Merge pull request #959 from mz3944/mz-SCI-1802

Permissions - refactor project level permissions [SCI-1802]
This commit is contained in:
mz3944 2018-02-14 13:40:22 +01:00 committed by GitHub
commit 96d56d69a2
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
27 changed files with 252 additions and 413 deletions

View file

@ -1,8 +1,7 @@
class MyModuleTagsController < ApplicationController
before_action :load_vars
before_action :check_view_permissions, only: [:index_edit, :index]
before_action :check_create_permissions, only: [:create]
before_action :check_destroy_permissions, only: [:destroy]
before_action :check_manage_permissions, only: %i(create destroy)
def index_edit
@my_module_tags = @my_module.my_module_tags
@ -75,21 +74,11 @@ class MyModuleTagsController < ApplicationController
end
def check_view_permissions
unless can_edit_tags_for_module(@my_module)
render_403
end
render_403 unless can_read_project?(@my_module.experiment.project)
end
def check_create_permissions
unless can_add_tag_to_module(@my_module)
render_403
end
end
def check_destroy_permissions
unless can_remove_tag_from_module(@my_module)
render_403
end
def check_manage_permissions
render_403 unless can_create_or_manage_tags?(@my_module.experiment.project)
end
def init_gui

View file

@ -26,9 +26,7 @@ class ProjectActivitiesController < ApplicationController
end
def check_view_permissions
unless can_view_project_activities(@project)
render_403
end
render_403 unless can_read_project?(@project)
end
end

View file

@ -6,9 +6,8 @@ class ProjectCommentsController < ApplicationController
before_action :load_vars
before_action :check_view_permissions, only: :index
before_action :check_add_permissions, only: [:create]
before_action :check_edit_permissions, only: [:edit, :update]
before_action :check_destroy_permissions, only: [:destroy]
before_action :check_create_permissions, only: :create
before_action :check_manage_permissions, only: %i(edit update destroy)
def index
@comments = @project.last_comments(@last_comment_id, @per_page)
@ -171,25 +170,17 @@ class ProjectCommentsController < ApplicationController
end
def check_view_permissions
unless can_view_project_comments(@project)
render_403
end
render_403 unless can_read_project?(@project)
end
def check_add_permissions
unless can_add_comment_to_project(@project)
render_403
end
def check_create_permissions
render_403 unless can_create_comment_in_project?(@project)
end
def check_edit_permissions
def check_manage_permissions
@comment = ProjectComment.find_by_id(params[:id])
render_403 unless @comment.present? && can_edit_project_comment(@comment)
end
def check_destroy_permissions
@comment = ProjectComment.find_by_id(params[:id])
render_403 unless @comment.present? && can_delete_project_comment(@comment)
render_403 unless @comment.present? &&
can_manage_comment_in_project?(@comment)
end
def comment_params

View file

@ -8,14 +8,11 @@ class ProjectsController < ApplicationController
:notifications, :reports,
:samples, :experiment_archive,
:delete_samples, :samples_index]
before_action :check_view_permissions, only: [:show, :reports,
:samples, :experiment_archive,
:samples_index]
before_action :check_view_notifications_permissions, only: [ :notifications ]
before_action :check_view_permissions, only: %i(show reports notifications
samples experiment_archive
samples_index)
before_action :check_create_permissions, only: [ :new, :create ]
before_action :check_edit_permissions, only: [ :edit ]
before_action :check_experiment_archive_permissions,
only: [:experiment_archive]
before_action :check_manage_permissions, only: %i(edit update)
@filter_by_archived = false
@ -119,8 +116,8 @@ class ProjectsController < ApplicationController
# Check archive permissions if archiving/restoring
if project_params.include? :archive
if (project_params[:archive] and !can_archive_project(@project)) or
(!project_params[:archive] and !can_restore_project(@project))
if (project_params[:archive] && !can_archive_project?(@project)) ||
(!project_params[:archive] && !can_restore_project?(@project))
return_error = true
is_archive = URI(request.referer).path == projects_archive_path ? "restore" : "archive"
flash_error = t("projects.#{is_archive}.error_flash", name: @project.name)
@ -318,29 +315,15 @@ class ProjectsController < ApplicationController
end
def check_view_permissions
unless can_view_project(@project)
render_403
end
render_403 unless can_read_project?(@project)
end
def check_create_permissions
render_403 unless can_create_projects?(current_team)
end
def check_view_notifications_permissions
unless can_view_project_notifications(@project)
render_403
end
end
def check_edit_permissions
unless can_edit_project(@project)
render_403
end
end
def check_experiment_archive_permissions
render_403 unless can_view_project_archive(@project)
def check_manage_permissions
render_403 unless can_manage_project?(@project)
end
def choose_layout

