mirror of
https://github.com/scinote-eln/scinote-web.git
synced 2024-09-20 23:16:15 +08:00
add create, update, delete user_team permission
This commit is contained in:
parent
a0b2d3f5ef
commit
8893fd668d
|
@ -33,7 +33,7 @@ module ClientApi
|
|||
|
||||
def check_invite_users_permission
|
||||
@team = Team.find_by_id(params[:team_id])
|
||||
if @team && !is_admin_of_team(@team)
|
||||
if @team && !can_create_user_team?(@team)
|
||||
respond_to do |format|
|
||||
format.json do
|
||||
render json: t('client_api.invite_users.permission_error'),
|
||||
|
|
|
@ -3,6 +3,8 @@ module ClientApi
|
|||
class UserTeamsController < ApplicationController
|
||||
include ClientApi::Users::UserTeamsHelper
|
||||
|
||||
before_action :check_manage_user_team_permission
|
||||
|
||||
def leave_team
|
||||
ut_service = ClientApi::UserTeamService.new(
|
||||
user: current_user,
|
||||
|
@ -44,6 +46,18 @@ module ClientApi
|
|||
|
||||
private
|
||||
|
||||
def check_manage_user_team_permission
|
||||
@user_team = UserTeam.find_by_id(params[:user_team])
|
||||
unless can_update_or_delete_user_team?(@user_team)
|
||||
respond_to do |format|
|
||||
format.json do
|
||||
render json: t('client_api.user_teams.permission_error'),
|
||||
status: 422
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
def success_response(template, locals)
|
||||
respond_to do |format|
|
||||
format.json do
|
||||
|
|
|
@ -1,5 +1,18 @@
|
|||
Canaid::Permissions.register_for(Team) do
|
||||
# view projects
|
||||
can :read_team do |user, team|
|
||||
user.is_member_of_team?(team)
|
||||
end
|
||||
|
||||
# invite user to team
|
||||
can :create_user_team do |user, team|
|
||||
user.is_admin_of_team?(team)
|
||||
end
|
||||
end
|
||||
|
||||
Canaid::Permissions.register_for(UserTeam) do
|
||||
# change user's role, remove user from team, leave team
|
||||
can :update_or_delete_user_team do |user, user_team|
|
||||
user == user_team.user || user.is_admin_of_team?(user_team.team)
|
||||
end
|
||||
end
|
||||
|
|
|
@ -1820,6 +1820,7 @@ en:
|
|||
invalid_arguments: "Invalid arguments"
|
||||
generic_error_message: "Something went wrong! Please try again later."
|
||||
user_teams:
|
||||
permission_error: "You don't have permission to manage users."
|
||||
leave_team_error: "An error occured."
|
||||
leave_flash: "Successfuly left team %{team}."
|
||||
user:
|
||||
|
|
Loading…
Reference in a new issue