mirror of
https://github.com/scinote-eln/scinote-web.git
synced 2025-02-13 10:23:23 +08:00
refactor manage sample permissions again by removing authorship and refactor manage sample elements permissions
This commit is contained in:
mlorb
parent
e577b363b2
commit
3ca51f097f
10 changed files with 207 additions and 255 deletions
|
|
@ -11,7 +11,7 @@ module SampleActions
|
|||
params[:sample_ids].each do |id|
|
||||
sample = Sample.find_by_id(id)
|
||||
|
||||
if sample && can_update_or_delete_sample?(sample)
|
||||
if sample
|
||||
sample.destroy
|
||||
counter_user += 1
|
||||
else
|
||||
|
|
@ -45,7 +45,7 @@ module SampleActions
|
|||
end
|
||||
|
||||
def check_destroy_samples_permissions
|
||||
unless can_delete_samples?(@project.team)
|
||||
unless can_manage_sample?(@project.team)
|
||||
render_403
|
||||
end
|
||||
end
|
||||
|
|
|
|||
|
|
@ -3,9 +3,7 @@ class CustomFieldsController < ApplicationController
|
|||
|
||||
before_action :load_vars, except: :create
|
||||
before_action :load_vars_nested, only: [:create, :destroy_html]
|
||||
before_action :check_create_permissions, only: :create
|
||||
before_action :check_update_permissions, only: :update
|
||||
before_action :check_destroy_permissions, only: [:destroy, :destroy_html]
|
||||
before_action :check_permissions
|
||||
|
||||
def create
|
||||
@custom_field = CustomField.new(custom_field_params)
|
||||
|
|
@ -105,16 +103,8 @@ class CustomFieldsController < ApplicationController
|
|||
render_404 unless @team
|
||||
end
|
||||
|
||||
def check_create_permissions
|
||||
render_403 unless can_create_custom_field_in_team(@team)
|
||||
end
|
||||
|
||||
def check_update_permissions
|
||||
render_403 unless can_edit_custom_field(@custom_field)
|
||||
end
|
||||
|
||||
def check_destroy_permissions
|
||||
render_403 unless can_delete_custom_field(@custom_field)
|
||||
def check_permissions
|
||||
render_403 unless can_manage_sample_elements?(@team)
|
||||
end
|
||||
|
||||
def custom_field_params
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
class SampleGroupsController < ApplicationController
|
||||
before_action :load_vars_nested
|
||||
before_action :check_create_permissions
|
||||
before_action :set_sample_group, except: [:create, :index]
|
||||
before_action :check_permissions, except: %i(index sample_group_element)
|
||||
before_action :set_sample_group, except: %i(create index)
|
||||
before_action :set_project_my_module, only: :index
|
||||
layout 'fluid'
|
||||
|
||||
|
|
@ -133,8 +133,8 @@ class SampleGroupsController < ApplicationController
|
|||
render_404 unless @team
|
||||
end
|
||||
|
||||
def check_create_permissions
|
||||
render_403 unless can_create_sample_type_in_team(@team)
|
||||
def check_permissions
|
||||
render_403 unless can_manage_sample_elements?(@team)
|
||||
end
|
||||
|
||||
def sample_group_params
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
class SampleTypesController < ApplicationController
|
||||
before_action :load_vars_nested
|
||||
before_action :check_create_permissions
|
||||
before_action :set_sample_type, except: [:create, :index]
|
||||
before_action :check_permissions, except: %i(index sample_type_element)
|
||||
before_action :set_sample_type, except: %i(create index)
|
||||
before_action :set_project_my_module, only: :index
|
||||
layout 'fluid'
|
||||
|
||||
|
|
@ -129,8 +129,8 @@ class SampleTypesController < ApplicationController
|
|||
render_404 unless @team
|
||||
end
|
||||
|
||||
def check_create_permissions
|
||||
render_403 unless can_create_sample_type_in_team(@team)
|
||||
def check_permissions
|
||||
render_403 unless can_manage_sample_elements?(@team)
|
||||
end
|
||||
|
||||
def set_sample_type
|
||||
|
|
|
|||
|
|
@ -6,13 +6,11 @@ class SamplesController < ApplicationController
|
|||
before_action :load_vars, only: [:edit, :update, :destroy, :show]
|
||||
