From bd5a2a43fd188a4c5bda1f167cbd5f33863a9ce8 Mon Sep 17 00:00:00 2001 From: Jure Grabnar Date: Fri, 19 Oct 2018 08:41:39 +0200 Subject: [PATCH 1/3] Add can_export_project? permission Closes [SCI-2805]. --- app/controllers/teams_controller.rb | 2 +- app/permissions/project.rb | 8 ++++++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/app/controllers/teams_controller.rb b/app/controllers/teams_controller.rb index 67364efb4..2c51b9382 100644 --- a/app/controllers/teams_controller.rb +++ b/app/controllers/teams_controller.rb @@ -314,7 +314,7 @@ class TeamsController < ApplicationController if export_projects_params[:project_ids] projects = Project.where(id: export_projects_params[:project_ids]) projects.each do |project| - render_403 unless can_read_project?(current_user, project) + render_403 unless can_export_project?(current_user, project) end end end diff --git a/app/permissions/project.rb b/app/permissions/project.rb index 74ec68e18..91881a985 100644 --- a/app/permissions/project.rb +++ b/app/permissions/project.rb @@ -38,6 +38,14 @@ Canaid::Permissions.register_for(Project) do user.is_owner_of_project?(project) && project.archived? end + # team: export projects + can :export_project do |user, project| + user.is_technician_or_higher_of_project?(project) || + user.viewer?(project) || + user.is_admin_of_team?(project.team) || + (project.visible? && user.is_member_of_team?(project.team)) + end + # experiment: create can :create_experiments do |user, project| user.is_user_or_higher_of_project?(project) From 3903b4a6f245a938b547fa53a97e06f55fe75ffe Mon Sep 17 00:00:00 2001 From: Jure Grabnar Date: Fri, 26 Oct 2018 10:58:59 +0200 Subject: [PATCH 2/3] Refactor read_project/export_project permissions --- app/permissions/project.rb | 29 ++++++++++++++++++----------- 1 file changed, 18 insertions(+), 11 deletions(-) diff --git a/app/permissions/project.rb b/app/permissions/project.rb index 91881a985..8dbde5ace 100644 --- a/app/permissions/project.rb +++ b/app/permissions/project.rb @@ -12,13 +12,27 @@ Canaid::Permissions.register_for(Project) do end end + %i(read_project + export_project) + .each do |perm| + can perm do |user, project| + user.is_member_of_project?(project) || + user.is_admin_of_team?(project.team) || + (project.visible? && user.is_member_of_team?(project.team)) + end + end # project: read, read activities, read comments, read users, read archive, # read notifications # reports: read - can :read_project do |user, project| - user.is_member_of_project?(project) || - user.is_admin_of_team?(project.team) || - (project.visible? && user.is_member_of_team?(project.team)) + can :read_project do |_, _| + # Already checked by the wrapper + true + end + + # team: export projects + can :export_project do |_, _| + # Already checked by the wrapper + true end # project: update/delete, assign/reassign/unassign users @@ -38,13 +52,6 @@ Canaid::Permissions.register_for(Project) do user.is_owner_of_project?(project) && project.archived? end - # team: export projects - can :export_project do |user, project| - user.is_technician_or_higher_of_project?(project) || - user.viewer?(project) || - user.is_admin_of_team?(project.team) || - (project.visible? && user.is_member_of_team?(project.team)) - end # experiment: create can :create_experiments do |user, project| From 04b1d0e1426e6ca5452f7c13dcd91f02a33c4578 Mon Sep 17 00:00:00 2001 From: Jure Grabnar Date: Fri, 26 Oct 2018 11:00:13 +0200 Subject: [PATCH 3/3] Remove blank line --- app/permissions/project.rb | 1 - 1 file changed, 1 deletion(-) diff --git a/app/permissions/project.rb b/app/permissions/project.rb index 8dbde5ace..3747d438c 100644 --- a/app/permissions/project.rb +++ b/app/permissions/project.rb @@ -52,7 +52,6 @@ Canaid::Permissions.register_for(Project) do user.is_owner_of_project?(project) && project.archived? end - # experiment: create can :create_experiments do |user, project| user.is_user_or_higher_of_project?(project)