scinote-eln/scinote-web
1
1
Fork 0
mirror of https://github.com/scinote-eln/scinote-web.git synced 2025-01-30 19:48:18 +08:00
Code Issues Projects Releases Packages Wiki Activity

Fix repository rows permissions [SCI-2265]

Browse source
This commit is contained in:
Oleksii Kriuchykhin 2018-04-02 20:48:44 +02:00
parent 31c68ab4bc
commit d8d2d75631
2 changed files with 2 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
app/controllers/repository_rows_controller.rb
View file

@ -170,7 +170,7 @@ class RepositoryRowsController < ApplicationController
if selected_params
selected_params.each do |row_id|
row = @repository.repository_rows.find_by_id(row_id)
if row && can_manage_repository_row?(row)
if row && can_manage_repository_rows?(@repository.team)
row.destroy && deleted_count += 1
end
end
@ -221,9 +221,7 @@ class RepositoryRowsController < ApplicationController
end
def check_manage_permissions
render_403 unless @repository.repository_rows.all? do |row|
can_manage_repository_row?(row)
end
render_403 unless can_manage_repository_rows?(@repository.team)
end
def record_params

7
app/permissions/team.rb
View file

@ -114,13 +114,6 @@ Canaid::Permissions.register_for(Repository) do
end
end
Canaid::Permissions.register_for(RepositoryRow) do
# repository: update/delete record
can :manage_repository_row do |user, repository_row|
can_create_repository_rows?(user, repository_row.repository.team)
end
end
Canaid::Permissions.register_for(RepositoryColumn) do
# repository: update/delete field
can :manage_repository_column do |user, repository_column|