mirror of
https://github.com/scinote-eln/scinote-web.git
synced 2025-10-06 03:46:39 +08:00
Merge pull request #8650 from artoscinote/ma_SCI_11953
Permission fixes [SCI-11953]
This commit is contained in:
Martin Artnik
GitHub
commit
b18ceeb31e
8 changed files with 21 additions and 19 deletions
|
|
@ -117,11 +117,11 @@ module AccessPermissions
|
|||
private
|
||||
|
||||
def model_parameter
|
||||
@model.class.name.parameterize.to_sym
|
||||
@model.class.permission_class.name.parameterize.to_sym
|
||||
end
|
||||
|
||||
def manage_permission_constant
|
||||
"#{@model.class.name}Permissions::USERS_MANAGE".constantize
|
||||
"#{@model.class.permission_class.name}Permissions::USERS_MANAGE".constantize
|
||||
end
|
||||
|
||||
def permitted_default_public_user_role_params
|
||||
|
|
@ -181,7 +181,7 @@ module AccessPermissions
|
|||
when :team
|
||||
@assignment =
|
||||
@model.team_assignments
|
||||
.find_or_initialize_by(team: current_team, assignable_id: @model.id, assignable_type: @model.class.name)
|
||||
.find_or_initialize_by(team: current_team, assignable: @model)
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
|||
|
|
@ -6,9 +6,9 @@ module PermissionCheckableModel
|
|||
included do
|
||||
include PermissionExtends
|
||||
|
||||
scope :with_granted_permissions, lambda { |user, permissions|
|
||||
scope :with_granted_permissions, lambda { |user, permissions, teams = user.permission_team|
|
||||
with_user_assignments = joins(user_assignments: :user_role)
|
||||
.where(user_assignments: { user: user, team: user.permission_team })
|
||||
.where(user_assignments: { user: user, team: teams })
|
||||
# direct user assignments take precedence over group assignments, thus skipping objects that already have user assignments.
|
||||
with_group_assignments = left_outer_joins(user_group_assignments: [:user_role, { user_group: :users }], team_assignments: :user_role)
|
||||
.where.not(id: with_user_assignments)
|
||||
|
|
@ -19,15 +19,20 @@ module PermissionCheckableModel
|
|||
.where('user_roles.permissions @> ARRAY[?]::varchar[]', permissions)
|
||||
.or(
|
||||
with_group_assignments
|
||||
.where(team_assignments: { assignable: self, team: user.permission_team })
|
||||
.where(team_assignments: { assignable: self, team: teams })
|
||||
.where('user_roles_team_assignments.permissions @> ARRAY[?]::varchar[]', permissions)
|
||||
)
|
||||
.distinct
|
||||
|
||||
where(id: with_granted_user_permissions.select(:id))
|
||||
.or(where(id: with_granted_group_permissions.select(:id)))
|
||||
}
|
||||
end
|
||||
|
||||
def self.permission_class
|
||||
self
|
||||
end
|
||||
|
||||
def permission_granted?(user, permission)
|
||||
return true if user_assignments.joins(:user_role)
|
||||
.where(user: user, team: user.permission_team)
|
||||
|
|
|
|||
|
|
@ -27,7 +27,7 @@ module Shareable
|
|||
end
|
||||
|
||||
scope :viewable_by_user, lambda { |user, teams = user.current_team|
|
||||
readable_ids = readable_by_user(user).where(team: teams).pluck(:id)
|
||||
readable_ids = with_granted_permissions(user, "#{permission_class.name}Permissions::READ".constantize, teams).pluck(:id)
|
||||
shared_with_team_ids = joins(:team_shared_objects, :team).where(team_shared_objects: { team: teams }).pluck(:id)
|
||||
globally_shared_ids =
|
||||
if column_names.include?('permission_level')
|
||||
|
|
|
|||
|
|
@ -82,8 +82,7 @@ class Experiment < ApplicationRecord
|
|||
end
|
||||
|
||||
def self.viewable_by_user(user, teams)
|
||||
joins(:user_assignments).with_granted_permissions(user, ExperimentPermissions::READ)
|
||||
.where(user_assignments: { team: teams })
|
||||
with_granted_permissions(user, ExperimentPermissions::READ, teams)
|
||||
end
|
||||
|
||||
def self.with_children_viewable_by_user(user)
|
||||
|
|
|
|||
|
|
@ -130,8 +130,7 @@ class MyModule < ApplicationRecord
|
|||
end
|
||||
|
||||
def self.viewable_by_user(user, teams)
|
||||
with_granted_permissions(user, MyModulePermissions::READ)
|
||||
.where(user_assignments: { team: teams })
|
||||
with_granted_permissions(user, MyModulePermissions::READ, teams)
|
||||
end
|
||||
|
||||
def self.filter_by_teams(teams = [])
|
||||
|
|
|
|||
|
|
@ -77,10 +77,7 @@ class Project < ApplicationRecord
|
|||
if team.permission_granted?(user, TeamPermissions::MANAGE)
|
||||
where(team: team)
|
||||
else
|
||||
where(team: team)
|
||||
.left_outer_joins(user_assignments: :user_role)
|
||||
.where(user_assignments: { user: user })
|
||||
.where('? = ANY(user_roles.permissions)', ProjectPermissions::READ)
|
||||
viewable_by_user(user, team)
|
||||
end
|
||||
end)
|
||||
|
||||
|
|
@ -104,9 +101,7 @@ class Project < ApplicationRecord
|
|||
end
|
||||
|
||||
def self.viewable_by_user(user, teams)
|
||||
joins(user_assignments: :user_role)
|
||||
.where(team: teams)
|
||||
.with_granted_permissions(user, ProjectPermissions::READ)
|
||||
with_granted_permissions(user, ProjectPermissions::READ, teams)
|
||||
.distinct
|
||||
end
|
||||
|
||||
|
|
|
|||
|
|
@ -27,6 +27,10 @@ class RepositoryBase < ApplicationRecord
|
|||
# Not discarded
|
||||
default_scope -> { kept }
|
||||
|
||||
def self.permission_class
|
||||
Repository
|
||||
end
|
||||
|
||||
def self.stock_management_enabled?
|
||||
ApplicationSettings.instance.values['stock_management_enabled']
|
||||
end
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ module Lists
|
|||
include ShareableSerializer
|
||||
|
||||
attributes :name, :code, :nr_of_rows, :team, :created_at, :created_by, :archived_on, :archived_by,
|
||||
:urls, :top_level_assignable, :assigned_users, :permissions
|
||||
:urls, :top_level_assignable, :default_public_user_role_id, :assigned_users, :permissions
|
||||
|
||||
def nr_of_rows
|
||||
object[:repository_rows_count]
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue