// We are using answer ids as values
+			// collect names of options
+			foreach ($answerArray as $answer) {
+				$answerText = "";
 
-			// Are we using answer ids as values
-			if (in_array($question['type'], Constants::ANSWER_TYPES_PREDEFINED)) {
 				// Search corresponding option, skip processing if not found
 				$optionIndex = array_search($answer, array_column($question['options'], 'id'));
 				if ($optionIndex !== false) {
 					$answerText = $question['options'][$optionIndex]['text'];
 				} elseif (!empty($question['extraSettings']['allowOtherAnswer']) && strpos($answer, Constants::QUESTION_EXTRASETTINGS_OTHER_PREFIX) === 0) {
 					$answerText = str_replace(Constants::QUESTION_EXTRASETTINGS_OTHER_PREFIX, "", $answer);
 				}
-			} else {
-				$answerText = $answer; // Not a multiple-question, answerText is given answer
+
+				$newAnswerTexts[] = $answerText;
+
+				// has this answer already been stored?
+				$foundAnswer = false;
+				foreach($storedAnswers as $storedAnswer) {
+					if ($storedAnswer->getText() == $answerText) {
+						// nothing to be changed
+						$foundAnswer = true;
+						break;
+					}
+				}
+				if (!$foundAnswer) {
+					if ($answerText === "") {
+						continue;
+					}
+
+					// need to add answer
+					$answerEntity = new Answer();
+					$answerEntity->setSubmissionId($submissionId);
+					$answerEntity->setQuestionId($question['id']);
+					$answerEntity->setText($answerText);
+					$this->answerMapper->insert($answerEntity);
+				}
 			}
 
-			if ($answerText === "") {
-				continue;
+			// drop all answers that are not in new set of answers
+			foreach($storedAnswers as $storedAnswer) {
+				if (empty($newAnswerTexts) || !in_array($storedAnswer->getText(), $newAnswerTexts)) {
+					$this->answerMapper->delete($storedAnswer);
+				}
 			}
+		} else {
+			// just one answer
+			$answerText = $answerArray[0]; // Not a multiple-question, answerText is given answer
+
+			if (!empty($storedAnswers)) {
+				$answerEntity = $storedAnswers[0];
+				$answerEntity->setText($answerText);
+				$this->answerMapper->update($answerEntity);
+			} else {
+				if ($answerText === "") {
+					return;
+				}
 
-			$answerEntity = new Answer();
-			$answerEntity->setSubmissionId($submissionId);
-			$answerEntity->setQuestionId($question['id']);
-			$answerEntity->setText($answerText);
-			$this->answerMapper->insert($answerEntity);
+				$answerEntity = new Answer();
+				$answerEntity->setSubmissionId($submissionId);
+				$answerEntity->setQuestionId($question['id']);
+				$answerEntity->setText($answerText);
+				$this->answerMapper->insert($answerEntity);
+			}
 		}
 	}
 
@@ -1000,22 +1059,16 @@ private function storeAnswersForQuestion($submissionId, array $question, array $
 	 * @NoAdminRequired
 	 * @PublicPage
 	 *
-	 * Process a new submission
+	 * check a submission and return some required data objects
 	 *
 	 * @param int $formId the form id
 	 * @param array $answers [question_id => arrayOfString]
 	 * @param string $shareHash public share-hash -> Necessary to submit on public link-shares.
-	 * @return DataResponse
+	 * @return array
 	 * @throws OCSBadRequestException
 	 * @throws OCSForbiddenException
 	 */
-	public function insertSubmission(int $formId, array $answers, string $shareHash = ''): DataResponse {
-		$this->logger->debug('Inserting submission: formId: {formId}, answers: {answers}, shareHash: {shareHash}', [
-			'formId' => $formId,
-			'answers' => $answers,
-			'shareHash' => $shareHash,
-		]);
-
+	private function checkAndPrepareSubmission(int $formId, array $answers, string $shareHash = ''): array {
 		try {
 			$form = $this->formMapper->findById($formId);
 			$questions = $this->formsService->getQuestions($formId);
@@ -1065,6 +1118,102 @@ public function insertSubmission(int $formId, array $answers, string $shareHash
 			throw new OCSBadRequestException('At least one submitted answer is not valid');
 		}
 