View file

@ -33,8 +33,6 @@ class ReportsController < ApplicationController
before_action :check_create_permissions, only: [
:new,
:create,
:edit,
:update,
:generate,
:save_modal,
:project_contents_modal,
@ -47,7 +45,8 @@ class ReportsController < ApplicationController
:step_contents,
:result_contents
]
before_action :check_destroy_permissions, only: :destroy
before_action :check_manage_permissions, only: %i(edit update
destroy)
layout 'fluid'
@ -447,15 +446,15 @@ class ReportsController < ApplicationController
end
def check_view_permissions
render_403 unless can_view_reports(@project)
render_403 unless can_read_project?(@project)
end
def check_create_permissions
render_403 unless can_create_new_report(@project)
render_403 unless can_create_or_manage_reports?(@project)
end
def check_destroy_permissions
render_403 unless can_delete_reports(@project)
def check_manage_permissions
render_403 unless can_create_or_manage_reports?(@project)
render_404 unless params.include? :report_ids
end

View file

@ -1,9 +1,7 @@
class TagsController < ApplicationController
before_action :load_vars, only: [:create, :update, :destroy]
before_action :load_vars_nested, only: [:update, :destroy]
before_action :check_create_permissions, only: [:create]
before_action :check_update_permissions, only: [:update]
before_action :check_destroy_permissions, only: [:destroy]
before_action :check_manage_permissions, only: %i(create update destroy)
def create
@tag = Tag.new(tag_params)
@ -142,23 +140,8 @@ class TagsController < ApplicationController
end
end
# Currently unimplemented
def check_create_permissions
unless can_create_new_tag(@project)
render_403
end
end
def check_update_permissions
unless can_edit_tag(@project)
render_403
end
end
def check_destroy_permissions
unless can_delete_tag(@project)
render_403
end
def check_manage_permissions
render_403 unless can_create_or_manage_tags?(@project)
end
def tag_params

View file

@ -3,12 +3,10 @@ class UserProjectsController < ApplicationController
include InputSanitizeHelper
before_action :load_vars
before_action :check_view_tab_permissions, only: :index
before_action :check_view_permissions, only: :index_edit
before_action :check_view_permissions, only: :index
before_action :check_manage_users_permissions, only: :index_edit
before_action :check_create_permissions, only: :create
# TODO check update permissions
before_action :check_update_permisisons, only: :update
before_action :check_delete_permisisons, only: :destroy
before_action :check_manage_permisisons, only: %i(update destroy)
def index
@users = @project.user_projects
@ -180,39 +178,21 @@ class UserProjectsController < ApplicationController
end
end
def check_view_tab_permissions
unless can_view_project_users(@project)
render_403
end
def check_view_permissions
render_403 unless can_read_project?(@project)
end
def check_view_permissions
unless can_edit_users_on_project(@project)
render_403
end
def check_manage_users_permissions
render_403 unless can_manage_project?(@project)
end
def check_create_permissions
unless can_add_user_to_project(@project)
render_403
end
render_403 unless can_create_projects?(current_team)
end
def check_update_permisisons
# TODO improve permissions for changing your role on project
unless params[:id] != current_user.id
render_403
end
end
def check_delete_permisisons
# TODO improve permissions for remove yourself from project
unless params[:id] != current_user.id
render_403
end
unless can_remove_user_from_project(@project)
render_403
end
def check_manage_permisisons
render_403 unless can_manage_project?(@project) &&
params[:id] == current_user.id
end
def init_gui

View file

@ -43,33 +43,14 @@ module PermissionHelper
# ---- Almost everything is disabled for archived projects ----
around [
:can_view_project,
:can_view_project_activities,
:can_view_project_users,
:can_view_project_notifications,
:can_view_project_comments,
:can_edit_project,
:can_archive_project,
:can_add_user_to_project,
:can_remove_user_from_project,
:can_edit_users_on_project,
:can_add_comment_to_project,
:can_restore_archived_modules,
:can_view_project_samples,
:can_view_project_archive,
:can_create_new_tag,
:can_edit_tag,
:can_delete_tag,
:can_edit_canvas,
:can_reposition_modules,
:can_edit_connections,
:can_create_modules,
:can_edit_modules,
:can_clone_modules,
:can_archive_modules,
:can_view_reports,
:can_create_new_report,
:can_delete_reports,
:can_create_experiment
:can_archive_modules
] do |proxy, *args, &block|
if args[0]
project = args[0]
@ -87,9 +68,6 @@ module PermissionHelper
# commented out or that functionality will not work any more.
#:can_edit_module,
:can_archive_module,
:can_edit_tags_for_module,
:can_add_tag_to_module,
:can_remove_tag_from_module,
:can_view_module_info,
:can_view_module_users,
:can_edit_users_on_module,
@ -267,90 +245,10 @@ module PermissionHelper
(project.visible? and is_member_of_team(project.team))
end
def can_view_project_activities(project)
is_member_of_project(project)
end
def can_view_project_users(project)
can_view_project(project)
end
def can_view_project_notifications(project)
can_view_project(project)
end
def can_view_project_comments(project)
can_view_project(project)
end
def can_edit_project(project)
is_owner_of_project(project)
end
def can_archive_project(project)
is_owner_of_project(project)
end
def can_restore_project(project)
project.archived? && is_owner_of_project(project)
end
def can_add_user_to_project(project)
is_owner_of_project(project)
end
def can_remove_user_from_project(project)
is_owner_of_project(project)
end
def can_edit_users_on_project(project)
is_owner_of_project(project)
end
def can_add_comment_to_project(project)
is_technician_or_higher_of_project(project)
end
def can_edit_project_comment(comment)
comment.project.present? &&
(
comment.user == current_user ||
is_owner_of_project(comment.project)
)
end
def can_delete_project_comment(comment)
comment.project.present? &&
(
comment.user == current_user ||
is_owner_of_project(comment.project)
)
end
def can_restore_archived_modules(project)
is_user_or_higher_of_project(project)
end
def can_view_project_samples(project)
can_view_project(project)
end
def can_view_project_archive(project)
is_user_or_higher_of_project(project)
end
def can_create_new_tag(project)
is_user_or_higher_of_project(project)
end
def can_edit_tag(project)
is_user_or_higher_of_project(project)
end
def can_delete_tag(project)
is_user_or_higher_of_project(project)
end
# ---- EXPERIMENT PERMISSIONS ----
def can_view_experiment_actions(experiment)
@ -358,10 +256,6 @@ module PermissionHelper
can_archive_experiment(experiment)
end
def can_create_experiment(project)
is_user_or_higher_of_project(project)
end
def can_edit_experiment(experiment)
is_user_or_higher_of_project(experiment.project)
end
@ -448,18 +342,6 @@ module PermissionHelper
is_user_or_higher_of_project(my_module.experiment.project)
end
def can_edit_tags_for_module(my_module)
is_user_or_higher_of_project(my_module.experiment.project)
end
def can_add_tag_to_module(my_module)
is_user_or_higher_of_project(my_module.experiment.project)
end
def can_remove_tag_from_module(my_module)
is_user_or_higher_of_project(my_module.experiment.project)
end
def can_view_module_info(my_module)
can_view_project(my_module.experiment.project)
end
@ -614,18 +496,6 @@ module PermissionHelper
# ---- REPORTS PERMISSIONS ----
def can_view_reports(project)
can_view_project(project)
end
def can_create_new_report(project)
is_technician_or_higher_of_project(project)
end
def can_delete_reports(project)
is_technician_or_higher_of_project(project)
end
# ---- SAMPLE PERMISSIONS ----
# def can_create_samples(team)

