Fixed scopes and added permission checks to quick create services [SCI-6135] (#3584)

This commit is contained in:
artoscinote 2021-10-14 13:13:29 +02:00 committed by GitHub
parent 4a4c344a3a
commit c63090da8c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 31 additions and 38 deletions

View file

@ -57,11 +57,14 @@ module Dashboard
end
def load_project
@project = current_team.projects.find_by(id: params.dig(:project, :id))
@project = current_team.projects.managable_by_user(current_user).find_by(id: params.dig(:project, :id))
end
def load_experiment
@experiment = @project.experiments.find_by(id: params.dig(:experiment, :id)) if @project
return unless @project
@experiment =
@project.experiments.managable_by_user(current_user).find_by(id: params.dig(:experiment, :id))
end
def check_task_create_permissions

View file

@ -22,7 +22,7 @@ module Assignable
.where('? = ANY(user_roles.permissions)', "::#{self.class.to_s.split('::').first}Permissions".constantize::MANAGE)
}
after_create_commit do
after_create do
UserAssignment.create!(
user: created_by,
assignable: self,

View file

@ -4,7 +4,7 @@ class Experiment < ApplicationRecord
ID_PREFIX = 'EX'
include PrefixedIdModel
SEARCHABLE_ATTRIBUTES = [:name, :description, PREFIXED_ID_SQL].freeze
SEARCHABLE_ATTRIBUTES = ['experiments.name', 'experiments.description', PREFIXED_ID_SQL].freeze
include ArchivableModel
include SearchableModel

View file

@ -1,6 +1,8 @@
# frozen_string_literal: true
class CreateExperimentService
include Canaid::Helpers::PermissionsHelper
def initialize(user, team, params)
@params = params
@user = user
@ -8,26 +10,21 @@ class CreateExperimentService
end
def call
new_experiment = nil
ActiveRecord::Base.transaction do
unless @params[:project].class == Project
unless @params[:project].instance_of?(Project)
@params[:project] = CreateProjectService.new(@user, @team, @params[:project]).call
end
unless @params[:project]&.errors&.empty?
new_experiment = @params[:project]
raise ActiveRecord::Rollback
end
raise ActiveRecord::Rollback unless @params[:project]&.valid? &&
can_create_project_experiments?(@user, @params[:project])
@params[:created_by] = @user
@params[:last_modified_by] = @user
@experiment = @params[:project].experiments.new(@params)
create_experiment_activity if @experiment.save
new_experiment = @experiment
@experiment = @params[:project].experiments.create!(@params)
create_experiment_activity
end
new_experiment
@experiment
end
private

View file

@ -1,6 +1,8 @@
# frozen_string_literal: true
class CreateMyModuleService
include Canaid::Helpers::PermissionsHelper
def initialize(user, team, params)
@params = params
@my_module_params = params[:my_module] || {}
@ -9,16 +11,14 @@ class CreateMyModuleService
end
def call
new_my_module = nil
ActiveRecord::Base.transaction do
unless @params[:experiment].class == Experiment
unless @params[:experiment].instance_of?(Experiment)
@params[:experiment][:project] = @params[:project]
@params[:experiment] = CreateExperimentService.new(@user, @team, @params[:experiment]).call
end
unless @params[:experiment]&.errors&.empty?
new_my_module = @params[:experiment]
raise ActiveRecord::Rollback
end
raise ActiveRecord::Rollback unless @params[:experiment]&.valid? &&
can_manage_experiment_tasks?(@user, @params[:experiment])
@my_module_params[:x] ||= 0
@my_module_params[:y] ||= 0
@ -36,10 +36,9 @@ class CreateMyModuleService
create_my_module_activity
@my_module.assign_user(@user)
new_my_module = @my_module
end
new_my_module
@my_module
end
private

View file

@ -1,6 +1,8 @@
# frozen_string_literal: true
class CreateProjectService
include Canaid::Helpers::PermissionsHelper
def initialize(user, team, params)
@params = params
@user = user
@ -8,24 +10,16 @@ class CreateProjectService
end
def call
new_project = nil
return unless can_create_projects?(@user, @team)
ActiveRecord::Base.transaction do
@params[:created_by] = @user
@params[:last_modified_by] = @user
@project = @team.projects.new(@params)
if @project.save
@project.user_projects.create!(role: :owner, user: @user)
create_project_activity
new_project = @project
else
new_project = @project
raise ActiveRecord::Rollback
end
@project = @team.projects.create!(@params)
create_project_activity
end
new_project
@project
end
private