scinote-eln/scinote-web
1
1
Fork 0
mirror of https://github.com/scinote-eln/scinote-web.git synced 2024-09-20 23:16:15 +08:00
Code Issues Packages Projects Releases Wiki Activity

refactor read protocol in repository permission

Browse source
This commit is contained in:
mlorb 2017-12-05 19:51:44 +01:00
parent a3a494c3a2
commit e0d1ae174e
14 changed files with 69 additions and 47 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
app/controllers/assets_controller.rb
View file

@ -115,7 +115,8 @@ class AssetsController < ApplicationController
def check_read_permission
if @assoc.class == Step
unless can_view_or_download_step_assets(@protocol)
if @protocol.in_module? && !can_view_or_download_step_assets(@protocol) ||
@protocol.in_repository? && !can_read_protocol_in_repository?(@protocol)
render_403 and return
end
elsif @assoc.class == Result

12
app/controllers/protocols_controller.rb
View file

@ -906,7 +906,9 @@ class ProtocolsController < ApplicationController
def check_view_permissions
@protocol = Protocol.find_by_id(params[:id])
if @protocol.blank? || !can_view_protocol(@protocol)
if @protocol.blank? ||
@protocol.in_module? && !can_view_protocol(@protocol) ||
@protocol.in_repository? && !can_read_protocol_in_repository?(@protocol)
respond_to { |f| f.json { render json: {}, status: :unauthorized } }
end
end
@ -1065,8 +1067,12 @@ class ProtocolsController < ApplicationController
def check_export_permissions
@protocols = Protocol.where(id: params[:protocol_ids])
if @protocols.blank? || @protocols.any? { |p| !can_export_protocol(p) }
render_403
render_403 if @protocols.blank?
@protocols.each do |p|
if p.in_module? && !can_export_protocol(p) ||
p.in_repository? && !can_read_protocol_in_repository?(p)
render_403
end
end
end

3
app/controllers/steps_controller.rb
View file

@ -639,7 +639,8 @@ class StepsController < ApplicationController
end
def check_view_permissions
unless can_view_steps_in_protocol(@protocol)
if @protocol.in_module? && !can_view_steps_in_protocol(@protocol) ||
@protocol.in_repository? && !can_read_protocol_in_repository?(@protocol)
render_403
end
end

3
app/controllers/wopi_controller.rb
View file

@ -280,10 +280,10 @@ class WopiController < ActionController::Base
# current_user
@current_user = @user
if @assoc.class == Step
@can_read = can_view_steps_in_protocol(@protocol)
@can_write = can_edit_step_in_protocol(@protocol)
if @protocol.in_module?
@can_read = can_view_steps_in_protocol(@protocol)
@close_url = protocols_my_module_url(@protocol.my_module,
only_path: false,
host: ENV['WOPI_USER_HOST'])
@ -295,6 +295,7 @@ class WopiController < ActionController::Base
host: ENV['WOPI_USER_HOST'])
@breadcrumb_folder_name = @protocol.my_module.name
else
@can_read = can_read_protocol_in_repository?(@protocol)
@close_url = protocols_url(only_path: false,
host: ENV['WOPI_USER_HOST'])

4
app/datatables/protocols_datatable.rb
View file

@ -11,7 +11,7 @@ class ProtocolsDatatable < CustomDatatable
def_delegator :@view, :can_publish_protocol
def_delegator :@view, :can_archive_protocol
def_delegator :@view, :can_restore_protocol
def_delegator :@view, :can_export_protocol
def_delegator :@view, :can_read_protocol_in_repository?
def_delegator :@view, :linked_children_protocol_path
def_delegator :@view, :preview_protocol_path
@ -101,7 +101,7 @@ class ProtocolsDatatable < CustomDatatable
'DT_CanPublish': can_publish_protocol(protocol),
'DT_CanArchive': can_archive_protocol(protocol),
'DT_CanRestore': can_restore_protocol(protocol),
'DT_CanExport': can_export_protocol(protocol),
'DT_CanExport': can_read_protocol_in_repository?(protocol),
'1': if protocol.in_repository_archived?
escape_input(record.name)
else

