Index: lams_central/src/java/org/lamsfoundation/lams/web/qb/EditQbQuestionController.java =================================================================== diff -u -r43b70960ce9b0bcf2d8a0d6e4ba5ec69c9fc3e6d -rdfa729666ab6bd11ce1440315e9bac1191fb734d --- lams_central/src/java/org/lamsfoundation/lams/web/qb/EditQbQuestionController.java (.../EditQbQuestionController.java) (revision 43b70960ce9b0bcf2d8a0d6e4ba5ec69c9fc3e6d) +++ lams_central/src/java/org/lamsfoundation/lams/web/qb/EditQbQuestionController.java (.../EditQbQuestionController.java) (revision dfa729666ab6bd11ce1440315e9bac1191fb734d) @@ -26,6 +26,7 @@ import org.lamsfoundation.lams.qb.model.QbQuestion; import org.lamsfoundation.lams.qb.model.QbQuestionUnit; import org.lamsfoundation.lams.qb.service.IQbService; +import org.lamsfoundation.lams.security.ISecurityService; import org.lamsfoundation.lams.tool.ToolContent; import org.lamsfoundation.lams.usermanagement.dto.UserDTO; import org.lamsfoundation.lams.usermanagement.service.IUserManagementService; @@ -63,6 +64,8 @@ private IUserManagementService userManagementService; @Autowired WebApplicationContext applicationcontext; + @Autowired + ISecurityService securityService; /** * Display empty page for new question. @@ -121,7 +124,9 @@ throw new RuntimeException("QbQuestion with uid:" + qbQuestionUid + " was not found!"); } Integer userId = getUserId(); - boolean editingAllowed = qbService.isQuestionInUserCollection(qbQuestion.getQuestionId(), userId) + boolean editingAllowed = securityService.isAppadmin(userId, null, true) + || securityService.isSysadmin(userId, null, true) + || qbService.isQuestionInUserCollection(qbQuestion.getQuestionId(), userId) || qbService.isQuestionInPublicCollection(qbQuestion.getQuestionId()); if (!editingAllowed) { response.sendError(HttpServletResponse.SC_FORBIDDEN, Index: lams_central/src/java/org/lamsfoundation/lams/web/qb/QbCollectionController.java =================================================================== diff -u -r3cae79ba78db6b0e9282a3135bbda429181a6546 -rdfa729666ab6bd11ce1440315e9bac1191fb734d --- lams_central/src/java/org/lamsfoundation/lams/web/qb/QbCollectionController.java (.../QbCollectionController.java) (revision 3cae79ba78db6b0e9282a3135bbda429181a6546) +++ lams_central/src/java/org/lamsfoundation/lams/web/qb/QbCollectionController.java (.../QbCollectionController.java) (revision dfa729666ab6bd11ce1440315e9bac1191fb734d) @@ -37,6 +37,7 @@ import org.lamsfoundation.lams.qb.model.QbCollection; import org.lamsfoundation.lams.qb.model.QbQuestion; import org.lamsfoundation.lams.qb.service.IQbService; +import org.lamsfoundation.lams.security.ISecurityService; import org.lamsfoundation.lams.usermanagement.dto.UserDTO; import org.lamsfoundation.lams.util.CommonConstants; import org.lamsfoundation.lams.util.Configuration; @@ -71,6 +72,9 @@ @Autowired private IOutcomeService outcomeService; + @Autowired + ISecurityService securityService; + @RequestMapping("/show") public String showUserCollections(Model model) throws Exception { Integer userId = getUserId(); @@ -321,6 +325,9 @@ if (userId == null) { return false; } + if (securityService.isAppadmin(userId, null, true) || securityService.isSysadmin(userId, null, true)) { + return true; + } Collection collections = qbService.getUserCollections(userId); return collections.stream().map(QbCollection::getUid).anyMatch(uid -> uid.equals(collectionUid)); }