diff --git a/app/controllers/concerns/sample_actions.rb b/app/controllers/concerns/sample_actions.rb index 07936b41f..3631511ab 100644 --- a/app/controllers/concerns/sample_actions.rb +++ b/app/controllers/concerns/sample_actions.rb @@ -11,7 +11,7 @@ module SampleActions params[:sample_ids].each do |id| sample = Sample.find_by_id(id) - if sample && can_update_or_delete_sample?(sample) + if sample sample.destroy counter_user += 1 else @@ -45,7 +45,7 @@ module SampleActions end def check_destroy_samples_permissions - unless can_delete_samples?(@project.team) + unless can_manage_sample?(@project.team) render_403 end end diff --git a/app/controllers/custom_fields_controller.rb b/app/controllers/custom_fields_controller.rb index 388d8dc96..fc7fbe541 100644 --- a/app/controllers/custom_fields_controller.rb +++ b/app/controllers/custom_fields_controller.rb @@ -3,9 +3,7 @@ class CustomFieldsController < ApplicationController before_action :load_vars, except: :create before_action :load_vars_nested, only: [:create, :destroy_html] - before_action :check_create_permissions, only: :create - before_action :check_update_permissions, only: :update - before_action :check_destroy_permissions, only: [:destroy, :destroy_html] + before_action :check_permissions def create @custom_field = CustomField.new(custom_field_params) @@ -105,16 +103,8 @@ class CustomFieldsController < ApplicationController render_404 unless @team end - def check_create_permissions - render_403 unless can_create_custom_field_in_team(@team) - end - - def check_update_permissions - render_403 unless can_edit_custom_field(@custom_field) - end - - def check_destroy_permissions - render_403 unless can_delete_custom_field(@custom_field) + def check_permissions + render_403 unless can_manage_sample_elements?(@team) end def custom_field_params diff --git a/app/controllers/sample_groups_controller.rb b/app/controllers/sample_groups_controller.rb index 946fe84bb..e7705c63d 100644 --- a/app/controllers/sample_groups_controller.rb +++ b/app/controllers/sample_groups_controller.rb @@ -1,7 +1,7 @@ class SampleGroupsController < ApplicationController before_action :load_vars_nested - before_action :check_create_permissions - before_action :set_sample_group, except: [:create, :index] + before_action :check_permissions, except: %i(index sample_group_element) + before_action :set_sample_group, except: %i(create index) before_action :set_project_my_module, only: :index layout 'fluid' @@ -133,8 +133,8 @@ class SampleGroupsController < ApplicationController render_404 unless @team end - def check_create_permissions - render_403 unless can_create_sample_type_in_team(@team) + def check_permissions + render_403 unless can_manage_sample_elements?(@team) end def sample_group_params diff --git a/app/controllers/sample_types_controller.rb b/app/controllers/sample_types_controller.rb index a652258d7..9e41f2630 100644 --- a/app/controllers/sample_types_controller.rb +++ b/app/controllers/sample_types_controller.rb @@ -1,7 +1,7 @@ class SampleTypesController < ApplicationController before_action :load_vars_nested - before_action :check_create_permissions - before_action :set_sample_type, except: [:create, :index] + before_action :check_permissions, except: %i(index sample_type_element) + before_action :set_sample_type, except: %i(create index) before_action :set_project_my_module, only: :index layout 'fluid' @@ -129,8 +129,8 @@ class SampleTypesController < ApplicationController render_404 unless @team end - def check_create_permissions - render_403 unless can_create_sample_type_in_team(@team) + def check_permissions + render_403 unless can_manage_sample_elements?(@team) end def set_sample_type diff --git a/app/controllers/samples_controller.rb b/app/controllers/samples_controller.rb index 80aab5909..ab3afacce 100644 --- a/app/controllers/samples_controller.rb +++ b/app/controllers/samples_controller.rb @@ -6,27 +6,22 @@ class SamplesController < ApplicationController before_action :load_vars, only: [:edit, :update, :destroy, :show] before_action :load_vars_nested, only: [:new, :create] - before_action :check_edit_permissions, only: :edit - before_action :check_destroy_permissions, only: :destroy + before_action :check_manage_permissions, exept: :show def new respond_to do |format| format.html - if can_create_sample?