scinote-eln/scinote-web
1
1
Fork 0
mirror of https://github.com/scinote-eln/scinote-web.git synced 2025-09-11 07:34:41 +08:00
Code Issues Projects Releases Packages Wiki Activity

Add project comment manage own permission [SCI-6115] (#3574)

Browse source
This commit is contained in:
aignatov-bio 2021-10-04 15:43:50 +02:00 committed by GitHub
parent 116c09cd8a
commit d594778fa8
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 16 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
app/permissions/project.rb
View file

@ -76,7 +76,17 @@ Canaid::Permissions.register_for(Project) do
end end
Canaid::Permissions.register_for(ProjectComment) do Canaid::Permissions.register_for(ProjectComment) do
%i(manage_project_comment)
.each do |perm|
can perm do |_, comment|
project = comment.project
project.active?
end
end
can :manage_project_comment do |user, comment| can :manage_project_comment do |user, comment|
comment.project.permission_granted?(user, ProjectPermissions::COMMENTS_MANAGE) project = comment.project
project.permission_granted?(user, ProjectPermissions::COMMENTS_MANAGE) ||
((comment.user == user) && project.permission_granted?(user, ProjectPermissions::COMMENTS_MANAGE_OWN))
end end
end end

3
config/initializers/extends/permission_extends.rb
View file

@ -12,6 +12,7 @@ module PermissionExtends
COMMENTS_READ COMMENTS_READ
COMMENTS_CREATE COMMENTS_CREATE
COMMENTS_MANAGE COMMENTS_MANAGE
COMMENTS_MANAGE_OWN
TAGS_MANAGE TAGS_MANAGE
EXPERIMENTS_CREATE EXPERIMENTS_CREATE
).each { |permission| const_set(permission, "project_#{permission.underscore}") } ).each { |permission| const_set(permission, "project_#{permission.underscore}") }
@ -96,6 +97,7 @@ module PermissionExtends
ProjectPermissions::USERS_READ, ProjectPermissions::USERS_READ,
ProjectPermissions::COMMENTS_READ, ProjectPermissions::COMMENTS_READ,
ProjectPermissions::COMMENTS_CREATE, ProjectPermissions::COMMENTS_CREATE,
ProjectPermissions::COMMENTS_MANAGE_OWN,
ProjectPermissions::EXPERIMENTS_CREATE, ProjectPermissions::EXPERIMENTS_CREATE,
ExperimentPermissions::READ, ExperimentPermissions::READ,
ExperimentPermissions::READ_CANVAS, ExperimentPermissions::READ_CANVAS,
@ -131,6 +133,7 @@ module PermissionExtends
ProjectPermissions::USERS_READ, ProjectPermissions::USERS_READ,
ProjectPermissions::COMMENTS_READ, ProjectPermissions::COMMENTS_READ,
ProjectPermissions::COMMENTS_CREATE, ProjectPermissions::COMMENTS_CREATE,
ProjectPermissions::COMMENTS_MANAGE_OWN,
ExperimentPermissions::READ, ExperimentPermissions::READ,
ExperimentPermissions::READ_CANVAS, ExperimentPermissions::READ_CANVAS,
ExperimentPermissions::READ_ARCHIVED, ExperimentPermissions::READ_ARCHIVED,

4
spec/permissions/controllers/project_comments_controller_spec.rb
View file

@ -35,13 +35,13 @@ describe ProjectCommentsController, type: :controller do
it_behaves_like "a controller action with permissions checking", :put, :update do it_behaves_like "a controller action with permissions checking", :put, :update do
let(:testable) { project } let(:testable) { project }
let(:permissions) { [ProjectPermissions::COMMENTS_MANAGE] } let(:permissions) { [ProjectPermissions::COMMENTS_MANAGE, ProjectPermissions::COMMENTS_MANAGE_OWN] }
let(:action_params) { { project_id: project.id, id: project_comment.id, comment: { message: 'Test1' } } } let(:action_params) { { project_id: project.id, id: project_comment.id, comment: { message: 'Test1' } } }
end end
it_behaves_like "a controller action with permissions checking", :post, :destroy do it_behaves_like "a controller action with permissions checking", :post, :destroy do
let(:testable) { project } let(:testable) { project }
let(:permissions) { [ProjectPermissions::COMMENTS_MANAGE] } let(:permissions) { [ProjectPermissions::COMMENTS_MANAGE, ProjectPermissions::COMMENTS_MANAGE_OWN] }
let(:action_params) { { project_id: project.id, id: project_comment.id } } let(:action_params) { { project_id: project.id, id: project_comment.id } }
end end
end end