View file

@ -57,4 +57,4 @@ module User::ProjectRoles
def is_viewer_of_project?(project)
@user_project.viewer?
end
end
end

View file

@ -0,0 +1,77 @@
Canaid::Permissions.register_for(Project) do
# project: read, read activities, read comments, read users, read archive,
# read notifications
# reports: read
# samples: read
can :read_project do |user, project|
user.is_member_of_project?(project) ||
user.is_admin_of_team?(project.team) ||
(project.visible? && user.is_member_of_team?(project.team))
end
# project: update/delete/archive, assign/reassign/unassign users
can :manage_project do |user, project|
user.is_owner_of_project?(project)
end
# project: archive
can :archive_project do |user, project|
can_manage_project?(user, project)
end
# project: restore
can :restore_project do |user, project|
can_manage_project?(user, project) && project.archived?
end
# experiment: create
can :create_experiment do |user, project|
user.is_user_or_higher_of_project?(project)
end
# project: create comment
can :create_comment_in_project do |user, project|
user.is_technician_or_higher_of_project?(project)
end
# project: create/update/delete tag
# module: assign/reassign/unassign tag
can :create_or_manage_tags do |user, project|
user.is_user_or_higher_of_project?(project)
end
# reports: create/delete
can :create_or_manage_reports do |user, project|
user.is_technician_or_higher_of_project?(project)
end
# Project must be active for all the specified permissions
%i(read_project
manage_project
archive_project
create_experiment
create_comment_in_project
create_or_manage_tags
create_or_manage_reports)
.each do |perm|
can perm do |_, project|
project.active?
end
end
end
Canaid::Permissions.register_for(Comment) do
# project: update/delete comment
can :manage_comment_in_project do |user, comment|
comment.project.present? && (comment.user == user ||
user.is_owner_of_project?(project))
end
# Project must be active for all the specified permissions
%i(manage_comment_in_project)
.each do |perm|
can perm do |_, comment|
comment.project.active?
end
end
end

View file

@ -13,8 +13,8 @@
<%= my_module.tags.count %>
</span>
<% else %>
<span class="badge badge-indicator <%= "invisible" unless can_edit_tags_for_module(my_module) %>">
<span class="badge badge-indicator <%= "invisible" unless can_create_or_manage_tags?(my_module.experiment.project) %>">
+
</span>
<% end %>
</div>
</div>

View file

@ -12,13 +12,13 @@
data-module-tags-url="<%= my_module_my_module_tags_url(my_module, format: :json) %>"
data-module-users-tab-url="<%= my_module_user_my_modules_url(my_module_id: my_module.id, format: :json) %>">
<% if can_edit_tags_for_module(my_module) %>
<% if can_create_or_manage_tags?(my_module.experiment.project) %>
<a class="edit-tags-link pull-right" data-remote="true" href="<%= my_module_tags_edit_url(my_module, format: :json) %>">
<% else %>
<span class="edit-tags-link pull-right">
<% end %>
<%= render partial: "canvas/tags.html.erb", locals: { my_module: my_module } %>
<% if can_edit_tags_for_module(my_module) %>
<% if can_create_or_manage_tags?(my_module.experiment.project) %>
</a>
<% else %>
</span>

