scinote-eln/scinote-web
1
1
Fork 0
mirror of https://github.com/scinote-eln/scinote-web.git synced 2025-10-06 20:05:55 +08:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #2759 from okriuchykhin/ok_SCI_4817

Browse source 
Refactor task archive and move permissions [SCI-4817]
This commit is contained in:
Alex Kriuchykhin 2020-08-21 11:01:05 +02:00 committed by GitHub
commit ccf4e2a747
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 32 additions and 30 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
app/controllers/canvas_controller.rb
View file

@ -33,10 +33,7 @@ class CanvasController < ApplicationController
to_archive = [] to_archive = []
if update_params[:remove].present? if update_params[:remove].present?
to_archive = update_params[:remove].split(',') to_archive = update_params[:remove].split(',')
if to_archive.all? do |id| if to_archive.all? { |id| can_archive_module?(MyModule.find_by(id: id)) }
is_int?(id) &&
can_manage_module?(MyModule.find_by_id(id))
end
to_archive.collect!(&:to_i) to_archive.collect!(&:to_i)
else else
return render_403 return render_403
@ -117,16 +114,14 @@ class CanvasController < ApplicationController
# Okay, JSON parsed! # Okay, JSON parsed!
unless to_move.is_a?(Hash) && unless to_move.is_a?(Hash) &&
to_move.keys.all? do |id| to_move.keys.all? do |id|
id.is_a?(String) && !is_int?(id) || can_move_module?(MyModule.find_by(id: id))
(!is_int?(id) || can_manage_module?(MyModule.find_by_id(id)))
end && end &&
to_move.values.all? do |exp_id| to_move.values.all? do |exp_id|
exp_id.is_a?(String) && can_manage_experiment?(Experiment.find_by(id: exp_id))
can_manage_experiment?(Experiment.find_by_id(exp_id))
end end
return render_403 return render_403
end end
rescue rescue StandardError
return render_403 return render_403
end end
end end

6
app/controllers/my_modules_controller.rb
View file

@ -9,7 +9,7 @@ class MyModulesController < ApplicationController
before_action :load_vars before_action :load_vars
before_action :load_projects_tree, only: %i(protocols results activities archive) before_action :load_projects_tree, only: %i(protocols results activities archive)
before_action :check_manage_permissions_archive, only: %i(update) before_action :check_archive_and_restore_permissions, only: %i(update)
before_action :check_manage_permissions, only: %i(description due_date update_description update_protocol_description) before_action :check_manage_permissions, only: %i(description due_date update_description update_protocol_description)
before_action :check_view_permissions, except: %i(update update_description update_protocol_description before_action :check_view_permissions, except: %i(update update_description update_protocol_description
toggle_task_state) toggle_task_state)
@ -372,11 +372,11 @@ class MyModulesController < ApplicationController
render_403 && return unless can_manage_module?(@my_module) render_403 && return unless can_manage_module?(@my_module)
end end
def check_manage_permissions_archive def check_archive_and_restore_permissions
render_403 && return unless if my_module_params[:archived] == 'false' render_403 && return unless if my_module_params[:archived] == 'false'
can_restore_module?(@my_module) can_restore_module?(@my_module)
else else
can_manage_module?(@my_module) can_archive_module?(@my_module)
end end
end end

6
app/models/experiment.rb
View file

@ -138,13 +138,11 @@ class Experiment < ApplicationRecord
archive_modules(to_archive, current_user) if to_archive.any? archive_modules(to_archive, current_user) if to_archive.any?
# Update only existing tasks positions to release positions for new tasks # Update only existing tasks positions to release positions for new tasks
existing_positions = positions existing_positions = positions.slice(*positions.keys.map { |k| k unless k.to_s.start_with?('n') }.compact)
.slice(*positions.keys.map { |k| k unless k.to_s.start_with?('n') }.compact)
update_module_positions(existing_positions) if existing_positions.any? update_module_positions(existing_positions) if existing_positions.any?
# Move only existing tasks to release positions for new tasks # Move only existing tasks to release positions for new tasks
existing_to_move = to_move existing_to_move = to_move.slice(*to_move.keys.map { |k| k unless k.to_s.start_with?('n') }.compact)
.slice(*to_move.keys.map { |k| k unless k.to_s.start_with?('n') }.compact)
move_modules(existing_to_move, current_user) if existing_to_move.any? move_modules(existing_to_move, current_user) if existing_to_move.any?
# add new modules # add new modules

