From ad10befcc4508eacff80364576e2de4f8c2fe2ce Mon Sep 17 00:00:00 2001 From: zmagoD Date: Sat, 19 Jun 2021 17:17:57 +0200 Subject: [PATCH] add new manage access permission to PET levels --- .../access_permissions/experiments_controller.rb | 2 +- .../access_permissions/my_modules_controller.rb | 2 +- .../access_permissions/projects_controller.rb | 2 +- app/models/concerns/assignable.rb | 6 ++++++ app/permissions/experiment.rb | 8 +++++++- app/permissions/my_module.rb | 8 +++++++- app/permissions/project.rb | 8 +++++++- .../projects/modals/_show_modal.html.erb | 2 +- .../access_permissions/projects/show.json.jbuilder | 2 +- app/views/canvas/edit/_my_module.html.erb | 12 +++++------- .../index/_project_actions_dropdown.html.erb | 2 +- app/views/projects/index/_project_card.html.erb | 2 +- .../show/_experiment_actions_dropdown.html.erb | 2 +- config/initializers/extends/permission_extends.rb | 3 +++ 14 files changed, 43 insertions(+), 18 deletions(-) diff --git a/app/controllers/access_permissions/experiments_controller.rb b/app/controllers/access_permissions/experiments_controller.rb index 604eff459..2f9daa937 100644 --- a/app/controllers/access_permissions/experiments_controller.rb +++ b/app/controllers/access_permissions/experiments_controller.rb @@ -50,7 +50,7 @@ module AccessPermissions end def check_manage_permissions - render_403 unless can_manage_experiment?(@experiment) + render_403 unless can_manage_experiment_access?(@experiment) end def check_read_permissions diff --git a/app/controllers/access_permissions/my_modules_controller.rb b/app/controllers/access_permissions/my_modules_controller.rb index 314c7f14f..8da6b2755 100644 --- a/app/controllers/access_permissions/my_modules_controller.rb +++ b/app/controllers/access_permissions/my_modules_controller.rb @@ -57,7 +57,7 @@ module AccessPermissions end def check_manage_permissions - render_403 unless can_manage_module?(@my_module) + render_403 unless can_manage_module_access?(@my_module) end def check_read_permissions diff --git a/app/controllers/access_permissions/projects_controller.rb b/app/controllers/access_permissions/projects_controller.rb index ad4dc2646..df0d7ff86 100644 --- a/app/controllers/access_permissions/projects_controller.rb +++ b/app/controllers/access_permissions/projects_controller.rb @@ -94,7 +94,7 @@ module AccessPermissions end def check_manage_permissions - render_403 unless can_manage_project?(@project) + render_403 unless can_manage_project_access?(@project) end def check_read_permissions diff --git a/app/models/concerns/assignable.rb b/app/models/concerns/assignable.rb index 2090cbdc0..471444ad6 100644 --- a/app/models/concerns/assignable.rb +++ b/app/models/concerns/assignable.rb @@ -9,6 +9,12 @@ module Assignable default_scope { includes(user_assignments: :user_role) } after_create_commit do + UserAssignment.create( + user: created_by, + assignable: self, + user_role: UserRole.find_by(name: 'Owner') + ) + UserAssignments::GenerateUserAssignmentsJob.perform_later(self, created_by) end end diff --git a/app/permissions/experiment.rb b/app/permissions/experiment.rb index b539d9d2c..5d9cbcb0d 100644 --- a/app/permissions/experiment.rb +++ b/app/permissions/experiment.rb @@ -3,7 +3,8 @@ Canaid::Permissions.register_for(Experiment) do %i(manage_experiment archive_experiment clone_experiment - move_experiment) + move_experiment + manage_experiment_access) .each do |perm| can perm do |_, experiment| experiment.active? && @@ -37,6 +38,11 @@ Canaid::Permissions.register_for(Experiment) do end end + # experiment: manage access policies + can :manage_experiment_access do |user, experiment| + experiment.permission_granted?(user, ExperimentPermissions::MANAGE_ACCESS) + end + # experiment: archive can :archive_experiment do |user, experiment| experiment.permission_granted?(user, ExperimentPermissions::ARCHIVE) diff --git a/app/permissions/my_module.rb b/app/permissions/my_module.rb index 49321d3ee..7fbe24cf5 100644 --- a/app/permissions/my_module.rb +++ b/app/permissions/my_module.rb @@ -10,7 +10,8 @@ Canaid::Permissions.register_for(MyModule) do create_comments_in_module create_my_module_repository_snapshot manage_my_module_repository_snapshots - change_my_module_flow_status) + change_my_module_flow_status + manage_module_access) .each do |perm| can perm do |_, my_module| my_module.active? && @@ -31,6 +32,11 @@ Canaid::Permissions.register_for(MyModule) do my_module.permission_granted?(user, MyModulePermissions::ARCHIVE) end + # module: manage access policies + can :manage_module_access do |user, my_module| + my_module.permission_granted?(user, MyModulePermissions::MANAGE_ACCESS) + end + # NOTE: Must not be dependent on canaid parmision for which we check if it's # active # module: restore diff --git a/app/permissions/project.rb b/app/permissions/project.rb index 6b904d2d4..1cf02dcd1 100644 --- a/app/permissions/project.rb +++ b/app/permissions/project.rb @@ -8,7 +8,8 @@ Canaid::Permissions.register_for(Project) do archive_project create_experiments create_comments_in_project - manage_tags) + manage_tags + manage_project_access) .each do |perm| can perm do |_, project| project.active? @@ -51,6 +52,11 @@ Canaid::Permissions.register_for(Project) do end end + # project: manage access policies + can :manage_project_access do |user, project| + project.permission_granted?(user, ProjectPermissions::MANAGE_ACCESS) + end + # project: archive can :archive_project do |user, project| project.permission_granted?(user, ProjectPermissions::ARCHIVE) diff --git a/app/views/access_permissions/projects/modals/_show_modal.html.erb b/app/views/access_permissions/projects/modals/_show_modal.html.erb index 4e2aea4ee..e0d245701 100644 --- a/app/views/access_permissions/projects/modals/_show_modal.html.erb +++ b/app/views/access_permissions/projects/modals/_show_modal.html.erb @@ -16,7 +16,7 @@