diff --git a/app/permissions/asset.rb b/app/permissions/asset.rb index 64975ca0b..01ab05ccb 100644 --- a/app/permissions/asset.rb +++ b/app/permissions/asset.rb @@ -9,7 +9,7 @@ Canaid::Permissions.register_for(Asset) do protocol = object.protocol can_read_protocol_in_module?(user, protocol) || can_read_protocol_in_repository?(user, protocol) when Result - can_read_experiment?(user, object.my_module.experiment) + can_read_result?(object) when RepositoryCell can_read_repository?(user, object.repository_column.repository) end @@ -23,7 +23,7 @@ Canaid::Permissions.register_for(Asset) do protocol = object.protocol can_manage_protocol_in_module?(user, protocol) || can_manage_protocol_in_repository?(user, protocol) when Result - can_manage_module?(user, object.my_module) + can_manage_result?(object) when RepositoryCell return false if object.repository_column.repository.is_a?(RepositorySnapshot) diff --git a/app/permissions/experiment.rb b/app/permissions/experiment.rb index 4fc625673..797704e01 100644 --- a/app/permissions/experiment.rb +++ b/app/permissions/experiment.rb @@ -108,25 +108,6 @@ Canaid::Permissions.register_for(Protocol) do end end -Canaid::Permissions.register_for(Result) do - # Module, its experiment and its project must be active for all the specified - # permissions - %i(manage_result).each do |perm| - can perm do |_, result| - my_module = result.my_module - my_module.active? && - my_module.experiment.active? && - my_module.experiment.project.active? - end - end - - # result: delete, archive - can :manage_result do |user, result| - result.unlocked?(result) && - user.is_owner_of_project?(result.my_module.experiment.project) - end -end - Canaid::Permissions.register_for(Comment) do # Module, its experiment and its project must be active for all the specified # permissions diff --git a/app/permissions/result.rb b/app/permissions/result.rb new file mode 100644 index 000000000..4d8d189c8 --- /dev/null +++ b/app/permissions/result.rb @@ -0,0 +1,11 @@ +# frozen_string_literal: true + +Canaid::Permissions.register_for(Result) do + can :read_result do |user, result| + can_read_experiment?(user, result.my_module.experiment) + end + + can :manage_result do |user, result| + can_manage_module?(user, result.my_module) && result.active? && result.unlocked?(result) + end +end diff --git a/spec/permissions/result_permission_spec.rb b/spec/permissions/result_permission_spec.rb new file mode 100644 index 000000000..2412af84b --- /dev/null +++ b/spec/permissions/result_permission_spec.rb @@ -0,0 +1,53 @@ +# frozen_string_literal: true + +require 'rails_helper' + +describe 'ResultPermissions' do + include Canaid::Helpers::PermissionsHelper + + let(:user) { create :user, current_team_id: team.id } + let(:team) { create :team } + let(:result) { create :result, user: user, my_module: my_module } + let(:my_module) { create :my_module, experiment: experiment } + let(:experiment) { create :experiment, user: user } + + before do + create :user_project, :normal_user, user: user, project: experiment.project + end + + describe 'can_read_result?' do + it 'should be true for active result' do + expect(can_read_result?(user, result)).to be_truthy + end + + it 'should be true for archived result' do + result.archive!(user) + + expect(can_read_result?(user, result)).to be_truthy + end + + it 'should be true for archived experiment' do + experiment.update(archived_on: Time.zone.now, archived_by: user) + + expect(can_read_result?(user, result)).to be_truthy + end + end + + describe 'can_manage_result?' do + it 'should be true for active result' do + expect(can_manage_result?(user, result)).to be_truthy + end + + it 'should be false for archived result' do + result.archive!(user) + + expect(can_manage_result?(user, result)).to be_falsey + end + + it 'should be false for archived experiment' do + experiment.update(archived_on: Time.zone.now, archived_by: user, archived: true) + + expect(can_manage_result?(user, result)).to be_falsey + end + end +end