update permissions for shared locations [SCI-11118]

2025-09-13 00:24:42 +08:00 · 2024-10-01 11:55:44 +02:00 · 2024-10-01 11:55:44 +02:00 · 14dea69717
commit 14dea69717
parent 85f0b28e6d
7 changed files with 23 additions and 8 deletions
--- a/app/controllers/storage_location_repository_rows_controller.rb
+++ b/app/controllers/storage_location_repository_rows_controller.rb
@ -123,7 +123,7 @@ class StorageLocationRepositoryRowsController < ApplicationController
  end
  def check_manage_permissions
-    render_403 unless can_manage_storage_location?(@storage_location)
+    render_403 unless can_create_storage_location_repository_rows?(@storage_location)
  end
  def log_activity(type_of, message_items = {})
--- a/app/controllers/storage_locations_controller.rb
+++ b/app/controllers/storage_locations_controller.rb
@ -197,6 +197,7 @@ class StorageLocationsController < ApplicationController
  def load_storage_location
    @storage_location = StorageLocation.find(storage_location_params[:id])
    @parent_location = @storage_location.parent
    render_404 unless can_read_storage_location?(@storage_location)
  end
@ -205,6 +206,8 @@ class StorageLocationsController < ApplicationController
  end
  def check_create_permissions
    render_403 if @parent_location && !can_manage_storage_location?(@parent_location.team)
    if storage_location_params[:container]
      render_403 unless can_create_storage_location_containers?(current_team)
    else
--- a/app/javascript/vue/storage_locations/modals/move_tree.vue
+++ b/app/javascript/vue/storage_locations/modals/move_tree.vue
@ -58,7 +58,7 @@ export default {
      }
    },
    managePermission(loc) {
-      return loc.storage_location.parent_id ? this.canManage : loc.can_manage;
+      return (loc.storage_location.parent_id ? this.canManage : loc.can_manage) || loc.storage_location.container;
    }
  }
 };
--- a/app/javascript/vue/storage_locations/table.vue
+++ b/app/javascript/vue/storage_locations/table.vue
@ -91,7 +91,11 @@ export default {
    },
    directUploadUrl: {
      type: String
-    }
+    },
    canCreateLocation: Boolean,
    canCreateContainer: Boolean,
    canManageParent: Boolean,
    hasParent: Boolean
  },
  data() {
    return {
@ -161,7 +165,7 @@ export default {
    },
    toolbarActions() {
      const left = [];
-      if (this.createLocationUrl) {
+      if (this.canCreateLocation && (this.canManageParent || !this.hasParent)) {
        left.push({
          name: 'create_location',
          icon: 'sn-icon sn-icon-new-task',
@ -172,7 +176,7 @@ export default {
        });
      }
-      if (this.createLocationInstanceUrl) {
+      if (this.canCreateContainer && (this.canManageParent || !this.hasParent)) {
        left.push({
          name: 'create_container',
          icon: 'sn-icon sn-icon-item',
--- a/app/permissions/storage_location.rb
+++ b/app/permissions/storage_location.rb
@ -31,6 +31,10 @@ Canaid::Permissions.register_for(StorageLocation) do
    )
  end
  can :create_storage_location_repository_rows do |user, storage_location|
    can_read_storage_location?(user, storage_location)
  end
  can :share_storage_location do |user, storage_location|
    user.current_team == storage_location.team &&
      storage_location.root? &&
--- a/app/views/storage_locations/index.html.erb
+++ b/app/views/storage_locations/index.html.erb
@ -12,10 +12,14 @@
      <div id="storageLocationsTable" class="fixed-content-body">
        <storage-locations
          actions-url="<%= actions_toolbar_storage_locations_path(current_team) %>"
          :can-create-location="<%= can_create_storage_locations?(current_team) %>"
          :can-create-container="<%= can_create_storage_location_containers?(current_team) %>"
          :can-manage-parent="<%= can_manage_storage_location?(@parent_location) if @parent_location %>"
          :has-parent="<%= @parent_location.present? %>"
          data-source="<%= storage_locations_path(format: :json, parent_id: params[:parent_id]) %>"
          direct-upload-url="<%= rails_direct_uploads_url %>"
-          create-location-url="<%= storage_locations_path(parent_id: params[:parent_id]) if can_create_storage_locations?(current_team) %>"
+          create-location-url="<%= storage_locations_path(parent_id: params[:parent_id]) %>"
-          create-location-instance-url="<%= storage_locations_path(parent_id: params[:parent_id]) if can_create_storage_location_containers?(current_team) %>"
+          create-location-instance-url="<%= storage_locations_path(parent_id: params[:parent_id]) %>"
        />
      </div>
    </div>
--- a/app/views/storage_locations/show.html.erb
+++ b/app/views/storage_locations/show.html.erb
@ -14,7 +14,7 @@
          ref="container"
          actions-url="<%= actions_toolbar_storage_location_storage_location_repository_rows_path(@storage_location) %>"
          data-source="<%= storage_location_storage_location_repository_rows_path(@storage_location)  %>"
-          :can-manage="<%= can_manage_storage_location?(@storage_location) %>"
+          :can-manage="<%= can_create_storage_location_repository_rows?(@storage_location) %>"
          :with-grid="<%= @storage_location.with_grid? %>"
          :grid-size="<%= @storage_location.grid_size.to_json %>"
          :container-id="<%= @storage_location.id %>"