mirror of
https://github.com/scinote-eln/scinote-web.git
synced 2025-11-13 01:41:09 +08:00
Fix shared repositories migration, update sharing logic and permissions [SCI-7360]
This commit is contained in:
Oleksii Kriuchykhin
parent
1799361944
commit
7d3f48199a
4 changed files with 35 additions and 50 deletions
|
|
@ -32,15 +32,12 @@ class TeamSharedObject < ApplicationRecord
|
||||||
def not_globally_shared
|
def not_globally_shared
|
||||||
errors.add(:shared_object_id, :is_globally_shared) if shared_object.globally_shared?
|
errors.add(:shared_object_id, :is_globally_shared) if shared_object.globally_shared?
|
||||||
end
|
end
|
||||||
|
|
||||||
def assign_shared_inventories
|
|
||||||
viewer_role = UserRole.find_by(name: UserRole.public_send('viewer_role').name)
|
|
||||||
normal_user_role = UserRole.find_by(name: UserRole.public_send('normal_user_role').name)
|
|
||||||
|
|
||||||
team.users.find_each do |user|
|
def assign_shared_inventories
|
||||||
|
team.user_assignments.find_each do |user_assignment|
|
||||||
shared_object.user_assignments.create!(
|
shared_object.user_assignments.create!(
|
||||||
user: user,
|
user: user_assignment.user,
|
||||||
user_role: shared_write? ? normal_user_role : viewer_role,
|
user_role: user_assignment.user_role,
|
||||||
team: team
|
team: team
|
||||||
)
|
)
|
||||||
end
|
end
|
||||||
|
|
|
||||||
|
|
@ -24,6 +24,16 @@ Canaid::Permissions.register_for(Repository) do
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
%i(create_repository_rows
|
||||||
|
manage_repository_rows
|
||||||
|
manage_repository_assets
|
||||||
|
delete_repository_rows)
|
||||||
|
.each do |perm|
|
||||||
|
can perm do |user, repository|
|
||||||
|
next false if repository.shared_with?(user.current_team) && !repository.shared_with_write?(user.current_team)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
# repository: update, delete
|
# repository: update, delete
|
||||||
can :manage_repository do |user, repository|
|
can :manage_repository do |user, repository|
|
||||||
!repository.shared_with?(user.current_team) && repository.permission_granted?(user, RepositoryPermissions::MANAGE)
|
!repository.shared_with?(user.current_team) && repository.permission_granted?(user, RepositoryPermissions::MANAGE)
|
||||||
|
|
@ -61,12 +71,7 @@ Canaid::Permissions.register_for(Repository) do
|
||||||
next false if repository.is_a?(BmtRepository)
|
next false if repository.is_a?(BmtRepository)
|
||||||
next false if repository.archived?
|
next false if repository.archived?
|
||||||
|
|
||||||
if repository.shared_with?(user.current_team)
|
repository.permission_granted?(user, RepositoryPermissions::ROWS_CREATE)
|
||||||
repository.shared_with_write?(user.current_team) &&
|
|
||||||
repository.permission_granted?(user, RepositoryPermissions::ROWS_CREATE)
|
|
||||||
else
|
|
||||||
repository.permission_granted?(user, RepositoryPermissions::ROWS_CREATE)
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
|
|
||||||
can :manage_repository_assets do |user, repository|
|
can :manage_repository_assets do |user, repository|
|
||||||
|
|
|
||||||
|
|
@ -8,7 +8,6 @@ module UserAssignments
|
||||||
@user_role = team_user_assignment.user_role
|
@user_role = team_user_assignment.user_role
|
||||||
@assigned_by = team_user_assignment.assigned_by
|
@assigned_by = team_user_assignment.assigned_by
|
||||||
@viewer_role = UserRole.find_predefined_viewer_role
|
@viewer_role = UserRole.find_predefined_viewer_role
|
||||||
@normal_user_role = UserRole.find_predefined_normal_user_role
|
|
||||||
end
|
end
|
||||||
|
|
||||||
def call
|
def call
|
||||||
|
|
@ -38,16 +37,18 @@ module UserAssignments
|
||||||