View file

@ -11,15 +11,13 @@
data-module-conns="<%= construct_module_connections(my_module) %>"
data-module-tags-url="<%= my_module_my_module_tags_url(my_module, format: :json) %>">
<% if can_edit_tags_for_module(my_module) %>
<% if can_create_or_manage_tags?(my_module.experiment.project) %>
<a class="edit-tags-link pull-right" data-remote="true" href="<%= my_module_tags_edit_url(my_module, format: :json) %>">
<% else %>
<span class="edit-tags-link pull-right">
<% end %>
<%= render partial: "canvas/tags.html.erb", locals: { my_module: my_module } %>
<% if can_edit_tags_for_module(my_module) %>
<%= render partial: "canvas/tags.html.erb", locals: { my_module: my_module } %>
</a>
<% else %>
<span class="edit-tags-link pull-right">
<%= render partial: "canvas/tags.html.erb", locals: { my_module: my_module } %>
</span>
<% end %>

View file

@ -43,7 +43,7 @@
</div>
</div>
<% if can_create_experiment(@project) && @experiment.active? %>
<% if can_create_experiment?(@project) %>
<%= link_to new_project_experiment_url(@project),
remote: true,
type: "button",

View file

@ -11,17 +11,13 @@
<h4><%= tag.name %></h4>
</div>
<div class="pull-right">
<% if can_edit_tag(@my_module.experiment.project) then %>
<% if can_create_or_manage_tags?(@my_module.experiment.project) then %>
<%= link_to "", remote: true, class: 'btn btn-link edit-tag-link', title: t("experiments.canvas.modal_manage_tags.edit_tag") do %>
<span class="glyphicon glyphicon-adjust"></span>
<% end %>
<% end %>
<% if can_remove_tag_from_module(@my_module) then %>
<%= link_to my_module_my_module_tag_path(@my_module, mmt, format: :json), method: :delete, remote: true, class: 'btn btn-link remove-tag-link', title: t("experiments.canvas.modal_manage_tags.remove_tag", module: @my_module.name) do %>
<span class="glyphicon glyphicon-remove"></span>
<% end %>
<% end %>
<% if can_delete_tag(@my_module.experiment.project) then %>
<%= bootstrap_form_for tag, remote: true, url: project_tag_path(@my_module.experiment.project, tag, format: :json), method: :delete, html: { class: "delete-tag-form"} do |f| %>
<%= hidden_field_tag :my_module_id, @my_module.id %>
<%= f.button class: 'btn btn-link delete-tag-link', title: t("experiments.canvas.modal_manage_tags.delete_tag") do %>
@ -32,7 +28,7 @@
</div>
</div>
<% if can_edit_tag(@my_module.experiment.project) %>
<% if can_create_or_manage_tags?(@my_module.experiment.project) %>
<div class="row tag-edit" style="display: none;">
<%= bootstrap_form_for tag, remote: true, url: project_tag_path(@my_module.experiment.project, tag, format: :json), method: :put, html: { class: "edit-tag-form" } do |f| %>
<%= hidden_field_tag :my_module_id, @my_module.id %>
@ -59,7 +55,7 @@
<hr>
<div class="row">
<% if can_add_tag_to_module(@my_module) then %>
<% if can_create_or_manage_tags?(@my_module.experiment.project) then %>
<%= bootstrap_form_for [@my_module, @new_mmt], remote: true, format: :json, html: { class: 'add-tag-form' } do |f| %>
<div class="col-xs-6">
<div class="well well-sm">
@ -77,8 +73,6 @@
</div>
</div>
<% end %>
<% end %>
<% if can_create_new_tag(@my_module.experiment.project) then %>
<div class="pull-right create-new-tag-btn">
<%= bootstrap_form_for [@my_module.experiment.project, @new_tag], remote: true, format: :json, html: { class: 'add-tag-form' } do |f| %>
<%= hidden_field_tag :my_module_id, @my_module.id %>

View file

@ -52,12 +52,12 @@
<div class="row">
<div class="col-xs-12 col-sm-12 col-md-12" id="module-tags" data-module-tags-url="<%= my_module_my_module_tags_url(@my_module, format: :json) %>">
<div class="badge-icon bg-primary">
<% if can_edit_tags_for_module(@my_module) %>
<% if can_create_or_manage_tags?(@my_module.experiment.project) %>
<a class="edit-tags-link" data-remote="true" href="<%= my_module_tags_edit_url(@my_module, format: :json) %>" style="color: inherit">
<% end %>
<span class="glyphicon glyphicon-tags"></span>
<% if can_edit_tags_for_module(@my_module) %>
<span class="glyphicon glyphicon-tags"></span>
</a>
<% else %>
<span class="glyphicon glyphicon-tags"></span>
<% end %>
</div>
<div class="well well-sm">

