mirror of
https://github.com/scinote-eln/scinote-web.git
synced 2024-09-20 23:16:15 +08:00
add read check to view methods
This commit is contained in:
parent
ad10befcc4
commit
9b87fce840
|
@ -101,7 +101,9 @@ class Experiment < ApplicationRecord
|
|||
end
|
||||
|
||||
def self.viewable_by_user(user, teams)
|
||||
where(project: Project.viewable_by_user(user, teams))
|
||||
left_outer_joins(user_assignments: :user_role)
|
||||
.where(project: Project.viewable_by_user(user, teams))
|
||||
.where('user_roles.permissions @> ARRAY[?]::varchar[]', %w[experiment_read])
|
||||
end
|
||||
|
||||
def archived_branch?
|
||||
|
|
|
@ -132,7 +132,9 @@ class MyModule < ApplicationRecord
|
|||
end
|
||||
|
||||
def self.viewable_by_user(user, teams)
|
||||
where(experiment: Experiment.viewable_by_user(user, teams))
|
||||
left_outer_joins(user_assignments: :user_role)
|
||||
.where(experiment: Experiment.viewable_by_user(user, teams))
|
||||
.where('user_roles.permissions @> ARRAY[?]::varchar[]', %w[task_read])
|
||||
end
|
||||
|
||||
def navigable?
|
||||
|
|
|
@ -153,11 +153,12 @@ class Project < ApplicationRecord
|
|||
# If project is visible everyone from the team can view it
|
||||
Project.where(team: teams)
|
||||
.left_outer_joins(team: :user_teams)
|
||||
.left_outer_joins(:user_assignments)
|
||||
.left_outer_joins(user_assignments: :user_role)
|
||||
.where('projects.visibility = 1 OR '\
|
||||
'user_assignments.user_id = :user_id OR '\
|
||||
'(user_teams.user_id = :user_id AND user_teams.role = 2)',
|
||||
user_id: user.id)
|
||||
.where('user_roles.permissions @> ARRAY[?]::varchar[]', %w[project_read])
|
||||
.distinct
|
||||
end
|
||||
|
||||
|
|
Loading…
Reference in a new issue