Some additional permission calls fixes, minor refactoring.

2025-01-29 03:01:58 +08:00 · 2018-03-06 06:56:35 +01:00 · 2018-03-06 06:56:35 +01:00 · c5b0a6525b
commit c5b0a6525b
parent 61d1f5374d
4 changed files with 4 additions and 10 deletions
--- a/app/controllers/assets_controller.rb
+++ b/app/controllers/assets_controller.rb
@ -118,7 +118,7 @@ class AssetsController < ApplicationController
      render_403 && return unless can_read_protocol_in_module?(@protocol) ||
                                  can_read_protocol_in_repository?(@protocol)
    elsif @assoc.class == Result
-      render_403 and return unless can_view_experiment?(@my_module.experiment)
+      render_403 and return unless can_read_experiment?(@my_module.experiment)
    end
  end

--- a/app/controllers/my_modules_controller.rb
+++ b/app/controllers/my_modules_controller.rb
@ -6,13 +6,7 @@ class MyModulesController < ApplicationController
  include ActionView::Helpers::UrlHelper
  include ApplicationHelper

-  before_action :load_vars,
-                only: %I[show update destroy description due_date protocols
-                         results samples activities activities_tab
-                         assign_samples unassign_samples delete_samples
-                         toggle_task_state samples_index archive
-                         complete_my_module repository repository_index
-                         assign_repository_records unassign_repository_records]
+  before_action :load_vars
  before_action :load_vars_nested, only: %I[new create]
  before_action :load_repository, only: %I[assign_repository_records
                                           unassign_repository_records]
--- a/app/controllers/wopi_controller.rb
+++ b/app/controllers/wopi_controller.rb
@ -305,7 +305,7 @@ class WopiController < ActionController::Base
      end
      @breadcrumb_folder_url  = @close_url
    else
-      @can_read = can_view_experiment?(@my_module.experiment)
+      @can_read = can_read_experiment?(@my_module.experiment)
      @can_write = can_manage_module?(@my_module)

      @close_url = results_my_module_url(@my_module,
--- a/app/views/results/_result_asset.html.erb
+++ b/app/views/results/_result_asset.html.erb
@ -1,4 +1,4 @@
-<% if can_view_experiment?(result.my_module.experiment) %>
+<% if can_read_experiment?(result.my_module.experiment) %>
  <% if result.asset.file.processing? %>
    <span data-status='asset-loading'
      data-present-url='<%= file_present_asset_path(result.asset) %>'>