scinote-eln/scinote-web
1
1
Fork 0
mirror of https://github.com/scinote-eln/scinote-web.git synced 2025-01-01 13:13:22 +08:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #1632 from okriuchykhin/ok_SCI_3281

Browse source 
Fix permission checks for file editing and make protocol preview files read only [SCI-3281]
This commit is contained in:
Alex Kriuchykhin 2019-04-03 11:39:59 +02:00 committed by GitHub
commit bfd275c313
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
14 changed files with 53 additions and 45 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
app/assets/javascripts/assets.js
View file

@ -44,7 +44,7 @@ function setupAssetsLoading() {
); );
} }
animateSpinner(null, false); animateSpinner(null, false);
initPreviewModal(); FilePreviewModal.init();
}, },
error: function(data) { error: function(data) {
if (data.status == 403) { if (data.status == 403) {

2
app/assets/javascripts/my_modules/results.js.erb
View file

@ -186,7 +186,7 @@
ResutlAssets.applyEditResultAssetCallback(); ResutlAssets.applyEditResultAssetCallback();
applyCollapseLinkCallBack(); applyCollapseLinkCallBack();
toggleResultEditButtons(true); toggleResultEditButtons(true);
initPreviewModal(); FilePreviewModal.init();
Comments.initialize(); Comments.initialize();
ResutlAssets.initNewResultAsset(); ResutlAssets.initNewResultAsset();
expandResult($(this)); expandResult($(this));

2
app/assets/javascripts/protocols/index.js
View file

@ -215,7 +215,7 @@ function initProtocolPreviewModal() {
initHandsOnTable(modalBody); initHandsOnTable(modalBody);
modal.modal("show"); modal.modal("show");
initHandsOnTable(modalBody); initHandsOnTable(modalBody);
initPreviewModal(); FilePreviewModal.init({ readOnly: true });
}, },
error: function (error) { error: function (error) {
// TODO // TODO

10
app/assets/javascripts/protocols/steps.js.erb
View file

@ -120,7 +120,7 @@
setTimeout(function() { setTimeout(function() {
$.initTooltips(); $.initTooltips();
initStepsComments(); initStepsComments();
initPreviewModal(); FilePreviewModal.init();
SmartAnnotation.preventPropagation('.atwho-user-popover'); SmartAnnotation.preventPropagation('.atwho-user-popover');
TinyMCE.destroyAll(); TinyMCE.destroyAll();
DragNDropSteps.clearFiles(); DragNDropSteps.clearFiles();
@ -148,7 +148,7 @@
toggleButtons(false); toggleButtons(false);
initializeCheckboxSorting(); initializeCheckboxSorting();
animateSpinner(null, false); animateSpinner(null, false);
initPreviewModal(); FilePreviewModal.init();
DragNDropSteps.clearFiles(); DragNDropSteps.clearFiles();
TinyMCE.refresh(); TinyMCE.refresh();
$("#new-step-checklists fieldset.nested_step_checklists ul").each(function () { $("#new-step-checklists fieldset.nested_step_checklists ul").each(function () {
@ -233,7 +233,7 @@
initCallBacks(); initCallBacks();
initHandsOnTable($new_step); initHandsOnTable($new_step);
toggleButtons(true); toggleButtons(true);
initPreviewModal(); FilePreviewModal.init();
TinyMCE.destroyAll(); TinyMCE.destroyAll();
SmartAnnotation.preventPropagation('.atwho-user-popover'); SmartAnnotation.preventPropagation('.atwho-user-popover');
@ -613,7 +613,7 @@
animateSpinner(null, false); animateSpinner(null, false);
setupAssetsLoading(); setupAssetsLoading();
DragNDropSteps.clearFiles(); DragNDropSteps.clearFiles();
initPreviewModal(); FilePreviewModal.init();
$.initTooltips(); $.initTooltips();
}, },
error: function(xhr) { error: function(xhr) {
@ -676,7 +676,7 @@
expandAllSteps(); expandAllSteps();
setupAssetsLoading(); setupAssetsLoading();
initStepsComments(); initStepsComments();
initPreviewModal(); FilePreviewModal.init();
TinyMCE.highlight(); TinyMCE.highlight();
SmartAnnotation.preventPropagation('.atwho-user-popover'); SmartAnnotation.preventPropagation('.atwho-user-popover');
newStepHandler(); newStepHandler();

