diff --git a/app/assets/stylesheets/repositories.scss b/app/assets/stylesheets/repositories.scss
index 9ccf27c99..62cbf9156 100644
--- a/app/assets/stylesheets/repositories.scss
+++ b/app/assets/stylesheets/repositories.scss
@@ -1,5 +1,12 @@
@import "constants";
+#shared-repos {
+ background-color: $color-concrete;
+ font-size: 14px;
+ font-weight: bolder;
+ padding: 5px 10px;
+}
+
.repositories-dropdown-menu {
height: auto;
max-height: 400px;
@@ -28,6 +35,7 @@
.repository-cog {
display: inline-block;
float: right;
+ padding-bottom: 15px;
padding-left: 4px;
}
diff --git a/app/controllers/assets_controller.rb b/app/controllers/assets_controller.rb
index 3ee323629..2e6624293 100644
--- a/app/controllers/assets_controller.rb
+++ b/app/controllers/assets_controller.rb
@@ -298,7 +298,7 @@ class AssetsController < ApplicationController
elsif @assoc.class == Result
render_403 and return unless can_read_experiment?(@my_module.experiment)
elsif @assoc.class == RepositoryCell
- render_403 and return unless can_read_team?(@repository.team)
+ render_403 and return unless can_read_repository?(@repository)
end
end
diff --git a/app/controllers/at_who_controller.rb b/app/controllers/at_who_controller.rb
index 7c3c9275f..37d166827 100644
--- a/app/controllers/at_who_controller.rb
+++ b/app/controllers/at_who_controller.rb
@@ -34,7 +34,7 @@ class AtWhoController < ApplicationController
def rep_items
repository = Repository.find_by_id(params[:repository_id])
items =
- if repository && can_read_team?(repository.team)
+ if repository && can_read_repository?(repository)
SmartAnnotation.new(current_user, current_team, @query)
.repository_rows(repository)
else
diff --git a/app/controllers/my_modules_controller.rb b/app/controllers/my_modules_controller.rb
index 63287a0da..9a5f6791d 100644
--- a/app/controllers/my_modules_controller.rb
+++ b/app/controllers/my_modules_controller.rb
@@ -300,7 +300,7 @@ class MyModulesController < ApplicationController
def repository
@repository = Repository.find_by_id(params[:repository_id])
- render_403 if @repository.nil? || !can_read_team?(@repository.team)
+ render_403 if @repository.nil? || !can_read_repository?(@repository)
current_team_switch(@repository.team)
end
@@ -670,7 +670,7 @@ class MyModulesController < ApplicationController
def load_repository
@repository = Repository.find_by_id(params[:repository_id])
render_404 unless @repository
- render_403 unless can_read_team?(@repository.team)
+ render_403 unless can_read_repository?(@repository)
end
def load_projects_tree
diff --git a/app/controllers/repositories_controller.rb b/app/controllers/repositories_controller.rb
index d20be3b8a..ee7fd5266 100644
--- a/app/controllers/repositories_controller.rb
+++ b/app/controllers/repositories_controller.rb
@@ -169,7 +169,7 @@ class RepositoriesController < ApplicationController
# AJAX actions
def repository_table_index
- if @repository.nil? || !can_read_team?(@repository.team)
+ if @repository.nil? || !can_read_repository?(@repository)
render_403
else
respond_to do |format|
@@ -315,7 +315,7 @@ class RepositoriesController < ApplicationController
end
def check_view_permissions
- render_403 unless can_read_team?(@repository.team)
+ render_403 unless can_read_repository?(@repository)
end
def check_create_permissions
diff --git a/app/controllers/repository_columns_controller.rb b/app/controllers/repository_columns_controller.rb
index 3c10cae99..e0011bd06 100644
--- a/app/controllers/repository_columns_controller.rb
+++ b/app/controllers/repository_columns_controller.rb
@@ -190,7 +190,7 @@ class RepositoryColumnsController < ApplicationController
end
def load_asset_type_columns
- render_403 unless can_read_team?(@repository.team)
+ render_403 unless can_read_repository?(@repository)
@asset_columns = load_asset_columns(search_params[:q])
end
diff --git a/app/controllers/repository_rows_controller.rb b/app/controllers/repository_rows_controller.rb
index 33d8e6a93..2391b7fa6 100644
--- a/app/controllers/repository_rows_controller.rb
+++ b/app/controllers/repository_rows_controller.rb
@@ -344,7 +344,7 @@ class RepositoryRowsController < ApplicationController
my_module: [{ experiment: :project }]
).where(repository_row: @repository_row)
render_404 and return unless @repository_row
- render_403 unless can_read_team?(@repository_row.repository.team)
+ render_403 unless can_read_repository?(@repository_row.repository)
end
def load_vars
