scinote-eln/scinote-web
1
1
Fork 0
mirror of https://github.com/scinote-eln/scinote-web.git synced 2025-09-04 04:04:36 +08:00
Code Issues Projects Releases Packages Wiki Activity

Overall refactoring of all canaid permissions and code related to their calls.

Browse source
This commit is contained in:
Matej Zrimšek 2018-02-15 18:46:29 +01:00
parent 4fe669ca9a
commit 5bda53eebf
48 changed files with 220 additions and 236 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
app/controllers/assets_controller.rb
View file

@ -125,7 +125,7 @@ class AssetsController < ApplicationController
def check_edit_permission
if @assoc.class == Step
render_403 && return unless can_manage_protocol_in_module?(@protocol) ||
can_update_protocol_in_repository?(@protocol)
can_manage_protocol_in_repository?(@protocol)
elsif @assoc.class == Result
render_403 and return unless can_manage_module?(@my_module)
end

7
app/controllers/concerns/sample_actions.rb
View file

@ -2,7 +2,6 @@ module SampleActions
extend ActiveSupport::Concern
def delete_samples
check_destroy_samples_permissions
if params[:sample_ids].present?
counter_user = 0
@ -10,7 +9,7 @@ module SampleActions
params[:sample_ids].each do |id|
sample = Sample.find_by_id(id)
if sample && can_update_or_delete_sample?(sample)
if sample && can_manage_sample?(sample)
sample.destroy
counter_user += 1
else
@ -42,8 +41,4 @@ module SampleActions
redirect_to samples_experiment_path(@experiment)
end
end
def check_destroy_samples_permissions
render_403 unless can_manage_samples?(@project.team)
end
end

8
app/controllers/custom_fields_controller.rb
View file

@ -4,7 +4,7 @@ class CustomFieldsController < ApplicationController
before_action :load_vars, except: :create
before_action :load_vars_nested, only: [:create, :destroy_html]
before_action :check_create_permissions, only: :create
before_action :check_update_and_delete_permissions, except: :create
before_action :check_manage_permissions, except: :create
def create
@custom_field = CustomField.new(custom_field_params)
@ -105,11 +105,11 @@ class CustomFieldsController < ApplicationController
end
def check_create_permissions
render_403 unless can_manage_sample_columns?(@team)
render_403 unless can_create_sample_columns?(@team)
end
def check_update_and_delete_permissions
render_403 unless can_update_or_delete_custom_field?(@custom_field)
def check_manage_permissions
render_403 unless can_manage_sample_column?(@custom_field)
end
def custom_field_params

2
app/controllers/my_module_comments_controller.rb
View file

@ -183,7 +183,7 @@ class MyModuleCommentsController < ApplicationController
end
def check_add_permissions
render_403 unless can_create_comment_in_module?(@my_module)
render_403 unless can_create_comments_in_module?(@my_module)
end
def check_manage_permissions

3
app/controllers/my_modules_controller.rb
View file

@ -608,7 +608,8 @@ class MyModulesController < ApplicationController
end
def check_assign_repository_records_permissions
render_403 unless can_assign_repository_records_to_module?(@my_module)
render_403 unless module_page? &&
can_assign_repository_rows_to_module?(@my_module)
end
def check_complete_module_permission

2
app/controllers/project_comments_controller.rb
View file

@ -174,7 +174,7 @@ class ProjectCommentsController < ApplicationController
end
def check_create_permissions
render_403 unless can_create_comment_in_project?(@project)
render_403 unless can_create_comments_in_project?(@project)
end
def check_manage_permissions

54
app/controllers/protocols_controller.rb
View file

@ -18,7 +18,13 @@ class ProtocolsController < ApplicationController
linked_children
linked_children_datatable
)
before_action :check_edit_permissions, only: %i(
before_action :check_view_all_permissions, only: %i(
index
datatable
)
# For update_from_parent and update_from_parent_modal we don't need to check
# read permission for the parent protocol
before_action :check_manage_in_module_permissions, only: %i(
edit
update_metadata
update_keywords
@ -26,14 +32,6 @@ class ProtocolsController < ApplicationController
edit_keywords_modal
edit_authors_modal
edit_description_modal
)
before_action :check_view_all_permissions, only: %i(
index
datatable
)
# For update_from_parent and update_from_parent_modal we don't need to check
# read permission for the parent protocol
before_action :check_manage_permissions, only: %i(
unlink
unlink_modal
revert
@ -41,7 +39,7 @@ class ProtocolsController < ApplicationController
update_from_parent
update_from_parent_modal
)
before_action :check_update_parent_permissions, only: %i(
before_action :check_manage_parent_in_repository_permissions, only: %i(
update_parent
update_parent_modal
)
@ -1066,27 +1064,17 @@ class ProtocolsController < ApplicationController
end
end
def check_edit_permissions
load_team_and_type
def check_manage_in_module_permissions
@protocol = Protocol.find_by_id(params[:id])
unless can_update_protocol_in_repository?(@protocol)
render_403
end
end
def check_manage_permissions
@protocol = Protocol.find_by_id(params[:id])
render_403 if @protocol.blank? || !can_manage_protocol_in_module?(@protocol)
end
def check_update_parent_permissions
@protocol = Protocol.find_by_id(params[:id])
render_403 unless @protocol.present? &&
(can_read_protocol_in_module?(@protocol) ||
can_update_protocol_in_repository(@protocol.parent))
can_manage_protocol_in_module?(@protocol)
end
def check_manage_parent_in_repository_permissions
@protocol = Protocol.find_by_id(params[:id])
render_403 unless @protocol.present? &&
can_read_protocol_in_module?(@protocol) &&
can_manage_protocol_in_repository(@protocol.parent)
end
def check_load_from_repository_views_permissions
@ -1130,7 +1118,7 @@ class ProtocolsController < ApplicationController
@protocols = Protocol.where(id: params[:protocol_ids])
@protocols.find_each do |protocol|
if !protocol.in_repository_public? ||
!can_update_protocol_type_in_repository?(protocol)
!can_manage_protocol_in_repository?(protocol)
respond_to { |f| f.json { render json: {}, status: :unauthorized } }
return
end
@ -1141,7 +1129,7 @@ class ProtocolsController < ApplicationController
@protocols = Protocol.where(id: params[:protocol_ids])
@protocols.find_each do |protocol|
if !protocol.in_repository_private? ||
!can_update_protocol_type_in_repository?(protocol)
!can_manage_protocol_in_repository?(protocol)
respond_to { |f| f.json { render json: {}, status: :unauthorized } }
return
end
@ -1152,7 +1140,7 @@ class ProtocolsController < ApplicationController
@protocols = Protocol.where(id: params[:protocol_ids])
@protocols.find_each do |protocol|
if protocol.in_repository_archived? ||
!can_update_protocol_type_in_repository?(protocol)
!can_manage_protocol_in_repository?(protocol)
respond_to { |f| f.json { render json: {}, status: :unauthorized } }
return
end
@ -1163,7 +1151,7 @@ class ProtocolsController < ApplicationController
@protocols = Protocol.where(id: params[:protocol_ids])
@protocols.find_each do |protocol|
if protocol.in_repository_active? ||
!can_update_protocol_type_in_repository?(protocol)
!can_manage_protocol_in_repository?(protocol)
respond_to { |f| f.json { render json: {}, status: :unauthorized } }
return
end

