scinote-web/app/permissions/team.rb

Canaid::Permissions.register_for(Team) do
  # team: leave, read users, read projects
  #       read protocols
  #
  can :read_team do |user, team|
    user.member_of_team?(team)
  end

  # team: update
  can :manage_team do |user, team|
    team.permission_granted?(user, TeamPermissions::MANAGE)
  end

  # team: assign/unassing user, change user role
  can :manage_team_users do |user, team|
    team.permission_granted?(user, TeamPermissions::USERS_MANAGE)
  end

  # team: invite new users to the team
  can :invite_team_users do |user, team|
    can_manage_team_users?(user, team)
  end

  # project_folder: create
  can :create_project_folders do |user, team|
    can_manage_team?(user, team)
  end

  # project: create
  can :create_projects do |user, team|
    team.permission_granted?(user, TeamPermissions::PROJECTS_CREATE)
  end

  # protocol in repository: create, import
  can :create_protocols_in_repository do |user, team|
    team.permission_granted?(user, TeamPermissions::PROTOCOLS_CREATE)
  end

  can :manage_bmt_filters do |user, team|
    can_manage_team?(user, team)
  end

  # repository: create, copy
  can :create_repositories do |user, team|
    within_limits = Repository.within_global_limits?
    within_limits = Repository.within_team_limits?(team) if within_limits
    within_limits && team.permission_granted?(user, TeamPermissions::INVENTORIES_CREATE)
  end

  can :create_reports do |user, team|
    team.permission_granted?(user, TeamPermissions::REPORTS_CREATE)
  end

  can :view_label_templates do |user, team|
    team.permission_granted?(user, TeamPermissions::LABEL_TEMPLATES_READ)
  end

  can :manage_label_templates do |user, team|
    team.permission_granted?(user, TeamPermissions::LABEL_TEMPLATES_MANAGE)
  end
end

Canaid::Permissions.register_for(ProjectFolder) do
  # ProjectFolder: delete
  can :delete_project_folder do |user, project_folder|
    can_manage_team?(user, project_folder.team) &&
      project_folder.projects.none? &&
      project_folder.project_folders.none?
  end
end

Canaid::Permissions.register_for(Protocol) do
  # protocol in repository: read, export, read step, read/download step asset
  can :read_protocol_in_repository do |user, protocol|
    user.member_of_team?(protocol.team) &&
      (protocol.in_repository_public? ||
      protocol.in_repository_private? && user == protocol.added_by)
  end

  # protocol in repository: update, create/update/delete/reorder step,
  #                         toggle private/public visibility, archive
  can :manage_protocol_in_repository do |user, protocol|
    protocol.in_repository_active? && protocol.permission_granted?(user, ProtocolPermissions::MANAGE)
  end

  # protocol in repository: restore
  can :restore_protocol_in_repository do |user, protocol|
    protocol.in_repository_archived? && protocol.permission_granted?(user, ProtocolPermissions::MANAGE)
  end

  # protocol in repository: copy
  can :clone_protocol_in_repository do |user, protocol|
    can_read_protocol_in_repository?(user, protocol) && can_create_protocols_in_repository?(user, protocol.team)
  end
end

Canaid::Permissions.register_for(Report) do
  can :read_report do |user, report|
    report.permission_granted?(user, ReportPermissions::READ)
  end

  can :manage_report do |user, report|
    report.permission_granted?(user, ReportPermissions::MANAGE)
  end

  can :manage_report_users do |user, report|
    report.permission_granted?(user, ReportPermissions::USERS_MANAGE)
  end
end
refactor read_team permission 2017-11-27 18:24:41 +08:00			`Canaid::Permissions.register_for(Team) do`
Merge branch 'develop' into jg_sci_2228 2020-08-31 22:29:23 +08:00			`# team: leave, read users, read projects`
Show shared inventories in left navigation and fix read repository permission 2019-07-17 22:00:49 +08:00			`# read protocols`
Overall refactoring of all canaid permissions and code related to their calls. 2018-02-16 01:46:29 +08:00			`#`
refactor read_team permission 2017-11-27 18:24:41 +08:00			`can :read_team do \|user, team\|`
Update the exiting permissions helpers so they will check new permissions [SCI-6821] 2022-05-19 19:46:03 +08:00			`user.member_of_team?(team)`
refactor read_team permission 2017-11-27 18:24:41 +08:00			`end`
add create, update, delete user_team permission 2017-11-28 22:41:52 +08:00
Overall refactoring of all canaid permissions and code related to their calls. 2018-02-16 01:46:29 +08:00			`# team: update`
Update the exiting permissions helpers so they will check new permissions [SCI-6821] 2022-05-19 19:46:03 +08:00			`can :manage_team do \|user, team\|`
			`team.permission_granted?(user, TeamPermissions::MANAGE)`
add create, update team permission and refactor 422 respond handling in controllers 2017-12-04 18:12:35 +08:00			`end`

