Merge branch 'SCI-4058-disable-inventory-delition-for-normal-user' into release/1.17.9

2024-09-21 07:26:15 +08:00 · 2019-12-17 14:48:50 +01:00 · 2019-12-17 14:48:50 +01:00 · b67911c81a
parent 1953cc28d8 a328c4ad56
commit b67911c81a
4 changed files with 42 additions and 17 deletions
--- a/app/controllers/repositories_controller.rb
+++ b/app/controllers/repositories_controller.rb
@ -28,7 +28,11 @@ class RepositoriesController < ApplicationController
    render 'repositories/index'
  end

-  def show; end
+  def show
+    @display_edit_button = can_create_repository_rows?(@repository)
+    @display_delete_button = can_delete_repository_rows?(@repository)
+    @display_duplicate_button = can_create_repository_rows?(@repository)
+  end

  def create_modal
    @repository = Repository.new
--- a/app/controllers/repository_rows_controller.rb
+++ b/app/controllers/repository_rows_controller.rb
@ -12,8 +12,9 @@ class RepositoryRowsController < ApplicationController
                         copy_records
                         available_rows)
  before_action :check_create_permissions, only: :create
+  before_action :check_delete_permissions, only: :delete_records
  before_action :check_manage_permissions,
-                only: %i(edit update delete_records copy_records)
+                only: %i(edit update copy_records)

  def index
    @draw = params[:draw].to_i
@ -372,6 +373,10 @@ class RepositoryRowsController < ApplicationController
    render_403 unless can_manage_repository_rows?(@repository)
  end

+  def check_delete_permissions
+    render_403 unless can_delete_repository_rows?(@repository)
+  end
+
  def record_params
    params.permit(:repository_row_name).to_h
  end
--- a/app/permissions/repository.rb
+++ b/app/permissions/repository.rb
@ -30,6 +30,14 @@ Canaid::Permissions.register_for(Repository) do
    can_create_repository_rows?(user, repository)
  end

+  can :update_repository_rows do |user, repository|
+    can_manage_repository_rows?(user, repository)
+  end
+
+  can :delete_repository_rows do |user, repository|
+    can_manage_repository_rows?(user, repository)
+  end
+
  # repository: create field
  can :create_repository_columns do |user, repository|
    can_create_repository_rows?(user, repository) unless repository.shared_with?(user.current_team)
--- a/app/views/repositories/show.html.erb
+++ b/app/views/repositories/show.html.erb
@ -128,21 +128,29 @@
    <% end %>

    <% if can_manage_repository_rows?(@repository) %>
-      <button type="button" class="btn btn-default editAdd" id="editRepositoryRecord" onclick="onClickEdit()" disabled>
-        <span class="fas fa-pencil-alt"></span>
-        <span class="hidden-xs-custom"><%= t("repositories.edit_record") %></span>
-      </button>
-      <button type="button" class="btn btn-default"
-        id="deleteRepositoryRecordsButton" onclick="onClickDelete()" disabled>
-        <span class="fas fa-trash"></span>
-        <span class="hidden-xs-custom"><%= t'repositories.delete_record' %></span>
-          <%= submit_tag I18n.t('repositories.delete_record'), :class => "hidden
-          delete_repository_records_submit" %>
-      </button>
-      <button type="button" class="btn btn-default copyRow" id="copyRepositoryRecords" onclick="onClickCopyRepositoryRecords()" disabled>
-        <span class="fas fa-copy"></span>
-        <span class="hidden-xs-custom"><%= t("repositories.copy_record") %></span>
-      </button>
+      
+      <%if @display_edit_button %>
+        <button type="button" class="btn btn-default editAdd" id="editRepositoryRecord" onclick="onClickEdit()" disabled>
+          <span class="fas fa-pencil-alt"></span>
+          <span class="hidden-xs-custom"><%= t("repositories.edit_record") %></span>
+        </button>
+      <% end %>
+      
+      <%if @display_delete_button %>
+        <button type="button" class="btn btn-default"
+          id="deleteRepositoryRecordsButton" onclick="onClickDelete()" disabled>
+          <span class="fas fa-trash"></span>
+          <span class="hidden-xs-custom"><%= t'repositories.delete_record' %></span>
+          <%= submit_tag I18n.t('repositories.delete_record'), :class => "hidden delete_repository_records_submit" %>
+        </button>
+      <% end %>
+      
+      <%if @display_duplicate_button %>
+        <button type="button" class="btn btn-default copyRow" id="copyRepositoryRecords" onclick="onClickCopyRepositoryRecords()" disabled>
+          <span class="fas fa-copy"></span>
+          <span class="hidden-xs-custom"><%= t("repositories.copy_record") %></span>
+        </button>
+      <%end%>
    <% elsif @repository.shared_with?(current_team) %>
      <p class="view-only-label"><%= t('repositories.index.view_only_permission_label') %></p>
    <% end %>