View file

@ -1,6 +1,6 @@
<div class="pull-right">
<span class="text-muted"><%= l comment.created_at, format: '%H:%M' %></span>
<% if can_edit_project_comment(comment) || can_delete_project_comment(comment) %>
<% if can_manage_comment_in_project?(comment) %>
<div class="dropdown dropdown-comment">
<a href="#"
class="dropdown-toggle"
@ -14,7 +14,6 @@
</a>
<ul class="dropdown-menu dropdown-menu-fixed" aria-labelledby="comment-<%= comment.id %>-dropdown">
<li class="dropdown-header"><%= I18n.t('comments.options_dropdown.header') %></li>
<% if can_edit_project_comment(comment) %>
<li>
<a href="#"
data-action="edit-comment"
@ -23,8 +22,6 @@
<%= t('comments.options_dropdown.edit') %>
</a>
</li>
<% end %>
<% if can_delete_project_comment(comment) %>
<li>
<a href="#"
data-action="delete-comment"
@ -33,7 +30,6 @@
<%= t('comments.options_dropdown.delete') %>
</a>
</li>
<% end %>
</ul>
</div>
<% end %>

View file

@ -13,7 +13,7 @@
<%= render 'project_comments/list.html.erb', comments: @comments %>
<% end %>
</ul>
<% if can_add_comment_to_project(@project) %>
<% if can_create_comment_in_project?(@project) %>
<ul class="no-style double-line">
<li>
<hr>

View file

@ -1,57 +1,61 @@
<% provide(:head_title, t("projects.index.head_title")) %>
<!-- New project modal -->
<div class="modal" id="new-project-modal" tabindex="-1" role="dialog" aria-labelledby="new-project-modal-label">
<%= bootstrap_form_for @project, remote: true do |f| %>
<% if can_create_projects?(current_team) %>
<!-- New project modal -->
<div class="modal" id="new-project-modal" tabindex="-1" role="dialog" aria-labelledby="new-project-modal-label">
<%= bootstrap_form_for @project, remote: true do |f| %>
<div class="modal-dialog" role="document">
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">&times;</span></button>
<h4 class="modal-title" id="new-project-modal-label"><%= t("projects.index.modal_new_project.modal_title") %></h4>
</div>
<div class="modal-body">
<%= render partial: "new.html.erb", locals: { form: f, teams: @teams } %>
</div>
<div class="modal-footer">
<%= f.submit t("projects.index.modal_new_project.create"), class: "btn btn-primary" %>
<button type="button" class="btn btn-default" data-dismiss="modal"><%=t "general.cancel" %></button>
</div>
</div>
</div>
<% end %>
</div>
<% end %>
<% if can_manage_project?(@project) %>
<!-- Edit project modal -->
<div class="modal" id="edit-project-modal" tabindex="-1" role="dialog" aria-labelledby="edit-project-modal-label">
<div class="modal-dialog" role="document">
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">&times;</span></button>
<h4 class="modal-title" id="new-project-modal-label"><%= t("projects.index.modal_new_project.modal_title") %></h4>
<h4 class="modal-title" id="edit-project-modal-label"></h4>
</div>
<div class="modal-body">
<%= render partial: "new.html.erb", locals: { form: f, teams: @teams } %>
</div>
<div class="modal-footer">
<%= f.submit t("projects.index.modal_new_project.create"), class: "btn btn-primary" %>
<button type="button" class="btn btn-primary" data-action="submit"><%=t "projects.index.modal_edit_project.submit" %></button>
<button type="button" class="btn btn-default" data-dismiss="modal"><%=t "general.cancel" %></button>
</div>
</div>
</div>
<% end %>
</div>
</div>
<!-- Edit project modal -->
<div class="modal" id="edit-project-modal" tabindex="-1" role="dialog" aria-labelledby="edit-project-modal-label">
<div class="modal-dialog" role="document">
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">&times;</span></button>
<h4 class="modal-title" id="edit-project-modal-label"></h4>
</div>
<div class="modal-body">
</div>
<div class="modal-footer">
<button type="button" class="btn btn-primary" data-action="submit"><%=t "projects.index.modal_edit_project.submit" %></button>
<button type="button" class="btn btn-default" data-dismiss="modal"><%=t "general.cancel" %></button>
<!-- Manage users modal -->
<div class="modal" id="manage-users-modal" tabindex="-1" role="dialog" aria-labelledby="manage-users-modal-label">
<div class="modal-dialog" role="document">
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">&times;</span></button>
<h4 class="modal-title" id="manage-users-modal-label"><%= t("projects.index.modal_manage_users.modal_title") %> <span id="manage-users-modal-project"></span></h4>
</div>
<div class="modal-body"></div>
<div class="modal-footer"></div>
</div>
</div>
</div>
</div>
<!-- Manage users modal -->
<div class="modal" id="manage-users-modal" tabindex="-1" role="dialog" aria-labelledby="manage-users-modal-label">
<div class="modal-dialog" role="document">
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">&times;</span></button>
<h4 class="modal-title" id="manage-users-modal-label"><%= t("projects.index.modal_manage_users.modal_title") %> <span id="manage-users-modal-project"></span></h4>
</div>
<div class="modal-body"></div>
<div class="modal-footer"></div>
</div>
</div>
</div>
<% end %>
<div id="projects-toolbar">
@ -63,8 +67,8 @@
<span class="glyphicon glyphicon-briefcase" aria-hidden="true"></span>
</a>
<% if @teams.length > 0 && can_create_projects?(current_team) %>
<!-- new project button -->
<% if @teams.length > 0 %>
<a class="btn btn-primary pull-right" id="new-project-btn">
<span class="glyphicon glyphicon-plus" aria-hidden="true"></span>
<span class="hidden-xs"><%=t "projects.index.new" %></span>

