Merge pull request #1570 from okriuchykhin/ok_SCI_2997

Add viewing permissions for global activities [SCI-2997]

app/controllers/global_activities_controller.rb

@@ -6,9 +6,11 @@ class GlobalActivitiesController < ApplicationController
     teams = current_user.teams if teams.blank?
     @teams = teams
     @activity_types = Activity.activity_types_list
-    @users = UserTeam.my_employees(current_user)
+    @user_list = User.where(id: UserTeam.where(team: current_user.teams).select(:user_id))
+                     .distinct
+                     .pluck(:full_name, :id)
     @grouped_activities, more_activities =
-      ActivitiesService.load_activities(teams, activity_filters)
+      ActivitiesService.load_activities(current_user, teams, activity_filters)
     respond_to do |format|
       format.json do
         render json: {

app/models/user_team.rb

@@ -1,8 +1,6 @@
 class UserTeam < ApplicationRecord
   enum role: { guest: 0, normal_user: 1, admin: 2 }
 
-  scope :my_teams, -> { where(role: 2) }
-
   validates :role, presence: true
   validates :user, presence: true
   validates :team, presence: true
@@ -21,15 +19,6 @@ class UserTeam < ApplicationRecord
     I18n.t("user_teams.enums.role.#{role}")
   end
 
-  def self.my_employees(user)
-    users = where(team_id: user.user_teams.my_teams.pluck(:team_id))
-            .joins(:user).select(:full_name, 'users.id as id').as_json.uniq
-    if users.empty?
-      users = [user.as_json.select { |k| %w(id full_name).include? k }]
-    end
-    users
-  end
-
   def create_samples_table_state
     SamplesTable.create_samples_table_state(self)
   end

app/services/activities_service.rb

@@ -1,18 +1,20 @@
 # frozen_string_literal: true
 
 class ActivitiesService
-  def self.load_activities(team_ids, filters = {})
+  def self.load_activities(user, teams, filters = {})
+    # Create condition for view permissions checking first
+    visible_projects = Project.viewable_by_user(user, teams)
+    query = Activity.where('project_id IS NULL AND team_id IN (?)', teams.select(:id))
+                    .or(Activity.where(project: visible_projects))
+
     if filters[:subjects].present?
-      query = Activity.where(
+      query = query.where(
         filters[:subjects].map { '(subject_type = ? AND subject_id IN(?))' }
                           .join(' OR '),
         *filters[:subjects].flatten
       )
-    else
-      query = Activity
     end
 
-    query = query.where(team_id: team_ids)
     query = query.where(owner_id: filters[:users]) if filters[:users]
     query = query.where(type_of: filters[:types]) if filters[:types]
 

app/views/global_activities/_side_filters.html.erb

@@ -37,7 +37,7 @@
   <h6 class="clear"><%= t('global_activities.index.clear') %></h6>
   <div class="select-container">
     <%= select_tag "activity", options_for_select(@activity_types.map{|i| [i[:name], i[:id]]}),{
-      'data-select-all-button': t('global_activities.index.all_activities'), 
+      'data-select-all-button': t('global_activities.index.all_activities'),
       'data-select-all': 'true',
       'data-select-multiple-name': t('global_activities.index.l_activities'),
       'data-select-multiple-all-selected': t('global_activities.index.all_activities')
@@ -49,8 +49,8 @@
   <h4 class="title"><strong><%= t('global_activities.index.user') %></strong></h4>
   <h6 class="clear"><%= t('global_activities.index.clear') %></h6>
   <div class="select-container">
-    <%= select_tag "user", options_for_select(@users.map{|i| [i['full_name'], i['id']]}),{
-      'data-select-all-button': t('global_activities.index.all_users'), 
+    <%= select_tag "user", options_for_select(@user_list),{
+      'data-select-all-button': t('global_activities.index.all_users'),
       'data-select-all': 'true',
       'data-select-multiple-name': t('global_activities.index.l_users'),
       'data-select-multiple-all-selected': t('global_activities.index.all_users')