scinote-eln/scinote-web
1
1
Fork 0
mirror of https://github.com/scinote-eln/scinote-web.git synced 2024-12-29 19:51:01 +08:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #1632 from okriuchykhin/ok_SCI_3281

Browse source 
Fix permission checks for file editing and make protocol preview files read only [SCI-3281]
This commit is contained in:
Alex Kriuchykhin 2019-04-03 11:39:59 +02:00 committed by GitHub
commit bfd275c313
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
14 changed files with 53 additions and 45 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
app/assets/javascripts/assets.js
View file

@ -44,7 +44,7 @@ function setupAssetsLoading() {
);
}
animateSpinner(null, false);
initPreviewModal();
FilePreviewModal.init();
},
error: function(data) {
if (data.status == 403) {

2
app/assets/javascripts/my_modules/results.js.erb
View file

@ -186,7 +186,7 @@
ResutlAssets.applyEditResultAssetCallback();
applyCollapseLinkCallBack();
toggleResultEditButtons(true);
initPreviewModal();
FilePreviewModal.init();
Comments.initialize();
ResutlAssets.initNewResultAsset();
expandResult($(this));

2
app/assets/javascripts/protocols/index.js
View file

@ -215,7 +215,7 @@ function initProtocolPreviewModal() {
initHandsOnTable(modalBody);
modal.modal("show");
initHandsOnTable(modalBody);
initPreviewModal();
FilePreviewModal.init({ readOnly: true });
},
error: function (error) {
// TODO

10
app/assets/javascripts/protocols/steps.js.erb
View file

@ -120,7 +120,7 @@
setTimeout(function() {
$.initTooltips();
initStepsComments();
initPreviewModal();
FilePreviewModal.init();
SmartAnnotation.preventPropagation('.atwho-user-popover');
TinyMCE.destroyAll();
DragNDropSteps.clearFiles();
@ -148,7 +148,7 @@
toggleButtons(false);
initializeCheckboxSorting();
animateSpinner(null, false);
initPreviewModal();
FilePreviewModal.init();
DragNDropSteps.clearFiles();
TinyMCE.refresh();
$("#new-step-checklists fieldset.nested_step_checklists ul").each(function () {
@ -233,7 +233,7 @@
initCallBacks();
initHandsOnTable($new_step);
toggleButtons(true);
initPreviewModal();
FilePreviewModal.init();
TinyMCE.destroyAll();
SmartAnnotation.preventPropagation('.atwho-user-popover');
@ -613,7 +613,7 @@
animateSpinner(null, false);
setupAssetsLoading();
DragNDropSteps.clearFiles();
initPreviewModal();
FilePreviewModal.init();
$.initTooltips();
},
error: function(xhr) {
@ -676,7 +676,7 @@
expandAllSteps();
setupAssetsLoading();
initStepsComments();
initPreviewModal();
FilePreviewModal.init();
TinyMCE.highlight();
SmartAnnotation.preventPropagation('.atwho-user-popover');
newStepHandler();

8
app/assets/javascripts/repositories/repository_datatable.js.erb
View file

@ -134,7 +134,7 @@ var RepositoryDatatable = (function(global) {
changeToViewMode();
updateButtons();
updateDataTableSelectAllCtrl();
initPreviewModal();
FilePreviewModal.init();
// Prevent row toggling when selecting user smart annotation link
SmartAnnotation.preventPropagation('.atwho-user-popover');
@ -222,7 +222,7 @@ var RepositoryDatatable = (function(global) {
initRowSelection();
bindExportActions();
disableCheckboxToggleOnAssetDownload();
initPreviewModal();
FilePreviewModal.init();
initHeaderTooltip();
}
});
@ -1135,7 +1135,7 @@ var RepositoryDatatable = (function(global) {
currentMode = 'viewMode';
// Table specific stuff
TABLE.button(0).enable(true);
initPreviewModal();
FilePreviewModal.init();
}
function changeToEditMode() {
@ -1265,7 +1265,7 @@ var RepositoryDatatable = (function(global) {
TABLE.search(searchText).draw();
}
initRowSelection();
initPreviewModal();
FilePreviewModal.init();
});
}

6
app/assets/javascripts/results/result_assets.js
View file

@ -50,7 +50,7 @@
$form.remove();
applyEditResultAssetCallback();
Results.toggleResultEditButtons(true);
initPreviewModal();
FilePreviewModal.init();
});
Results.toggleResultEditButtons(false);
@ -72,7 +72,7 @@
Results.toggleResultEditButtons(true);
Results.expandResult($newResult);
initPreviewModal();
FilePreviewModal.init();
Comments.initialize();
initNewResultAsset();
}).on('ajax:error', function(e, xhr) {
@ -98,5 +98,5 @@
ResutlAssets.initNewResultAsset();
ResutlAssets.applyEditResultAssetCallback();
global.initPreviewModal();
FilePreviewModal.init();
}(window));

2
app/assets/javascripts/sitewide/drag_n_drop.js.erb
View file

@ -494,7 +494,7 @@
ResutlAssets.applyEditResultAssetCallback();
Results.applyCollapseLinkCallBack();
Results.toggleResultEditButtons(true);
initPreviewModal();
FilePreviewModal.init();
Comments.initialize();
ResutlAssets.initNewResultAsset();
Results.expandResult($(this));

