diff --git a/app/controllers/my_module_comments_controller.rb b/app/controllers/my_module_comments_controller.rb index bd0d019ba..5799372dd 100644 --- a/app/controllers/my_module_comments_controller.rb +++ b/app/controllers/my_module_comments_controller.rb @@ -183,13 +183,13 @@ class MyModuleCommentsController < ApplicationController end def check_add_permissions - render_403 unless create_comment_in_module?(@my_module) + render_403 unless can_create_comment_in_module?(@my_module) end def check_manage_permissions @comment = TaskComment.find_by_id(params[:id]) render_403 unless @comment.present? && - can_manage_comment_in_module?(@comment) + can_manage_comment_in_module?(@comment.becomes(Comment)) end def comment_params diff --git a/app/controllers/result_comments_controller.rb b/app/controllers/result_comments_controller.rb index 40c1a4d5f..884364a9f 100644 --- a/app/controllers/result_comments_controller.rb +++ b/app/controllers/result_comments_controller.rb @@ -175,13 +175,13 @@ class ResultCommentsController < ApplicationController end def check_add_permissions - render_403 unless create_comment_in_module?(@my_module) + render_403 unless can_create_comment_in_module?(@my_module) end def check_manage_permissions @comment = ResultComment.find_by_id(params[:id]) render_403 unless @comment.present? && - can_manage_comment_in_module?(@comment) + can_manage_comment_in_module?(@comment.becomes(Comment)) end def comment_params diff --git a/app/controllers/step_comments_controller.rb b/app/controllers/step_comments_controller.rb index dd5c8584a..523c674db 100644 --- a/app/controllers/step_comments_controller.rb +++ b/app/controllers/step_comments_controller.rb @@ -190,7 +190,7 @@ class StepCommentsController < ApplicationController def check_manage_permissions @comment = StepComment.find_by_id(params[:id]) render_403 unless @comment.present? && - can_manage_comment_in_module?(@comment) + can_manage_comment_in_module?(@comment.becomes(Comment)) end def comment_params diff --git a/app/permissions/experiment.rb b/app/permissions/experiment.rb index c91ffc925..be781a758 100644 --- a/app/permissions/experiment.rb +++ b/app/permissions/experiment.rb @@ -82,13 +82,11 @@ Canaid::Permissions.register_for(MyModule) do user.is_technician_or_higher_of_project?(my_module.experiment.project) end - # TODO: When rebasing on top of refactored projects permissions, just call - # can_create_comment_in_project?(user, my_module.experiment.project) instead # module: create comment # result: create comment # step: create comment can :create_comment_in_module do |user, my_module| - user.is_technician_or_higher_of_project?(my_module.experiment.project) + can_create_comment_in_project?(user, my_module.experiment.project) end %i(manage_module @@ -155,33 +153,34 @@ Canaid::Permissions.register_for(Comment) do # result: update/delete comment # step: update/delete comment can :manage_comment_in_module do |user, comment| - project = case comment.is_a? - when TaskComment - comment.my_module.experiment.project - when ResultComment - comment.result.my_module.experiment.project - when StepComment - comment.step.protocol.my_module.experiment.project - end + my_module = get_comment_module(comment) + project = my_module.experiment.project + # Same check as in `can_manage_comment_in_project?` project.present? && - # TODO: When rebasing on top of refactored projects permissions, just call - # can_manage_comment_in_project?(user, project) instead - (user.is_owner_of_project(project) || comment.user == current_user) + (user.is_owner_of_project?(project) || comment.user == user) end - %i(comment).each do |perm| + %i(manage_comment_in_module).each do |perm| can perm do |_, comment| - my_module = case comment.is_a? - when TaskComment - comment.my_module - when ResultComment - comment.result.my_module - when StepComment - comment.step.protocol.my_module - end + my_module = get_comment_module(comment) my_module.active? && my_module.experiment.active? && my_module.experiment.project.active? end end end + +private + +def get_comment_module(comment) + comment = comment.becomes(comment.type.constantize) + my_module = case comment + when TaskComment + comment.my_module + when ResultComment + comment.result.my_module + when StepComment + comment.step.protocol.my_module + end + my_module +end diff --git a/app/views/my_module_comments/_comment.html.erb b/app/views/my_module_comments/_comment.html.erb index 62a0c7eb7..06c84b48b 100644 --- a/app/views/my_module_comments/_comment.html.erb +++ b/app/views/my_module_comments/_comment.html.erb @@ -1,6 +1,6 @@
diff --git a/app/views/result_comments/_comment.html.erb b/app/views/result_comments/_comment.html.erb index 376cd01b7..ce19cd8eb 100644 --- a/app/views/result_comments/_comment.html.erb +++ b/app/views/result_comments/_comment.html.erb @@ -1,7 +1,7 @@ <%=t "my_modules.results.comment_title", user: comment.user.full_name, time: l(comment.created_at, format: :time) %> - <% if can_manage_comment_in_module?(comment) %> + <% if can_manage_comment_in_module?(comment.becomes(Comment)) %>
diff --git a/app/views/step_comments/_comment.html.erb b/app/views/step_comments/_comment.html.erb index 8c9de185b..a57e0148e 100644 --- a/app/views/step_comments/_comment.html.erb +++ b/app/views/step_comments/_comment.html.erb @@ -2,7 +2,7 @@ <%=t "protocols.steps.comment_title", user: comment.user.full_name, time: l(comment.created_at, format: :time) %> - <% if can_manage_comment_in_module?(comment) %> + <% if can_manage_comment_in_module?(comment.becomes(Comment)) %>