From 4fe669ca9a85dd17acb030ea9fc277e23b1e246f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matej=20Zrim=C5=A1ek?= Date: Wed, 14 Feb 2018 16:15:42 +0100 Subject: [PATCH] Removed permissions helper and updated the remaining calls to its methods with the new canaid gem permissions. --- .../api/v20170715/core_api_controller.rb | 2 - app/controllers/application_controller.rb | 1 - app/controllers/concerns/sample_actions.rb | 1 - app/controllers/experiments_controller.rb | 1 - app/controllers/wopi_controller.rb | 1 - app/helpers/permission_helper.rb | 300 ------------------ .../modals/_manage_users_modal.html.erb | 2 +- .../user_projects/_index_edit_footer.html.erb | 2 +- 8 files changed, 2 insertions(+), 308 deletions(-) delete mode 100644 app/helpers/permission_helper.rb diff --git a/app/controllers/api/v20170715/core_api_controller.rb b/app/controllers/api/v20170715/core_api_controller.rb index 7c5a61fac..c8a07e8dc 100644 --- a/app/controllers/api/v20170715/core_api_controller.rb +++ b/app/controllers/api/v20170715/core_api_controller.rb @@ -1,8 +1,6 @@ module Api module V20170715 class CoreApiController < ApiController - include PermissionHelper - def tasks_tree teams_json = [] current_user.teams.find_each do |tm| diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 3143debb3..ab83e183d 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -1,5 +1,4 @@ class ApplicationController < ActionController::Base - include PermissionHelper include FirstTimeDataGenerator acts_as_token_authentication_handler_for User diff --git a/app/controllers/concerns/sample_actions.rb b/app/controllers/concerns/sample_actions.rb index 5b97544eb..2e94cdbec 100644 --- a/app/controllers/concerns/sample_actions.rb +++ b/app/controllers/concerns/sample_actions.rb @@ -1,6 +1,5 @@ module SampleActions extend ActiveSupport::Concern - include PermissionHelper def delete_samples check_destroy_samples_permissions diff --git a/app/controllers/experiments_controller.rb b/app/controllers/experiments_controller.rb index ecd95c95d..ff6502496 100644 --- a/app/controllers/experiments_controller.rb +++ b/app/controllers/experiments_controller.rb @@ -1,6 +1,5 @@ class ExperimentsController < ApplicationController include SampleActions - include PermissionHelper include TeamsHelper include InputSanitizeHelper include ActionView::Helpers::TextHelper diff --git a/app/controllers/wopi_controller.rb b/app/controllers/wopi_controller.rb index c5e8462c5..a716628de 100644 --- a/app/controllers/wopi_controller.rb +++ b/app/controllers/wopi_controller.rb @@ -1,6 +1,5 @@ class WopiController < ActionController::Base include WopiUtil - include PermissionHelper before_action :load_vars, :authenticate_user_from_token! before_action :verify_proof! diff --git a/app/helpers/permission_helper.rb b/app/helpers/permission_helper.rb deleted file mode 100644 index b0d2722af..000000000 --- a/app/helpers/permission_helper.rb +++ /dev/null @@ -1,300 +0,0 @@ -require "aspector" - -module PermissionHelper - - ####################################################### - # SOME REFLECTION MAGIC - ####################################################### - aspector do - # ---- TEAM ROLES DEFINITIONS ---- - around [ - :is_member_of_team, - :is_admin_of_team, - :is_normal_user_of_team, - :is_normal_user_or_admin_of_team, - :is_guest_of_team - ] do |proxy, *args, &block| - if args[0] - @user_team = current_user.user_teams.where(team: args[0]).take - @user_team ? proxy.call(*args, &block) : false - else - false - end - end - - # ---- PROJECT ROLES DEFINITIONS ---- - around [ - :is_member_of_project, - :is_owner_of_project, - :is_user_of_project, - :is_user_or_higher_of_project, - :is_technician_of_project, - :is_technician_or_higher_of_project, - :is_viewer_of_project - ] do |proxy, *args, &block| - if args[0] - @user_project = current_user.user_projects.where(project: args[0]).take - @user_project ? proxy.call(*args, &block) : false - else - false - end - end - - end - - private - - ####################################################### - # ROLES - ####################################################### - # The following code should stay private, and for each - # permission that's needed throughout application, a - # public method should be made. That way, we can have - # all permissions gathered here in one place. - - # ---- TEAM ROLES ---- - def is_member_of_team(team) - # This is already checked by aspector, so just return true - true - end - - def is_admin_of_team(team) - @user_team.admin? - end - - def is_normal_user_of_team(team) - @user_team.normal_user? - end - - def is_normal_user_or_admin_of_team(team) - @user_team.normal_user? or @user_team.admin? - end - - def is_guest_of_team(team) - @user_team.guest? - end - - # ---- PROJECT ROLES ---- - def is_member_of_project(project) - # This is already checked by aspector, so just return true - true - end - - def is_creator_of_project(project) - project.created_by == current_user - end - - def is_owner_of_project(project) - @user_project.owner? - end - - def is_user_of_project(project) - @user_project.normal_user? - end - - def is_user_or_higher_of_project(project) - @user_project.normal_user? or @user_project.owner? - end - - def is_technician_of_project(project) - @user_project.technician? - end - - def is_technician_or_higher_of_project(project) - @user_project.technician? or - @user_project.normal_user? or - @user_project.owner? - end - - def is_viewer_of_project(project) - @user_project.viewer? - end - - public - - ####################################################### - # PERMISSIONS - ####################################################### - # The following list can be expanded for new permissions, - # and only the following list should be public. Also, - # in a lot of cases, the following methods should be added - # to "is project archived" or "is module archived" checks - # at the beginning of this file (via aspector). - - # ---- ATWHO PERMISSIONS ---- - # def can_view_team_users(team) - # is_member_of_team(team) - # end - - # ---- PROJECT PERMISSIONS ---- - - # def can_view_projects(team) - # is_member_of_team(team) - # end - - # def can_create_project(team) - # is_normal_user_or_admin_of_team(team) - # end - - # ---- REPORTS PERMISSIONS ---- - - # ---- SAMPLE PERMISSIONS ---- - - # def can_create_samples(team) - # is_normal_user_or_admin_of_team(team) - # end - - # def can_view_samples(team) - # is_member_of_team(team) - # end - - # Only person who created the sample - # or team admin can edit it - # def can_edit_sample(sample) - # is_admin_of_team(sample.team) or - # sample.user == current_user - # end - - # Only person who created sample can delete it - # def can_delete_sample(sample) - # sample.user == current_user - # end - - # def can_delete_samples(team) - # is_normal_user_or_admin_of_team(team) - # end - - # ---- SAMPLE TYPES PERMISSIONS ---- - - # def can_create_sample_type_in_team(team) - # is_normal_user_or_admin_of_team(team) - # end - - # ---- SAMPLE GROUPS PERMISSIONS ---- - - # def can_create_sample_group_in_team(team) - # is_normal_user_or_admin_of_team(team) - # end - - # ---- CUSTOM FIELDS PERMISSIONS ---- - - # def can_create_custom_field_in_team(team) - # is_normal_user_or_admin_of_team(team) - # end - - # def can_edit_custom_field(custom_field) - # custom_field.user == current_user || - # is_admin_of_team(custom_field.team) - # end - - # def can_delete_custom_field(custom_field) - # custom_field.user == current_user || - # is_admin_of_team(custom_field.team) - # end - - # ---- PROTOCOL PERMISSIONS ---- - - # def can_view_team_protocols(team) - # is_member_of_team(team) - # end - - # def