scinote-web/app/permissions/team.rb

Canaid::Permissions.register_for(Team) do
  # team: leave, read users, read projects
  #       read protocols
  #
  can :read_team do |user, team|
    user.member_of_team?(team)
  end

  # team: update
  can :manage_team do |user, team|
    team.permission_granted?(user, TeamPermissions::MANAGE)
  end

  # team: assign/unassing user, change user role
  can :manage_team_users do |user, team|
    team.permission_granted?(user, TeamPermissions::USERS_MANAGE)
  end

  # team: invite new users to the team
  can :invite_team_users do |user, team|
    can_manage_team_users?(user, team)
  end

  # project_folder: create
  can :create_project_folders do |user, team|
    can_manage_team?(user, team)
  end

  # project: create
  can :create_projects do |user, team|
    team.permission_granted?(user, TeamPermissions::PROJECTS_CREATE)
  end

  # protocol in repository: create, import
  can :create_protocols_in_repository do |user, team|
    team.permission_granted?(user, TeamPermissions::PROTOCOLS_CREATE)
  end

  # repository: create, copy
  can :create_repositories do |user, team|
    within_limits = Repository.within_global_limits?
    within_limits = Repository.within_team_limits?(team) if within_limits
    within_limits && team.permission_granted?(user, TeamPermissions::INVENTORIES_CREATE)
  end

  can :create_reports do |user, team|
    team.permission_granted?(user, TeamPermissions::REPORTS_CREATE)
  end

  can :view_label_templates do |user, team|
    team.permission_granted?(user, TeamPermissions::LABEL_TEMPLATES_READ)
  end

  can :manage_label_templates do |user, team|
    team.permission_granted?(user, TeamPermissions::LABEL_TEMPLATES_MANAGE)
  end
end

Canaid::Permissions.register_for(ProjectFolder) do
  # ProjectFolder: delete
  can :delete_project_folder do |user, project_folder|
    can_manage_team?(user, project_folder.team) &&
      project_folder.projects.none? &&
      project_folder.project_folders.none?
  end
end

Canaid::Permissions.register_for(Protocol) do
  %i(manage_protocol_in_repository
     manage_protocol_draft_in_repository
     clone_protocol_in_repository
     publish_protocol_in_repository
     delete_protocol_draft_in_repository
     save_protocol_version_as_draft)
    .each do |perm|
    can perm do |_, protocol|
      protocol.active?
    end
  end

  # protocol in repository: read, export, read step, read/download step asset
  can :read_protocol_in_repository do |user, protocol|
    protocol.permission_granted?(user, ProtocolPermissions::READ)
  end

  # protocol in repository: update, create/update/delete/reorder step,
  #                         toggle private/public visibility, archive
  can :manage_protocol_in_repository do |user, protocol|
    protocol.in_repository_draft? &&
      protocol.permission_granted?(user, ProtocolPermissions::MANAGE)
  end

  can :manage_protocol_draft_in_repository do |user, protocol|
    protocol.in_repository_draft? &&
      protocol.permission_granted?(user, ProtocolPermissions::MANAGE_DRAFT)
  end

  can :manage_protocol_users do |user, protocol|
    protocol.permission_granted?(user, ProtocolPermissions::USERS_MANAGE) ||
      protocol.team.permission_granted?(user, TeamPermissions::MANAGE)
  end

  # protocol in repository: restore
  can :restore_protocol_in_repository do |user, protocol|
    protocol.archived? && protocol.permission_granted?(user, ProtocolPermissions::MANAGE)
  end

  can :archive_protocol_in_repository do |user, protocol|
    protocol.active? && protocol.permission_granted?(user, ProtocolPermissions::MANAGE)
  end

  # protocol in repository: copy
  can :clone_protocol_in_repository do |user, protocol|
    can_read_protocol_in_repository?(user, protocol) && can_create_protocols_in_repository?(user, protocol.team)
  end

  can :publish_protocol_in_repository do |user, protocol|
    protocol.in_repository_draft? &&
      protocol.permission_granted?(user, ProtocolPermissions::MANAGE)
  end

  can :delete_protocol_draft_in_repository do |user, protocol|
    protocol.parent_id.present? &&
      can_manage_protocol_draft_in_repository?(user, protocol)
  end

  can :save_protocol_version_as_draft do |user, protocol|
    next false unless protocol.in_repository_published?

    protocol.permission_granted?(user, ProtocolPermissions::MANAGE_DRAFT)
  end
end

Canaid::Permissions.register_for(Report) do
  can :read_report do |user, report|
    can_read_project?(report.project) && report.permission_granted?(user, ReportPermissions::READ)
  end

  can :manage_report do |user, report|
    can_read_project?(report.project) && report.permission_granted?(user, ReportPermissions::MANAGE)
  end

  can :manage_report_users do |user, report|
    report.permission_granted?(user, ReportPermissions::USERS_MANAGE)
  end
end
refactor read_team permission 2017-11-27 11:24:41 +01:00			`Canaid::Permissions.register_for(Team) do`
Merge branch 'develop' into jg_sci_2228 2020-08-31 16:29:23 +02:00			`# team: leave, read users, read projects`
Show shared inventories in left navigation and fix read repository permission 2019-07-17 16:00:49 +02:00			`# read protocols`
Overall refactoring of all canaid permissions and code related to their calls. 2018-02-15 18:46:29 +01:00			`#`
refactor read_team permission 2017-11-27 11:24:41 +01:00			`can :read_team do \|user, team\|`
Update the exiting permissions helpers so they will check new permissions [SCI-6821] 2022-05-19 13:46:03 +02:00			`user.member_of_team?(team)`
refactor read_team permission 2017-11-27 11:24:41 +01:00			`end`
add create, update, delete user_team permission 2017-11-28 15:41:52 +01:00
Overall refactoring of all canaid permissions and code related to their calls. 2018-02-15 18:46:29 +01:00			`# team: update`
Update the exiting permissions helpers so they will check new permissions [SCI-6821] 2022-05-19 13:46:03 +02:00			`can :manage_team do \|user, team\|`
			`team.permission_granted?(user, TeamPermissions::MANAGE)`
add create, update team permission and refactor 422 respond handling in controllers 2017-12-04 11:12:35 +01:00			`end`

Overall refactoring of all canaid permissions and code related to their calls. 2018-02-15 18:46:29 +01:00			`# team: assign/unassing user, change user role`
fix naming things 2018-01-05 15:15:50 +01:00			`can :manage_team_users do \|user, team\|`
Update the exiting permissions helpers so they will check new permissions [SCI-6821] 2022-05-19 13:46:03 +02:00			`team.permission_granted?(user, TeamPermissions::USERS_MANAGE)`
add create, update, delete user_team permission 2017-11-28 15:41:52 +01:00			`end`
refactor create protocol permission 2017-12-04 13:07:23 +01:00
Add invite users to the team permission check [SCI-4381] 2020-02-26 17:25:38 +01:00			`# team: invite new users to the team`
Update the exiting permissions helpers so they will check new permissions [SCI-6821] 2022-05-19 13:46:03 +02:00			`can :invite_team_users do \|user, team\|`
			`can_manage_team_users?(user, team)`
Add invite users to the team permission check [SCI-4381] 2020-02-26 17:25:38 +01:00			`end`

[SCI-5240] Implement Create new folder function 2020-12-01 09:59:08 +01:00			`# project_folder: create`
			`can :create_project_folders do \|user, team\|`
Update the exiting permissions helpers so they will check new permissions [SCI-6821] 2022-05-19 13:46:03 +02:00			`can_manage_team?(user, team)`
[SCI-5240] Implement Create new folder function 2020-12-01 09:59:08 +01:00			`end`

Overall refactoring of all canaid permissions and code related to their calls. 2018-02-15 18:46:29 +01:00			`# project: create`
fix naming things 2018-01-05 15:15:50 +01:00			`can :create_projects do \|user, team\|`
Update the exiting permissions helpers so they will check new permissions [SCI-6821] 2022-05-19 13:46:03 +02:00			`team.permission_granted?(user, TeamPermissions::PROJECTS_CREATE)`
refactor create project permission 2017-12-07 17:08:41 +01:00			`end`

