Show shared inventories in left navigation and fix read repository permission

2025-09-08 06:04:35 +08:00 · 2019-07-17 16:00:49 +02:00 · 2019-07-17 16:00:49 +02:00 · cac7dab440
commit cac7dab440
parent 1a77702fa7
23 changed files with 72 additions and 31 deletions
--- a/app/assets/stylesheets/repositories.scss
+++ b/app/assets/stylesheets/repositories.scss
@ -1,5 +1,12 @@
@import "constants";

+#shared-repos {
+  background-color: $color-concrete;
+  font-size: 14px;
+  font-weight: bolder;
+  padding: 5px 10px;
+}
+
 .repositories-dropdown-menu {
  height: auto;
  max-height: 400px;
@ -28,6 +35,7 @@
 .repository-cog {
  display: inline-block;
  float: right;
+  padding-bottom: 15px;
  padding-left: 4px;
 }

--- a/app/controllers/assets_controller.rb
+++ b/app/controllers/assets_controller.rb
@ -298,7 +298,7 @@ class AssetsController < ApplicationController
    elsif @assoc.class == Result
      render_403 and return unless can_read_experiment?(@my_module.experiment)
    elsif @assoc.class == RepositoryCell
-      render_403 and return unless can_read_team?(@repository.team)
+      render_403 and return unless can_read_repository?(@repository)
    end
  end

--- a/app/controllers/at_who_controller.rb
+++ b/app/controllers/at_who_controller.rb
@ -34,7 +34,7 @@ class AtWhoController < ApplicationController
  def rep_items
    repository = Repository.find_by_id(params[:repository_id])
    items =
-      if repository && can_read_team?(repository.team)
+      if repository && can_read_repository?(repository)
        SmartAnnotation.new(current_user, current_team, @query)
                       .repository_rows(repository)
      else
--- a/app/controllers/my_modules_controller.rb
+++ b/app/controllers/my_modules_controller.rb
@ -300,7 +300,7 @@ class MyModulesController < ApplicationController

  def repository
    @repository = Repository.find_by_id(params[:repository_id])
-    render_403 if @repository.nil? || !can_read_team?(@repository.team)
+    render_403 if @repository.nil? || !can_read_repository?(@repository)
    current_team_switch(@repository.team)
  end

@ -670,7 +670,7 @@ class MyModulesController < ApplicationController
  def load_repository
    @repository = Repository.find_by_id(params[:repository_id])
    render_404 unless @repository
-    render_403 unless can_read_team?(@repository.team)
+    render_403 unless can_read_repository?(@repository)
  end

  def load_projects_tree
--- a/app/controllers/repositories_controller.rb
+++ b/app/controllers/repositories_controller.rb
@ -169,7 +169,7 @@ class RepositoriesController < ApplicationController

  # AJAX actions
  def repository_table_index
-    if @repository.nil? || !can_read_team?(@repository.team)
+    if @repository.nil? || !can_read_repository?(@repository)
      render_403
    else
      respond_to do |format|
@ -315,7 +315,7 @@ class RepositoriesController < ApplicationController
  end

  def check_view_permissions
-    render_403 unless can_read_team?(@repository.team)
+    render_403 unless can_read_repository?(@repository)
  end

  def check_create_permissions
--- a/app/controllers/repository_columns_controller.rb
+++ b/app/controllers/repository_columns_controller.rb
@ -190,7 +190,7 @@ class RepositoryColumnsController < ApplicationController
  end

  def load_asset_type_columns
-    render_403 unless can_read_team?(@repository.team)
+    render_403 unless can_read_repository?(@repository)
    @asset_columns = load_asset_columns(search_params[:q])
  end

--- a/app/controllers/repository_rows_controller.rb
+++ b/app/controllers/repository_rows_controller.rb
@ -344,7 +344,7 @@ class RepositoryRowsController < ApplicationController
      my_module: [{ experiment: :project }]
    ).where(repository_row: @repository_row)
    render_404 and return unless @repository_row
-    render_403 unless can_read_team?(@repository_row.repository.team)
+    render_403 unless can_read_repository?(@repository_row.repository)
  end

  def load_vars
@ -360,7 +360,7 @@ class RepositoryRowsController < ApplicationController
  def load_repository
    @repository = current_team.repositories.find_by_id(params[:repository_id])
    render_404 unless @repository
-    render_403 unless can_read_team?(@repository.team)
+    render_403 unless can_read_repository?(@repository)
  end

