mirror of
https://github.com/scinote-eln/scinote-web.git
synced 2024-09-20 14:45:56 +08:00
Add inventory archiving to the API [SCI-5584] (#3885)
This commit is contained in:
parent
cc96a7e372
commit
bd47893947
|
@ -7,7 +7,8 @@ module Api
|
|||
before_action only: %i(show update destroy) do
|
||||
load_inventory(:id)
|
||||
end
|
||||
before_action :check_manage_permissions, only: %i(update destroy)
|
||||
before_action :check_manage_permissions, only: :update
|
||||
before_action :check_delete_permissions, only: :destroy
|
||||
|
||||
def index
|
||||
inventories = @team.repositories
|
||||
|
@ -37,11 +38,14 @@ module Api
|
|||
|
||||
def update
|
||||
@inventory.attributes = update_inventory_params
|
||||
if @inventory.changed? && @inventory.save!
|
||||
render jsonapi: @inventory, serializer: InventorySerializer
|
||||
else
|
||||
render body: nil, status: :no_content
|
||||
|
||||
return render body: nil, status: :no_content unless @inventory.changed?
|
||||
|
||||
if @inventory.archived_changed?
|
||||
@inventory.archived? ? @inventory.archive(current_user) : @inventory.restore(current_user)
|
||||
end
|
||||
@inventory.save!
|
||||
render jsonapi: @inventory, serializer: InventorySerializer
|
||||
end
|
||||
|
||||
def destroy
|
||||
|
@ -52,17 +56,23 @@ module Api
|
|||
private
|
||||
|
||||
def check_manage_permissions
|
||||
unless can_manage_repository?(@inventory)
|
||||
raise PermissionError.new(Repository, :manage)
|
||||
if update_inventory_params.keys.excluding('archived').present?
|
||||
raise PermissionError.new(Repository, :manage) unless can_manage_repository?(@inventory)
|
||||
elsif update_inventory_params.key?('archived')
|
||||
raise PermissionError.new(Repository, :archive) unless can_archive_repository?(@inventory)
|
||||
end
|
||||
end
|
||||
|
||||
def check_delete_permissions
|
||||
raise PermissionError.new(Repository, :delete) unless can_delete_repository?(@inventory)
|
||||
end
|
||||
|
||||
def inventory_params
|
||||
unless params.require(:data).require(:type) == 'inventories'
|
||||
raise TypeError
|
||||
end
|
||||
params.require(:data).require(:attributes)
|
||||
params.permit(data: { attributes: %i(name) })[:data]
|
||||
params.permit(data: { attributes: %i(name archived) })[:data]
|
||||
end
|
||||
|
||||
def update_inventory_params
|
||||
|
|
|
@ -79,13 +79,7 @@ module Api
|
|||
item_changed = true if @inventory_item.changed?
|
||||
if item_changed
|
||||
if @inventory_item.archived_changed?
|
||||
if @inventory_item.archived?
|
||||
check_archive_permissions
|
||||
@inventory_item.archived_by = current_user
|
||||
else
|
||||
check_restore_permissions
|
||||
@inventory_item.restored_by = current_user
|
||||
end
|
||||
@inventory_item.archived? ? @inventory_item.archive(current_user) : @inventory_item.restore(current_user)
|
||||
end
|
||||
@inventory_item.last_modified_by = current_user
|
||||
@inventory_item.save!
|
||||
|
@ -105,23 +99,15 @@ module Api
|
|||
private
|
||||
|
||||
def check_manage_permissions
|
||||
raise PermissionError.new(RepositoryItem, :manage) unless can_manage_repository_rows?(@inventory)
|
||||
raise PermissionError.new(RepositoryRow, :manage) unless can_manage_repository_rows?(@inventory)
|
||||
end
|
||||
|
||||
def check_delete_permissions
|
||||
unless can_delete_repository_rows?(@inventory) && @inventory_item.archived?
