mirror of
https://github.com/scinote-eln/scinote-web.git
synced 2024-12-27 10:14:17 +08:00
Readded module level archive, move, clone and manag permissions. Corrected their usage and add the permissions check in some additional places.
This commit is contained in:
parent
1182ce5da1
commit
0706d16020
12 changed files with 101 additions and 37 deletions
|
@ -20,7 +20,7 @@ module Api
|
|||
exp.my_modules.find_each do |tk|
|
||||
task = tk.as_json(only: %i(name description archived))
|
||||
task['task_id'] = tk.id.to_s
|
||||
task['editable'] = can_manage_experiment?(tk.experiment)
|
||||
task['editable'] = can_manage_module?(tk)
|
||||
tasks << task
|
||||
end
|
||||
experiment['tasks'] = tasks
|
||||
|
|
|
@ -31,9 +31,12 @@ class CanvasController < ApplicationController
|
|||
def update
|
||||
# Make sure that remove parameter is valid
|
||||
to_archive = []
|
||||
if can_manage_experiment?(@experiment) && update_params[:remove].present?
|
||||
if update_params[:remove].present?
|
||||
to_archive = update_params[:remove].split(',')
|
||||
if to_archive.all? { |id| is_int? id }
|
||||
if to_archive.all? do |id|
|
||||
is_int?(id) &&
|
||||
can_manage_module?(MyModule.find_by_id(id))
|
||||
end
|
||||
to_archive.collect!(&:to_i)
|
||||
else
|
||||
return render_403
|
||||
|
@ -104,7 +107,10 @@ class CanvasController < ApplicationController
|
|||
# Okay, JSON parsed!
|
||||
unless to_rename.is_a?(Hash) &&
|
||||
to_rename.keys.all? { |k| k.is_a? String } &&
|
||||
to_rename.values.all? { |k| k.is_a? String }
|
||||
to_rename.values.all? { |k| k.is_a? String } &&
|
||||
to_rename.keys.all? do |id|
|
||||
can_manage_module?(MyModule.find_by_id(id))
|
||||
end
|
||||
return render_403
|
||||
end
|
||||
rescue
|
||||
|
@ -114,13 +120,16 @@ class CanvasController < ApplicationController
|
|||
|
||||
# Make sure move parameter is valid
|
||||
to_move = {}
|
||||
if can_manage_experiment?(@experiment) && update_params[:move].present?
|
||||
if update_params[:move].present?
|
||||
begin
|
||||
to_move = JSON.parse(update_params[:move])
|
||||
# Okay, JSON parsed!
|
||||
unless to_move.is_a?(Hash) &&
|
||||
to_move.keys.all? { |k| k.is_a? String } &&
|
||||
to_move.values.all? { |k| k.is_a? String }
|
||||
to_move.values.all? { |k| k.is_a? String } &&
|
||||
to_rename.keys.all? do |id|
|
||||
can_manage_module?(MyModule.find_by_id(id))
|
||||
end
|
||||
return render_403
|
||||
end
|
||||
rescue
|
||||
|
|
|
@ -14,8 +14,8 @@ class ExperimentsController < ApplicationController
|
|||
:clone_modal, :move_modal, :delete_samples]
|
||||
before_action :check_view_permissions,
|
||||
only: [:canvas, :module_archive]
|
||||
before_action :check_experiment_move_or_clone_permissions,
|
||||
only: %i(clone_modal clone move_modal move)
|
||||
before_action :check_clone_permissions, only: %i(clone_modal clone)
|
||||
before_action :check_move_permissions, only: %i(move_modal move)
