scinote-eln/scinote-web
1
1
Fork 0
mirror of https://github.com/scinote-eln/scinote-web.git synced 2024-12-26 09:42:46 +08:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #5231 from artoscinote/ma_SCI_8131

Browse source 
Handle removal of last owner public group [SCI-8131]
This commit is contained in:
Alex Kriuchykhin 2023-04-03 13:02:38 +02:00 committed by GitHub
commit bed256cd37
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 24 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
app/controllers/access_permissions/projects_controller.rb
View file

@ -38,10 +38,10 @@ module AccessPermissions
team: current_team
)
# prevent role change if it would result in no users having the user management permission
# prevent role change if it would result in no manually assigned users having the user management permission
new_user_role = UserRole.find(permitted_update_params[:user_role_id])
if !new_user_role.has_permission?(ProjectPermissions::USERS_MANAGE) &&
@user_assignment.last_with_permission?(ProjectPermissions::USERS_MANAGE)
@user_assignment.last_with_permission?(ProjectPermissions::USERS_MANAGE, assigned: :manually)
raise ActiveRecord::RecordInvalid
end
@ -106,8 +106,10 @@ module AccessPermissions
user = @project.assigned_users.find(params[:user_id])
user_assignment = @project.user_assignments.find_by(user: user, team: current_team)
# prevent deletion of last user that can manage users
raise ActiveRecord::RecordInvalid if user_assignment.last_with_permission?(ProjectPermissions::USERS_MANAGE)
# prevent deletion of last manually assigned user that can manage users
if user_assignment.last_with_permission?(ProjectPermissions::USERS_MANAGE, assigned: :manually)
raise ActiveRecord::RecordInvalid
end
if @project.visible?
user_assignment.update!(

10
app/controllers/access_permissions/protocols_controller.rb
View file

@ -36,10 +36,10 @@ module AccessPermissions
team: current_team
)
# prevent role change if it would result in no users having the user management permission
# prevent role change if it would result in no manually assigned users having the user management permission
new_user_role = UserRole.find(permitted_update_params[:user_role_id])
if !new_user_role.has_permission?(ProtocolPermissions::USERS_MANAGE) &&
@user_assignment.last_with_permission?(ProtocolPermissions::USERS_MANAGE)
@user_assignment.last_with_permission?(ProtocolPermissions::USERS_MANAGE, assigned: :manually)
raise ActiveRecord::RecordInvalid
end
@ -102,8 +102,10 @@ module AccessPermissions
user = @protocol.assigned_users.find(params[:user_id])
user_assignment = @protocol.user_assignments.find_by(user: user, team: current_team)
# prevent deletion of last user that can manage users
raise ActiveRecord::RecordInvalid if user_assignment.last_with_permission?(ProtocolPermissions::USERS_MANAGE)
# prevent deletion of last manually assigned user that can manage users
if user_assignment.last_with_permission?(ProtocolPermissions::USERS_MANAGE, assigned: :manually)
raise ActiveRecord::RecordInvalid
end
Protocol.transaction do
if @protocol.visible?

16
app/models/user_assignment.rb
View file

@ -20,17 +20,23 @@ class UserAssignment < ApplicationRecord
validates :user, uniqueness: { scope: %i(assignable team_id) }
scope :with_permission, ->(permission) { joins(:user_role).where('? = ANY(user_roles.permissions)', permission) }
def last_assignable_owner?
assignable_owners.count == 1 && user_role.owner?
end
def last_with_permission?(permission)
def last_with_permission?(permission, assigned: nil)
return false if user_role.permissions.exclude?(permission)
assignable.user_assignments.joins(:user_role)
.where.not(user: user)
.where('? = ANY(user_roles.permissions)', permission)
.none?
user_assignments =
assignable.user_assignments.joins(:user_role)
.where.not(user: user)
.with_permission(permission)
user_assignments = user_assignments.where(assigned: assigned) if assigned
user_assignments.none?
end
private

2
app/views/access_permissions/partials/_member_field.html.erb
View file

@ -34,7 +34,7 @@
</a>
</li>
<% end %>
<% if defined?(delete_path) && !assignment.last_assignable_owner? %>
<% if defined?(delete_path) && !assignment.last_with_permission?(ProjectPermissions::USERS_MANAGE, assigned: :manually) %>
<li role="separator" class="divider" data-hook="support-dropdown-separator"></li>
<li>
<%= link_to delete_path, remote: true, method: :delete, data: { action: 'remote-destroy', target: "##{item_id}" } do %>