  def check_create_permissions
--- a/app/controllers/search_controller.rb
+++ b/app/controllers/search_controller.rb
@ -262,7 +262,7 @@ class SearchController < ApplicationController

  def search_repository
    @repository = Repository.find_by_id(params[:repository])
-    render_403 unless can_read_team?(@repository.team)
+    render_403 unless can_read_repository?(@repository)
    @repository_results = []
    if @repository_search_count_total > 0
      @repository_results =
--- a/app/controllers/user_repositories_controller.rb
+++ b/app/controllers/user_repositories_controller.rb
@ -31,6 +31,6 @@ class UserRepositoriesController < ApplicationController

  def load_vars
    @repository = Repository.find_by_id(params[:repository_id])
-    render_403 if @repository.nil? || !can_read_team?(@repository.team)
+    render_403 if @repository.nil? || !can_read_repository?(@repository)
  end
 end
--- a/app/controllers/wopi_controller.rb
+++ b/app/controllers/wopi_controller.rb
@ -324,7 +324,7 @@ class WopiController < ActionController::Base
      @breadcrumb_folder_name = @my_module.name
      @breadcrumb_folder_url  = @close_url
    elsif @assoc.class == RepositoryCell
-      @can_read = can_read_team?(@team)
+      @can_read = can_read_repository?(@repository)
      @can_write = can_edit_wopi_file_in_repository_rows?

      @close_url = repository_url(@repository,
--- a/app/helpers/repository_datatable_helper.rb
+++ b/app/helpers/repository_datatable_helper.rb
@ -62,7 +62,8 @@ module RepositoryDatatableHelper
  end

  def can_perform_repository_actions(repository)
-    can_manage_repository?(repository) ||
+    can_read_repository?(repository) ||
+      can_manage_repository?(repository) ||
      can_create_repositories?(repository.team) ||
      can_manage_repository_rows?(repository)
  end
--- a/app/models/repository.rb
+++ b/app/models/repository.rb
@ -17,7 +17,7 @@ class Repository < ApplicationRecord
  has_many :report_elements, inverse_of: :repository, dependent: :destroy
  has_many :repository_list_items, inverse_of: :repository, dependent: :destroy
  has_many :team_repositories, inverse_of: :repository, dependent: :destroy
-  has_many :teams_shared_with, through: :team_repositories, class_name: 'Team'
+  has_many :teams_shared_with, through: :team_repositories, source: :team

  auto_strip_attributes :name, nullify: false
  validates :name,
--- a/app/models/team.rb
+++ b/app/models/team.rb
@ -42,7 +42,7 @@ class Team < ApplicationRecord
  has_many :reports, inverse_of: :team, dependent: :destroy
  has_many :activities, inverse_of: :team, dependent: :destroy
  has_many :team_repositories, inverse_of: :team, dependent: :destroy
-  has_many :shared_repositories, through: :team_repositories, class_name: 'Repository'
+  has_many :shared_repositories, through: :team_repositories, source: :repository

  attr_accessor :without_templates
  attr_accessor :without_intro_demo
--- a/app/permissions/repository.rb
+++ b/app/permissions/repository.rb
@ -1,6 +1,21 @@
 # frozen_string_literal: true

 Canaid::Permissions.register_for(Repository) do
+  # repository: read/export
+  can :read_repository do |user, repository|
+    if user.teams.include?(repository.team)
+      user.is_member_of_team?(repository.team)
+    elsif (read_team_repo = repository
+                                .team_repositories
+                                .where(team: user.teams).take)
+      # When has some repository's relations with read permissions for at least one of user's teams.
+
+      user.is_member_of_team?(read_team_repo.team)
+    else
+      false
+    end
+  end
+
  # repository: update, delete
  can :manage_repository do |user, repository|
    user.is_admin_of_team?(repository.team)
--- a/app/permissions/team.rb
+++ b/app/permissions/team.rb
@ -1,6 +1,6 @@
 Canaid::Permissions.register_for(Team) do
  # team: leave, read users, read projects, read/export samples,
-  #       read protocols, read/export repositories
+  #       read protocols
  #
  can :read_team do |user, team|
    user.is_member_of_team?(team)
--- a/app/services/smart_annotations/permission_eval.rb
+++ b/app/services/smart_annotations/permission_eval.rb
@ -27,7 +27,7 @@ module SmartAnnotations
      def validate_rep_item_permissions(user, team, object)
        if object.repository
          return object.repository.team.id == team.id &&
-                 can_read_team?(user, object.repository.team)
+                 can_read_repository?(user, object.repository)
        end