12
app/permissions/experiment.rb
View file

@ -72,12 +72,17 @@ Canaid::Permissions.register_for(MyModule) do
end end
end end
# module: update, archive, move # module: update
# result: create, update # result: create, update
can :manage_module do |user, my_module| can :manage_module do |user, my_module|
can_manage_experiment?(user, my_module.experiment) can_manage_experiment?(user, my_module.experiment)
end end
# module: archive
can :archive_module do |user, my_module|
can_manage_experiment?(user, my_module.experiment)
end
# NOTE: Must not be dependent on canaid parmision for which we check if it's # NOTE: Must not be dependent on canaid parmision for which we check if it's
# active # active
# module: restore # module: restore
@ -86,6 +91,11 @@ Canaid::Permissions.register_for(MyModule) do
my_module.archived? my_module.archived?
end end
# module: move
can :move_module do |user, my_module|
can_manage_experiment?(user, my_module.experiment)
end
# module: assign/reassign/unassign users # module: assign/reassign/unassign users
can :manage_users_in_module do |user, my_module| can :manage_users_in_module do |user, my_module|
user.is_owner_of_project?(my_module.experiment.project) user.is_owner_of_project?(my_module.experiment.project)

25
app/views/canvas/edit/_my_module.html.erb
View file

@ -7,7 +7,6 @@
data-module-conns="<%= construct_module_connections(my_module) %>"> data-module-conns="<%= construct_module_connections(my_module) %>">
<% module_group = my_module.my_module_group %> <% module_group = my_module.my_module_group %>
<% can_manage_module_group = module_group && (module_group.new_record? || module_group.my_modules.all? { |my_module| can_manage_module?(my_module) }) %>
<div class="panel-heading"> <div class="panel-heading">
@ -21,35 +20,35 @@
<li class="dropdown-header"><%= t('projects.index.options_header') %></li> <li class="dropdown-header"><%= t('projects.index.options_header') %></li>
<% if can_manage_module?(my_module) %> <% if can_manage_module?(my_module) %>
<li> <li>
<a class="edit-module" href="" data-module-id="<%= my_module.id %>"><%=t "experiments.canvas.edit.edit_module" %></a> <a class="edit-module" href="" data-module-id="<%= my_module.id %>"><%= t('experiments.canvas.edit.edit_module') %></a>
</li> </li>
<% end %> <% end %>
<% if can_manage_experiment?(my_module.experiment) %> <% if can_manage_experiment?(my_module.experiment) %>
<li> <li>
<a class ="clone-module" href="" data-module-id="<%= my_module.id %>"><%=t "experiments.canvas.edit.clone_module" %></a> <a class ="clone-module" href="" data-module-id="<%= my_module.id %>"><%= t('experiments.canvas.edit.clone_module') %></a>
</li> </li>
<li <%= 'style=display:none;' if my_module.my_module_group.blank? %>> <li <%= 'style=display:none;' if my_module.my_module_group.blank? %>>
<a class ="clone-module-group" href="" data-module-id="<%= my_module.id %>"><%=t "experiments.canvas.edit.clone_module_group" %></a> <a class ="clone-module-group" href="" data-module-id="<%= my_module.id %>"><%= t('experiments.canvas.edit.clone_module_group') %></a>
</li> </li>
<% end %> <% end %>
<% if can_manage_module?(my_module) %> <% if can_move_module?(my_module) %>
<li> <li>
<a class="move-module" href="" data-module-id="<%= my_module.id %>"><%=t "experiments.canvas.edit.move_module" %></a> <a class="move-module" href="" data-module-id="<%= my_module.id %>"><%= t('experiments.canvas.edit.move_module') %></a>
</li> </li>
<% end %> <% end %>
<% if can_manage_module_group %> <% if module_group.my_modules.all? { |my_module| can_move_module?(my_module) } %>
<li> <li>
<a class="move-module-group" href="" data-module-id="<%= my_module.id %>"><%=t "experiments.canvas.edit.move_module_group" %></a> <a class="move-module-group" href="" data-module-id="<%= my_module.id %>"><%= t('experiments.canvas.edit.move_module_group') %></a>
</li> </li>
<% end %> <% end %>
<% if can_manage_module?(my_module) %> <% if can_archive_module?(my_module) %>
<li> <li>
<a class="delete-module" href="" data-module-id="<%= my_module.id %>"><%=t "experiments.canvas.edit.delete_module" %></a> <a class="delete-module" href="" data-module-id="<%= my_module.id %>"><%= t('experiments.canvas.edit.delete_module') %></a>
</li> </li>
<% end %> <% end %>
<% if can_manage_module_group %> <% if module_group.my_modules.all? { |my_module| can_archive_module?(my_module) } %>
<li data-hook="archive-module-group"> <li data-hook="archive-module-group">
<a class ="delete-module-group" href="" data-module-id="<%= my_module.id %>"><%=t "experiments.canvas.edit.delete_module_group" %></a> <a class ="delete-module-group" href="" data-module-id="<%= my_module.id %>"><%= t('experiments.canvas.edit.delete_module_group') %></a>
</li> </li>
<% end %> <% end %>
</ul> </ul>
@ -59,7 +58,7 @@
<% if can_manage_experiment?(my_module.experiment) %> <% if can_manage_experiment?(my_module.experiment) %>
<div class="panel-body ep"> <div class="panel-body ep">
<%=t "experiments.canvas.edit.drag_connections" %> <%= t('experiments.canvas.edit.drag_connections') %>
</div> </div>
<% end %> <% end %>