scinote-eln/scinote-web
1
1
Fork 0
mirror of https://github.com/scinote-eln/scinote-web.git synced 2024-12-26 09:42:46 +08:00
Code Issues Projects Releases Packages Wiki Activity

add new manage access permission to PET levels

Browse source
This commit is contained in:
zmagoD 2021-06-19 17:17:57 +02:00
parent 25802d7043
commit ad10befcc4
14 changed files with 43 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
app/controllers/access_permissions/experiments_controller.rb
View file

@ -50,7 +50,7 @@ module AccessPermissions
end
def check_manage_permissions
render_403 unless can_manage_experiment?(@experiment)
render_403 unless can_manage_experiment_access?(@experiment)
end
def check_read_permissions

2
app/controllers/access_permissions/my_modules_controller.rb
View file

@ -57,7 +57,7 @@ module AccessPermissions
end
def check_manage_permissions
render_403 unless can_manage_module?(@my_module)
render_403 unless can_manage_module_access?(@my_module)
end
def check_read_permissions

2
app/controllers/access_permissions/projects_controller.rb
View file

@ -94,7 +94,7 @@ module AccessPermissions
end
def check_manage_permissions
render_403 unless can_manage_project?(@project)
render_403 unless can_manage_project_access?(@project)
end
def check_read_permissions

6
app/models/concerns/assignable.rb
View file

@ -9,6 +9,12 @@ module Assignable
default_scope { includes(user_assignments: :user_role) }
after_create_commit do
UserAssignment.create(
user: created_by,
assignable: self,
user_role: UserRole.find_by(name: 'Owner')
)
UserAssignments::GenerateUserAssignmentsJob.perform_later(self, created_by)
end
end

8
app/permissions/experiment.rb
View file

@ -3,7 +3,8 @@ Canaid::Permissions.register_for(Experiment) do
%i(manage_experiment
archive_experiment
clone_experiment
move_experiment)
move_experiment
manage_experiment_access)
.each do |perm|
can perm do |_, experiment|
experiment.active? &&
@ -37,6 +38,11 @@ Canaid::Permissions.register_for(Experiment) do
end
end
# experiment: manage access policies
can :manage_experiment_access do |user, experiment|
experiment.permission_granted?(user, ExperimentPermissions::MANAGE_ACCESS)
end
# experiment: archive
can :archive_experiment do |user, experiment|
experiment.permission_granted?(user, ExperimentPermissions::ARCHIVE)

8
app/permissions/my_module.rb
View file

@ -10,7 +10,8 @@ Canaid::Permissions.register_for(MyModule) do
create_comments_in_module
create_my_module_repository_snapshot
manage_my_module_repository_snapshots
change_my_module_flow_status)
change_my_module_flow_status
manage_module_access)
.each do |perm|
can perm do |_, my_module|
my_module.active? &&
@ -31,6 +32,11 @@ Canaid::Permissions.register_for(MyModule) do
my_module.permission_granted?(user, MyModulePermissions::ARCHIVE)
end
# module: manage access policies
can :manage_module_access do |user, my_module|
my_module.permission_granted?(user, MyModulePermissions::MANAGE_ACCESS)
end
# NOTE: Must not be dependent on canaid parmision for which we check if it's
# active
# module: restore

8
app/permissions/project.rb
View file

@ -8,7 +8,8 @@ Canaid::Permissions.register_for(Project) do
archive_project
create_experiments
create_comments_in_project
manage_tags)
manage_tags
manage_project_access)
.each do |perm|
can perm do |_, project|
project.active?
@ -51,6 +52,11 @@ Canaid::Permissions.register_for(Project) do
end
end
# project: manage access policies
can :manage_project_access do |user, project|
project.permission_granted?(user, ProjectPermissions::MANAGE_ACCESS)
end
# project: archive
can :archive_project do |user, project|
project.permission_granted?(user, ProjectPermissions::ARCHIVE)

2
app/views/access_permissions/projects/modals/_show_modal.html.erb
View file

@ -16,7 +16,7 @@
</div>
<div class="modal-footer">
<% if can_manage_resource %>
<%= link_to new_resource_path, class: 'btn btn-default pull-left', data: { action: 'swap-remote-container', target: '#user_assignments_modal' } do %>
<%= link_to new_access_permissions_project_path, class: 'btn btn-default pull-left', data: { action: 'swap-remote-container', target: '#user_assignments_modal' } do %>
<i class="fas fa-plus"></i>
<%= t '.new_resource_assignments', resource: resource.model_name.human.downcase %>
<% end %>