(@team) - groups = @team.sample_groups.map do |g| - { id: g.id, name: sanitize_input(g.name), color: g.color } - end - types = @team.sample_types.map do |t| - { id: t.id, name: sanitize_input(t.name) } - end - format.json do - render json: { - sample_groups: groups.as_json, - sample_types: types.as_json - } - end - else - format.json { render json: {}, status: :unauthorized } + groups = @team.sample_groups.map do |g| + { id: g.id, name: sanitize_input(g.name), color: g.color } + end + types = @team.sample_types.map do |t| + { id: t.id, name: sanitize_input(t.name) } + end + format.json do + render json: { + sample_groups: groups.as_json, + sample_types: types.as_json + } end end end @@ -43,71 +38,67 @@ class SamplesController < ApplicationController }; respond_to do |format| - if can_create_sample?(@team) - if params[:sample] - # Sample name - if params[:sample][:name] - sample.name = params[:sample][:name] - end + if params[:sample] + # Sample name + if params[:sample][:name] + sample.name = params[:sample][:name] + end - # Sample type - if params[:sample][:sample_type_id] != "-1" - sample_type = SampleType.find_by_id(params[:sample][:sample_type_id]) + # Sample type + if params[:sample][:sample_type_id] != "-1" + sample_type = SampleType.find_by_id(params[:sample][:sample_type_id]) - if sample_type - sample.sample_type_id = params[:sample][:sample_type_id] - end - end - - # Sample group - if params[:sample][:sample_group_id] != "-1" - sample_group = SampleGroup.find_by_id(params[:sample][:sample_group_id]) - - if sample_group - sample.sample_group_id = params[:sample][:sample_group_id] - end + if sample_type + sample.sample_type_id = params[:sample][:sample_type_id] end end - if !sample.save - errors[:init_fields] = sample.errors.messages - else - # Sample was saved, we can add all newly added sample fields - params[:custom_fields].to_a.each do |id, val| - scf = SampleCustomField.new( - custom_field_id: id, - sample_id: sample.id, - value: val + # Sample group + if params[:sample][:sample_group_id] != "-1" + sample_group = SampleGroup.find_by_id(params[:sample][:sample_group_id]) + + if sample_group + sample.sample_group_id = params[:sample][:sample_group_id] + end + end + end + + if !sample.save + errors[:init_fields] = sample.errors.messages + else + # Sample was saved, we can add all newly added sample fields + params[:custom_fields].to_a.each do |id, val| + scf = SampleCustomField.new( + custom_field_id: id, + sample_id: sample.id, + value: val + ) + + if !scf.save + errors[:custom_fields] << { + "#{id}": scf.errors.messages + } + else + sample_annotation_notification(sample, scf) + end + end + end + + errors.delete_if { |k, v| v.blank? } + if errors.empty? + format.json do + render json: { + id: sample.id, + flash: t( + 'samples.create.success_flash', + sample: escape_input(sample.name), + team: escape_input(@team.name) ) - - if !scf.save - errors[:custom_fields] << { - "#{id}": scf.errors.messages - } - else - sample_annotation_notification(sample, scf) - end - end - end - - errors.delete_if { |k, v| v.blank? } - if errors.empty? - format.json do - render json: { - id: sample.id, - flash: t( - 'samples.create.success_flash', - sample: escape_input(sample.name), - team: escape_input(@team.name) - ) - }, - status: :ok - end - else - format.json { render json: errors, status: :bad_request } + }, + status: :ok end else - format.json { render json: {}, status: :unauthorized } + format.json { render json: errors, status: :bad_request } end end end @@ -167,128 +158,124 @@ class SamplesController < ApplicationController respond_to do |format| if sample - if can_update_or_delete_sample?(sample) - if params[:sample] - if params[:sample][:name] - sample.name = params[:sample][:name] - end + if params[:sample] + if params[:sample][:name] + sample.name = params[:sample][:name] + end - # Check if user selected empty sample type - if params[:sample][:sample_type_id] == "-1" - sample.sample_type_id = nil - elsif params[:sample][:sample_type_id] - sample_type = SampleType.find_by_id(params[:sample][:sample_type_id]) + # Check if user selected empty sample type + if params[:sample][:sample_type_id] == "-1" + sample.sample_type_id = nil + elsif params[:sample][:sample_type_id] + sample_type = SampleType.find_by_id(params[:sample][:sample_type_id]) - if sample_type - sample.sample_type_id = params[:sample][:sample_type_id] - end - end - - # Check if user selected empty sample type - if params[:sample][:sample_group_id] == "-1" - sample.sample_group_id = nil - elsif