|
||||
|
||||
# except parameter could be used but it is not working.
|
||||
layout :choose_layout
|
||||
|
@ -344,8 +344,12 @@ class ExperimentsController < ApplicationController
|
|||
render_403 unless can_read_experiment?(@experiment)
|
||||
end
|
||||
|
||||
def check_experiment_move_or_clone_permissions
|
||||
render_403 unless can_move_or_clone_experiment?(@experiment)
|
||||
def check_clone_permissions
|
||||
render_403 unless can_clone_experiment?(@experiment)
|
||||
end
|
||||
|
||||
def check_move_permissions
|
||||
render_403 unless can_move_experiment?(@experiment)
|
||||
end
|
||||
|
||||
def choose_layout
|
||||
|
|
|
@ -602,7 +602,7 @@ class MyModulesController < ApplicationController
|
|||
end
|
||||
|
||||
def check_manage_permissions
|
||||
render_403 unless can_manage_experiment?(@my_module.experiment)
|
||||
render_403 unless can_manage_module?(@my_module)
|
||||
end
|
||||
|
||||
def check_view_info_permissions
|
||||
|
|
|
@ -12,29 +12,64 @@ Canaid::Permissions.register_for(Experiment) do
|
|||
|
||||
# experiment: create, update, delete
|
||||
# canvas/workflow: edit
|
||||
# module: create, edit, delete, archive, move
|
||||
# module: create
|
||||
can :manage_experiment do |user, experiment|
|
||||
user.is_user_or_higher_of_project?(experiment.project)
|
||||
end
|
||||
|
||||
can :restore_experiment do |user, experiment|
|
||||
experiment.archived? && can_manage_experiment?(user, experiment)
|
||||
# experiment: archive
|
||||
can :archive_experiment do |user, experiment|
|
||||
can_manage_experiment?(user, experiment)
|
||||
end
|
||||
|
||||
can :move_or_clone_experiment do |user, experiment|
|
||||
# experiment: restore
|
||||
can :restore_experiment do |user, experiment|
|
||||
can_manage_experiment?(user, experiment) && experiment.archived?
|
||||
end
|
||||
|
||||
# experiment: clone
|
||||
can :clone_experiment do |user, experiment|
|
||||
user.is_user_or_higher_of_project?(experiment.project) &&
|
||||
user.is_normal_user_or_admin_of_team?(experiment.project.team)
|
||||
end
|
||||
|
||||
# experiment: move
|
||||
can :move_experiment do |user, experiment|
|
||||
can_clone_experiment?(user, experiment)
|
||||
end
|
||||
|
||||
%i(read_experiment
|
||||
manage_experiment
|
||||
archive_experiment
|
||||
clone_experiment
|
||||
move_experiment)
|
||||
.each do |perm|
|
||||
can perm do |_, experiment|
|
||||
experiment.project.active?
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
Canaid::Permissions.register_for(MyModule) do
|
||||
# module: restore
|
||||
can :restore_module do |user, my_module|
|
||||
my_module.archived? && can_manage_experiment?(user, experiment)
|
||||
can_manage_experiment?(user, my_module.experiment) && my_module.archived?
|
||||
end
|
||||
|
||||
# module: edit, archive, move
|
||||
can :manage_module do |user, my_module|
|
||||
can_manage_experiment?(user, my_module.experiment)
|
||||
end
|
||||
|
||||
%i(manage_module).each do |perm|
|
||||
can perm do |_, my_module|
|
||||
my_module.experiment.project.active?
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
Canaid::Permissions.register_for(Protocol) do
|
||||
# protocol: read
|
||||
# protocol in module: read
|
||||
# step: read, read comments, read assets, download assets
|
||||
can :read_protocol_in_module do |user, protocol|
|
||||
if protocol.in_module?
|
||||
|
@ -48,8 +83,8 @@ Canaid::Permissions.register_for(Protocol) do
|
|||
end
|
||||
end
|
||||
|
||||
# protocol: create, update, delete, unlink, revert, update from protocol in
|
||||
# repository
|
||||
# protocol in module: create, update, delete, unlink, revert, update from
|
||||
# protocol in repository, update from file
|
||||
# step: create, update, delete, reorder
|
||||
can :manage_protocol_in_module do |user, protocol|
|
||||
if protocol.in_module?
|
||||
|
@ -57,9 +92,17 @@ Canaid::Permissions.register_for(Protocol) do
|
|||
my_module.active? &&
|
||||
my_module.experiment.active? &&
|
||||
my_module.experiment.project.active? &&
|
||||
can_manage_experiment?(user, my_module.experiment)
|
||||
can_manage_module?(user, my_module)
|
||||
else
|
||||
false
|
||||
end
|
||||
end
|
||||
|
||||
%i(read_protocol_in_module
|
||||
manage_protocol_in_module)
|
||||
.each do |perm|
|
||||
can perm do |_, protocol|
|
||||
protocol.my_module.experiment.project.active?