can_create_new_protocol(team) - # is_normal_user_or_admin_of_team(team) - # end - - # def can_import_protocols(team) - # is_normal_user_or_admin_of_team(team) - # end - - # def can_edit_protocol(protocol) - # is_normal_user_or_admin_of_team(protocol.team) and - # current_user == protocol.added_by and (not protocol.in_repository_archived?) - # end - - # def can_clone_protocol(protocol) - # is_normal_user_or_admin_of_team(protocol.team) and - # ( - # protocol.in_repository_public? or - # (protocol.in_repository_private? and current_user == protocol.added_by) - # ) - # end - - # def can_make_protocol_private(protocol) - # protocol.added_by == current_user and - # protocol.in_repository_public? - # end - - # def can_publish_protocol(protocol) - # protocol.added_by == current_user and - # protocol.in_repository_private? - # end - - # def can_archive_protocol(protocol) - # protocol.added_by == current_user and - # (protocol.in_repository_public? or protocol.in_repository_private?) - # end - - # def can_restore_protocol(protocol) - # protocol.added_by == current_user and - # protocol.in_repository_archived? - # end - - # ---- REPOSITORIES PERMISSIONS ---- - - # def can_view_team_repositories(team) - # is_member_of_team(team) - # end - - # def can_create_repository(team) - # is_admin_of_team(team) && - # team.repositories.count < Constants::REPOSITORIES_LIMIT - # end - - # def can_view_repository(repository) - # is_member_of_team(repository.team) - # end - - # def can_edit_and_destroy_repository(repository) - # is_admin_of_team(repository.team) - # end - - # def can_copy_repository(repository) - # can_create_repository(repository.team) - # end - - # def can_create_columns_in_repository(repository) - # is_normal_user_or_admin_of_team(repository.team) - # end - - # def can_delete_column_in_repository(column) - # column.created_by == current_user || - # is_admin_of_team(column.repository.team) - # end - - # def can_edit_column_in_repository(column) - # column.created_by == current_user || - # is_admin_of_team(column.repository.team) - # end - - # def can_create_repository_records(repository) - # is_normal_user_or_admin_of_team(repository.team) - # end - - # def can_import_repository_records(repository) - # is_normal_user_or_admin_of_team(repository.team) - # end - - # def can_edit_repository_record(record) - # is_normal_user_or_admin_of_team(record.repository.team) - # end - - # def can_delete_repository_records(repository) - # is_normal_user_or_admin_of_team(repository.team) - # end - - # def can_delete_repository_record(record) - # team = record.repository.team - # is_admin_of_team(team) || (is_normal_user_of_team(team) && - # record.created_by == current_user) - # end -end diff --git a/app/views/my_modules/modals/_manage_users_modal.html.erb b/app/views/my_modules/modals/_manage_users_modal.html.erb index 8ed04d910..ffad4de93 100644 --- a/app/views/my_modules/modals/_manage_users_modal.html.erb +++ b/app/views/my_modules/modals/_manage_users_modal.html.erb @@ -8,7 +8,7 @@
- <% if is_admin_of_team(@experiment.project.team) %> + <% if current_user.is_admin_of_team?(@experiment.project.team) %> <%= link_to t("experiments.canvas.full_zoom.modal_manage_users.invite_users_link"), "/settings/teams/#{@experiment.project.team.id}", data: { turbolinks: false } %> diff --git a/app/views/user_projects/_index_edit_footer.html.erb b/app/views/user_projects/_index_edit_footer.html.erb index 3be515458..8dbe3ddb7 100644 --- a/app/views/user_projects/_index_edit_footer.html.erb +++ b/app/views/user_projects/_index_edit_footer.html.erb @@ -1,6 +1,6 @@ - <% if is_admin_of_team(@project.team) %> + <% if current_user.is_admin_of_team?(@project.team) %> <%= link_to t('projects.index.modal_manage_users.invite_users_link'), "/settings/teams/#{@project.team.id}", data: { turbolinks: false } %>