2
app/views/access_permissions/projects/show.json.jbuilder
View file

@ -5,7 +5,7 @@ json.modal controller.render_to_string(
formats: [:html],
locals: {
resource: @project,
can_manage_resource: can_manage_project?(@project)
can_manage_resource: can_manage_project_access?(@project)
},
layout: false
)

12
app/views/canvas/edit/_my_module.html.erb
View file

@ -35,13 +35,11 @@
<a class="move-module" href="" data-module-id="<%= my_module.id %>"><%= t('experiments.canvas.edit.move_module') %></a>
</li>
<% end %>
<% if %>
<li>
<%= link_to t('experiments.canvas.edit.task_access'),
can_manage_module?(my_module) ? edit_access_permissions_project_experiment_my_module_path(my_module.experiment.project, my_module.experiment, my_module) : access_permissions_project_experiment_my_module_path(my_module.experiment.project, my_module.experiment, my_module),
data: { action: 'remote-modal'} %>
</li>
<% end %>
<li>
<%= link_to t('experiments.canvas.edit.task_access'),
can_manage_module_access?(my_module) ? edit_access_permissions_project_experiment_my_module_path(my_module.experiment.project, my_module.experiment, my_module) : access_permissions_project_experiment_my_module_path(my_module.experiment.project, my_module.experiment, my_module),
data: { action: 'remote-modal'} %>
</li>
<% if module_group&.my_modules&.all? { |my_module| can_move_module?(my_module) } %>
<li>
<a class="move-module-group" href="" data-module-id="<%= my_module.id %>"><%= t('experiments.canvas.edit.move_module_group') %></a>

2
app/views/projects/index/_project_actions_dropdown.html.erb
View file

@ -51,7 +51,7 @@
<!-- Project members access -->
<% if can_read_project?(project) %>
<li class="form-dropdown-item">
<%= link_to can_manage_project?(project) ? edit_access_permissions_project_path(project, format: :json) : access_permissions_project_path(project, format: :json),
<%= link_to can_manage_project_access?(project) ? edit_access_permissions_project_path(project, format: :json) : access_permissions_project_path(project, format: :json),
class: 'btn btn-light',
data: { action: 'remote-modal'} do %>
<i class="fas fa-door-open"></i>

2
app/views/projects/index/_project_card.html.erb
View file

@ -50,7 +50,7 @@
<div class="data-row user-cell table-cell">
<span class="card-label"><%= t('projects.index.card.users') %></span>
<div class="value">
<% if can_manage_project?(project) %>
<% if can_manage_project_access?(project) %>
<%= link_to edit_access_permissions_project_path(project, format: :json), class: 'project-users-link', data: { action: 'remote-modal' } do %>
<%= render partial: 'projects/index/users_list.html.erb', locals: { project: project } %>
<span class="new-user global-avatar-container">

2
app/views/projects/show/_experiment_actions_dropdown.html.erb
View file

@ -64,7 +64,7 @@
</li>
<% end %>
<!-- Set or view user experiment assignments -->
<% if can_manage_experiment?(experiment) %>
<% if can_manage_experiment_access?(experiment) %>
<li class="form-dropdown-item">
<%= link_to edit_access_permissions_project_experiment_path(project, experiment), data: { action: 'remote-modal'} do %>
<i class="fas fa-door-open"></i>

3
config/initializers/extends/permission_extends.rb
View file

@ -12,6 +12,7 @@ module PermissionExtends
CREATE_COMMENTS
MANAGE_COMMENTS
MANAGE_TAGS
MANAGE_ACCESS
).each { |permission| const_set(permission, "project_#{permission.underscore}") }
end
@ -24,6 +25,7 @@ module PermissionExtends
CLONE
MOVE
CREATE_TASKS
MANAGE_ACCESS
).each { |permission| const_set(permission, "experiment_#{permission.underscore}") }
end
@ -41,6 +43,7 @@ module PermissionExtends
MANAGE_COMMENTS
CREATE_REPOSITORY_SNAPSHOT
MANAGE_REPOSITORY_SNAPSHOT
MANAGE_ACCESS
).each { |permission| const_set(permission, "task_#{permission.underscore}") }
end