From 6206f8a6e95f8d07e2036d516001eb0b8bc7e108 Mon Sep 17 00:00:00 2001 From: aignatov-bio Date: Thu, 16 Sep 2021 14:12:51 +0200 Subject: [PATCH] Update permissions for my_module_comments controller [SCI-6065] --- .../my_module_comments_controller.rb | 4 +- app/permissions/experiment.rb | 22 --------- app/permissions/my_module.rb | 25 ++++++++-- .../extends/permission_extends.rb | 1 + .../my_module_comments_controller_spec.rb | 47 +++++++++++++++++++ 5 files changed, 71 insertions(+), 28 deletions(-) create mode 100644 spec/permissions/controllers/my_module_comments_controller_spec.rb diff --git a/app/controllers/my_module_comments_controller.rb b/app/controllers/my_module_comments_controller.rb index af47246ed..1e329f255 100644 --- a/app/controllers/my_module_comments_controller.rb +++ b/app/controllers/my_module_comments_controller.rb @@ -49,7 +49,7 @@ class MyModuleCommentsController < ApplicationController end def check_view_permissions - render_403 unless can_read_experiment?(@my_module.experiment) + render_403 unless can_read_my_module?(@my_module) end def check_add_permissions @@ -59,7 +59,7 @@ class MyModuleCommentsController < ApplicationController def check_manage_permissions @comment = TaskComment.find_by_id(params[:id]) render_403 unless @comment.present? && - can_manage_comment_in_module?(@comment.becomes(Comment)) + can_manage_my_module_comments?(@comment) end def comment_params diff --git a/app/permissions/experiment.rb b/app/permissions/experiment.rb index e8f9e3442..8b4b2ec3c 100644 --- a/app/permissions/experiment.rb +++ b/app/permissions/experiment.rb @@ -112,25 +112,3 @@ Canaid::Permissions.register_for(Protocol) do can_update_my_module_status?(user, protocol.my_module) end end - -Canaid::Permissions.register_for(Comment) do - # Module, its experiment and its project must be active for all the specified - # permissions - %i(manage_comment_in_module) - .each do |perm| - can perm do |_, comment| - my_module = ::PermissionsUtil.get_comment_module(comment) - my_module.active? && - my_module.experiment.active? && - my_module.experiment.project.active? - end - end - - # module: update/delete comment - # result: update/delete comment - # step: update/delete comment - can :manage_comment_in_module do |user, comment| - my_module = ::PermissionsUtil.get_comment_module(comment) - comment.user == user || my_module.permission_granted?(user, MyModulePermissions::MANAGE_COMMENTS) - end -end diff --git a/app/permissions/my_module.rb b/app/permissions/my_module.rb index ba3d6f140..38053e32f 100644 --- a/app/permissions/my_module.rb +++ b/app/permissions/my_module.rb @@ -55,10 +55,6 @@ Canaid::Permissions.register_for(MyModule) do my_module.permission_granted?(user, MyModulePermissions::STEPS_MANAGE) end - can :manage_my_module_comments do |user, my_module| - my_module.permission_granted?(user, MyModulePermissions::COMMENTS_MANAGE) - end - can :create_my_module_comments do |user, my_module| my_module.permission_granted?(user, MyModulePermissions::COMMENTS_CREATE) end @@ -143,3 +139,24 @@ Canaid::Permissions.register_for(MyModule) do my_module.permission_granted?(user, MyModulePermissions::REPOSITORY_ROWS_MANAGE) end end + +Canaid::Permissions.register_for(Comment) do + # Module, its experiment and its project must be active for all the specified + # permissions + %i(manage_my_module_comments) + .each do |perm| + can perm do |_, comment| + my_module = ::PermissionsUtil.get_comment_module(comment) + !my_module.archived_branch? + end + end + + # module: update/delete comment + # result: update/delete comment + # step: update/delete comment + can :manage_my_module_comments do |user, comment| + my_module = ::PermissionsUtil.get_comment_module(comment) + (comment.user == user && my_module.permission_granted?(user, MyModulePermissions::COMMENTS_MANAGE_OWN)) || + my_module.permission_granted?(user, MyModulePermissions::COMMENTS_MANAGE) + end +end diff --git a/config/initializers/extends/permission_extends.rb b/config/initializers/extends/permission_extends.rb index 0a8fe534f..df35c7179 100644 --- a/config/initializers/extends/permission_extends.rb +++ b/config/initializers/extends/permission_extends.rb @@ -46,6 +46,7 @@ module PermissionExtends TAGS_MANAGE STEPS_MANAGE COMMENTS_MANAGE + COMMENTS_MANAGE_OWN COMMENTS_CREATE REPOSITORY_ROWS_ASSIGN REPOSITORY_ROWS_MANAGE diff --git a/spec/permissions/controllers/my_module_comments_controller_spec.rb b/spec/permissions/controllers/my_module_comments_controller_spec.rb new file mode 100644 index 000000000..8a36a1931 --- /dev/null +++ b/spec/permissions/controllers/my_module_comments_controller_spec.rb @@ -0,0 +1,47 @@ +# frozen_string_literal: true + +require 'rails_helper' + +describe MyModuleCommentsController, type: :controller do + include PermissionExtends + + it_behaves_like "a controller with authentication", { + index: { my_module_id: 1, id: 1 }, + create: { my_module_id: 1, id: 1 }, + update: { my_module_id: 1, id: 1 }, + destroy: { my_module_id: 1, id: 1 } + }, [] + + login_user + + describe 'permissions checking' do + include_context 'reference_project_structure', { + team_role: :normal_user, + my_module_comment: true + } + + it_behaves_like "a controller action with permissions checking", :get, :index do + let(:testable) { my_module } + let(:permissions) { [MyModulePermissions::READ] } + let(:action_params) { { my_module_id: my_module.id } } + end + + it_behaves_like "a controller action with permissions checking", :post, :create do + let(:testable) { my_module } + let(:permissions) { [MyModulePermissions::COMMENTS_CREATE] } + let(:action_params) { { my_module_id: my_module.id, comment: { message: 'Test' } } } + end + + it_behaves_like "a controller action with permissions checking", :put, :update do + let(:testable) { my_module } + let(:permissions) { [MyModulePermissions::COMMENTS_MANAGE, MyModulePermissions::COMMENTS_MANAGE_OWN] } + let(:action_params) { { my_module_id: my_module.id, id: my_module_comment.id, comment: { message: 'Test1' } } } + end + + it_behaves_like "a controller action with permissions checking", :post, :destroy do + let(:testable) { my_module } + let(:permissions) { [MyModulePermissions::COMMENTS_MANAGE, MyModulePermissions::COMMENTS_MANAGE_OWN] } + let(:action_params) { { my_module_id: my_module.id, id: my_module_comment.id } } + end + end +end