Overall refactoring of all canaid permissions and code related to their calls. 2018-02-15 18:46:29 +01:00			`# protocol in repository: create, import`
fix naming things 2018-01-05 15:15:50 +01:00			`can :create_protocols_in_repository do \|user, team\|`
Update the exiting permissions helpers so they will check new permissions [SCI-6821] 2022-05-19 13:46:03 +02:00			`team.permission_granted?(user, TeamPermissions::PROTOCOLS_CREATE)`
refactor create protocol permission 2017-12-04 13:07:23 +01:00			`end`
refactor create sample permissions 2017-12-04 16:45:23 +01:00
Fixed protocol in repository permissions, and refactored it a bit. 2018-02-16 12:03:44 +01:00			`# repository: create, copy`
fix naming things 2018-01-05 15:15:50 +01:00			`can :create_repositories do \|user, team\|`
Refactor inventory limit checks [SCI-4434] 2020-03-05 15:26:25 +01:00			`within_limits = Repository.within_global_limits?`
			`within_limits = Repository.within_team_limits?(team) if within_limits`
Update the exiting permissions helpers so they will check new permissions [SCI-6821] 2022-05-19 13:46:03 +02:00			`within_limits && team.permission_granted?(user, TeamPermissions::INVENTORIES_CREATE)`
refactor manage repository column permissions 2017-12-12 15:35:43 +01:00			`end`
adds new reports index page [fixes SCI-2124] 2018-04-18 16:47:52 +02:00
Add permissions for Report model [SCI-6834] 2022-05-23 13:32:15 +02:00			`can :create_reports do \|user, team\|`
			`team.permission_granted?(user, TeamPermissions::REPORTS_CREATE)`
adds new reports index page [fixes SCI-2124] 2018-04-18 16:47:52 +02:00			`end`
Add new templates section and navigation [SCI-7017] 2022-07-26 13:52:40 +02:00
			`can :view_label_templates do \|user, team\|`
Add new permissions for label templates [SCI-7088] 2022-09-14 15:13:13 +02:00			`team.permission_granted?(user, TeamPermissions::LABEL_TEMPLATES_READ)`
Add new templates section and navigation [SCI-7017] 2022-07-26 13:52:40 +02:00			`end`
Add Label template list screen - view mode [SCI-7018] (#4292) * Initial label template datatable [SCI-7018] * Add new columns to LabelTemplate and update datatable view [SCI-7018] * Fix after rebase [SCI-7018] * Fix migration, disable checkboxes in view mode and fix label template to team level [SCI-7018] 2022-07-27 10:10:32 +02:00
			`can :manage_label_templates do \|user, team\|`
Add new permissions for label templates [SCI-7088] 2022-09-14 15:13:13 +02:00			`team.permission_granted?(user, TeamPermissions::LABEL_TEMPLATES_MANAGE)`
Add Label template list screen - view mode [SCI-7018] (#4292) * Initial label template datatable [SCI-7018] * Add new columns to LabelTemplate and update datatable view [SCI-7018] * Fix after rebase [SCI-7018] * Fix migration, disable checkboxes in view mode and fix label template to team level [SCI-7018] 2022-07-27 10:10:32 +02:00			`end`
add create, update, delete user_team permission 2017-11-28 15:41:52 +01:00			`end`

Add missing permission helper for folder deletion [SCI-6114] (#3568) 2021-10-01 10:47:32 +02:00			`Canaid::Permissions.register_for(ProjectFolder) do`
			`# ProjectFolder: delete`
			`can :delete_project_folder do \|user, project_folder\|`
Fix project visibility for team admins [SCI-7293] 2022-10-05 19:35:56 +02:00			`can_manage_team?(user, project_folder.team) &&`
Add missing permission helper for folder deletion [SCI-6114] (#3568) 2021-10-01 10:47:32 +02:00			`project_folder.projects.none? &&`
			`project_folder.project_folders.none?`
			`end`
			`end`

