mirror of
https://github.com/scinote-eln/scinote-web.git
synced 2025-09-06 13:14:29 +08:00
refactor manage sample elements permissions again because of addons
This commit is contained in:
parent
dc68b3068b
commit
0c519b8f03
3 changed files with 18 additions and 5 deletions
|
@ -3,7 +3,8 @@ class CustomFieldsController < ApplicationController
|
|||
|
||||
before_action :load_vars, except: :create
|
||||
before_action :load_vars_nested, only: [:create, :destroy_html]
|
||||
before_action :check_permissions
|
||||
before_action :check_create_permissions, only: :create
|
||||
before_action :check_update_and_delete_permissions, except: :create
|
||||
|
||||
def create
|
||||
@custom_field = CustomField.new(custom_field_params)
|
||||
|
@ -103,10 +104,14 @@ class CustomFieldsController < ApplicationController
|
|||
render_404 unless @team
|
||||
end
|
||||
|
||||
def check_permissions
|
||||
def check_create_permissions
|
||||
render_403 unless can_manage_sample_elements?(@team)
|
||||
end
|
||||
|
||||
def check_update_and_delete_permissions
|
||||
render_403 unless can_update_or_delete_custom_field?(@custom_field)
|
||||
end
|
||||
|
||||
def custom_field_params
|
||||
params.require(:custom_field).permit(:name)
|
||||
end
|
||||
|
|
|
@ -32,7 +32,8 @@ Canaid::Permissions.register_for(Team) do
|
|||
user.is_normal_user_or_admin_of_team?(team)
|
||||
end
|
||||
|
||||
# create, update, delete custom field, sample type and sample group
|
||||
# create custom field
|
||||
# create, update, delete sample type or sample group
|
||||
can :manage_sample_elements do |user, team|
|
||||
user.is_normal_user_or_admin_of_team?(team)
|
||||
end
|
||||
|
@ -88,3 +89,10 @@ Canaid::Permissions.register_for(Sample) do
|
|||
can_manage_samples?(user, sample.team)
|
||||
end
|
||||
end
|
||||
|
||||
Canaid::Permissions.register_for(CustomField) do
|
||||
# update, delete custom field
|
||||
can :update_or_delete_custom_field do |user, custom_field|
|
||||
can_manage_sample_elements?(user, custom_field.team)
|
||||
end
|
||||
end
|
||||
|
|
|
@ -148,8 +148,8 @@
|
|||
<% all_custom_fields.each do |cf| %>
|
||||
<th class="custom-field"
|
||||
id="<%= cf.id %>"
|
||||
<%= 'data-editable' if can_manage_sample_elements?(@team) %>
|
||||
<%= 'data-deletable' if can_manage_sample_elements?(@team) %>
|
||||
<%= 'data-editable' if can_update_or_delete_custom_field?(cf) %>
|
||||
<%= 'data-deletable' if can_update_or_delete_custom_field?(cf) %>
|
||||
<%= "data-edit-url='#{edit_team_custom_field_path(@team, cf)}'" %>
|
||||
<%= "data-update-url='#{team_custom_field_path(@team, cf)}'" %>
|
||||
<%= "data-destroy-html-url='#{team_custom_field_destroy_html_path(@team, cf)}'" %>
|
||||
|
|
Loading…
Add table
Reference in a new issue