Add new permissions for label templates [SCI-7088]

2025-09-30 08:54:31 +08:00 · 2022-09-14 15:13:13 +02:00 · 2022-09-14 15:13:13 +02:00 · d7990cb058
commit d7990cb058
parent 6ef7fa1f12
5 changed files with 60 additions and 8 deletions
--- a/app/permissions/team.rb
+++ b/app/permissions/team.rb
@ -52,11 +52,11 @@ Canaid::Permissions.register_for(Team) do
  end

  can :view_label_templates do |user, team|
-    user.is_normal_user_or_admin_of_team?(team)
+    team.permission_granted?(user, TeamPermissions::LABEL_TEMPLATES_READ)
  end

  can :manage_label_templates do |user, team|
-    user.is_admin_of_team?(team)
+    team.permission_granted?(user, TeamPermissions::LABEL_TEMPLATES_MANAGE)
  end
 end

--- a/app/views/shared/sidebar/_templates_sidebar.html.erb
+++ b/app/views/shared/sidebar/_templates_sidebar.html.erb
@ -4,9 +4,11 @@
                protocols_path,
                class: "sidebar-link #{'selected' if active == :protocol}" %>
  </li>
-  <li class="sidebar-leaf">
-    <%= link_to t('sidebar.templates.label_templates'),
-                label_templates_path,
-                class: "sidebar-link #{'selected' if active == :label}" %>
-  </li>
+  <% if can_view_label_templates?(current_team) %>
+    <li class="sidebar-leaf">
+      <%= link_to t('sidebar.templates.label_templates'),
+                  label_templates_path,
+                  class: "sidebar-link #{'selected' if active == :label}" %>
+    </li>
+  <% end %>
 </ul>
--- a/config/initializers/extends/permission_extends.rb
+++ b/config/initializers/extends/permission_extends.rb
@ -10,6 +10,8 @@ module PermissionExtends
      INVENTORIES_CREATE
      PROTOCOLS_CREATE
      REPORTS_CREATE
+      LABEL_TEMPLATES_READ
+      LABEL_TEMPLATES_MANAGE
    ).each { |permission| const_set(permission, "team_#{permission.underscore}") }
  end

@ -132,6 +134,8 @@ module PermissionExtends
      TeamPermissions::PROJECTS_CREATE,
      TeamPermissions::PROTOCOLS_CREATE,
      TeamPermissions::REPORTS_CREATE,
+      TeamPermissions::LABEL_TEMPLATES_READ,
+      TeamPermissions::LABEL_TEMPLATES_MANAGE,
      ProtocolPermissions::READ,
      ProtocolPermissions::MANAGE,
      ReportPermissions::READ,
@ -222,6 +226,7 @@ module PermissionExtends
    ]

    VIEWER_PERMISSIONS = [
+      TeamPermissions::LABEL_TEMPLATES_READ,
      ProtocolPermissions::READ,
      ReportPermissions::READ,
      ProjectPermissions::READ,
--- a/db/migrate/20220914124900_add_label_templates_permissions.rb
+++ b/db/migrate/20220914124900_add_label_templates_permissions.rb
@ -0,0 +1,44 @@
+class AddLabelTemplatesPermissions < ActiveRecord::Migration[6.1]
+ # frozen_string_literal: true
+  OWNER_PERMISSIONS = [
+    TeamPermissions::LABEL_TEMPLATES_READ,
+    TeamPermissions::LABEL_TEMPLATES_MANAGE
+  ].freeze
+
+  NORMAL_USER_PERMISSIONS = [
+    TeamPermissions::LABEL_TEMPLATES_READ,
+    TeamPermissions::LABEL_TEMPLATES_MANAGE
+  ].freeze
+
+  VIEWER_PERMISSIONS = [TeamPermissions::LABEL_TEMPLATES_READ].freeze
+
+  def change
+    reversible do |dir|
+      dir.up do
+        @owner_role = UserRole.find_by(name: UserRole.public_send('owner_role').name)
+        @normal_user_role = UserRole.find_by(name: UserRole.public_send('normal_user_role').name)
+        @viewer_role = UserRole.find_by(name: UserRole.public_send('viewer_role').name)
+
+        @owner_role.permissions = @owner_role.permissions | OWNER_PERMISSIONS
+        @owner_role.save(validate: false)
+        @normal_user_role.permissions = @normal_user_role.permissions | NORMAL_USER_PERMISSIONS
+        @normal_user_role.save(validate: false)
+        @viewer_role.permissions = @viewer_role.permissions | VIEWER_PERMISSIONS
+        @viewer_role.save(validate: false)
+      end
+
+      dir.down do
+        @owner_role = UserRole.find_by(name: UserRole.public_send('owner_role').name)
+        @normal_user_role = UserRole.find_by(name: UserRole.public_send('normal_user_role').name)
+        @viewer_role = UserRole.find_by(name: UserRole.public_send('viewer_role').name)
+
+        @owner_role.permissions = @owner_role.permissions - OWNER_PERMISSIONS
+        @owner_role.save(validate: false)
+        @normal_user_role.permissions = @normal_user_role.permissions - NORMAL_USER_PERMISSIONS
+        @normal_user_role.save(validate: false)
+        @viewer_role.permissions = @viewer_role.permissions - VIEWER_PERMISSIONS
+        @viewer_role.save(validate: false)
+      end
+    end
+  end
+end
--- a/db/structure.sql
+++ b/db/structure.sql
@ -8562,6 +8562,7 @@ INSERT INTO "schema_migrations" (version) VALUES
 ('20220624091046'),
 ('20220705091621'),
 ('20220726133419'),
-('20220803122405');
+('20220803122405'),
+('20220914124900');