4
app/controllers/reports_controller.rb
View file

@ -450,11 +450,11 @@ class ReportsController < ApplicationController
end
def check_create_permissions
render_403 unless can_create_or_manage_reports?(@project)
render_403 unless can_manage_reports?(@project)
end
def check_manage_permissions
render_403 unless can_create_or_manage_reports?(@project)
render_403 unless can_manage_reports?(@project)
render_404 unless params.include? :report_ids
end

6
app/controllers/repositories_controller.rb
View file

@ -6,7 +6,7 @@ class RepositoriesController < ApplicationController
before_action :check_team, only: %i(parse_sheet import_records)
before_action :check_view_all_permissions, only: :index
before_action :check_view_permissions, only: :export_repository
before_action :check_edit_and_destroy_permissions, only:
before_action :check_manage_permissions, only:
%i(destroy destroy_modal rename_modal update)
before_action :check_create_permissions, only:
%i(create_new_modal create copy_modal copy)
@ -309,8 +309,8 @@ class RepositoriesController < ApplicationController
@team.repositories.count < Constants::REPOSITORIES_LIMIT
end
def check_edit_and_destroy_permissions
render_403 unless can_update_or_delete_repository?(@repository)
def check_manage_permissions
render_403 unless can_manage_repository?(@repository)
end
def repository_params

6
app/controllers/repository_columns_controller.rb
View file

@ -4,7 +4,7 @@ class RepositoryColumnsController < ApplicationController
before_action :load_vars, except: :create
before_action :load_vars_nested, only: :create
before_action :check_create_permissions, only: :create
before_action :check_update_and_delete_permissions, except: :create
before_action :check_manage_permissions, except: :create
def create
@repository_column = RepositoryColumn.new(repository_column_params)
@ -111,8 +111,8 @@ class RepositoryColumnsController < ApplicationController
render_403 unless can_create_repository_columns?(@repository.team)
end
def check_update_and_delete_permissions
render_403 unless can_update_or_delete_repository_column?(@repository_column)
def check_manage_permissions
render_403 unless can_manage_repository_column?(@repository_column)
end
def repository_column_params

15
app/controllers/repository_rows_controller.rb
View file

@ -6,8 +6,7 @@ class RepositoryRowsController < ApplicationController
before_action :load_vars, only: %i(edit update)
before_action :load_repository, only: %i(create delete_records)
before_action :check_create_permissions, only: :create
before_action :check_edit_permissions, only: %i(edit update)
before_action :check_destroy_permissions, only: :delete_records
before_action :check_manage_permissions, only: %i(edit update delete_records)
def create
record = RepositoryRow.new(repository: @repository,
@ -171,7 +170,7 @@ class RepositoryRowsController < ApplicationController
if selected_params
selected_params.each do |row_id|
row = @repository.repository_rows.find_by_id(row_id)
if row && can_update_or_delete_repository_row?(row)
if row && can_manage_repository_row?(row)
row.destroy && deleted_count += 1
end
end
@ -221,12 +220,10 @@ class RepositoryRowsController < ApplicationController
render_403 unless can_manage_repository_rows?(@repository.team)
end
def check_edit_permissions
render_403 unless can_update_or_delete_repository_row?(@record)
end
def check_destroy_permissions
render_403 unless can_manage_repository_rows?(@repository.team)
def check_manage_permissions
render_403 unless @repository.repository_rows.all? do |row|
can_manage_repository_row?(row)
end
end
def record_params

2
app/controllers/result_comments_controller.rb
View file

@ -175,7 +175,7 @@ class ResultCommentsController < ApplicationController
end
def check_add_permissions
render_403 unless can_create_comment_in_module?(@my_module)
render_403 unless can_create_comments_in_module?(@my_module)
end
def check_manage_permissions

6
app/controllers/results_controller.rb
View file

@ -1,6 +1,6 @@
class ResultsController < ApplicationController
before_action :load_vars
before_action :can_destroy_permissions
before_action :check_destroy_permissions
def destroy
act_log = t('my_modules.module_archive.table_log',
@ -39,7 +39,7 @@ class ResultsController < ApplicationController
@my_module = @result.my_module
end
def can_destroy_permissions
render_403 unless can_delete_or_archive_result?(@my_module)
def check_destroy_permissions
render_403 unless can_manage_result?(@my_module)
end
end

12
app/controllers/sample_groups_controller.rb
View file

@ -1,6 +1,8 @@
class SampleGroupsController < ApplicationController
before_action :load_vars_nested
before_action :check_permissions, except: %i(index sample_group_element)
before_action :check_view_permissions, only: %i(index sample_group_element)
before_action :check_manage_permissions, only: %i(create edit update destroy
destroy_confirmation)
before_action :set_sample_group, except: %i(create index)
before_action :set_project_my_module, only: :index
layout 'fluid'
@ -133,8 +135,12 @@ class SampleGroupsController < ApplicationController
render_404 unless @team
end
def check_permissions
render_403 unless can_manage_sample_columns?(@team)
def check_view_permissions
render_403 unless can_read_team?(@team)
end
def check_manage_permissions
render_403 unless can_manage_sample_types_and_groups?(@team)
end
def sample_group_params

