mirror of
https://github.com/scinote-eln/scinote-web.git
synced 2024-09-20 23:16:15 +08:00
refactor read protocol in repository permission
This commit is contained in:
parent
a3a494c3a2
commit
e0d1ae174e
|
@ -115,7 +115,8 @@ class AssetsController < ApplicationController
|
|||
|
||||
def check_read_permission
|
||||
if @assoc.class == Step
|
||||
unless can_view_or_download_step_assets(@protocol)
|
||||
if @protocol.in_module? && !can_view_or_download_step_assets(@protocol) ||
|
||||
@protocol.in_repository? && !can_read_protocol_in_repository?(@protocol)
|
||||
render_403 and return
|
||||
end
|
||||
elsif @assoc.class == Result
|
||||
|
|
|
@ -906,7 +906,9 @@ class ProtocolsController < ApplicationController
|
|||
|
||||
def check_view_permissions
|
||||
@protocol = Protocol.find_by_id(params[:id])
|
||||
if @protocol.blank? || !can_view_protocol(@protocol)
|
||||
if @protocol.blank? ||
|
||||
@protocol.in_module? && !can_view_protocol(@protocol) ||
|
||||
@protocol.in_repository? && !can_read_protocol_in_repository?(@protocol)
|
||||
respond_to { |f| f.json { render json: {}, status: :unauthorized } }
|
||||
end
|
||||
end
|
||||
|
@ -1065,8 +1067,12 @@ class ProtocolsController < ApplicationController
|
|||
|
||||
def check_export_permissions
|
||||
@protocols = Protocol.where(id: params[:protocol_ids])
|
||||
if @protocols.blank? || @protocols.any? { |p| !can_export_protocol(p) }
|
||||
render_403
|
||||
render_403 if @protocols.blank?
|
||||
@protocols.each do |p|
|
||||
if p.in_module? && !can_export_protocol(p) ||
|
||||
p.in_repository? && !can_read_protocol_in_repository?(p)
|
||||
render_403
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
@ -639,7 +639,8 @@ class StepsController < ApplicationController
|
|||
end
|
||||
|
||||
def check_view_permissions
|
||||
unless can_view_steps_in_protocol(@protocol)
|
||||
if @protocol.in_module? && !can_view_steps_in_protocol(@protocol) ||
|
||||
@protocol.in_repository? && !can_read_protocol_in_repository?(@protocol)
|
||||
render_403
|
||||
end
|
||||
end
|
||||
|
|
|
@ -280,10 +280,10 @@ class WopiController < ActionController::Base
|
|||
# current_user
|
||||
@current_user = @user
|
||||
if @assoc.class == Step
|
||||
@can_read = can_view_steps_in_protocol(@protocol)
|
||||
@can_write = can_edit_step_in_protocol(@protocol)
|
||||
|
||||
if @protocol.in_module?
|
||||
@can_read = can_view_steps_in_protocol(@protocol)
|
||||
@close_url = protocols_my_module_url(@protocol.my_module,
|
||||
only_path: false,
|
||||
host: ENV['WOPI_USER_HOST'])
|
||||
|
@ -295,6 +295,7 @@ class WopiController < ActionController::Base
|
|||
host: ENV['WOPI_USER_HOST'])
|
||||
@breadcrumb_folder_name = @protocol.my_module.name
|
||||
else
|
||||
@can_read = can_read_protocol_in_repository?(@protocol)
|
||||
@close_url = protocols_url(only_path: false,
|
||||
host: ENV['WOPI_USER_HOST'])
|
||||
|
||||
|
|
|
@ -11,7 +11,7 @@ class ProtocolsDatatable < CustomDatatable
|
|||
def_delegator :@view, :can_publish_protocol
|
||||
def_delegator :@view, :can_archive_protocol
|
||||
def_delegator :@view, :can_restore_protocol
|
||||
def_delegator :@view, :can_export_protocol
|
||||
def_delegator :@view, :can_read_protocol_in_repository?
|
||||
def_delegator :@view, :linked_children_protocol_path
|
||||
def_delegator :@view, :preview_protocol_path
|
||||
|
||||
|
@ -101,7 +101,7 @@ class ProtocolsDatatable < CustomDatatable
|
|||
'DT_CanPublish': can_publish_protocol(protocol),
|
||||
'DT_CanArchive': can_archive_protocol(protocol),
|
||||
'DT_CanRestore': can_restore_protocol(protocol),
|
||||
'DT_CanExport': can_export_protocol(protocol),
|
||||
'DT_CanExport': can_read_protocol_in_repository?(protocol),
|
||||
'1': if protocol.in_repository_archived?
|
||||
escape_input(record.name)
|
||||
else
|
||||
|
|
|
@ -703,13 +703,13 @@ module PermissionHelper
|
|||
# is_normal_user_or_admin_of_team(team)
|
||||
# end
|
||||
|
||||
def can_view_protocol(protocol)
|
||||
if protocol.in_repository_public?
|
||||
def can_view_protocol(protocol) # WIP
|
||||
if protocol.in_repository_public? # DONE
|
||||
is_member_of_team(protocol.team)
|
||||
elsif protocol.in_repository_private? or protocol.in_repository_archived?
|
||||
elsif protocol.in_repository_private? or protocol.in_repository_archived? # DONE
|
||||
is_member_of_team(protocol.team) and
|
||||
protocol.added_by == current_user
|
||||
elsif protocol.in_module?
|
||||
elsif protocol.in_module? # TBD
|
||||
my_module = protocol.my_module
|
||||
my_module.active? &&
|
||||
my_module.experiment.project.active? &&
|
||||
|
@ -743,10 +743,10 @@ module PermissionHelper
|
|||
protocol.in_repository_private?
|
||||
end
|
||||
|
||||
def can_export_protocol(protocol)
|
||||
(protocol.in_repository_public? and is_member_of_team(protocol.team)) or
|
||||
(protocol.in_repository_private? and protocol.added_by == current_user) or
|
||||
(protocol.in_module? and
|
||||
def can_export_protocol(protocol) # WIP
|
||||
(protocol.in_repository_public? and is_member_of_team(protocol.team)) or # DONE
|
||||
(protocol.in_repository_private? and protocol.added_by == current_user) or # DONE
|
||||
(protocol.in_module? and # TBD
|
||||
can_export_protocol_from_module(protocol.my_module))
|
||||
end
|
||||
|
||||
|
@ -844,14 +844,14 @@ module PermissionHelper
|
|||
is_user_or_higher_of_project(protocol.my_module.experiment.project)
|
||||
end
|
||||
|
||||
def can_view_steps_in_protocol(protocol)
|
||||
if protocol.in_module?
|
||||
def can_view_steps_in_protocol(protocol) # WIP
|
||||
if protocol.in_module? # TBD
|
||||
my_module = protocol.my_module
|
||||
my_module.active? &&
|
||||
my_module.experiment.project.active? &&
|
||||
my_module.experiment.active? &&
|
||||
can_view_module(my_module)
|
||||
elsif protocol.in_repository?
|
||||
elsif protocol.in_repository? # DONE
|
||||
protocol.in_repository_active? and can_view_protocol(protocol)
|
||||
else
|
||||
false
|
||||
|
@ -974,15 +974,15 @@ module PermissionHelper
|
|||
end
|
||||
end
|
||||
|
||||
def can_view_or_download_step_assets(protocol)
|
||||
if protocol.in_module?
|
||||
def can_view_or_download_step_assets(protocol) # WIP
|
||||
if protocol.in_module? # TBD
|
||||
my_module = protocol.my_module
|
||||
my_module.active? &&
|
||||
my_module.experiment.project.active? &&
|
||||
my_module.experiment.active? &&
|
||||
(is_member_of_project(my_module.experiment.project) ||
|
||||
can_view_project(my_module.experiment.project))
|
||||
elsif protocol.in_repository?
|
||||
elsif protocol.in_repository? # DONE
|
||||
protocol.in_repository_active? and can_view_protocol(protocol)
|
||||
else
|
||||
false
|
||||
|
|
|
@ -33,7 +33,7 @@ module ProtocolStatusHelper
|
|||
res << "<span class='glyphicon glyphicon-eye-close' title='" + I18n.t("my_modules.protocols.protocol_status_bar.private_desc") + "'></span>"
|
||||
end
|
||||
res << " "
|
||||
if can_view_protocol(protocol)
|
||||
if can_read_protocol_in_repository?(protocol)
|
||||
res << "<a href='" + edit_protocol_path(protocol) + "' target='_blank'>" + protocol_name(protocol) + "</a>"
|
||||
else
|
||||
res << "<span style='font-weight: bold;'>" + protocol_name(protocol) + "</span>"
|
||||
|
|
|
@ -31,3 +31,13 @@ Canaid::Permissions.register_for(UserTeam) do
|
|||
user == user_team.user || user.is_admin_of_team?(user_team.team)
|
||||
end
|
||||
end
|
||||
|
||||
Canaid::Permissions.register_for(Protocol) do
|
||||
# view protocol in repository, export protocol from repository
|
||||
# view step in protocol in repository, view or dowload step asset
|
||||
can :read_protocol_in_repository do |user, protocol|
|
||||
user.is_member_of_team?(protocol.team) &&
|
||||
(protocol.in_repository_public? ||
|
||||
protocol.in_repository_private? && user == protocol.added_by)
|
||||
end
|
||||
end
|
||||
|
|
|
@ -112,7 +112,7 @@
|
|||
<ul>
|
||||
<% assets.each do |asset| %>
|
||||
<li>
|
||||
<% if can_view_or_download_step_assets(@protocol) %>
|
||||
<% if can_read_protocol_in_repository?(@protocol) %>
|
||||
<% if asset.file_present %>
|
||||
<% if asset.file.processing? %>
|
||||
<span data-status='asset-loading'
|
||||
|
|
|
@ -1,10 +1,17 @@
|
|||
<% query ||= nil %>
|
||||
<% text = query.present? ? highlight(asset.file_file_name, query.strip.split(/\s+/)) : asset.file_file_name %>
|
||||
|
||||
<% if asset.step and can_view_or_download_step_assets(asset.step.protocol) %>
|
||||
<a href="<%= download_asset_path asset %>" target="_blank">
|
||||
<%= text %>
|
||||
</a>
|
||||
<% if asset.step %>
|
||||
<% protocol = asset.step.protocol %>
|
||||
<% if protocol.in_module? && can_view_or_download_step_assets(protocol) %>
|
||||
<a href="<%= download_asset_path asset %>" target="_blank">
|
||||
<%= text %>
|
||||
</a>
|
||||
<% elsif protocol.in_repository? && can_read_protocol_in_repository?(protocol) %>
|
||||
<a href="<%= download_asset_path asset %>" target="_blank">
|
||||
<%= text %>
|
||||
</a>
|
||||
<% end %>
|
||||
<% elsif asset.result and can_view_or_download_result_assets(asset.result.my_module) %>
|
||||
<a href="<%= download_asset_path asset %>" target="_blank">
|
||||
<%= text %>
|
||||
|
|
|
@ -17,7 +17,7 @@
|
|||
</span>
|
||||
|
||||
<% end %>
|
||||
<% if can_view_protocol(protocol) %>
|
||||
<% if protocol.in_module? && can_view_protocol(protocol) || protocol.in_repository? && can_read_protocol_in_repository?(protocol) %>
|
||||
<%= link_to text, '#', 'data-action': 'protocol-preview', 'data-url': preview_protocol_path(protocol) %>
|
||||
<% else %>
|
||||
<%= text %>
|
||||
|
|
|
@ -2,24 +2,20 @@
|
|||
<% query ||= nil %>
|
||||
<% text = query.present? ? highlight(step.name, query.strip.split(/\s+/)) : step.name %>
|
||||
|
||||
<% if can_view_steps_in_protocol(step.protocol) %>
|
||||
<% if step.protocol.in_module? %>
|
||||
<% if target == :comment %>
|
||||
<%= route_to_other_team protocols_my_module_path(step.protocol.my_module, ctarget: "step-panel-#{step.id}"),
|
||||
step.protocol.team,
|
||||
text %>
|
||||
<% else %>
|
||||
<%= route_to_other_team protocols_my_module_path(step.protocol.my_module),
|
||||
step.protocol.team,
|
||||
text %>
|
||||
<% end %>
|
||||
<% elsif can_edit_protocol(step.protocol) %>
|
||||
<%= route_to_other_team edit_protocol_path(step.protocol),
|
||||
step.protocol.team,
|
||||
text %>
|
||||
<% if step.protocol.in_module? && can_view_steps_in_protocol(step.protocol) %>
|
||||
<% if target == :comment %>
|
||||
<%= route_to_other_team protocols_my_module_path(step.protocol.my_module, ctarget: "step-panel-#{step.id}"),
|
||||
step.protocol.team,
|
||||
text %>
|
||||
<% else %>
|
||||
<%= text %>
|
||||
<%= route_to_other_team protocols_my_module_path(step.protocol.my_module),
|
||||
step.protocol.team,
|
||||
text %>
|
||||
<% end %>
|
||||
<% elsif can_edit_protocol(step.protocol) %>
|
||||
<%= route_to_other_team edit_protocol_path(step.protocol),
|
||||
step.protocol.team,
|
||||
text %>
|
||||
<% else %>
|
||||
<%= text %>
|
||||
<% end %>
|
||||
|
|
|
@ -12,7 +12,7 @@
|
|||
</div>
|
||||
<div class="panel-body">
|
||||
<% if ff.object.file.exists? %>
|
||||
<% if can_view_or_download_step_assets(@protocol) %>
|
||||
<% if @protocol.in_module? && can_view_or_download_step_assets(@protocol) || @protocol.in_repository? && can_read_protocol_in_repository?(@protocol) %>
|
||||
<% if ff.object.is_image? %>
|
||||
<%= link_to download_asset_path(ff.object),
|
||||
class: 'image-preview-link',
|
||||
|
|
|
@ -86,7 +86,7 @@
|
|||
<ul>
|
||||
<% assets.each do |asset| %>
|
||||
<li>
|
||||
<% if can_view_or_download_step_assets(@protocol) %>
|
||||
<% if @protocol.in_module? && can_view_or_download_step_assets(@protocol) || @protocol.in_repository? && can_read_protocol_in_repository?(@protocol) %>
|
||||
<% if asset.file_present %>
|
||||
<% if asset.file.processing? %>
|
||||
<span data-status='asset-loading'
|
||||
|
|
Loading…
Reference in a new issue