mirror of
https://github.com/scinote-eln/scinote-web.git
synced 2024-12-28 03:06:28 +08:00
refactor again manage user team permissions
This commit is contained in:
mlorb
parent
7c1ae6bc82
commit
5c790287ec
4 changed files with 16 additions and 15 deletions
|
|
@ -33,7 +33,7 @@ module ClientApi
|
|||
|
||||
def check_invite_users_permission
|
||||
@team = Team.find_by_id(params[:team_id])
|
||||
if @team && !can_create_user_team?(@team)
|
||||
if @team && !can_manage_user_team?(@team)
|
||||
respond_422(t('client_api.invite_users.permission_error'))
|
||||
end
|
||||
end
|
||||
|
|
|
|||
|
|
@ -3,7 +3,9 @@ module ClientApi
|
|||
class UserTeamsController < ApplicationController
|
||||
include ClientApi::Users::UserTeamsHelper
|
||||
|
||||
before_action :check_manage_user_team_permission
|
||||
before_action :check_leave_team_permission, only: :leave_team
|
||||
before_action :check_manage_user_team_permission,
|
||||
only: %i(update_role remove_user)
|
||||
|
||||
def leave_team
|
||||
ut_service = ClientApi::UserTeamService.new(
|
||||
|
|
@ -46,9 +48,16 @@ module ClientApi
|
|||
|
||||
private
|
||||
|
||||
def check_leave_team_permission
|
||||
user_team = UserTeam.find_by_id(params[:user_team])
|
||||
unless current_user == user_team.user || can_read_team?(user_team.team)
|
||||
respond_422(t('client_api.permission_error'))
|
||||
end
|
||||
end
|
||||
|
||||
def check_manage_user_team_permission
|
||||
@user_team = UserTeam.find_by_id(params[:user_team])
|
||||
unless can_update_or_delete_user_team?(@user_team)
|
||||
user_team = UserTeam.find_by_id(params[:user_team])
|
||||
unless can_manage_user_team?(user_team.team)
|
||||
respond_422(t('client_api.user_teams.permission_error'))
|
||||
end
|
||||
end
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
Canaid::Permissions.register_for(Team) do
|
||||
# view projects, view protocols
|
||||
# view projects, view protocols, leave team
|
||||
# view samples, export samples
|
||||
# view repositories, view repository, export repository rows
|
||||
can :read_team do |user, team|
|
||||
|
|
@ -11,8 +11,8 @@ Canaid::Permissions.register_for(Team) do
|
|||
user.is_admin_of_team?(team)
|
||||
end
|
||||
|
||||
# invite user to team
|
||||
can :create_user_team do |user, team|
|
||||
# invite user to team, change user's role, remove user from team
|
||||
can :manage_user_team do |user, team|
|
||||
user.is_admin_of_team?(team)
|
||||
end
|
||||
|
||||
|
|
@ -52,13 +52,6 @@ Canaid::Permissions.register_for(Team) do
|
|||
end
|
||||
end
|
||||
|
||||
Canaid::Permissions.register_for(UserTeam) do
|
||||
# change user's role, remove user from team, leave team
|
||||
can :update_or_delete_user_team do |user, user_team|
|
||||
user == user_team.user || user.is_admin_of_team?(user_team.team)
|
||||
end
|
||||
end
|
||||
|
||||
Canaid::Permissions.register_for(Protocol) do
|
||||
# view protocol in repository, export protocol from repository
|
||||
# view step in protocol in repository, view or dowload step asset
|
||||
|
|
|
|||
|
|
@ -24,7 +24,6 @@ module ClientApi
|
|||
end
|
||||
|
||||
def update_role!
|
||||
raise ClientApi::CustomUserTeamError if user_cant_leave?
|
||||
unless @role
|
||||
raise ClientApi::CustomUserTeamError,
|
||||
I18n.t('client_api.generic_error_message')
|
||||
|
|
|
|||
Loading…
Reference in a new issue