scinote-web/app/permissions/repository.rb

44 lines
1.3 KiB
Ruby
Raw Normal View History

2019-07-12 22:43:54 +08:00
# frozen_string_literal: true
Canaid::Permissions.register_for(Repository) do
# repository: read/export
can :read_repository do |user, repository|
if user.teams.include?(repository.team) || repository.team_repositories.where(team: user.teams).any?
true
else
false
end
end
2019-07-12 22:43:54 +08:00
# repository: update, delete
can :manage_repository do |user, repository|
user.is_admin_of_team?(repository.team)
end
# repository: create/import record
can :create_repository_rows do |user, repository|
if user.teams.include?(repository.team)
user.is_normal_user_or_admin_of_team?(repository.team)
elsif (write_team_repos = repository
.team_repositories
.where(team_id: user.teams.pluck(:id))
.where(permission_level: :write)).any?
# When has some repository's relations with write permissions for at least one of user's teams.
user.is_normal_user_or_admin_of_team?(write_team_repos.first.team)
else
false
end
end
# repository: update/delete records
can :manage_repository_rows do |user, repository|
can_create_repository_rows?(user, repository)
end
# repository: create field
can :create_repository_columns do |user, repository|
can_create_repository_rows?(user, repository)
end
end