diff --git a/app/controllers/my_modules_controller.rb b/app/controllers/my_modules_controller.rb index 3441acbb3..67621878e 100644 --- a/app/controllers/my_modules_controller.rb +++ b/app/controllers/my_modules_controller.rb @@ -27,6 +27,10 @@ class MyModulesController < ApplicationController before_action :check_assign_samples_permissions, only: :assign_samples before_action :check_unassign_samples_permissions, only: :unassign_samples before_action :check_complete_my_module_perimission, only: :complete_my_module + before_action :check_assign_repository_records_permissions, + only: :assign_repository_records + before_action :check_unassign_repository_records_permissions, + only: :unassign_repository_records layout 'fluid'.freeze @@ -386,8 +390,6 @@ class MyModulesController < ApplicationController # Submit actions def assign_repository_records - render_403 && return unless can_assign_repository_records(@my_module, - @repository) if params[:selected_rows].present? && params[:repository_id].present? records_names = [] @@ -437,8 +439,6 @@ class MyModulesController < ApplicationController end def unassign_repository_records - render_403 && return unless can_unassign_repository_records(@my_module, - @repository) if params[:selected_rows].present? && params[:repository_id].present? records = [] @@ -641,12 +641,20 @@ class MyModulesController < ApplicationController end end + def check_assign_repository_records_permissions + render_403 unless can_assign_repository_records(@my_module, @repository) + end + + def check_unassign_repository_records_permissions + render_403 unless can_unassign_repository_records(@my_module, @repository) + end + def check_complete_my_module_perimission render_403 unless can_complete_module(@my_module) end def my_module_params params.require(:my_module).permit(:name, :description, :due_date, - :archived) + :archived) end end diff --git a/app/controllers/repository_columns_controller.rb b/app/controllers/repository_columns_controller.rb index cce71ca02..cab9ea83b 100644 --- a/app/controllers/repository_columns_controller.rb +++ b/app/controllers/repository_columns_controller.rb @@ -113,11 +113,11 @@ class RepositoryColumnsController < ApplicationController end def check_update_permissions - render_403 unless can_edit_columns_in_repository(@repository) + render_403 unless can_edit_column_in_repository(@repository_column) end def check_destroy_permissions - render_403 unless can_delete_columns_in_repository(@repository) + render_403 unless can_delete_column_in_repository(@repository_column) end def repository_column_params diff --git a/app/controllers/repository_rows_controller.rb b/app/controllers/repository_rows_controller.rb index f2c77c412..2d52bdecc 100644 --- a/app/controllers/repository_rows_controller.rb +++ b/app/controllers/repository_rows_controller.rb @@ -219,7 +219,7 @@ class RepositoryRowsController < ApplicationController end def check_edit_permissions - render_403 unless can_edit_repository_records(@repository) + render_403 unless can_edit_repository_record(@record) end def check_destroy_permissions diff --git a/app/helpers/permission_helper.rb b/app/helpers/permission_helper.rb index d2b264af5..8a54f164c 100644 --- a/app/helpers/permission_helper.rb +++ b/app/helpers/permission_helper.rb @@ -1078,20 +1078,20 @@ module PermissionHelper is_normal_user_or_admin_of_team(repository.team) end - def can_delete_columns_in_repository(repository) - is_normal_user_or_admin_of_team(repository.team) + def can_delete_column_in_repository(column) + is_normal_user_or_admin_of_team(column.repository.team) end - def can_edit_columns_in_repository(repository) - is_normal_user_or_admin_of_team(repository.team) + def can_edit_column_in_repository(column) + is_normal_user_or_admin_of_team(column.repository.team) end def can_create_repository_records(repository) is_normal_user_or_admin_of_team(repository.team) end - def can_edit_repository_records(repository) - is_normal_user_or_admin_of_team(repository.team) + def can_edit_repository_record(record) + is_normal_user_or_admin_of_team(record.repository.team) end def can_delete_repository_records(repository) @@ -1105,12 +1105,12 @@ module PermissionHelper end def can_assign_repository_records(my_module, repository) - can_edit_repository_records(repository) && + can_delete_repository_records(repository) && is_technician_or_higher_of_project(my_module.experiment.project) end def can_unassign_repository_records(my_module, repository) - can_edit_repository_records(repository) && + can_delete_repository_records(repository) && is_technician_or_higher_of_project(my_module.experiment.project) end end diff --git a/app/views/repositories/_repository_table.html.erb b/app/views/repositories/_repository_table.html.erb index c0c91175d..8d841be46 100644 --- a/app/views/repositories/_repository_table.html.erb +++ b/app/views/repositories/_repository_table.html.erb @@ -25,8 +25,8 @@