12
app/controllers/sample_types_controller.rb
View file

@ -1,6 +1,8 @@
class SampleTypesController < ApplicationController
before_action :load_vars_nested
before_action :check_permissions, except: %i(index sample_type_element)
before_action :check_view_permissions, only: %i(index sample_type_element)
before_action :check_manage_permissions, only: %i(create edit update destroy
destroy_confirmation)
before_action :set_sample_type, except: %i(create index)
before_action :set_project_my_module, only: :index
layout 'fluid'
@ -129,8 +131,12 @@ class SampleTypesController < ApplicationController
render_404 unless @team
end
def check_permissions
render_403 unless can_manage_sample_columns?(@team)
def check_view_permissions
render_403 unless can_read_team?(@team)
end
def check_manage_permissions
render_403 unless can_manage_sample_types_and_groups?(@team)
end
def set_sample_type

9
app/controllers/samples_controller.rb
View file

@ -7,8 +7,7 @@ class SamplesController < ApplicationController
before_action :load_vars_nested, only: [:new, :create]
before_action :check_create_permissions, only: %i(new create)
before_action :check_update_and_delete_permissions,
only: %i(edit update destroy)
before_action :check_manage_permissions, only: %i(edit update destroy)
def new
respond_to do |format|
@ -308,11 +307,11 @@ class SamplesController < ApplicationController
end
def check_create_permissions
render_403 unless can_manage_samples?(@team)
render_403 unless can_create_samples?(@team)
end
def check_update_and_delete_permissions
render_403 unless can_update_or_delete_sample?(@sample)
def check_manage_permissions
render_403 unless can_manage_sample?(@sample)
end
def sample_params

2
app/controllers/step_comments_controller.rb
View file

@ -184,7 +184,7 @@ class StepCommentsController < ApplicationController
end
def check_add_permissions
render_403 unless can_create_comment_in_module?(@protocol.my_module)
render_403 unless can_create_comments_in_module?(@protocol.my_module)
end
def check_manage_permissions

6
app/controllers/steps_controller.rb
View file

@ -396,7 +396,7 @@ class StepsController < ApplicationController
if step
protocol = step.protocol
if can_manage_protocol_in_module?(protocol) ||
can_update_protocol_in_repository?(protocol)
can_manage_protocol_in_repository?(protocol)
if step.position > 0
step_down = step.protocol.steps.where(position: step.position - 1).first
step.position -= 1
@ -443,7 +443,7 @@ class StepsController < ApplicationController
if step
protocol = step.protocol
if can_manage_protocol_in_module?(protocol) ||
can_update_protocol_in_repository?(protocol)
can_manage_protocol_in_repository?(protocol)
if step.position < step.protocol.steps.count - 1
step_up = step.protocol.steps.where(position: step.position + 1).first
step.position += 1
@ -615,7 +615,7 @@ class StepsController < ApplicationController
def check_manage_permissions
render_403 unless can_manage_protocol_in_module?(@protocol) ||
can_update_protocol_in_repository?(@protocol)
can_manage_protocol_in_repository?(@protocol)
end
def check_complete_and_checkbox_permissions

2
app/controllers/tags_controller.rb
View file

@ -141,7 +141,7 @@ class TagsController < ApplicationController
end
def check_manage_permissions
render_403 unless can_create_or_manage_tags?(@project)
render_403 unless can_manage_tags?(@project)
end
def tag_params

9
app/controllers/teams_controller.rb
View file

@ -1,7 +1,8 @@
class TeamsController < ApplicationController
before_action :load_vars, only: [:parse_sheet, :import_samples, :export_samples]
before_action :check_create_sample_permissions, only: [:parse_sheet, :import_samples]
before_action :check_create_samples_permissions, only: %i(parse_sheet
import_samples)
before_action :check_view_samples_permission, only: [:export_samples]
def parse_sheet
@ -258,10 +259,8 @@ class TeamsController < ApplicationController
params.permit(sample_ids: [], header_ids: []).to_h
end
def check_create_sample_permissions
unless can_manage_samples?(@team)
render_403
end
def check_create_samples_permissions
render_403 unless can_create_samples?(@team)
end
def check_view_samples_permission

2
app/controllers/wopi_controller.rb
View file

@ -294,7 +294,7 @@ class WopiController < ActionController::Base
@breadcrumb_folder_name = @protocol.my_module.name
else
@can_read = can_read_protocol_in_repository?(@protocol)
@can_write = can_update_protocol_in_repository?(@protocol)
@can_write = can_manage_protocol_in_repository?(@protocol)
@close_url = protocols_url(only_path: false,
host: ENV['WOPI_USER_HOST'])

6
app/datatables/protocols_datatable.rb
View file

@ -3,7 +3,7 @@ class ProtocolsDatatable < CustomDatatable
include ActiveRecord::Sanitization::ClassMethods
include InputSanitizeHelper
def_delegator :@view, :can_update_protocol_in_repository?
def_delegator :@view, :can_manage_protocol_in_repository?
def_delegator :@view, :edit_protocol_path
def_delegator :@view, :can_clone_protocol_in_repository?
def_delegator :@view, :clone_protocol_path
@ -82,8 +82,8 @@ class ProtocolsDatatable < CustomDatatable
protocol = Protocol.find(record.id)
result_data << {
'DT_RowId': record.id,
'DT_CanEdit': can_update_protocol_in_repository?(protocol),
'DT_EditUrl': if can_update_protocol_in_repository?(protocol)
'DT_CanEdit': can_manage_protocol_in_repository?(protocol),
'DT_EditUrl': if can_manage_protocol_in_repository?(protocol)
edit_protocol_path(protocol,
team: @team,
type: @type)

2
app/helpers/results_helper.rb
View file

@ -24,7 +24,7 @@ module ResultsHelper
end
def can_archive_result(result)
can_delete_or_archive_result?(result.my_module)
can_manage_result?(result.my_module)
end
def result_unlocked?(result)

4
app/helpers/samples_helper.rb
View file

@ -1,8 +1,4 @@
module SamplesHelper
def can_add_sample_related_things_to_team
can_manage_sample_columns?(@team)
end
def all_custom_fields
CustomField.where(team_id: @team).order(:created_at)
end

