From d571ab2ed8e1b4c63fa0ad58b40f450a9f55d1a4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matej=20Zrim=C5=A1ek?= Date: Tue, 13 Feb 2018 14:59:30 +0100 Subject: [PATCH] Fixed comments permissions for experiment level. --- .../my_module_comments_controller.rb | 4 +- app/controllers/result_comments_controller.rb | 4 +- app/controllers/step_comments_controller.rb | 2 +- app/permissions/experiment.rb | 45 +++++++++---------- .../my_module_comments/_comment.html.erb | 2 +- app/views/my_module_comments/_index.html.erb | 2 +- app/views/result_comments/_comment.html.erb | 2 +- app/views/result_comments/_index.html.erb | 2 +- app/views/step_comments/_comment.html.erb | 2 +- 9 files changed, 32 insertions(+), 33 deletions(-) diff --git a/app/controllers/my_module_comments_controller.rb b/app/controllers/my_module_comments_controller.rb index bd0d019ba..5799372dd 100644 --- a/app/controllers/my_module_comments_controller.rb +++ b/app/controllers/my_module_comments_controller.rb @@ -183,13 +183,13 @@ class MyModuleCommentsController < ApplicationController end def check_add_permissions - render_403 unless create_comment_in_module?(@my_module) + render_403 unless can_create_comment_in_module?(@my_module) end def check_manage_permissions @comment = TaskComment.find_by_id(params[:id]) render_403 unless @comment.present? && - can_manage_comment_in_module?(@comment) + can_manage_comment_in_module?(@comment.becomes(Comment)) end def comment_params diff --git a/app/controllers/result_comments_controller.rb b/app/controllers/result_comments_controller.rb index 40c1a4d5f..884364a9f 100644 --- a/app/controllers/result_comments_controller.rb +++ b/app/controllers/result_comments_controller.rb @@ -175,13 +175,13 @@ class ResultCommentsController < ApplicationController end def check_add_permissions - render_403 unless create_comment_in_module?(@my_module) + render_403 unless can_create_comment_in_module?(@my_module) end def check_manage_permissions @comment = ResultComment.find_by_id(params[:id]) render_403 unless @comment.present? && - can_manage_comment_in_module?(@comment) + can_manage_comment_in_module?(@comment.becomes(Comment)) end def comment_params diff --git a/app/controllers/step_comments_controller.rb b/app/controllers/step_comments_controller.rb index dd5c8584a..523c674db 100644 --- a/app/controllers/step_comments_controller.rb +++ b/app/controllers/step_comments_controller.rb @@ -190,7 +190,7 @@ class StepCommentsController < ApplicationController def check_manage_permissions @comment = StepComment.find_by_id(params[:id]) render_403 unless @comment.present? && - can_manage_comment_in_module?(@comment) + can_manage_comment_in_module?(@comment.becomes(Comment)) end def comment_params diff --git a/app/permissions/experiment.rb b/app/permissions/experiment.rb index c91ffc925..be781a758 100644 --- a/app/permissions/experiment.rb +++ b/app/permissions/experiment.rb @@ -82,13 +82,11 @@ Canaid::Permissions.register_for(MyModule) do user.is_technician_or_higher_of_project?(my_module.experiment.project) end - # TODO: When rebasing on top of refactored projects permissions, just call - # can_create_comment_in_project?(user, my_module.experiment.project) instead # module: create comment # result: create comment # step: create comment can :create_comment_in_module do |user, my_module| - user.is_technician_or_higher_of_project?(my_module.experiment.project) + can_create_comment_in_project?(user, my_module.experiment.project) end %i(manage_module @@ -155,33 +153,34 @@ Canaid::Permissions.register_for(Comment) do # result: update/delete comment # step: update/delete comment can :manage_comment_in_module do |user, comment| - project = case comment.is_a? - when TaskComment - comment.my_module.experiment.project - when ResultComment - comment.result.my_module.experiment.project - when StepComment - comment.step.protocol.my_module.experiment.project - end + my_module = get_comment_module(comment) + project = my_module.experiment.project + # Same check as in `can_manage_comment_in_project?` project.present? && - # TODO: When rebasing on top of refactored projects permissions, just call - # can_manage_comment_in_project?(user, project) instead - (user.is_owner_of_project(project) || comment.user == current_user) + (user.is_owner_of_project?(project) || comment.user == user) end - %i(comment).each do |perm| + %i(manage_comment_in_module).each do |perm| can perm do |_, comment| - my_module = case comment.is_a? - when TaskComment - comment.my_module - when ResultComment - comment.result.my_module - when StepComment - comment.step.protocol.my_module - end + my_module = get_comment_module(comment) my_module.active? && my_module.experiment.active? && my_module.experiment.project.active? end end end + +private + +def get_comment_module(comment) + comment = comment.becomes(comment.type.constantize) + my_module = case comment + when TaskComment + comment.my_module + when ResultComment + comment.result.my_module + when StepComment + comment.step.protocol.my_module + end + my_module +end diff --git a/app/views/my_module_comments/_comment.html.erb b/app/views/my_module_comments/_comment.html.erb index 62a0c7eb7..06c84b48b 100644 --- a/app/views/my_module_comments/_comment.html.erb +++ b/app/views/my_module_comments/_comment.html.erb @@ -1,6 +1,6 @@
<%= l comment.created_at, format: '%H:%M' %> - <% if can_manage_comment_in_module?(comment) %> + <% if can_manage_comment_in_module?(comment.becomes(Comment)) %>
<% end %> -<% if create_comment_in_module?(@my_module) %> +<% if can_create_comment_in_module?(@my_module) %> -<% if create_comment_in_module?(@my_module) then %> +<% if can_create_comment_in_module?(@my_module) then %>
  • diff --git a/app/views/step_comments/_comment.html.erb b/app/views/step_comments/_comment.html.erb index 8c9de185b..a57e0148e 100644 --- a/app/views/step_comments/_comment.html.erb +++ b/app/views/step_comments/_comment.html.erb @@ -2,7 +2,7 @@ <%=t "protocols.steps.comment_title", user: comment.user.full_name, time: l(comment.created_at, format: :time) %> - <% if can_manage_comment_in_module?(comment) %> + <% if can_manage_comment_in_module?(comment.becomes(Comment)) %>