mirror of
https://github.com/scinote-eln/scinote-web.git
synced 2024-12-25 09:13:05 +08:00
Fix shared repositories migration, update sharing logic and permissions [SCI-7360]
This commit is contained in:
parent
1799361944
commit
7d3f48199a
4 changed files with 35 additions and 50 deletions
|
@ -32,15 +32,12 @@ class TeamSharedObject < ApplicationRecord
|
|||
def not_globally_shared
|
||||
errors.add(:shared_object_id, :is_globally_shared) if shared_object.globally_shared?
|
||||
end
|
||||
|
||||
def assign_shared_inventories
|
||||
viewer_role = UserRole.find_by(name: UserRole.public_send('viewer_role').name)
|
||||
normal_user_role = UserRole.find_by(name: UserRole.public_send('normal_user_role').name)
|
||||
|
||||
team.users.find_each do |user|
|
||||
def assign_shared_inventories
|
||||
team.user_assignments.find_each do |user_assignment|
|
||||
shared_object.user_assignments.create!(
|
||||
user: user,
|
||||
user_role: shared_write? ? normal_user_role : viewer_role,
|
||||
user: user_assignment.user,
|
||||
user_role: user_assignment.user_role,
|
||||
team: team
|
||||
)
|
||||
end
|
||||
|
|
|
@ -24,6 +24,16 @@ Canaid::Permissions.register_for(Repository) do
|
|||
end
|
||||
end
|
||||
|
||||
%i(create_repository_rows
|
||||
manage_repository_rows
|
||||
manage_repository_assets
|
||||
delete_repository_rows)
|
||||
.each do |perm|
|
||||
can perm do |user, repository|
|
||||
next false if repository.shared_with?(user.current_team) && !repository.shared_with_write?(user.current_team)
|
||||
end
|
||||
end
|
||||
|
||||
# repository: update, delete
|
||||
can :manage_repository do |user, repository|
|
||||
!repository.shared_with?(user.current_team) && repository.permission_granted?(user, RepositoryPermissions::MANAGE)
|
||||
|
@ -61,12 +71,7 @@ Canaid::Permissions.register_for(Repository) do
|
|||
next false if repository.is_a?(BmtRepository)
|
||||
next false if repository.archived?
|
||||
|
||||
if repository.shared_with?(user.current_team)
|
||||
repository.shared_with_write?(user.current_team) &&
|
||||
repository.permission_granted?(user, RepositoryPermissions::ROWS_CREATE)
|
||||
else
|
||||
repository.permission_granted?(user, RepositoryPermissions::ROWS_CREATE)
|
||||
end
|
||||
repository.permission_granted?(user, RepositoryPermissions::ROWS_CREATE)
|
||||
end
|
||||
|
||||
can :manage_repository_assets do |user, repository|
|
||||
|
|
|
@ -8,7 +8,6 @@ module UserAssignments
|
|||
@user_role = team_user_assignment.user_role
|
||||
@assigned_by = team_user_assignment.assigned_by
|
||||
@viewer_role = UserRole.find_predefined_viewer_role
|
||||
@normal_user_role = UserRole.find_predefined_normal_user_role
|
||||
end
|
||||
|
||||
def call
|
||||
|
@ -38,16 +37,18 @@ module UserAssignments
|
|||
@team.team_shared_repositories.find_each do |team_shared_repository|
|
||||
@team.repository_sharing_user_assignments.create!(
|
||||
user: @user,
|
||||
user_role: team_shared_repository.shared_write? ? @normal_user_role : @viewer_role,
|
||||
assignable: team_shared_repository.shared_object
|
||||
user_role: @user_role,
|
||||
assignable: team_shared_repository.shared_object,
|
||||
assigned: :automatically
|
||||
)
|
||||
end
|
||||
|
||||
Repository.globally_shared.where.not(team: @team).find_each do |repository|
|
||||
@team.repository_sharing_user_assignments.create!(
|
||||
user: @user,
|
||||
user_role: repository.shared_write? ? @normal_user_role : @viewer_role,
|
||||
assignable: repository
|
||||
user_role: @user_role,
|
||||
assignable: repository,
|
||||
assigned: :automatically
|
||||
)
|
||||
end
|
||||
end
|
||||
|
|
|
@ -9,43 +9,25 @@ class MigrateSharedRepositoriesToUserAssignments < ActiveRecord::Migration[6.1]
|
|||
end
|
||||
|
||||
def up
|
||||
viewer_role = UserRole.find_by(name: UserRole.public_send('viewer_role').name)
|
||||
normal_user_role = UserRole.find_by(name: UserRole.public_send('normal_user_role').name)
|
||||
|
||||
TeamRepository.where(permission_level: %i(shared_read shared_write))
|
||||
.preload(:team, :repository)
|
||||
.find_each do |team_repository|
|
||||
user_role = if team_repository.shared_read?
|
||||
viewer_role
|
||||
elsif team_repository.shared_write?
|
||||
normal_user_role
|
||||
end
|
||||
|
||||
team_repository.team.users.find_in_batches(batch_size: 100) do |users_batch|
|
||||
user_assignments = []
|
||||
users_batch.each do |user|
|
||||
user_assignments << UserAssignment.new(user: user, assignable: team_repository.repository,
|
||||
user_role: user_role, team: team_repository.team)
|
||||
end
|
||||
UserAssignment.import(user_assignments)
|
||||
team_repository.team
|
||||
.user_assignments
|
||||
.preload(:user, :user_role)
|
||||
.find_each do |user_assignment|
|
||||
UserAssignment.create!(user: user_assignment.user, assignable: team_repository.repository,
|
||||
user_role: user_assignment.user_role, team: team_repository.team)
|
||||
end
|
||||
end
|
||||
|
||||
Repository.globally_shared.find_each do |repository|
|
||||
user_role = if repository.shared_read?
|
||||
viewer_role
|
||||
elsif repository.shared_write?
|
||||
normal_user_role
|
||||
end
|
||||
|
||||
Team.where.not(id: repository.team.id).find_each do |team|
|
||||
team.users.find_in_batches(batch_size: 100) do |users_batch|
|
||||
user_assignments = []
|
||||
users_batch.each do |user|
|
||||
user_assignments << UserAssignment.new(user: user, assignable: repository,
|
||||
user_role: user_role, team: team)
|
||||
end
|
||||
UserAssignment.import(user_assignments)
|
||||
end
|
||||
Repository.globally_shared.find_each do |repository|
|
||||
Team.where.not(id: repository.team.id).find_each do |team|
|
||||
team.user_assignments
|
||||
.preload(:user, :user_role)
|
||||
.find_each do |user_assignment|
|
||||
UserAssignment.create!(user: user_assignment.user, assignable: repository,
|
||||
user_role: user_assignment.user_role, team: team)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in a new issue