        # handles discarded repositories
@ -35,7 +35,7 @@ module SmartAnnotations
        # evaluate to false if repository not found
        return false unless repository

-        repository.team.id == team && can_read_team?(user, repository.team)
+        repository.team.id == team && can_read_repository?(user, repository)
      end
    end
  end
--- a/app/views/repositories/_sidebar.html.erb
+++ b/app/views/repositories/_sidebar.html.erb
@ -3,17 +3,21 @@
    <div class="tree">
      <ul>
        <% repositories.each do |repository| %>
-          <li class="<%= 'active parent_li' if current_page?(repository_path(repository)) %>" >
-            <span class="tree-link line-wrap no-indent">
-              <% if current_page?(repository_path(repository)) %>
-                <span title="<%= repository.name %>"><%= repository.name %></span>
-              <% else %>
-                <%= link_to repository.name,
-                            repository_path(repository),
-                            data: { 'no-turbolink' => 'true' } %>
-              <% end %>
+          <%= render partial: "repositories/sidebar_list.html.erb",
+                     locals: { repository: repository } %>
+        <% end %>
+
+        <% if @team.team_repositories.any? %>
+          <li >
+            <span id="shared-repos" class="tree-link line-wrap no-indent">
+              <%= t('left_menu_bar.repositories_extra.shared_repos') %>
            </span>
          </li>
+
+          <% @team.shared_repositories.each do |repository| %>
+            <%= render partial: "repositories/sidebar_list.html.erb",
+                       locals: { repository: repository } %>
+          <% end %>
        <% end %>
      </ul>
    </div>
--- a/app/views/repositories/_sidebar_list.html.erb
+++ b/app/views/repositories/_sidebar_list.html.erb
@ -0,0 +1,11 @@
+<li class="<%= 'active parent_li' if current_page?(repository_path(repository)) %>" >
+  <span class="tree-link line-wrap no-indent">
+    <% if current_page?(repository_path(repository)) %>
+      <span title="<%= repository.name %>"><%= repository.name %></span>
+    <% else %>
+      <%= link_to repository.name,
+                  repository_path(repository),
+                  data: { 'no-turbolink' => 'true' } %>
+    <% end %>
+  </span>
+</li>
--- a/app/views/repositories/show.html.erb
+++ b/app/views/repositories/show.html.erb
@ -53,7 +53,7 @@
              </a>
            <li>
            <% end %>
-            <% if can_read_team?(@repository.team) %>
+            <% if can_read_repository?(@repository) %>
            <li>
              <a href="#"  id="exportRepositoriesButton" data-turbolinks="false">
                <%= t("repositories.index.options_dropdown.export_items") %>
--- a/app/views/search/results/partials/_asset_text.html.erb
+++ b/app/views/search/results/partials/_asset_text.html.erb
@ -23,7 +23,7 @@
    <%= text %>
  <% end %>
 <% elsif asset.repository_asset_value %>
-  <% if can_read_team?(asset.repository_asset_value.repository_cell.repository_row.repository.team) %>
+  <% if can_read_repository?(asset.repository_asset_value.repository_cell.repository_row.repository) %>
    <% asset_read_allowed = true %>
    <a href="<%= download_asset_path asset %>" target="_blank">
      <%= text %>
--- a/app/views/search/results/partials/_repository_row_text.html.erb
+++ b/app/views/search/results/partials/_repository_row_text.html.erb
@ -1,4 +1,4 @@
-<% if can_read_team?(repository_row.repository.team) %>
+<% if can_read_repository?(repository_row.repository) %>
  <%= route_to_other_team repository_path(id: repository_row.repository.id),
                          repository_row.repository.team,
                          repository_row.name %>
--- a/app/views/search/results/partials/_repository_text.html.erb
+++ b/app/views/search/results/partials/_repository_text.html.erb
@ -1,4 +1,4 @@
-<% if can_read_team?(repository.team) %>
+<% if can_read_repository?(repository) %>
  <%= route_to_other_team repository_path(id: repository.id),
                          repository.team,
                          repository.name %>
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@ -127,6 +127,8 @@ en:
  left_menu_bar:
    projects: "Projects"
    repositories: "Inventories"
+    repositories_extra:
+      shared_repos: "Shared Inventories"
    templates: "Protocols"
    reports: "Reports"
    settings: "Settings"