scinote-eln/scinote-web
1
1
Fork 0
mirror of https://github.com/scinote-eln/scinote-web.git synced 2025-10-11 06:16:32 +08:00
Code Issues Projects Releases Packages Wiki Activity

Fix sample assign permissions [SCI-2249]

Browse source
This commit is contained in:
Oleksii Kriuchykhin 2018-03-25 20:10:32 +02:00
parent 2356b78044
commit aa69624f9f
3 changed files with 17 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
app/controllers/my_modules_controller.rb
View file

@ -17,7 +17,8 @@ class MyModulesController < ApplicationController
archive) archive)
before_action :check_complete_module_permission, only: :complete_my_module before_action :check_complete_module_permission, only: :complete_my_module
before_action :check_assign_repository_records_permissions, only: before_action :check_assign_repository_records_permissions, only:
%i(assign_repository_records unassign_repository_records assign_samples %i(assign_repository_records unassign_repository_records)
before_action :check_assign_samples_permissions, only: %i(assign_samples
unassign_samples) unassign_samples)
layout 'fluid'.freeze layout 'fluid'.freeze
@ -611,6 +612,11 @@ class MyModulesController < ApplicationController
can_assign_repository_rows_to_module?(@my_module) can_assign_repository_rows_to_module?(@my_module)
end end
def check_assign_samples_permissions
render_403 unless module_page? &&
can_assign_sample_to_module?(@my_module)
end
def check_complete_module_permission def check_complete_module_permission
render_403 unless can_complete_module?(@my_module) render_403 unless can_complete_module?(@my_module)
end end

9
app/permissions/experiment.rb
View file

@ -58,6 +58,7 @@ Canaid::Permissions.register_for(MyModule) do
# permissions # permissions
%i(manage_module %i(manage_module
manage_users_in_module manage_users_in_module
assign_repository_rows_to_module
assign_sample_to_module assign_sample_to_module
complete_module complete_module
create_comments_in_module) create_comments_in_module)
@ -88,12 +89,18 @@ Canaid::Permissions.register_for(MyModule) do
user.is_owner_of_project?(my_module.experiment.project) user.is_owner_of_project?(my_module.experiment.project)
end end
# module: assign/unassign sample, assign/unassign repository record # module: assign/unassign repository record
# NOTE: Use 'module_page? &&' before calling this permission! # NOTE: Use 'module_page? &&' before calling this permission!
can :assign_repository_rows_to_module do |user, my_module| can :assign_repository_rows_to_module do |user, my_module|
user.is_technician_or_higher_of_project?(my_module.experiment.project) user.is_technician_or_higher_of_project?(my_module.experiment.project)
end end
# module: assign/unassign sample
# NOTE: Use 'module_page? &&' before calling this permission!
can :assign_sample_to_module do |user, my_module|
user.is_technician_or_higher_of_project?(my_module.experiment.project)
end
# module: complete/uncomplete # module: complete/uncomplete
can :complete_module do |user, my_module| can :complete_module do |user, my_module|
user.is_technician_or_higher_of_project?(my_module.experiment.project) user.is_technician_or_higher_of_project?(my_module.experiment.project)

2
app/views/shared/_samples.html.erb
View file

@ -108,7 +108,7 @@
delete_samples_submit" %> delete_samples_submit" %>
</button> </button>
<% if module_page? && can_assign_repository_rows_to_module?(@my_module) %> <% if module_page? && can_assign_sample_to_module?(@my_module) %>
<button type="button" class="btn btn-default" <button type="button" class="btn btn-default"
id="assignSamples" onclick="$(this).next().click();" disabled> id="assignSamples" onclick="$(this).next().click();" disabled>
<span class="glyphicon glyphicon-ok-circle"></span> <span class="glyphicon glyphicon-ok-circle"></span>