28
app/helpers/permission_helper.rb
View file

@ -703,13 +703,13 @@ module PermissionHelper
# is_normal_user_or_admin_of_team(team)
# end
def can_view_protocol(protocol)
if protocol.in_repository_public?
def can_view_protocol(protocol) # WIP
if protocol.in_repository_public? # DONE
is_member_of_team(protocol.team)
elsif protocol.in_repository_private? or protocol.in_repository_archived?
elsif protocol.in_repository_private? or protocol.in_repository_archived? # DONE
is_member_of_team(protocol.team) and
protocol.added_by == current_user
elsif protocol.in_module?
elsif protocol.in_module? # TBD
my_module = protocol.my_module
my_module.active? &&
my_module.experiment.project.active? &&
@ -743,10 +743,10 @@ module PermissionHelper
protocol.in_repository_private?
end
def can_export_protocol(protocol)
(protocol.in_repository_public? and is_member_of_team(protocol.team)) or
(protocol.in_repository_private? and protocol.added_by == current_user) or
(protocol.in_module? and
def can_export_protocol(protocol) # WIP
(protocol.in_repository_public? and is_member_of_team(protocol.team)) or # DONE
(protocol.in_repository_private? and protocol.added_by == current_user) or # DONE
(protocol.in_module? and # TBD
can_export_protocol_from_module(protocol.my_module))
end
@ -844,14 +844,14 @@ module PermissionHelper
is_user_or_higher_of_project(protocol.my_module.experiment.project)
end
def can_view_steps_in_protocol(protocol)
if protocol.in_module?
def can_view_steps_in_protocol(protocol) # WIP
if protocol.in_module? # TBD
my_module = protocol.my_module
my_module.active? &&
my_module.experiment.project.active? &&
my_module.experiment.active? &&
can_view_module(my_module)
elsif protocol.in_repository?
elsif protocol.in_repository? # DONE
protocol.in_repository_active? and can_view_protocol(protocol)
else
false
@ -974,15 +974,15 @@ module PermissionHelper
end
end
def can_view_or_download_step_assets(protocol)
if protocol.in_module?
def can_view_or_download_step_assets(protocol) # WIP
if protocol.in_module? # TBD
my_module = protocol.my_module
my_module.active? &&
my_module.experiment.project.active? &&
my_module.experiment.active? &&
(is_member_of_project(my_module.experiment.project) ||
can_view_project(my_module.experiment.project))
elsif protocol.in_repository?
elsif protocol.in_repository? # DONE
protocol.in_repository_active? and can_view_protocol(protocol)
else
false

2
app/helpers/protocol_status_helper.rb
View file

@ -33,7 +33,7 @@ module ProtocolStatusHelper
res << "<span class='glyphicon glyphicon-eye-close' title='" + I18n.t("my_modules.protocols.protocol_status_bar.private_desc") + "'></span>"
end
res << "&nbsp;"
if can_view_protocol(protocol)
if can_read_protocol_in_repository?(protocol)
res << "<a href='" + edit_protocol_path(protocol) + "' target='_blank'>" + protocol_name(protocol) + "</a>"
else
res << "<span style='font-weight: bold;'>" + protocol_name(protocol) + "</span>"

10
app/permissions/team.rb
View file

@ -31,3 +31,13 @@ Canaid::Permissions.register_for(UserTeam) do
user == user_team.user || user.is_admin_of_team?(user_team.team)
end
end
Canaid::Permissions.register_for(Protocol) do
# view protocol in repository, export protocol from repository
# view step in protocol in repository, view or dowload step asset
can :read_protocol_in_repository do |user, protocol|
user.is_member_of_team?(protocol.team) &&
(protocol.in_repository_public? ||
protocol.in_repository_private? && user == protocol.added_by)
end
end

2
app/views/protocols/index/_protocol_preview_modal_body.html.erb
View file

@ -112,7 +112,7 @@
<ul>
<% assets.each do |asset| %>
<li>
<% if can_view_or_download_step_assets(@protocol) %>
<% if can_read_protocol_in_repository?(@protocol) %>
<% if asset.file_present %>
<% if asset.file.processing? %>
<span data-status='asset-loading'

