scinote-eln/scinote-web
1
1
Fork 0
mirror of https://github.com/scinote-eln/scinote-web.git synced 2025-11-10 08:21:37 +08:00
Code Issues Projects Releases Packages Wiki Activity

Merge branch 'master' of https://github.com/biosistemika/scinote-web into samples_to_repositories_table_migration

Browse source
This commit is contained in:
zmagod 2018-03-13 13:24:36 +01:00
commit dd2f7dd417
113 changed files with 1148 additions and 1629 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
Gemfile
View file

@ -17,6 +17,7 @@ gem 'font-awesome-rails', '~> 4.7.0.2'
gem 'recaptcha', require: 'recaptcha/rails'
gem 'sanitize', '~> 4.4'
gem 'omniauth'
gem 'omniauth-linkedin-oauth2'
# Gems for API implementation
gem 'jwt', '~> 1.5'

17
Gemfile.lock
View file

@ -215,6 +215,8 @@ GEM
railties (>= 3.0.0)
faker (1.8.7)
i18n (>= 0.7)
faraday (0.12.2)
multipart-post (>= 1.2, < 3)
ffi (1.9.18)
figaro (1.1.1)
thor (~> 0.14)
@ -289,6 +291,8 @@ GEM
railties (>= 3.1)
multi_json (1.13.1)
multi_test (0.1.2)
multi_xml (0.6.0)
multipart-post (2.0.0)
nested_form_fields (0.8.2)
coffee-rails (>= 3.2.1)
jquery-rails
@ -299,10 +303,22 @@ GEM
mini_portile2 (~> 2.3.0)
nokogumbo (1.4.13)
nokogiri
oauth2 (1.4.0)
faraday (>= 0.8, < 0.13)
jwt (~> 1.0)
multi_json (~> 1.3)
multi_xml (~> 0.5)
rack (>= 1.2, < 3)
oj (3.3.10)
omniauth (1.8.1)
hashie (>= 3.4.6, < 3.6.0)
rack (>= 1.6.2, < 3)
omniauth-linkedin-oauth2 (0.2.5)
omniauth (~> 1.0)
omniauth-oauth2
omniauth-oauth2 (1.5.0)
oauth2 (~> 1.1)
omniauth (~> 1.2)
orm_adapter (0.5.0)
paperclip (5.2.1)
activemodel (>= 4.2.0)
@ -559,6 +575,7 @@ DEPENDENCIES
newrelic_rpm
nokogiri (~> 1.8.1)
omniauth
omniauth-linkedin-oauth2
paperclip (~> 5.1)
pg (~> 0.18)
phantomjs

2
VERSION
View file

@ -1 +1 @@
1.12.10
1.12.11

BIN
app/assets/images/linkedin/Sign-in-Small---Active.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 2.4 KiB

BIN
app/assets/images/linkedin/Sign-in-Small---Default.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 2.4 KiB

BIN
app/assets/images/linkedin/Sign-in-Small---Hover.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 2.4 KiB

2
app/controllers/api/v20170715/core_api_controller.rb
View file

@ -1,8 +1,6 @@
module Api
module V20170715
class CoreApiController < ApiController
include PermissionHelper
def tasks_tree
teams_json = []
current_user.teams.find_each do |tm|

1
app/controllers/application_controller.rb
View file

@ -1,5 +1,4 @@
class ApplicationController < ActionController::Base
include PermissionHelper
include FirstTimeDataGenerator
acts_as_token_authentication_handler_for User

10
app/controllers/assets_controller.rb
View file

@ -122,9 +122,7 @@ class AssetsController < ApplicationController
render_403 && return unless can_read_protocol_in_module?(@protocol) ||
can_read_protocol_in_repository?(@protocol)
elsif @assoc.class == Result
unless can_view_or_download_result_assets(@my_module)
render_403 and return
end
render_403 and return unless can_read_experiment?(@my_module.experiment)
elsif @assoc.class == RepositoryCell
# TBD
end
@ -133,11 +131,9 @@ class AssetsController < ApplicationController
def check_edit_permission
if @assoc.class == Step
render_403 && return unless can_manage_protocol_in_module?(@protocol) ||
can_update_protocol_in_repository?(@protocol)
can_manage_protocol_in_repository?(@protocol)
elsif @assoc.class == Result
unless can_edit_result_asset_in_module(@my_module)
render_403 and return
end
render_403 and return unless can_manage_module?(@my_module)
elsif @assoc.class == RepositoryCell
# TBD
end

27
app/controllers/canvas_controller.rb
View file

@ -45,7 +45,7 @@ class CanvasController < ApplicationController
# Make sure connections parameter is valid
connections = []
if can_edit_connections(@experiment) && update_params[:connections].present?
if update_params[:connections].present?
conns = update_params[:connections].split(',')
if conns.length.even? && conns.all? { |c| c.is_a? String }
conns.each_slice(2).each do |c|
@ -58,7 +58,7 @@ class CanvasController < ApplicationController
# Make sure positions parameter is valid
positions = {}
if can_reposition_modules(@experiment) && update_params[:positions].present?
if update_params[:positions].present?
poss = update_params[:positions].split(';')
center = ''
(poss.collect { |pos| pos.split(',') }).each_with_index do |pos, index|
@ -83,7 +83,7 @@ class CanvasController < ApplicationController
# Make sure that to_add is an array of strings,
# as well as that positions for newly added modules exist
to_add = []
if can_manage_experiment?(@experiment) && update_params[:add].present? &&
if update_params[:add].present? &&
update_params['add-names'].present?
ids = update_params[:add].split(',')
names = update_params['add-names'].split('|')
@ -101,16 +101,16 @@ class CanvasController < ApplicationController
# Make sure rename parameter is valid
to_rename = {}
if can_manage_experiment?(@experiment) && update_params[:rename].present?
if update_params[:rename].present?
begin
to_rename = JSON.parse(update_params[:rename])
# Okay, JSON parsed!
unless to_rename.is_a?(Hash) &&
to_rename.keys.all? { |k| k.is_a? String } &&
to_rename.values.all? { |k| k.is_a? String } &&
to_rename.keys.all? do |id|
id.is_a?(String) &&
can_manage_module?(MyModule.find_by_id(id))
end
end &&
to_rename.values.all? { |new_name| new_name.is_a? String }
return render_403
end
rescue
@ -125,10 +125,13 @@ class CanvasController < ApplicationController
to_move = JSON.parse(update_params[:move])
# Okay, JSON parsed!
unless to_move.is_a?(Hash) &&
to_move.keys.all? { |k| k.is_a? String } &&
to_move.values.all? { |k| k.is_a? String } &&
to_rename.keys.all? do |id|
can_manage_module?(MyModule.find_by_id(id))
to_move.keys.all? do |id|
id.is_a?(String) &&
(!is_int?(id) || can_manage_module?(MyModule.find_by_id(id)))
end &&
to_move.values.all? do |exp_id|
exp_id.is_a?(String) &&
can_manage_experiment?(Experiment.find_by_id(exp_id))
end
return render_403
end
@ -149,7 +152,7 @@ class CanvasController < ApplicationController
# Make sure that to_clone is an array of pairs,
# as well as that all IDs exist
to_clone = {}
if can_clone_modules(@experiment) && update_params[:cloned].present?
if update_params[:cloned].present?
clones = update_params[:cloned].split(';')
(clones.collect { |v| v.split(',') }).each do |val|
if val.length == 2 && is_int?(val[0]) && val[1].is_a?(String) &&

8
app/controllers/concerns/sample_actions.rb
View file

@ -1,9 +1,7 @@
module SampleActions
extend ActiveSupport::Concern
include PermissionHelper
def delete_samples
check_destroy_samples_permissions
if params[:sample_ids].present?
counter_user = 0
@ -11,7 +9,7 @@ module SampleActions
params[:sample_ids].each do |id|
sample = Sample.find_by_id(id)
if sample && can_update_or_delete_sample?(sample)
if sample && can_manage_sample?(sample)
sample.destroy
counter_user += 1
else
@ -43,8 +41,4 @@ module SampleActions
redirect_to samples_experiment_path(@experiment)
end
end
def check_destroy_samples_permissions
render_403 unless can_manage_samples?(@project.team)
end
end

8
app/controllers/custom_fields_controller.rb
View file

@ -4,7 +4,7 @@ class CustomFieldsController < ApplicationController
before_action :load_vars, except: :create
before_action :load_vars_nested, only: [:create, :destroy_html]
before_action :check_create_permissions, only: :create
before_action :check_update_and_delete_permissions, except: :create
before_action :check_manage_permissions, except: :create
def create
@custom_field = CustomField.new(custom_field_params)
@ -105,11 +105,11 @@ class CustomFieldsController < ApplicationController
end
def check_create_permissions
render_403 unless can_manage_sample_columns?(@team)
render_403 unless can_create_sample_columns?(@team)
end
def check_update_and_delete_permissions
render_403 unless can_update_or_delete_custom_field?(@custom_field)
def check_manage_permissions
render_403 unless can_manage_sample_column?(@custom_field)
end
def custom_field_params

18
app/controllers/experiments_controller.rb
View file

@ -1,6 +1,5 @@
class ExperimentsController < ApplicationController
include SampleActions
include PermissionHelper
include TeamsHelper
include InputSanitizeHelper
include ActionView::Helpers::TextHelper
@ -14,6 +13,8 @@ class ExperimentsController < ApplicationController
:clone_modal, :move_modal, :delete_samples]
before_action :check_view_permissions,
only: [:canvas, :module_archive]
before_action :check_manage_permissions, only: :edit
before_action :check_archive_permissions, only: :archive
before_action :check_clone_permissions, only: %i(clone_modal clone)
before_action :check_move_permissions, only: %i(move_modal move)
@ -91,9 +92,16 @@ class ExperimentsController < ApplicationController
end
def update
render_403 && return unless if experiment_params[:archived] == 'false'
can_restore_experiment?(@experiment)
else
can_manage_experiment?(@experiment)
end
old_text = @experiment.description
@experiment.update_attributes(experiment_params)
@experiment.last_modified_by = current_user
if @experiment.save
experiment_annotation_notification(old_text)
@ -344,6 +352,14 @@ class ExperimentsController < ApplicationController
render_403 unless can_read_experiment?(@experiment)
end
def check_manage_permissions
render_403 unless can_manage_experiment?(@experiment)
end
def check_archive_permissions
render_403 unless can_archive_experiment?(@experiment)
end
def check_clone_permissions
render_403 unless can_clone_experiment?(@experiment)
end

17
app/controllers/my_module_comments_controller.rb
View file

@ -7,8 +7,7 @@ class MyModuleCommentsController < ApplicationController
before_action :load_vars
before_action :check_view_permissions, only: :index
before_action :check_add_permissions, only: [:create]
before_action :check_edit_permissions, only: [:edit, :update]
before_action :check_destroy_permissions, only: [:destroy]
before_action :check_manage_permissions, only: %i(edit update destroy)
def index
@comments = @my_module.last_comments(@last_comment_id, @per_page)
@ -184,19 +183,13 @@ class MyModuleCommentsController < ApplicationController
end
def check_add_permissions
unless can_add_comment_to_module(@my_module)
render_403
end
render_403 unless can_create_comments_in_module?(@my_module)
end
def check_edit_permissions
def check_manage_permissions
@comment = TaskComment.find_by_id(params[:id])
render_403 unless @comment.present? && can_edit_module_comment(@comment)
end
def check_destroy_permissions
@comment = TaskComment.find_by_id(params[:id])
render_403 unless @comment.present? && can_delete_module_comment(@comment)
render_403 unless @comment.present? &&
can_manage_comment_in_module?(@comment.becomes(Comment))
end
def comment_params

8
app/controllers/my_module_tags_controller.rb
View file

@ -1,7 +1,7 @@
class MyModuleTagsController < ApplicationController
before_action :load_vars
before_action :check_view_permissions, only: [:index_edit, :index]
before_action :check_manage_permissions, only: %i(create destroy)
before_action :check_view_permissions, only: :index
before_action :check_manage_permissions, only: %i(create index_edit destroy)
def index_edit
@my_module_tags = @my_module.my_module_tags
@ -74,11 +74,11 @@ class MyModuleTagsController < ApplicationController
end
def check_view_permissions
render_403 unless can_read_project?(@my_module.experiment.project)
render_403 unless can_read_experiment?(@my_module.experiment)
end
def check_manage_permissions
render_403 unless can_create_or_manage_tags?(@my_module.experiment.project)
render_403 unless can_manage_tags?(@my_module.experiment.project)
end
def init_gui

78
app/controllers/my_modules_controller.rb
View file

@ -4,30 +4,21 @@ class MyModulesController < ApplicationController
include InputSanitizeHelper
include Rails.application.routes.url_helpers
include ActionView::Helpers::UrlHelper
include ApplicationHelper
before_action :load_vars,
only: %I[show update destroy description due_date protocols
results samples activities activities_tab
assign_samples unassign_samples delete_samples
toggle_task_state samples_index archive
complete_my_module repository repository_index
assign_repository_records unassign_repository_records]
before_action :load_vars
before_action :load_vars_nested, only: %I[new create]
before_action :load_repository, only: %I[assign_repository_records
unassign_repository_records]
before_action :check_manage_permissions,
only: %i(update destroy description due_date)
before_action :check_view_info_permissions, only: :show
before_action :check_manage_permissions, only:
%i(destroy description due_date)
before_action :check_view_permissions, only:
%i(activities activities_tab protocols results samples samples_index)
before_action :check_view_archive_permissions, only: :archive
before_action :check_assign_samples_permissions, only: :assign_samples
before_action :check_unassign_samples_permissions, only: :unassign_samples
before_action :check_complete_my_module_perimission, only: :complete_my_module
before_action :check_assign_repository_records_permissions,
only: :assign_repository_records
before_action :check_unassign_repository_records_permissions,
only: :unassign_repository_records
%i(show activities activities_tab protocols results samples samples_index
archive)
before_action :check_complete_module_permission, only: :complete_my_module
before_action :check_assign_repository_records_permissions, only:
%i(assign_repository_records unassign_repository_records assign_samples
unassign_samples)
layout 'fluid'.freeze
@ -136,13 +127,18 @@ class MyModulesController < ApplicationController
end
def update
render_403 && return unless if my_module_params[:archived] == 'false'
can_restore_module?(@my_module)
else
can_manage_module?(@my_module)
end
@my_module.assign_attributes(my_module_params)
@my_module.last_modified_by = current_user
description_changed = @my_module.description_changed?
restored = false
if @my_module.archived_changed?(from: false, to: true)
saved = @my_module.archive(current_user)
if saved
# Currently not in use
@ -160,6 +156,7 @@ class MyModulesController < ApplicationController
)
end
elsif @my_module.archived_changed?(from: true, to: false)
saved = @my_module.restore(current_user)
if saved
restored = true
@ -177,8 +174,8 @@ class MyModulesController < ApplicationController
)
end
else
saved = @my_module.save
saved = @my_module.save
if saved and description_changed then
Activity.create(
type_of: :change_module_description,
@ -480,7 +477,7 @@ class MyModulesController < ApplicationController
# Complete/uncomplete task
def toggle_task_state
respond_to do |format|
if can_complete_module(@my_module)
if can_complete_module?(@my_module)
@my_module.completed? ? @my_module.uncomplete : @my_module.complete
completed = @my_module.completed?
if @my_module.save
@ -605,44 +602,17 @@ class MyModulesController < ApplicationController
render_403 unless can_manage_module?(@my_module)
end
def check_view_info_permissions
unless can_view_module_info(@my_module)
render_403
end
end
def check_view_permissions
render_403 unless can_read_experiment?(@my_module.experiment)
end
def check_view_archive_permissions
unless can_view_module_archive(@my_module)
render_403
end
end
def check_assign_samples_permissions
unless can_add_samples_to_module(@my_module)
render_403
end
end
def check_unassign_samples_permissions
unless can_delete_samples_from_module(@my_module)
render_403
end
end
def check_assign_repository_records_permissions
render_403 unless can_assign_repository_records(@my_module, @repository)
render_403 unless module_page? &&
can_assign_repository_rows_to_module?(@my_module)
end
def check_unassign_repository_records_permissions
render_403 unless can_unassign_repository_records(@my_module, @repository)
end
def check_complete_my_module_perimission
render_403 unless can_complete_module(@my_module)
def check_complete_module_permission
render_403 unless can_complete_module?(@my_module)
end
def my_module_params

2
app/controllers/project_comments_controller.rb
View file

@ -174,7 +174,7 @@ class ProjectCommentsController < ApplicationController
end
def check_create_permissions
render_403 unless can_create_comment_in_project?(@project)
render_403 unless can_create_comments_in_project?(@project)
end
def check_manage_permissions

12
app/controllers/projects_controller.rb
View file

@ -12,7 +12,7 @@ class ProjectsController < ApplicationController
samples experiment_archive
samples_index)
before_action :check_create_permissions, only: [ :new, :create ]
before_action :check_manage_permissions, only: %i(edit update)
before_action :check_manage_permissions, only: :edit
@filter_by_archived = false
@ -115,13 +115,17 @@ class ProjectsController < ApplicationController
flash_error = t('projects.update.error_flash', name: @project.name)
# Check archive permissions if archiving/restoring
if project_params.include? :archive
if (project_params[:archive] && !can_archive_project?(@project)) ||
(!project_params[:archive] && !can_restore_project?(@project))
if project_params.include? :archived
if (project_params[:archived] == 'true' &&
!can_archive_project?(@project)) ||
(project_params[:archived] == 'false' &&
!can_restore_project?(@project))
return_error = true
is_archive = URI(request.referer).path == projects_archive_path ? "restore" : "archive"
flash_error = t("projects.#{is_archive}.error_flash", name: @project.name)
end
elsif !can_manage_project?(@project)
render_403 && return
end
message_renamed = nil

142
app/controllers/protocols_controller.rb
View file

@ -18,15 +18,6 @@ class ProtocolsController < ApplicationController
linked_children
linked_children_datatable
)
before_action :check_edit_permissions, only: %i(
edit
update_metadata
update_keywords
edit_name_modal
edit_keywords_modal
edit_authors_modal
edit_description_modal
)
before_action :check_view_all_permissions, only: %i(
index
datatable
@ -34,6 +25,13 @@ class ProtocolsController < ApplicationController
# For update_from_parent and update_from_parent_modal we don't need to check
# read permission for the parent protocol
before_action :check_manage_permissions, only: %i(
edit
update_metadata
update_keywords
edit_name_modal
edit_keywords_modal
edit_authors_modal
edit_description_modal
unlink
unlink_modal
revert
@ -41,10 +39,13 @@ class ProtocolsController < ApplicationController
update_from_parent
update_from_parent_modal
)
before_action :check_update_parent_permissions, only: %i(
before_action :check_manage_parent_in_repository_permissions, only: %i(
update_parent
update_parent_modal
)
before_action :check_manage_all_in_repository_permissions, only:
%i(make_private publish archive)
before_action :check_restore_all_in_repository_permissions, only: :restore
before_action :check_load_from_repository_views_permissions, only: %i(
load_from_repository_modal
load_from_repository_datatable
@ -59,10 +60,6 @@ class ProtocolsController < ApplicationController
copy_to_repository
copy_to_repository_modal
)
before_action :check_make_private_permissions, only: [:make_private]
before_action :check_publish_permissions, only: [:publish]
before_action :check_archive_permissions, only: [:archive]
before_action :check_restore_permissions, only: [:restore]
before_action :check_import_permissions, only: [:import]
before_action :check_export_permissions, only: [:export]
@ -265,8 +262,8 @@ class ProtocolsController < ApplicationController
def copy_to_repository
link_protocols = params[:link] &&
can_manage_protocol_in_module(@protocol) &&
can_create_protocols_in_repository(@protocol.team)
can_manage_protocol_in_module?(@protocol) &&
can_create_protocols_in_repository?(@protocol.team)
respond_to do |format|
transaction_error = false
Protocol.transaction do
@ -640,10 +637,11 @@ class ProtocolsController < ApplicationController
return 0 # return 0 stops the rest of the controller code from executing
end
@json_object = JSON.parse(json_file_contents)
@json_object['steps'] = protocols_io_guid_reorder_step_json(
@json_object['steps']
)
unless step_hash_null?(@json_object['steps'])
@json_object['steps'] = protocols_io_guid_reorder_step_json(
@json_object['steps']
)
end
@protocol = Protocol.new
respond_to do |format|
@ -658,23 +656,26 @@ class ProtocolsController < ApplicationController
@db_json = {}
@toolong = false
@db_json['name'] = pio_eval_title_len(
sanitize_input(params['protocol']['name'])
sanitize_input(not_null(params['protocol']['name']))
)
# since scinote only has description field, and protocols.io has many others
# ,here i am putting everything important from protocols.io into description
@db_json['authors'] = pio_eval_title_len(
sanitize_input(params['protocol']['authors'])
sanitize_input(not_null(params['protocol']['authors']))
)
@db_json['created_at'] = pio_eval_title_len(
sanitize_input(params['protocol']['created_at'])
sanitize_input(not_null(params['protocol']['created_at']))
)
@db_json['updated_at'] = pio_eval_title_len(
sanitize_input(params['protocol']['last_modified'])
sanitize_input(not_null(params['protocol']['last_modified']))
)
@db_json['steps'] = {}
@db_json['steps'] = protocols_io_fill_step(
@json_object, @db_json['steps']
)
unless step_hash_null?(@json_object['steps'])
@db_json['steps'] = protocols_io_fill_step(
@json_object, @db_json['steps']
)
end
protocol = nil
respond_to do |format|
transaction_error = false
@ -1066,27 +1067,38 @@ class ProtocolsController < ApplicationController
end
end
def check_edit_permissions
load_team_and_type
def check_manage_permissions
@protocol = Protocol.find_by_id(params[:id])
render_403 unless @protocol.present? &&
(can_manage_protocol_in_module?(@protocol) ||
can_manage_protocol_in_repository?(@protocol))
end
unless can_update_protocol_in_repository?(@protocol)
render_403
def check_manage_parent_in_repository_permissions
@protocol = Protocol.find_by_id(params[:id])
render_403 unless @protocol.present? &&
can_read_protocol_in_module?(@protocol) &&
can_manage_protocol_in_repository?(@protocol.parent)
end
def check_manage_all_in_repository_permissions
@protocols = Protocol.where(id: params[:protocol_ids])
@protocols.find_each do |protocol|
unless can_manage_protocol_in_repository?(protocol)
respond_to { |f| f.json { render json: {}, status: :unauthorized } }
break
end
end
end
def check_manage_permissions
@protocol = Protocol.find_by_id(params[:id])
render_403 if @protocol.blank? || !can_manage_protocol_in_module?(@protocol)
end
def check_update_parent_permissions
@protocol = Protocol.find_by_id(params[:id])
render_403 unless @protocol.present? &&
(can_read_protocol_in_module?(@protocol) ||
can_update_protocol_in_repository(@protocol.parent))
def check_restore_all_in_repository_permissions
@protocols = Protocol.where(id: params[:protocol_ids])
@protocols.find_each do |protocol|
unless can_restore_protocol_in_repository?(protocol)
respond_to { |f| f.json { render json: {}, status: :unauthorized } }
break
end
end
end
def check_load_from_repository_views_permissions
@ -1126,50 +1138,6 @@ class ProtocolsController < ApplicationController
can_create_protocols_in_repository?(@protocol.team))
end
def check_make_private_permissions
@protocols = Protocol.where(id: params[:protocol_ids])
@protocols.find_each do |protocol|
if !protocol.in_repository_public? ||
!can_update_protocol_type_in_repository?(protocol)
respond_to { |f| f.json { render json: {}, status: :unauthorized } }
return
end
end
end
def check_publish_permissions
@protocols = Protocol.where(id: params[:protocol_ids])
@protocols.find_each do |protocol|
if !protocol.in_repository_private? ||
!can_update_protocol_type_in_repository?(protocol)
respond_to { |f| f.json { render json: {}, status: :unauthorized } }
return
end
end
end
def check_archive_permissions
@protocols = Protocol.where(id: params[:protocol_ids])
@protocols.find_each do |protocol|
if protocol.in_repository_archived? ||
!can_update_protocol_type_in_repository?(protocol)
respond_to { |f| f.json { render json: {}, status: :unauthorized } }
return
end
end
end
def check_restore_permissions
@protocols = Protocol.where(id: params[:protocol_ids])
@protocols.find_each do |protocol|
if protocol.in_repository_active? ||
!can_update_protocol_type_in_repository?(protocol)
respond_to { |f| f.json { render json: {}, status: :unauthorized } }
return
end
end
end
def check_import_permissions
@protocol_json = params[:protocol]
@team = Team.find(params[:team_id])

42
app/controllers/reports_controller.rb
View file

@ -30,23 +30,24 @@ class ReportsController < ApplicationController
]
before_action :check_view_permissions, only: :index
before_action :check_create_permissions, only: [
:new,
:create,
:generate,
:save_modal,
:project_contents_modal,
:experiment_contents_modal,
:module_contents_modal,
:step_contents_modal,
:result_contents_modal,
:project_contents,
:module_contents,
:step_contents,
:result_contents
]
before_action :check_manage_permissions, only: %i(edit update
destroy)
before_action :check_manage_permissions, only: %i(
new
create
edit
update
destroy
generate
save_modal
project_contents_modal
experiment_contents_modal
module_contents_modal
step_contents_modal
result_contents_modal
project_contents
module_contents
step_contents
result_contents
)
layout 'fluid'
@ -449,13 +450,8 @@ class ReportsController < ApplicationController
render_403 unless can_read_project?(@project)
end
def check_create_permissions
render_403 unless can_create_or_manage_reports?(@project)
end
def check_manage_permissions
render_403 unless can_create_or_manage_reports?(@project)
render_404 unless params.include? :report_ids
render_403 unless can_manage_reports?(@project)
end
def report_params

6
app/controllers/repositories_controller.rb
View file

@ -6,7 +6,7 @@ class RepositoriesController < ApplicationController
before_action :check_team, only: %i(parse_sheet import_records)
before_action :check_view_all_permissions, only: :index
before_action :check_view_permissions, only: :export_repository
before_action :check_edit_and_destroy_permissions, only:
before_action :check_manage_permissions, only:
%i(destroy destroy_modal rename_modal update)
before_action :check_create_permissions, only:
%i(create_new_modal create copy_modal copy)
@ -309,8 +309,8 @@ class RepositoriesController < ApplicationController
@team.repositories.count < Constants::REPOSITORIES_LIMIT
end
def check_edit_and_destroy_permissions
render_403 unless can_update_or_delete_repository?(@repository)
def check_manage_permissions
render_403 unless can_manage_repository?(@repository)
end
def repository_params

6
app/controllers/repository_columns_controller.rb
View file

@ -4,7 +4,7 @@ class RepositoryColumnsController < ApplicationController
before_action :load_vars, except: :create
before_action :load_vars_nested, only: :create
before_action :check_create_permissions, only: :create
before_action :check_update_and_delete_permissions, except: :create
before_action :check_manage_permissions, except: :create
def create
@repository_column = RepositoryColumn.new(repository_column_params)
@ -111,8 +111,8 @@ class RepositoryColumnsController < ApplicationController
render_403 unless can_create_repository_columns?(@repository.team)
end
def check_update_and_delete_permissions
render_403 unless can_update_or_delete_repository_column?(@repository_column)
def check_manage_permissions
render_403 unless can_manage_repository_column?(@repository_column)
end
def repository_column_params

17
app/controllers/repository_rows_controller.rb
View file

@ -7,8 +7,7 @@ class RepositoryRowsController < ApplicationController
before_action :load_vars, only: %i(edit update)
before_action :load_repository, only: %i(create delete_records)
before_action :check_create_permissions, only: :create
before_action :check_edit_permissions, only: %i(edit update)
before_action :check_destroy_permissions, only: :delete_records
before_action :check_manage_permissions, only: %i(edit update delete_records)
def create
record = RepositoryRow.new(repository: @repository,
@ -184,7 +183,7 @@ class RepositoryRowsController < ApplicationController
if selected_params
selected_params.each do |row_id|
row = @repository.repository_rows.find_by_id(row_id)
if row && can_update_or_delete_repository_row?(row)
if row && can_manage_repository_row?(row)
row.destroy && deleted_count += 1
end
end
@ -241,15 +240,13 @@ class RepositoryRowsController < ApplicationController
end
def check_create_permissions
render_403 unless can_manage_repository_rows?(@repository.team)
render_403 unless can_create_repository_rows?(@repository.team)
end
def check_edit_permissions
render_403 unless can_update_or_delete_repository_row?(@record)
end
def check_destroy_permissions
render_403 unless can_manage_repository_rows?(@repository.team)
def check_manage_permissions
render_403 unless @repository.repository_rows.all? do |row|
can_manage_repository_row?(row)
end
end
def record_params

14
app/controllers/result_assets_controller.rb
View file

@ -4,8 +4,7 @@ class ResultAssetsController < ApplicationController
before_action :load_vars, only: [:edit, :update, :download]
before_action :load_vars_nested, only: [:new, :create]
before_action :check_create_permissions, only: [:new, :create]
before_action :check_edit_permissions, only: [:edit, :update]
before_action :check_manage_permissions, only: %i(new create edit update)
before_action :check_archive_permissions, only: [:update]
def new
@ -191,17 +190,12 @@ class ResultAssetsController < ApplicationController
render_404 unless @my_module
end
def check_create_permissions
render_403 unless can_create_result_asset_in_module(@my_module)
end
def check_edit_permissions
render_403 unless can_edit_result_asset_in_module(@my_module)
def check_manage_permissions
render_403 unless can_manage_module?(@my_module)
end
def check_archive_permissions
if result_params[:archived].to_s != '' and
not can_archive_result(@result)
if result_params[:archived].to_s != '' && !can_manage_result?(@result)
render_403
end
end

21
app/controllers/result_comments_controller.rb
View file

@ -7,8 +7,7 @@ class ResultCommentsController < ApplicationController
before_action :check_view_permissions, only: [:index]
before_action :check_add_permissions, only: [:create]
before_action :check_edit_permissions, only: [:edit, :update]
before_action :check_destroy_permissions, only: [:destroy]
before_action :check_manage_permissions, only: %i(edit update destroy)
def index
@comments = @result.last_comments(@last_comment_id, @per_page)
@ -172,27 +171,17 @@ class ResultCommentsController < ApplicationController
end
def check_view_permissions
unless can_view_result_comments(@my_module)
render_403
end
render_403 unless can_read_experiment?(@my_module.experiment)
end
def check_add_permissions
unless can_add_result_comment_in_module(@my_module)
render_403
end
render_403 unless can_create_comments_in_module?(@my_module)
end
def check_edit_permissions
def check_manage_permissions
@comment = ResultComment.find_by_id(params[:id])
render_403 unless @comment.present? &&
can_edit_result_comment_in_module(@comment)
end
def check_destroy_permissions
@comment = ResultComment.find_by_id(params[:id])
render_403 unless @comment.present? &&
can_delete_result_comment_in_module(@comment)
can_manage_comment_in_module?(@comment.becomes(Comment))
end
def comment_params

18
app/controllers/result_tables_controller.rb
View file

@ -5,8 +5,7 @@ class ResultTablesController < ApplicationController
before_action :load_vars_nested, only: [:new, :create]
before_action :convert_contents_to_utf8, only: [:create, :update]
before_action :check_create_permissions, only: [:new, :create]
before_action :check_edit_permissions, only: [:edit, :update]
before_action :check_manage_permissions, only: %i(new create edit update)
before_action :check_archive_permissions, only: [:update]
def new
@ -196,21 +195,12 @@ class ResultTablesController < ApplicationController
end
end
def check_create_permissions
unless can_create_result_table_in_module(@my_module)
render_403
end
end
def check_edit_permissions
unless can_edit_result_table_in_module(@my_module)
render_403
end
def check_manage_permissions
render_403 unless can_manage_module?(@my_module)
end
def check_archive_permissions
if result_params[:archived].to_s != '' and
not can_archive_result(@result)
if result_params[:archived].to_s != '' && !can_manage_result?(@result)
render_403
end
end

18
app/controllers/result_texts_controller.rb
View file

@ -9,8 +9,7 @@ class ResultTextsController < ApplicationController
before_action :load_vars, only: [:edit, :update, :download]
before_action :load_vars_nested, only: [:new, :create]
before_action :check_create_permissions, only: [:new, :create]
before_action :check_edit_permissions, only: [:edit, :update]
before_action :check_manage_permissions, only: %i(new create edit update)
before_action :check_archive_permissions, only: [:update]
def new
@ -202,21 +201,12 @@ class ResultTextsController < ApplicationController
end
end
def check_create_permissions
unless can_create_result_text_in_module(@my_module)
render_403
end
end
def check_edit_permissions
unless can_edit_result_text_in_module(@my_module)
render_403
end
def check_manage_permissions
render_403 unless can_manage_module?(@my_module)
end
def check_archive_permissions
if result_params[:archived].to_s != '' and
not can_archive_result(@result)
if result_params[:archived].to_s != '' && !can_manage_result?(@result)
render_403
end
end

6
app/controllers/results_controller.rb
View file

@ -1,6 +1,6 @@
class ResultsController < ApplicationController
before_action :load_vars
before_action :can_destroy_result_permission
before_action :check_destroy_permissions
def destroy
act_log = t('my_modules.module_archive.table_log',
@ -39,7 +39,7 @@ class ResultsController < ApplicationController
@my_module = @result.my_module
end
def can_destroy_result_permission
render_403 unless can_delete_module_result(@result)
def check_destroy_permissions
render_403 unless can_manage_result?(@result)
end
end

12
app/controllers/sample_groups_controller.rb
View file

@ -1,6 +1,8 @@
class SampleGroupsController < ApplicationController
before_action :load_vars_nested
before_action :check_permissions, except: %i(index sample_group_element)
before_action :check_view_permissions, only: %i(index sample_group_element)
before_action :check_manage_permissions, only: %i(create edit update destroy
destroy_confirmation)
before_action :set_sample_group, except: %i(create index)
before_action :set_project_my_module, only: :index
layout 'fluid'
@ -133,8 +135,12 @@ class SampleGroupsController < ApplicationController
render_404 unless @team
end
def check_permissions
render_403 unless can_manage_sample_columns?(@team)
def check_view_permissions
render_403 unless can_read_team?(@team)
end
def check_manage_permissions
render_403 unless can_manage_sample_types_and_groups?(@team)
end
def sample_group_params

12
app/controllers/sample_types_controller.rb
View file

@ -1,6 +1,8 @@
class SampleTypesController < ApplicationController
before_action :load_vars_nested
before_action :check_permissions, except: %i(index sample_type_element)
before_action :check_view_permissions, only: %i(index sample_type_element)
before_action :check_manage_permissions, only: %i(create edit update destroy
destroy_confirmation)
before_action :set_sample_type, except: %i(create index)
before_action :set_project_my_module, only: :index
layout 'fluid'
@ -129,8 +131,12 @@ class SampleTypesController < ApplicationController
render_404 unless @team
end
def check_permissions
render_403 unless can_manage_sample_columns?(@team)
def check_view_permissions
render_403 unless can_read_team?(@team)
end
def check_manage_permissions
render_403 unless can_manage_sample_types_and_groups?(@team)
end
def set_sample_type

11
app/controllers/samples_controller.rb
View file

@ -7,8 +7,7 @@ class SamplesController < ApplicationController
before_action :load_vars_nested, only: [:new, :create]
before_action :check_create_permissions, only: %i(new create)
before_action :check_update_and_delete_permissions,
only: %i(edit update destroy)
before_action :check_manage_permissions, only: %i(edit update destroy)
def new
respond_to do |format|
@ -69,7 +68,7 @@ class SamplesController < ApplicationController
errors[:init_fields] = sample.errors.messages
else
# Sample was saved, we can add all newly added sample fields
params[:custom_fields].to_a.each do |id, val|
custom_fields_params.to_a.each do |id, val|
scf = SampleCustomField.new(
custom_field_id: id,
sample_id: sample.id,
@ -308,11 +307,11 @@ class SamplesController < ApplicationController
end
def check_create_permissions
render_403 unless can_manage_samples?(@team)
render_403 unless can_create_samples?(@team)
end
def check_update_and_delete_permissions
render_403 unless can_update_or_delete_sample?(@sample)
def check_manage_permissions
render_403 unless can_manage_sample?(@sample)
end
def sample_params

95
app/controllers/step_comments_controller.rb
View file

@ -8,8 +8,7 @@ class StepCommentsController < ApplicationController
before_action :check_view_permissions, only: [:index]
before_action :check_add_permissions, only: [:create]
before_action :check_edit_permissions, only: [:edit, :update]
before_action :check_destroy_permissions, only: [:destroy]
before_action :check_manage_permissions, only: %i(edit update destroy)
def index
@comments = @step.last_comments(@last_comment_id, @per_page)
@ -52,21 +51,19 @@ class StepCommentsController < ApplicationController
step_comment_annotation_notification
# Generate activity (this can only occur in module,
# but nonetheless check if my module is not nil)
if @protocol.in_module?
Activity.create(
type_of: :add_comment_to_step,
user: current_user,
project: @step.my_module.experiment.project,
experiment: @step.my_module.experiment,
my_module: @step.my_module,
message: t(
"activities.add_comment_to_step",
user: current_user.full_name,
step: @step.position + 1,
step_name: @step.name
)
Activity.create(
type_of: :add_comment_to_step,
user: current_user,
project: @step.my_module.experiment.project,
experiment: @step.my_module.experiment,
my_module: @step.my_module,
message: t(
"activities.add_comment_to_step",
user: current_user.full_name,
step: @step.position + 1,
step_name: @step.name
)
end
)
format.json {
render json: {
@ -113,21 +110,19 @@ class StepCommentsController < ApplicationController
step_comment_annotation_notification(old_text)
# Generate activity
if @protocol.in_module?
Activity.create(
type_of: :edit_step_comment,
user: current_user,
project: @step.my_module.experiment.project,
experiment: @step.my_module.experiment,
my_module: @step.my_module,
message: t(
'activities.edit_step_comment',
user: current_user.full_name,
step: @step.position + 1,
step_name: @step.name
)
Activity.create(
type_of: :edit_step_comment,
user: current_user,
project: @step.my_module.experiment.project,
experiment: @step.my_module.experiment,
my_module: @step.my_module,
message: t(
'activities.edit_step_comment',
user: current_user.full_name,
step: @step.position + 1,
step_name: @step.name
)
end
)
message = custom_auto_link(@comment.message)
render json: { comment: message }, status: :ok
else
@ -143,21 +138,19 @@ class StepCommentsController < ApplicationController
format.json do
if @comment.destroy
# Generate activity
if @protocol.in_module?
Activity.create(
type_of: :delete_step_comment,
user: current_user,
project: @step.my_module.experiment.project,
experiment: @step.my_module.experiment,
my_module: @step.my_module,
message: t(
'activities.delete_step_comment',
user: current_user.full_name,
step: @step.position + 1,
step_name: @step.name
)
Activity.create(
type_of: :delete_step_comment,
user: current_user,
project: @step.my_module.experiment.project,
experiment: @step.my_module.experiment,
my_module: @step.my_module,
message: t(
'activities.delete_step_comment',
user: current_user.full_name,
step: @step.position + 1,
step_name: @step.name
)
end
)
render json: {}, status: :ok
else
render json: { message: I18n.t('comments.delete_error') },
@ -185,21 +178,13 @@ class StepCommentsController < ApplicationController
end
def check_add_permissions
unless can_add_step_comment_in_protocol(@protocol)
render_403
end
render_403 unless can_create_comments_in_module?(@protocol.my_module)
end
def check_edit_permissions
def check_manage_permissions
@comment = StepComment.find_by_id(params[:id])
render_403 unless @comment.present? &&
can_edit_step_comment_in_protocol(@comment)
end
def check_destroy_permissions
@comment = StepComment.find_by_id(params[:id])
render_403 unless @comment.present? &&
can_delete_step_comment_in_protocol(@comment)
can_manage_comment_in_module?(@comment.becomes(Comment))
end
def comment_params

249
app/controllers/steps_controller.rb
View file

@ -4,13 +4,16 @@ class StepsController < ApplicationController
include TinyMceHelper
include StepsActions
before_action :load_vars, only: [:edit, :update, :destroy, :show]
before_action :load_vars, only: %i(edit update destroy show toggle_step_state
checklistitem_state)
before_action :load_vars_nested, only: [:new, :create]
before_action :convert_table_contents_to_utf8, only: [:create, :update]
before_action :check_view_permissions, only: [:show]
before_action :check_manage_permissions, only: %i(new create edit update
destroy)
before_action :check_complete_and_checkbox_permissions, only:
%i(toggle_step_state checklistitem_state)
before_action :update_checklist_item_positions, only: [:create, :update]
@ -263,162 +266,125 @@ class StepsController < ApplicationController
# Responds to checkbox toggling in steps view
def checklistitem_state
chkItem = ChecklistItem.find_by_id(params["checklistitem_id"])
respond_to do |format|
if chkItem
checked = params[:checked] == "true"
protocol = chkItem.checklist.step.protocol
checked = params[:checked] == 'true'
changed = @chk_item.checked != checked
@chk_item.checked = checked
authorized = ((checked and can_check_checkbox(protocol)) or (!checked and can_uncheck_checkbox(protocol)))
if @chk_item.save
format.json { render json: {}, status: :accepted }
if authorized
changed = chkItem.checked != checked
chkItem.checked = checked
# Create activity
if changed
str = if checked
'activities.check_step_checklist_item'
else
'activities.uncheck_step_checklist_item'
end
completed_items = @chk_item.checklist.checklist_items
.where(checked: true).count
all_items = @chk_item.checklist.checklist_items.count
text_activity = smart_annotation_parser(@chk_item.text)
.gsub(/\s+/, ' ')
message = t(
str,
user: current_user.full_name,
checkbox: text_activity,
step: @chk_item.checklist.step.position + 1,
step_name: @chk_item.checklist.step.name,
completed: completed_items,
all: all_items
)
if chkItem.save
format.json {
render json: {}, status: :accepted
}
# Create activity
if changed
str = checked ? "activities.check_step_checklist_item" :
"activities.uncheck_step_checklist_item"
completed_items = chkItem.checklist.checklist_items.where(checked: true).count
all_items = chkItem.checklist.checklist_items.count
text_activity = smart_annotation_parser(chkItem.text)
.gsub(/\s+/, ' ')
message = t(
str,
user: current_user.full_name,
checkbox: text_activity,
step: chkItem.checklist.step.position + 1,
step_name: chkItem.checklist.step.name,
completed: completed_items,
all: all_items
)
# This should always hold true (only in module can
# check items be checked, but still check just in case)
if protocol.in_module?
Activity.create(
user: current_user,
project: protocol.my_module.experiment.project,
experiment: protocol.my_module.experiment,
my_module: protocol.my_module,
message: message,
type_of: checked ? :check_step_checklist_item : :uncheck_step_checklist_item
)
end
end
else
format.json {
render json: {}, status: :unprocessable_entity
}
# This should always hold true (only in module can
# check items be checked, but still check just in case)
if @protocol.in_module?
Activity.create(
user: current_user,
project: @protocol.my_module.experiment.project,
experiment: @protocol.my_module.experiment,
my_module: @protocol.my_module,
message: message,
type_of: if checked
:check_step_checklist_item
else
:uncheck_step_checklist_item
end
)
end
else
format.json {
render json: {}, status: :unauthorized
}
end
else
format.json {
render json: {}, status: :not_found
}
format.json { render json: {}, status: :unprocessable_entity }
end
end
end
# Complete/uncomplete step
def toggle_step_state
step = Step.find_by_id(params[:id])
respond_to do |format|
if step
completed = params[:completed] == 'true'
protocol = step.protocol
completed = params[:completed] == 'true'
changed = @step.completed != completed
@step.completed = completed
authorized = (
(completed and can_complete_step_in_protocol(protocol)) ||
(!completed and can_uncomplete_step_in_protocol(protocol))
)
# Update completed_on
if changed
@step.completed_on = completed ? Time.current : nil
end
if authorized
changed = step.completed != completed
step.completed = completed
if @step.save
if @protocol.in_module?
ready_to_complete = @protocol.my_module.check_completness_status
end
# Update completed_on
if changed
step.completed_on = completed ? Time.current : nil
# Create activity
if changed
completed_steps = @protocol.steps.where(completed: true).count
all_steps = @protocol.steps.count
str = 'activities.uncomplete_step'
str = 'activities.complete_step' if completed
message = t(
str,
user: current_user.full_name,
step: @step.position + 1,
step_name: @step.name,
completed: completed_steps,
all: all_steps
)
# Toggling step state can only occur in
# module protocols, so my_module is always
# not nil; nonetheless, check if my_module is present
if @protocol.in_module?
Activity.create(
user: current_user,
project: @protocol.my_module.experiment.project,
experiment: @protocol.my_module.experiment,
my_module: @protocol.my_module,
message: message,
type_of: completed ? :complete_step : :uncomplete_step
)
end
end
if step.save
if protocol.in_module?
ready_to_complete = protocol.my_module.check_completness_status
end
# Create activity
if changed
completed_steps = protocol.steps.where(completed: true).count
all_steps = protocol.steps.count
str = 'activities.uncomplete_step'
str = 'activities.complete_step' if completed
message = t(
str,
user: current_user.full_name,
step: step.position + 1,
step_name: step.name,
completed: completed_steps,
all: all_steps
)
# Toggling step state can only occur in
# module protocols, so my_module is always
# not nil; nonetheless, check if my_module is present
if protocol.in_module?
Activity.create(
user: current_user,
project: protocol.my_module.experiment.project,
experiment: protocol.my_module.experiment,
my_module: protocol.my_module,
message: message,
type_of: completed ? :complete_step : :uncomplete_step
)
end
end
# Create localized title for complete/uncomplete button
localized_title = if !completed
t('protocols.steps.options.complete_title')
else
t('protocols.steps.options.uncomplete_title')
end
format.json do
if ready_to_complete && protocol.my_module.uncompleted?
render json: {
task_ready_to_complete: true,
new_title: localized_title
}, status: :ok
else
render json: { new_title: localized_title }, status: :ok
end
end
# Create localized title for complete/uncomplete button
localized_title = if !completed
t('protocols.steps.options.complete_title')
else
t('protocols.steps.options.uncomplete_title')
end
format.json do
if ready_to_complete && @protocol.my_module.uncompleted?
render json: {
task_ready_to_complete: true,
new_title: localized_title
}, status: :ok
else
format.json {
render json: {}, status: :unprocessable_entity
}
render json: { new_title: localized_title }, status: :ok
end
else
format.json {
render json: {}, status: :unauthorized
}
end
else
format.json {
render json: {}, status: :not_found
}
format.json { render json: {}, status: :unprocessable_entity }
end
end
end
@ -430,7 +396,7 @@ class StepsController < ApplicationController
if step
protocol = step.protocol
if can_manage_protocol_in_module?(protocol) ||
can_update_protocol_in_repository?(protocol)
can_manage_protocol_in_repository?(protocol)
if step.position > 0
step_down = step.protocol.steps.where(position: step.position - 1).first
step.position -= 1
@ -477,7 +443,7 @@ class StepsController < ApplicationController
if step
protocol = step.protocol
if can_manage_protocol_in_module?(protocol) ||
can_update_protocol_in_repository?(protocol)
can_manage_protocol_in_repository?(protocol)
if step.position < step.protocol.steps.count - 1
step_up = step.protocol.steps.where(position: step.position + 1).first
step.position += 1
@ -601,6 +567,9 @@ class StepsController < ApplicationController
def load_vars
@step = Step.find_by_id(params[:id])
@protocol = @step.protocol
if params[:checklistitem_id]
@chk_item = ChecklistItem.find_by_id(params[:checklistitem_id])
end
unless @protocol
render_404
@ -640,13 +609,17 @@ class StepsController < ApplicationController
end
def check_view_permissions
render_403 unless can_read_protocol_in_module(@protocol) ||
render_403 unless can_read_protocol_in_module?(@protocol) ||
can_read_protocol_in_repository?(@protocol)
end
def check_manage_permissions
render_403 unless can_manage_protocol_in_module?(@protocol) ||
can_update_protocol_in_repository?(@protocol)
can_manage_protocol_in_repository?(@protocol)
end
def check_complete_and_checkbox_permissions
render_403 unless can_complete_or_checkbox_step?(@protocol)
end
def step_params

2
app/controllers/tags_controller.rb
View file

@ -141,7 +141,7 @@ class TagsController < ApplicationController
end
def check_manage_permissions
render_403 unless can_create_or_manage_tags?(@project)
render_403 unless can_manage_tags?(@project)
end
def tag_params

9
app/controllers/teams_controller.rb
View file

@ -1,7 +1,8 @@
class TeamsController < ApplicationController
before_action :load_vars, only: [:parse_sheet, :import_samples, :export_samples]
before_action :check_create_sample_permissions, only: [:parse_sheet, :import_samples]
before_action :check_create_samples_permissions, only: %i(parse_sheet
import_samples)
before_action :check_view_samples_permission, only: [:export_samples]
def parse_sheet
@ -258,10 +259,8 @@ class TeamsController < ApplicationController
params.permit(sample_ids: [], header_ids: []).to_h
end
def check_create_sample_permissions
unless can_manage_samples?(@team)
render_403
end
def check_create_samples_permissions
render_403 unless can_create_samples?(@team)
end
def check_view_samples_permission

26
app/controllers/user_my_modules_controller.rb
View file

@ -1,9 +1,7 @@
class UserMyModulesController < ApplicationController
before_action :load_vars
before_action :check_view_permissions, only: :index
before_action :check_edit_permissions, only: :index_edit
before_action :check_create_permissions, only: :create
before_action :check_delete_permisisons, only: :destroy
before_action :check_manage_permissions, only: %i(create index_edit destroy)
def index
@user_my_modules = @my_module.user_my_modules
@ -135,27 +133,11 @@ class UserMyModulesController < ApplicationController
end
def check_view_permissions
unless can_view_module_users(@my_module)
render_403
end
render_403 unless can_read_experiment?(@my_module.experiment)
end
def check_edit_permissions
unless can_edit_users_on_module(@my_module)
render_403
end
end
def check_create_permissions
unless can_add_user_to_module(@my_module)
render_403
end
end
def check_delete_permisisons
unless can_remove_user_from_module(@my_module)
render_403
end
def check_manage_permissions
render_403 unless can_manage_users_in_module?(@my_module)
end
def init_gui

4
app/controllers/user_projects_controller.rb
View file

@ -191,8 +191,8 @@ class UserProjectsController < ApplicationController
end
def check_manage_permisisons
render_403 unless can_manage_project?(@project) &&
params[:id] == current_user.id
render_403 unless can_manage_project?(@project) ||
params[:id] != current_user.id
end
def init_gui

17
app/controllers/user_samples_controller.rb
View file

@ -1,9 +1,9 @@
class UserSamplesController < ApplicationController
def save_samples_table_status
samples_table = SamplesTable.where(user: @current_user,
team: params[:team])
team: params[:team]).first
if samples_table
samples_table.first.update(status: params[:state])
samples_table.update(status: params[:state])
else
SamplesTable.create(user: @current_user,
team: params[:team],
@ -19,14 +19,19 @@ class UserSamplesController < ApplicationController
end
def load_samples_table_status
@samples_table_state = SamplesTable.find_status(current_user,
current_team).first
samples_table_state = SamplesTable.find_status(current_user,
current_team).first
if samples_table_state.blank?
st = SamplesTable.new(user: current_user, team: current_team)
st.save
samples_table_state = st.status
end
respond_to do |format|
if @samples_table_state
if samples_table_state
format.json do
render json: {
state: @samples_table_state
state: samples_table_state
}
end
end

66
app/controllers/users/omniauth_callbacks_controller.rb
View file

@ -1,6 +1,10 @@
module Users
class OmniauthCallbacksController < Devise::OmniauthCallbacksController
include UsersGenerator
skip_before_action :verify_authenticity_token
before_action :sign_up_with_provider_enabled?,
only: :linkedin
# You should configure your model like this:
# devise :omniauthable, omniauth_providers: [:twitter]
@ -9,6 +13,55 @@ module Users
# def twitter
# end
def linkedin
auth_hash = request.env['omniauth.auth']
@user = User.from_omniauth(auth_hash)
if @user && @user.current_team_id?
# User already exists and has been signed up with LinkedIn; just sign in
set_flash_message(:notice,
:success,
kind: I18n.t('devise.linkedin.provider_name'))
sign_in_and_redirect @user
elsif @user
# User already exists and has started sign up with LinkedIn;
# but doesn't have team (needs to complete sign up - agrees to TOS)
set_flash_message(:alert,
:failure,
kind: I18n.t('devise.linkedin.provider_name'),
reason: I18n.t('devise.linkedin.complete_sign_up'))
redirect_to users_sign_up_provider_path(user: @user)
elsif User.find_by_email(auth_hash['info']['email'])
# email is already taken, so sign up with Linked in is not allowed
set_flash_message(:alert,
:failure,
kind: I18n.t('devise.linkedin.provider_name'),
reason: I18n.t('devise.linkedin.email_already_taken',
email: auth_hash['info']['email']))
redirect_to after_omniauth_failure_path_for(resource_name)
else
# Create new user and identity; and redirect to complete sign up form
@user = User.new(
full_name: auth_hash['info']['name'],
initials: generate_initials(auth_hash['info']['name']),
email: auth_hash['info']['email'],
password: generate_user_password
)
@user.avatar_remote_url = (auth_hash['info']['image'])
user_identity = UserIdentity.new(user: @user,
provider: auth_hash['provider'],
uid: auth_hash['uid'])
unless @user.save && user_identity.save
set_flash_message(:alert,
:failure,
kind: I18n.t('devise.linkedin.provider_name'),
reason: I18n.t('devise.linkedin.failed_to_save'))
redirect_to after_omniauth_failure_path_for(resource_name) and return
end
redirect_to users_sign_up_provider_path(user: @user)
end
end
# More info at:
# https://github.com/plataformatec/devise#omniauth
@ -28,5 +81,18 @@ module Users
# def after_omniauth_failure_path_for(scope)
# super(scope)
# end
private
def sign_up_with_provider_enabled?
render_403 unless Rails.configuration.x.enable_user_registration
render_403 unless Rails.configuration.x.linkedin_signin_enabled
end
def generate_initials(full_name)
initials = full_name.titleize.scan(/[A-Z]+/).join
initials = initials.strip.empty? ? 'PLCH' : initials[0..3]
initials
end
end
end

54
app/controllers/users/registrations_controller.rb
View file

@ -1,5 +1,9 @@
class Users::RegistrationsController < Devise::RegistrationsController
prepend_before_action :check_captcha, only: [:create]
before_action :registration_enabled?,
only: %i(new create new_with_provider create_with_provider)
before_action :sign_up_with_provider_enabled?,
only: %i(new_with_provider create_with_provider)
def avatar
user = User.find_by_id(params[:id]) || current_user
@ -122,12 +126,9 @@ class Users::RegistrationsController < Devise::RegistrationsController
end
end
def new
render_403 && return unless Rails.configuration.x.enable_user_registration
end
def new; end
def create
render_403 && return unless Rails.configuration.x.enable_user_registration
build_resource(sign_up_params)
valid_resource = resource.valid?
# ugly checking if new team on sign up is enabled :(
@ -174,6 +175,35 @@ class Users::RegistrationsController < Devise::RegistrationsController
end
end
def new_with_provider; end
def create_with_provider
@user = User.find_by_id(user_provider_params['user'])
# Create new team for the new user
@team = Team.new(team_provider_params)
if @team.valid? && @user && Rails.configuration.x.new_team_on_signup
# Set the confirmed_at == created_at IF not using email confirmations
unless Rails.configuration.x.enable_email_confirmations
@user.update!(confirmed_at: @user.created_at)
end
@team.created_by = @user # set created_by for team
@team.save!
# Add this user to the team as owner
UserTeam.create(user: @user, team: @team, role: :admin)
# set current team to new user
@user.current_team_id = @team.id
@user.save!
sign_in_and_redirect @user
else
render :new_with_provider
end
end
protected
# Called upon creating User (before .save). Permits parameters and extracts
@ -191,6 +221,14 @@ class Users::RegistrationsController < Devise::RegistrationsController
tmp.merge(:initials => initials)
end
def team_provider_params
params.require(:team).permit(:name)
end
def user_provider_params
params.permit(:user)
end
def account_update_params
params.require(:user).permit(
:full_name,
@ -268,6 +306,14 @@ class Users::RegistrationsController < Devise::RegistrationsController
end
end
def registration_enabled?
render_403 unless Rails.configuration.x.enable_user_registration
end
def sign_up_with_provider_enabled?
render_403 unless Rails.configuration.x.linkedin_signin_enabled
end
# Redirect to login page after signing up
def after_sign_up_path_for(resource)
new_user_session_path

2
app/controllers/users/settings/user_teams_controller.rb
View file

@ -123,7 +123,7 @@ module Users
)
flash.keep(:notice)
end
generate_notification(@user_t.user,
generate_notification(current_user,
@user_t.user,
@user_t.team,
false,

7
app/controllers/wopi_controller.rb
View file

@ -1,6 +1,5 @@
class WopiController < ActionController::Base
include WopiUtil
include PermissionHelper
before_action :load_vars, :authenticate_user_from_token!
before_action :verify_proof!
@ -295,7 +294,7 @@ class WopiController < ActionController::Base
@breadcrumb_folder_name = @protocol.my_module.name
else
@can_read = can_read_protocol_in_repository?(@protocol)
@can_write = can_update_protocol_in_repository?(@protocol)
@can_write = can_manage_protocol_in_repository?(@protocol)
@close_url = protocols_url(only_path: false,
host: ENV['WOPI_USER_HOST'])
@ -306,8 +305,8 @@ class WopiController < ActionController::Base
end
@breadcrumb_folder_url = @close_url
else
@can_read = can_view_or_download_result_assets(@my_module)
@can_write = can_edit_result_asset_in_module(@my_module)
@can_read = can_read_experiment?(@my_module.experiment)
@can_write = can_manage_module?(@my_module)
@close_url = results_my_module_url(@my_module,
only_path: false,

22
app/datatables/protocols_datatable.rb
View file

@ -3,12 +3,12 @@ class ProtocolsDatatable < CustomDatatable
include ActiveRecord::Sanitization::ClassMethods
include InputSanitizeHelper
def_delegator :@view, :can_update_protocol_in_repository?
def_delegator :@view, :can_read_protocol_in_repository?
def_delegator :@view, :can_manage_protocol_in_repository?
def_delegator :@view, :edit_protocol_path
def_delegator :@view, :can_restore_protocol_in_repository?
def_delegator :@view, :can_clone_protocol_in_repository?
def_delegator :@view, :clone_protocol_path
def_delegator :@view, :can_update_protocol_type_in_repository?
def_delegator :@view, :can_read_protocol_in_repository?
def_delegator :@view, :linked_children_protocol_path
def_delegator :@view, :preview_protocol_path
@ -82,8 +82,8 @@ class ProtocolsDatatable < CustomDatatable
protocol = Protocol.find(record.id)
result_data << {
'DT_RowId': record.id,
'DT_CanEdit': can_update_protocol_in_repository?(protocol),
'DT_EditUrl': if can_update_protocol_in_repository?(protocol)
'DT_CanEdit': can_manage_protocol_in_repository?(protocol),
'DT_EditUrl': if can_manage_protocol_in_repository?(protocol)
edit_protocol_path(protocol,
team: @team,
type: @type)
@ -94,14 +94,10 @@ class ProtocolsDatatable < CustomDatatable
team: @team,
type: @type)
end,
'DT_CanMakePrivate': protocol.in_repository_public? &&
can_update_protocol_type_in_repository?(protocol),
'DT_CanPublish': protocol.in_repository_private? &&
can_update_protocol_type_in_repository?(protocol),
'DT_CanArchive': protocol.in_repository_active? &&
can_update_protocol_type_in_repository?(protocol),
'DT_CanRestore': protocol.in_repository_archived? &&
can_update_protocol_type_in_repository?(protocol),
'DT_CanMakePrivate': can_manage_protocol_in_repository?(protocol),
'DT_CanPublish': can_manage_protocol_in_repository?(protocol),
'DT_CanArchive': can_manage_protocol_in_repository?(protocol),
'DT_CanRestore': can_restore_protocol_in_repository?(protocol),
'DT_CanExport': can_read_protocol_in_repository?(protocol),
'1': if protocol.in_repository_archived?
escape_input(record.name)

5
app/helpers/file_icons_helper.rb
View file

@ -15,6 +15,11 @@ module FileIconsHelper
image_link = 'office/PowerPoint-pptx_20x20x32.png'
end
# Now check for custom mappings or possible overrides
if Extends::FILE_ICON_MAPPINGS[file_ext]
image_link = Extends::FILE_ICON_MAPPINGS[file_ext]
end
if image_link
image_tag image_link
else

648
app/helpers/permission_helper.rb
View file

@ -1,648 +0,0 @@
require "aspector"
module PermissionHelper
#######################################################
# SOME REFLECTION MAGIC
#######################################################
aspector do
# ---- TEAM ROLES DEFINITIONS ----
around [
:is_member_of_team,
:is_admin_of_team,
:is_normal_user_of_team,
:is_normal_user_or_admin_of_team,
:is_guest_of_team
] do |proxy, *args, &block|
if args[0]
@user_team = current_user.user_teams.where(team: args[0]).take
@user_team ? proxy.call(*args, &block) : false
else
false
end
end
# ---- PROJECT ROLES DEFINITIONS ----
around [
:is_member_of_project,
:is_owner_of_project,
:is_user_of_project,
:is_user_or_higher_of_project,
:is_technician_of_project,
:is_technician_or_higher_of_project,
:is_viewer_of_project
] do |proxy, *args, &block|
if args[0]
@user_project = current_user.user_projects.where(project: args[0]).take
@user_project ? proxy.call(*args, &block) : false
else
false
end
end
# ---- Almost everything is disabled for archived projects ----
around [
:can_view_project,
:can_restore_archived_modules,
:can_reposition_modules,
:can_edit_connections,
:can_clone_modules,
] do |proxy, *args, &block|
if args[0]
project = args[0]
project.active? ? proxy.call(*args, &block) : false
else
false
end
end
# ---- Almost everything is disabled for archived modules ----
around [
# TODO: Because module restoring is made via updating module attributes,
# (and that action checks if module is editable) this needs to be
# commented out or that functionality will not work any more.
:can_view_module_info,
:can_view_module_users,
:can_edit_users_on_module,
:can_add_user_to_module,
:can_remove_user_from_module,
:can_add_comment_to_module,
:can_view_module_archive,
:can_view_or_download_result_assets,
:can_view_result_comments,
:can_add_result_comment_in_module,
:can_create_result_text_in_module,
:can_edit_result_text_in_module,
:can_archive_result_text_in_module,
:can_create_result_table_in_module,
:can_edit_result_table_in_module,
:can_archive_result_table_in_module,
:can_create_result_asset_in_module,
:can_edit_result_asset_in_module,
:can_archive_result_asset_in_module,
:can_add_samples_to_module,
:can_delete_samples_from_module
] do |proxy, *args, &block|
if args[0]
my_module = args[0]
if my_module.active? &&
my_module.experiment.active? &&
my_module.experiment.project.active?
proxy.call(*args, &block)
else
false
end
else
false
end
end
# ---- Some things are disabled for archived experiment ----
around [
:can_reposition_modules,
:can_edit_connections,
:can_clone_modules,
] do |proxy, *args, &block|
if args[0]
experiment = args[0]
if experiment.active? &&
experiment.project.active?
proxy.call(*args, &block)
else
false
end
else
false
end
end
end
private
#######################################################
# ROLES
#######################################################
# The following code should stay private, and for each
# permission that's needed throughout application, a
# public method should be made. That way, we can have
# all permissions gathered here in one place.
# ---- TEAM ROLES ----
def is_member_of_team(team)
# This is already checked by aspector, so just return true
true
end
def is_admin_of_team(team)
@user_team.admin?
end
def is_normal_user_of_team(team)
@user_team.normal_user?
end
def is_normal_user_or_admin_of_team(team)
@user_team.normal_user? or @user_team.admin?
end
def is_guest_of_team(team)
@user_team.guest?
end
# ---- PROJECT ROLES ----
def is_member_of_project(project)
# This is already checked by aspector, so just return true
true
end
def is_creator_of_project(project)
project.created_by == current_user
end
def is_owner_of_project(project)
@user_project.owner?
end
def is_user_of_project(project)
@user_project.normal_user?
end
def is_user_or_higher_of_project(project)
@user_project.normal_user? or @user_project.owner?
end
def is_technician_of_project(project)
@user_project.technician?
end
def is_technician_or_higher_of_project(project)
@user_project.technician? or
@user_project.normal_user? or
@user_project.owner?
end
def is_viewer_of_project(project)
@user_project.viewer?
end
public
#######################################################
# PERMISSIONS
#######################################################
# The following list can be expanded for new permissions,
# and only the following list should be public. Also,
# in a lot of cases, the following methods should be added
# to "is project archived" or "is module archived" checks
# at the beginning of this file (via aspector).
# ---- ATWHO PERMISSIONS ----
# def can_view_team_users(team)
# is_member_of_team(team)
# end
# ---- PROJECT PERMISSIONS ----
# def can_view_projects(team)
# is_member_of_team(team)
# end
# def can_create_project(team)
# is_normal_user_or_admin_of_team(team)
# end
# User can view project if he's assigned onto it, or if
# a project is public/visible, and user is a member of that team
def can_view_project(project)
is_admin_of_team(project.team) ||
is_member_of_project(project) ||
(project.visible? and is_member_of_team(project.team))
end
def can_restore_archived_modules(project)
is_user_or_higher_of_project(project)
end
# ---- WORKFLOW PERMISSIONS ----
def can_reposition_modules(experiment)
is_user_or_higher_of_project(experiment.project)
end
def can_edit_connections(experiment)
is_user_or_higher_of_project(experiment.project)
end
# ---- MODULE PERMISSIONS ----
def can_clone_modules(experiment)
is_user_or_higher_of_project(experiment.project)
end
def can_view_module_info(my_module)
can_view_project(my_module.experiment.project)
end
def can_view_module_users(my_module)
can_view_project(my_module.experiment.project)
end
def can_edit_users_on_module(my_module)
is_owner_of_project(my_module.experiment.project)
end
def can_add_user_to_module(my_module)
is_owner_of_project(my_module.experiment.project)
end
def can_remove_user_from_module(my_module)
is_owner_of_project(my_module.experiment.project)
end
def can_add_comment_to_module(my_module)
is_technician_or_higher_of_project(my_module.experiment.project)
end
def can_edit_module_comment(comment)
comment.my_module.present? &&
(
comment.user == current_user ||
is_owner_of_project(
comment.my_module.experiment.project
)
)
end
def can_delete_module_comment(comment)
comment.my_module.present? &&
(
comment.user == current_user ||
is_owner_of_project(
comment.my_module.experiment.project
)
)
end
def can_view_module_archive(my_module)
is_user_or_higher_of_project(my_module.experiment.project)
end
def can_complete_module(my_module)
is_technician_or_higher_of_project(my_module.experiment.project)
end
# ---- RESULTS PERMISSIONS ----
def can_view_or_download_result_assets(my_module)
is_member_of_project(my_module.experiment.project) ||
can_view_project(my_module.experiment.project)
end
def can_view_result_comments(my_module)
can_view_project(my_module.experiment.project)
end
def can_add_result_comment_in_module(my_module)
is_technician_or_higher_of_project(my_module.experiment.project)
end
def can_edit_result_comment_in_module(comment)
comment.result.present? &&
(
comment.user == current_user ||
is_owner_of_project(
comment.result.my_module.experiment.project
)
)
end
def can_delete_result_comment_in_module(comment)
comment.result.present? &&
(
comment.user == current_user ||
is_owner_of_project(
comment.result.my_module.experiment.project
)
)
end
def can_delete_module_result(result)
is_owner_of_project(result.my_module.experiment.project)
end
# ---- RESULT TEXT PERMISSIONS ----
def can_create_result_text_in_module(my_module)
is_user_or_higher_of_project(my_module.experiment.project)
end
def can_edit_result_text_in_module(my_module)
is_user_or_higher_of_project(my_module.experiment.project)
end
def can_archive_result_text_in_module(my_module)
is_owner_of_project(my_module.experiment.project)
end
# ---- RESULT TABLE PERMISSIONS ----
def can_create_result_table_in_module(my_module)
is_user_or_higher_of_project(my_module.experiment.project)
end
def can_edit_result_table_in_module(my_module)
is_user_or_higher_of_project(my_module.experiment.project)
end
def can_archive_result_table_in_module(my_module)
is_owner_of_project(my_module.experiment.project)
end
# ---- RESULT ASSET PERMISSIONS ----
def can_create_result_asset_in_module(my_module)
is_user_or_higher_of_project(my_module.experiment.project)
end
def can_edit_result_asset_in_module(my_module)
is_user_or_higher_of_project(my_module.experiment.project)
end
def can_archive_result_asset_in_module(my_module)
is_owner_of_project(my_module.experiment.project)
end
# ---- REPORTS PERMISSIONS ----
# ---- SAMPLE PERMISSIONS ----
# def can_create_samples(team)
# is_normal_user_or_admin_of_team(team)
# end
# def can_view_samples(team)
# is_member_of_team(team)
# end
# Only person who created the sample
# or team admin can edit it
# def can_edit_sample(sample)
# is_admin_of_team(sample.team) or
# sample.user == current_user
# end
# Only person who created sample can delete it
# def can_delete_sample(sample)
# sample.user == current_user
# end
# def can_delete_samples(team)
# is_normal_user_or_admin_of_team(team)
# end
def can_add_samples_to_module(my_module)
is_technician_or_higher_of_project(my_module.experiment.project)
end
def can_delete_samples_from_module(my_module)
is_technician_or_higher_of_project(my_module.experiment.project)
end
# ---- SAMPLE TYPES PERMISSIONS ----
# def can_create_sample_type_in_team(team)
# is_normal_user_or_admin_of_team(team)
# end
# ---- SAMPLE GROUPS PERMISSIONS ----
# def can_create_sample_group_in_team(team)
# is_normal_user_or_admin_of_team(team)
# end
# ---- CUSTOM FIELDS PERMISSIONS ----
# def can_create_custom_field_in_team(team)
# is_normal_user_or_admin_of_team(team)
# end
# def can_edit_custom_field(custom_field)
# custom_field.user == current_user ||
# is_admin_of_team(custom_field.team)
# end
# def can_delete_custom_field(custom_field)
# custom_field.user == current_user ||
# is_admin_of_team(custom_field.team)
# end
# ---- PROTOCOL PERMISSIONS ----
# def can_view_team_protocols(team)
# is_member_of_team(team)
# end
# def can_create_new_protocol(team)
# is_normal_user_or_admin_of_team(team)
# end
# def can_import_protocols(team)
# is_normal_user_or_admin_of_team(team)
# end
# def can_edit_protocol(protocol)
# is_normal_user_or_admin_of_team(protocol.team) and
# current_user == protocol.added_by and (not protocol.in_repository_archived?)
# end
# def can_clone_protocol(protocol)
# is_normal_user_or_admin_of_team(protocol.team) and
# (
# protocol.in_repository_public? or
# (protocol.in_repository_private? and current_user == protocol.added_by)
# )
# end
# def can_make_protocol_private(protocol)
# protocol.added_by == current_user and
# protocol.in_repository_public?
# end
# def can_publish_protocol(protocol)
# protocol.added_by == current_user and
# protocol.in_repository_private?
# end
# def can_archive_protocol(protocol)
# protocol.added_by == current_user and
# (protocol.in_repository_public? or protocol.in_repository_private?)
# end
# def can_restore_protocol(protocol)
# protocol.added_by == current_user and
# protocol.in_repository_archived?
# end
# ---- STEPS PERMISSIONS ----
def can_add_step_comment_in_protocol(protocol)
if protocol.in_module?
my_module = protocol.my_module
my_module.active? &&
my_module.experiment.project.active? &&
my_module.experiment.active? &&
is_technician_or_higher_of_project(my_module.experiment.project)
else
# In repository, user cannot complete steps
false
end
end
def can_edit_step_comment_in_protocol(comment)
return false if comment.step.blank?
protocol = comment.step.protocol
if protocol.in_module?
comment.user == current_user ||
is_owner_of_project(
protocol.my_module.experiment.project
)
else
false
end
end
def can_delete_step_comment_in_protocol(comment)
return false if comment.step.blank?
protocol = comment.step.protocol
if protocol.in_module?
comment.user == current_user ||
is_owner_of_project(
protocol.my_module.experiment.project
)
else
false
end
end
def can_complete_step_in_protocol(protocol)
if protocol.in_module?
my_module = protocol.my_module
my_module.active? &&
my_module.experiment.project.active? &&
my_module.experiment.active? &&
is_technician_or_higher_of_project(my_module.experiment.project)
else
# In repository, user cannot complete steps
false
end
end
def can_uncomplete_step_in_protocol(protocol)
if protocol.in_module?
my_module = protocol.my_module
my_module.active? &&
my_module.experiment.project.active? &&
my_module.experiment.active? &&
is_user_or_higher_of_project(my_module.experiment.project)
else
# In repository, user cannot complete steps
false
end
end
def can_check_checkbox(protocol)
if protocol.in_module?
my_module = protocol.my_module
my_module.active? &&
my_module.experiment.project.active? &&
my_module.experiment.active? &&
is_technician_or_higher_of_project(my_module.experiment.project)
else
# In repository, user cannot check checkboxes
false
end
end
def can_uncheck_checkbox(protocol)
if protocol.in_module?
my_module = protocol.my_module
my_module.active? &&
my_module.experiment.project.active? &&
my_module.experiment.active? &&
is_user_or_higher_of_project(my_module.experiment.project)
else
# In repository, user cannot check checkboxes
false
end
end
# ---- REPOSITORIES PERMISSIONS ----
# def can_view_team_repositories(team)
# is_member_of_team(team)
# end
# def can_create_repository(team)
# is_admin_of_team(team) &&
# team.repositories.count < Constants::REPOSITORIES_LIMIT
# end
# def can_view_repository(repository)
# is_member_of_team(repository.team)
# end
# def can_edit_and_destroy_repository(repository)
# is_admin_of_team(repository.team)
# end
# def can_copy_repository(repository)
# can_create_repository(repository.team)
# end
# def can_create_columns_in_repository(repository)
# is_normal_user_or_admin_of_team(repository.team)
# end
# def can_delete_column_in_repository(column)
# column.created_by == current_user ||
# is_admin_of_team(column.repository.team)
# end
# def can_edit_column_in_repository(column)
# column.created_by == current_user ||
# is_admin_of_team(column.repository.team)
# end
# def can_create_repository_records(repository)
# is_normal_user_or_admin_of_team(repository.team)
# end
# def can_import_repository_records(repository)
# is_normal_user_or_admin_of_team(repository.team)
# end
# def can_edit_repository_record(record)
# is_normal_user_or_admin_of_team(record.repository.team)
# end
# def can_delete_repository_records(repository)
# is_normal_user_or_admin_of_team(repository.team)
# end
# def can_delete_repository_record(record)
# team = record.repository.team
# is_admin_of_team(team) || (is_normal_user_of_team(team) &&
# record.created_by == current_user)
# end
def can_assign_repository_records(my_module, repository)
is_normal_user_or_admin_of_team(repository.team) &&
is_technician_or_higher_of_project(my_module.experiment.project)
end
def can_unassign_repository_records(my_module, repository)
is_normal_user_or_admin_of_team(repository.team) &&
is_technician_or_higher_of_project(my_module.experiment.project)
end
end

30
app/helpers/protocols_io_helper.rb
View file

@ -39,25 +39,40 @@ module ProtocolsIoHelper
I18n.t('protocols.protocols_io_import.too_long').length
# The + 2 above (in title) is there because if the length was at the limit,
# the cutter method had issues, this gives it some space
# below are default min table settings (minimum 5x5)
PIO_TABLE_MIN_WIDTH = 5
PIO_TABLE_MIN_HEIGHT = 5
def protocolsio_string_to_table_element(description_string)
string_without_tables = string_html_table_remove(description_string)
table_regex = %r{<table\b[^>]*>(.*?)<\/table>}m
tr_regex = %r{<tr\b[^>]*>(.*?)<\/tr>}m
td_regex = %r{<td\b[^>]*>(.*?)<\/td>}m
tables = {}
description_string.gsub! '<th>', '<td>'
description_string.gsub! '</th>', '</td>'
table_strings = description_string.scan(table_regex)
table_strings.each_with_index do |table, table_counter|
tables[table_counter.to_s] = {}
tr_strings = table[0].scan(tr_regex)
tr_number = table[0].scan(tr_regex).count
diff = PIO_TABLE_MIN_HEIGHT - tr_number # always tables have atleast 5 row
table_fix_str = table[0]
table_fix_str += '<tr></tr>' * diff if tr_number < PIO_TABLE_MIN_HEIGHT
tr_strings = table_fix_str.scan(tr_regex)
contents = {}
contents['data'] = []
tr_strings.each_with_index do |tr, tr_counter|
td_strings = tr[0].scan(td_regex)
contents['data'][tr_counter] = []
td_counter = td_strings.count
diff = PIO_TABLE_MIN_WIDTH - td_counter
td_strings.each do |td|
td_stripped = ActionController::Base.helpers.strip_tags(td[0])
contents['data'][tr_counter].push(td_stripped)
end
next if td_counter >= PIO_TABLE_MIN_WIDTH
diff.times { contents['data'][tr_counter].push(' ') }
end
tables[table_counter.to_s]['contents'] = Base64.encode64(
contents.to_s.sub('=>', ':')
@ -102,6 +117,8 @@ module ProtocolsIoHelper
@toolong = true
end
text
else
''
end
end
@ -128,6 +145,8 @@ module ProtocolsIoHelper
@remaining -= text.length - reserved
end
text
else
''
end
end
@ -145,10 +164,15 @@ module ProtocolsIoHelper
Nokogiri::HTML::DocumentFragment.parse(text).to_html
end
def step_hash_null?(step_json)
step_json.dig(0, 'components', 0, 'component_type_id').nil?
end
# Images are allowed in:
# Step: description, expected result
# Protocol description : description before_start warning
# guidelines manuscript_citation
def prepare_for_view(
attribute_text1, size, table = 'no_table', image_allowed = false
)
@ -321,8 +345,12 @@ module ProtocolsIoHelper
end
def protocols_io_guid_reorder_step_json(unordered_step_json)
return '' if unordered_step_json.blank?
base_step = unordered_step_json.find { |step| step['previous_guid'].nil? }
return unordered_step_json if base_step.nil?
number_of_steps = unordered_step_json.size
return unordered_step_json if number_of_steps == 1
base_step = unordered_step_json.find { |step| step['previous_guid'].nil? }
step_order = []
step_counter = 0
step_order[step_counter] = base_step

28
app/helpers/results_helper.rb
View file

@ -19,34 +19,6 @@ module ResultsHelper
end
end
def can_edit_result(result)
if result.is_text
can_edit_result_text_in_module(result.my_module)
elsif result.is_table
can_edit_result_table_in_module(result.my_module)
elsif result.is_asset
can_edit_result_asset_in_module(result.my_module)
end
end
def can_archive_result(result)
if result.is_text
can_archive_result_text_in_module(result.my_module)
elsif result.is_table
can_archive_result_table_in_module(result.my_module)
elsif result.is_asset
can_archive_result_asset_in_module(result.my_module)
end
end
def result_unlocked?(result)
if result.is_asset
!result.asset.locked?
else
true
end
end
def result_path_of_type(result)
if result.is_asset
result_asset_path(result.result_asset)

12
app/helpers/samples_helper.rb
View file

@ -1,16 +1,4 @@
module SamplesHelper
def can_add_samples
module_page? && can_add_samples_to_module(@my_module)
end
def can_remove_samples
module_page? && can_delete_samples_from_module(@my_module)
end
def can_add_sample_related_things_to_team
can_manage_sample_columns?(@team)
end
def all_custom_fields
CustomField.where(team_id: @team).order(:created_at)
end

5
app/helpers/wopi_helper.rb
View file

@ -1,6 +1,7 @@
module WopiHelper
def wopi_result_view_file_button(result)
if result.asset.can_perform_action('view')
if can_read_experiment?(result.my_module.experiment) &&
result.asset.can_perform_action('view')
link_to view_asset_url(id: result.asset),
class: 'btn btn-default btn-sm',
target: '_blank',
@ -13,7 +14,7 @@ module WopiHelper
end
def wopi_result_edit_file_button(result)
if can_edit_result_asset_in_module(result.my_module) &&
if can_manage_module?(result.my_module) &&
result.asset.can_perform_action('edit')
link_to edit_asset_url(id: result.asset),
class: 'btn btn-default btn-sm',

8
app/models/result.rb
View file

@ -97,6 +97,14 @@ class Result < ApplicationRecord
self.asset.present?
end
def unlocked?(result)
if result.is_asset
!result.asset.locked?
else
true
end
end
private
def text_or_asset_or_table

5
app/models/samples_table.rb
View file

@ -1,9 +1,10 @@
class SamplesTable < ApplicationRecord
validates :user, :team, presence: true
belongs_to :user, inverse_of: :samples_tables, optional: true
belongs_to :team, inverse_of: :samples_tables, optional: true
validates :user, :team, presence: true
validates :user, uniqueness: { scope: :team }
scope :find_status,
->(user, team) { where(user: user, team: team).pluck(:status) }

8
app/models/user.rb
View file

@ -217,6 +217,14 @@ class User < ApplicationRecord
self.full_name = name
end
def avatar_remote_url=(url_value)
self.avatar = URI.parse(url_value)
# Assuming url_value is http://example.com/photos/face.png
# avatar_file_name == "face.png"
# avatar_content_type == "image/png"
@avatar_remote_url = url_value
end
def current_team
Team.find_by_id(self.current_team_id)
end

186
app/permissions/experiment.rb
View file

@ -1,13 +1,29 @@
Canaid::Permissions.register_for(Experiment) do
# experiment: read
# canvas/workflow: read
# Experiment and its project must be active for all the specified permissions
%i(read_experiment
manage_experiment
archive_experiment
clone_experiment
move_experiment)
.each do |perm|
can perm do |_, experiment|
experiment.active? &&
experiment.project.active?
end
end
# experiment: read (read archive)
# canvas: read
# module: read (read users, read comments, read archive)
# result: read (read comments)
can :read_experiment do |user, experiment|
can_read_project?(user, experiment.project)
end
# experiment: create/update/delete
# canvas/workflow: edit
# module: create
# canvas: update
# module: create, copy, reposition, create/update/delete connection,
# assign/reassign/unassign tags
can :manage_experiment do |user, experiment|
user.is_user_or_higher_of_project?(experiment.project)
end
@ -17,12 +33,15 @@ Canaid::Permissions.register_for(Experiment) do
can_manage_experiment?(user, experiment)
end
# NOTE: Must not be dependent on canaid parmision for which we check if it's
# active
# experiment: restore
can :restore_experiment do |user, experiment|
can_manage_experiment?(user, experiment) && experiment.archived?
user.is_user_or_higher_of_project?(experiment.project) &&
experiment.archived?
end
# experiment: clone
# experiment: copy
can :clone_experiment do |user, experiment|
user.is_user_or_higher_of_project?(experiment.project) &&
user.is_normal_user_or_admin_of_team?(experiment.project.team)
@ -32,72 +51,147 @@ Canaid::Permissions.register_for(Experiment) do
can :move_experiment do |user, experiment|
can_clone_experiment?(user, experiment)
end
%i(read_experiment
manage_experiment
archive_experiment
clone_experiment
move_experiment)
.each do |perm|
can perm do |_, experiment|
experiment.project.active?
end
end
end
Canaid::Permissions.register_for(MyModule) do
# module: restore
can :restore_module do |user, my_module|
can_manage_experiment?(user, my_module.experiment) && my_module.archived?
# Module, its experiment and its project must be active for all the specified
# permissions
%i(manage_module
manage_users_in_module
assign_sample_to_module
complete_module
create_comments_in_module)
.each do |perm|
can perm do |_, my_module|
my_module.active? &&
my_module.experiment.active? &&
my_module.experiment.project.active?
end
end
# module: edit, archive, move
# module: update, archive, move
# result: create, update
can :manage_module do |user, my_module|
can_manage_experiment?(user, my_module.experiment)
end
%i(manage_module).each do |perm|
can perm do |_, my_module|
my_module.experiment.project.active?
end
# NOTE: Must not be dependent on canaid parmision for which we check if it's
# active
# module: restore
can :restore_module do |user, my_module|
user.is_user_or_higher_of_project?(my_module.experiment.project) &&
my_module.archived?
end
# module: assign/reassign/unassign users
can :manage_users_in_module do |user, my_module|
user.is_owner_of_project?(my_module.experiment.project)
end
# module: assign/unassign sample, assign/unassign repository record
# NOTE: Use 'module_page? &&' before calling this permission!
can :assign_repository_rows_to_module do |user, my_module|
user.is_technician_or_higher_of_project?(my_module.experiment.project)
end
# module: complete/uncomplete
can :complete_module do |user, my_module|
user.is_technician_or_higher_of_project?(my_module.experiment.project)
end
# module: create comment
# result: create comment
# step: create comment
can :create_comments_in_module do |user, my_module|
can_create_comments_in_project?(user, my_module.experiment.project)
end
end
Canaid::Permissions.register_for(Protocol) do
# protocol in module: read
# step: read, read comments, read assets, download assets
can :read_protocol_in_module do |user, protocol|
if protocol.in_module?
# Protocol needs to be in a module for all Protocol permissions below
# experiment level
%i(read_protocol_in_module
manage_protocol_in_module
complete_or_checkbox_step)
.each do |perm|
can perm do |_, protocol|
protocol.in_module?
end
end
# Module, its experiment and its project must be active for all the specified
# permissions
%i(read_protocol_in_module
manage_protocol_in_module
complete_or_checkbox_step)
.each do |perm|
can perm do |_, protocol|
my_module = protocol.my_module
my_module.active? &&
my_module.experiment.active? &&
my_module.experiment.project.active? &&
can_read_experiment?(user, my_module.experiment)
else
false
my_module.experiment.project.active?
end
end
# protocol in module: read
# step in module: read, read comments, read/download assets
can :read_protocol_in_module do |user, protocol|
can_read_experiment?(user, protocol.my_module.experiment)
end
# protocol in module: create/update/delete, unlink, revert, update from
# protocol in repository, update from file
# step: create/update/delete, reorder
# step in module: create/update/delete, reorder
can :manage_protocol_in_module do |user, protocol|
if protocol.in_module?
my_module = protocol.my_module
can_manage_module?(user, protocol.my_module)
end
# step: complete/uncomplete
can :complete_or_checkbox_step do |user, protocol|
can_complete_module?(user, protocol.my_module)
end
end
Canaid::Permissions.register_for(Result) do
# Module, its experiment and its project must be active for all the specified
# permissions
%i(manage_result).each do |perm|
can perm do |_, result|
my_module = result.my_module
my_module.active? &&
my_module.experiment.active? &&
my_module.experiment.project.active? &&
can_manage_module?(user, my_module)
else
false
my_module.experiment.project.active?
end
end
%i(read_protocol_in_module
manage_protocol_in_module)
.each do |perm|
can perm do |_, protocol|
protocol.my_module.experiment.project.active?
end
# result: delete, archive
can :manage_result do |user, result|
result.unlocked?(result) &&
user.is_owner_of_project?(result.my_module.experiment.project)
end
end
Canaid::Permissions.register_for(Comment) do
# Module, its experiment and its project must be active for all the specified
# permissions
%i(manage_comment_in_module)
.each do |perm|
can perm do |_, comment|
my_module = ::PermissionsUtil.get_comment_module(comment)
my_module.active? &&
my_module.experiment.active? &&
my_module.experiment.project.active?
end
end
# module: update/delete comment
# result: update/delete comment
# step: update/delete comment
can :manage_comment_in_module do |user, comment|
my_module = ::PermissionsUtil.get_comment_module(comment)
project = my_module.experiment.project
# Same check as in `can_manage_comment_in_project?`
project.present? &&
(user.is_owner_of_project?(project) || comment.user == user)
end
end

7
app/permissions/organization.rb
View file

@ -1,5 +1,10 @@
# TODO: For all permissions: foe ALL permission levels check whether they're
# archived (for restore permissions) or active (for all other permissions) -
# now we mostly do the check only for the permission level for which the
# permission was made
Canaid::Permissions.register_generic do
can :create_teams do |user|
# organization: create team
can :create_teams do |_|
true
end
end

62
app/permissions/project.rb
View file

@ -1,4 +1,18 @@
Canaid::Permissions.register_for(Project) do
# Project must be active for all the specified permissions
%i(read_project
manage_project
archive_project
create_experiments
create_comments_in_project
manage_tags
manage_reports)
.each do |perm|
can perm do |_, project|
project.active?
end
end
# project: read, read activities, read comments, read users, read archive,
# read notifications
# reports: read
@ -9,7 +23,7 @@ Canaid::Permissions.register_for(Project) do
(project.visible? && user.is_member_of_team?(project.team))
end
# project: update/delete/archive, assign/reassign/unassign users
# project: update/delete, assign/reassign/unassign users
can :manage_project do |user, project|
user.is_owner_of_project?(project)
end
@ -19,59 +33,47 @@ Canaid::Permissions.register_for(Project) do
can_manage_project?(user, project)
end
# NOTE: Must not be dependent on canaid parmision for which we check if it's
# active
# project: restore
can :restore_project do |user, project|
can_manage_project?(user, project) && project.archived?
user.is_owner_of_project?(project) && project.archived?
end
# experiment: create
can :create_experiment do |user, project|
can :create_experiments do |user, project|
user.is_user_or_higher_of_project?(project)
end
# project: create comment
can :create_comment_in_project do |user, project|
can :create_comments_in_project do |user, project|
user.is_technician_or_higher_of_project?(project)
end
# project: create/update/delete tag
# module: assign/reassign/unassign tag
can :create_or_manage_tags do |user, project|
can :manage_tags do |user, project|
user.is_user_or_higher_of_project?(project)
end
# reports: create/delete
can :create_or_manage_reports do |user, project|
# reports: create, delete
can :manage_reports do |user, project|
user.is_technician_or_higher_of_project?(project)
end
# Project must be active for all the specified permissions
%i(read_project
manage_project
archive_project
create_experiment
create_comment_in_project
create_or_manage_tags
create_or_manage_reports)
.each do |perm|
can perm do |_, project|
project.active?
end
end
end
Canaid::Permissions.register_for(Comment) do
# project: update/delete comment
can :manage_comment_in_project do |user, comment|
comment.project.present? && (comment.user == user ||
user.is_owner_of_project?(project))
end
Canaid::Permissions.register_for(ProjectComment) do
# Project must be active for all the specified permissions
%i(manage_comment_in_project)
.each do |perm|
can perm do |_, comment|
comment.project.active?
can perm do |_, project_comment|
project_comment.project.active?
end
end
# project: update/delete comment
can :manage_comment_in_project do |user, project_comment|
project_comment.project.present? && (project_comment.user == user ||
user.is_owner_of_project?(project_comment.project))
end
end

101
app/permissions/team.rb
View file

@ -1,120 +1,129 @@
Canaid::Permissions.register_for(Team) do
# view projects, view protocols
# leave team, view team users (ATWHO)
# view samples, export samples
# view repositories, view repository, export repository rows
# team: leave, read users, read projects, read/export samples,
# read protocols, read/export repositories
#
can :read_team do |user, team|
user.is_member_of_team?(team)
end
# edit team name, edit team description
# team: update
can :update_team do |user, team|
user.is_admin_of_team?(team)
end
# invite user to team, change user's role, remove user from team
# team: assign/unassing user, change user role
can :manage_team_users do |user, team|
user.is_admin_of_team?(team)
end
# create project
# project: create
can :create_projects do |user, team|
user.is_normal_user_or_admin_of_team?(team)
end
# create protocol in repository, import protocol to repository
# protocol in repository: create, import
can :create_protocols_in_repository do |user, team|
user.is_normal_user_or_admin_of_team?(team)
end
# create, import, edit, delete samples
can :manage_samples do |user, team|
# sample: create, import
can :create_samples do |user, team|
user.is_normal_user_or_admin_of_team?(team)
end
# create custom field
# create, update, delete sample type or sample group
can :manage_sample_columns do |user, team|
# sample: create field
can :create_sample_columns do |user, team|
user.is_normal_user_or_admin_of_team?(team)
end
# create, copy repository
# create/update/delete sample type/group
can :manage_sample_types_and_groups do |user, team|
user.is_normal_user_or_admin_of_team?(team)
end
# repository: create, copy
can :create_repositories do |user, team|
user.is_admin_of_team?(team)
user.is_admin_of_team?(team) &&
team.repositories.count < Constants::REPOSITORIES_LIMIT
end
# create, import, edit, delete repository records
# repository: create/import record
can :create_repository_rows do |user, team|
user.is_normal_user_or_admin_of_team?(team)
end
# repository: update/delete records
can :manage_repository_rows do |user, team|
user.is_normal_user_or_admin_of_team?(team)
end
# create repository column
# repository: create field
can :create_repository_columns do |user, team|
user.is_normal_user_or_admin_of_team?(team)
end
end
Canaid::Permissions.register_for(Protocol) do
# view protocol in repository, export protocol from repository
# view step in protocol in repository, view or dowload step asset
# protocol in repository: read, export, read step, read/download step asset
can :read_protocol_in_repository do |user, protocol|
user.is_member_of_team?(protocol.team) &&
(protocol.in_repository_public? ||
protocol.in_repository_private? && user == protocol.added_by)
end
# edit protocol in repository,
# create, edit, delete or reorder step in repository
can :update_protocol_in_repository do |user, protocol|
# protocol in repository: update, create/update/delete/reorder step,
# toggle private/public visibility, archive
can :manage_protocol_in_repository do |user, protocol|
protocol.in_repository_active? &&
can_update_protocol_type_in_repository?(user, protocol)
end
# toggle protocol visibility (public, private, archive, restore)
can :update_protocol_type_in_repository do |user, protocol|
user.is_normal_user_or_admin_of_team?(protocol.team) &&
user.is_normal_user_or_admin_of_team?(protocol.team) &&
user == protocol.added_by
end
# clone protocol in repository
# protocol in repository: restore
can :restore_protocol_in_repository do |user, protocol|
protocol.in_repository_archived? &&
user.is_normal_user_or_admin_of_team?(protocol.team) &&
user == protocol.added_by
end
# protocol in repository: copy
can :clone_protocol_in_repository do |user, protocol|
can_create_protocols_in_repository?(user, protocol.team) &&
can_read_protocol_in_repository?(user, protocol)
can_read_protocol_in_repository?(user, protocol) &&
can_create_protocols_in_repository?(user, protocol.team)
end
end
Canaid::Permissions.register_for(Sample) do
# edit, delete specific sample
can :update_or_delete_sample do |user, sample|
can_manage_samples?(user, sample.team)
# sample: update, delete
can :manage_sample do |user, sample|
can_create_samples?(user, sample.team)
end
end
Canaid::Permissions.register_for(CustomField) do
# update, delete custom field
can :update_or_delete_custom_field do |user, custom_field|
can_manage_sample_columns?(user, custom_field.team)
# sample: update/delete field
can :manage_sample_column do |user, custom_field|
can_create_sample_columns?(user, custom_field.team)
end
end
Canaid::Permissions.register_for(Repository) do
# edit, destroy repository
can :update_or_delete_repository do |user, repository|
can_create_repositories?(user, repository.team)
# repository: update, delete
can :manage_repository do |user, repository|
user.is_admin_of_team?(repository.team)
end
end
Canaid::Permissions.register_for(RepositoryRow) do
# update, delete specific repository record
can :update_or_delete_repository_row do |user, repository_row|
can_manage_repository_rows?(user, repository_row.repository.team)
# repository: update/delete record
can :manage_repository_row do |user, repository_row|
can_create_repository_rows?(user, repository_row.repository.team)
end
end
Canaid::Permissions.register_for(RepositoryColumn) do
# update, delete repository column
can :update_or_delete_repository_column do |user, repository_column|
# repository: update/delete field
can :manage_repository_column do |user, repository_column|
can_create_repository_columns?(user, repository_column.repository.team)
end
end

20
app/utilities/permissions_util.rb Normal file
View file

@ -0,0 +1,20 @@
module PermissionsUtil
def self.get_comment_module(comment)
comment = comment.becomes(comment.type.constantize)
my_module = case comment
when TaskComment
comment.my_module
when ResultComment
comment.result.my_module
when StepComment
comment.step.protocol.my_module
end
my_module
end
def self.reference_project(obj)
return obj.experiment.project if obj.is_a? MyModule
return obj.project if obj.is_a? Experiment
obj
end
end

8
app/views/canvas/_edit.html.erb
View file

@ -1,11 +1,11 @@
<div id="update-canvas"
data-can-create-modules="<%= can_manage_experiment?(@experiment) ? "yes" : "no" %>"
data-can-edit-modules="<%= can_manage_experiment?(@experiment) ? "yes" : "no" %>"
data-can-clone-modules="<%= can_clone_modules(@experiment) ? "yes" : "no" %>"
data-can-clone-modules="<%= can_manage_experiment?(@experiment) ? "yes" : "no" %>"
data-can-move-modules="<%= can_manage_experiment?(@experiment) ? "yes" : "no" %>"
data-can-delete-modules="<%= can_manage_experiment?(@experiment) ? "yes" : "no" %>"
data-can-reposition-modules="<%= can_reposition_modules(@experiment) ? "yes" : "no" %>"
data-can-edit-connections="<%= can_edit_connections(@experiment) ? "yes" : "no" %>"
data-can-reposition-modules="<%= can_manage_experiment?(@experiment) ? "yes" : "no" %>"
data-can-edit-connections="<%= can_manage_experiment?(@experiment) ? "yes" : "no" %>"
data-unsaved-work-text="<%=t "experiments.canvas.edit.unsaved_work" %>"
>
<%= bootstrap_form_tag url: canvas_experiment_url, method: "post" do |f| %>
@ -74,7 +74,7 @@
<% if can_manage_experiment?(@experiment) %>
<div id="diagram" class="diagram">
<% my_modules.each do |my_module| %>
<%= render partial: "canvas/edit/my_module", locals: {experiment: @experiment, my_module: my_module} %>
<%= render partial: "canvas/edit/my_module", locals: { experiment: @experiment, my_module: my_module } %>
<% end %>
</div>
<% end %>

2
app/views/canvas/_tags.html.erb
View file

@ -13,7 +13,7 @@
<%= my_module.tags.count %>
</span>
<% else %>
<span class="badge badge-indicator <%= "invisible" unless can_create_or_manage_tags?(my_module.experiment.project) %>">
<span class="badge badge-indicator <%= "invisible" unless can_manage_module?(my_module) %>">
+
</span>
<% end %>

18
app/views/canvas/edit/_my_module.html.erb
View file

@ -6,6 +6,9 @@
data-module-y="<%= my_module.y %>"
data-module-conns="<%= construct_module_connections(my_module) %>">
<% module_group = my_module.my_module_group %>
<% can_manage_module_group = module_group && (module_group.new_record? || module_group.my_modules.all? { |my_module| can_manage_module?(my_module) }) %>
<div class="panel-heading">
<h3 class="panel-title"><%= my_module.name %></h3>
@ -21,7 +24,7 @@
<a class="edit-module" href="" data-module-id="<%= my_module.id %>"><%=t "experiments.canvas.edit.edit_module" %></a>
</li>
<% end %>
<% if can_clone_modules(my_module.experiment) %>
<% if can_manage_experiment?(my_module.experiment) %>
<li>
<a class ="clone-module" href="" data-module-id="<%= my_module.id %>"><%=t "experiments.canvas.edit.clone_module" %></a>
</li>
@ -33,16 +36,19 @@
<li>
<a class="move-module" href="" data-module-id="<%= my_module.id %>"><%=t "experiments.canvas.edit.move_module" %></a>
</li>
<li <%= 'style=display:none;' if my_module.my_module_group.blank? %>>
<% end %>
<% if can_manage_module_group %>
<li>
<a class="move-module-group" href="" data-module-id="<%= my_module.id %>"><%=t "experiments.canvas.edit.move_module_group" %></a>
</li>
<% end %>
<% if can_manage_module?(my_module) %>
<li>
<a class="delete-module" href="" data-module-id="<%= my_module.id %>"><%=t "experiments.canvas.edit.delete_module" %></a>
</li>
<% end %>
<% if my_module.my_module_group && my_module.my_module_group.my_modules.all? { |my_module| can_manage_module?(my_module) } %>
<li data-hook="archive-module-group"
<%= 'style=display:none;' if my_module.my_module_group.blank? %>>
<% if can_manage_module_group %>
<li data-hook="archive-module-group">
<a class ="delete-module-group" href="" data-module-id="<%= my_module.id %>"><%=t "experiments.canvas.edit.delete_module_group" %></a>
</li>
<% end %>
@ -51,7 +57,7 @@
</div>
<% if can_edit_connections(my_module.experiment) %>
<% if can_manage_experiment?(my_module.experiment) %>
<div class="panel-body ep">
<%=t "experiments.canvas.edit.drag_connections" %>
</div>

16
app/views/canvas/edit/modal/_move_module.html.erb
View file

@ -10,17 +10,17 @@
<% if experiments.count > 1 %>
<%= bootstrap_form_tag do |f| %>
<%= f.select :experiment_id, experiments
.select { |e| e != @experiment }
.select { |e| e != @experiment && can_manage_experiment?(e) }
.collect { |e| [ e.name, e.id ] }, {},
{class: "form-control selectpicker", "data-role" => "clear"} %>
<% end %>
<% else %>
<div>
<em>
<%= t("experiments.canvas.edit.modal_move_module.no_experiments") %>
</em>
</div>
<% end %>
<% else %>
<div>
<em>
<%= t("experiments.canvas.edit.modal_move_module.no_experiments") %>
</em>
</div>
<% end %>
</div>
<div class="modal-footer">
<% if experiments.count > 1 %>

24
app/views/canvas/full_zoom/_my_module.html.erb
View file

@ -12,15 +12,13 @@
data-module-tags-url="<%= my_module_my_module_tags_url(my_module, format: :json) %>"
data-module-users-tab-url="<%= my_module_user_my_modules_url(my_module_id: my_module.id, format: :json) %>">
<% if can_create_or_manage_tags?(my_module.experiment.project) %>
<% if can_manage_module?(my_module) %>
<a class="edit-tags-link pull-right" data-remote="true" href="<%= my_module_tags_edit_url(my_module, format: :json) %>">
<% else %>
<span class="edit-tags-link pull-right">
<% end %>
<%= render partial: "canvas/tags.html.erb", locals: { my_module: my_module } %>
<% if can_create_or_manage_tags?(my_module.experiment.project) %>
<%= render partial: "canvas/tags.html.erb", locals: { my_module: my_module } %>
</a>
<% else %>
<span class="edit-tags-link pull-right">
<%= render partial: "canvas/tags.html.erb", locals: { my_module: my_module } %>
</span>
<% end %>
@ -42,14 +40,12 @@
<div class="panel-footer panel-footer-scinote buttons-container">
<ul class="nav nav-tabs nav-tabs-less" role="tablist">
<% if can_view_module_info(my_module) %>
<% if can_read_experiment?(my_module.experiment) %>
<li role="presentation">
<a class="btn btn-link task-card-view-info" href="<%= my_module_url(id: my_module.id, format: :json) %>" aria-controls="<%= my_module.id %>_info" role="tab" data-remote="true">
<span class="glyphicon glyphicon-info-sign" aria-hidden="true"></span>
</a>
</li>
<% end %>
<% if can_view_module_users(my_module) %>
<li role="presentation">
<a class="btn btn-link task-card-view-users" href="<%= my_module_user_my_modules_url(my_module_id: my_module.id, format: :json) %>" aria-controls="<%= my_module.id %>_users" role="tab" data-remote="true">
<span class="glyphicon glyphicon-user" aria-hidden="true"></span>
@ -59,8 +55,6 @@
</span>
</a>
</li>
<% end %>
<% if can_read_experiment?(my_module.experiment) %>
<li role="presentation">
<a class="btn btn-link task-card-view-activities" href="<%= activities_tab_my_module_url(id: my_module.id, format: :json) %>" aria-controls="<%= my_module.id %>_activities" role="tab" data-remote="true">
<span class="glyphicon glyphicon-equalizer" aria-hidden="true"></span>
@ -88,13 +82,9 @@
<!-- Tab panes -->
<div class="tab-content">
<% if can_view_module_info(my_module) %>
<div role="tabpanel" class="tab-pane" id="<%= my_module.id %>_info" data-contents="info"></div>
<% end %>
<% if can_view_module_users(my_module) %>
<div role="tabpanel" class="tab-pane" id="<%= my_module.id %>_users" data-contents="users"></div>
<% end %>
<% if can_read_experiment?(my_module.experiment) %>
<div role="tabpanel" class="tab-pane" id="<%= my_module.id %>_info" data-contents="info"></div>
<div role="tabpanel" class="tab-pane" id="<%= my_module.id %>_users" data-contents="users"></div>
<div role="tabpanel" class="tab-pane" id="<%= my_module.id %>_activities" data-contents="activities"></div>
<div role="tabpanel" class="tab-pane" id="<%= my_module.id %>_comments" data-contents="comments"></div>
<div role="tabpanel" class="tab-pane" id="<%= my_module.id %>_samples" data-contents="samples"></div>

2
app/views/canvas/medium_zoom/_my_module.html.erb
View file

@ -11,7 +11,7 @@
data-module-conns="<%= construct_module_connections(my_module) %>"
data-module-tags-url="<%= my_module_my_module_tags_url(my_module, format: :json) %>">
<% if can_create_or_manage_tags?(my_module.experiment.project) %>
<% if can_manage_module?(my_module) %>
<a class="edit-tags-link pull-right" data-remote="true" href="<%= my_module_tags_edit_url(my_module, format: :json) %>">
<%= render partial: "canvas/tags.html.erb", locals: { my_module: my_module } %>
</a>

2
app/views/experiments/canvas.html.erb
View file

@ -41,7 +41,7 @@
</div>
</div>
<% if can_create_experiment?(@project) %>
<% if can_create_experiments?(@project) %>
<%= link_to new_project_experiment_url(@project),
remote: true,
type: "button",

6
app/views/my_module_comments/_comment.html.erb
View file

@ -1,6 +1,6 @@
<div class="pull-right">
<span class="text-muted"><%= l comment.created_at, format: '%H:%M' %></span>
<% if can_edit_module_comment(comment) || can_delete_module_comment(comment) %>
<% if can_manage_comment_in_module?(comment.becomes(Comment)) %>
<div class="dropdown dropdown-comment">
<a href="#"
class="dropdown-toggle"
@ -14,7 +14,6 @@
</a>
<ul class="dropdown-menu dropdown-menu-fixed" aria-labelledby="comment-<%= comment.id %>-dropdown">
<li class="dropdown-header"><%= I18n.t('comments.options_dropdown.header') %></li>
<% if can_edit_module_comment(comment) %>
<li>
<a href="#"
data-action="edit-comment"
@ -22,8 +21,6 @@
<%= t('comments.options_dropdown.edit') %>
</a>
</li>
<% end %>
<% if can_delete_module_comment(comment) %>
<li>
<a href="#"
data-action="delete-comment"
@ -32,7 +29,6 @@
<%= t('comments.options_dropdown.delete') %>
</a>
</li>
<% end %>
</ul>
</div>
<% end %>

2
app/views/my_module_comments/_index.html.erb
View file

@ -14,7 +14,7 @@
<%= render 'my_module_comments/list.html.erb', comments: @comments %>
<% end %>
</ul>
<% if can_add_comment_to_module(@my_module) %>
<% if can_create_comments_in_module?(@my_module) %>
<ul class="no-style double-line">
<li>
<hr>

60
app/views/my_module_tags/_index_edit.html.erb
View file

@ -11,42 +11,38 @@
<h4><%= tag.name %></h4>
</div>
<div class="pull-right">
<% if can_create_or_manage_tags?(@my_module.experiment.project) then %>
<%= link_to "", remote: true, class: 'btn btn-link edit-tag-link', title: t("experiments.canvas.modal_manage_tags.edit_tag") do %>
<span class="glyphicon glyphicon-adjust"></span>
<% end %>
<%= link_to my_module_my_module_tag_path(@my_module, mmt, format: :json), method: :delete, remote: true, class: 'btn btn-link remove-tag-link', title: t("experiments.canvas.modal_manage_tags.remove_tag", module: @my_module.name) do %>
<span class="glyphicon glyphicon-remove"></span>
<% end %>
<%= bootstrap_form_for tag, remote: true, url: project_tag_path(@my_module.experiment.project, tag, format: :json), method: :delete, html: { class: "delete-tag-form"} do |f| %>
<%= hidden_field_tag :my_module_id, @my_module.id %>
<%= f.button class: 'btn btn-link delete-tag-link', title: t("experiments.canvas.modal_manage_tags.delete_tag") do %>
<span class="glyphicon glyphicon-trash"></span>
<% end %>
<%= link_to "", remote: true, class: 'btn btn-link edit-tag-link', title: t("experiments.canvas.modal_manage_tags.edit_tag") do %>
<span class="glyphicon glyphicon-adjust"></span>
<% end %>
<%= link_to my_module_my_module_tag_path(@my_module, mmt, format: :json), method: :delete, remote: true, class: 'btn btn-link remove-tag-link', title: t("experiments.canvas.modal_manage_tags.remove_tag", module: @my_module.name) do %>
<span class="glyphicon glyphicon-remove"></span>
<% end %>
<%= bootstrap_form_for tag, remote: true, url: project_tag_path(@my_module.experiment.project, tag, format: :json), method: :delete, html: { class: "delete-tag-form"} do |f| %>
<%= hidden_field_tag :my_module_id, @my_module.id %>
<%= f.button class: 'btn btn-link delete-tag-link', title: t("experiments.canvas.modal_manage_tags.delete_tag") do %>
<span class="glyphicon glyphicon-trash"></span>
<% end %>
<% end %>
</div>
</div>
<% if can_create_or_manage_tags?(@my_module.experiment.project) %>
<div class="row tag-edit" style="display: none;">
<%= bootstrap_form_for tag, remote: true, url: project_tag_path(@my_module.experiment.project, tag, format: :json), method: :put, html: { class: "edit-tag-form" } do |f| %>
<%= hidden_field_tag :my_module_id, @my_module.id %>
<div class="col-xs-7">
<%= f.text_field :name, hide_label: true %>
</div>
<div class="pull-right">
<%= f.color_picker_select :color, Constants::TAG_COLORS, class: "edit-tag-color" %>
<%= f.button class: "btn btn-link save-tag-link", title: t("experiments.canvas.modal_manage_tags.save_tag") do %>
<span class="glyphicon glyphicon-ok"></span>
<% end %>
<%= link_to "", remote: true, class: 'btn btn-link cancel-tag-link', title: t("experiments.canvas.modal_manage_tags.cancel_tag") do %>
<span class="glyphicon glyphicon-remove"></span>
<% end %>
</div>
<% end %>
</div>
<% end %>
<div class="row tag-edit" style="display: none;">
<%= bootstrap_form_for tag, remote: true, url: project_tag_path(@my_module.experiment.project, tag, format: :json), method: :put, html: { class: "edit-tag-form" } do |f| %>
<%= hidden_field_tag :my_module_id, @my_module.id %>
<div class="col-xs-7">
<%= f.text_field :name, hide_label: true %>
</div>
<div class="pull-right">
<%= f.color_picker_select :color, Constants::TAG_COLORS, class: "edit-tag-color" %>
<%= f.button class: "btn btn-link save-tag-link", title: t("experiments.canvas.modal_manage_tags.save_tag") do %>
<span class="glyphicon glyphicon-ok"></span>
<% end %>
<%= link_to "", remote: true, class: 'btn btn-link cancel-tag-link', title: t("experiments.canvas.modal_manage_tags.cancel_tag") do %>
<span class="glyphicon glyphicon-remove"></span>
<% end %>
</div>
<% end %>
</div>
</li>
<% end %>
@ -55,7 +51,6 @@
<hr>
<div class="row">
<% if can_create_or_manage_tags?(@my_module.experiment.project) then %>
<%= bootstrap_form_for [@my_module, @new_mmt], remote: true, format: :json, html: { class: 'add-tag-form' } do |f| %>
<div class="col-xs-6">
<div class="well well-sm">
@ -85,5 +80,4 @@
<% end %>
<% end %>
</div>
<% end %>
</div>

2
app/views/my_modules/_module_header.html.erb
View file

@ -52,7 +52,7 @@
<div class="row">
<div class="col-xs-12 col-sm-12 col-md-12" id="module-tags" data-module-tags-url="<%= my_module_my_module_tags_url(@my_module, format: :json) %>">
<div class="badge-icon bg-primary">
<% if can_create_or_manage_tags?(@my_module.experiment.project) %>
<% if can_manage_module?(@my_module) %>
<a class="edit-tags-link" data-remote="true" href="<%= my_module_tags_edit_url(@my_module, format: :json) %>" style="color: inherit">
<span class="glyphicon glyphicon-tags"></span>
</a>

6
app/views/my_modules/_result.html.erb
View file

@ -13,12 +13,12 @@
<div class="panel panel-default">
<div class="panel-heading">
<div class="panel-options pull-right">
<% if can_edit_result(result) %>
<% if can_manage_module?(result.my_module) %>
<a class="btn btn-link edit-result-button <%= edit_result_button_class(result) %>" id="<%= result.id %>_edit" href="<%= edit_result_link(result) %>" data-remote="true" title="<%= t'my_modules.results.options.edit_title' %>">
<span class="glyphicon glyphicon-edit"></span>
</a>
<% end %>
<% if can_archive_result(result) && !result.archived && result_unlocked?(result) %>
<% if can_manage_result?(result) %>
<a href="#"
class="btn btn-link form-submit-link"
data-form-id="result-archive-form-<%= result.id %>"
@ -46,7 +46,7 @@
locals: { result: result } %>
</div>
</div>
<% if can_view_result_comments(@my_module) %>
<% if can_read_experiment?(@my_module.experiment) %>
<div class="row">
<div class="result-comment"
id="result-comments-<%= result.id %>"

4
app/views/my_modules/_state_buttons.html.erb
View file

@ -1,5 +1,5 @@
<div class="pull-right my_module-state-buttons">
<% if can_complete_module(@my_module) %>
<% if can_complete_module?(@my_module) %>
<div class="btn-group">
<% if !@my_module.completed? %>
<div data-action="complete-task" data-link-url="<%= toggle_task_state_my_module_path(@my_module) %>">
@ -13,4 +13,4 @@
</div>
<% end %>
<span data-hook="my_module-protocol-buttons"></span>
</div>
</div>

2
app/views/my_modules/archive/_result.html.erb
View file

@ -16,7 +16,7 @@
<%= link_to option_text, result_table_download_path(result.result_table_id), data: {no_turbolink: true} %>
<% end %>
</li>
<% if can_delete_module_result(result) %>
<% if can_manage_result?(result) %>
<li>
<%= link_to t('my_modules.module_archive.option_delete'),
result_path(action: :delete, id: result.id),

6
app/views/my_modules/modals/_manage_users_modal.html.erb
View file

@ -8,10 +8,8 @@
<div class="modal-body"></div>
<div class="modal-footer">
<span class="pull-left">
<% if is_admin_of_team(@experiment.project.team) %>
<%= link_to t("experiments.canvas.full_zoom.modal_manage_users.invite_users_link"),
"/settings/teams/#{@experiment.project.team.id}",
data: { turbolinks: false } %>
<% if current_user.is_admin_of_team?(@experiment.project.team) %>
<%= link_to t("experiments.canvas.full_zoom.modal_manage_users.invite_users_link"), team_path(@experiment.project.team.id) %>
<span><%=t "experiments.canvas.full_zoom.modal_manage_users.invite_users_details", team: @experiment.project.team.name %></span>
<% else %>
<i><%=t "experiments.canvas.full_zoom.modal_manage_users.contact_admins", team: @experiment.project.team.name %></i>

4
app/views/my_modules/protocols/_protocol_status_bar_buttons.html.erb
View file

@ -40,7 +40,7 @@
<span class="caret"></span>
</a>
<ul class="dropdown-menu">
<% if can_read_protocol_in_module?(@protocol) && can_update_protocol_in_repository?(@protocol.parent) %>
<% if can_read_protocol_in_module?(@protocol) && can_manage_protocol_in_repository?(@protocol.parent) %>
<li>
<%= link_to update_parent_modal_protocol_path(@protocol, format: :json), remote: true, title: t("my_modules.protocols.protocol_status_bar.btns.update_parent_title"), data: { action: "update-parent" } do %>
<%= t("my_modules.protocols.protocol_status_bar.btns.update_parent") %>
@ -112,7 +112,7 @@
<span class="caret"></span>
</a>
<ul class="dropdown-menu">
<% if can_read_protocol_in_module?(@protocol) && can_update_protocol_in_repository?(@protocol.parent) %>
<% if can_read_protocol_in_module?(@protocol) && can_manage_protocol_in_repository?(@protocol.parent) %>
<li>
<%= link_to update_parent_modal_protocol_path(@protocol, format: :json), remote: true, title: t("my_modules.protocols.protocol_status_bar.btns.update_parent_title"), data: { action: "update-parent" } do %>
<%= t("my_modules.protocols.protocol_status_bar.btns.update_parent") %>

4
app/views/my_modules/repository.html.erb
View file

@ -13,15 +13,13 @@
</div>
<div class="toolbarButtons" style="display:none">
<% if can_assign_repository_records(@my_module, @repository) %>
<% if module_page? && can_assign_repository_rows_to_module?(@my_module) %>
<button type="button" class="btn btn-default"
data-assign-url="<%= assign_repository_records_my_module_path(@my_module, @repository)%>"
id="assignRepositoryRecords" onclick="onClickAssignRecords()" disabled>
<span class="glyphicon glyphicon-ok-circle"></span>
<span class="hidden-xs-custom"><%= t'repositories.assign_records_to_module' %></span>
</button>
<% end %>
<% if can_unassign_repository_records(@my_module, @repository) %>
<button type="button" class="btn btn-default"
data-unassign-url="<%= unassign_repository_records_my_module_path(@my_module, @repository)%>"
id="unassignRepositoryRecords" onclick="onClickUnassignRecords()" disabled>

10
app/views/my_modules/results.html.erb
View file

@ -13,12 +13,8 @@
<span class="hidden-xs-custom"><%= t'my_modules.results.expand_label' %></button></span>
</div>
<% if can_create_result_text_in_module(@my_module) or
can_create_result_table_in_module(@my_module) or
can_create_result_asset_in_module(@my_module) %>
<% if can_manage_module?(@my_module) %>
<span class="hidden-xs"><%= t'my_modules.results.add_label' %></span>
<% end %>
<% if can_create_result_text_in_module(@my_module) %>
<a class="btn btn-primary"
id="new-result-text"
data-href="<%= new_my_module_result_text_path(my_module_id: @my_module.id) %>"
@ -26,8 +22,6 @@
<span class="glyphicon glyphicon-font"></span>
<span class="hidden-xs"><%= t("my_modules.results.new_text_result") %></span>
</a>
<% end %>
<% if can_create_result_table_in_module(@my_module) %>
<a class="btn btn-primary"
id="new-result-table"
data-href="<%= new_my_module_result_table_path(my_module_id: @my_module.id) %>"
@ -35,8 +29,6 @@
<span class="glyphicon glyphicon-list-alt"></span>
<span class="hidden-xs"><%= t("my_modules.results.new_table_result") %></span>
</a>
<% end %>
<% if can_create_result_asset_in_module(@my_module) %>
<a class="btn btn-primary"
id="new-result-asset"
data-href="<%= new_my_module_result_asset_path(my_module_id: @my_module.id) %>"

2
app/views/project_comments/_index.html.erb
View file

@ -13,7 +13,7 @@
<%= render 'project_comments/list.html.erb', comments: @comments %>
<% end %>
</ul>
<% if can_create_comment_in_project?(@project) %>
<% if can_create_comments_in_project?(@project) %>
<ul class="no-style double-line">
<li>
<hr>

50
app/views/projects/index.html.erb
View file

@ -23,39 +23,37 @@
</div>
<% end %>
<% if can_manage_project?(@project) %>
<!-- Edit project modal -->
<div class="modal" id="edit-project-modal" tabindex="-1" role="dialog" aria-labelledby="edit-project-modal-label">
<div class="modal-dialog" role="document">
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">&times;</span></button>
<h4 class="modal-title" id="edit-project-modal-label"></h4>
</div>
<div class="modal-body">
</div>
<div class="modal-footer">
<button type="button" class="btn btn-primary" data-action="submit"><%=t "projects.index.modal_edit_project.submit" %></button>
<button type="button" class="btn btn-default" data-dismiss="modal"><%=t "general.cancel" %></button>
</div>
<!-- Edit project modal -->
<div class="modal" id="edit-project-modal" tabindex="-1" role="dialog" aria-labelledby="edit-project-modal-label">
<div class="modal-dialog" role="document">
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">&times;</span></button>
<h4 class="modal-title" id="edit-project-modal-label"></h4>
</div>
<div class="modal-body">
</div>
<div class="modal-footer">
<button type="button" class="btn btn-primary" data-action="submit"><%=t "projects.index.modal_edit_project.submit" %></button>
<button type="button" class="btn btn-default" data-dismiss="modal"><%=t "general.cancel" %></button>
</div>
</div>
</div>
</div>
<!-- Manage users modal -->
<div class="modal" id="manage-users-modal" tabindex="-1" role="dialog" aria-labelledby="manage-users-modal-label">
<div class="modal-dialog" role="document">
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">&times;</span></button>
<h4 class="modal-title" id="manage-users-modal-label"><%= t("projects.index.modal_manage_users.modal_title") %> <span id="manage-users-modal-project"></span></h4>
</div>
<div class="modal-body"></div>
<div class="modal-footer"></div>
<!-- Manage users modal -->
<div class="modal" id="manage-users-modal" tabindex="-1" role="dialog" aria-labelledby="manage-users-modal-label">
<div class="modal-dialog" role="document">
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">&times;</span></button>
<h4 class="modal-title" id="manage-users-modal-label"><%= t("projects.index.modal_manage_users.modal_title") %> <span id="manage-users-modal-project"></span></h4>
</div>
<div class="modal-body"></div>
<div class="modal-footer"></div>
</div>
</div>
<% end %>
</div>
<div id="projects-toolbar">

4
app/views/projects/index/_project.html.erb
View file

@ -2,7 +2,7 @@
data-project-users-tab-url="<%= url_for project_user_projects_path(project_id: project.id, format: :json) %>">
<div class="panel-heading">
<% if can_manage_project?(@project) %>
<% if can_manage_project?(project) %>
<div class="dropdown pull-right">
<button class="btn btn-link dropdown-toggle" type="button" id="dropdownMenu1" data-toggle="dropdown" aria-haspopup="true" aria-expanded="true">
<span class="caret"></span>
@ -17,7 +17,7 @@ data-project-users-tab-url="<%= url_for project_user_projects_path(project_id: p
<li>
<%= link_to t("projects.index.edit_option"), edit_project_path(project, format: :json), remote: true, "data-action" => "edit" %>
</li>
<% if can_archive_project(project) %>
<% if can_archive_project?(project) %>
<li><a href="#" class="form-submit-link" data-submit-form="<%= project_form.options[:html][:id] %>" data-confirm-form="<%= t("projects.index.archive_confirm") %>"><%= t 'projects.index.archive_option' %></a></li>
<% end %>
</ul>

4
app/views/projects/show.html.erb
View file

@ -25,7 +25,7 @@
<% end %>
</ul>
</div>
<% if can_create_experiment?(@project) %>
<% if can_create_experiments?(@project) %>
<%= link_to new_project_experiment_url(@project),
remote: true,
type: "button",
@ -51,7 +51,7 @@
<%= content_tag(:div, '', class: 'clearfix visible-lg-block') if (index + 1) % 2 == 0 %>
<% end %>
<% if can_create_experiment?(@project) %>
<% if can_create_experiments?(@project) %>
<%= render 'projects/show/new_experiment' %>
<% end %>
</div>

14
app/views/protocols/_header.html.erb
View file

@ -1,5 +1,5 @@
<div class="page-header">
<% if can_update_protocol_in_repository?(@protocol) %>
<% if can_manage_protocol_in_repository?(@protocol) %>
<a class="edit-name-link" data-action="edit-name" data-role="name-refresh" data-remote="true" href="<%= edit_name_modal_protocol_path(@protocol, format: :json) %>" style="color: inherit;">
<%= render partial: "protocols/header/name_label.html.erb" %>
</a>
@ -41,7 +41,7 @@
<div class="col-xs-12 col-sm-6 col-md-6">
<div class="badge-icon bg-primary">
<% if can_update_protocol_in_repository?(@protocol) %>
<% if can_manage_protocol_in_repository?(@protocol) %>
<a data-action="edit-keywords" data-remote="true" href="<%= edit_keywords_modal_protocol_path(@protocol, format: :json) %>" style="color: inherit;">
<span class="glyphicon glyphicon-text-color"></span>
</a>
@ -51,7 +51,7 @@
</div>
<div class="well well-sm">
<span class="hidden-xs hidden-sm hidden-md"><%=t "protocols.header.keywords" %>:</span>
<% if can_update_protocol_in_repository?(@protocol) %>
<% if can_manage_protocol_in_repository?(@protocol) %>
<%= link_to edit_keywords_modal_protocol_path(@protocol, format: :json), remote: true, style: "color: inherit;", data: { action: "edit-keywords", role: "keywords-refresh" } do %>
<%= render partial: "protocols/header/keywords_label.html.erb" %>
<% end %>
@ -63,7 +63,7 @@
<div class="col-xs-12 col-sm-6 col-md-6">
<div class="badge-icon bg-primary">
<% if can_update_protocol_in_repository?(@protocol) %>
<% if can_manage_protocol_in_repository?(@protocol) %>
<a data-action="edit-authors" data-remote="true" href="<%= edit_authors_modal_protocol_path(@protocol, format: :json) %>" style="color: inherit;">
<span class="glyphicon glyphicon-education"></span>
</a>
@ -73,7 +73,7 @@
</div>
<div class="well well-sm">
<span class="hidden-xs hidden-sm hidden-md"><%=t "protocols.header.authors" %>:</span>
<% if can_update_protocol_in_repository?(@protocol) %>
<% if can_manage_protocol_in_repository?(@protocol) %>
<%= link_to edit_authors_modal_protocol_path(@protocol, format: :json), remote: true, style: "color: inherit;", data: { action: "edit-authors", role: "authors-refresh" } do %>
<%= render partial: "protocols/header/authors_label.html.erb" %>
<% end %>
@ -85,7 +85,7 @@
<div class="col-xs-12 col-sm-12 col-md-12">
<div class="badge-icon bg-primary">
<% if can_update_protocol_in_repository?(@protocol) %>
<% if can_manage_protocol_in_repository?(@protocol) %>
<a data-action="edit-description" data-remote="true" href="<%= edit_description_modal_protocol_path(@protocol, format: :json) %>" style="color: inherit;">
<span class="glyphicon glyphicon-info-sign"></span>
</a>
@ -95,7 +95,7 @@
</div>
<div class="well well-sm">
<span class="hidden-xs hidden-sm hidden-md"><%=t "protocols.header.description" %>:</span>
<% if can_update_protocol_in_repository?(@protocol) %>
<% if can_manage_protocol_in_repository?(@protocol) %>
<%= link_to edit_description_modal_protocol_path(@protocol, format: :json), remote: true, style: "color: inherit;", data: { action: "edit-description", role: "description-refresh" } do %>
<%= render partial: "protocols/header/description_label.html.erb" %>
<% end %>

2
app/views/protocols/_steps.html.erb
View file

@ -1,7 +1,7 @@
<div class="row">
<div class="pull-right" style="margin: 20px 15px 0 0;">
<% if can_manage_protocol_in_module?(@protocol) ||
can_update_protocol_in_repository?(@protocol) %>
can_manage_protocol_in_repository?(@protocol) %>
<a href="#"
class="btn btn-primary"
data-action="new-step"

6
app/views/protocols/import_export/_import_json_protocol_preview_modal.html.erb
View file

@ -30,7 +30,7 @@
<label><%= t('protocols.import_export.import_modal.name_label') %></label>
<%= f.text_field :name, :value => pio_eval_title_len(sanitize_input(@json_object['protocol_name'])), class:
<%= f.text_field :name, :value => pio_eval_title_len(sanitize_input(not_null(@json_object['protocol_name']))), class:
"form-control" %>
</div>
<div class="form-group">
@ -52,14 +52,14 @@
<div class="col-xs-4">
<label><%= t('protocols.import_export.import_modal.created_at_label') %></label>
<% display_created_at=Time.at(@json_object['created_on'].to_i) %>
<% display_created_at=Time.at(not_null(@json_object['created_on']).to_i) %>
<%= f.text_field :created_at, :value => display_created_at.to_s,
readonly: true, class: "form-control" %>
</div>
<div class="col-xs-4">
<label><%= t('protocols.import_export.import_modal.updated_at_label') %></label>
<% display_last_modified=Time.at(@json_object['last_modified'].to_i) %>
<% display_last_modified=Time.at(not_null(@json_object['last_modified']).to_i) %>
<%= f.text_field :last_modified, :value =>
display_last_modified.to_s,readonly: true, class:
"form-control" %>

4
app/views/protocols/import_export/_import_json_protocol_s_desc.html.erb
View file

@ -40,13 +40,13 @@
<br>
<% case key['component_type_id']
when '1' %>
<% step_info_string += (key['data']) %>
<% step_info_string += not_null(key['data']) %>
<br>
<strong><%= t('protocols.protocols_io_import.preview.strng_s_desc') %></strong>
<%= prepare_for_view(key['data'],ProtocolsIoHelper::PIO_ELEMENT_RESERVED_LENGTH_SMALL,'table',true).html_safe %>
<br>
<% when '17' %>
<% step_info_string += (key['data']) %>
<% step_info_string += not_null(key['data']) %>
<br>
<strong><%= t('protocols.protocols_io_import.preview.s_exp_res') %></strong>
<%= prepare_for_view(key['data'],ProtocolsIoHelper::PIO_ELEMENT_RESERVED_LENGTH_SMALL,'table',true).html_safe %>

2
app/views/protocols/index/_protocol_preview_modal_footer.html.erb
View file

@ -1,5 +1,5 @@
<button type="button" class="btn btn-default" data-dismiss="modal"><%=t "general.close" %></button>
<% if can_update_protocol_in_repository?(@protocol) %>
<% if can_manage_protocol_in_repository?(@protocol) %>
<%= route_to_other_team_btn edit_protocol_path(protocol),
protocol.team,
t('general.edit') %>

2
app/views/reports/index.html.erb
View file

@ -4,7 +4,7 @@
<div id="content">
<div>
<% if can_create_or_manage_reports?(@project) %>
<% if can_manage_reports?(@project) %>
<%= link_to new_project_reports_path(@project), class: 'btn btn-primary', id: 'new-report-btn', 'data-no-turbolink' => true do %>
<span class="glyphicon glyphicon-plus" aria-hidden="true"></span>
<span class="hidden-xs"><%=t "projects.reports.index.new" %></span>

16
app/views/repositories/_repository.html.erb
View file

@ -7,13 +7,11 @@
<div id="repository-toolbar">
<% if can_manage_repository_rows?(repository.team) %>
<% if can_create_repository_rows?(repository.team) %>
<button type="button" class="btn btn-default editAdd" id="addRepositoryRecord" onclick="onClickAddRecord()">
<span class="glyphicon glyphicon-plus"></span>
<span class="hidden-xs"><%= t("repositories.add_new_record") %></span>
</button>
<% end %>
<% if can_manage_repository_rows?(repository.team) %>
<button type="button" class="btn btn-default" id="importRecordsButton">
<span class="glyphicon glyphicon-cloud-upload"></span>
<span class="hidden-xs"><%= t('repositories.import_records.import') %></span>
@ -34,16 +32,16 @@
data-toggle="dropdown"
aria-haspopup="true"
aria-expanded="true"
<%= "disabled='disabled'" if !can_update_or_delete_repository?(repository) && !can_create_repositories?(repository.team) %>>
<%= "disabled='disabled'" unless can_manage_repository?(repository) || can_create_repositories?(repository.team) %>>
<span class="glyphicon glyphicon-cog"></span>
<span class="caret"></span>
</div>
<% if can_update_or_delete_repository?(repository) || can_create_repositories?(repository.team) %>
<% if can_manage_repository?(repository) || can_create_repositories?(repository.team) %>
<ul class="dropdown-menu pull-right">
<li class="dropdown-header">
<%= t("repositories.index.options_dropdown.header") %>
</li>
<% if can_update_or_delete_repository?(repository) %>
<% if can_manage_repository?(repository) %>
<li>
<%= link_to t('repositories.index.options_dropdown.rename'),
team_repository_rename_modal_path(repository_id: repository),
@ -51,7 +49,7 @@
remote: true %>
</li>
<% end %>
<% if repository.team.repositories.count < Constants::REPOSITORIES_LIMIT %>
<% if can_create_repositories?(repository.team) %>
<li>
<%= link_to t('repositories.index.options_dropdown.copy'),
team_repository_copy_modal_path(repository_id: repository),
@ -59,7 +57,7 @@
remote: true %>
</li>
<% end %>
<% if can_update_or_delete_repository?(repository) %>
<% if can_manage_repository?(repository) %>
<li role="separator" class="divider"></li>
<li>
<%= link_to t('repositories.index.modal_delete.delete'),
@ -110,7 +108,7 @@
</button>
</div>
<!-- These buttons are appended to table in javascript, after table initialization. -->
<!-- These buttons are appended to table in javascript, after table initialization -->
<div class="toolbarButtons" style="display:none">
<button type="button" class="btn btn-default editAdd" id="editRepositoryRecord" onclick="onClickEdit()" disabled>
<span class="glyphicon glyphicon-pencil"></span>

4
app/views/repositories/_repository_table.html.erb
View file

@ -21,8 +21,8 @@
<th id="added-by"><%= t("repositories.table.added_by") %></th>
<% repository.repository_columns.order(:id).each do |column| %>
<th class="repository-column" id="<%= column.id %>"
<%= 'data-editable' if can_update_or_delete_repository_column?(column) %>
<%= 'data-deletable' if can_update_or_delete_repository_column?(column) %>
<%= 'data-editable' if can_manage_repository_column?(column) %>
<%= 'data-deletable' if can_manage_repository_column?(column) %>
<%= "data-edit-url='#{edit_repository_repository_column_path(repository, column)}'" %>
<%= "data-update-url='#{repository_repository_column_path(repository, column)}'" %>
<%= "data-destroy-html-url='#{repository_columns_destroy_html_path(repository, column)}'" %>

38
app/views/result_comments/_comment.html.erb
View file

@ -1,7 +1,7 @@
<strong>
<%=t "my_modules.results.comment_title", user: comment.user.full_name, time: l(comment.created_at, format: :time) %>
</strong>
<% if can_edit_result_comment_in_module(comment) || can_delete_result_comment_in_module(comment) %>
<% if can_manage_comment_in_module?(comment.becomes(Comment)) %>
<div class="dropdown dropdown-comment">
<a href="#"
class="dropdown-toggle"
@ -15,25 +15,23 @@
</a>
<ul class="dropdown-menu dropdown-menu-fixed" aria-labelledby="comment-<%= comment.id %>-dropdown">
<li class="dropdown-header"><%= I18n.t('comments.options_dropdown.header') %></li>
<% if can_edit_result_comment_in_module(comment) %>
<li>
<a href="#"
data-action="edit-comment"
data-url="<%= edit_result_result_comment_path(comment.result, comment, format: :json) %>">
<%= t('comments.options_dropdown.edit') %>
</a>
</li>
<% end %>
<% if can_delete_result_comment_in_module(comment) %>
<li>
<a href="#"
data-action="delete-comment"
data-url="<%= result_result_comment_path(comment.result, comment, format: :json) %>"
data-confirm-message="<%= t('comments.delete_confirm') %>">
<%= t('comments.options_dropdown.delete') %>
</a>
</li>
<% end %>
<li>
<a href="#"
data-action="edit-comment"
data-url="<%= edit_result_result_comment_path(comment.result, comment, format: :json) %>"
data-no-turbolink="true">
<%= t('comments.options_dropdown.edit') %>
</a>
</li>
<li>
<a href="#"
data-action="delete-comment"
data-url="<%= result_result_comment_path(comment.result, comment, format: :json) %>"
data-confirm-message="<%= t('comments.delete_confirm') %>"
data-no-turbolink="true">
<%= t('comments.options_dropdown.delete') %>
</a>
</li>
</ul>
</div>
<% end %>

2
app/views/result_comments/_index.html.erb
View file

@ -17,7 +17,7 @@
<%= render 'result_comments/list.html.erb', comments: @comments %>
<% end %>
</ul>
<% if can_add_result_comment_in_module(@my_module) then %>
<% if can_create_comments_in_module?(@my_module) then %>
<ul class="no-style double-line">
<li>
<hr>

9
app/views/results/_result_asset.html.erb
View file

@ -1,4 +1,4 @@
<% if can_view_or_download_result_assets(result.my_module) %>
<% if can_read_experiment?(result.my_module.experiment) %>
<% if result.asset.file.processing? %>
<span data-status='asset-loading'
data-present-url='<%= file_present_asset_path(result.asset) %>'>
@ -20,8 +20,11 @@
<% if wopi_file?(result.asset) %>
<%= wopi_asset_file_name(result.asset) %>
<% else %>
<p><%= truncate(result.asset.file_file_name,
length: Constants::FILENAME_TRUNCATION_LENGTH) %></p>
<p>
<%= file_extension_icon(result.asset) %>
<%= truncate(result.asset.file_file_name,
length: Constants::FILENAME_TRUNCATION_LENGTH) %>
</p>
<% end %>
<% end %>
<%= wopi_result_view_file_button(result) %>

2
app/views/search/results/partials/_asset_text.html.erb
View file

@ -5,7 +5,7 @@
<% protocol = asset.step.protocol %>
<% if can_read_protocol_in_module?(protocol) ||
can_read_protocol_in_repository?(protocol) ||
(asset.result && can_view_or_download_result_assets(asset.result.my_module) %>
(asset.result && can_read_experiment?(protocol.my_module.experiment)) %>
<a href="<%= download_asset_path asset %>" target="_blank">
<%= text %>
</a>

8
app/views/search/results/partials/_result_text.html.erb
View file

@ -4,16 +4,16 @@
<% if result.archived? %>
<span class="label label-warning"><%=t "search.index.archived" %></span>
<% if can_view_module_archive(result.my_module) %>
<% if can_read_experiment?(result.my_module.experiment) %>
<% if target == :comment %>
<%= route_to_other_team archive_my_module_path(result.my_module, ctarget: "result-panel-#{result.id}"),
result.my_module.experiment.project.team,
text %>
<% else %>
<%= route_to_other_team archive_my_module_path(result.my_module),
result.my_module.experiment.project.team,
text %>
<%= route_to_other_team archive_my_module_path(result.my_module),
result.my_module.experiment.project.team,
text %>
<% end %>
<% else %>
<%= text %>

4
app/views/search/results/partials/_step_text.html.erb
View file

@ -2,7 +2,7 @@
<% query ||= nil %>
<% text = query.present? ? highlight(step.name, query.strip.split(/\s+/)) : step.name %>
<% if step.protocol.in_module? && can_view_steps_in_protocol(step.protocol) %>
<% if can_read_protocol_in_module?(step.protocol) %>
<% if target == :comment %>
<%= route_to_other_team protocols_my_module_path(step.protocol.my_module, ctarget: "step-panel-#{step.id}"),
step.protocol.team,
@ -12,7 +12,7 @@
step.protocol.team,
text %>
<% end %>
<% elsif step.protocol.in_repository? && can_update_protocol_in_repository?(step.protocol) %>
<% elsif can_manage_protocol_in_repository?(step.protocol) %>
<%= route_to_other_team edit_protocol_path(step.protocol),
step.protocol.team,
text %>

49
app/views/shared/_samples.html.erb
View file

@ -21,7 +21,7 @@
data-module-id="<%= @my_module.id %>"
<% end %>>
<% if can_manage_samples?(@team) %>
<% if can_create_samples?(@team) %>
<button type="button" class="btn btn-default editAdd" id="addSample" onclick="onClickAddSample()">
<span class="glyphicon glyphicon-plus"></span>
<span class="hidden-xs"><%= t("samples.add_new_sample") %></span>
@ -51,7 +51,7 @@
<span class="caret"></span>
</button>
<ul class="dropdown-menu dropdown-menu-right smart-dropdown" id="samples-columns-list">
<% if can_manage_sample_columns?(@team) %>
<% if can_create_sample_columns?(@team) %>
<li class="add-new-column-form">
<div id="new-column-form" class="form-group" data-action="<%= team_custom_fields_path(@team) %>">
<div class="input-group">
@ -69,15 +69,15 @@
</div>
</div>
<% if can_add_sample_related_things_to_team %>
<div class="dropdown pull-right" style="display: inline;">
<%= link_to(t('samples.types_and_groups'),
team_sample_types_path(@team,
project_id: (@project.id if @project),
my_module_id: (@my_module.id if @my_module),
experiment_id: (@experiment.id if @experiment)),
class: 'btn btn-default' ) %>
</div>
<% if can_manage_sample_types_and_groups?(@team) %>
<div class="dropdown pull-right" style="display: inline;">
<%= link_to(t('samples.types_and_groups'),
team_sample_types_path(@team,
project_id: (@project.id if @project),
my_module_id: (@my_module.id if @my_module),
experiment_id: (@experiment.id if @experiment)),
class: 'btn btn-default' ) %>
</div>
<% end %>
</div>
@ -92,32 +92,29 @@
</button>
</div>
<!-- These buttons are appended to table in javascript, after table initialization. -->
<!-- These buttons are appended to table in javascript, after table initialization -->
<div class="toolbarButtons" style="display:none">
<button type="button" class="btn btn-default editAdd" id="editSample" onclick="onClickEdit()" disabled>
<span class="glyphicon glyphicon-pencil"></span>
<span class="hidden-xs-custom"><%= t("samples.edit_sample") %></span>
</button>
<% if can_manage_samples?(@team) %>
<button type="button" class="btn btn-default"
id="deleteSamplesButton" data-target="#deleteSamples" data-toggle="modal" disabled>
<span class="glyphicon glyphicon-trash"></span>
<span class="hidden-xs-custom"><%= t'samples.delete_samples' %></span>
<%= submit_tag I18n.t('samples.delete_samples'), :class => "hidden
delete_samples_submit" %>
</button>
<% end %>
<!-- Don't check if user can manage the selected samples, because the ones that he can't, will be left untouched -->
<button type="button" class="btn btn-default"
id="deleteSamplesButton" data-target="#deleteSamples" data-toggle="modal" disabled>
<span class="glyphicon glyphicon-trash"></span>
<span class="hidden-xs-custom"><%= t'samples.delete_samples' %></span>
<%= submit_tag I18n.t('samples.delete_samples'), :class => "hidden
delete_samples_submit" %>
</button>
<% if can_add_samples %>
<% if module_page? && can_assign_repository_rows_to_module?(@my_module) %>
<button type="button" class="btn btn-default"
id="assignSamples" onclick="$(this).next().click();" disabled>
<span class="glyphicon glyphicon-ok-circle"></span>
<span class="hidden-xs-custom"><%= t'samples.assign_samples_to_module' %></span>
</button>
<%= submit_tag MyModulesController::ASSIGN_SAMPLES, :class => "hidden" %>
<% end %>
<% if can_remove_samples %>
<button type="button" class="btn btn-default"
id="unassignSamples" onclick="$(this).next().click();" disabled>
<span class="glyphicon glyphicon-ban-circle"></span>
@ -148,8 +145,8 @@
<% all_custom_fields.each do |cf| %>
<th class="custom-field"
id="<%= cf.id %>"
<%= 'data-editable' if can_update_or_delete_custom_field?(cf) %>
<%= 'data-deletable' if can_update_or_delete_custom_field?(cf) %>
<%= 'data-editable' if can_manage_sample_column?(cf) %>
<%= 'data-deletable' if can_manage_sample_column?(cf) %>
<%= "data-edit-url='#{edit_team_custom_field_path(@team, cf)}'" %>
<%= "data-update-url='#{team_custom_field_path(@team, cf)}'" %>
<%= "data-destroy-html-url='#{team_custom_field_destroy_html_path(@team, cf)}'" %>

4
app/views/shared/_secondary_navigation.html.erb
View file

@ -126,8 +126,6 @@
<span class="hidden-xs hidden-lg glyphicon glyphicon-list-alt"></span>
</a>
</li>
<% end %>
<% if can_read_experiment?(@experiment) %>
<li id="project-archive-nav-tab" data-turbolinks="false" class="<%= "active" if is_experiment_archive? %>">
<a href="<%= module_archive_experiment_url(@experiment) %>" title="<%=t "nav2.projects.archive" %>">
<span class="glyphicon glyphicon-briefcase"></span>
@ -204,7 +202,7 @@
</ul>
</li>
<% end %>
<% if can_view_module_archive(@my_module) then %>
<% if can_read_experiment?(@my_module.experiment) then %>
<li id="archive-nav-tab" data-turbolinks="false" class="<%= "active" if is_module_archive? %>">
<a href="<%= archive_my_module_url(@my_module) %>">
<span class="glyphicon glyphicon-briefcase" title="<%= t'nav2.modules.archive' %>"></span></a>

6
app/views/step_comments/_comment.html.erb
View file

@ -2,7 +2,7 @@
<strong>
<%=t "protocols.steps.comment_title", user: comment.user.full_name, time: l(comment.created_at, format: :time) %>
</strong>
<% if can_edit_step_comment_in_protocol(comment) || can_delete_step_comment_in_protocol(comment) %>
<% if can_manage_comment_in_module?(comment.becomes(Comment)) %>
<div class="dropdown dropdown-comment">
<a href="#"
class="dropdown-toggle"
@ -16,7 +16,6 @@
</a>
<ul class="dropdown-menu dropdown-menu-fixed" aria-labelledby="comment-<%= comment.id %>-dropdown">
<li class="dropdown-header"><%= I18n.t('comments.options_dropdown.header') %></li>
<% if can_edit_step_comment_in_protocol(comment) %>
<li>
<a href="#"
data-action="edit-comment"
@ -24,8 +23,6 @@
<%= t('comments.options_dropdown.edit') %>
</a>
</li>
<% end %>
<% if can_delete_step_comment_in_protocol(comment) %>
<li>
<a href="#"
data-action="delete-comment"
@ -34,7 +31,6 @@
<%= t('comments.options_dropdown.delete') %>
</a>
</li>
<% end %>
</ul>
</div>
<% end %>

2
app/views/step_comments/_index.html.erb
View file

@ -17,7 +17,7 @@
<%= render 'step_comments/list.html.erb', comments: @comments %>
<% end %>
</ul>
<% if can_add_step_comment_in_protocol(@protocol) %>
<% if can_create_comments_in_module?(@protocol.my_module) %>
<ul class="no-style double-line">
<li>
<hr>

25
app/views/steps/_step.html.erb
View file

@ -6,7 +6,7 @@
<div class="panel-heading">
<div class="panel-options pull-right">
<% if can_manage_protocol_in_module?(@protocol) ||
can_update_protocol_in_repository?(@protocol) %>
can_manage_protocol_in_repository?(@protocol) %>
<a data-action="move-step"
class="btn btn-link"
href="<%= move_up_step_path(step, format: :json) %>"
@ -121,8 +121,11 @@
<% else %>
<%= image_tag asset.url(:medium) if asset.is_image? %>
<% end %>
<p><%= truncate(asset.file_file_name,
length: Constants::FILENAME_TRUNCATION_LENGTH) %></p>
<p>
<%= file_extension_icon(asset) %>
<%= truncate(asset.file_file_name,
length: Constants::FILENAME_TRUNCATION_LENGTH) %>
</p>
<% end %>
</li>
<% end %>
@ -161,19 +164,19 @@
</div>
<% end %>
<% if @protocol.in_module? %>
<% if !step.completed? and can_complete_step_in_protocol(@protocol) %>
<div data-action="complete-step"
class="pull-right"
data-link-url="<%= toggle_step_state_step_path(step)%>">
<button class="btn btn-primary"><%= t("protocols.steps.options.complete_title") %></button>
</div>
<% elsif step.completed? and can_uncomplete_step_in_protocol(@protocol) %>
<% if can_complete_or_checkbox_step?(@protocol) %>
<% if step.completed? %>
<div data-action="uncomplete-step"
class="pull-right"
data-link-url="<%= toggle_step_state_step_path(step)%>">
<button class="btn btn-default"><%= t("protocols.steps.options.uncomplete_title") %></button>
</div>
<% else %>
<div data-action="complete-step"
class="pull-right"
data-link-url="<%= toggle_step_state_step_path(step)%>">
<button class="btn btn-primary"><%= t("protocols.steps.options.complete_title") %></button>
</div>
<% end %>
<% end %>
</div>

9
app/views/steps/_wopi_controlls.html.erb
View file

@ -7,15 +7,18 @@
<% if wopi_file?(asset) %>
<%= wopi_asset_file_name(asset) %>
<% else %>
<p><%= truncate(asset.file_file_name,
length: Constants::FILENAME_TRUNCATION_LENGTH) %></p>
<p>
<%= file_extension_icon(asset) %>
<%= truncate(asset.file_file_name,
length: Constants::FILENAME_TRUNCATION_LENGTH) %>
</p>
<% end %>
<% end %>
<%= wopi_asset_view_button(asset) %>
<% view_only ||= false %>
<% if !view_only %>
<% if can_manage_protocol_in_module?(@protocol) ||
can_update_protocol_in_repository?(@protocol) %>
can_manage_protocol_in_repository?(@protocol) %>
<%= wopi_asset_edit_button(asset) %>
<% end %>
<% end %>

4
app/views/user_my_modules/_index.html.erb
View file

@ -25,9 +25,9 @@
<% end %>
<% end %>
</ul>
<% if can_edit_users_on_module(@my_module) then %>
<% if can_manage_users_in_module?(@my_module) %>
<p>
<hr>
<%= link_to t('experiments.canvas.popups.manage_users'), my_module_users_edit_path(@my_module, format: :json), remote: true, class: "manage-users-link" %>
</p>
<% end %>
<% end %>

Some files were not shown because too many files have changed in this diff Show more