Update shared inventory permissions [SCI-3802] (#2009)

* Update shared inventory permissions * Fix tests and simplify condition for placeholder
2025-10-02 01:45:38 +08:00 · 2019-08-23 10:57:02 +02:00 · 2019-08-23 10:57:02 +02:00 · 0810699770
commit 0810699770
parent 5d3a0d7eea
5 changed files with 14 additions and 24 deletions
--- a/app/models/repository.rb
+++ b/app/models/repository.rb
@ -83,13 +83,13 @@ class Repository < ApplicationRecord
  def shared_with?(team)
    return false if self.team == team

-    shared? || team_repositories.where(team: team).any?
+    shared? || private_shared_with?(team)
  end

  def shared_with_write?(team)
    return false if self.team == team

-    shared? && write? || team_repositories.where(team: team, permission_level: :write).any?
+    shared? && write? || private_shared_with_write?(team)
  end

  def shared_with_read?(team)
@ -125,6 +125,7 @@ class Repository < ApplicationRecord
    # Add all other custom columns
    repository_columns.order(:created_at).each do |rc|
      next unless rc.importable?
+
      fields[rc.id] = rc.name
    end
    fields
--- a/app/permissions/repository.rb
+++ b/app/permissions/repository.rb
@ -3,36 +3,25 @@
 Canaid::Permissions.register_for(Repository) do
  # repository: read/export
  can :read_repository do |user, repository|
-    user.teams.include?(repository.team) ||
-      repository.shared? ||
-      repository.team_repositories.where(team: user.teams).any?
+    user.teams.include?(repository.team) || repository.shared_with?(user.current_team)
  end

  # repository: update, delete
  can :manage_repository do |user, repository|
-    user.is_admin_of_team?(repository.team)
+    user.is_admin_of_team?(repository.team) unless repository.shared_with?(user.current_team)
  end

  # repository: share
  can :share_repository do |user, repository|
-    user.is_admin_of_team?(repository.team)
+    user.is_admin_of_team?(repository.team) unless repository.shared_with?(user.current_team)
  end

  # repository: create/import record
  can :create_repository_rows do |user, repository|
-    if user.teams.include?(repository.team)
+    if repository.shared_with?(user.current_team)
+      repository.shared_with_write?(user.current_team) && user.is_normal_user_or_admin_of_team?(user.current_team)
+    elsif user.teams.include?(repository.team)
      user.is_normal_user_or_admin_of_team?(repository.team)
-    elsif repository.shared? && repository.write?
-      user.is_normal_user_or_admin_of_team?(user.current_team)
-    elsif (write_team_repos = repository
-                                .team_repositories
-                                .where(team_id: user.teams.pluck(:id))
-                                .where(permission_level: :write)).any?
-      # When has some repository's relations with write permissions for at least one of user's teams.
-
-      user.is_normal_user_or_admin_of_team?(write_team_repos.first.team)
-    else
-      false
    end
  end

@ -43,6 +32,6 @@ Canaid::Permissions.register_for(Repository) do

  # repository: create field
  can :create_repository_columns do |user, repository|
-    can_create_repository_rows?(user, repository)
+    can_create_repository_rows?(user, repository) unless repository.shared_with?(user.current_team)
  end
 end
--- a/app/views/repositories/_sidebar.html.erb
+++ b/app/views/repositories/_sidebar.html.erb
@ -25,7 +25,7 @@
              <% end %>

              <% if repository.shared_with?(current_team) %>
-                <% if repository.shared_with_write?(current_team) || can_manage_repository?(@repository) %>
+                <% if can_manage_repository_rows?(repository) %>
                  <%= draw_custom_icon('shared-edit') %>
                <% else %>
                  <%= draw_custom_icon('shared-read') %>
--- a/app/views/repositories/show.html.erb
+++ b/app/views/repositories/show.html.erb
@ -13,7 +13,7 @@
  <div id="repository-toolbar">
    <span class="repository-share-icon">
      <% if @repository.shared_with?(current_team) %>
-        <% if @repository.shared_with_write?(current_team) || can_manage_repository?(@repository) %>
+        <% if can_manage_repository_rows?(@repository) %>
          <%= draw_custom_icon('shared-edit') %>
        <% else %>
          <%= draw_custom_icon('shared-read') %>
@ -143,7 +143,7 @@
        <span class="fas fa-copy"></span>
        <span class="hidden-xs-custom"><%= t("repositories.copy_record") %></span>
      </button>
-    <% elsif @repository.shared_with_read?(current_team) %>
+    <% elsif @repository.shared_with?(current_team) %>
      <p class="view-only-label"><%= t('repositories.index.view_only_permission_label') %></p>
    <% end %>
  </div>
--- a/spec/permissions/repositroy_permissions_spec.rb
+++ b/spec/permissions/repositroy_permissions_spec.rb
@ -5,7 +5,7 @@ require 'rails_helper'
 describe 'RepositoryPermissions' do
  include Canaid::Helpers::PermissionsHelper

-  let(:user) { create :user }
+  let(:user) { create :user, current_team_id: team.id }
  let(:repository) { build :repository, team: team }
  let(:team) { create :team }
  let(:write_shared_repository) { create :repository, :write_shared }