mirror of
https://github.com/scinote-eln/scinote-web.git
synced 2024-09-20 23:16:15 +08:00
36 lines
959 B
Ruby
36 lines
959 B
Ruby
|
# frozen_string_literal: true
|
||
|
|
||
|
class StepOrderableElementsController < ApplicationController
|
||
|
before_action :load_vars_nested
|
||
|
before_action :check_manage_permissions, only: :create
|
||
|
|
||
|
def create
|
||
|
ActiveRecord::Base.transaction do
|
||
|
element = @step.step_orderable_elements.create!(
|
||
|
position: @step.step_orderable_elements.length,
|
||
|
orderable: create_step_element
|
||
|
)
|
||
|
render json: element, serializer: StepOrderableElementSerializer
|
||
|
rescue ActiveRecord::RecordInvalid
|
||
|
render json: {}, status: :unprocessable_entity
|
||
|
end
|
||
|
end
|
||
|
|
||
|
private
|
||
|
|
||
|
def load_vars_nested
|
||
|
@step = Step.find_by(id: params[:step_id])
|
||
|
return render_404 unless @step
|
||
|
|
||
|
@protocol = @step.protocol
|
||
|
end
|
||
|
|
||
|
def check_view_permissions
|
||
|
render_403 unless can_read_protocol_in_module?(@protocol) || can_read_protocol_in_repository?(@protocol)
|
||
|
end
|
||
|
|
||
|
def check_manage_permissions
|
||
|
render_403 unless can_manage_step?(@step)
|
||
|
end
|
||
|
end
|