before_action :load_vars_nested, only: [:new, :create]
|
||||
|
||||
before_action :check_edit_permissions, only: :edit
|
||||
before_action :check_destroy_permissions, only: :destroy
|
||||
before_action :check_manage_permissions, exept: :show
|
||||
|
||||
def new
|
||||
respond_to do |format|
|
||||
format.html
|
||||
if can_create_sample?(@team)
|
||||
groups = @team.sample_groups.map do |g|
|
||||
{ id: g.id, name: sanitize_input(g.name), color: g.color }
|
||||
end
|
||||
|
|
@ -25,9 +23,6 @@ class SamplesController < ApplicationController
|
|||
sample_types: types.as_json
|
||||
}
|
||||
end
|
||||
else
|
||||
format.json { render json: {}, status: :unauthorized }
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
|
|
@ -43,7 +38,6 @@ class SamplesController < ApplicationController
|
|||
};
|
||||
|
||||
respond_to do |format|
|
||||
if can_create_sample?(@team)
|
||||
if params[:sample]
|
||||
# Sample name
|
||||
if params[:sample][:name]
|
||||
|
|
@ -106,9 +100,6 @@ class SamplesController < ApplicationController
|
|||
else
|
||||
format.json { render json: errors, status: :bad_request }
|
||||
end
|
||||
else
|
||||
format.json { render json: {}, status: :unauthorized }
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
|
|
@ -167,7 +158,6 @@ class SamplesController < ApplicationController
|
|||
|
||||
respond_to do |format|
|
||||
if sample
|
||||
if can_update_or_delete_sample?(sample)
|
||||
if params[:sample]
|
||||
if params[:sample][:name]
|
||||
sample.name = params[:sample][:name]
|
||||
|
|
@ -287,9 +277,6 @@ class SamplesController < ApplicationController
|
|||
else
|
||||
format.json { render json: errors, status: :bad_request }
|
||||
end
|
||||
else
|
||||
format.json { render json: {}, status: :unauthorized }
|
||||
end
|
||||
else
|
||||
format.json { render json: {}, status: :not_found }
|
||||
end
|
||||
|
|
@ -318,22 +305,8 @@ class SamplesController < ApplicationController
|
|||
end
|
||||
end
|
||||
|
||||
def check_create_permissions
|
||||
unless can_create_sample?(@team)
|
||||
render_403
|
||||
end
|
||||
end
|
||||
|
||||
def check_edit_permissions
|
||||
unless can_update_or_delete_sample?(@sample)
|
||||
render_403
|
||||
end
|
||||
end
|
||||
|
||||
def check_destroy_permissions
|
||||
unless can_update_or_delete_sample?(@sample)
|
||||
render_403
|
||||
end
|
||||
def check_manage_permissions
|
||||
render_403 unless can_manage_sample?(@team)
|
||||
end
|
||||
|
||||
def sample_params
|
||||
|
|
|
|||
|
|
@ -249,7 +249,7 @@ class TeamsController < ApplicationController
|
|||
end
|
||||
|
||||
def check_create_sample_permissions
|
||||
unless can_create_sample?(@team)
|
||||
unless can_manage_sample?(@team)
|
||||
render_403
|
||||
end
|
||||
end
|
||||
|
|
|
|||
|
|
@ -662,31 +662,31 @@ module PermissionHelper
|
|||
|
||||
# ---- SAMPLE TYPES PERMISSIONS ----
|
||||
|
||||
def can_create_sample_type_in_team(team)
|
||||
is_normal_user_or_admin_of_team(team)
|
||||
end
|
||||
# def can_create_sample_type_in_team(team)
|
||||
# is_normal_user_or_admin_of_team(team)
|
||||
# end
|
||||
|
||||
# ---- SAMPLE GROUPS PERMISSIONS ----
|
||||
|
||||
def can_create_sample_group_in_team(team)
|
||||
is_normal_user_or_admin_of_team(team)
|
||||
end
|
||||
# def can_create_sample_group_in_team(team)
|
||||
# is_normal_user_or_admin_of_team(team)
|
||||
# end
|
||||
|
||||
# ---- CUSTOM FIELDS PERMISSIONS ----
|
||||
|
||||
def can_create_custom_field_in_team(team)
|
||||
is_normal_user_or_admin_of_team(team)
|
||||
end
|
||||
# def can_create_custom_field_in_team(team)
|
||||
# is_normal_user_or_admin_of_team(team)
|
||||
# end
|
||||
|
||||
def can_edit_custom_field(custom_field)
|
||||
custom_field.user == current_user ||
|
||||
is_admin_of_team(custom_field.team)
|
||||
end
|
||||
# def can_edit_custom_field(custom_field)
|
||||
# custom_field.user == current_user ||
|
||||
# is_admin_of_team(custom_field.team)
|