Overall refactoring of all canaid permissions and code related to their calls. 2018-02-16 01:46:29 +08:00			`# team: assign/unassing user, change user role`
fix naming things 2018-01-05 22:15:50 +08:00			`can :manage_team_users do \|user, team\|`
Update the exiting permissions helpers so they will check new permissions [SCI-6821] 2022-05-19 19:46:03 +08:00			`team.permission_granted?(user, TeamPermissions::USERS_MANAGE)`
add create, update, delete user_team permission 2017-11-28 22:41:52 +08:00			`end`
refactor create protocol permission 2017-12-04 20:07:23 +08:00
Add invite users to the team permission check [SCI-4381] 2020-02-27 00:25:38 +08:00			`# team: invite new users to the team`
Update the exiting permissions helpers so they will check new permissions [SCI-6821] 2022-05-19 19:46:03 +08:00			`can :invite_team_users do \|user, team\|`
			`can_manage_team_users?(user, team)`
Add invite users to the team permission check [SCI-4381] 2020-02-27 00:25:38 +08:00			`end`

[SCI-5240] Implement Create new folder function 2020-12-01 16:59:08 +08:00			`# project_folder: create`
			`can :create_project_folders do \|user, team\|`
Update the exiting permissions helpers so they will check new permissions [SCI-6821] 2022-05-19 19:46:03 +08:00			`can_manage_team?(user, team)`
[SCI-5240] Implement Create new folder function 2020-12-01 16:59:08 +08:00			`end`

Overall refactoring of all canaid permissions and code related to their calls. 2018-02-16 01:46:29 +08:00			`# project: create`
fix naming things 2018-01-05 22:15:50 +08:00			`can :create_projects do \|user, team\|`
Update the exiting permissions helpers so they will check new permissions [SCI-6821] 2022-05-19 19:46:03 +08:00			`team.permission_granted?(user, TeamPermissions::PROJECTS_CREATE)`
refactor create project permission 2017-12-08 00:08:41 +08:00			`end`

Overall refactoring of all canaid permissions and code related to their calls. 2018-02-16 01:46:29 +08:00			`# protocol in repository: create, import`
fix naming things 2018-01-05 22:15:50 +08:00			`can :create_protocols_in_repository do \|user, team\|`
Update the exiting permissions helpers so they will check new permissions [SCI-6821] 2022-05-19 19:46:03 +08:00			`team.permission_granted?(user, TeamPermissions::PROTOCOLS_CREATE)`
refactor create protocol permission 2017-12-04 20:07:23 +08:00			`end`
refactor create sample permissions 2017-12-04 23:45:23 +08:00
Add saved filters backend [SCI-5977] (#3509) * Add saved filters backend [SCI-5977] * Rework filter saving [SCI-5977] Co-authored-by: Martin Artnik <martin@scinote.net> 2021-08-26 20:50:54 +08:00			`can :manage_bmt_filters do \|user, team\|`
Update the exiting permissions helpers so they will check new permissions [SCI-6821] 2022-05-19 19:46:03 +08:00			`can_manage_team?(user, team)`
Add saved filters backend [SCI-5977] (#3509) * Add saved filters backend [SCI-5977] * Rework filter saving [SCI-5977] Co-authored-by: Martin Artnik <martin@scinote.net> 2021-08-26 20:50:54 +08:00			`end`

Fixed protocol in repository permissions, and refactored it a bit. 2018-02-16 19:03:44 +08:00			`# repository: create, copy`
fix naming things 2018-01-05 22:15:50 +08:00			`can :create_repositories do \|user, team\|`
Refactor inventory limit checks [SCI-4434] 2020-03-05 22:26:25 +08:00			`within_limits = Repository.within_global_limits?`
			`within_limits = Repository.within_team_limits?(team) if within_limits`
Update the exiting permissions helpers so they will check new permissions [SCI-6821] 2022-05-19 19:46:03 +08:00			`within_limits && team.permission_granted?(user, TeamPermissions::INVENTORIES_CREATE)`
refactor manage repository column permissions 2017-12-12 22:35:43 +08:00			`end`
adds new reports index page [fixes SCI-2124] 2018-04-18 22:47:52 +08:00
Add permissions for Report model [SCI-6834] 2022-05-23 19:32:15 +08:00			`can :create_reports do \|user, team\|`
			`team.permission_granted?(user, TeamPermissions::REPORTS_CREATE)`
adds new reports index page [fixes SCI-2124] 2018-04-18 22:47:52 +08:00			`end`
Add new templates section and navigation [SCI-7017] 2022-07-26 19:52:40 +08:00
			`can :view_label_templates do \|user, team\|`
Add new permissions for label templates [SCI-7088] 2022-09-14 21:13:13 +08:00			`team.permission_granted?(user, TeamPermissions::LABEL_TEMPLATES_READ)`
Add new templates section and navigation [SCI-7017] 2022-07-26 19:52:40 +08:00			`end`
Add Label template list screen - view mode [SCI-7018] (#4292) * Initial label template datatable [SCI-7018] * Add new columns to LabelTemplate and update datatable view [SCI-7018] * Fix after rebase [SCI-7018] * Fix migration, disable checkboxes in view mode and fix label template to team level [SCI-7018] 2022-07-27 16:10:32 +08:00
			`can :manage_label_templates do \|user, team\|`
Add new permissions for label templates [SCI-7088] 2022-09-14 21:13:13 +08:00			`team.permission_granted?(user, TeamPermissions::LABEL_TEMPLATES_MANAGE)`
Add Label template list screen - view mode [SCI-7018] (#4292) * Initial label template datatable [SCI-7018] * Add new columns to LabelTemplate and update datatable view [SCI-7018] * Fix after rebase [SCI-7018] * Fix migration, disable checkboxes in view mode and fix label template to team level [SCI-7018] 2022-07-27 16:10:32 +08:00			`end`
add create, update, delete user_team permission 2017-11-28 22:41:52 +08:00			`end`