22
app/permissions/experiment.rb
View file

@ -7,8 +7,8 @@ Canaid::Permissions.register_for(Experiment) do
can_read_project?(user, experiment.project)
end
# experiment: create, update, delete
# canvas: edit
# experiment: create/update/delete
# canvas: update
# module: create, clone, reposition, create/update/delete connection,
# assign/reassign/unassign tags
can :manage_experiment do |user, experiment|
@ -50,7 +50,7 @@ Canaid::Permissions.register_for(Experiment) do
end
Canaid::Permissions.register_for(MyModule) do
# module: edit, archive, move
# module: update, archive, move
# result: create, update
can :manage_module do |user, my_module|
can_manage_experiment?(user, my_module.experiment)
@ -67,13 +67,13 @@ Canaid::Permissions.register_for(MyModule) do
end
# result: delete, archive
can :delete_or_archive_result do |user, my_module|
can :manage_result do |user, my_module|
user.is_owner_of_project?(my_module.experiment.project)
end
# module: assign/unassign sample, assign/unassign repository record
# NOTE: Use 'module_page? &&' before calling this permission!
can :assign_repository_records_to_module do |user, my_module|
can :assign_repository_rows_to_module do |user, my_module|
user.is_technician_or_higher_of_project?(my_module.experiment.project)
end
@ -85,17 +85,17 @@ Canaid::Permissions.register_for(MyModule) do
# module: create comment
# result: create comment
# step: create comment
can :create_comment_in_module do |user, my_module|
can_create_comment_in_project?(user, my_module.experiment.project)
can :create_comments_in_module do |user, my_module|
can_create_comments_in_project?(user, my_module.experiment.project)
end
# Module, its experiment and its project must be active for all the specified
# permissions
%i(manage_module
manage_users_in_module
delete_or_archive_result
manage_result
assign_sample_to_module
complete_module
create_comment_in_module).each do |perm|
create_comments_in_module).each do |perm|
can perm do |_, my_module|
my_module.active? &&
my_module.experiment.active? &&
@ -106,7 +106,7 @@ end
Canaid::Permissions.register_for(Protocol) do
# protocol in module: read
# step: read, read comments, read assets, download assets
# step in module: read, read comments, read/download assets
can :read_protocol_in_module do |user, protocol|
if protocol.in_module?
can_read_experiment?(user, protocol.my_module.experiment)
@ -117,7 +117,7 @@ Canaid::Permissions.register_for(Protocol) do
# protocol in module: create/update/delete, unlink, revert, update from
# protocol in repository, update from file
# step: create/update/delete, reorder
# step in module: create/update/delete, reorder
can :manage_protocol_in_module do |user, protocol|
if protocol.in_module?
can_manage_module?(user, protocol.my_module)

3
app/permissions/organization.rb
View file

@ -1,5 +1,6 @@
Canaid::Permissions.register_generic do
can :create_teams do |user|
# organization: create team
can :create_teams do |_|
true
end
end

20
app/permissions/project.rb
View file

@ -9,7 +9,7 @@ Canaid::Permissions.register_for(Project) do
(project.visible? && user.is_member_of_team?(project.team))
end
# project: update/delete/archive, assign/reassign/unassign users
# project: update/delete, archive, assign/reassign/unassign users
can :manage_project do |user, project|
user.is_owner_of_project?(project)
end
@ -25,23 +25,23 @@ Canaid::Permissions.register_for(Project) do
end
# experiment: create
can :create_experiment do |user, project|
can :create_experiments do |user, project|
user.is_user_or_higher_of_project?(project)
end
# project: create comment
can :create_comment_in_project do |user, project|
can :create_comments_in_project do |user, project|
user.is_technician_or_higher_of_project?(project)
end
# project: create/update/delete tag
# module: assign/reassign/unassign tag
can :create_or_manage_tags do |user, project|
can :manage_tags do |user, project|
user.is_user_or_higher_of_project?(project)
end
# reports: create/delete
can :create_or_manage_reports do |user, project|
# reports: create, delete
can :manage_reports do |user, project|
user.is_technician_or_higher_of_project?(project)
end
@ -49,10 +49,10 @@ Canaid::Permissions.register_for(Project) do
%i(read_project
manage_project
archive_project
create_experiment
create_comment_in_project
create_or_manage_tags
create_or_manage_reports)
create_experiments
create_comments_in_project
manage_tags
manage_reports)
.each do |perm|
can perm do |_, project|
project.active?