|
||||
raise PermissionError.new(RepositoryItem, :delete)
|
||||
raise PermissionError.new(RepositoryRow, :delete)
|
||||
end
|
||||
end
|
||||
|
||||
def check_archive_permissions
|
||||
raise PermissionError.new(RepositoryItem, :archive) unless can_delete_repository_rows?(@inventory)
|
||||
end
|
||||
|
||||
def check_restore_permissions
|
||||
raise PermissionError.new(RepositoryItem, :restore) unless can_delete_repository_rows?(@inventory)
|
||||
end
|
||||
|
||||
def inventory_item_params
|
||||
unless params.require(:data).require(:type) == 'inventory_items'
|
||||
raise TypeError
|
||||
|
|
|
@ -16,7 +16,8 @@ class RepositoriesController < ApplicationController
|
|||
before_action :load_repositories_for_restoring, only: :restore
|
||||
before_action :check_view_all_permissions, only: %i(index sidebar)
|
||||
before_action :check_view_permissions, except: %i(index create_modal create update destroy parse_sheet import_records sidebar archive restore)
|
||||
before_action :check_manage_permissions, only: %i(destroy destroy_modal rename_modal update)
|
||||
before_action :check_manage_permissions, only: %i(rename_modal update)
|
||||
before_action :check_delete_permissions, only: %i(destroy destroy_modal)
|
||||
before_action :check_archive_permissions, only: %i(archive restore)
|
||||
before_action :check_share_permissions, only: :share_modal
|
||||
before_action :check_create_permissions, only: %i(create_modal create)
|
||||
|
@ -464,6 +465,10 @@ class RepositoriesController < ApplicationController
|
|||
end
|
||||
end
|
||||
|
||||
def check_delete_permissions
|
||||
render_403 unless can_delete_repository?(@repository)
|
||||
end
|
||||
|
||||
def check_share_permissions
|
||||
render_403 if !can_share_repository?(@repository) || current_user.teams.count <= 1
|
||||
end
|
||||
|
|
|
@ -37,6 +37,11 @@ Canaid::Permissions.register_for(Repository) do
|
|||
!repository.shared_with?(user.current_team) && user.is_admin_of_team?(repository.team)
|
||||
end
|
||||
|
||||
# repository: destroy
|
||||
can :delete_repository do |user, repository|
|
||||
repository.archived? && can_manage_repository?(user, repository)
|
||||
end
|
||||
|
||||
# repository: share
|
||||
can :share_repository do |user, repository|
|
||||
user.is_admin_of_team?(repository.team) unless repository.shared_with?(user.current_team)
|
||||
|
|
|
@ -4,7 +4,7 @@ module Api
|
|||
module V1
|
||||
class InventoryItemSerializer < ActiveModel::Serializer
|
||||
type :inventory_items
|
||||
attributes :name
|
||||
attributes :name, :archived
|
||||
has_many :repository_cells, key: :inventory_cells,
|
||||
serializer: InventoryCellSerializer,
|
||||
class_name: 'RepositoryCell',
|
||||
|
|
|
@ -4,7 +4,7 @@ module Api
|
|||
module V1
|
||||
class InventorySerializer < ActiveModel::Serializer
|
||||
type :inventories
|
||||
attributes :id, :name
|
||||
attributes :id, :name, :archived
|
||||
belongs_to :created_by, serializer: UserSerializer
|
||||
|
||||
include TimestampableModel
|
||||
|
|
|
@ -2863,6 +2863,12 @@ en:
|
|||
manage_permission:
|
||||
title: "Permission denied"
|
||||
detail: "You don't have permission to manage %{model}"
|
||||
archive_permission:
|
||||
title: "Permission denied"
|
||||
detail: "You don't have permission to archive/restore %{model}"
|
||||
delete_permission:
|
||||
title: "Permission denied"
|
||||
detail: "You don't have permission to delete %{model}"
|
||||
toggle_completion_permission:
|
||||
title: "Permission denied"
|
||||
detail: "You don't have permission to toggle %{model} completion"
|
||||
|
|
Loading…
Reference in a new issue