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -71,12 +71,16 @@
|
|||
</span>
|
||||
</div>
|
||||
<div id="diagram-container">
|
||||
<% if can_manage_experiment?(@experiment) %>
|
||||
<div id="diagram" class="diagram">
|
||||
<% my_modules.each do |my_module| %>
|
||||
<%= render partial: "canvas/edit/my_module", locals: {experiment: @experiment, my_module: my_module} %>
|
||||
<% end %>
|
||||
</div>
|
||||
<% end %>
|
||||
</div>
|
||||
|
||||
<%-# Since we need to preload modals, we just check permission for experiment, instead of permissions for every module and module group -%>
|
||||
<% if can_manage_experiment?(@experiment) %>
|
||||
<%= render partial: "canvas/edit/modal/new_module", locals: {experiment: @experiment} %>
|
||||
<%= render partial: "canvas/edit/modal/edit_module", locals: {experiment: @experiment } %>
|
||||
|
|
|
@ -16,7 +16,7 @@
|
|||
</a>
|
||||
<ul class="dropdown-menu no-scale" aria-labelledby="<%= my_module.id %>_options">
|
||||
<li class="dropdown-header"><%= t('projects.index.options_header') %></li>
|
||||
<% if can_manage_experiment?(my_module.experiment) %>
|
||||
<% if can_manage_module?(my_module) %>
|
||||
<li>
|
||||
<a class="edit-module" href="" data-module-id="<%= my_module.id %>"><%=t "experiments.canvas.edit.edit_module" %></a>
|
||||
</li>
|
||||
|
@ -29,7 +29,7 @@
|
|||
<a class ="clone-module-group" href="" data-module-id="<%= my_module.id %>"><%=t "experiments.canvas.edit.clone_module_group" %></a>
|
||||
</li>
|
||||
<% end %>
|
||||
<% if can_manage_experiment?(my_module.experiment) %>
|
||||
<% if can_manage_module?(my_module) %>
|
||||
<li>
|
||||
<a class="move-module" href="" data-module-id="<%= my_module.id %>"><%=t "experiments.canvas.edit.move_module" %></a>
|
||||
</li>
|
||||
|
@ -39,6 +39,8 @@
|
|||
<li>
|
||||
<a class="delete-module" href="" data-module-id="<%= my_module.id %>"><%=t "experiments.canvas.edit.delete_module" %></a>
|
||||
</li>
|
||||
<% end %>
|
||||
<% if my_module.my_module_group && my_module.my_module_group.my_modules.all? { |my_module| can_manage_module?(my_module) } %>
|
||||
<li data-hook="archive-module-group"
|
||||
<%= 'style=display:none;' if my_module.my_module_group.blank? %>>
|
||||
<a class ="delete-module-group" href="" data-module-id="<%= my_module.id %>"><%=t "experiments.canvas.edit.delete_module_group" %></a>
|
||||
|
|
|
@ -31,7 +31,7 @@
|
|||
</div>
|
||||
|
||||
<div class="panel-body">
|
||||
<% if can_manage_experiment?(my_module.experiment) %>
|
||||
<% if can_manage_module?(my_module) %>
|
||||
<%= link_to due_date_my_module_path(my_module, format: :json), remote: true, class: "due-date-link due-date-refresh" do %>
|
||||
<%= render partial: "my_modules/due_date_label.html.erb", locals: { my_module: my_module } %>
|
||||
<% end %>
|
||||
|
|
|
@ -10,12 +10,14 @@
|
|||
data: { id: experiment.id },
|
||||
class: 'edit-experiment' %></li>
|
||||
<% end %>
|
||||
<% if can_move_or_clone_experiment?(experiment) %>
|
||||
<% if can_clone_experiment?(experiment) %>
|
||||
<li><%= link_to t('experiments.clone.label_title'),
|
||||
clone_modal_experiment_url(experiment),
|
||||
remote: true,
|
||||
type: 'button',
|
||||
class: 'clone-experiment' %></li>
|
||||
<% end %>
|
||||
<% if can_move_experiment?(experiment) %>
|
||||
<li><%= link_to t('experiments.move.label_title'),
|
||||
move_modal_experiment_url(experiment),
|
||||
remote: true,
|
||||
|
|
|
@ -11,7 +11,7 @@
|
|||
|
||||
<div class="col-xs-6 col-sm-6 col-md-4">
|
||||
<div class="badge-icon bg-primary">
|
||||
<% if can_manage_experiment?(@my_module.experiment) %>
|
||||
<% if can_manage_module?(@my_module) %>
|
||||
<%= link_to due_date_my_module_path(@my_module, format: :json), remote: true, class: "due-date-link", style: "color: inherit" do %>
|
||||
<span class="glyphicon glyphicon-calendar"></span>
|
||||
<% end %>
|
||||
|
@ -21,7 +21,7 @@
|
|||
</div>
|
||||
<div class="well well-sm">
|
||||