+		return array($form, $questions);
+	}
+
+	/**
+	 * @CORS
+	 * @PublicCORSFix
+	 * @NoAdminRequired
+	 * @PublicPage
+	 *
+	 * Update an existing submission
+	 *
+	 * @param int $formId the form id
+	 * @param array $answers [question_id => arrayOfString]
+	 * @param string $shareHash public share-hash -> Necessary to submit on public link-shares.
+	 * @return DataResponse
+	 * @throws OCSBadRequestException
+	 * @throws OCSForbiddenException
+	 */
+	public function updateSubmission(int $formId, array $answers, string $shareHash = ''): DataResponse {
+		$this->logger->debug('Updating submission: formId: {formId}, answers: {answers}, shareHash: {shareHash}', [
+			'formId' => $formId,
+			'answers' => $answers,
+			'shareHash' => $shareHash,
+		]);
+
+		list($form, $questions) = $this->checkAndPrepareSubmission($formId, $answers, $shareHash);
+
+		// if edit is allowed get existing submission of this user
+		if ($form->getAllowEdit() && $this->currentUser) {
+			try {
+				$submission = $this->submissionMapper->findByFormAndUser($form->getId(), $this->currentUser->getUID());
+			} catch (DoesNotExistException $e) {
+				throw new OCSBadRequestException('Cannot update a non existing submission');
+			}
+		} else {
+			throw new OCSBadRequestException('Can only update if AllowEdit is set');
+		}
+
+		$submission->setTimestamp(time());
+		$this->submissionMapper->update($submission);
+
+		// Process Answers
+		foreach ($answers as $questionId => $answerArray) {
+			// Search corresponding Question, skip processing if not found
+			$questionIndex = array_search($questionId, array_column($questions, 'id'));
+			if ($questionIndex === false) {
+				continue;
+			}
+
+			$this->storeAnswersForQuestion($submission->getId(), $questions[$questionIndex], $answerArray, true);
+		}
+
+		$this->formsService->setLastUpdatedTimestamp($formId);
+
+		//Create Activity
+		$this->activityManager->publishNewSubmission($form, $submission->getUserId());
+
+		return new DataResponse();
+	}
+
+	/**
+	 * @CORS
+	 * @PublicCORSFix
+	 * @NoAdminRequired
+	 * @PublicPage
+	 *
+	 * Process a new submission
+	 *
+	 * @param int $formId the form id
+	 * @param array $answers [question_id => arrayOfString]
+	 * @param string $shareHash public share-hash -> Necessary to submit on public link-shares.
+	 * @return DataResponse
+	 * @throws OCSBadRequestException
+	 * @throws OCSForbiddenException
+	 */
+	public function insertSubmission(int $formId, array $answers, string $shareHash = ''): DataResponse {
+		$this->logger->debug('Inserting submission: formId: {formId}, answers: {answers}, shareHash: {shareHash}', [
+			'formId' => $formId,
+			'answers' => $answers,
+			'shareHash' => $shareHash,
+		]);
+
+		list($form, $questions) = $this->checkAndPrepareSubmission($formId, $answers, $shareHash);
+
+		// if edit is allowed then do not allow inserting another submission if one exists already
+		if ($form->getAllowEdit() && $this->currentUser) {
+			try {
+				$submission = $this->submissionMapper->findByFormAndUser($form->getId(), $this->currentUser->getUID());
+
+				// we do not want to add another submission
+				throw new OCSForbiddenException('Do not insert another submission');
+			} catch (DoesNotExistException $e) {
+				// all is good
+			}
+		}
+
 		// Create Submission
 		$submission = new Submission();
 		$submission->setFormId($formId);
@@ -1080,7 +1229,6 @@ public function insertSubmission(int $formId, array $answers, string $shareHash
 
