scinote-web/app/permissions/team.rb

Canaid::Permissions.register_for(Team) do
  # view projects, view protocols, leave team
  # view samples, export samples
  # view repositories, view repository, export repository rows
  can :read_team do |user, team|
    user.is_member_of_team?(team)
  end

  # edit team name, edit team description
  can :update_team do |user, team|
    user.is_admin_of_team?(team)
  end

  # invite user to team, change user's role, remove user from team
  can :manage_user_team do |user, team|
    user.is_admin_of_team?(team)
  end

  # create project
  can :create_project do |user, team|
    user.is_normal_user_or_admin_of_team?(team)
  end

  # create protocol in repository, import protocol to repository
  can :create_protocol do |user, team|
    user.is_normal_user_or_admin_of_team?(team)
  end

  # create, import, edit, delete sample
  can :manage_sample do |user, team|
    user.is_normal_user_or_admin_of_team?(team)
  end

  # create, update, delete custom field, sample type and sample group
  can :manage_sample_elements do |user, team|
    user.is_normal_user_or_admin_of_team?(team)
  end

  # create, copy, edit, destroy repository
  can :manage_repository do |user, team|
    user.is_admin_of_team?(team)
  end

  # create, import, edit, delete repository record
  can :manage_repository_row do |user, team|
    user.is_normal_user_or_admin_of_team?(team)
  end

  # create, update, delete repository column
  can :manage_repository_column do |user, team|
    user.is_normal_user_or_admin_of_team?(team)
  end
end

Canaid::Permissions.register_for(Protocol) do
  # view protocol in repository, export protocol from repository
  # view step in protocol in repository, view or dowload step asset
  can :read_protocol_in_repository do |user, protocol|
    user.is_member_of_team?(protocol.team) &&
      (protocol.in_repository_public? ||
      protocol.in_repository_private? && user == protocol.added_by)
  end

  # edit protocol in repository,
  # create, edit, delete or reorder step in repository
  can :update_protocol_in_repository do |user, protocol|
    protocol.in_repository_active? &&
      can_update_protocol_type_in_repository?(user, protocol)
  end

  # toggle protocol visibility (public, private, archive, restore)
  can :update_protocol_type_in_repository do |user, protocol|
    user.is_normal_user_or_admin_of_team?(protocol.team) &&
      user == protocol.added_by
  end

  # clone protocol in repository
  can :clone_protocol do |user, protocol|
    can_create_protocol?(user, protocol.team) &&
      can_read_protocol_in_repository?(user, protocol)
  end
end
refactor read_team permission 2017-11-27 18:24:41 +08:00			`Canaid::Permissions.register_for(Team) do`
refactor again manage user team permissions 2017-12-13 21:36:46 +08:00			`# view projects, view protocols, leave team`
refactor view repository permission 2017-12-12 21:56:07 +08:00			`# view samples, export samples`
			`# view repositories, view repository, export repository rows`
refactor read_team permission 2017-11-27 18:24:41 +08:00			`can :read_team do \|user, team\|`
			`user.is_member_of_team?(team)`
			`end`
add create, update, delete user_team permission 2017-11-28 22:41:52 +08:00
add create, update team permission and refactor 422 respond handling in controllers 2017-12-04 18:12:35 +08:00			`# edit team name, edit team description`
			`can :update_team do \|user, team\|`
			`user.is_admin_of_team?(team)`
			`end`

refactor again manage user team permissions 2017-12-13 21:36:46 +08:00			`# invite user to team, change user's role, remove user from team`
			`can :manage_user_team do \|user, team\|`
add create, update, delete user_team permission 2017-11-28 22:41:52 +08:00			`user.is_admin_of_team?(team)`
			`end`
refactor create protocol permission 2017-12-04 20:07:23 +08:00
refactor create project permission 2017-12-08 00:08:41 +08:00			`# create project`
			`can :create_project do \|user, team\|`
			`user.is_normal_user_or_admin_of_team?(team)`
			`end`

refactor create protocol permission 2017-12-04 20:07:23 +08:00			`# create protocol in repository, import protocol to repository`
			`can :create_protocol do \|user, team\|`
			`user.is_normal_user_or_admin_of_team?(team)`
			`end`
refactor create sample permissions 2017-12-04 23:45:23 +08:00
refactor manage sample permissions again by removing authorship and refactor manage sample elements permissions 2017-12-08 23:40:08 +08:00			`# create, import, edit, delete sample`
			`can :manage_sample do \|user, team\|`
refactor create sample permissions 2017-12-04 23:45:23 +08:00			`user.is_normal_user_or_admin_of_team?(team)`
			`end`
refactor update/delete sample permissions 2017-12-07 23:40:27 +08:00
refactor manage sample permissions again by removing authorship and refactor manage sample elements permissions 2017-12-08 23:40:08 +08:00			`# create, update, delete custom field, sample type and sample group`
			`can :manage_sample_elements do \|user, team\|`
refactor update/delete sample permissions 2017-12-07 23:40:27 +08:00			`user.is_normal_user_or_admin_of_team?(team)`
			`end`
refactor manage repository row permissions 2017-12-12 21:30:28 +08:00
refactor manage repository permissions 2017-12-13 18:09:25 +08:00			`# create, copy, edit, destroy repository`
			`can :manage_repository do \|user, team\|`
			`user.is_admin_of_team?(team)`
			`end`

refactor manage repository row permissions 2017-12-12 21:30:28 +08:00			`# create, import, edit, delete repository record`
			`can :manage_repository_row do \|user, team\|`
			`user.is_normal_user_or_admin_of_team?(team)`
			`end`
refactor manage repository column permissions 2017-12-12 22:35:43 +08:00
			`# create, update, delete repository column`
			`can :manage_repository_column do \|user, team\|`
			`user.is_normal_user_or_admin_of_team?(team)`
			`end`
add create, update, delete user_team permission 2017-11-28 22:41:52 +08:00			`end`

refactor read protocol in repository permission 2017-12-06 02:51:44 +08:00			`Canaid::Permissions.register_for(Protocol) do`
			`# view protocol in repository, export protocol from repository`
			`# view step in protocol in repository, view or dowload step asset`
			`can :read_protocol_in_repository do \|user, protocol\|`
			`user.is_member_of_team?(protocol.team) &&`
			`(protocol.in_repository_public? \|\|`
			`protocol.in_repository_private? && user == protocol.added_by)`
			`end`
refactor update protocol in repository permission 2017-12-07 00:23:08 +08:00
			`# edit protocol in repository,`
			`# create, edit, delete or reorder step in repository`
			`can :update_protocol_in_repository do \|user, protocol\|`
refactor update protocol type in repository 2017-12-07 01:40:49 +08:00			`protocol.in_repository_active? &&`
			`can_update_protocol_type_in_repository?(user, protocol)`
			`end`

			`# toggle protocol visibility (public, private, archive, restore)`
			`can :update_protocol_type_in_repository do \|user, protocol\|`
refactor update protocol in repository permission 2017-12-07 00:23:08 +08:00			`user.is_normal_user_or_admin_of_team?(protocol.team) &&`
refactor update protocol type in repository 2017-12-07 01:40:49 +08:00			`user == protocol.added_by`
refactor update protocol in repository permission 2017-12-07 00:23:08 +08:00			`end`
refactor clone protocol permission 2017-12-07 18:11:27 +08:00
			`# clone protocol in repository`
			`can :clone_protocol do \|user, protocol\|`
			`can_create_protocol?(user, protocol.team) &&`
			`can_read_protocol_in_repository?(user, protocol)`
			`end`
refactor read protocol in repository permission 2017-12-06 02:51:44 +08:00			`end`