Merge pull request #4099 from okriuchykhin/ok_SCI_6820

Add migration for user team roles, including protocols and inventories [SCI-6820]

app/models/team.rb

@@ -35,6 +35,13 @@ class Team < ApplicationRecord
   has_many :projects, inverse_of: :team
   has_many :project_folders, inverse_of: :team, dependent: :destroy
   has_many :protocols, inverse_of: :team, dependent: :destroy
+  has_many :repository_protocols,
+           (lambda do
+             where(protocol_type: [Protocol.protocol_types[:in_repository_public],
+                                   Protocol.protocol_types[:in_repository_private],
+                                   Protocol.protocol_types[:in_repository_archived]])
+           end),
+           class_name: 'Protocol'
   has_many :protocol_keywords, inverse_of: :team, dependent: :destroy
   has_many :tiny_mce_assets, inverse_of: :team, dependent: :destroy
   has_many :repositories, dependent: :destroy

config/initializers/extends/permission_extends.rb

@@ -4,8 +4,9 @@ module PermissionExtends
   module TeamPermissions
     %w(
       READ
-      USERS_INVITE
+      MANAGE
       USERS_MANAGE
+      PROJECTS_CREATE
       INVENTORIES_CREATE
       PROTOCOLS_CREATE
     ).each { |permission| const_set(permission, "team_#{permission.underscore}") }
@@ -92,20 +93,17 @@ module PermissionExtends
   module RepositoryPermissions
     %w(
       READ
+      READ_ARCHIVED
       MANAGE
-      ARCHIVE
       RESTORE
       DELETE
       SHARE
-      CREATE_SNAPSHOT
-      DELETE_SNAPSHOT
-      CREATE_ROW
-      UPDATE_ROW
-      ARCHIVE_ROW
-      DELETE_ROW
-      CREATE_COLUMN
-      UPDATE_COLUMN
-      DELETE_COLUMN
+      ROWS_CREATE
+      ROWS_UPDATE
+      ROWS_DELETE
+      COLUMNS_CREATE
+      COLUMNS_UPDATE
+      COLUMNS_DELETE
       USERS_MANAGE
     ).each { |permission| const_set(permission, "inventory_#{permission.underscore}") }
   end
@@ -121,6 +119,7 @@ module PermissionExtends
     )
 
     NORMAL_USER_PERMISSIONS = [
+      TeamPermissions::PROJECTS_CREATE,
       TeamPermissions::PROTOCOLS_CREATE,
       ProtocolPermissions::READ,
       ProtocolPermissions::MANAGE,
@@ -167,11 +166,11 @@ module PermissionExtends
       MyModulePermissions::USERS_READ,
       MyModulePermissions::STOCK_CONSUMPTION_UPDATE,
       RepositoryPermissions::READ,
-      RepositoryPermissions::CREATE_COLUMN,
-      RepositoryPermissions::CREATE_ROW,
-      RepositoryPermissions::UPDATE_ROW,
-      RepositoryPermissions::ARCHIVE_ROW,
-      RepositoryPermissions::DELETE_ROW
+      RepositoryPermissions::READ_ARCHIVED,
+      RepositoryPermissions::COLUMNS_CREATE,
+      RepositoryPermissions::ROWS_CREATE,
+      RepositoryPermissions::ROWS_UPDATE,
+      RepositoryPermissions::ROWS_DELETE
     ]
 
     TECHNICIAN_PERMISSIONS = [

db/migrate/20220516111152_add_team_level_permissions.rb

@@ -0,0 +1,115 @@
+# frozen_string_literal: true
+
+class AddTeamLevelPermissions < ActiveRecord::Migration[6.1]
+  OWNER_PERMISSIONS = [
+    TeamPermissions::READ,
+    TeamPermissions::MANAGE,
+    TeamPermissions::USERS_MANAGE,
+    TeamPermissions::PROJECTS_CREATE,
+    TeamPermissions::INVENTORIES_CREATE,
+    TeamPermissions::PROTOCOLS_CREATE,
+    ProtocolPermissions::READ,
+    ProtocolPermissions::MANAGE,
+    ProtocolPermissions::USERS_MANAGE,
+    RepositoryPermissions::READ,
+    RepositoryPermissions::READ_ARCHIVED,
+    RepositoryPermissions::MANAGE,
+    RepositoryPermissions::DELETE,
+    RepositoryPermissions::SHARE,
+    RepositoryPermissions::ROWS_CREATE,
+    RepositoryPermissions::ROWS_UPDATE,
+    RepositoryPermissions::ROWS_DELETE,
+    RepositoryPermissions::COLUMNS_CREATE,
+    RepositoryPermissions::COLUMNS_UPDATE,
+    RepositoryPermissions::COLUMNS_DELETE,
+    RepositoryPermissions::USERS_MANAGE
+  ].freeze
+
+  NORMAL_USER_PERMISSIONS = [
+    TeamPermissions::PROJECTS_CREATE,
+    TeamPermissions::PROTOCOLS_CREATE,
+    ProtocolPermissions::READ,
+    ProtocolPermissions::MANAGE,
+    RepositoryPermissions::READ,
+    RepositoryPermissions::COLUMNS_CREATE,
+    RepositoryPermissions::ROWS_CREATE,
+    RepositoryPermissions::ROWS_UPDATE,
+    RepositoryPermissions::ROWS_DELETE
+  ].freeze
+
+  VIEWER_PERMISSIONS = [ProtocolPermissions::READ].freeze
+
+  def change
+    reversible do |dir|
+      dir.up do
+        @owner_role = UserRole.find_by(name: UserRole.public_send('owner_role').name)
+        @normal_user_role = UserRole.find_by(name: UserRole.public_send('normal_user_role').name)
+        @viewer_role = UserRole.find_by(name: UserRole.public_send('viewer_role').name)
+
+        @owner_role.permissions = @owner_role.permissions | OWNER_PERMISSIONS
+        @owner_role.save(validate: false)
+        @normal_user_role.permissions = @normal_user_role.permissions | NORMAL_USER_PERMISSIONS
+        @normal_user_role.save(validate: false)
+        @viewer_role.permissions = @viewer_role.permissions | VIEWER_PERMISSIONS
+        @viewer_role.save(validate: false)
+
+        create_user_assignments(UserTeam.admin, @owner_role)
+        create_user_assignments(UserTeam.normal_user, @normal_user_role)
+        create_user_assignments(UserTeam.guest, @viewer_role)
+      end
+
+      dir.down do
+        @owner_role = UserRole.find_by(name: UserRole.public_send('owner_role').name)
+        @normal_user_role = UserRole.find_by(name: UserRole.public_send('normal_user_role').name)
+        @viewer_role = UserRole.find_by(name: UserRole.public_send('viewer_role').name)
+
+        @owner_role.permissions = @owner_role.permissions - OWNER_PERMISSIONS
+        @owner_role.save(validate: false)
+        @normal_user_role.permissions = @normal_user_role.permissions - NORMAL_USER_PERMISSIONS
+        @normal_user_role.save(validate: false)
+        @viewer_role.permissions = @viewer_role.permissions - VIEWER_PERMISSIONS
+        @viewer_role.save(validate: false)
+
+        UserAssignment.where(assignable_type: %w(Team Protocol Repository)).delete_all
+      end
+    end
+  end
+
+  private
+
+  def new_user_assignment(user, assignable, user_role, assigned)
+    UserAssignment.new(
+      user: user,
+      assignable: assignable,
+      assigned: assigned,
+      user_role: user_role
+    )
+  end
+
+  def create_user_assignments(user_teams, user_role)
+    user_teams.includes(:user, team: %i(repositories repository_protocols))
+              .find_in_batches(batch_size: 100) do |user_team_batch|
+      user_assignments = []
+      user_team_batch.each do |user_team|
+        user_assignments << new_user_assignment(user_team.user, user_team.team, user_role, :manually)
+        user_team.team.repositories.each do |repository|
+          user_assignments << new_user_assignment(user_team.user, repository, user_role, :automatically)
+        end
+        user_team.team.repository_protocols.each do |protocol|
+          if protocol.in_repository_private? && user_team.user_id == protocol.added_by_id
+            user_assignments << new_user_assignment(user_team.user, protocol, @owner_role, :automatically)
+          elsif protocol.in_repository_archived?
+            if user_team.user_id == protocol.added_by_id
+              user_assignments << new_user_assignment(user_team.user, protocol, @owner_role, :automatically)
+            elsif protocol.published_on.present?
+              user_assignments << new_user_assignment(user_team.user, protocol, @viewer_role, :automatically)
+            end
+          elsif protocol.in_repository_public?
+            user_assignments << new_user_assignment(user_team.user, protocol, @viewer_role, :automatically)
+          end
+        end
+      end
+      UserAssignment.import(user_assignments)
+    end
+  end
+end

db/structure.sql

@@ -8370,4 +8370,7 @@ INSERT INTO "schema_migrations" (version) VALUES
 ('20220310105144'),
 ('20220321122111'),
 ('20220325101011'),
-('20220328164215');
+('20220328164215'),
+('20220516111152');
+
+