@team.team_shared_repositories.find_each do |team_shared_repository|
|
@team.team_shared_repositories.find_each do |team_shared_repository|
|
||||||
@team.repository_sharing_user_assignments.create!(
|
@team.repository_sharing_user_assignments.create!(
|
||||||
user: @user,
|
user: @user,
|
||||||
user_role: team_shared_repository.shared_write? ? @normal_user_role : @viewer_role,
|
user_role: @user_role,
|
||||||
assignable: team_shared_repository.shared_object
|
assignable: team_shared_repository.shared_object,
|
||||||
|
assigned: :automatically
|
||||||
)
|
)
|
||||||
end
|
end
|
||||||
|
|
||||||
Repository.globally_shared.where.not(team: @team).find_each do |repository|
|
Repository.globally_shared.where.not(team: @team).find_each do |repository|
|
||||||
@team.repository_sharing_user_assignments.create!(
|
@team.repository_sharing_user_assignments.create!(
|
||||||
user: @user,
|
user: @user,
|
||||||
user_role: repository.shared_write? ? @normal_user_role : @viewer_role,
|
user_role: @user_role,
|
||||||
assignable: repository
|
assignable: repository,
|
||||||
|
assigned: :automatically
|
||||||
)
|
)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
||||||
|
|
@ -9,43 +9,25 @@ class MigrateSharedRepositoriesToUserAssignments < ActiveRecord::Migration[6.1]
|
||||||
end
|
end
|
||||||
|
|
||||||
def up
|
def up
|
||||||
viewer_role = UserRole.find_by(name: UserRole.public_send('viewer_role').name)
|
|
||||||
normal_user_role = UserRole.find_by(name: UserRole.public_send('normal_user_role').name)
|
|
||||||
|
|
||||||
TeamRepository.where(permission_level: %i(shared_read shared_write))
|
TeamRepository.where(permission_level: %i(shared_read shared_write))
|
||||||
.preload(:team, :repository)
|
.preload(:team, :repository)
|
||||||
.find_each do |team_repository|
|
.find_each do |team_repository|
|
||||||
user_role = if team_repository.shared_read?
|
team_repository.team
|
||||||
viewer_role
|
.user_assignments
|
||||||
elsif team_repository.shared_write?
|
.preload(:user, :user_role)
|
||||||
normal_user_role
|
.find_each do |user_assignment|
|
||||||
end
|
UserAssignment.create!(user: user_assignment.user, assignable: team_repository.repository,
|
||||||
|
user_role: user_assignment.user_role, team: team_repository.team)
|
||||||
team_repository.team.users.find_in_batches(batch_size: 100) do |users_batch|
|
|
||||||
user_assignments = []
|
|
||||||
users_batch.each do |user|
|
|
||||||
user_assignments << UserAssignment.new(user: user, assignable: team_repository.repository,
|
|
||||||
user_role: user_role, team: team_repository.team)
|
|
||||||
end
|
|
||||||
UserAssignment.import(user_assignments)
|
|
||||||
end
|
end
|
||||||
|
end
|
||||||
|
|
||||||
Repository.globally_shared.find_each do |repository|
|
Repository.globally_shared.find_each do |repository|
|
||||||
user_role = if repository.shared_read?
|
Team.where.not(id: repository.team.id).find_each do |team|
|
||||||
viewer_role
|
team.user_assignments
|
||||||
elsif repository.shared_write?
|
.preload(:user, :user_role)
|
||||||
normal_user_role
|
.find_each do |user_assignment|
|
||||||
end
|
UserAssignment.create!(user: user_assignment.user, assignable: repository,
|
||||||
|
user_role: user_assignment.user_role, team: team)
|
||||||
Team.where.not(id: repository.team.id).find_each do |team|
|
|
||||||
team.users.find_in_batches(batch_size: 100) do |users_batch|
|
|
||||||
user_assignments = []
|
|
||||||
users_batch.each do |user|
|
|
||||||
user_assignments << UserAssignment.new(user: user, assignable: repository,
|
|
||||||
user_role: user_role, team: team)
|
|
||||||
end
|
|
||||||
UserAssignment.import(user_assignments)
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue