scinote-eln/scinote-web
1
1
Fork 0
mirror of https://github.com/scinote-eln/scinote-web.git synced 2025-01-01 13:13:22 +08:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #1337 from jbargu/jg_bug_sci_2805

Browse source 
Add can_export_project? permission to allow archived projects to be exported [SCI-2805]
This commit is contained in:
Jure Grabnar 2018-10-26 11:23:57 +02:00 committed by GitHub
commit 7d2f2c3b5f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 19 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
app/controllers/teams_controller.rb
View file

@ -314,7 +314,7 @@ class TeamsController < ApplicationController
if export_projects_params[:project_ids]
projects = Project.where(id: export_projects_params[:project_ids])
projects.each do |project|
render_403 unless can_read_project?(current_user, project)
render_403 unless can_export_project?(current_user, project)
end
end
end

22
app/permissions/project.rb
View file

@ -12,13 +12,27 @@ Canaid::Permissions.register_for(Project) do
end
end
%i(read_project
export_project)
.each do |perm|
can perm do |user, project|
user.is_member_of_project?(project) ||
user.is_admin_of_team?(project.team) ||
(project.visible? && user.is_member_of_team?(project.team))
end
end
# project: read, read activities, read comments, read users, read archive,
# read notifications
# reports: read
can :read_project do |user, project|
user.is_member_of_project?(project) ||
user.is_admin_of_team?(project.team) ||
(project.visible? && user.is_member_of_team?(project.team))
can :read_project do |_, _|
# Already checked by the wrapper
true
end
# team: export projects
can :export_project do |_, _|
# Already checked by the wrapper
true
end
# project: update/delete, assign/reassign/unassign users