15
app/views/search/results/partials/_asset_text.html.erb
View file

@ -1,10 +1,17 @@
<% query ||= nil %>
<% text = query.present? ? highlight(asset.file_file_name, query.strip.split(/\s+/)) : asset.file_file_name %>
<% if asset.step and can_view_or_download_step_assets(asset.step.protocol) %>
<a href="<%= download_asset_path asset %>" target="_blank">
<%= text %>
</a>
<% if asset.step %>
<% protocol = asset.step.protocol %>
<% if protocol.in_module? && can_view_or_download_step_assets(protocol) %>
<a href="<%= download_asset_path asset %>" target="_blank">
<%= text %>
</a>
<% elsif protocol.in_repository? && can_read_protocol_in_repository?(protocol) %>
<a href="<%= download_asset_path asset %>" target="_blank">
<%= text %>
</a>
<% end %>
<% elsif asset.result and can_view_or_download_result_assets(asset.result.my_module) %>
<a href="<%= download_asset_path asset %>" target="_blank">
<%= text %>

2
app/views/search/results/partials/_protocol_text.html.erb
View file

@ -17,7 +17,7 @@
</span>
&nbsp;
<% end %>
<% if can_view_protocol(protocol) %>
<% if protocol.in_module? && can_view_protocol(protocol) || protocol.in_repository? && can_read_protocol_in_repository?(protocol) %>
<%= link_to text, '#', 'data-action': 'protocol-preview', 'data-url': preview_protocol_path(protocol) %>
<% else %>
<%= text %>

28
app/views/search/results/partials/_step_text.html.erb
View file

@ -2,24 +2,20 @@
<% query ||= nil %>
<% text = query.present? ? highlight(step.name, query.strip.split(/\s+/)) : step.name %>
<% if can_view_steps_in_protocol(step.protocol) %>
<% if step.protocol.in_module? %>
<% if target == :comment %>
<%= route_to_other_team protocols_my_module_path(step.protocol.my_module, ctarget: "step-panel-#{step.id}"),
step.protocol.team,
text %>
<% else %>
<%= route_to_other_team protocols_my_module_path(step.protocol.my_module),
step.protocol.team,
text %>
<% end %>
<% elsif can_edit_protocol(step.protocol) %>
<%= route_to_other_team edit_protocol_path(step.protocol),
step.protocol.team,
text %>
<% if step.protocol.in_module? && can_view_steps_in_protocol(step.protocol) %>
<% if target == :comment %>
<%= route_to_other_team protocols_my_module_path(step.protocol.my_module, ctarget: "step-panel-#{step.id}"),
step.protocol.team,
text %>
<% else %>
<%= text %>
<%= route_to_other_team protocols_my_module_path(step.protocol.my_module),
step.protocol.team,
text %>
<% end %>
<% elsif can_edit_protocol(step.protocol) %>
<%= route_to_other_team edit_protocol_path(step.protocol),
step.protocol.team,
text %>
<% else %>
<%= text %>
<% end %>

2
app/views/steps/_form_assets.html.erb
View file

@ -12,7 +12,7 @@
</div>
<div class="panel-body">
<% if ff.object.file.exists? %>
<% if can_view_or_download_step_assets(@protocol) %>
<% if @protocol.in_module? && can_view_or_download_step_assets(@protocol) || @protocol.in_repository? && can_read_protocol_in_repository?(@protocol) %>
<% if ff.object.is_image? %>
<%= link_to download_asset_path(ff.object),
class: 'image-preview-link',

2
app/views/steps/_step.html.erb
View file

@ -86,7 +86,7 @@
<ul>
<% assets.each do |asset| %>
<li>
<% if can_view_or_download_step_assets(@protocol) %>
<% if @protocol.in_module? && can_view_or_download_step_assets(@protocol) || @protocol.in_repository? && can_read_protocol_in_repository?(@protocol) %>
<% if asset.file_present %>
<% if asset.file.processing? %>
<span data-status='asset-loading'