Merge pull request #8735 from aignatov-bio/ai-sci-12189-fix-invnetory-read-permission

Fix inventory read permission [SCI-12189][SCI-12186]
2025-09-13 16:45:18 +08:00 · 2025-08-01 12:44:20 +02:00 · 2025-08-01 12:44:20 +02:00 · 15d3ce0aef
commit 15d3ce0aef
parent 0da823c833 f4f30b1b92
5 changed files with 21 additions and 8 deletions
--- a/app/javascript/vue/repositories/renderers/name.vue
+++ b/app/javascript/vue/repositories/renderers/name.vue
@ -1,6 +1,9 @@
 <template>
  <a class="hover:no-underline flex items-center gap-1"
     :title="params.data.name"
+     :class="{
+        'pointer-events-none text-sn-grey': !params.data.urls.show
+      }"
     :href="params.data.urls.show"
  >
    <span class="truncate">
--- a/app/javascript/vue/shared/datatable/table.vue
+++ b/app/javascript/vue/shared/datatable/table.vue
@ -535,6 +535,10 @@ export default {
          this.dataLoading = false;
          this.restoreSelection();

+          this.gridApi.refreshCells({
+            force: true
+          });
+
          this.handleScroll();
        })
        .catch(() => {
--- a/app/permissions/repository.rb
+++ b/app/permissions/repository.rb
@ -8,11 +8,7 @@ Canaid::Permissions.register_for(RepositoryBase) do
      # If original repository is deleted, snapshot ownership should be transferred to task
      (!original_repository || original_repository.permission_granted?(user, RepositoryPermissions::READ)) && can_read_my_module?(user, repository.my_module)
    else
-      repository.team.permission_granted?(user, TeamPermissions::MANAGE) ||
-        repository.can_manage_shared?(user) ||
-        repository.permission_granted?(user, RepositoryPermissions::READ) ||
-        repository.shared_write? ||
-        repository.shared_read?
+      repository.permission_granted?(user, RepositoryPermissions::READ)
    end
  end

--- a/app/serializers/lists/repository_serializer.rb
+++ b/app/serializers/lists/repository_serializer.rb
@ -50,7 +50,6 @@ module Lists

    def urls
      urls = {
-        show: repository_path(object),
        update: team_repository_path(current_user.current_team, id: object, format: :json),
        duplicate: team_repository_copy_path(current_user.current_team, repository_id: object, format: :json),
        shareable_teams: shareable_teams_team_shared_objects_path(
@ -62,15 +61,23 @@ module Lists
        user_group_members: users_users_settings_team_user_groups_path(team_id: object.team.id)
      }

+      urls[:show] = repository_path(object) if can_read?
+
      if can_manage_repository_users?(object)
        urls[:update_access] = access_permissions_repository_path(id: object)
        urls[:new_access] = new_access_permissions_repository_path(id: object.id)
        urls[:create_access] = access_permissions_repositories_path(id: object.id)
-        urls[:unassigned_user_groups] = unassigned_user_groups_access_permissions_project_path(id: object.id)
+        urls[:unassigned_user_groups] = unassigned_user_groups_access_permissions_repository_path(id: object.id)
        urls[:show_user_group_assignments_access] = show_user_group_assignments_access_permissions_repository_path(object)
      end

      urls
    end
+
+    private
+
+    def can_read?
+      @can_read ||= can_read_repository?(object)
+    end
  end
 end
--- a/app/services/toolbars/repositories_service.rb
+++ b/app/services/toolbars/repositories_service.rb
@ -51,7 +51,10 @@ module Toolbars
    end

    def duplicate_action
-      return unless @single && can_create_repositories?(@current_team) && !@repository.shared_with?(@current_team)
+      return unless @single &&
+                    can_read_repository?(@repository) &&
+                    can_create_repositories?(@current_team) &&
+                    !@repository.shared_with?(@current_team)

      {
        name: :duplicate,