||||
# end
|
||||
|
||||
def can_delete_custom_field(custom_field)
|
||||
custom_field.user == current_user ||
|
||||
is_admin_of_team(custom_field.team)
|
||||
end
|
||||
# def can_delete_custom_field(custom_field)
|
||||
# custom_field.user == current_user ||
|
||||
# is_admin_of_team(custom_field.team)
|
||||
# end
|
||||
|
||||
# ---- PROTOCOL PERMISSIONS ----
|
||||
|
||||
|
|
|
|||
|
|
@ -8,9 +8,7 @@ module SamplesHelper
|
|||
end
|
||||
|
||||
def can_add_sample_related_things_to_team
|
||||
can_create_custom_field_in_team(@team) &&
|
||||
can_create_sample_type_in_team(@team) &&
|
||||
can_create_sample_group_in_team(@team)
|
||||
can_manage_sample_elements?(@team)
|
||||
end
|
||||
|
||||
def all_custom_fields
|
||||
|
|
|
|||
|
|
@ -24,13 +24,13 @@ Canaid::Permissions.register_for(Team) do
|
|||
user.is_normal_user_or_admin_of_team?(team)
|
||||
end
|
||||
|
||||
# create sample, import sample
|
||||
can :create_sample do |user, team|
|
||||
# create, import, edit, delete sample
|
||||
can :manage_sample do |user, team|
|
||||
user.is_normal_user_or_admin_of_team?(team)
|
||||
end
|
||||
|
||||
# delete samples (general permission, not for specific sample)
|
||||
can :delete_samples do |user, team|
|
||||
# create, update, delete custom field, sample type and sample group
|
||||
can :manage_sample_elements do |user, team|
|
||||
user.is_normal_user_or_admin_of_team?(team)
|
||||
end
|
||||
end
|
||||
|
|
@ -70,12 +70,3 @@ Canaid::Permissions.register_for(Protocol) do
|
|||
can_read_protocol_in_repository?(user, protocol)
|
||||
end
|
||||
end
|
||||
|
||||
Canaid::Permissions.register_for(Sample) do
|
||||
# edit sample, delete sample
|
||||
can :update_or_delete_sample do |user, sample|
|
||||
user.is_admin_of_team?(sample.team) ||
|
||||
user.is_normal_user_or_admin_of_team?(sample.team) &&
|
||||
user == sample.user
|
||||
end
|
||||
end
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@
|
|||
data-module-id="<%= @my_module.id %>"
|
||||
<% end %>>
|
||||
|
||||
<% if can_create_sample?(@team) %>
|
||||
<% if can_manage_sample?(@team) %>
|
||||
<button type="button" class="btn btn-default editAdd" id="addSample" onclick="onClickAddSample()">
|
||||
<span class="glyphicon glyphicon-plus"></span>
|
||||
<span class="hidden-xs"><%= t("samples.add_new_sample") %></span>
|
||||
|
|
@ -51,7 +51,7 @@
|
|||
<span class="caret"></span>
|
||||
</button>
|
||||
<ul class="dropdown-menu dropdown-menu-right smart-dropdown" id="samples-columns-list">
|
||||
<% if can_create_custom_field_in_team(@team) %>
|
||||
<% if can_manage_sample_elements?(@team) %>
|
||||
<li class="add-new-column-form">
|
||||
<div id="new-column-form" class="form-group" data-action="<%= team_custom_fields_path(@team) %>">
|
||||
<div class="input-group">
|
||||
|
|
@ -99,7 +99,7 @@
|
|||
<span class="hidden-xs-custom"><%= t("samples.edit_sample") %></span>
|
||||
</button>
|
||||
|
||||
<% if can_delete_samples?(@team) %>
|
||||
<% if can_manage_sample?(@team) %>
|
||||
<button type="button" class="btn btn-default"
|
||||
id="deleteSamplesButton" data-target="#deleteSamples" data-toggle="modal" disabled>
|
||||
<span class="glyphicon glyphicon-trash"></span>
|
||||
|
|
@ -148,8 +148,8 @@
|
|||
<% all_custom_fields.each do |cf| %>
|
||||
<th class="custom-field"
|
||||
id="<%= cf.id %>"
|
||||
<%= 'data-editable' if can_edit_custom_field(cf) %>
|
||||
<%= 'data-deletable' if can_delete_custom_field(cf) %>
|
||||
<%= 'data-editable' if can_manage_sample_elements?(@team) %>
|
||||
<%= 'data-deletable' if can_manage_sample_elements?(@team) %>
|
||||
<%= "data-edit-url='#{edit_team_custom_field_path(@team, cf)}'" %>
|
||||
<%= "data-update-url='#{team_custom_field_path(@team, cf)}'" %>
|
||||
<%= "data-destroy-html-url='#{team_custom_field_destroy_html_path(@team, cf)}'" %>
|
||||
|
|
|
|||
Loading…
Reference in a new issue