params[:sample][:sample_group_id] - sample_group = SampleGroup.find_by_id(params[:sample][:sample_group_id]) - - if sample_group - sample.sample_group_id = params[:sample][:sample_group_id] - end + if sample_type + sample.sample_type_id = params[:sample][:sample_type_id] end end - # Add all newly added sample fields - params[:custom_fields].to_a.each do |id, val| - # Check if client is lying (SCF shouldn't exist) - scf = SampleCustomField.where("custom_field_id = ? AND sample_id = ?", id, sample.id).take + # Check if user selected empty sample type + if params[:sample][:sample_group_id] == "-1" + sample.sample_group_id = nil + elsif params[:sample][:sample_group_id] + sample_group = SampleGroup.find_by_id(params[:sample][:sample_group_id]) - if scf + if sample_group + sample.sample_group_id = params[:sample][:sample_group_id] + end + end + end + + # Add all newly added sample fields + params[:custom_fields].to_a.each do |id, val| + # Check if client is lying (SCF shouldn't exist) + scf = SampleCustomField.where("custom_field_id = ? AND sample_id = ?", id, sample.id).take + + if scf + old_text = scf.value + # Well, client was naughty, no XMAS for him this year, update + # existing SCF instead of creating new one + scf.value = val + + if !scf.save + # This client needs some lessons + errors[:custom_fields] << { + "#{id}": scf.errors.messages + } + else + sample_annotation_notification(sample, scf, old_text) + end + else + # SCF doesn't exist, create it + scf = SampleCustomField.new( + custom_field_id: id, + sample_id: sample.id, + value: val + ) + + if !scf.save + errors[:custom_fields] << { + "#{id}": scf.errors.messages + } + else + sample_annotation_notification(sample, scf) + end + end + end + + scf_to_delete = [] + # Update all existing custom values + params[:sample_custom_fields].to_a.each do |id, val| + scf = SampleCustomField.find_by_id(id) + + if scf + # SCF exists, but value is empty, add scf to queue to be deleted + # (if everything is correct) + if val.empty? + scf_to_delete << scf + else old_text = scf.value - # Well, client was naughty, no XMAS for him this year, update - # existing SCF instead of creating new one + # SCF exists, update away scf.value = val if !scf.save - # This client needs some lessons - errors[:custom_fields] << { + errors[:sample_custom_fields] << { "#{id}": scf.errors.messages } else sample_annotation_notification(sample, scf, old_text) end - else - # SCF doesn't exist, create it - scf = SampleCustomField.new( - custom_field_id: id, - sample_id: sample.id, - value: val - ) - - if !scf.save - errors[:custom_fields] << { - "#{id}": scf.errors.messages - } - else - sample_annotation_notification(sample, scf) - end - end - end - - scf_to_delete = [] - # Update all existing custom values - params[:sample_custom_fields].to_a.each do |id, val| - scf = SampleCustomField.find_by_id(id) - - if scf - # SCF exists, but value is empty, add scf to queue to be deleted - # (if everything is correct) - if val.empty? - scf_to_delete << scf - else - old_text = scf.value - # SCF exists, update away - scf.value = val - - if !scf.save - errors[:sample_custom_fields] << { - "#{id}": scf.errors.messages - } - else - sample_annotation_notification(sample, scf, old_text) - end - end - else - # SCF doesn't exist, we can't do much but yield error - errors[:sample_custom_fields] << { - "#{id}": I18n.t("samples.edit.scf_does_not_exist") - } - end - end - - if !sample.save - errors[:init_fields] = sample.errors.messages - end - - errors.delete_if { |k, v| v.blank? } - if errors.empty? - # Now we can destroy empty scfs - scf_to_delete.map(&:destroy) - - format.json do - render json: { - id: sample.id, - flash: t( - 'samples.update.success_flash', - sample: escape_input(sample.name), - team: escape_input(@team.name) - ) - }, - status: :ok end else - format.json { render json: errors, status: :bad_request } + # SCF doesn't exist, we can't do much but yield error + errors[:sample_custom_fields] << { + "#{id}": I18n.t("samples.edit.scf_does_not_exist") + } + end + end + + if !sample.save + errors[:init_fields] = sample.errors.messages + end + + errors.delete_if { |k, v| v.blank? } + if errors.empty? + # Now we can destroy empty scfs + scf_to_delete.map(&:destroy) + + format.json do + render json: { + id: sample.id, + flash: t( + 'samples.update.success_flash', + sample: escape_input(sample.name), + team: escape_input(@team.name) + ) + }, + status: :ok end else - format.json { render json: {}, status: :unauthorized } + format.json { render json: errors, status: :bad_request } end else format.json { render json: {}, status: :not_found } @@ -318,22 +305,8 @@ class SamplesController < ApplicationController end end - def check_create_permissions - unless can_create_sample?