refactor manage samples permissions again, so that addons permissions can be added

2025-01-30 11:41:19 +08:00 · 2017-12-20 16:05:05 +01:00 · 2017-12-20 16:05:05 +01:00 · 0774b6f7e6
commit 0774b6f7e6
parent bd7eda1506
5 changed files with 23 additions and 12 deletions
--- a/app/controllers/concerns/sample_actions.rb
+++ b/app/controllers/concerns/sample_actions.rb
@ -11,7 +11,7 @@ module SampleActions
      params[:sample_ids].each do |id|
        sample = Sample.find_by_id(id)

-        if sample
+        if sample && can_update_or_delete_sample?(sample)
          sample.destroy
          counter_user += 1
        else
@ -45,8 +45,6 @@ module SampleActions
  end

  def check_destroy_samples_permissions
-    unless can_manage_sample?(@project.team)
-      render_403
-    end
+    render_403 unless can_manage_samples?(@project.team)
  end
 end
--- a/app/controllers/samples_controller.rb
+++ b/app/controllers/samples_controller.rb
@ -6,7 +6,9 @@ class SamplesController < ApplicationController
  before_action :load_vars, only: [:edit, :update, :destroy, :show]
  before_action :load_vars_nested, only: [:new, :create]

-  before_action :check_manage_permissions, exept: :show
+  before_action :check_create_permissions, only: %i(new create)
+  before_action :check_update_and_delete_permissions,
+                only: %i(edit update destroy)

  def new
    respond_to do |format|
@ -305,8 +307,12 @@ class SamplesController < ApplicationController
    end
  end

-  def check_manage_permissions
-    render_403 unless can_manage_sample?(@team)
+  def check_create_permissions
+    render_403 unless can_manage_samples?(@team)
+  end
+
+  def check_update_and_delete_permissions
+    render_403 unless can_update_or_delete_sample?(@sample)
  end

  def sample_params
--- a/app/controllers/teams_controller.rb
+++ b/app/controllers/teams_controller.rb
@ -249,7 +249,7 @@ class TeamsController < ApplicationController
  end

  def check_create_sample_permissions
-    unless can_manage_sample?(@team)
+    unless can_manage_samples?(@team)
      render_403
    end
  end
--- a/app/permissions/team.rb
+++ b/app/permissions/team.rb
@ -27,8 +27,8 @@ Canaid::Permissions.register_for(Team) do
    user.is_normal_user_or_admin_of_team?(team)
  end

-  # create, import, edit, delete sample
-  can :manage_sample do |user, team|
+  # create, import, edit, delete samples
+  can :manage_samples do |user, team|
    user.is_normal_user_or_admin_of_team?(team)
  end

@ -81,3 +81,10 @@ Canaid::Permissions.register_for(Protocol) do
      can_read_protocol_in_repository?(user, protocol)
  end
 end
+
+Canaid::Permissions.register_for(Sample) do
+  # edit, delete specific sample
+  can :update_or_delete_sample do |user, sample|
+    can_manage_samples?(user, sample.team)
+  end
+end
--- a/app/views/shared/_samples.html.erb
+++ b/app/views/shared/_samples.html.erb
@ -21,7 +21,7 @@
    data-module-id="<%= @my_module.id %>"
  <% end %>>

-  <% if can_manage_sample?(@team) %>
+  <% if can_manage_samples?(@team) %>
    <button type="button" class="btn btn-default editAdd" id="addSample" onclick="onClickAddSample()">
      <span class="glyphicon glyphicon-plus"></span>
      <span class="hidden-xs"><%= t("samples.add_new_sample") %></span>
@ -99,7 +99,7 @@
    <span class="hidden-xs-custom"><%= t("samples.edit_sample") %></span>
  </button>

-  <% if can_manage_sample?(@team) %>
+  <% if can_manage_samples?(@team) %>
    <button type="button" class="btn btn-default"
      id="deleteSamplesButton" data-target="#deleteSamples" data-toggle="modal" disabled>
      <span class="glyphicon glyphicon-trash"></span>