scinote-eln/scinote-web
1
1
Fork 0
mirror of https://github.com/scinote-eln/scinote-web.git synced 2024-12-27 02:04:33 +08:00
Code Issues Projects Releases Packages Wiki Activity

Fixed comments permissions for experiment level.

Browse source
This commit is contained in:
Matej Zrimšek 2018-02-13 14:59:30 +01:00
parent 6b1fee4d30
commit d571ab2ed8
9 changed files with 32 additions and 33 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
app/controllers/my_module_comments_controller.rb
View file

@ -183,13 +183,13 @@ class MyModuleCommentsController < ApplicationController
end
def check_add_permissions
render_403 unless create_comment_in_module?(@my_module)
render_403 unless can_create_comment_in_module?(@my_module)
end
def check_manage_permissions
@comment = TaskComment.find_by_id(params[:id])
render_403 unless @comment.present? &&
can_manage_comment_in_module?(@comment)
can_manage_comment_in_module?(@comment.becomes(Comment))
end
def comment_params

4
app/controllers/result_comments_controller.rb
View file

@ -175,13 +175,13 @@ class ResultCommentsController < ApplicationController
end
def check_add_permissions
render_403 unless create_comment_in_module?(@my_module)
render_403 unless can_create_comment_in_module?(@my_module)
end
def check_manage_permissions
@comment = ResultComment.find_by_id(params[:id])
render_403 unless @comment.present? &&
can_manage_comment_in_module?(@comment)
can_manage_comment_in_module?(@comment.becomes(Comment))
end
def comment_params

2
app/controllers/step_comments_controller.rb
View file

@ -190,7 +190,7 @@ class StepCommentsController < ApplicationController
def check_manage_permissions
@comment = StepComment.find_by_id(params[:id])
render_403 unless @comment.present? &&
can_manage_comment_in_module?(@comment)
can_manage_comment_in_module?(@comment.becomes(Comment))
end
def comment_params

45
app/permissions/experiment.rb
View file

@ -82,13 +82,11 @@ Canaid::Permissions.register_for(MyModule) do
user.is_technician_or_higher_of_project?(my_module.experiment.project)
end
# TODO: When rebasing on top of refactored projects permissions, just call
# can_create_comment_in_project?(user, my_module.experiment.project) instead
# module: create comment
# result: create comment
# step: create comment
can :create_comment_in_module do |user, my_module|
user.is_technician_or_higher_of_project?(my_module.experiment.project)
can_create_comment_in_project?(user, my_module.experiment.project)
end
%i(manage_module
@ -155,33 +153,34 @@ Canaid::Permissions.register_for(Comment) do
# result: update/delete comment
# step: update/delete comment
can :manage_comment_in_module do |user, comment|
project = case comment.is_a?
when TaskComment
comment.my_module.experiment.project
when ResultComment
comment.result.my_module.experiment.project
when StepComment
comment.step.protocol.my_module.experiment.project
end
my_module = get_comment_module(comment)
project = my_module.experiment.project
# Same check as in `can_manage_comment_in_project?`
project.present? &&
# TODO: When rebasing on top of refactored projects permissions, just call
# can_manage_comment_in_project?(user, project) instead
(user.is_owner_of_project(project) || comment.user == current_user)
(user.is_owner_of_project?(project) || comment.user == user)
end
%i(comment).each do |perm|
%i(manage_comment_in_module).each do |perm|
can perm do |_, comment|
my_module = case comment.is_a?
when TaskComment
comment.my_module
when ResultComment
comment.result.my_module
when StepComment
comment.step.protocol.my_module
end
my_module = get_comment_module(comment)
my_module.active? &&
my_module.experiment.active? &&
my_module.experiment.project.active?
end
end
end
private
def get_comment_module(comment)
comment = comment.becomes(comment.type.constantize)
my_module = case comment
when TaskComment
comment.my_module
when ResultComment
comment.result.my_module
when StepComment
comment.step.protocol.my_module
end
my_module
end

2
app/views/my_module_comments/_comment.html.erb
View file

@ -1,6 +1,6 @@
<div class="pull-right">
<span class="text-muted"><%= l comment.created_at, format: '%H:%M' %></span>
<% if can_manage_comment_in_module?(comment) %>
<% if can_manage_comment_in_module?(comment.becomes(Comment)) %>
<div class="dropdown dropdown-comment">
<a href="#"
class="dropdown-toggle"

2
app/views/my_module_comments/_index.html.erb
View file

@ -14,7 +14,7 @@
<%= render 'my_module_comments/list.html.erb', comments: @comments %>
<% end %>
</ul>
<% if create_comment_in_module?(@my_module) %>
<% if can_create_comment_in_module?(@my_module) %>
<ul class="no-style double-line">
<li>
<hr>

2
app/views/result_comments/_comment.html.erb
View file

@ -1,7 +1,7 @@
<strong>
<%=t "my_modules.results.comment_title", user: comment.user.full_name, time: l(comment.created_at, format: :time) %>
</strong>
<% if can_manage_comment_in_module?(comment) %>
<% if can_manage_comment_in_module?(comment.becomes(Comment)) %>
<div class="dropdown dropdown-comment">
<a href="#"
class="dropdown-toggle"

2
app/views/result_comments/_index.html.erb
View file

@ -17,7 +17,7 @@
<%= render 'result_comments/list.html.erb', comments: @comments %>
<% end %>
</ul>
<% if create_comment_in_module?(@my_module) then %>
<% if can_create_comment_in_module?(@my_module) then %>
<ul class="no-style double-line">
<li>
<hr>

2
app/views/step_comments/_comment.html.erb
View file

@ -2,7 +2,7 @@
<strong>
<%=t "protocols.steps.comment_title", user: comment.user.full_name, time: l(comment.created_at, format: :time) %>
</strong>
<% if can_manage_comment_in_module?(comment) %>
<% if can_manage_comment_in_module?(comment.becomes(Comment)) %>
<div class="dropdown dropdown-comment">
<a href="#"
class="dropdown-toggle"