88
app/permissions/team.rb
View file

@ -1,82 +1,81 @@
Canaid::Permissions.register_for(Team) do
# view projects, view protocols
# leave team, view team users (ATWHO)
# view samples, export samples
# view repositories, view repository, export repository rows
# team: leave, read users, read projects, read/export samples,
# read protocols, read/export repositories
#
can :read_team do |user, team|
user.is_member_of_team?(team)
end
# edit team name, edit team description
# team: update
can :update_team do |user, team|
user.is_admin_of_team?(team)
end
# invite user to team, change user's role, remove user from team
# team: assign/unassing user, change user role
can :manage_team_users do |user, team|
user.is_admin_of_team?(team)
end
# create project
# project: create
can :create_projects do |user, team|
user.is_normal_user_or_admin_of_team?(team)
end
# create protocol in repository, import protocol to repository
# protocol in repository: create, import
can :create_protocols_in_repository do |user, team|
user.is_normal_user_or_admin_of_team?(team)
end
# create, import, edit, delete samples
can :manage_samples do |user, team|
# sample: create, import
can :create_samples do |user, team|
user.is_normal_user_or_admin_of_team?(team)
end
# create custom field
# create, update, delete sample type or sample group
can :manage_sample_columns do |user, team|
# sample: create field
can :create_sample_columns do |user, team|
user.is_normal_user_or_admin_of_team?(team)
end
# create, copy repository
# create/update/delete sample type/group
can :manage_sample_types_and_groups do |user, team|
user.is_normal_user_or_admin_of_team?(team)
end
# repository: create, clone
can :create_repositories do |user, team|
user.is_admin_of_team?(team)
user.is_admin_of_team?(team) &&
team.repositories.count < Constants::REPOSITORIES_LIMIT
end
# create, import, edit, delete repository records
can :manage_repository_rows do |user, team|
# repository: create/import record
can :create_repository_rows do |user, team|
user.is_normal_user_or_admin_of_team?(team)
end
# create repository column
# repository: create field
can :create_repository_columns do |user, team|
user.is_normal_user_or_admin_of_team?(team)
end
end
Canaid::Permissions.register_for(Protocol) do
# view protocol in repository, export protocol from repository
# view step in protocol in repository, view or dowload step asset
# protocol in repository: read, export, read step, read/download step asset
can :read_protocol_in_repository do |user, protocol|
user.is_member_of_team?(protocol.team) &&
(protocol.in_repository_public? ||
protocol.in_repository_private? && user == protocol.added_by)
end
# edit protocol in repository,
# create, edit, delete or reorder step in repository
can :update_protocol_in_repository do |user, protocol|
# protocol in repository: update, create/update/delete/reorder step,
# toggle visibility (public, private, archive,
# restore)
can :manage_protocol_in_repository do |user, protocol|
protocol.in_repository_active? &&
can_update_protocol_type_in_repository?(user, protocol)
end
# toggle protocol visibility (public, private, archive, restore)
can :update_protocol_type_in_repository do |user, protocol|
user.is_normal_user_or_admin_of_team?(protocol.team) &&
user.is_normal_user_or_admin_of_team?(protocol.team) &&
user == protocol.added_by
end
# clone protocol in repository
# protocol in repository: clone
can :clone_protocol_in_repository do |user, protocol|
can_create_protocols_in_repository?(user, protocol.team) &&
can_read_protocol_in_repository?(user, protocol)
@ -84,37 +83,38 @@ Canaid::Permissions.register_for(Protocol) do
end
Canaid::Permissions.register_for(Sample) do
# edit, delete specific sample
can :update_or_delete_sample do |user, sample|
can_manage_samples?(user, sample.team)
# sample: update, delete
can :manage_sample do |user, sample|
can_create_samples?(user, sample.team)
end
end
Canaid::Permissions.register_for(CustomField) do
# update, delete custom field
can :update_or_delete_custom_field do |user, custom_field|
can_manage_sample_columns?(user, custom_field.team)
# sample: update/delete field
can :manage_sample_column do |user, custom_field|
custom_field.sample_custom_fields.all? do |sample_custom_field|
can_create_sample_columns?(user, sample_custom_field.sample)
end
end
end
Canaid::Permissions.register_for(Repository) do
# edit, destroy repository
can :update_or_delete_repository do |user, repository|
# repository: update, delete
can :manage_repository do |user, repository|
can_create_repositories?(user, repository.team)
end
end
Canaid::Permissions.register_for(RepositoryRow) do
# update, delete specific repository record
can :update_or_delete_repository_row do |user, repository_row|
can_manage_repository_rows?(user, repository_row.repository.team)
# repository: update/delete record
can :manage_repository_row do |user, repository_row|
can_create_repository_rows?(user, repository_row.repository.team)
end
end
Canaid::Permissions.register_for(RepositoryColumn) do
# update, delete repository column
can :update_or_delete_repository_column do |user, repository_column|
# repository: update/delete field
can :manage_repository_column do |user, repository_column|
can_create_repository_columns?(user, repository_column.repository.team)
end
end

2
app/views/experiments/canvas.html.erb
View file

@ -41,7 +41,7 @@
</div>
</div>
<% if can_create_experiment?(@project) %>
<% if can_create_experiments?(@project) %>
<%= link_to new_project_experiment_url(@project),
remote: true,
type: "button",

2
app/views/my_module_comments/_index.html.erb
View file

@ -14,7 +14,7 @@
<%= render 'my_module_comments/list.html.erb', comments: @comments %>
<% end %>
</ul>
<% if can_create_comment_in_module?(@my_module) %>
<% if can_create_comments_in_module?(@my_module) %>
<ul class="no-style double-line">
<li>
<hr>

6
app/views/my_module_tags/_index_edit.html.erb
View file

@ -11,7 +11,7 @@
<h4><%= tag.name %></h4>
</div>
<div class="pull-right">
<% if can_create_or_manage_tags?(@my_module.experiment.project) %>
<% if can_manage_tags?(@my_module.experiment.project) %>
<%= link_to "", remote: true, class: 'btn btn-link edit-tag-link', title: t("experiments.canvas.modal_manage_tags.edit_tag") do %>
<span class="glyphicon glyphicon-adjust"></span>
<% end %>
@ -28,7 +28,7 @@
</div>
</div>
<% if can_create_or_manage_tags?(@my_module.experiment.project) %>
<% if can_manage_tags?(@my_module.experiment.project) %>
<div class="row tag-edit" style="display: none;">
<%= bootstrap_form_for tag, remote: true, url: project_tag_path(@my_module.experiment.project, tag, format: :json), method: :put, html: { class: "edit-tag-form" } do |f| %>
<%= hidden_field_tag :my_module_id, @my_module.id %>
@ -55,7 +55,7 @@
<hr>
<div class="row">
<% if can_create_or_manage_tags?(@my_module.experiment.project) %>
<% if can_manage_tags?(@my_module.experiment.project) %>
<%= bootstrap_form_for [@my_module, @new_mmt], remote: true, format: :json, html: { class: 'add-tag-form' } do |f| %>
<div class="col-xs-6">
<div class="well well-sm">

2
app/views/my_modules/archive/_result.html.erb
View file

@ -16,7 +16,7 @@
<%= link_to option_text, result_table_download_path(result.result_table_id), data: {no_turbolink: true} %>
<% end %>
</li>
<% if can_delete_or_archive_result?(result.my_module) %>
<% if can_manage_result?(result.my_module) %>
<li>
<%= link_to t('my_modules.module_archive.option_delete'),
result_path(action: :delete, id: result.id),

4
app/views/my_modules/protocols/_protocol_status_bar_buttons.html.erb
View file

@ -40,7 +40,7 @@
<span class="caret"></span>
</a>
<ul class="dropdown-menu">
<% if can_read_protocol_in_module?(@protocol) && can_update_protocol_in_repository?(@protocol.parent) %>
<% if can_read_protocol_in_module?(@protocol) && can_manage_protocol_in_repository?(@protocol.parent) %>
<li>
<%= link_to update_parent_modal_protocol_path(@protocol, format: :json), remote: true, title: t("my_modules.protocols.protocol_status_bar.btns.update_parent_title"), data: { action: "update-parent" } do %>
<%= t("my_modules.protocols.protocol_status_bar.btns.update_parent") %>
@ -112,7 +112,7 @@
<span class="caret"></span>
</a>
<ul class="dropdown-menu">
<% if can_read_protocol_in_module?(@protocol) && can_update_protocol_in_repository?(@protocol.parent) %>
<% if can_read_protocol_in_module?(@protocol) && can_manage_protocol_in_repository?(@protocol.parent) %>
<li>
<%= link_to update_parent_modal_protocol_path(@protocol, format: :json), remote: true, title: t("my_modules.protocols.protocol_status_bar.btns.update_parent_title"), data: { action: "update-parent" } do %>
<%= t("my_modules.protocols.protocol_status_bar.btns.update_parent") %>

2
app/views/my_modules/repository.html.erb
View file

@ -13,7 +13,7 @@
</div>
<div class="toolbarButtons" style="display:none">
<% if module_page? && can_assign_repository_records_to_module?(@my_module) %>
<% if module_page? && can_assign_repository_rows_to_module?(@my_module) %>
<button type="button" class="btn btn-default"
data-assign-url="<%= assign_repository_records_my_module_path(@my_module, @repository)%>"
id="assignRepositoryRecords" onclick="onClickAssignRecords()" disabled>

2
app/views/project_comments/_index.html.erb
View file

@ -13,7 +13,7 @@
<%= render 'project_comments/list.html.erb', comments: @comments %>
<% end %>
</ul>
<% if can_create_comment_in_project?(@project) %>
<% if can_create_comments_in_project?(@project) %>
<ul class="no-style double-line">
<li>
<hr>

4
app/views/projects/show.html.erb
View file

@ -25,7 +25,7 @@
<% end %>
</ul>
</div>
<% if can_create_experiment?(@project) %>
<% if can_create_experiments?(@project) %>
<%= link_to new_project_experiment_url(@project),
remote: true,
type: "button",
@ -51,7 +51,7 @@
<%= content_tag(:div, '', class: 'clearfix visible-lg-block') if (index + 1) % 2 == 0 %>
<% end %>
<% if can_create_experiment?(@project) %>
<% if can_create_experiments?(@project) %>
<%= render 'projects/show/new_experiment' %>
<% end %>
</div>

14
app/views/protocols/_header.html.erb
View file

@ -1,5 +1,5 @@
<div class="page-header">
<% if can_update_protocol_in_repository?(@protocol) %>
<% if can_manage_protocol_in_repository?(@protocol) %>
<a class="edit-name-link" data-action="edit-name" data-role="name-refresh" data-remote="true" href="<%= edit_name_modal_protocol_path(@protocol, format: :json) %>" style="color: inherit;">
<%= render partial: "protocols/header/name_label.html.erb" %>
</a>
@ -41,7 +41,7 @@
<div class="col-xs-12 col-sm-6 col-md-6">
<div class="badge-icon bg-primary">
<% if can_update_protocol_in_repository?(@protocol) %>
<% if can_manage_protocol_in_repository?(@protocol) %>
<a data-action="edit-keywords" data-remote="true" href="<%= edit_keywords_modal_protocol_path(@protocol, format: :json) %>" style="color: inherit;">
<span class="glyphicon glyphicon-text-color"></span>
</a>
@ -51,7 +51,7 @@
</div>
<div class="well well-sm">
<span class="hidden-xs hidden-sm hidden-md"><%=t "protocols.header.keywords" %>:</span>
<% if can_update_protocol_in_repository?(@protocol) %>
<% if can_manage_protocol_in_repository?(@protocol) %>
<%= link_to edit_keywords_modal_protocol_path(@protocol, format: :json), remote: true, style: "color: inherit;", data: { action: "edit-keywords", role: "keywords-refresh" } do %>
<%= render partial: "protocols/header/keywords_label.html.erb" %>
<% end %>
@ -63,7 +63,7 @@
<div class="col-xs-12 col-sm-6 col-md-6">
<div class="badge-icon bg-primary">
<% if can_update_protocol_in_repository?(@protocol) %>
<% if can_manage_protocol_in_repository?(@protocol) %>
<a data-action="edit-authors" data-remote="true" href="<%= edit_authors_modal_protocol_path(@protocol, format: :json) %>" style="color: inherit;">
<span class="glyphicon glyphicon-education"></span>
</a>
@ -73,7 +73,7 @@
</div>
<div class="well well-sm">
<span class="hidden-xs hidden-sm hidden-md"><%=t "protocols.header.authors" %>:</span>
<% if can_update_protocol_in_repository?(@protocol) %>
<% if can_manage_protocol_in_repository?(@protocol) %>
<%= link_to edit_authors_modal_protocol_path(@protocol, format: :json), remote: true, style: "color: inherit;", data: { action: "edit-authors", role: "authors-refresh" } do %>
<%= render partial: "protocols/header/authors_label.html.erb" %>
<% end %>
@ -85,7 +85,7 @@
<div class="col-xs-12 col-sm-12 col-md-12">
<div class="badge-icon bg-primary">
<% if can_update_protocol_in_repository?(@protocol) %>
<% if can_manage_protocol_in_repository?(@protocol) %>
<a data-action="edit-description" data-remote="true" href="<%= edit_description_modal_protocol_path(@protocol, format: :json) %>" style="color: inherit;">
<span class="glyphicon glyphicon-info-sign"></span>
</a>
@ -95,7 +95,7 @@
</div>
<div class="well well-sm">
<span class="hidden-xs hidden-sm hidden-md"><%=t "protocols.header.description" %>:</span>
<% if can_update_protocol_in_repository?(@protocol) %>
<% if can_manage_protocol_in_repository?(@protocol) %>
<%= link_to edit_description_modal_protocol_path(@protocol, format: :json), remote: true, style: "color: inherit;", data: { action: "edit-description", role: "description-refresh" } do %>
<%= render partial: "protocols/header/description_label.html.erb" %>
<% end %>

2
app/views/protocols/_steps.html.erb
View file

@ -1,7 +1,7 @@
<div class="row">
<div class="pull-right" style="margin: 20px 15px 0 0;">
<% if can_manage_protocol_in_module?(@protocol) ||
can_update_protocol_in_repository?(@protocol) %>
can_manage_protocol_in_repository?(@protocol) %>
<a href="#"
class="btn btn-primary"
data-action="new-step"

2
app/views/protocols/index/_protocol_preview_modal_footer.html.erb
View file

@ -1,5 +1,5 @@
<button type="button" class="btn btn-default" data-dismiss="modal"><%=t "general.close" %></button>
<% if can_update_protocol_in_repository?(@protocol) %>
<% if can_manage_protocol_in_repository?(@protocol) %>
<%= route_to_other_team_btn edit_protocol_path(protocol),
protocol.team,
t('general.edit') %>

2
app/views/reports/index.html.erb
View file

@ -4,7 +4,7 @@
<div id="content">
<div>
<% if can_create_or_manage_reports?(@project) %>
<% if can_manage_reports?(@project) %>
<%= link_to new_project_reports_path(@project), class: 'btn btn-primary', id: 'new-report-btn', 'data-no-turbolink' => true do %>
<span class="glyphicon glyphicon-plus" aria-hidden="true"></span>
<span class="hidden-xs"><%=t "projects.reports.index.new" %></span>

33
app/views/repositories/_repository.html.erb
View file

@ -7,13 +7,11 @@
<div id="repository-toolbar">
<% if can_manage_repository_rows?(repository.team) %>
<% if can_create_repository_rows?(repository.team) %>
<button type="button" class="btn btn-default editAdd" id="addRepositoryRecord" onclick="onClickAddRecord()">
<span class="glyphicon glyphicon-plus"></span>
<span class="hidden-xs"><%= t("repositories.add_new_record") %></span>
</button>
<% end %>
<% if can_manage_repository_rows?(repository.team) %>
<button type="button" class="btn btn-default" id="importRecordsButton">
<span class="glyphicon glyphicon-cloud-upload"></span>
<span class="hidden-xs"><%= t('repositories.import_records.import') %></span>
@ -34,16 +32,16 @@
data-toggle="dropdown"
aria-haspopup="true"
aria-expanded="true"
<%= "disabled='disabled'" if !can_update_or_delete_repository?(repository) && !can_create_repositories?(repository.team) %>>
<%= "disabled='disabled'" if !can_manage_repository?(repository) && !can_create_repositories?(repository.team) %>>
<span class="glyphicon glyphicon-cog"></span>
<span class="caret"></span>
</div>
<% if can_update_or_delete_repository?(repository) || can_create_repositories?(repository.team) %>
<% if can_manage_repository?(repository) || can_create_repositories?(repository.team) %>
<ul class="dropdown-menu pull-right">
<li class="dropdown-header">
<%= t("repositories.index.options_dropdown.header") %>
</li>
<% if can_update_or_delete_repository?(repository) %>
<% if can_manage_repository?(repository) %>
<li>
<%= link_to t('repositories.index.options_dropdown.rename'),
team_repository_rename_modal_path(repository_id: repository),
@ -51,7 +49,7 @@
remote: true %>
</li>
<% end %>
<% if repository.team.repositories.count < Constants::REPOSITORIES_LIMIT %>
<% if can_create_repositories?(repository.team) %>
<li>
<%= link_to t('repositories.index.options_dropdown.copy'),
team_repository_copy_modal_path(repository_id: repository),
@ -59,7 +57,7 @@
remote: true %>
</li>
<% end %>
<% if can_update_or_delete_repository?(repository) %>
<% if can_manage_repository?(repository) %>
<li role="separator" class="divider"></li>
<li>
<%= link_to t('repositories.index.modal_delete.delete'),
@ -110,22 +108,21 @@
</button>
</div>
<!-- These buttons are appended to table in javascript, after table initialization. -->
<!-- These buttons are appended to table in javascript, after table initialization -->
<div class="toolbarButtons" style="display:none">
<button type="button" class="btn btn-default editAdd" id="editRepositoryRecord" onclick="onClickEdit()" disabled>
<span class="glyphicon glyphicon-pencil"></span>
<span class="hidden-xs-custom"><%= t("repositories.edit_record") %></span>
</button>
<% if can_manage_repository_rows?(repository.team) %>
<button type="button" class="btn btn-default"
id="deleteRepositoryRecordsButton" data-target="#deleteRepositoryRecord" data-toggle="modal" disabled>
<span class="glyphicon glyphicon-trash"></span>
<span class="hidden-xs-custom"><%= t'repositories.delete_record' %></span>
<%= submit_tag I18n.t('repositories.delete_record'), :class => "hidden
delete_repository_records_submit" %>
</button>
<% end %>
<!-- Don't check if user can manage the selected repository records, because the ones that he can't, will be left untouched -->
<button type="button" class="btn btn-default"
id="deleteRepositoryRecordsButton" data-target="#deleteRepositoryRecord" data-toggle="modal" disabled>
<span class="glyphicon glyphicon-trash"></span>
<span class="hidden-xs-custom"><%= t'repositories.delete_record' %></span>
<%= submit_tag I18n.t('repositories.delete_record'), :class => "hidden
delete_repository_records_submit" %>
</button>
</div>
<%= render partial: "repositories/repository_table.html.erb",

4
app/views/repositories/_repository_table.html.erb
View file

@ -21,8 +21,8 @@
<th id="added-by"><%= t("repositories.table.added_by") %></th>
<% repository.repository_columns.order(:id).each do |column| %>
<th class="repository-column" id="<%= column.id %>"
<%= 'data-editable' if can_update_or_delete_repository_column?(column) %>
<%= 'data-deletable' if can_update_or_delete_repository_column?(column) %>
<%= 'data-editable' if can_manage_repository_column?(column) %>
<%= 'data-deletable' if can_manage_repository_column?(column) %>
<%= "data-edit-url='#{edit_repository_repository_column_path(repository, column)}'" %>
<%= "data-update-url='#{repository_repository_column_path(repository, column)}'" %>
<%= "data-destroy-html-url='#{repository_columns_destroy_html_path(repository, column)}'" %>

2
app/views/result_comments/_index.html.erb
View file

@ -17,7 +17,7 @@
<%= render 'result_comments/list.html.erb', comments: @comments %>
<% end %>
</ul>
<% if can_create_comment_in_module?(@my_module) then %>
<% if can_create_comments_in_module?(@my_module) then %>
<ul class="no-style double-line">
<li>
<hr>

4
app/views/search/results/partials/_step_text.html.erb
View file

@ -2,7 +2,7 @@
<% query ||= nil %>
<% text = query.present? ? highlight(step.name, query.strip.split(/\s+/)) : step.name %>
<% if step.protocol.in_module? && can_view_steps_in_protocol(step.protocol) %>
<% if can_read_protocol_in_module?(step.protocol) %>
<% if target == :comment %>
<%= route_to_other_team protocols_my_module_path(step.protocol.my_module, ctarget: "step-panel-#{step.id}"),
step.protocol.team,
@ -12,7 +12,7 @@
step.protocol.team,
text %>
<% end %>
<% elsif step.protocol.in_repository? && can_update_protocol_in_repository?(step.protocol) %>
<% elsif can_manage_protocol_in_repository?(step.protocol) %>
<%= route_to_other_team edit_protocol_path(step.protocol),
step.protocol.team,
text %>

47
app/views/shared/_samples.html.erb
View file

@ -21,7 +21,7 @@
data-module-id="<%= @my_module.id %>"
<% end %>>
<% if can_manage_samples?(@team) %>
<% if can_create_samples?(@team) %>
<button type="button" class="btn btn-default editAdd" id="addSample" onclick="onClickAddSample()">
<span class="glyphicon glyphicon-plus"></span>
<span class="hidden-xs"><%= t("samples.add_new_sample") %></span>
@ -51,7 +51,7 @@
<span class="caret"></span>
</button>
<ul class="dropdown-menu dropdown-menu-right smart-dropdown" id="samples-columns-list">
<% if can_manage_sample_columns?(@team) %>
<% if can_create_sample_columns?(@team) %>
<li class="add-new-column-form">
<div id="new-column-form" class="form-group" data-action="<%= team_custom_fields_path(@team) %>">
<div class="input-group">
@ -69,15 +69,15 @@
</div>
</div>
<% if can_add_sample_related_things_to_team %>
<div class="dropdown pull-right" style="display: inline;">
<%= link_to(t('samples.types_and_groups'),
team_sample_types_path(@team,
project_id: (@project.id if @project),
my_module_id: (@my_module.id if @my_module),
experiment_id: (@experiment.id if @experiment)),
class: 'btn btn-default' ) %>
</div>
<% if can_manage_sample_types_and_groups?(@team) %>
<div class="dropdown pull-right" style="display: inline;">
<%= link_to(t('samples.types_and_groups'),
team_sample_types_path(@team,
project_id: (@project.id if @project),
my_module_id: (@my_module.id if @my_module),
experiment_id: (@experiment.id if @experiment)),
class: 'btn btn-default' ) %>
</div>
<% end %>
</div>
@ -92,24 +92,23 @@
</button>
</div>
<!-- These buttons are appended to table in javascript, after table initialization. -->
<!-- These buttons are appended to table in javascript, after table initialization -->
<div class="toolbarButtons" style="display:none">
<button type="button" class="btn btn-default editAdd" id="editSample" onclick="onClickEdit()" disabled>
<span class="glyphicon glyphicon-pencil"></span>
<span class="hidden-xs-custom"><%= t("samples.edit_sample") %></span>
</button>
<% if can_manage_samples?(@team) %>
<button type="button" class="btn btn-default"
id="deleteSamplesButton" data-target="#deleteSamples" data-toggle="modal" disabled>
<span class="glyphicon glyphicon-trash"></span>
<span class="hidden-xs-custom"><%= t'samples.delete_samples' %></span>
<%= submit_tag I18n.t('samples.delete_samples'), :class => "hidden
delete_samples_submit" %>
</button>
<% end %>
<!-- Don't check if user can manage the selected samples, because the ones that he can't, will be left untouched -->
<button type="button" class="btn btn-default"
id="deleteSamplesButton" data-target="#deleteSamples" data-toggle="modal" disabled>
<span class="glyphicon glyphicon-trash"></span>
<span class="hidden-xs-custom"><%= t'samples.delete_samples' %></span>
<%= submit_tag I18n.t('samples.delete_samples'), :class => "hidden
delete_samples_submit" %>
</button>
<% if module_page? && can_assign_repository_records_to_module?(@my_module) %>
<% if module_page? && can_assign_repository_rows_to_module?(@my_module) %>
<button type="button" class="btn btn-default"
id="assignSamples" onclick="$(this).next().click();" disabled>
<span class="glyphicon glyphicon-ok-circle"></span>
@ -146,8 +145,8 @@
<% all_custom_fields.each do |cf| %>
<th class="custom-field"
id="<%= cf.id %>"
<%= 'data-editable' if can_update_or_delete_custom_field?(cf) %>
<%= 'data-deletable' if can_update_or_delete_custom_field?(cf) %>
<%= 'data-editable' if can_manage_sample_column?(cf) %>
<%= 'data-deletable' if can_manage_sample_column?(cf) %>
<%= "data-edit-url='#{edit_team_custom_field_path(@team, cf)}'" %>
<%= "data-update-url='#{team_custom_field_path(@team, cf)}'" %>
<%= "data-destroy-html-url='#{team_custom_field_destroy_html_path(@team, cf)}'" %>

2
app/views/step_comments/_index.html.erb
View file

@ -17,7 +17,7 @@
<%= render 'step_comments/list.html.erb', comments: @comments %>
<% end %>
</ul>
<% if can_create_comment_in_module?(@protocol.my_module) %>
<% if can_create_comments_in_module?(@protocol.my_module) %>
<ul class="no-style double-line">
<li>
<hr>

2
app/views/steps/_step.html.erb
View file

@ -6,7 +6,7 @@
<div class="panel-heading">
<div class="panel-options pull-right">
<% if can_manage_protocol_in_module?(@protocol) ||
can_update_protocol_in_repository?(@protocol) %>
can_manage_protocol_in_repository?(@protocol) %>
<a data-action="move-step"
class="btn btn-link"
href="<%= move_up_step_path(step, format: :json) %>"

2
app/views/steps/_wopi_controlls.html.erb
View file

@ -15,7 +15,7 @@
<% view_only ||= false %>
<% if !view_only %>
<% if can_manage_protocol_in_module?(@protocol) ||
can_update_protocol_in_repository?(@protocol) %>
can_manage_protocol_in_repository?(@protocol) %>
<%= wopi_asset_edit_button(asset) %>
<% end %>
<% end %>