View file

@ -2,28 +2,26 @@
data-project-users-tab-url="<%= url_for project_user_projects_path(project_id: project.id, format: :json) %>">
<div class="panel-heading">
<% if can_edit_project(project) or can_archive_project(project) %>
<div class="dropdown pull-right">
<button class="btn btn-link dropdown-toggle" type="button" id="dropdownMenu1" data-toggle="dropdown" aria-haspopup="true" aria-expanded="true">
<span class="caret"></span>
</button>
<% project_form = nil %>
<%= form_for project, method: :patch, format: :html do |f| %>
<% project_form = f %>
<%= f.hidden_field :archived, value: true %>
<% end %>
<ul class="dropdown-menu dropdown-menu-right" aria-labelledby="dropdownMenu1">
<li class="dropdown-header"><%= t('projects.index.options_header') %></li>
<% if can_edit_project(project) %>
<% if can_manage_project?(@project) %>
<div class="dropdown pull-right">
<button class="btn btn-link dropdown-toggle" type="button" id="dropdownMenu1" data-toggle="dropdown" aria-haspopup="true" aria-expanded="true">
<span class="caret"></span>
</button>
<% project_form = nil %>
<%= form_for project, method: :patch, format: :html do |f| %>
<% project_form = f %>
<%= f.hidden_field :archived, value: true %>
<% end %>
<ul class="dropdown-menu dropdown-menu-right" aria-labelledby="dropdownMenu1">
<li class="dropdown-header"><%= t('projects.index.options_header') %></li>
<li>
<%= link_to t("projects.index.edit_option"), edit_project_path(project, format: :json), remote: true, "data-action" => "edit" %>
</li>
<% end %>
<% if can_archive_project(project) %>
<li><a href="#" class="form-submit-link" data-submit-form="<%= project_form.options[:html][:id] %>" data-confirm-form="<%= t("projects.index.archive_confirm") %>"><%= t 'projects.index.archive_option' %></a></li>
<% end %>
</ul>
</div>
<% if can_archive_project(project) %>
<li><a href="#" class="form-submit-link" data-submit-form="<%= project_form.options[:html][:id] %>" data-confirm-form="<%= t("projects.index.archive_confirm") %>"><%= t 'projects.index.archive_option' %></a></li>
<% end %>
</ul>
</div>
<% end %>
<h3 class="panel-title">
@ -32,7 +30,7 @@ data-project-users-tab-url="<%= url_for project_user_projects_path(project_id: p
<% else %>
<span class="glyphicon glyphicon-eye-open" aria-hidden="true" title="<%=t "projects.index.visibility_public" %>"></span>
<% end %>
<% if can_view_project(project) then %>
<% if can_read_project?(project) then %>
<%= link_to project.name, project_path(project), id: "#{project.id}-project-canvas-link" %>
<% else %>
<%= project.name %>
@ -53,14 +51,12 @@ data-project-users-tab-url="<%= url_for project_user_projects_path(project_id: p
<!-- Nav tabs -->
<ul class="nav nav-tabs nav-tabs-less" role="tablist">
<% if can_view_project_activities(project) %>
<% if can_read_project?(project) %>
<li role="presentation">
<a class="btn btn-link" href="<%= url_for project_project_activities_path(project_id: project.id, format: :json) %>" aria-controls="activities-<%= project.id %>" role="tab" data-remote="true">
<span class="glyphicon glyphicon-equalizer"></span>
</a>
</li>
<% end %>
<% if can_view_project_users(project) %>
<li role="presentation">
<a class="btn btn-link" href="<%= url_for project_user_projects_path(project_id: project.id, format: :json) %>" aria-controls="users-<%= project.id %>" role="tab" data-remote="true">
<span class="glyphicon glyphicon-user"></span>
@ -70,8 +66,6 @@ data-project-users-tab-url="<%= url_for project_user_projects_path(project_id: p
</span>
</a>
</li>
<% end %>
<% if can_view_project_notifications(project) %>
<li role="presentation">
<a class="btn btn-link" href="<%= url_for notifications_project_path(id: project.id, format: :json) %>" aria-controls="notifications-<%= project.id %>" role="tab" data-remote="true">
<span class="glyphicon glyphicon-bell"></span>
@ -80,8 +74,6 @@ data-project-users-tab-url="<%= url_for project_user_projects_path(project_id: p
<% end %>
</a>
</li>
<% end %>
<% if can_view_project_comments(project) %>
<li role="presentation">
<a class="btn btn-link" href="<%= url_for project_project_comments_path(project_id: project.id, format: :json) %>" aria-controls="comments-<%= project.id %>" role="tab" data-remote="true">
<span class="glyphicon glyphicon-comment"></span>
@ -96,16 +88,10 @@ data-project-users-tab-url="<%= url_for project_user_projects_path(project_id: p
<!-- Tab panes -->
<div class="tab-content">
<% if can_view_project_activities(project) %>
<% if can_read_project?(project) %>
<div role="tabpanel" class="tab-pane" id="activities-<%= project.id %>"></div>
<% end %>
<% if can_view_project_users(project) %>
<div role="tabpanel" class="tab-pane" id="users-<%= project.id %>"></div>
<% end %>
<% if can_view_project_notifications(project) %>
<div role="tabpanel" class="tab-pane" id="notifications-<%= project.id %>"></div>
<% end %>
<% if can_view_project_comments(project) %>
<div role="tabpanel" class="tab-pane" id="comments-<%= project.id %>"></div>
<% end %>
</div>

