Merge pull request #1057 from okriuchykhin/ok_SCI_2249

Fix sample assign permissions [SCI-2249]
2025-02-06 15:05:26 +08:00 · 2018-03-26 13:24:38 +02:00 · 2018-03-26 13:24:38 +02:00 · b1fcdb7474
commit b1fcdb7474
parent 2310439088 aa69624f9f
3 changed files with 17 additions and 4 deletions
--- a/app/controllers/my_modules_controller.rb
+++ b/app/controllers/my_modules_controller.rb
@ -17,8 +17,9 @@ class MyModulesController < ApplicationController
       archive)
  before_action :check_complete_module_permission, only: :complete_my_module
  before_action :check_assign_repository_records_permissions, only:
-    %i(assign_repository_records unassign_repository_records assign_samples
-       unassign_samples)
+    %i(assign_repository_records unassign_repository_records)
+  before_action :check_assign_samples_permissions, only: %i(assign_samples
+                                                            unassign_samples)

  layout 'fluid'.freeze

@ -611,6 +612,11 @@ class MyModulesController < ApplicationController
                      can_assign_repository_rows_to_module?(@my_module)
  end

+  def check_assign_samples_permissions
+    render_403 unless module_page? &&
+                      can_assign_sample_to_module?(@my_module)
+  end
+
  def check_complete_module_permission
    render_403 unless can_complete_module?(@my_module)
  end
--- a/app/permissions/experiment.rb
+++ b/app/permissions/experiment.rb
@ -58,6 +58,7 @@ Canaid::Permissions.register_for(MyModule) do
  # permissions
  %i(manage_module
     manage_users_in_module
+     assign_repository_rows_to_module
     assign_sample_to_module
     complete_module
     create_comments_in_module)
@ -88,12 +89,18 @@ Canaid::Permissions.register_for(MyModule) do
    user.is_owner_of_project?(my_module.experiment.project)
  end

-  # module: assign/unassign sample, assign/unassign repository record
+  # module: assign/unassign repository record
  # NOTE: Use 'module_page? &&' before calling this permission!
  can :assign_repository_rows_to_module do |user, my_module|
    user.is_technician_or_higher_of_project?(my_module.experiment.project)
  end

+  # module: assign/unassign sample
+  # NOTE: Use 'module_page? &&' before calling this permission!
+  can :assign_sample_to_module do |user, my_module|
+    user.is_technician_or_higher_of_project?(my_module.experiment.project)
+  end
+
  # module: complete/uncomplete
  can :complete_module do |user, my_module|
    user.is_technician_or_higher_of_project?(my_module.experiment.project)
--- a/app/views/shared/_samples.html.erb
+++ b/app/views/shared/_samples.html.erb
@ -108,7 +108,7 @@
      delete_samples_submit" %>
  </button>

-  <% if module_page? && can_assign_repository_rows_to_module?(@my_module) %>
+  <% if module_page? && can_assign_sample_to_module?(@my_module) %>
    <button type="button" class="btn btn-default"
      id="assignSamples" onclick="$(this).next().click();" disabled>
      <span class="glyphicon glyphicon-ok-circle"></span>