mirror of
https://github.com/scinote-eln/scinote-web.git
synced 2025-11-09 16:01:30 +08:00
Fix experiment bulk move permission checks, specs [SCI-9840]
This commit is contained in:
Martin Artnik
parent
378b2dc12e
commit
73541e8c42
5 changed files with 25 additions and 26 deletions
|
|
@ -8,15 +8,17 @@ class ExperimentsController < ApplicationController
|
||||||
include Rails.application.routes.url_helpers
|
include Rails.application.routes.url_helpers
|
||||||
include Breadcrumbs
|
include Breadcrumbs
|
||||||
|
|
||||||
before_action :load_project, only: %i(new create archive_group restore_group)
|
before_action :load_project, only: %i(new create archive_group restore_group move)
|
||||||
before_action :load_experiment, except: %i(new create archive_group restore_group
|
before_action :load_experiment, except: %i(new create archive_group restore_group
|
||||||
inventory_assigning_experiment_filter actions_toolbar move_modal move)
|
inventory_assigning_experiment_filter actions_toolbar
|
||||||
|
move move_modal)
|
||||||
before_action :load_experiments, only: %i(move_modal move)
|
before_action :load_experiments, only: %i(move_modal move)
|
||||||
before_action :check_read_permissions, except: %i(edit archive clone move new
|
before_action :check_move_permissions, only: %i(move_modal move)
|
||||||
|
before_action :check_read_permissions, except: %i(edit archive clone move move_modal new
|
||||||
create archive_group restore_group
|
create archive_group restore_group
|
||||||
inventory_assigning_experiment_filter actions_toolbar move_modal)
|
inventory_assigning_experiment_filter actions_toolbar)
|
||||||
before_action :check_canvas_read_permissions, only: %i(canvas)
|
before_action :check_canvas_read_permissions, only: %i(canvas)
|
||||||
before_action :check_create_permissions, only: %i(new create)
|
before_action :check_create_permissions, only: %i(new create move)
|
||||||
before_action :check_manage_permissions, only: %i(edit batch_clone_my_modules)
|
before_action :check_manage_permissions, only: %i(edit batch_clone_my_modules)
|
||||||
before_action :check_update_permissions, only: %i(update)
|
before_action :check_update_permissions, only: %i(update)
|
||||||
before_action :check_archive_permissions, only: :archive
|
before_action :check_archive_permissions, only: :archive
|
||||||
|
|
@ -254,7 +256,7 @@ class ExperimentsController < ApplicationController
|
||||||
|
|
||||||
# POST: clone_experiment(id)
|
# POST: clone_experiment(id)
|
||||||
def clone
|
def clone
|
||||||
project = current_team.projects.find(move_experiment_param)
|
@project = current_team.projects.find(move_experiment_param)
|
||||||
return render_403 unless can_create_project_experiments?(project)
|
return render_403 unless can_create_project_experiments?(project)
|
||||||
|
|
||||||
service = Experiments::CopyExperimentAsTemplateService.call(experiment: @experiment,
|
service = Experiments::CopyExperimentAsTemplateService.call(experiment: @experiment,
|
||||||
|
|
@ -297,10 +299,7 @@ class ExperimentsController < ApplicationController
|
||||||
|
|
||||||
# POST: move_experiment(id)
|
# POST: move_experiment(id)
|
||||||
def move
|
def move
|
||||||
project = Project.viewable_by_user(current_user, current_team)
|
@project.transaction do
|
||||||
.find_by(id: params[:project_id])
|
|
||||||
|
|
||||||
project.transaction do
|
|
||||||
@experiments.each do |experiment|
|
@experiments.each do |experiment|
|
||||||
service = Experiments::MoveToProjectService
|
service = Experiments::MoveToProjectService
|
||||||
.call(experiment_id: experiment.id,
|
.call(experiment_id: experiment.id,
|
||||||
|
|
@ -309,14 +308,14 @@ class ExperimentsController < ApplicationController
|
||||||
raise StandardError unless service.succeed?
|
raise StandardError unless service.succeed?
|
||||||
end
|
end
|
||||||
|
|
||||||
flash[:success] = t('experiments.table.move_success_flash', project: escape_input(project.name))
|
flash[:success] = t('experiments.table.move_success_flash', project: escape_input(@project.name))
|
||||||
render json: { message: t('experiments.table.move_success_flash',
|
render json: { message: t('experiments.table.move_success_flash',
|
||||||
project: escape_input(project.name)), path: project_path(project) }
|
project: escape_input(@project.name)), path: project_path(@project) }
|
||||||
rescue StandardError => e
|
rescue StandardError => e
|
||||||
Rails.logger.error(e.message)
|
Rails.logger.error(e.message)
|
||||||
Rails.logger.error(e.backtrace.join("\n"))
|
Rails.logger.error(e.backtrace.join("\n"))
|
||||||
render json: {
|
render json: {
|
||||||
message: t('experiments.table.move_error_flash', project: escape_input(project.name))
|
message: t('experiments.table.move_error_flash', project: escape_input(@project.name))
|
||||||
}, status: :unprocessable_entity
|
}, status: :unprocessable_entity
|
||||||
raise ActiveRecord::Rollback
|
raise ActiveRecord::Rollback
|
||||||
end
|
end
|
||||||
|
|
@ -596,7 +595,7 @@ class ExperimentsController < ApplicationController
|
||||||
end
|
end
|
||||||
|
|
||||||
def check_move_permissions
|
def check_move_permissions
|
||||||
render_403 unless can_move_experiment?(@experiment)
|
render_403 unless @experiments.all? { |e| can_move_experiment?(e) }
|
||||||
end
|
end
|
||||||
|
|
||||||
def set_inline_name_editing
|
def set_inline_name_editing
|
||||||
|
|
|
||||||
|
|
@ -82,7 +82,8 @@ Canaid::Permissions.register_for(Experiment) do
|
||||||
end
|
end
|
||||||
|
|
||||||
can :move_experiment do |user, experiment|
|
can :move_experiment do |user, experiment|
|
||||||
experiment.permission_granted?(user, ExperimentPermissions::MANAGE)
|
experiment.permission_granted?(user, ExperimentPermissions::MANAGE) &&
|
||||||
|
can_manage_all_experiment_my_modules?(experiment)
|
||||||
end
|
end
|
||||||
|
|
||||||
can :designate_users_to_new_task do |user, experiment|
|
can :designate_users_to_new_task do |user, experiment|
|
||||||
|
|
|
||||||
|
|
@ -1,10 +1,10 @@
|
||||||
<div class="modal move-experiment-modal"
|
<div class="modal move-experiment-modal"
|
||||||
id="move-experiment-modal-<%= @experiments.map(&:id) %>"
|
id="move-experiment-modal-<%= params[:ids] %>"
|
||||||
tabindex="-1"
|
tabindex="-1"
|
||||||
role="dialog"
|
role="dialog"
|
||||||
aria-labelledby="move-experiment-modal-label">
|
aria-labelledby="move-experiment-modal-label">
|
||||||
<%= form_with model: @experiment,
|
<%= form_with model: @experiment,
|
||||||
url: move_experiment_path(id: @experiments.map(&:id)),
|
url: move_experiments_path(ids: params[:ids]),
|
||||||
method: :post,
|
method: :post,
|
||||||
data: { remote: true },
|
data: { remote: true },
|
||||||
html: { class: 'experiment-action-form' } do |f| %>
|
html: { class: 'experiment-action-form' } do |f| %>
|
||||||
|
|
@ -16,7 +16,7 @@
|
||||||
</div>
|
</div>
|
||||||
<div class="modal-body">
|
<div class="modal-body">
|
||||||
<p><small><%= t("experiments.move.notice") %></small></p>
|
<p><small><%= t("experiments.move.notice") %></small></p>
|
||||||
<% if @projects.any? && @experiments.all? { |experiment| can_manage_all_experiment_my_modules?(experiment) } %>
|
<% if @projects.any? && @experiments.all? { |experiment| can_move_experiment?(experiment) } %>
|
||||||
<%= f.select :project_id, options_for_select(@projects.collect { |p| [ p.name, p.id ] }),
|
<%= f.select :project_id, options_for_select(@projects.collect { |p| [ p.name, p.id ] }),
|
||||||
{ label: t("experiments.move.target_project") }, { class: "form-control selectpicker", "data-role" => "clear" } %>
|
{ label: t("experiments.move.target_project") }, { class: "form-control selectpicker", "data-role" => "clear" } %>
|
||||||
<% else %>
|
<% else %>
|
||||||
|
|
@ -24,14 +24,14 @@
|
||||||
<i class="fas fa-exclamation-triangle"></i>
|
<i class="fas fa-exclamation-triangle"></i>
|
||||||
<% if @projects.blank? %>
|
<% if @projects.blank? %>
|
||||||
<%= t("experiments.move.no_projects") %>
|
<%= t("experiments.move.no_projects") %>
|
||||||
<% elsif !@experiments.all? { |experiment| can_manage_all_experiment_my_modules?(experiment) } %>
|
<% elsif !@experiments.all? { |experiment| can_move_experiment?(experiment) } %>
|
||||||
<%= t("experiments.move.task_permission") %>
|
<%= t("experiments.move.task_permission") %>
|
||||||
<% end %>
|
<% end %>
|
||||||
</div>
|
</div>
|
||||||
<% end %>
|
<% end %>
|
||||||
</div>
|
</div>
|
||||||
<% @experiments.each do |experiment| %>
|
<% params[:ids].each do |id| %>
|
||||||
<%= f.hidden_field :ids, multiple: true, value: experiment.id %>
|
<%= f.hidden_field :ids, multiple: true, value: id %>
|
||||||
<% end %>
|
<% end %>
|
||||||
<div class="modal-footer">
|
<div class="modal-footer">
|
||||||
<button type="button" class="btn btn-secondary" data-dismiss="modal"><%=t "general.cancel" %></button>
|
<button type="button" class="btn btn-secondary" data-dismiss="modal"><%=t "general.cancel" %></button>
|
||||||
|
|
|
||||||
|
|
@ -387,6 +387,8 @@ Rails.application.routes.draw do
|
||||||
get 'clone_modal', action: :clone_modal
|
get 'clone_modal', action: :clone_modal
|
||||||
get 'move_modal', action: :move_modal
|
get 'move_modal', action: :move_modal
|
||||||
get 'actions_toolbar'
|
get 'actions_toolbar'
|
||||||
|
get 'move_modal' # return modal with move options
|
||||||
|
post 'move' # move experiment
|
||||||
end
|
end
|
||||||
member do
|
member do
|
||||||
get 'permissions'
|
get 'permissions'
|
||||||
|
|
@ -410,8 +412,6 @@ Rails.application.routes.draw do
|
||||||
post 'archive' # archive experiment
|
post 'archive' # archive experiment
|
||||||
get 'clone_modal' # return modal with clone options
|
get 'clone_modal' # return modal with clone options
|
||||||
post 'clone' # clone experiment
|
post 'clone' # clone experiment
|
||||||
get 'move_modal' # return modal with move options
|
|
||||||
post 'move' # move experiment
|
|
||||||
get 'fetch_workflow_img' # Get updated workflow img
|
get 'fetch_workflow_img' # Get updated workflow img
|
||||||
get 'modules/new', to: 'my_modules#new'
|
get 'modules/new', to: 'my_modules#new'
|
||||||
post 'modules', to: 'my_modules#create'
|
post 'modules', to: 'my_modules#create'
|
||||||
|
|
|
||||||
|
|
@ -16,7 +16,6 @@ describe ExperimentsController, type: :controller do
|
||||||
archive_group: { project_id: 1 },
|
archive_group: { project_id: 1 },
|
||||||
restore_group: { project_id: 1 },
|
restore_group: { project_id: 1 },
|
||||||
clone: { id: 1 },
|
clone: { id: 1 },
|
||||||
move: { id: 1 },
|
|
||||||
module_archive: { id: 1 },
|
module_archive: { id: 1 },
|
||||||
fetch_workflow_img: { id: 1 },
|
fetch_workflow_img: { id: 1 },
|
||||||
sidebar: { id: 1 },
|
sidebar: { id: 1 },
|
||||||
|
|
@ -112,13 +111,13 @@ describe ExperimentsController, type: :controller do
|
||||||
it_behaves_like "a controller action with permissions checking", :get, :move_modal do
|
it_behaves_like "a controller action with permissions checking", :get, :move_modal do
|
||||||
let(:testable) { experiment }
|
let(:testable) { experiment }
|
||||||
let(:permissions) { [ExperimentPermissions::MANAGE] }
|
let(:permissions) { [ExperimentPermissions::MANAGE] }
|
||||||
let(:action_params) { { id: experiment.id } }
|
let(:action_params) { { ids: [experiment.id] } }
|
||||||
end
|
end
|
||||||
|
|
||||||
it_behaves_like "a controller action with permissions checking", :post, :move do
|
it_behaves_like "a controller action with permissions checking", :post, :move do
|
||||||
let(:testable) { experiment }
|
let(:testable) { experiment }
|
||||||
let(:permissions) { [ExperimentPermissions::MANAGE] }
|
let(:permissions) { [ExperimentPermissions::MANAGE] }
|
||||||
let(:action_params) { { id: experiment.id } }
|
let(:action_params) { { ids: [experiment.id], project_id: project.id } }
|
||||||
end
|
end
|
||||||
|
|
||||||
it_behaves_like "a controller action with permissions checking", :get, :module_archive do
|
it_behaves_like "a controller action with permissions checking", :get, :module_archive do
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue