mirror of
https://github.com/scinote-eln/scinote-web.git
synced 2024-09-21 23:46:21 +08:00
Merge pull request #2001 from aignatov-bio/ai-sci-3794-share-button-not-visible-for-locked-items
Add new permission check for share button [SCI-3794]
This commit is contained in:
commit
da4a9b2ad4
|
@ -9,7 +9,8 @@ class RepositoriesController < ApplicationController
|
|||
before_action :check_view_all_permissions, only: :index
|
||||
before_action :check_view_permissions, only: %i(export_repository show)
|
||||
before_action :check_manage_permissions, only:
|
||||
%i(destroy destroy_modal rename_modal update share_modal)
|
||||
%i(destroy destroy_modal rename_modal update)
|
||||
before_action :check_share_permissions, only: :share_modal
|
||||
before_action :check_create_permissions, only:
|
||||
%i(create_modal create copy_modal copy)
|
||||
before_action :set_inline_name_editing, only: %i(show)
|
||||
|
@ -345,6 +346,10 @@ class RepositoriesController < ApplicationController
|
|||
render_403 unless can_manage_repository?(@repository)
|
||||
end
|
||||
|
||||
def check_share_permissions
|
||||
render_403 unless can_share_repository?(@repository)
|
||||
end
|
||||
|
||||
def repository_params
|
||||
params.require(:repository).permit(:name)
|
||||
end
|
||||
|
|
|
@ -70,7 +70,7 @@ class TeamRepositoriesController < ApplicationController
|
|||
end
|
||||
|
||||
def check_sharing_permissions
|
||||
render_403 unless can_manage_repository?(@repository)
|
||||
render_403 unless can_share_repository?(@repository)
|
||||
end
|
||||
|
||||
def teams_to_share
|
||||
|
|
|
@ -13,6 +13,11 @@ Canaid::Permissions.register_for(Repository) do
|
|||
user.is_admin_of_team?(repository.team)
|
||||
end
|
||||
|
||||
# repository: share
|
||||
can :share_repository do |user, repository|
|
||||
user.is_admin_of_team?(repository.team)
|
||||
end
|
||||
|
||||
# repository: create/import record
|
||||
can :create_repository_rows do |user, repository|
|
||||
if user.teams.include?(repository.team)
|
||||
|
|
|
@ -36,7 +36,7 @@
|
|||
|
||||
<div id="datatables-buttons" class="datatables-buttons" style="display: inline;">
|
||||
<div class="new-repository-button">
|
||||
<% if can_manage_repository?(@repository) %>
|
||||
<% if can_share_repository?(@repository) %>
|
||||
<%= link_to team_repository_share_modal_path(current_team, repository_id: @repository),
|
||||
class: 'btn btn-default share-repo-option', remote: true, id: 'shareRepoBtn' do %>
|
||||
<span class="fas fa-user-plus"></span>
|
||||
|
|
Loading…
Reference in a new issue