Add missing permission helper for folder deletion [SCI-6114] (#3568) 2021-10-01 16:47:32 +08:00			`Canaid::Permissions.register_for(ProjectFolder) do`
			`# ProjectFolder: delete`
			`can :delete_project_folder do \|user, project_folder\|`
Fix project visibility for team admins [SCI-7293] 2022-10-06 01:35:56 +08:00			`can_manage_team?(user, project_folder.team) &&`
Add missing permission helper for folder deletion [SCI-6114] (#3568) 2021-10-01 16:47:32 +08:00			`project_folder.projects.none? &&`
			`project_folder.project_folders.none?`
			`end`
			`end`

refactor read protocol in repository permission 2017-12-06 02:51:44 +08:00			`Canaid::Permissions.register_for(Protocol) do`
Overall refactoring of all canaid permissions and code related to their calls. 2018-02-16 01:46:29 +08:00			`# protocol in repository: read, export, read step, read/download step asset`
refactor read protocol in repository permission 2017-12-06 02:51:44 +08:00			`can :read_protocol_in_repository do \|user, protocol\|`
Update the exiting permissions helpers so they will check new permissions [SCI-6821] 2022-05-19 19:46:03 +08:00			`user.member_of_team?(protocol.team) &&`
refactor read protocol in repository permission 2017-12-06 02:51:44 +08:00			`(protocol.in_repository_public? \|\|`
			`protocol.in_repository_private? && user == protocol.added_by)`
			`end`
refactor update protocol in repository permission 2017-12-07 00:23:08 +08:00
Overall refactoring of all canaid permissions and code related to their calls. 2018-02-16 01:46:29 +08:00			`# protocol in repository: update, create/update/delete/reorder step,`
Fixed protocol in repository permissions, and refactored it a bit. 2018-02-16 19:03:44 +08:00			`# toggle private/public visibility, archive`
Overall refactoring of all canaid permissions and code related to their calls. 2018-02-16 01:46:29 +08:00			`can :manage_protocol_in_repository do \|user, protocol\|`
Update the exiting permissions helpers so they will check new permissions [SCI-6821] 2022-05-19 19:46:03 +08:00			`protocol.in_repository_active? && protocol.permission_granted?(user, ProtocolPermissions::MANAGE)`
refactor update protocol in repository permission 2017-12-07 00:23:08 +08:00			`end`
refactor clone protocol permission 2017-12-07 18:11:27 +08:00
Fixed protocol in repository permissions, and refactored it a bit. 2018-02-16 19:03:44 +08:00			`# protocol in repository: restore`
			`can :restore_protocol_in_repository do \|user, protocol\|`
Update the exiting permissions helpers so they will check new permissions [SCI-6821] 2022-05-19 19:46:03 +08:00			`protocol.in_repository_archived? && protocol.permission_granted?(user, ProtocolPermissions::MANAGE)`
Fixed protocol in repository permissions, and refactored it a bit. 2018-02-16 19:03:44 +08:00			`end`

			`# protocol in repository: copy`
fix naming things 2018-01-05 22:15:50 +08:00			`can :clone_protocol_in_repository do \|user, protocol\|`
Update the exiting permissions helpers so they will check new permissions [SCI-6821] 2022-05-19 19:46:03 +08:00			`can_read_protocol_in_repository?(user, protocol) && can_create_protocols_in_repository?(user, protocol.team)`
refactor clone protocol permission 2017-12-07 18:11:27 +08:00			`end`
refactor read protocol in repository permission 2017-12-06 02:51:44 +08:00			`end`
Add permissions for Report model [SCI-6834] 2022-05-23 19:32:15 +08:00
			`Canaid::Permissions.register_for(Report) do`
			`can :read_report do \|user, report\|`
			`report.permission_granted?(user, ReportPermissions::READ)`
			`end`

			`can :manage_report do \|user, report\|`
			`report.permission_granted?(user, ReportPermissions::MANAGE)`
			`end`

			`can :manage_report_users do \|user, report\|`
			`report.permission_granted?(user, ReportPermissions::USERS_MANAGE)`
refactor clone protocol permission 2017-12-07 18:11:27 +08:00			`end`
refactor read protocol in repository permission 2017-12-06 02:51:44 +08:00			`end`