From aa69624f9f8c084b60ecfa604be2d5df20799f3f Mon Sep 17 00:00:00 2001
From: Oleksii Kriuchykhin <okriuchykhin@biosistemika.com>
Date: Sun, 25 Mar 2018 20:10:32 +0200
Subject: [PATCH] Fix sample assign permissions [SCI-2249]

---
 app/controllers/my_modules_controller.rb | 10 ++++++++--
 app/permissions/experiment.rb            |  9 ++++++++-
 app/views/shared/_samples.html.erb       |  2 +-
 3 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/app/controllers/my_modules_controller.rb b/app/controllers/my_modules_controller.rb
index 9a64108f4..ae6be7b87 100644
--- a/app/controllers/my_modules_controller.rb
+++ b/app/controllers/my_modules_controller.rb
@@ -17,8 +17,9 @@ class MyModulesController < ApplicationController
        archive)
   before_action :check_complete_module_permission, only: :complete_my_module
   before_action :check_assign_repository_records_permissions, only:
-    %i(assign_repository_records unassign_repository_records assign_samples
-       unassign_samples)
+    %i(assign_repository_records unassign_repository_records)
+  before_action :check_assign_samples_permissions, only: %i(assign_samples
+                                                            unassign_samples)
 
   layout 'fluid'.freeze
 
@@ -611,6 +612,11 @@ class MyModulesController < ApplicationController
                       can_assign_repository_rows_to_module?(@my_module)
   end
 
+  def check_assign_samples_permissions
+    render_403 unless module_page? &&
+                      can_assign_sample_to_module?(@my_module)
+  end
+
   def check_complete_module_permission
     render_403 unless can_complete_module?(@my_module)
   end
diff --git a/app/permissions/experiment.rb b/app/permissions/experiment.rb
index fe7e4452c..d404d1528 100644
--- a/app/permissions/experiment.rb
+++ b/app/permissions/experiment.rb
@@ -58,6 +58,7 @@ Canaid::Permissions.register_for(MyModule) do
   # permissions
   %i(manage_module
      manage_users_in_module
+     assign_repository_rows_to_module
      assign_sample_to_module
      complete_module
      create_comments_in_module)
@@ -88,12 +89,18 @@ Canaid::Permissions.register_for(MyModule) do
     user.is_owner_of_project?(my_module.experiment.project)
   end
 
-  # module: assign/unassign sample, assign/unassign repository record
+  # module: assign/unassign repository record
   # NOTE: Use 'module_page? &&' before calling this permission!
   can :assign_repository_rows_to_module do |user, my_module|
     user.is_technician_or_higher_of_project?(my_module.experiment.project)
   end
 
+  # module: assign/unassign sample
+  # NOTE: Use 'module_page? &&' before calling this permission!
+  can :assign_sample_to_module do |user, my_module|
+    user.is_technician_or_higher_of_project?(my_module.experiment.project)
+  end
+
   # module: complete/uncomplete
   can :complete_module do |user, my_module|
     user.is_technician_or_higher_of_project?(my_module.experiment.project)
diff --git a/app/views/shared/_samples.html.erb b/app/views/shared/_samples.html.erb
index a27beacc1..23c1dcda2 100644
--- a/app/views/shared/_samples.html.erb
+++ b/app/views/shared/_samples.html.erb
@@ -108,7 +108,7 @@
       delete_samples_submit" %>
   </button>
 
-  <% if module_page? && can_assign_repository_rows_to_module?(@my_module) %>
+  <% if module_page? && can_assign_sample_to_module?(@my_module) %>
     <button type="button" class="btn btn-default"
       id="assignSamples" onclick="$(this).next().click();" disabled>
       <span class="glyphicon glyphicon-ok-circle"></span>