8
app/assets/javascripts/repositories/repository_datatable.js.erb
View file

@ -134,7 +134,7 @@ var RepositoryDatatable = (function(global) {
changeToViewMode(); changeToViewMode();
updateButtons(); updateButtons();
updateDataTableSelectAllCtrl(); updateDataTableSelectAllCtrl();
initPreviewModal(); FilePreviewModal.init();
// Prevent row toggling when selecting user smart annotation link // Prevent row toggling when selecting user smart annotation link
SmartAnnotation.preventPropagation('.atwho-user-popover'); SmartAnnotation.preventPropagation('.atwho-user-popover');
@ -222,7 +222,7 @@ var RepositoryDatatable = (function(global) {
initRowSelection(); initRowSelection();
bindExportActions(); bindExportActions();
disableCheckboxToggleOnAssetDownload(); disableCheckboxToggleOnAssetDownload();
initPreviewModal(); FilePreviewModal.init();
initHeaderTooltip(); initHeaderTooltip();
} }
}); });
@ -1135,7 +1135,7 @@ var RepositoryDatatable = (function(global) {
currentMode = 'viewMode'; currentMode = 'viewMode';
// Table specific stuff // Table specific stuff
TABLE.button(0).enable(true); TABLE.button(0).enable(true);
initPreviewModal(); FilePreviewModal.init();
} }
function changeToEditMode() { function changeToEditMode() {
@ -1265,7 +1265,7 @@ var RepositoryDatatable = (function(global) {
TABLE.search(searchText).draw(); TABLE.search(searchText).draw();
} }
initRowSelection(); initRowSelection();
initPreviewModal(); FilePreviewModal.init();
}); });
} }

6
app/assets/javascripts/results/result_assets.js
View file

@ -50,7 +50,7 @@
$form.remove(); $form.remove();
applyEditResultAssetCallback(); applyEditResultAssetCallback();
Results.toggleResultEditButtons(true); Results.toggleResultEditButtons(true);
initPreviewModal(); FilePreviewModal.init();
}); });
Results.toggleResultEditButtons(false); Results.toggleResultEditButtons(false);
@ -72,7 +72,7 @@
Results.toggleResultEditButtons(true); Results.toggleResultEditButtons(true);
Results.expandResult($newResult); Results.expandResult($newResult);
initPreviewModal(); FilePreviewModal.init();
Comments.initialize(); Comments.initialize();
initNewResultAsset(); initNewResultAsset();
}).on('ajax:error', function(e, xhr) { }).on('ajax:error', function(e, xhr) {
@ -98,5 +98,5 @@
ResutlAssets.initNewResultAsset(); ResutlAssets.initNewResultAsset();
ResutlAssets.applyEditResultAssetCallback(); ResutlAssets.applyEditResultAssetCallback();
global.initPreviewModal(); FilePreviewModal.init();
}(window)); }(window));

2
app/assets/javascripts/sitewide/drag_n_drop.js.erb
View file

@ -494,7 +494,7 @@
ResutlAssets.applyEditResultAssetCallback(); ResutlAssets.applyEditResultAssetCallback();
Results.applyCollapseLinkCallBack(); Results.applyCollapseLinkCallBack();
Results.toggleResultEditButtons(true); Results.toggleResultEditButtons(true);
initPreviewModal(); FilePreviewModal.init();
Comments.initialize(); Comments.initialize();
ResutlAssets.initNewResultAsset(); ResutlAssets.initNewResultAsset();
Results.expandResult($(this)); Results.expandResult($(this));