View file

@ -25,7 +25,7 @@
<% end %>
</ul>
</div>
<% if can_create_experiment(@project) %>
<% if can_create_experiment?(@project) %>
<%= link_to new_project_experiment_url(@project),
remote: true,
type: "button",
@ -51,7 +51,7 @@
<%= content_tag(:div, '', class: 'clearfix visible-lg-block') if (index + 1) % 2 == 0 %>
<% end %>
<% if can_create_experiment(@project) %>
<% if can_create_experiment?(@project) %>
<%= render 'projects/show/new_experiment' %>
<% end %>
</div>

View file

@ -4,23 +4,19 @@
<div id="content">
<div>
<% if can_create_new_report(@project) %>
<% if can_create_or_manage_reports?(@project) %>
<%= link_to new_project_reports_path(@project), class: 'btn btn-primary', id: 'new-report-btn', 'data-no-turbolink' => true do %>
<span class="glyphicon glyphicon-plus" aria-hidden="true"></span>
<span class="hidden-xs"><%=t "projects.reports.index.new" %></span>
<% end %>
<%= link_to "", remote: true, class: "btn btn-default", id: "edit-report-btn" do %>
<span class="glyphicon glyphicon-pencil" aria-hidden="true"></span>
<span class="hidden-xs"><%=t "projects.reports.index.edit" %></span>
<% end %>
<% if can_delete_reports(@project) %>
<%= link_to "", remote: true, class: "btn btn-default", id: "delete-reports-btn" do %>
<span class="glyphicon glyphicon-remove" aria-hidden="true"></span>
<span class="hidden-xs"><%=t "projects.reports.index.delete" %></span>
<% end %>
<%= link_to "", remote: true, class: "btn btn-default", id: "delete-reports-btn" do %>
<span class="glyphicon glyphicon-remove" aria-hidden="true"></span>
<span class="hidden-xs"><%=t "projects.reports.index.delete" %></span>
<% end %>
<% end %>
</div>

View file

@ -4,7 +4,7 @@
<% if project.archived? %>
<span class="label label-warning"><%=t 'search.index.archived' %></span>
<% if can_read_team?(project.team) and can_restore_project(project) %>
<% if can_read_team?(project.team) && can_restore_project?(project) %>
<%= route_to_other_team projects_archive_path(team: project.team),
project.team,
text %>
@ -12,7 +12,7 @@
<%= text %>
<% end %>
<% else %>
<% if can_view_project(project) %>
<% if can_read_project?(project) %>
<% if link_to_page == :show %>
<%= route_to_other_team project_path(project),
project.team,

View file

@ -1,7 +1,7 @@
<% query ||= nil %>
<% text = query.present? ? highlight(report.name, query.strip.split(/\s+/)) : report.name %>
<% if can_view_reports(report.project) %>
<% if can_read_project?(report.project) %>
<%= route_to_other_team edit_project_report_path(report.project, report),
report.project.team,
text %>

View file

@ -16,10 +16,10 @@
<li>
<% if can_read_team?(@project.team) %>
<a href="<%= projects_path :team => @project.team.id %>">
<% end %>
<span class="glyphicon glyphicon-folder-open"></span>
<% if can_read_team?(@project.team) %>
<span class="glyphicon glyphicon-folder-open"></span>
</a>
<% else %>
<span class="glyphicon glyphicon-folder-open"></span>
<% end %>
</li>
<% if project_page? ||
@ -30,37 +30,32 @@
</li>
<% else %>
<li>
<% if can_view_project(@project) %>
<% if can_read_project?(@project) %>
<a href="<%= project_url(@project) %>">
<% end %>
<span class="glyphicon glyphicon-blackboard"></span>
<% if can_view_project(@project) %>
<span class="glyphicon glyphicon-blackboard"></span>
</a>
<% else %>
<span class="glyphicon glyphicon-blackboard"></span>
<% end %>
</li>
<% end %>
<% if experiment_page? ||
module_page? %>
<% if !module_page? %>
<li class="active">
<%= fa_icon 'fa-flask' %>
</li>
<% else %>
<li>
<% if can_view_experiment(@experiment) %>
<%= link_to canvas_experiment_path(@experiment) do %>
<%= fa_icon 'fa-flask' %>
<% end %>
<% else %>
<% if module_page? %>
<li>
<% if can_view_experiment(@experiment) %>
<%= link_to canvas_experiment_path(@experiment) do %>
<%= fa_icon 'fa-flask' %>
<% end %>
</li>
<% end %>
<% end %>
<% if module_page? %>
<% else %>
<%= fa_icon 'fa-flask' %>
<% end %>
</li>
<li class="active">
<span class="glyphicon glyphicon-credit-card"></span>
</li>
<% elsif experiment_page? %>
<li class="active">
<%= fa_icon 'fa-flask' %>
</li>
<% end %>
</ul>
</div>
@ -73,15 +68,13 @@
<% if project_page? ||
sample_types_page_project? ||
sample_groups_page_project? %>
<% if can_view_project(@project) then %>
<% if can_read_project?(@project) then %>
<li id="canvas-nav-tab" class="<%= "active" if is_project_show? %>">
<a href="<%= project_url(@project) %>" title="<%=t "nav2.projects.show" %>">
<span class="hidden-sm hidden-md"><%=t "nav2.projects.show" %></span>
<span class="hidden-xs hidden-lg glyphicon glyphicon-blackboard"></span>
</a>
</li>
<% end %>
<% if can_view_project_samples(@project) then %>
<li id="project-samples-nav-tab" class="<%= "active" if is_project_samples? ||
sample_types_page_project? ||
sample_groups_page_project? %>">
@ -90,16 +83,12 @@
<span class="hidden-xs hidden-lg glyphicon glyphicon-tint"></span>
</a>
</li>
<% end %>
<% if can_view_reports(@project) then %>
<li id="reports-nav-tab" class="<%= "active" if is_project_reports? %>">
<a href="<%= project_reports_url(@project) %>" title="<%=t "nav2.projects.reports" %>">
<span class="hidden-sm hidden-md"><%=t "nav2.projects.reports" %></span>
<span class="hidden-xs hidden-lg glyphicon glyphicon-list-alt"></span>
</a>
</li>
<% end %>
<% if can_view_project_archive(@project) then %>
<li id="project-archive-nav-tab" data-turbolinks="false" class="<%= "active" if is_project_archive? %>">
<a href="<%= experiment_archive_project_url(@project) %>" title="<%=t "nav2.projects.archive" %>">
<span class="glyphicon glyphicon-briefcase"></span>
@ -128,7 +117,7 @@
</a>
</li>
<% end %>
<% if can_view_reports(@experiment.project) then %>
<% if can_read_project?(@experiment.project) then %>
<li id="reports-nav-tab" class="<%= "active" if is_project_reports? %>">
<a href="<%= project_reports_url(@experiment.project) %>" title="<%=t "nav2.projects.reports" %>">
<span class="hidden-sm hidden-md"><%=t "nav2.projects.reports" %></span>
@ -184,7 +173,7 @@
</a>
</li>
<% end %>
<% if can_view_reports(@my_module.experiment.project) then %>
<% if can_read_project?(@my_module.experiment.project) then %>
<li id="reports-nav-tab" >
<a href="<%= project_reports_url(@my_module.experiment.project) %>" title="<%=t "nav2.projects.reports" %>">
<span class="hidden-sm hidden-md"><%=t "nav2.projects.reports" %></span>
@ -232,11 +221,12 @@
<li>
<% if can_read_team?(@project.team) %>
<a href="<%= projects_path :team => @project.team.id %>">
<% end %>
<%= truncate(@project.team.name,
length: Constants::NAME_TRUNCATION_LENGTH) %>
<% if can_read_team?(@project.team) %>
<%= truncate(@project.team.name,
length: Constants::NAME_TRUNCATION_LENGTH) %>
</a>
<% else %>
<%= truncate(@project.team.name,
length: Constants::NAME_TRUNCATION_LENGTH) %>
<% end %>
</li>
<% if project_page? %>
@ -246,13 +236,14 @@
</li>
<% else %>
<li>
<% if can_view_project(@project) %>
<% if can_read_project?(@project) %>
<a href="<%= project_url(@project) %>">
<% end %>
<%= truncate(@project.name,
length: Constants::NAME_TRUNCATION_LENGTH) %>
<% if can_view_project(@project) %>
<%= truncate(@project.name,
length: Constants::NAME_TRUNCATION_LENGTH) %>
</a>
<% else %>
<%= truncate(@project.name,
length: Constants::NAME_TRUNCATION_LENGTH) %>
<% end %>
</li>
<% end %>

View file

@ -15,12 +15,12 @@
<span><%= user.full_name %></span>
<br><span class="text-muted"><%= t('user_projects.enums.role.'<< user_proj.role.to_s) %></span>
</div>
</div>
</div>
</li>
<% end %>
<% end %>
</ul>
<% if can_edit_users_on_project(@project) %>
<% if can_manage_project?(@project) %>
<p>
<hr>
<%= link_to t("projects.index.manage_users"), project_users_edit_path(@project, format: :json), class: "manage-users-link", remote: true %>

View file

@ -10,10 +10,14 @@
<%= render partial: "users/settings/teams/breadcrumbs.html.erb" %>
<!-- TITLE -->
<%= link_to team_name_path(@team, format: :json),
remote: true,
class: 'name-link name-refresh',
style: 'color: inherit' do %>
<% if can_update_team?(@team) %>
<%= link_to team_name_path(@team, format: :json),
remote: true,
class: 'name-link name-refresh',
style: 'color: inherit' do %>
<h3 id="team-name"><%= @team.name %></h3>
<% end %>
<% else %>
<h3 id="team-name"><%= @team.name %></h3>
<% end %>
<br />