scinote-web/app/permissions/team.rb

Canaid::Permissions.register_for(Team) do
  # team: leave, read users, read projects
  #       read protocols
  #
  can :read_team do |user, team|
    user.is_member_of_team?(team)
  end

  # team: update
  can :update_team do |user, team|
    user.is_admin_of_team?(team)
  end

  # team: assign/unassing user, change user role
  can :manage_team_users do |user, team|
    user.is_admin_of_team?(team)
  end

  # team: invite new users to the team
  can :invite_team_users do
    true
  end

  # project_folder: create
  can :create_project_folders do |user, team|
    user.is_admin_of_team?(team)
  end

  # project: create
  can :create_projects do |user, team|
    user.is_normal_user_or_admin_of_team?(team)
  end

  # protocol in repository: create, import
  can :create_protocols_in_repository do |user, team|
    user.is_normal_user_or_admin_of_team?(team)
  end

  # repository: create, copy
  can :create_repositories do |user, team|
    within_limits = Repository.within_global_limits?
    within_limits = Repository.within_team_limits?(team) if within_limits
    within_limits && user.is_admin_of_team?(team)
  end

  # this permission is scattered around the application
  # if you want to make changes here keep in mind to check/change the
  # SQL view that lists reports in index page:
  #   - db/views/datatables_reports_v01.sql
  #   - check the model app/models/views/datatables/datatables_report.rb
  #   - check visible_by method in Project model
  can :manage_reports do |user, team|
    user.is_normal_user_or_admin_of_team?(team)
  end
end

Canaid::Permissions.register_for(ProjectFolder) do
  # ProjectFolder: delete
  can :delete_project_folder do |user, project_folder|
    user.is_admin_of_team?(project_folder.team) &&
      project_folder.projects.none? &&
      project_folder.project_folders.none?
  end
end

Canaid::Permissions.register_for(Protocol) do
  # protocol in repository: read, export, read step, read/download step asset
  can :read_protocol_in_repository do |user, protocol|
    user.is_member_of_team?(protocol.team) &&
      (protocol.in_repository_public? ||
      protocol.in_repository_private? && user == protocol.added_by)
  end

  # protocol in repository: update, create/update/delete/reorder step,
  #                         toggle private/public visibility, archive
  can :manage_protocol_in_repository do |user, protocol|
    protocol.in_repository_active? &&
      user.is_normal_user_or_admin_of_team?(protocol.team) &&
      user == protocol.added_by
  end

  # protocol in repository: restore
  can :restore_protocol_in_repository do |user, protocol|
    protocol.in_repository_archived? &&
      user.is_normal_user_or_admin_of_team?(protocol.team) &&
      user == protocol.added_by
  end

  # protocol in repository: copy
  can :clone_protocol_in_repository do |user, protocol|
    can_read_protocol_in_repository?(user, protocol) &&
      can_create_protocols_in_repository?(user, protocol.team)
  end
end
refactor read_team permission 2017-11-27 18:24:41 +08:00			`Canaid::Permissions.register_for(Team) do`
Merge branch 'develop' into jg_sci_2228 2020-08-31 22:29:23 +08:00			`# team: leave, read users, read projects`
Show shared inventories in left navigation and fix read repository permission 2019-07-17 22:00:49 +08:00			`# read protocols`
Overall refactoring of all canaid permissions and code related to their calls. 2018-02-16 01:46:29 +08:00			`#`
refactor read_team permission 2017-11-27 18:24:41 +08:00			`can :read_team do \|user, team\|`
			`user.is_member_of_team?(team)`
			`end`
add create, update, delete user_team permission 2017-11-28 22:41:52 +08:00
Overall refactoring of all canaid permissions and code related to their calls. 2018-02-16 01:46:29 +08:00			`# team: update`
add create, update team permission and refactor 422 respond handling in controllers 2017-12-04 18:12:35 +08:00			`can :update_team do \|user, team\|`
			`user.is_admin_of_team?(team)`
			`end`

Overall refactoring of all canaid permissions and code related to their calls. 2018-02-16 01:46:29 +08:00			`# team: assign/unassing user, change user role`
fix naming things 2018-01-05 22:15:50 +08:00			`can :manage_team_users do \|user, team\|`
add create, update, delete user_team permission 2017-11-28 22:41:52 +08:00			`user.is_admin_of_team?(team)`
			`end`
refactor create protocol permission 2017-12-04 20:07:23 +08:00
Add invite users to the team permission check [SCI-4381] 2020-02-27 00:25:38 +08:00			`# team: invite new users to the team`
			`can :invite_team_users do`
			`true`
			`end`

[SCI-5240] Implement Create new folder function 2020-12-01 16:59:08 +08:00			`# project_folder: create`
			`can :create_project_folders do \|user, team\|`
			`user.is_admin_of_team?(team)`
			`end`

Overall refactoring of all canaid permissions and code related to their calls. 2018-02-16 01:46:29 +08:00			`# project: create`
fix naming things 2018-01-05 22:15:50 +08:00			`can :create_projects do \|user, team\|`
refactor create project permission 2017-12-08 00:08:41 +08:00			`user.is_normal_user_or_admin_of_team?(team)`
			`end`

Overall refactoring of all canaid permissions and code related to their calls. 2018-02-16 01:46:29 +08:00			`# protocol in repository: create, import`
fix naming things 2018-01-05 22:15:50 +08:00			`can :create_protocols_in_repository do \|user, team\|`
refactor create protocol permission 2017-12-04 20:07:23 +08:00			`user.is_normal_user_or_admin_of_team?(team)`
			`end`
refactor create sample permissions 2017-12-04 23:45:23 +08:00
Fixed protocol in repository permissions, and refactored it a bit. 2018-02-16 19:03:44 +08:00			`# repository: create, copy`
fix naming things 2018-01-05 22:15:50 +08:00			`can :create_repositories do \|user, team\|`
Refactor inventory limit checks [SCI-4434] 2020-03-05 22:26:25 +08:00			`within_limits = Repository.within_global_limits?`
			`within_limits = Repository.within_team_limits?(team) if within_limits`
Add global repositories limit [SCI-4383] 2020-02-21 21:40:17 +08:00			`within_limits && user.is_admin_of_team?(team)`
refactor manage repository column permissions 2017-12-12 22:35:43 +08:00			`end`
adds new reports index page [fixes SCI-2124] 2018-04-18 22:47:52 +08:00
fixes per @mlorb 's request 2018-04-23 18:26:21 +08:00			`# this permission is scattered around the application`
			`# if you want to make changes here keep in mind to check/change the`
			`# SQL view that lists reports in index page:`
			`# - db/views/datatables_reports_v01.sql`
			`# - check the model app/models/views/datatables/datatables_report.rb`
			`# - check visible_by method in Project model`
adds new reports index page [fixes SCI-2124] 2018-04-18 22:47:52 +08:00			`can :manage_reports do \|user, team\|`
			`user.is_normal_user_or_admin_of_team?(team)`
			`end`
add create, update, delete user_team permission 2017-11-28 22:41:52 +08:00			`end`

Add missing permission helper for folder deletion [SCI-6114] (#3568) 2021-10-01 16:47:32 +08:00			`Canaid::Permissions.register_for(ProjectFolder) do`
			`# ProjectFolder: delete`
			`can :delete_project_folder do \|user, project_folder\|`
			`user.is_admin_of_team?(project_folder.team) &&`
			`project_folder.projects.none? &&`
			`project_folder.project_folders.none?`
			`end`
			`end`

refactor read protocol in repository permission 2017-12-06 02:51:44 +08:00			`Canaid::Permissions.register_for(Protocol) do`
Overall refactoring of all canaid permissions and code related to their calls. 2018-02-16 01:46:29 +08:00			`# protocol in repository: read, export, read step, read/download step asset`
refactor read protocol in repository permission 2017-12-06 02:51:44 +08:00			`can :read_protocol_in_repository do \|user, protocol\|`
			`user.is_member_of_team?(protocol.team) &&`
			`(protocol.in_repository_public? \|\|`
			`protocol.in_repository_private? && user == protocol.added_by)`
			`end`
refactor update protocol in repository permission 2017-12-07 00:23:08 +08:00
Overall refactoring of all canaid permissions and code related to their calls. 2018-02-16 01:46:29 +08:00			`# protocol in repository: update, create/update/delete/reorder step,`
Fixed protocol in repository permissions, and refactored it a bit. 2018-02-16 19:03:44 +08:00			`# toggle private/public visibility, archive`
Overall refactoring of all canaid permissions and code related to their calls. 2018-02-16 01:46:29 +08:00			`can :manage_protocol_in_repository do \|user, protocol\|`
refactor update protocol type in repository 2017-12-07 01:40:49 +08:00			`protocol.in_repository_active? &&`
Overall refactoring of all canaid permissions and code related to their calls. 2018-02-16 01:46:29 +08:00			`user.is_normal_user_or_admin_of_team?(protocol.team) &&`
refactor update protocol type in repository 2017-12-07 01:40:49 +08:00			`user == protocol.added_by`
refactor update protocol in repository permission 2017-12-07 00:23:08 +08:00			`end`
refactor clone protocol permission 2017-12-07 18:11:27 +08:00
Fixed protocol in repository permissions, and refactored it a bit. 2018-02-16 19:03:44 +08:00			`# protocol in repository: restore`
			`can :restore_protocol_in_repository do \|user, protocol\|`
			`protocol.in_repository_archived? &&`
			`user.is_normal_user_or_admin_of_team?(protocol.team) &&`
			`user == protocol.added_by`
			`end`

			`# protocol in repository: copy`
fix naming things 2018-01-05 22:15:50 +08:00			`can :clone_protocol_in_repository do \|user, protocol\|`
Fixed protocol in repository permissions, and refactored it a bit. 2018-02-16 19:03:44 +08:00			`can_read_protocol_in_repository?(user, protocol) &&`
			`can_create_protocols_in_repository?(user, protocol.team)`
refactor clone protocol permission 2017-12-07 18:11:27 +08:00			`end`
refactor read protocol in repository permission 2017-12-06 02:51:44 +08:00			`end`