scinote-eln/scinote-web
1
1
Fork 0
mirror of https://github.com/scinote-eln/scinote-web.git synced 2025-01-01 13:13:22 +08:00
Code Issues Projects Releases Packages Wiki Activity

fix permissions

Browse source
This commit is contained in:
Mojca Lorber 2017-06-07 17:07:28 +02:00
parent e26337d5ee
commit 9108102b42
6 changed files with 58 additions and 48 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
app/controllers/my_modules_controller.rb
View file

@ -27,6 +27,10 @@ class MyModulesController < ApplicationController
before_action :check_assign_samples_permissions, only: :assign_samples
before_action :check_unassign_samples_permissions, only: :unassign_samples
before_action :check_complete_my_module_perimission, only: :complete_my_module
before_action :check_assign_repository_records_permissions,
only: :assign_repository_records
before_action :check_unassign_repository_records_permissions,
only: :unassign_repository_records
layout 'fluid'.freeze
@ -386,8 +390,6 @@ class MyModulesController < ApplicationController
# Submit actions
def assign_repository_records
render_403 && return unless can_assign_repository_records(@my_module,
@repository)
if params[:selected_rows].present? && params[:repository_id].present?
records_names = []
@ -437,8 +439,6 @@ class MyModulesController < ApplicationController
end
def unassign_repository_records
render_403 && return unless can_unassign_repository_records(@my_module,
@repository)
if params[:selected_rows].present? && params[:repository_id].present?
records = []
@ -641,12 +641,20 @@ class MyModulesController < ApplicationController
end
end
def check_assign_repository_records_permissions
render_403 unless can_assign_repository_records(@my_module, @repository)
end
def check_unassign_repository_records_permissions
render_403 unless can_unassign_repository_records(@my_module, @repository)
end
def check_complete_my_module_perimission
render_403 unless can_complete_module(@my_module)
end
def my_module_params
params.require(:my_module).permit(:name, :description, :due_date,
:archived)
:archived)
end
end

4
app/controllers/repository_columns_controller.rb
View file

@ -113,11 +113,11 @@ class RepositoryColumnsController < ApplicationController
end
def check_update_permissions
render_403 unless can_edit_columns_in_repository(@repository)
render_403 unless can_edit_column_in_repository(@repository_column)
end
def check_destroy_permissions
render_403 unless can_delete_columns_in_repository(@repository)
render_403 unless can_delete_column_in_repository(@repository_column)
end
def repository_column_params

2
app/controllers/repository_rows_controller.rb
View file

@ -219,7 +219,7 @@ class RepositoryRowsController < ApplicationController
end
def check_edit_permissions
render_403 unless can_edit_repository_records(@repository)
render_403 unless can_edit_repository_record(@record)
end
def check_destroy_permissions

16
app/helpers/permission_helper.rb
View file

@ -1078,20 +1078,20 @@ module PermissionHelper
is_normal_user_or_admin_of_team(repository.team)
end
def can_delete_columns_in_repository(repository)
is_normal_user_or_admin_of_team(repository.team)
def can_delete_column_in_repository(column)
is_normal_user_or_admin_of_team(column.repository.team)
end
def can_edit_columns_in_repository(repository)
is_normal_user_or_admin_of_team(repository.team)
def can_edit_column_in_repository(column)
is_normal_user_or_admin_of_team(column.repository.team)
end
def can_create_repository_records(repository)
is_normal_user_or_admin_of_team(repository.team)
end
def can_edit_repository_records(repository)
is_normal_user_or_admin_of_team(repository.team)
def can_edit_repository_record(record)
is_normal_user_or_admin_of_team(record.repository.team)
end
def can_delete_repository_records(repository)
@ -1105,12 +1105,12 @@ module PermissionHelper
end
def can_assign_repository_records(my_module, repository)
can_edit_repository_records(repository) &&
can_delete_repository_records(repository) &&
is_technician_or_higher_of_project(my_module.experiment.project)
end
def can_unassign_repository_records(my_module, repository)
can_edit_repository_records(repository) &&
can_delete_repository_records(repository) &&
is_technician_or_higher_of_project(my_module.experiment.project)
end
end

4
app/views/repositories/_repository_table.html.erb
View file

@ -25,8 +25,8 @@
<th id="added-by"><%= t("repositories.table.added_by") %></th>
<% repository.repository_columns.each do |column| %>
<th class="repository-column" id="<%= column.id %>"
<%= 'data-editable' if can_edit_columns_in_repository(repository) %>
<%= 'data-deletable' if can_delete_columns_in_repository(repository) %>
<%= 'data-editable' if can_edit_column_in_repository(column) %>
<%= 'data-deletable' if can_delete_column_in_repository(column) %>
<%= "data-edit-url='#{edit_repository_repository_column_path(repository, column)}'" %>
<%= "data-update-url='#{repository_repository_column_path(repository, column)}'" %>
<%= "data-destroy-html-url='#{repository_columns_destroy_html_path(repository, column)}'" %>

62
app/views/repositories/index.html.erb
View file

@ -45,40 +45,42 @@
data-toggle="dropdown"
aria-haspopup="true"
aria-expanded="true"
<%= "disabled='disabled'" if !can_edit_and_destroy_repository repo %>>
<%= "disabled='disabled'" if !can_edit_and_destroy_repository repo and !can_copy_repository repo %>>
<span class="glyphicon glyphicon-cog"></span>
<span class="caret"></span>
</div>
<ul class="dropdown-menu pull-right">
<li class="dropdown-header">
<%= t("repositories.index.options_dropdown.header") %>
</li>
<% if can_edit_and_destroy_repository repo %>
<li>
<%= link_to t('repositories.index.options_dropdown.rename'),
team_repository_rename_modal_path(repository_id: repo),
class: "rename-repo-option",
remote: true %>
<% if can_edit_and_destroy_repository repo or can_copy_repository repo %>
<ul class="dropdown-menu pull-right">
<li class="dropdown-header">
<%= t("repositories.index.options_dropdown.header") %>
</li>
<% end %>
<% if can_copy_repository(repo) %>
<li>
<%= link_to t('repositories.index.options_dropdown.copy'),
team_repository_copy_modal_path(repository_id: repo),
class: "copy-repo-option",
remote: true %>
</li>
<% end %>
<% if can_edit_and_destroy_repository repo %>
<li role="separator" class="divider"></li>
<li>
<%= link_to t('repositories.index.modal_delete.delete'),
team_repository_destroy_modal_path(repository_id: repo),
class: "delete-repo-option",
remote: true %>
</li>
<% end %>
</ul>
<% if can_edit_and_destroy_repository repo %>
<li>
<%= link_to t('repositories.index.options_dropdown.rename'),
team_repository_rename_modal_path(repository_id: repo),
class: "rename-repo-option",
remote: true %>
</li>
<% end %>
<% if can_copy_repository(repo) %>
<li>
<%= link_to t('repositories.index.options_dropdown.copy'),
team_repository_copy_modal_path(repository_id: repo),
class: "copy-repo-option",
remote: true %>
</li>
<% end %>
<% if can_edit_and_destroy_repository repo %>
<li role="separator" class="divider"></li>
<li>
<%= link_to t('repositories.index.modal_delete.delete'),
team_repository_destroy_modal_path(repository_id: repo),
class: "delete-repo-option",
remote: true %>
</li>
<% end %>
</ul>
<% end %>
</div>
</div>
<div class="tab-content-body"></div>