mirror of
https://github.com/scinote-eln/scinote-web.git
synced 2024-09-20 23:16:15 +08:00
refactor manage repository column permissions
This commit is contained in:
parent
3f5e9e60b7
commit
2918a9833d
|
@ -3,9 +3,7 @@ class RepositoryColumnsController < ApplicationController
|
|||
|
||||
before_action :load_vars, except: :create
|
||||
before_action :load_vars_nested, only: :create
|
||||
before_action :check_create_permissions, only: :create
|
||||
before_action :check_update_permissions, only: :update
|
||||
before_action :check_destroy_permissions, only: %i(destroy destroy_html)
|
||||
before_action :check_permissions
|
||||
|
||||
def create
|
||||
@repository_column = RepositoryColumn.new(repository_column_params)
|
||||
|
@ -108,16 +106,8 @@ class RepositoryColumnsController < ApplicationController
|
|||
render_404 unless @repository
|
||||
end
|
||||
|
||||
def check_create_permissions
|
||||
render_403 unless can_create_columns_in_repository(@repository)
|
||||
end
|
||||
|
||||
def check_update_permissions
|
||||
render_403 unless can_edit_column_in_repository(@repository_column)
|
||||
end
|
||||
|
||||
def check_destroy_permissions
|
||||
render_403 unless can_delete_column_in_repository(@repository_column)
|
||||
def check_permissions
|
||||
render_403 unless can_manage_repository_column?(@repository.team)
|
||||
end
|
||||
|
||||
def repository_column_params
|
||||
|
|
|
@ -1063,19 +1063,19 @@ module PermissionHelper
|
|||
can_create_repository(repository.team)
|
||||
end
|
||||
|
||||
def can_create_columns_in_repository(repository)
|
||||
is_normal_user_or_admin_of_team(repository.team)
|
||||
end
|
||||
# def can_create_columns_in_repository(repository)
|
||||
# is_normal_user_or_admin_of_team(repository.team)
|
||||
# end
|
||||
|
||||
def can_delete_column_in_repository(column)
|
||||
column.created_by == current_user ||
|
||||
is_admin_of_team(column.repository.team)
|
||||
end
|
||||
# def can_delete_column_in_repository(column)
|
||||
# column.created_by == current_user ||
|
||||
# is_admin_of_team(column.repository.team)
|
||||
# end
|
||||
|
||||
def can_edit_column_in_repository(column)
|
||||
column.created_by == current_user ||
|
||||
is_admin_of_team(column.repository.team)
|
||||
end
|
||||
# def can_edit_column_in_repository(column)
|
||||
# column.created_by == current_user ||
|
||||
# is_admin_of_team(column.repository.team)
|
||||
# end
|
||||
|
||||
# def can_create_repository_records(repository)
|
||||
# is_normal_user_or_admin_of_team(repository.team)
|
||||
|
|
|
@ -40,6 +40,11 @@ Canaid::Permissions.register_for(Team) do
|
|||
can :manage_repository_row do |user, team|
|
||||
user.is_normal_user_or_admin_of_team?(team)
|
||||
end
|
||||
|
||||
# create, update, delete repository column
|
||||
can :manage_repository_column do |user, team|
|
||||
user.is_normal_user_or_admin_of_team?(team)
|
||||
end
|
||||
end
|
||||
|
||||
Canaid::Permissions.register_for(UserTeam) do
|
||||
|
|
|
@ -80,7 +80,7 @@
|
|||
<span class="caret"></span>
|
||||
</button>
|
||||
<ul class="dropdown-menu dropdown-menu-right smart-dropdown" id="repository-columns-list">
|
||||
<% if can_create_columns_in_repository(repository) %>
|
||||
<% if can_manage_repository_column?(repository.team) %>
|
||||
<li class="add-new-column-form">
|
||||
<div id="new-column-form" class="form-group" data-action="<%= repository_repository_columns_path(repository) %>">
|
||||
<div class="input-group">
|
||||
|
|
|
@ -21,8 +21,8 @@
|
|||
<th id="added-by"><%= t("repositories.table.added_by") %></th>
|
||||
<% repository.repository_columns.order(:id).each do |column| %>
|
||||
<th class="repository-column" id="<%= column.id %>"
|
||||
<%= 'data-editable' if can_edit_column_in_repository(column) %>
|
||||
<%= 'data-deletable' if can_delete_column_in_repository(column) %>
|
||||
<%= 'data-editable' if can_manage_repository_column?(repository.team) %>
|
||||
<%= 'data-deletable' if can_manage_repository_column?(repository.team) %>
|
||||
<%= "data-edit-url='#{edit_repository_repository_column_path(repository, column)}'" %>
|
||||
<%= "data-update-url='#{repository_repository_column_path(repository, column)}'" %>
|
||||
<%= "data-destroy-html-url='#{repository_columns_destroy_html_path(repository, column)}'" %>
|
||||
|
|
Loading…
Reference in a new issue