refactor read protocol in repository permission 2017-12-05 19:51:44 +01:00			`Canaid::Permissions.register_for(Protocol) do`
Add archive view for protocols template 2023-01-24 21:17:50 +01:00			`%i(manage_protocol_in_repository`
Protocol permission bugs [SCI-8058] (#5142) * Protocol permission bugs [SCI-8058] --------- Co-authored-by: Giga Chubinidze <gchubinidze@unisens.ge> 2023-03-15 14:14:20 +04:00			`manage_protocol_draft_in_repository`
Fix permission checks for protocols [SCI-7992] 2023-02-28 13:48:29 +01:00			`clone_protocol_in_repository`
			`publish_protocol_in_repository`
			`delete_protocol_draft_in_repository`
Fix visibility of save as draft button, fix permissions for new drafts [SCI-8145][SCI-8157] 2023-03-21 10:59:31 +01:00			`save_protocol_version_as_draft)`
Add versions and access columns to protocols table, update protocol model [SCI-7516] 2022-12-09 12:44:41 +01:00			`.each do \|perm\|`
			`can perm do \|_, protocol\|`
			`protocol.active?`
			`end`
			`end`

Overall refactoring of all canaid permissions and code related to their calls. 2018-02-15 18:46:29 +01:00			`# protocol in repository: read, export, read step, read/download step asset`
refactor read protocol in repository permission 2017-12-05 19:51:44 +01:00			`can :read_protocol_in_repository do \|user, protocol\|`
Add versions and access columns to protocols table, update protocol model [SCI-7516] 2022-12-09 12:44:41 +01:00			`protocol.permission_granted?(user, ProtocolPermissions::READ)`
refactor read protocol in repository permission 2017-12-05 19:51:44 +01:00			`end`
refactor update protocol in repository permission 2017-12-06 17:23:08 +01:00
Overall refactoring of all canaid permissions and code related to their calls. 2018-02-15 18:46:29 +01:00			`# protocol in repository: update, create/update/delete/reorder step,`
Fixed protocol in repository permissions, and refactored it a bit. 2018-02-16 12:03:44 +01:00			`# toggle private/public visibility, archive`
Overall refactoring of all canaid permissions and code related to their calls. 2018-02-15 18:46:29 +01:00			`can :manage_protocol_in_repository do \|user, protocol\|`
Add publish and delete action [SCI-7905] 2023-02-13 09:50:39 +01:00			`protocol.in_repository_draft? &&`
Add published view for protocol [SCI-7617] 2023-01-17 15:44:16 +01:00			`protocol.permission_granted?(user, ProtocolPermissions::MANAGE)`
Add versions and access columns to protocols table, update protocol model [SCI-7516] 2022-12-09 12:44:41 +01:00			`end`

Add permission for protocol draft management [SCI-7718] 2023-01-26 15:41:41 +01:00			`can :manage_protocol_draft_in_repository do \|user, protocol\|`
Protocol permission bugs [SCI-8058] (#5142) * Protocol permission bugs [SCI-8058] --------- Co-authored-by: Giga Chubinidze <gchubinidze@unisens.ge> 2023-03-15 14:14:20 +04:00			`protocol.in_repository_draft? &&`
			`protocol.permission_granted?(user, ProtocolPermissions::MANAGE_DRAFT)`
Add permission for protocol draft management [SCI-7718] 2023-01-26 15:41:41 +01:00			`end`

Add versions and access columns to protocols table, update protocol model [SCI-7516] 2022-12-09 12:44:41 +01:00			`can :manage_protocol_users do \|user, protocol\|`
Update permissions for team owner to see all protocols and can manage users [SCI-8380] (#5371) 2023-05-09 16:23:29 +02:00			`protocol.permission_granted?(user, ProtocolPermissions::USERS_MANAGE) \|\|`
			`protocol.team.permission_granted?(user, TeamPermissions::MANAGE)`
refactor update protocol in repository permission 2017-12-06 17:23:08 +01:00			`end`
refactor clone protocol permission 2017-12-07 11:11:27 +01:00
Fixed protocol in repository permissions, and refactored it a bit. 2018-02-16 12:03:44 +01:00			`# protocol in repository: restore`
			`can :restore_protocol_in_repository do \|user, protocol\|`
Revert "Protocol permissions - button display [SCI-8058]" (#5121) 2023-03-10 11:45:32 +01:00			`protocol.archived? && protocol.permission_granted?(user, ProtocolPermissions::MANAGE)`
Fixed protocol in repository permissions, and refactored it a bit. 2018-02-16 12:03:44 +01:00			`end`