(@team) - render_403 - end - end - - def check_edit_permissions - unless can_update_or_delete_sample?(@sample) - render_403 - end - end - - def check_destroy_permissions - unless can_update_or_delete_sample?(@sample) - render_403 - end + def check_manage_permissions + render_403 unless can_manage_sample?(@team) end def sample_params diff --git a/app/controllers/teams_controller.rb b/app/controllers/teams_controller.rb index 3dd4d4a4b..7b72d3c77 100644 --- a/app/controllers/teams_controller.rb +++ b/app/controllers/teams_controller.rb @@ -249,7 +249,7 @@ class TeamsController < ApplicationController end def check_create_sample_permissions - unless can_create_sample?(@team) + unless can_manage_sample?(@team) render_403 end end diff --git a/app/helpers/permission_helper.rb b/app/helpers/permission_helper.rb index e1ccf7ab2..d99612d20 100644 --- a/app/helpers/permission_helper.rb +++ b/app/helpers/permission_helper.rb @@ -662,31 +662,31 @@ module PermissionHelper # ---- SAMPLE TYPES PERMISSIONS ---- - def can_create_sample_type_in_team(team) - is_normal_user_or_admin_of_team(team) - end + # def can_create_sample_type_in_team(team) + # is_normal_user_or_admin_of_team(team) + # end # ---- SAMPLE GROUPS PERMISSIONS ---- - def can_create_sample_group_in_team(team) - is_normal_user_or_admin_of_team(team) - end + # def can_create_sample_group_in_team(team) + # is_normal_user_or_admin_of_team(team) + # end # ---- CUSTOM FIELDS PERMISSIONS ---- - def can_create_custom_field_in_team(team) - is_normal_user_or_admin_of_team(team) - end + # def can_create_custom_field_in_team(team) + # is_normal_user_or_admin_of_team(team) + # end - def can_edit_custom_field(custom_field) - custom_field.user == current_user || - is_admin_of_team(custom_field.team) - end + # def can_edit_custom_field(custom_field) + # custom_field.user == current_user || + # is_admin_of_team(custom_field.team) + # end - def can_delete_custom_field(custom_field) - custom_field.user == current_user || - is_admin_of_team(custom_field.team) - end + # def can_delete_custom_field(custom_field) + # custom_field.user == current_user || + # is_admin_of_team(custom_field.team) + # end # ---- PROTOCOL PERMISSIONS ---- diff --git a/app/helpers/samples_helper.rb b/app/helpers/samples_helper.rb index bfb27ac23..8732ceda8 100644 --- a/app/helpers/samples_helper.rb +++ b/app/helpers/samples_helper.rb @@ -8,9 +8,7 @@ module SamplesHelper end def can_add_sample_related_things_to_team - can_create_custom_field_in_team(@team) && - can_create_sample_type_in_team(@team) && - can_create_sample_group_in_team(@team) + can_manage_sample_elements?(@team) end def all_custom_fields diff --git a/app/permissions/team.rb b/app/permissions/team.rb index 27b2944f7..a74f66a79 100644 --- a/app/permissions/team.rb +++ b/app/permissions/team.rb @@ -24,13 +24,13 @@ Canaid::Permissions.register_for(Team) do user.is_normal_user_or_admin_of_team?(team) end - # create sample, import sample - can :create_sample do |user, team| + # create, import, edit, delete sample + can :manage_sample do |user, team| user.is_normal_user_or_admin_of_team?(team) end - # delete samples (general permission, not for specific sample) - can :delete_samples do |user, team| + # create, update, delete custom field, sample type and sample group + can :manage_sample_elements do |user, team| user.is_normal_user_or_admin_of_team?(team) end end @@ -70,12 +70,3 @@ Canaid::Permissions.register_for(Protocol) do can_read_protocol_in_repository?(user, protocol) end end - -Canaid::Permissions.register_for(Sample) do - # edit sample, delete sample - can :update_or_delete_sample do |user, sample| - user.is_admin_of_team?(sample.team) || - user.is_normal_user_or_admin_of_team?(sample.team) && - user == sample.user - end -end diff --git a/app/views/shared/_samples.html.erb b/app/views/shared/_samples.html.erb index f713fc0a0..38b904e08 100644 --- a/app/views/shared/_samples.html.erb +++ b/app/views/shared/_samples.html.erb @@ -21,7 +21,7 @@ data-module-id="<%= @my_module.id %>" <% end %>> - <% if can_create_sample?(@team) %> + <% if can_manage_sample?(@team) %>