20
app/assets/javascripts/sitewide/file_preview.js
View file

@ -3,13 +3,17 @@
/* global fabric tui animateSpinner setupAssetsLoading I18n*/
//= require assets
(function(global) {
var FilePreviewModal = (function() {
'use strict';
global.initPreviewModal = function initPreviewModal() {
var readOnly = false;
function initPreviewModal(options = {}) {
var name;
var url;
var downloadUrl;
readOnly = options.readOnly;
$('.file-preview-link').off('click');
$('.file-preview-link').click(function(e) {
e.preventDefault();
@ -18,7 +22,7 @@
downloadUrl = $(this).attr('href');
openPreviewModal(name, url, downloadUrl);
});
};
}
// Adding rotation icon
function updateFabricControls() {
@ -336,7 +340,7 @@
.click(function(ev) {
ev.stopPropagation();
}));
if (data.editable) {
if (!readOnly && data.editable) {
modal.find('.file-edit-link').css('display', '');
modal.find('.file-edit-link').off().click(function(ev) {
ev.preventDefault();
@ -349,8 +353,12 @@
}
}
} else {
modal.find('.file-edit-link').css('display', 'none');
modal.find('.file-preview-container').html(data['preview-icon']);
}
if (readOnly) {
modal.find('#wopi_file_edit_button').remove();
}
if (data.processing) {
checkFileReady(url, modal);
}
@ -410,4 +418,8 @@
}
});
}
return Object.freeze({
init: initPreviewModal
});
}(window));

2
app/assets/javascripts/sitewide/repository_row_info_modal.js
View file

@ -16,7 +16,7 @@
$(this).find('.modal-body #repository_row-info-table').DataTable().destroy();
$(this).remove();
});
initPreviewModal();
FilePreviewModal.init();
$('#repository_row-info-table').DataTable({
dom: 'RBltpi',
stateSave: false,

28
app/controllers/assets_controller.rb
View file

@ -48,17 +48,24 @@ class AssetsController < ApplicationController
'type' => (@asset.is_image? ? 'image' : 'file'),
'filename' => truncate(@asset.file_file_name,
length:
Constants::FILENAME_TRUNCATION_LENGTH),
'download-url' => download_asset_path(@asset, timestamp: Time.now.to_i),
'editable' => @asset.editable?(current_user)
length: Constants::FILENAME_TRUNCATION_LENGTH),
'download-url' => download_asset_path(@asset, timestamp: Time.now.to_i)
}
can_edit = if @assoc.class == Step
can_manage_protocol_in_module?(@protocol) || can_manage_protocol_in_repository?(@protocol)
elsif @assoc.class == Result
can_manage_module?(@my_module)
elsif @assoc.class == RepositoryCell
can_manage_repository_rows?(@repository.team)
end
if @asset.is_image?
response_json.merge!(
'processing' => @asset.file.processing?,
'editable' => @asset.editable_image? && can_edit,
'processing' => @asset.file.processing?,
'large-preview-url' => @asset.url(:large),
'processing-url' => image_tag('medium/processing.gif')
'processing-url' => image_tag('medium/processing.gif')
)
else
response_json.merge!(
@ -71,15 +78,6 @@ class AssetsController < ApplicationController
end
if wopi_file?(@asset)
can_edit =
if @assoc.class == Step
can_manage_protocol_in_module?(@protocol) ||
can_manage_protocol_in_repository?(@protocol)
elsif @assoc.class == Result
can_manage_module?(@my_module)
elsif @assoc.class == RepositoryCell
can_manage_repository_rows?(@repository.team)
end
edit_supported, title = wopi_file_edit_button_status
response_json['wopi-controls'] = render_to_string(
partial: 'shared/file_wopi_controlls.html.erb',

9
app/models/asset.rb
View file

@ -465,13 +465,8 @@ class Asset < ApplicationRecord
save
end
def editable?(user)
objects = %w(step result)
my_module = send(objects.find { |object| send(object) }).my_module
Canaid::PermissionsHolder.instance.eval(:manage_experiment, user, my_module.experiment) &&
!locked? &&
%r{^image/#{Regexp.union(Constants::WHITELISTED_IMAGE_TYPES_EDITABLE)}} ===
file.content_type
def editable_image?
!locked? && %r{^image/#{Regexp.union(Constants::WHITELISTED_IMAGE_TYPES_EDITABLE)}} =~ file.content_type
end
protected

2
app/views/my_modules/archive.html.erb
View file

@ -21,4 +21,4 @@
<% end %>
</div>
<script>window.initPreviewModal()</script>
<script>FilePreviewModal.init()</script>

2
app/views/repositories/_repository_row_info_modal.html.erb
View file

@ -80,7 +80,7 @@
<em><%=t "repository_row.modal_info.no_tasks" %></em>
<% end %>
</div>
<script>window.initPreviewModal()</script>
<script>FilePreviewModal.init()</script>
<div class="modal-footer">
<button type="button" class="btn btn-default" data-dismiss="modal"><%= t("general.close")%></button>
</div>

3
app/views/shared/_file_wopi_controlls.html.erb
View file

@ -1,4 +1,5 @@
<%= link_to view_asset_url(id: asset),
id: 'wopi_file_view_button',
class: 'btn btn-default btn-sm',
target: '_blank',
style: 'display: inline-block' do %>
@ -7,6 +8,7 @@
<% end %>
<% if can_edit && edit_supported %>
<%= link_to edit_asset_url(id: asset),
id: 'wopi_file_edit_button',
class: 'btn btn-default btn-sm',
target: '_blank',
style: 'display: inline-block' do %>
@ -15,6 +17,7 @@
<% end %>
<% elsif can_edit %>
<%= link_to edit_asset_url(id: asset),
id: 'wopi_file_edit_button',
class: 'btn btn-default btn-sm',
target: '_blank',
title: title,