scinote-eln/scinote-web
1
1
Fork 0
mirror of https://github.com/scinote-eln/scinote-web.git synced 2025-03-01 18:25:20 +08:00
Code Issues Projects Releases Packages Wiki Activity

refactor update/delete sample permissions

Browse source
This commit is contained in:
mlorb 2017-12-07 16:40:27 +01:00
parent b09377cd8d
commit 72023c7dfe
5 changed files with 22 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
app/controllers/concerns/sample_actions.rb
View file

@ -11,7 +11,7 @@ module SampleActions
params[:sample_ids].each do |id|
sample = Sample.find_by_id(id)
if sample and can_delete_sample(sample)
if sample && can_update_or_delete_sample?(sample)
sample.destroy
counter_user += 1
else
@ -45,7 +45,7 @@ module SampleActions
end
def check_destroy_samples_permissions
unless can_delete_samples(@project.team)
unless can_delete_samples?(@project.team)
render_403
end
end

6
app/controllers/samples_controller.rb
View file

@ -167,7 +167,7 @@ class SamplesController < ApplicationController
respond_to do |format|
if sample
if can_update_sample?(sample)
if can_update_or_delete_sample?(sample)
if params[:sample]
if params[:sample][:name]
sample.name = params[:sample][:name]
@ -325,13 +325,13 @@ class SamplesController < ApplicationController
end
def check_edit_permissions
unless can_update_sample?(@sample)
unless can_update_or_delete_sample?(@sample)
render_403
end
end
def check_destroy_permissions
unless can_delete_samples(@team)
unless can_update_or_delete_sample?(@sample)
render_403
end
end

12
app/helpers/permission_helper.rb
View file

@ -644,13 +644,13 @@ module PermissionHelper
# end
# Only person who created sample can delete it
def can_delete_sample(sample)
sample.user == current_user
end
# def can_delete_sample(sample)
# sample.user == current_user
# end
def can_delete_samples(team)
is_normal_user_or_admin_of_team(team)
end
# def can_delete_samples(team)
# is_normal_user_or_admin_of_team(team)
# end
def can_add_samples_to_module(my_module)
is_technician_or_higher_of_project(my_module.experiment.project)

13
app/permissions/team.rb
View file

@ -23,6 +23,11 @@ Canaid::Permissions.register_for(Team) do
can :create_sample do |user, team|
user.is_normal_user_or_admin_of_team?(team)
end
# delete samples (general permission, not for specific sample)
can :delete_samples do |user, team|
user.is_normal_user_or_admin_of_team?(team)
end
end
Canaid::Permissions.register_for(UserTeam) do
@ -62,8 +67,10 @@ Canaid::Permissions.register_for(Protocol) do
end
Canaid::Permissions.register_for(Sample) do
# edit sample
can :update_sample do |user, sample|
user.is_admin_of_team?(sample.team) || user == sample.user
# edit sample, delete sample
can :update_or_delete_sample do |user, sample|
user.is_admin_of_team?(sample.team) ||
user.is_normal_user_or_admin_of_team?(sample.team) &&
user == sample.user
end
end

2
app/views/shared/_samples.html.erb
View file

@ -99,7 +99,7 @@
<span class="hidden-xs-custom"><%= t("samples.edit_sample") %></span>
</button>
<% if can_delete_samples(@team) %>
<% if can_delete_samples?(@team) %>
<button type="button" class="btn btn-default"
id="deleteSamplesButton" data-target="#deleteSamples" data-toggle="modal" disabled>
<span class="glyphicon glyphicon-trash"></span>