20
app/assets/javascripts/sitewide/file_preview.js
View file

@ -3,13 +3,17 @@
/* global fabric tui animateSpinner setupAssetsLoading I18n*/ /* global fabric tui animateSpinner setupAssetsLoading I18n*/
//= require assets //= require assets
(function(global) { var FilePreviewModal = (function() {
'use strict'; 'use strict';
global.initPreviewModal = function initPreviewModal() { var readOnly = false;
function initPreviewModal(options = {}) {
var name; var name;
var url; var url;
var downloadUrl; var downloadUrl;
readOnly = options.readOnly;
$('.file-preview-link').off('click'); $('.file-preview-link').off('click');
$('.file-preview-link').click(function(e) { $('.file-preview-link').click(function(e) {
e.preventDefault(); e.preventDefault();
@ -18,7 +22,7 @@
downloadUrl = $(this).attr('href'); downloadUrl = $(this).attr('href');
openPreviewModal(name, url, downloadUrl); openPreviewModal(name, url, downloadUrl);
}); });
}; }
// Adding rotation icon // Adding rotation icon
function updateFabricControls() { function updateFabricControls() {
@ -336,7 +340,7 @@
.click(function(ev) { .click(function(ev) {
ev.stopPropagation(); ev.stopPropagation();
})); }));
if (data.editable) { if (!readOnly && data.editable) {
modal.find('.file-edit-link').css('display', ''); modal.find('.file-edit-link').css('display', '');
modal.find('.file-edit-link').off().click(function(ev) { modal.find('.file-edit-link').off().click(function(ev) {
ev.preventDefault(); ev.preventDefault();
@ -349,8 +353,12 @@
} }
} }
} else { } else {
modal.find('.file-edit-link').css('display', 'none');
modal.find('.file-preview-container').html(data['preview-icon']); modal.find('.file-preview-container').html(data['preview-icon']);
} }
if (readOnly) {
modal.find('#wopi_file_edit_button').remove();
}
if (data.processing) { if (data.processing) {
checkFileReady(url, modal); checkFileReady(url, modal);
} }
@ -410,4 +418,8 @@
} }
}); });
} }
return Object.freeze({
init: initPreviewModal
});
}(window)); }(window));

2
app/assets/javascripts/sitewide/repository_row_info_modal.js
View file

@ -16,7 +16,7 @@
$(this).find('.modal-body #repository_row-info-table').DataTable().destroy(); $(this).find('.modal-body #repository_row-info-table').DataTable().destroy();
$(this).remove(); $(this).remove();
}); });
initPreviewModal(); FilePreviewModal.init();
$('#repository_row-info-table').DataTable({ $('#repository_row-info-table').DataTable({
dom: 'RBltpi', dom: 'RBltpi',
stateSave: false, stateSave: false,

28
app/controllers/assets_controller.rb
View file

@ -48,17 +48,24 @@ class AssetsController < ApplicationController
'type' => (@asset.is_image? ? 'image' : 'file'), 'type' => (@asset.is_image? ? 'image' : 'file'),
'filename' => truncate(@asset.file_file_name, 'filename' => truncate(@asset.file_file_name,
length: length: Constants::FILENAME_TRUNCATION_LENGTH),
Constants::FILENAME_TRUNCATION_LENGTH), 'download-url' => download_asset_path(@asset, timestamp: Time.now.to_i)
'download-url' => download_asset_path(@asset, timestamp: Time.now.to_i),
'editable' => @asset.editable?(current_user)
} }
can_edit = if @assoc.class == Step
can_manage_protocol_in_module?(@protocol) || can_manage_protocol_in_repository?(@protocol)
elsif @assoc.class == Result
can_manage_module?(@my_module)
elsif @assoc.class == RepositoryCell
can_manage_repository_rows?(@repository.team)
end
if @asset.is_image? if @asset.is_image?
response_json.merge!( response_json.merge!(
'processing' => @asset.file.processing?, 'editable' => @asset.editable_image? && can_edit,
'processing' => @asset.file.processing?,
'large-preview-url' => @asset.url(:large), 'large-preview-url' => @asset.url(:large),
'processing-url' => image_tag('medium/processing.gif') 'processing-url' => image_tag('medium/processing.gif')
) )
else else
response_json.merge!( response_json.merge!(
@ -71,15 +78,6 @@ class AssetsController < ApplicationController
end end
if wopi_file?(@asset) if wopi_file?(@asset)
can_edit =
if @assoc.class == Step
can_manage_protocol_in_module?(@protocol) ||
can_manage_protocol_in_repository?(@protocol)
elsif @assoc.class == Result
can_manage_module?(@my_module)
elsif @assoc.class == RepositoryCell
can_manage_repository_rows?(@repository.team)
end
edit_supported, title = wopi_file_edit_button_status edit_supported, title = wopi_file_edit_button_status
response_json['wopi-controls'] = render_to_string( response_json['wopi-controls'] = render_to_string(
partial: 'shared/file_wopi_controlls.html.erb', partial: 'shared/file_wopi_controlls.html.erb',

