Update permissions for my_module_comments controller [SCI-6065]

This commit is contained in:
aignatov-bio 2021-09-16 14:12:51 +02:00
parent 895509a26c
commit 6206f8a6e9
5 changed files with 71 additions and 28 deletions

View file

@ -49,7 +49,7 @@ class MyModuleCommentsController < ApplicationController
end
def check_view_permissions
render_403 unless can_read_experiment?(@my_module.experiment)
render_403 unless can_read_my_module?(@my_module)
end
def check_add_permissions
@ -59,7 +59,7 @@ class MyModuleCommentsController < ApplicationController
def check_manage_permissions
@comment = TaskComment.find_by_id(params[:id])
render_403 unless @comment.present? &&
can_manage_comment_in_module?(@comment.becomes(Comment))
can_manage_my_module_comments?(@comment)
end
def comment_params

View file

@ -112,25 +112,3 @@ Canaid::Permissions.register_for(Protocol) do
can_update_my_module_status?(user, protocol.my_module)
end
end
Canaid::Permissions.register_for(Comment) do
# Module, its experiment and its project must be active for all the specified
# permissions
%i(manage_comment_in_module)
.each do |perm|
can perm do |_, comment|
my_module = ::PermissionsUtil.get_comment_module(comment)
my_module.active? &&
my_module.experiment.active? &&
my_module.experiment.project.active?
end
end
# module: update/delete comment
# result: update/delete comment
# step: update/delete comment
can :manage_comment_in_module do |user, comment|
my_module = ::PermissionsUtil.get_comment_module(comment)
comment.user == user || my_module.permission_granted?(user, MyModulePermissions::MANAGE_COMMENTS)
end
end

View file

@ -55,10 +55,6 @@ Canaid::Permissions.register_for(MyModule) do
my_module.permission_granted?(user, MyModulePermissions::STEPS_MANAGE)
end
can :manage_my_module_comments do |user, my_module|
my_module.permission_granted?(user, MyModulePermissions::COMMENTS_MANAGE)
end
can :create_my_module_comments do |user, my_module|
my_module.permission_granted?(user, MyModulePermissions::COMMENTS_CREATE)
end
@ -143,3 +139,24 @@ Canaid::Permissions.register_for(MyModule) do
my_module.permission_granted?(user, MyModulePermissions::REPOSITORY_ROWS_MANAGE)
end
end
Canaid::Permissions.register_for(Comment) do
# Module, its experiment and its project must be active for all the specified
# permissions
%i(manage_my_module_comments)
.each do |perm|
can perm do |_, comment|
my_module = ::PermissionsUtil.get_comment_module(comment)
!my_module.archived_branch?
end
end
# module: update/delete comment
# result: update/delete comment
# step: update/delete comment
can :manage_my_module_comments do |user, comment|
my_module = ::PermissionsUtil.get_comment_module(comment)
(comment.user == user && my_module.permission_granted?(user, MyModulePermissions::COMMENTS_MANAGE_OWN)) ||
my_module.permission_granted?(user, MyModulePermissions::COMMENTS_MANAGE)
end
end

View file

@ -46,6 +46,7 @@ module PermissionExtends
TAGS_MANAGE
STEPS_MANAGE
COMMENTS_MANAGE
COMMENTS_MANAGE_OWN
COMMENTS_CREATE
REPOSITORY_ROWS_ASSIGN
REPOSITORY_ROWS_MANAGE

View file

@ -0,0 +1,47 @@
# frozen_string_literal: true
require 'rails_helper'
describe MyModuleCommentsController, type: :controller do
include PermissionExtends
it_behaves_like "a controller with authentication", {
index: { my_module_id: 1, id: 1 },
create: { my_module_id: 1, id: 1 },
update: { my_module_id: 1, id: 1 },
destroy: { my_module_id: 1, id: 1 }
}, []
login_user
describe 'permissions checking' do
include_context 'reference_project_structure', {
team_role: :normal_user,
my_module_comment: true
}
it_behaves_like "a controller action with permissions checking", :get, :index do
let(:testable) { my_module }
let(:permissions) { [MyModulePermissions::READ] }
let(:action_params) { { my_module_id: my_module.id } }
end
it_behaves_like "a controller action with permissions checking", :post, :create do
let(:testable) { my_module }
let(:permissions) { [MyModulePermissions::COMMENTS_CREATE] }
let(:action_params) { { my_module_id: my_module.id, comment: { message: 'Test' } } }
end
it_behaves_like "a controller action with permissions checking", :put, :update do
let(:testable) { my_module }
let(:permissions) { [MyModulePermissions::COMMENTS_MANAGE, MyModulePermissions::COMMENTS_MANAGE_OWN] }
let(:action_params) { { my_module_id: my_module.id, id: my_module_comment.id, comment: { message: 'Test1' } } }
end
it_behaves_like "a controller action with permissions checking", :post, :destroy do
let(:testable) { my_module }
let(:permissions) { [MyModulePermissions::COMMENTS_MANAGE, MyModulePermissions::COMMENTS_MANAGE_OWN] }
let(:action_params) { { my_module_id: my_module.id, id: my_module_comment.id } }
end
end
end