<span class="hidden-xs hidden-sm hidden-md"><%=t "my_modules.module_header.due_date" %></span>
|
||||
<% if can_manage_experiment?(@my_module.experiment) %>
|
||||
<% if can_manage_module?(@my_module) %>
|
||||
<%= link_to due_date_my_module_path(@my_module, format: :json), remote: true, class: "due-date-link", style: "color: inherit" do %>
|
||||
<span class="task-due-date">
|
||||
<%= render partial: "module_header_due_date_label.html.erb",
|
||||
|
@ -62,7 +62,7 @@
|
|||
</div>
|
||||
<div class="well well-sm">
|
||||
<span class="hidden-xs hidden-sm"><%=t "my_modules.module_header.tags" %></span>
|
||||
<% if can_manage_experiment?(@my_module.experiment) %>
|
||||
<% if can_manage_module?(@my_module) %>
|
||||
<%= link_to my_module_tags_edit_url(@my_module, format: :json), remote: true, class: "edit-tags-link tags-refresh", style: "color: inherit" do %>
|
||||
<%= render partial: "my_modules/tags", locals: { my_module: @my_module } %>
|
||||
<% end %>
|
||||
|
@ -75,7 +75,7 @@
|
|||
|
||||
<div>
|
||||
<div class="badge-icon bg-primary">
|
||||
<% if can_manage_experiment?(@my_module.experiment) %>
|
||||
<% if can_manage_module?(@my_module) %>
|
||||
<%= link_to description_my_module_path(@my_module, format: :json), remote: true, class: "description-link", style: "color: inherit" do %>
|
||||
<span class="glyphicon glyphicon-info-sign"></span>
|
||||
<% end %>
|
||||
|
@ -84,7 +84,7 @@
|
|||
<% end %>
|
||||
</div>
|
||||
<div class="well well-sm">
|
||||
<% if can_manage_experiment?(@my_module.experiment) %>
|
||||
<% if can_manage_module?(@my_module) %>
|
||||
<%= link_to description_my_module_path(@my_module, format: :json), remote: true, class: "description-label description-link description-refresh", style: "color: inherit" do %>
|
||||
<% if @my_module.description.present? and not @my_module.description.empty? %>
|
||||
<%= @my_module.description %>
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
<%= render partial: "description_label.html.erb" %>
|
||||
</span>
|
||||
</li>
|
||||
<% if can_manage_experiment?(@my_module.experiment) %>
|
||||
<% if can_manage_module?(@my_module) %>
|
||||
<hr>
|
||||
<li>
|
||||
<%= link_to t("experiments.canvas.popups.full_info"), description_my_module_path(@my_module, format: :json), class: "description-link", remote: true %>
|
||||
|
|
|
@ -81,8 +81,8 @@
|
|||
<span class="caret"></span>
|
||||
</a>
|
||||
<ul class="dropdown-menu">
|
||||
<%-# For updating module protocol from repository protocol we don't need to check read permission for the repository protocol -%>
|
||||
<% if can_manage_protocol_in_module?(@protocol) %>
|
||||
<%-# For update_from_parent and update_from_parent_modal we don't need to check read permission for the parent protocol -%>
|
||||
<li><%= link_to update_from_parent_modal_protocol_path(@protocol, format: :json), remote: true, title: t("my_modules.protocols.protocol_status_bar.btns.update_self_title"), data: { action: "update-self" } do %>
|
||||
<%= t("my_modules.protocols.protocol_status_bar.btns.update_self") %>
|
||||
<% end %>
|
||||
|
@ -122,8 +122,8 @@
|
|||
<li class="disabled"><a href="#" title="<%= t("my_modules.protocols.protocol_status_bar.btns.update_parent_title") %>"><%= t("my_modules.protocols.protocol_status_bar.btns.update_parent") %></a>
|
||||
</li>
|
||||
<% end %>
|
||||
<%-# For updating module protocol from repository protocol we don't need to check read permission for the repository protocol -%>
|
||||
<% if can_manage_protocol_in_module?(@protocol) %>
|
||||
<%-# && can_read_protocol_in_repository?(@protocol) not needed - user can update protocol in module even if it's private and he's not the owner -%>
|
||||
<li>
|
||||
<%= link_to update_from_parent_modal_protocol_path(@protocol, format: :json), remote: true, title: t("my_modules.protocols.protocol_status_bar.btns.update_self_title"), data: { action: "update-self" } do %>
|
||||
<%= t("my_modules.protocols.protocol_status_bar.btns.update_self") %>
|
||||
|
|
Loading…
Reference in a new issue