Add inventory archiving to the API [SCI-5584] (#3885)

2024-09-20 14:45:56 +08:00 · 2022-02-28 10:33:43 +01:00 · 2022-02-28 10:33:43 +01:00 · bd47893947
parent cc96a7e372
commit bd47893947
7 changed files with 40 additions and 28 deletions
--- a/app/controllers/api/v1/inventories_controller.rb
+++ b/app/controllers/api/v1/inventories_controller.rb
@ -7,7 +7,8 @@ module Api
      before_action only: %i(show update destroy) do
        load_inventory(:id)
      end
-      before_action :check_manage_permissions, only: %i(update destroy)
+      before_action :check_manage_permissions, only: :update
+      before_action :check_delete_permissions, only: :destroy

      def index
        inventories = @team.repositories
@ -37,11 +38,14 @@ module Api

      def update
        @inventory.attributes = update_inventory_params
-        if @inventory.changed? && @inventory.save!
-          render jsonapi: @inventory, serializer: InventorySerializer
-        else
-          render body: nil, status: :no_content
+
+        return render body: nil, status: :no_content unless @inventory.changed?
+
+        if @inventory.archived_changed?
+          @inventory.archived? ? @inventory.archive(current_user) : @inventory.restore(current_user)
        end
+        @inventory.save!
+        render jsonapi: @inventory, serializer: InventorySerializer
      end

      def destroy
@ -52,17 +56,23 @@ module Api
      private

      def check_manage_permissions
-        unless can_manage_repository?(@inventory)
-          raise PermissionError.new(Repository, :manage)
+        if update_inventory_params.keys.excluding('archived').present?
+          raise PermissionError.new(Repository, :manage) unless can_manage_repository?(@inventory)
+        elsif update_inventory_params.key?('archived')
+          raise PermissionError.new(Repository, :archive) unless can_archive_repository?(@inventory)
        end
      end

+      def check_delete_permissions
+        raise PermissionError.new(Repository, :delete) unless can_delete_repository?(@inventory)
+      end
+
      def inventory_params
        unless params.require(:data).require(:type) == 'inventories'
          raise TypeError
        end
        params.require(:data).require(:attributes)
-        params.permit(data: { attributes: %i(name) })[:data]
+        params.permit(data: { attributes: %i(name archived) })[:data]
      end

      def update_inventory_params
--- a/app/controllers/api/v1/inventory_items_controller.rb
+++ b/app/controllers/api/v1/inventory_items_controller.rb
@ -79,13 +79,7 @@ module Api
        item_changed = true if @inventory_item.changed?
        if item_changed
          if @inventory_item.archived_changed?
-            if @inventory_item.archived?
-              check_archive_permissions
-              @inventory_item.archived_by = current_user
-            else
-              check_restore_permissions
-              @inventory_item.restored_by = current_user
-            end
+            @inventory_item.archived? ? @inventory_item.archive(current_user) : @inventory_item.restore(current_user)
          end
          @inventory_item.last_modified_by = current_user
          @inventory_item.save!
@ -105,23 +99,15 @@ module Api
      private

      def check_manage_permissions
-        raise PermissionError.new(RepositoryItem, :manage) unless can_manage_repository_rows?(@inventory)
+        raise PermissionError.new(RepositoryRow, :manage) unless can_manage_repository_rows?(@inventory)
      end

      def check_delete_permissions
        unless can_delete_repository_rows?(@inventory) && @inventory_item.archived?
-          raise PermissionError.new(RepositoryItem, :delete)
+          raise PermissionError.new(RepositoryRow, :delete)
        end
      end

-      def check_archive_permissions
-        raise PermissionError.new(RepositoryItem, :archive) unless can_delete_repository_rows?(@inventory)
-      end
-
-      def check_restore_permissions
-        raise PermissionError.new(RepositoryItem, :restore) unless can_delete_repository_rows?(@inventory)
-      end
-
      def inventory_item_params
        unless params.require(:data).require(:type) == 'inventory_items'
          raise TypeError
--- a/app/controllers/repositories_controller.rb
+++ b/app/controllers/repositories_controller.rb
@ -16,7 +16,8 @@ class RepositoriesController < ApplicationController
  before_action :load_repositories_for_restoring, only: :restore
  before_action :check_view_all_permissions, only: %i(index sidebar)
  before_action :check_view_permissions, except: %i(index create_modal create update destroy parse_sheet import_records sidebar archive restore)
-  before_action :check_manage_permissions, only: %i(destroy destroy_modal rename_modal update)
+  before_action :check_manage_permissions, only: %i(rename_modal update)
+  before_action :check_delete_permissions, only: %i(destroy destroy_modal)
  before_action :check_archive_permissions, only: %i(archive restore)
  before_action :check_share_permissions, only: :share_modal
  before_action :check_create_permissions, only: %i(create_modal create)
@ -464,6 +465,10 @@ class RepositoriesController < ApplicationController
    end
  end

+  def check_delete_permissions
+    render_403 unless can_delete_repository?(@repository)
+  end
+
  def check_share_permissions
    render_403 if !can_share_repository?(@repository) || current_user.teams.count <= 1
  end
--- a/app/permissions/repository.rb
+++ b/app/permissions/repository.rb
@ -37,6 +37,11 @@ Canaid::Permissions.register_for(Repository) do
    !repository.shared_with?(user.current_team) && user.is_admin_of_team?(repository.team)
  end

+  # repository: destroy
+  can :delete_repository do |user, repository|
+    repository.archived? && can_manage_repository?(user, repository)
+  end
+
  # repository: share
  can :share_repository do |user, repository|
    user.is_admin_of_team?(repository.team) unless repository.shared_with?(user.current_team)
--- a/app/serializers/api/v1/inventory_item_serializer.rb
+++ b/app/serializers/api/v1/inventory_item_serializer.rb
@ -4,7 +4,7 @@ module Api
  module V1
    class InventoryItemSerializer < ActiveModel::Serializer
      type :inventory_items
-      attributes :name
+      attributes :name, :archived
      has_many :repository_cells, key: :inventory_cells,
                                  serializer: InventoryCellSerializer,
                                  class_name: 'RepositoryCell',
--- a/app/serializers/api/v1/inventory_serializer.rb
+++ b/app/serializers/api/v1/inventory_serializer.rb
@ -4,7 +4,7 @@ module Api
  module V1
    class InventorySerializer < ActiveModel::Serializer
      type :inventories
-      attributes :id, :name
+      attributes :id, :name, :archived
      belongs_to :created_by, serializer: UserSerializer

      include TimestampableModel
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@ -2863,6 +2863,12 @@ en:
        manage_permission:
          title: "Permission denied"
          detail: "You don't have permission to manage %{model}"
+        archive_permission:
+          title: "Permission denied"
+          detail: "You don't have permission to archive/restore %{model}"
+        delete_permission:
+          title: "Permission denied"
+          detail: "You don't have permission to delete %{model}"
        toggle_completion_permission:
          title: "Permission denied"
          detail: "You don't have permission to toggle %{model} completion"