scinote-web/app/services/smart_annotations/permission_eval.rb

# frozen_string_literal: true

module SmartAnnotations
  class PermissionEval
    class << self
      include Canaid::Helpers::PermissionsHelper

      def check(user, team, type, object)
        __send__("validate_#{type}_permissions", user, team, object)
      end

      private

      def validate_prj_permissions(user, team, object)
        object.archived = false
        permission_check = object.team.id == team.id && can_read_project?(user, object)
        object.archived = true if object.archived_changed?
        permission_check
      end

      def validate_exp_permissions(user, team, object)
        object.archived = false
        permission_check = validate_prj_permissions(user, team, object.project)
        object.archived = true if object.archived_changed?
        permission_check
      end

      def validate_tsk_permissions(user, team, object)
        validate_exp_permissions(user, team, object.experiment)
      end

      def validate_rep_item_permissions(user, team, object)
        if object.repository
          return Repository.accessible_by_teams(team).find_by(id: object.repository_id).present? &&
                 can_read_repository?(user, object.repository)
        end

        # handles discarded repositories
        repository = Repository.with_discarded.find_by(id: object.repository_id)
        # evaluate to false if repository not found
        return false unless repository
      end
    end
  end
end
refactor smart annotation parser, adds repository item to smart annotation parser [fixes SCI-2222] 2018-03-29 21:55:26 +08:00			`# frozen_string_literal: true`

			`module SmartAnnotations`
			`class PermissionEval`
			`class << self`
			`include Canaid::Helpers::PermissionsHelper`

Prevent smart annotations accessing other teams when importing protocol Closes SCI-3163 2019-03-20 19:58:22 +08:00			`def check(user, team, type, object)`
Rename permision_eval - permission_eval Hopefully this will help with getting rid of all the errors that we've been receiving for PermissionEval. Closes SCI-2991. 2019-05-31 15:56:54 +08:00			`__send__("validate_#{type}_permissions", user, team, object)`
refactor smart annotation parser, adds repository item to smart annotation parser [fixes SCI-2222] 2018-03-29 21:55:26 +08:00			`end`

			`private`

Prevent smart annotations accessing other teams when importing protocol Closes SCI-3163 2019-03-20 19:58:22 +08:00			`def validate_prj_permissions(user, team, object)`
Show smart annotation for archived projects/experiments 2020-09-21 20:09:11 +08:00			`object.archived = false`
Fix tests 2020-09-21 20:41:51 +08:00			`permission_check = object.team.id == team.id && can_read_project?(user, object)`
Fix markup 2020-09-24 17:56:17 +08:00			`object.archived = true if object.archived_changed?`
Fix tests 2020-09-21 20:41:51 +08:00			`permission_check`
refactor smart annotation parser, adds repository item to smart annotation parser [fixes SCI-2222] 2018-03-29 21:55:26 +08:00			`end`

Prevent smart annotations accessing other teams when importing protocol Closes SCI-3163 2019-03-20 19:58:22 +08:00			`def validate_exp_permissions(user, team, object)`
Show smart annotation for archived projects/experiments 2020-09-21 20:09:11 +08:00			`object.archived = false`
Fix smart annotation for archived experiments 2020-11-06 18:47:18 +08:00			`permission_check = validate_prj_permissions(user, team, object.project)`
Fix markup 2020-09-24 17:56:17 +08:00			`object.archived = true if object.archived_changed?`
Fix tests 2020-09-21 20:41:51 +08:00			`permission_check`
refactor smart annotation parser, adds repository item to smart annotation parser [fixes SCI-2222] 2018-03-29 21:55:26 +08:00			`end`

Prevent smart annotations accessing other teams when importing protocol Closes SCI-3163 2019-03-20 19:58:22 +08:00			`def validate_tsk_permissions(user, team, object)`
Show smart annotation for archived projects/experiments 2020-09-21 20:09:11 +08:00			`validate_exp_permissions(user, team, object.experiment)`
refactor smart annotation parser, adds repository item to smart annotation parser [fixes SCI-2222] 2018-03-29 21:55:26 +08:00			`end`

Prevent smart annotations accessing other teams when importing protocol Closes SCI-3163 2019-03-20 19:58:22 +08:00			`def validate_rep_item_permissions(user, team, object)`
Add current team to smar annotations permission check 2020-10-23 19:32:19 +08:00			`if object.repository`
			`return Repository.accessible_by_teams(team).find_by(id: object.repository_id).present? &&`
			`can_read_repository?(user, object.repository)`
			`end`
Prevent smart annotations accessing other teams when importing protocol Closes SCI-3163 2019-03-20 19:58:22 +08:00
triggers the delayed job in the controller action, fixes smart annotations 2018-05-25 17:41:43 +08:00			`# handles discarded repositories`
Show smart annotation for archived projects/experiments 2020-09-21 20:09:11 +08:00			`repository = Repository.with_discarded.find_by(id: object.repository_id)`
triggers the delayed job in the controller action, fixes smart annotations 2018-05-25 17:41:43 +08:00			`# evaluate to false if repository not found`
			`return false unless repository`
refactor smart annotation parser, adds repository item to smart annotation parser [fixes SCI-2222] 2018-03-29 21:55:26 +08:00			`end`
			`end`
			`end`
			`end`