add read check to view methods

2024-09-20 23:16:15 +08:00 · 2021-06-20 11:11:03 +02:00 · 2021-06-20 11:11:03 +02:00 · 9b87fce840
parent ad10befcc4
commit 9b87fce840
3 changed files with 8 additions and 3 deletions
--- a/app/models/experiment.rb
+++ b/app/models/experiment.rb
@ -101,7 +101,9 @@ class Experiment < ApplicationRecord
  end

  def self.viewable_by_user(user, teams)
-    where(project: Project.viewable_by_user(user, teams))
+    left_outer_joins(user_assignments: :user_role)
+      .where(project: Project.viewable_by_user(user, teams))
+      .where('user_roles.permissions @> ARRAY[?]::varchar[]', %w[experiment_read])
  end

  def archived_branch?
--- a/app/models/my_module.rb
+++ b/app/models/my_module.rb
@ -132,7 +132,9 @@ class MyModule < ApplicationRecord
  end

  def self.viewable_by_user(user, teams)
-    where(experiment: Experiment.viewable_by_user(user, teams))
+    left_outer_joins(user_assignments: :user_role)
+      .where(experiment: Experiment.viewable_by_user(user, teams))
+      .where('user_roles.permissions @> ARRAY[?]::varchar[]', %w[task_read])
  end

  def navigable?
--- a/app/models/project.rb
+++ b/app/models/project.rb
@ -153,11 +153,12 @@ class Project < ApplicationRecord
    # If project is visible everyone from the team can view it
    Project.where(team: teams)
           .left_outer_joins(team: :user_teams)
-           .left_outer_joins(:user_assignments)
+           .left_outer_joins(user_assignments: :user_role)
           .where('projects.visibility = 1 OR '\
                  'user_assignments.user_id = :user_id OR '\
                  '(user_teams.user_id = :user_id AND user_teams.role = 2)',
                  user_id: user.id)
+           .where('user_roles.permissions @> ARRAY[?]::varchar[]', %w[project_read])
           .distinct
  end