Update restore action for protocol templates [SCI-7634] (#4969) * Update restore action for protocol templetes [SCI-7634] * Move protocol table reload to methond [SCI-7634] 2023-02-16 18:03:11 +01:00			`can :archive_protocol_in_repository do \|user, protocol\|`
Revert "Protocol permissions - button display [SCI-8058]" (#5121) 2023-03-10 11:45:32 +01:00			`protocol.active? && protocol.permission_granted?(user, ProtocolPermissions::MANAGE)`
Update restore action for protocol templates [SCI-7634] (#4969) * Update restore action for protocol templetes [SCI-7634] * Move protocol table reload to methond [SCI-7634] 2023-02-16 18:03:11 +01:00			`end`

Fixed protocol in repository permissions, and refactored it a bit. 2018-02-16 12:03:44 +01:00			`# protocol in repository: copy`
fix naming things 2018-01-05 15:15:50 +01:00			`can :clone_protocol_in_repository do \|user, protocol\|`
Update the exiting permissions helpers so they will check new permissions [SCI-6821] 2022-05-19 13:46:03 +02:00			`can_read_protocol_in_repository?(user, protocol) && can_create_protocols_in_repository?(user, protocol.team)`
refactor clone protocol permission 2017-12-07 11:11:27 +01:00			`end`
Add permission for protocol draft management [SCI-7718] 2023-01-26 15:41:41 +01:00
			`can :publish_protocol_in_repository do \|user, protocol\|`
Add publish and delete action [SCI-7905] 2023-02-13 09:50:39 +01:00			`protocol.in_repository_draft? &&`
Revert "Protocol permissions - button display [SCI-8058]" (#5121) 2023-03-10 11:45:32 +01:00			`protocol.permission_granted?(user, ProtocolPermissions::MANAGE)`
Add permission for protocol draft management [SCI-7718] 2023-01-26 15:41:41 +01:00			`end`
Add save as draft action 2023-02-22 14:59:48 +01:00
			`can :delete_protocol_draft_in_repository do \|user, protocol\|`
			`protocol.parent_id.present? &&`
			`can_manage_protocol_draft_in_repository?(user, protocol)`
			`end`

Fix visibility of save as draft button, fix permissions for new drafts [SCI-8145][SCI-8157] 2023-03-21 10:59:31 +01:00			`can :save_protocol_version_as_draft do \|user, protocol\|`
			`next false unless protocol.in_repository_published?`
Disable save as draft if draft exists [SCI-8025] (#5049) 2023-03-01 14:41:41 +01:00
Fix visibility of save as draft button, fix permissions for new drafts [SCI-8145][SCI-8157] 2023-03-21 10:59:31 +01:00			`protocol.permission_granted?(user, ProtocolPermissions::MANAGE_DRAFT)`
Add save as draft action 2023-02-22 14:59:48 +01:00			`end`
refactor read protocol in repository permission 2017-12-05 19:51:44 +01:00			`end`
Add permissions for Report model [SCI-6834] 2022-05-23 13:32:15 +02:00
			`Canaid::Permissions.register_for(Report) do`
			`can :read_report do \|user, report\|`
Fix automatic user assigning to reports and inventories [SCI-7365][SCI-7366] 2022-10-20 15:35:43 +02:00			`can_read_project?(report.project) && report.permission_granted?(user, ReportPermissions::READ)`
Add permissions for Report model [SCI-6834] 2022-05-23 13:32:15 +02:00			`end`

			`can :manage_report do \|user, report\|`
Fix automatic user assigning to reports and inventories [SCI-7365][SCI-7366] 2022-10-20 15:35:43 +02:00			`can_read_project?(report.project) && report.permission_granted?(user, ReportPermissions::MANAGE)`
Add permissions for Report model [SCI-6834] 2022-05-23 13:32:15 +02:00			`end`

			`can :manage_report_users do \|user, report\|`
			`report.permission_granted?(user, ReportPermissions::USERS_MANAGE)`
refactor clone protocol permission 2017-12-07 11:11:27 +01:00			`end`
refactor read protocol in repository permission 2017-12-05 19:51:44 +01:00			`end`