scinote-eln/scinote-web
1
1
Fork 0
mirror of https://github.com/scinote-eln/scinote-web.git synced 2024-09-20 23:16:15 +08:00
Code Issues Packages Projects Releases Wiki Activity

Corrected some project level permissions; minor refactoring.

Browse source
This commit is contained in:
Matej Zrimšek 2018-02-02 18:19:03 +01:00
parent e5799ee6dc
commit 13e9a2a132
8 changed files with 70 additions and 62 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
app/controllers/reports_controller.rb
View file

@ -33,8 +33,6 @@ class ReportsController < ApplicationController
before_action :check_create_permissions, only: [
:new,
:create,
:edit,
:update,
:generate,
:save_modal,
:project_contents_modal,
@ -47,7 +45,8 @@ class ReportsController < ApplicationController
:step_contents,
:result_contents
]
before_action :check_manage_permissions, only: %i(edit update destroy)
before_action :check_manage_permissions, only: %i(edit update
destroy)
layout 'fluid'

7
app/controllers/user_projects_controller.rb
View file

@ -3,7 +3,8 @@ class UserProjectsController < ApplicationController
include InputSanitizeHelper
before_action :load_vars
before_action :check_view_permissions, only: %i(index index_edit)
before_action :check_view_permissions, only: :index
before_action :check_manage_users_permissions, only: :index_edit
before_action :check_create_permissions, only: :create
before_action :check_update_permisisons, only: %i(update destroy)
@ -181,6 +182,10 @@ class UserProjectsController < ApplicationController
render_403 unless can_read_project?(@project)
end
def check_manage_users_permissions
render_403 unless can_update_project?(@project)
end
def check_create_permissions
render_403 unless can_create_projects?(current_team)
end

21
app/permissions/project.rb
View file

@ -1,6 +1,6 @@
Canaid::Permissions.register_for(Project) do
can :read_project do |user, project|
user.is_user_or_higher_of_project?(project) ||
user.is_member_of_project?(project) ||
user.is_admin_of_team?(project.team) ||
(project.visible? && user.is_member_of_team?(project.team))
end
@ -30,6 +30,18 @@ Canaid::Permissions.register_for(Project) do
can :manage_reports do |user, project|
user.is_technician_or_higher_of_project?(project)
end
%(read_project
update_project
create_experiment
add_comment_to_project
manage_tags
manage_reports)
.each do |perm|
can perm do |_, project|
project.active?
end
end
end
Canaid::Permissions.register_for(Comment) do
@ -37,4 +49,11 @@ Canaid::Permissions.register_for(Comment) do
comment.project.present? && (comment.user == user ||
user.is_owner_of_project?(project))
end
%(update_or_delete_project_comment)
.each do |perm|
can perm do |_, project|
project.active?
end
end
end

2
app/views/experiments/canvas.html.erb
View file

@ -43,7 +43,7 @@
</div>
</div>
<% if can_create_experiment?(@project) && @experiment.active? %>
<% if can_create_experiment?(@project) %>
<%= link_to new_project_experiment_url(@project),
remote: true,
type: "button",

4
app/views/project_comments/_comment.html.erb
View file

@ -14,7 +14,6 @@
</a>
<ul class="dropdown-menu dropdown-menu-fixed" aria-labelledby="comment-<%= comment.id %>-dropdown">
<li class="dropdown-header"><%= I18n.t('comments.options_dropdown.header') %></li>
<% if can_update_or_delete_project_comment?(comment) %>
<li>
<a href="#"
data-action="edit-comment"
@ -23,8 +22,6 @@
<%= t('comments.options_dropdown.edit') %>
</a>
</li>
<% end %>
<% if can_update_or_delete_project_comment?(comment) %>
<li>
<a href="#"
data-action="delete-comment"
@ -33,7 +30,6 @@
<%= t('comments.options_dropdown.delete') %>
</a>
</li>
<% end %>
</ul>
</div>
<% end %>

24
app/views/reports/new/_report_navigation.html.erb
View file

@ -35,20 +35,18 @@
</ul>
</div>
<% if can_read_project?(@project) %>
<%= link_to "", class: "btn btn-primary", remote: true, id: "print-report" do %>
<span class="glyphicon glyphicon-print"></span>
<span class="hidden-xs"><%=t "projects.reports.new.nav_print" %></span>
<% end %>
<%= form_tag generate_project_reports_path(@project, format: :pdf), method: :post, target: "_blank", class: "get-report-pdf-form" do %>
<div class="form-group">
<%= hidden_field_tag "html", "" %>
<%= link_to "", class: "btn btn-primary", remote: true, id: "get-report-pdf" do %>
<span class="glyphicon glyphicon-save-file"></span>
<span class="hidden-xs"><%=t "projects.reports.new.nav_pdf" %></span>
<% end %>
</div>
<%= link_to "", class: "btn btn-primary", remote: true, id: "print-report" do %>
<span class="glyphicon glyphicon-print"></span>
<span class="hidden-xs"><%=t "projects.reports.new.nav_print" %></span>
<% end %>
<%= form_tag generate_project_reports_path(@project, format: :pdf), method: :post, target: "_blank", class: "get-report-pdf-form" do %>
<div class="form-group">
<%= hidden_field_tag "html", "" %>
<%= link_to "", class: "btn btn-primary", remote: true, id: "get-report-pdf" do %>
<span class="glyphicon glyphicon-save-file"></span>
<span class="hidden-xs"><%=t "projects.reports.new.nav_pdf" %></span>
<% end %>
</div>
<% end %>
<%= link_to "", class: "btn btn-primary", remote: true, id: "save-report-link" do %>

2
app/views/search/results/partials/_project_text.html.erb
View file

@ -4,7 +4,7 @@
<% if project.archived? %>
<span class="label label-warning"><%=t 'search.index.archived' %></span>
<% if can_read_team?(project.team) and can_restore_project?(project) %>
<% if can_read_team?(project.team) && can_restore_project?(project) %>
<%= route_to_other_team projects_archive_path(team: project.team),
project.team,
text %>

67
app/views/shared/_secondary_navigation.html.erb
View file

@ -16,10 +16,10 @@
<li>
<% if can_read_team?(@project.team) %>
<a href="<%= projects_path :team => @project.team.id %>">
<% end %>
<span class="glyphicon glyphicon-folder-open"></span>
<% if can_read_team?(@project.team) %>
<span class="glyphicon glyphicon-folder-open"></span>
</a>
<% else %>
<span class="glyphicon glyphicon-folder-open"></span>
<% end %>
</li>
<% if project_page? ||
@ -30,37 +30,32 @@
</li>
<% else %>
<li>
<% if can_read_project?(@project) %>
<a href="<%= project_url(@project) %>">
<% end %>
<span class="glyphicon glyphicon-blackboard"></span>
<% if can_read_project?(@project) %>
<a href="<%= project_url(@project) %>">
<span class="glyphicon glyphicon-blackboard"></span>
</a>
<% else %>
<span class="glyphicon glyphicon-blackboard"></span>
<% end %>
</li>
<% end %>
<% if experiment_page? ||
module_page? %>
<% if !module_page? %>
<li class="active">
<%= fa_icon 'fa-flask' %>
</li>
<% else %>
<li>
<% if can_view_experiment(@experiment) %>
<%= link_to canvas_experiment_path(@experiment) do %>
<%= fa_icon 'fa-flask' %>
<% end %>
<% else %>
<% if module_page? %>
<li>
<% if can_view_experiment(@experiment) %>
<%= link_to canvas_experiment_path(@experiment) do %>
<%= fa_icon 'fa-flask' %>
<% end %>
</li>
<% end %>
<% end %>
<% if module_page? %>
<% else %>
<%= fa_icon 'fa-flask' %>
<% end %>
</li>
<li class="active">
<span class="glyphicon glyphicon-credit-card"></span>
</li>
<% elsif experiment_page? %>
<li class="active">
<%= fa_icon 'fa-flask' %>
</li>
<% end %>
</ul>
</div>
@ -80,8 +75,6 @@
<span class="hidden-xs hidden-lg glyphicon glyphicon-blackboard"></span>
</a>
</li>
<% end %>
<% if can_read_project?(@project) then %>
<li id="project-samples-nav-tab" class="<%= "active" if is_project_samples? ||
sample_types_page_project? ||
sample_groups_page_project? %>">
@ -90,16 +83,12 @@
<span class="hidden-xs hidden-lg glyphicon glyphicon-tint"></span>
</a>
</li>
<% end %>
<% if can_read_project?(@project) then %>
<li id="reports-nav-tab" class="<%= "active" if is_project_reports? %>">
<a href="<%= project_reports_url(@project) %>" title="<%=t "nav2.projects.reports" %>">
<span class="hidden-sm hidden-md"><%=t "nav2.projects.reports" %></span>
<span class="hidden-xs hidden-lg glyphicon glyphicon-list-alt"></span>
</a>
</li>
<% end %>
<% if can_read_project?(@project) then %>
<li id="project-archive-nav-tab" data-turbolinks="false" class="<%= "active" if is_project_archive? %>">
<a href="<%= experiment_archive_project_url(@project) %>" title="<%=t "nav2.projects.archive" %>">
<span class="glyphicon glyphicon-briefcase"></span>
@ -232,11 +221,12 @@
<li>
<% if can_read_team?(@project.team) %>
<a href="<%= projects_path :team => @project.team.id %>">
<% end %>
<%= truncate(@project.team.name,
length: Constants::NAME_TRUNCATION_LENGTH) %>
<% if can_read_team?(@project.team) %>
<%= truncate(@project.team.name,
length: Constants::NAME_TRUNCATION_LENGTH) %>
</a>
<% else %>
<%= truncate(@project.team.name,
length: Constants::NAME_TRUNCATION_LENGTH) %>
<% end %>
</li>
<% if project_page? %>
@ -248,11 +238,12 @@
<li>
<% if can_read_project?(@project) %>
<a href="<%= project_url(@project) %>">
<% end %>
<%= truncate(@project.name,
length: Constants::NAME_TRUNCATION_LENGTH) %>
<% if can_read_project?(@project) %>
<%= truncate(@project.name,
length: Constants::NAME_TRUNCATION_LENGTH) %>
</a>
<% else %>
<%= truncate(@project.name,
length: Constants::NAME_TRUNCATION_LENGTH) %>
<% end %>
</li>
<% end %>