 		// Insert new submission
 		$this->submissionMapper->insert($submission);
-		$submissionId = $submission->getId();
 
 		// Process Answers
 		foreach ($answers as $questionId => $answerArray) {
@@ -1090,7 +1238,7 @@ public function insertSubmission(int $formId, array $answers, string $shareHash
 				continue;
 			}
 
-			$this->storeAnswersForQuestion($submission->getId(), $questions[$questionIndex], $answerArray);
+			$this->storeAnswersForQuestion($submission->getId(), $questions[$questionIndex], $answerArray, false);
 		}
 
 		$this->formsService->setLastUpdatedTimestamp($formId);
@@ -1125,8 +1273,13 @@ public function deleteSubmission(int $id): DataResponse {
 			throw new OCSBadRequestException();
 		}
 
+		$canDeleteSubmission = false;
+		if ($form->getAllowEdit() && $submission->getUserId() == $this->currentUser->getUID()) {
+			$canDeleteSubmission = true;
+		}
+
 		// The current user has permissions to remove submissions
-		if (!$this->formsService->canDeleteResults($form)) {
+		if (!$canDeleteSubmission && !$this->formsService->canDeleteResults($form)) {
 			$this->logger->debug('This form is not owned by the current user and user has no `results_delete` permission');
 			throw new OCSForbiddenException();
 		}

lib/Db/AnswerMapper.php

@@ -60,6 +60,26 @@ public function findBySubmission(int $submissionId): array {
 		return $this->findEntities($qb);
 	}
 
+	/**
+	 * @param int $submissionId
+	 * @param int $questionId
+	 * @throws \OCP\AppFramework\Db\DoesNotExistException if not found
+	 * @return Answer[]
+	 */
+
+	public function findBySubmissionAndQuestion(int $submissionId, int $questionId): array {
+		$qb = $this->db->getQueryBuilder();
+
+		$qb->select('*')
+			->from($this->getTableName())
+			->where(
+				$qb->expr()->eq('submission_id', $qb->createNamedParameter($submissionId, IQueryBuilder::PARAM_INT)),
+				$qb->expr()->eq('question_id', $qb->createNamedParameter($questionId, IQueryBuilder::PARAM_INT))
+			);
+
+		return $this->findEntities($qb);
+	}
+
 	/**
 	 * @param int $submissionId
 	 */

lib/Db/Form.php

@@ -48,6 +48,8 @@
  * @method void setIsAnonymous(bool $value)
  * @method integer getSubmitMultiple()
  * @method void setSubmitMultiple(bool $value)
+ * @method integer getAllowEdit()
+ * @method void setAllowEdit(bool $value)
  * @method integer getShowExpiration()
  * @method void setShowExpiration(bool $value)
  * @method integer getLastUpdated()
@@ -65,6 +67,7 @@ class Form extends Entity {
 	protected $expires;
 	protected $isAnonymous;
 	protected $submitMultiple;
+	protected $allowEdit;
 	protected $showExpiration;
 	protected $submissionMessage;
 	protected $lastUpdated;
@@ -77,6 +80,7 @@ public function __construct() {
 		$this->addType('expires', 'integer');
 		$this->addType('isAnonymous', 'bool');
 		$this->addType('submitMultiple', 'bool');
+		$this->addType('allowEdit', 'bool');
 		$this->addType('showExpiration', 'bool');
 		$this->addType('lastUpdated', 'integer');
 	}
@@ -104,6 +108,7 @@ public function read() {
 			'expires' => (int)$this->getExpires(),
 			'isAnonymous' => (bool)$this->getIsAnonymous(),
 			'submitMultiple' => (bool)$this->getSubmitMultiple(),
+			'allowEdit' => (bool)$this->getAllowEdit(),
 			'showExpiration' => (bool)$this->getShowExpiration(),
 			'lastUpdated' => (int)$this->getLastUpdated(),
 			'submissionMessage' => $this->getSubmissionMessage(),