@@ -360,7 +360,7 @@ class RepositoryRowsController < ApplicationController
def load_repository
@repository = current_team.repositories.find_by_id(params[:repository_id])
render_404 unless @repository
- render_403 unless can_read_team?(@repository.team)
+ render_403 unless can_read_repository?(@repository)
end
def check_create_permissions
diff --git a/app/controllers/search_controller.rb b/app/controllers/search_controller.rb
index 0a5f52d69..1a7692053 100644
--- a/app/controllers/search_controller.rb
+++ b/app/controllers/search_controller.rb
@@ -262,7 +262,7 @@ class SearchController < ApplicationController
def search_repository
@repository = Repository.find_by_id(params[:repository])
- render_403 unless can_read_team?(@repository.team)
+ render_403 unless can_read_repository?(@repository)
@repository_results = []
if @repository_search_count_total > 0
@repository_results =
diff --git a/app/controllers/user_repositories_controller.rb b/app/controllers/user_repositories_controller.rb
index 3f1852a51..c1b28ce73 100644
--- a/app/controllers/user_repositories_controller.rb
+++ b/app/controllers/user_repositories_controller.rb
@@ -31,6 +31,6 @@ class UserRepositoriesController < ApplicationController
def load_vars
@repository = Repository.find_by_id(params[:repository_id])
- render_403 if @repository.nil? || !can_read_team?(@repository.team)
+ render_403 if @repository.nil? || !can_read_repository?(@repository)
end
end
diff --git a/app/controllers/wopi_controller.rb b/app/controllers/wopi_controller.rb
index 1df8d611c..49f6f53d0 100644
--- a/app/controllers/wopi_controller.rb
+++ b/app/controllers/wopi_controller.rb
@@ -324,7 +324,7 @@ class WopiController < ActionController::Base
@breadcrumb_folder_name = @my_module.name
@breadcrumb_folder_url = @close_url
elsif @assoc.class == RepositoryCell
- @can_read = can_read_team?(@team)
+ @can_read = can_read_repository?(@repository)
@can_write = can_edit_wopi_file_in_repository_rows?
@close_url = repository_url(@repository,
diff --git a/app/helpers/repository_datatable_helper.rb b/app/helpers/repository_datatable_helper.rb
index 7f1a421df..8968e3603 100644
--- a/app/helpers/repository_datatable_helper.rb
+++ b/app/helpers/repository_datatable_helper.rb
@@ -62,7 +62,8 @@ module RepositoryDatatableHelper
end
def can_perform_repository_actions(repository)
- can_manage_repository?(repository) ||
+ can_read_repository?(repository) ||
+ can_manage_repository?(repository) ||
can_create_repositories?(repository.team) ||
can_manage_repository_rows?(repository)
end
diff --git a/app/models/repository.rb b/app/models/repository.rb
index f8f2cf903..0198dace7 100644
--- a/app/models/repository.rb
+++ b/app/models/repository.rb
@@ -17,7 +17,7 @@ class Repository < ApplicationRecord
has_many :report_elements, inverse_of: :repository, dependent: :destroy
has_many :repository_list_items, inverse_of: :repository, dependent: :destroy
has_many :team_repositories, inverse_of: :repository, dependent: :destroy
- has_many :teams_shared_with, through: :team_repositories, class_name: 'Team'
+ has_many :teams_shared_with, through: :team_repositories, source: :team
auto_strip_attributes :name, nullify: false
validates :name,
diff --git a/app/models/team.rb b/app/models/team.rb
index a5fb83315..2104ecb24 100644
--- a/app/models/team.rb
+++ b/app/models/team.rb
@@ -42,7 +42,7 @@ class Team < ApplicationRecord
has_many :reports, inverse_of: :team, dependent: :destroy
has_many :activities, inverse_of: :team, dependent: :destroy
has_many :team_repositories, inverse_of: :team, dependent: :destroy
- has_many :shared_repositories, through: :team_repositories, class_name: 'Repository'
+ has_many :shared_repositories, through: :team_repositories, source: :repository
attr_accessor :without_templates
attr_accessor :without_intro_demo
diff --git a/app/permissions/repository.rb b/app/permissions/repository.rb
index 45aad6c55..770a564dc 100644
--- a/app/permissions/repository.rb
+++ b/app/permissions/repository.rb
@@ -1,6 +1,21 @@
# frozen_string_literal: true
Canaid::Permissions.register_for(Repository) do
+ # repository: read/export
+ can :read_repository do |user, repository|
+ if user.teams.include?(repository.team)
+ user.is_member_of_team?(repository.team)
+ elsif (read_team_repo = repository
+ .team_repositories
+ .where(team: user.teams).take)
+ # When has some repository's relations with read permissions for at least one of user's teams.