9
app/models/asset.rb
View file

@ -465,13 +465,8 @@ class Asset < ApplicationRecord
save save
end end
def editable?(user) def editable_image?
objects = %w(step result) !locked? && %r{^image/#{Regexp.union(Constants::WHITELISTED_IMAGE_TYPES_EDITABLE)}} =~ file.content_type
my_module = send(objects.find { |object| send(object) }).my_module
Canaid::PermissionsHolder.instance.eval(:manage_experiment, user, my_module.experiment) &&
!locked? &&
%r{^image/#{Regexp.union(Constants::WHITELISTED_IMAGE_TYPES_EDITABLE)}} ===
file.content_type
end end
protected protected

2
app/views/my_modules/archive.html.erb
View file

@ -21,4 +21,4 @@
<% end %> <% end %>
</div> </div>
<script>window.initPreviewModal()</script> <script>FilePreviewModal.init()</script>

2
app/views/repositories/_repository_row_info_modal.html.erb
View file

@ -80,7 +80,7 @@
<em><%=t "repository_row.modal_info.no_tasks" %></em> <em><%=t "repository_row.modal_info.no_tasks" %></em>
<% end %> <% end %>
</div> </div>
<script>window.initPreviewModal()</script> <script>FilePreviewModal.init()</script>
<div class="modal-footer"> <div class="modal-footer">
<button type="button" class="btn btn-default" data-dismiss="modal"><%= t("general.close")%></button> <button type="button" class="btn btn-default" data-dismiss="modal"><%= t("general.close")%></button>
</div> </div>

3
app/views/shared/_file_wopi_controlls.html.erb
View file

@ -1,4 +1,5 @@
<%= link_to view_asset_url(id: asset), <%= link_to view_asset_url(id: asset),
id: 'wopi_file_view_button',
class: 'btn btn-default btn-sm', class: 'btn btn-default btn-sm',
target: '_blank', target: '_blank',
style: 'display: inline-block' do %> style: 'display: inline-block' do %>
@ -7,6 +8,7 @@
<% end %> <% end %>
<% if can_edit && edit_supported %> <% if can_edit && edit_supported %>
<%= link_to edit_asset_url(id: asset), <%= link_to edit_asset_url(id: asset),
id: 'wopi_file_edit_button',
class: 'btn btn-default btn-sm', class: 'btn btn-default btn-sm',
target: '_blank', target: '_blank',
style: 'display: inline-block' do %> style: 'display: inline-block' do %>
@ -15,6 +17,7 @@
<% end %> <% end %>
<% elsif can_edit %> <% elsif can_edit %>
<%= link_to edit_asset_url(id: asset), <%= link_to edit_asset_url(id: asset),
id: 'wopi_file_edit_button',
class: 'btn btn-default btn-sm', class: 'btn btn-default btn-sm',
target: '_blank', target: '_blank',
title: title, title: title,