Minor permissions refactoring, including putting the same checks for multiple permissions before the specific ones, hence preventing further evaluation if those permissions are not met.

2024-09-20 23:16:15 +08:00 · 2018-03-04 14:19:17 +01:00 · 2018-03-04 14:19:17 +01:00 · 5724f8ed4d
parent ff9dff5c10
commit 5724f8ed4d
2 changed files with 86 additions and 71 deletions
--- a/app/permissions/experiment.rb
+++ b/app/permissions/experiment.rb
@ -1,4 +1,17 @@
 Canaid::Permissions.register_for(Experiment) do
+  # Experiment and its project must be active for all the specified permissions
+  %i(read_experiment
+     manage_experiment
+     archive_experiment
+     clone_experiment
+     move_experiment)
+    .each do |perm|
+    can perm do |_, experiment|
+      experiment.active? &&
+        experiment.project.active?
+    end
+  end
+
  # experiment: read (read archive)
  # canvas: read
  # module: read (read users, read comments, read archive)
@ -38,21 +51,24 @@ Canaid::Permissions.register_for(Experiment) do
  can :move_experiment do |user, experiment|
    can_clone_experiment?(user, experiment)
  end
-  # Experiment and its project must be active for all the specified permissions
-  %i(read_experiment
-     manage_experiment
-     archive_experiment
-     clone_experiment
-     move_experiment)
-    .each do |perm|
-    can perm do |_, experiment|
-      experiment.active? &&
-        experiment.project.active?
-    end
-  end
 end

 Canaid::Permissions.register_for(MyModule) do
+  # Module, its experiment and its project must be active for all the specified
+  # permissions
+  %i(manage_module
+     manage_users_in_module
+     assign_sample_to_module
+     complete_module
+     create_comments_in_module)
+    .each do |perm|
+    can perm do |_, my_module|
+      my_module.active? &&
+        my_module.experiment.active? &&
+        my_module.experiment.project.active?
+    end
+  end
+
  # module: update, archive, move
  # result: create, update
  can :manage_module do |user, my_module|
@ -89,22 +105,34 @@ Canaid::Permissions.register_for(MyModule) do
  can :create_comments_in_module do |user, my_module|
    can_create_comments_in_project?(user, my_module.experiment.project)
  end
+end
+
+Canaid::Permissions.register_for(Protocol) do
+  # Protocol needs to be in a module for all Protocol permissions below
+  # experiment level
+  %i(read_protocol_in_module
+     manage_protocol_in_module
+     complete_or_checkbox_step)
+    .each do |perm|
+    can perm do |_, protocol|
+      protocol.in_module?
+    end
+  end
+
  # Module, its experiment and its project must be active for all the specified
  # permissions
-  %i(manage_module
-     manage_users_in_module
-     assign_sample_to_module
-     complete_module
-     create_comments_in_module).each do |perm|
-    can perm do |_, my_module|
+  %i(read_protocol_in_module
+     manage_protocol_in_module
+     complete_or_checkbox_step)
+    .each do |perm|
+    can perm do |_, protocol|
+      my_module = protocol.my_module
      my_module.active? &&
        my_module.experiment.active? &&
        my_module.experiment.project.active?
    end
  end
-end

-Canaid::Permissions.register_for(Protocol) do
  # protocol in module: read
  # step in module: read, read comments, read/download assets
  can :read_protocol_in_module do |user, protocol|
@ -135,29 +163,9 @@ Canaid::Permissions.register_for(Protocol) do
      false
    end
  end
-
-  # Module, its experiment and its project must be active for all the specified
-  # permissions
-  %i(read_protocol_in_module
-     manage_protocol_in_module
-     complete_or_checkbox_step)
-    .each do |perm|
-    can perm do |_, protocol|
-      my_module = protocol.my_module
-      my_module.active? &&
-        my_module.experiment.active? &&
-        my_module.experiment.project.active?
-    end
-  end
 end

 Canaid::Permissions.register_for(Result) do
-  # result: delete, archive
-  can :manage_result do |user, result|
-    result.unlocked?(result) &&
-      user.is_owner_of_project?(result.my_module.experiment.project)
-  end
-
  # Module, its experiment and its project must be active for all the specified
  # permissions
  %i(manage_result).each do |perm|
@ -168,9 +176,27 @@ Canaid::Permissions.register_for(Result) do
        my_module.experiment.project.active?
    end
  end
+
+  # result: delete, archive
+  can :manage_result do |user, result|
+    result.unlocked?(result) &&
+      user.is_owner_of_project?(result.my_module.experiment.project)
+  end
 end

 Canaid::Permissions.register_for(Comment) do
+  # Module, its experiment and its project must be active for all the specified
+  # permissions
+  %i(manage_comment_in_module)
+    .each do |perm|
+    can perm do |_, comment|
+      my_module = ::PermissionsUtil.get_comment_module(comment)
+      my_module.active? &&
+        my_module.experiment.active? &&
+        my_module.experiment.project.active?
+    end
+  end
+
  # module: update/delete comment
  # result: update/delete comment
  # step: update/delete comment
@ -181,15 +207,4 @@ Canaid::Permissions.register_for(Comment) do
    project.present? &&
      (user.is_owner_of_project?(project) || comment.user == user)
  end
-
-  # Module, its experiment and its project must be active for all the specified
-  # permissions
-  %i(manage_comment_in_module).each do |perm|
-    can perm do |_, comment|
-      my_module = ::PermissionsUtil.get_comment_module(comment)
-      my_module.active? &&
-        my_module.experiment.active? &&
-        my_module.experiment.project.active?
-    end
-  end
 end
--- a/app/permissions/project.rb
+++ b/app/permissions/project.rb
@ -1,4 +1,18 @@
 Canaid::Permissions.register_for(Project) do
+  # Project must be active for all the specified permissions
+  %i(read_project
+     manage_project
+     archive_project
+     create_experiments
+     create_comments_in_project
+     manage_tags
+     manage_reports)
+    .each do |perm|
+    can perm do |_, project|
+      project.active?
+    end
+  end
+
  # project: read, read activities, read comments, read users, read archive,
  #          read notifications
  # reports: read
@ -46,29 +60,9 @@ Canaid::Permissions.register_for(Project) do
  can :manage_reports do |user, project|
    user.is_technician_or_higher_of_project?(project)
  end
-
-  # Project must be active for all the specified permissions
-  %i(read_project
-     manage_project
-     archive_project
-     create_experiments
-     create_comments_in_project
-     manage_tags
-     manage_reports)
-    .each do |perm|
-    can perm do |_, project|
-      project.active?
-    end
-  end
 end

 Canaid::Permissions.register_for(ProjectComment) do
-  # project: update/delete comment
-  can :manage_comment_in_project do |user, project_comment|
-    project_comment.project.present? && (project_comment.user == user ||
-      user.is_owner_of_project?(project))
-  end
-
  # Project must be active for all the specified permissions
  %i(manage_comment_in_project)
    .each do |perm|
@ -76,4 +70,10 @@ Canaid::Permissions.register_for(ProjectComment) do
      project_comment.project.active?
    end
  end
+
+  # project: update/delete comment
+  can :manage_comment_in_project do |user, project_comment|
+    project_comment.project.present? && (project_comment.user == user ||
+      user.is_owner_of_project?(project))
+  end
 end