+
+ user.is_member_of_team?(read_team_repo.team)
+ else
+ false
+ end
+ end
+
# repository: update, delete
can :manage_repository do |user, repository|
user.is_admin_of_team?(repository.team)
diff --git a/app/permissions/team.rb b/app/permissions/team.rb
index 009d42154..814dee130 100644
--- a/app/permissions/team.rb
+++ b/app/permissions/team.rb
@@ -1,6 +1,6 @@
Canaid::Permissions.register_for(Team) do
# team: leave, read users, read projects, read/export samples,
- # read protocols, read/export repositories
+ # read protocols
#
can :read_team do |user, team|
user.is_member_of_team?(team)
diff --git a/app/services/smart_annotations/permission_eval.rb b/app/services/smart_annotations/permission_eval.rb
index 0ef959e40..f53ce8b27 100644
--- a/app/services/smart_annotations/permission_eval.rb
+++ b/app/services/smart_annotations/permission_eval.rb
@@ -27,7 +27,7 @@ module SmartAnnotations
def validate_rep_item_permissions(user, team, object)
if object.repository
return object.repository.team.id == team.id &&
- can_read_team?(user, object.repository.team)
+ can_read_repository?(user, object.repository)
end
# handles discarded repositories
@@ -35,7 +35,7 @@ module SmartAnnotations
# evaluate to false if repository not found
return false unless repository
- repository.team.id == team && can_read_team?(user, repository.team)
+ repository.team.id == team && can_read_repository?(user, repository)
end
end
end
diff --git a/app/views/repositories/_sidebar.html.erb b/app/views/repositories/_sidebar.html.erb
index 567e559f2..1734927ca 100644
--- a/app/views/repositories/_sidebar.html.erb
+++ b/app/views/repositories/_sidebar.html.erb
@@ -3,17 +3,21 @@
<% repositories.each do |repository| %>
- -
-
- <% if current_page?(repository_path(repository)) %>
- <%= repository.name %>
- <% else %>
- <%= link_to repository.name,
- repository_path(repository),
- data: { 'no-turbolink' => 'true' } %>
- <% end %>
+ <%= render partial: "repositories/sidebar_list.html.erb",
+ locals: { repository: repository } %>
+ <% end %>
+
+ <% if @team.team_repositories.any? %>
+
-
+
+ <%= t('left_menu_bar.repositories_extra.shared_repos') %>
+
+ <% @team.shared_repositories.each do |repository| %>
+ <%= render partial: "repositories/sidebar_list.html.erb",
+ locals: { repository: repository } %>
+ <% end %>
<% end %>
diff --git a/app/views/repositories/_sidebar_list.html.erb b/app/views/repositories/_sidebar_list.html.erb
new file mode 100644
index 000000000..32f792aff
--- /dev/null
+++ b/app/views/repositories/_sidebar_list.html.erb
@@ -0,0 +1,11 @@
+
+
+ <% if current_page?(repository_path(repository)) %>
+ <%= repository.name %>
+ <% else %>
+ <%= link_to repository.name,
+ repository_path(repository),
+ data: { 'no-turbolink' => 'true' } %>
+ <% end %>
+
+
diff --git a/app/views/repositories/show.html.erb b/app/views/repositories/show.html.erb
index bbf844a62..3a2965fd8 100644
--- a/app/views/repositories/show.html.erb
+++ b/app/views/repositories/show.html.erb
@@ -53,7 +53,7 @@
<% end %>
- <% if can_read_team?(@repository.team) %>
+ <% if can_read_repository?(@repository) %>
<%= t("repositories.index.options_dropdown.export_items") %>
diff --git a/app/views/search/results/partials/_asset_text.html.erb b/app/views/search/results/partials/_asset_text.html.erb
index f5a483393..3e450b87e 100644
--- a/app/views/search/results/partials/_asset_text.html.erb
+++ b/app/views/search/results/partials/_asset_text.html.erb
@@ -23,7 +23,7 @@
<%= text %>
<% end %>
<% elsif asset.repository_asset_value %>
- <% if can_read_team?(asset.repository_asset_value.repository_cell.repository_row.repository.team) %>
+ <% if can_read_repository?(asset.repository_asset_value.repository_cell.repository_row.repository) %>
<% asset_read_allowed = true %>
<%= text %>
diff --git a/app/views/search/results/partials/_repository_row_text.html.erb b/app/views/search/results/partials/_repository_row_text.html.erb
index ea6c23340..78dc402af 100644
--- a/app/views/search/results/partials/_repository_row_text.html.erb
+++ b/app/views/search/results/partials/_repository_row_text.html.erb
@@ -1,4 +1,4 @@
-<% if can_read_team?(repository_row.repository.team) %>
+<% if can_read_repository?(repository_row.repository) %>
<%= route_to_other_team repository_path(id: repository_row.repository.id),
repository_row.repository.team,
repository_row.name %>
diff --git a/app/views/search/results/partials/_repository_text.html.erb b/app/views/search/results/partials/_repository_text.html.erb
index fbc7f2d5d..f084943de 100644
--- a/app/views/search/results/partials/_repository_text.html.erb
+++ b/app/views/search/results/partials/_repository_text.html.erb
@@ -1,4 +1,4 @@
-<% if can_read_team?(repository.team) %>
+<% if can_read_repository?(repository) %>
<%= route_to_other_team repository_path(id: repository.id),
repository.team,
repository.name %>
diff --git a/config/locales/en.yml b/config/locales/en.yml
index 7da81cce0..626fdd66c 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -127,6 +127,8 @@ en:
left_menu_bar:
projects: "Projects"
repositories: "Inventories"
+ repositories_extra:
+ shared_repos: "Shared Inventories"
templates: "Protocols"
reports: "Reports"
settings: "Settings"