mirror of
https://github.com/scinote-eln/scinote-web.git
synced 2025-11-10 08:21:37 +08:00
Merge pull request #2001 from aignatov-bio/ai-sci-3794-share-button-not-visible-for-locked-items
Add new permission check for share button [SCI-3794]
This commit is contained in:
Miha Mencin
GitHub
commit
da4a9b2ad4
4 changed files with 13 additions and 3 deletions
|
|
@ -9,7 +9,8 @@ class RepositoriesController < ApplicationController
|
||||||
before_action :check_view_all_permissions, only: :index
|
before_action :check_view_all_permissions, only: :index
|
||||||
before_action :check_view_permissions, only: %i(export_repository show)
|
before_action :check_view_permissions, only: %i(export_repository show)
|
||||||
before_action :check_manage_permissions, only:
|
before_action :check_manage_permissions, only:
|
||||||
%i(destroy destroy_modal rename_modal update share_modal)
|
%i(destroy destroy_modal rename_modal update)
|
||||||
|
before_action :check_share_permissions, only: :share_modal
|
||||||
before_action :check_create_permissions, only:
|
before_action :check_create_permissions, only:
|
||||||
%i(create_modal create copy_modal copy)
|
%i(create_modal create copy_modal copy)
|
||||||
before_action :set_inline_name_editing, only: %i(show)
|
before_action :set_inline_name_editing, only: %i(show)
|
||||||
|
|
@ -345,6 +346,10 @@ class RepositoriesController < ApplicationController
|
||||||
render_403 unless can_manage_repository?(@repository)
|
render_403 unless can_manage_repository?(@repository)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def check_share_permissions
|
||||||
|
render_403 unless can_share_repository?(@repository)
|
||||||
|
end
|
||||||
|
|
||||||
def repository_params
|
def repository_params
|
||||||
params.require(:repository).permit(:name)
|
params.require(:repository).permit(:name)
|
||||||
end
|
end
|
||||||
|
|
|
||||||
|
|
@ -70,7 +70,7 @@ class TeamRepositoriesController < ApplicationController
|
||||||
end
|
end
|
||||||
|
|
||||||
def check_sharing_permissions
|
def check_sharing_permissions
|
||||||
render_403 unless can_manage_repository?(@repository)
|
render_403 unless can_share_repository?(@repository)
|
||||||
end
|
end
|
||||||
|
|
||||||
def teams_to_share
|
def teams_to_share
|
||||||
|
|
|
||||||
|
|
@ -13,6 +13,11 @@ Canaid::Permissions.register_for(Repository) do
|
||||||
user.is_admin_of_team?(repository.team)
|
user.is_admin_of_team?(repository.team)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
# repository: share
|
||||||
|
can :share_repository do |user, repository|
|
||||||
|
user.is_admin_of_team?(repository.team)
|
||||||
|
end
|
||||||
|
|
||||||
# repository: create/import record
|
# repository: create/import record
|
||||||
can :create_repository_rows do |user, repository|
|
can :create_repository_rows do |user, repository|
|
||||||
if user.teams.include?(repository.team)
|
if user.teams.include?(repository.team)
|
||||||
|
|
|
||||||
|
|
@ -36,7 +36,7 @@
|
||||||
|
|
||||||
<div id="datatables-buttons" class="datatables-buttons" style="display: inline;">
|
<div id="datatables-buttons" class="datatables-buttons" style="display: inline;">
|
||||||
<div class="new-repository-button">
|
<div class="new-repository-button">
|
||||||
<% if can_manage_repository?(@repository) %>
|
<% if can_share_repository?(@repository) %>
|
||||||
<%= link_to team_repository_share_modal_path(current_team, repository_id: @repository),
|
<%= link_to team_repository_share_modal_path(current_team, repository_id: @repository),
|
||||||
class: 'btn btn-default share-repo-option', remote: true, id: 'shareRepoBtn' do %>
|
class: 'btn btn-default share-repo-option', remote: true, id: 'shareRepoBtn' do %>
|
||||||
<span class="fas fa-user-plus"></span>
|
<span class="fas fa-user-plus"></span>
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue