Separate view/edit/modify permissions SCI-4058

app/controllers/repositories_controller.rb

@@ -28,7 +28,11 @@ class RepositoriesController < ApplicationController
     render 'repositories/index'
   end
 
-  def show; end
+  def show
+    @display_edit_button      = can_create_repository_rows?(current_user, @repository)
+    @display_delete_button    = can_delete_repository_rows?(current_user, @repository)
+    @display_duplicate_button = can_create_repository_rows?(current_user, @repository)
+  end
 
   def create_modal
     @repository = Repository.new

app/controllers/repository_rows_controller.rb

@@ -270,6 +270,7 @@ class RepositoryRowsController < ApplicationController
   end
 
   def delete_records
+    render_403 unless can_delete_repository_rows?(@repository)
     deleted_count = 0
     if selected_params
       selected_params.each do |row_id|

app/permissions/repository.rb

@@ -30,6 +30,14 @@ Canaid::Permissions.register_for(Repository) do
     can_create_repository_rows?(user, repository)
   end
 
+  can :update_repository_rows do |user, repository|
+    can_manage_repository_rows?(user, repository)
+  end
+
+  can :delete_repository_rows do |user, repository|
+    can_manage_repository_rows?(user, repository)
+  end
+
   # repository: create field
   can :create_repository_columns do |user, repository|
     can_create_repository_rows?(user, repository) unless repository.shared_with?(user.current_team)

app/views/repositories/show.html.erb

@@ -128,21 +128,30 @@
     <% end %>
 
     <% if can_manage_repository_rows?(@repository) %>
-      <button type="button" class="btn btn-default editAdd" id="editRepositoryRecord" onclick="onClickEdit()" disabled>
-        <span class="fas fa-pencil-alt"></span>
-        <span class="hidden-xs-custom"><%= t("repositories.edit_record") %></span>
-      </button>
-      <button type="button" class="btn btn-default"
-        id="deleteRepositoryRecordsButton" onclick="onClickDelete()" disabled>
-        <span class="fas fa-trash"></span>
-        <span class="hidden-xs-custom"><%= t'repositories.delete_record' %></span>
-          <%= submit_tag I18n.t('repositories.delete_record'), :class => "hidden
-          delete_repository_records_submit" %>
-      </button>
-      <button type="button" class="btn btn-default copyRow" id="copyRepositoryRecords" onclick="onClickCopyRepositoryRecords()" disabled>
-        <span class="fas fa-copy"></span>
-        <span class="hidden-xs-custom"><%= t("repositories.copy_record") %></span>
-      </button>
+      
+      <%if @display_edit_button %>
+        <button type="button" class="btn btn-default editAdd" id="editRepositoryRecord" onclick="onClickEdit()" disabled>
+          <span class="fas fa-pencil-alt"></span>
+          <span class="hidden-xs-custom"><%= t("repositories.edit_record") %></span>
+        </button>
+      <% end %>
+      
+      <%if @display_delete_button %>
+        <button type="button" class="btn btn-default"
+          id="deleteRepositoryRecordsButton" onclick="onClickDelete()" disabled>
+          <span class="fas fa-trash"></span>
+          <span class="hidden-xs-custom"><%= t'repositories.delete_record' %></span>
+            <%= submit_tag I18n.t('repositories.delete_record'), :class => "hidden
+            delete_repository_records_submit" %>
+        </button>
+      <% end %>
+      
+      <%if @display_duplicate_button %>
+        <button type="button" class="btn btn-default copyRow" id="copyRepositoryRecords" onclick="onClickCopyRepositoryRecords()" disabled>
+          <span class="fas fa-copy"></span>
+          <span class="hidden-xs-custom"><%= t("repositories.copy_record") %></span>
+        </button>
+      <%end%>
     <% elsif @repository.shared_with?(current_team) %>
       <p class="view-only-label"><%= t('repositories.index.view_only_permission_label') %></p>
     <% end %>