From e36ec69ca90cb19a5bc606fd3d77bc205c940eec Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Matej=20Zrim=C5=A1ek?= <mzrimsek@biosistemika.com>
Date: Fri, 2 Feb 2018 20:04:19 +0100
Subject: [PATCH] Project level permissions refactoring (mostly names).

---
 app/controllers/my_module_tags_controller.rb  |  2 +-
 .../project_comments_controller.rb            | 19 ++++--------
 app/controllers/reports_controller.rb         |  4 +--
 app/controllers/tags_controller.rb            |  2 +-
 app/permissions/project.rb                    | 30 ++++++++++++-------
 app/views/canvas/_tags.html.erb               |  2 +-
 .../canvas/full_zoom/_my_module.html.erb      |  4 +--
 .../canvas/medium_zoom/_my_module.html.erb    | 10 +++----
 app/views/my_module_tags/_index_edit.html.erb |  6 ++--
 app/views/my_modules/_module_header.html.erb  |  8 ++---
 app/views/project_comments/_comment.html.erb  |  2 +-
 app/views/project_comments/_index.html.erb    |  2 +-
 app/views/reports/index.html.erb              |  2 +-
 13 files changed, 46 insertions(+), 47 deletions(-)

diff --git a/app/controllers/my_module_tags_controller.rb b/app/controllers/my_module_tags_controller.rb
index 86f230a6c..2ce5a0170 100644
--- a/app/controllers/my_module_tags_controller.rb
+++ b/app/controllers/my_module_tags_controller.rb
@@ -78,7 +78,7 @@ class MyModuleTagsController < ApplicationController
   end
 
   def check_manage_permissions
-    render_403 unless can_manage_tags?(@my_module.experiment.project)
+    render_403 unless can_create_or_manage_tags?(@my_module.experiment.project)
   end
 
   def init_gui
diff --git a/app/controllers/project_comments_controller.rb b/app/controllers/project_comments_controller.rb
index 10addd62c..b02490737 100644
--- a/app/controllers/project_comments_controller.rb
+++ b/app/controllers/project_comments_controller.rb
@@ -6,9 +6,8 @@ class ProjectCommentsController < ApplicationController
 
   before_action :load_vars
   before_action :check_view_permissions, only: :index
-  before_action :check_add_permissions, only: [:create]
-  before_action :check_edit_permissions, only: [:edit, :update]
-  before_action :check_destroy_permissions, only: [:destroy]
+  before_action :check_create_permissions, only: :create
+  before_action :check_manage_permissions, only: %i(edit update destroy)
 
   def index
     @comments = @project.last_comments(@last_comment_id, @per_page)
@@ -174,20 +173,14 @@ class ProjectCommentsController < ApplicationController
     render_403 unless can_read_project?(@project)
   end
 
-  def check_add_permissions
-    render_403 unless can_add_comment_to_project?(@project)
+  def check_create_permissions
+    render_403 unless can_create_comment_in_project?(@project)
   end
 
-  def check_edit_permissions
+  def check_manage_permissions
     @comment = ProjectComment.find_by_id(params[:id])
     render_403 unless @comment.present? &&
-                      can_update_or_delete_project_comment?(@comment)
-  end
-
-  def check_destroy_permissions
-    @comment = ProjectComment.find_by_id(params[:id])
-    render_403 unless @comment.present? &&
-                      can_update_or_delete_project_comment?(@comment)
+                      can_manage_comment_in_project?(@comment)
   end
 
   def comment_params
diff --git a/app/controllers/reports_controller.rb b/app/controllers/reports_controller.rb
index 0238ac5a8..79504d9af 100644
--- a/app/controllers/reports_controller.rb
+++ b/app/controllers/reports_controller.rb
@@ -450,11 +450,11 @@ class ReportsController < ApplicationController
   end
 
   def check_create_permissions
-    render_403 unless can_manage_reports?(@project)
+    render_403 unless can_create_or_manage_reports?(@project)
   end
 
   def check_manage_permissions
-    render_403 unless can_manage_reports?(@project)
+    render_403 unless can_create_or_manage_reports?(@project)
     render_404 unless params.include? :report_ids
   end
 
diff --git a/app/controllers/tags_controller.rb b/app/controllers/tags_controller.rb
index 2cdab52e4..a5194d8db 100644
--- a/app/controllers/tags_controller.rb
+++ b/app/controllers/tags_controller.rb
@@ -141,7 +141,7 @@ class TagsController < ApplicationController
   end
 
   def check_manage_permissions
-    render_403 unless can_manage_tags?(@project)
+    render_403 unless can_create_or_manage_tags?(@project)
   end
 
   def tag_params
diff --git a/app/permissions/project.rb b/app/permissions/project.rb
index 8fb5d3e20..ff7d030cb 100644
--- a/app/permissions/project.rb
+++ b/app/permissions/project.rb
@@ -1,42 +1,49 @@
 Canaid::Permissions.register_for(Project) do
+  # project: view, view reports, view activities, view comments, view users,
+  #          view samples, view archive, view notifications
   can :read_project do |user, project|
     user.is_member_of_project?(project) ||
       user.is_admin_of_team?(project.team) ||
       (project.visible? && user.is_member_of_team?(project.team))
   end
 
+  # project: update, delete, archive, add users, update users, delete users
   can :manage_project do |user, project|
     user.is_owner_of_project?(project)
   end
 
+  # project: restore
   can :restore_project do |user, project|
     can_manage_project?(user, project) && project.archived?
   end
 
+  # experiment: create
   can :create_experiment do |user, project|
     user.is_user_or_higher_of_project?(project)
   end
 
-  can :add_comment_to_project do |user, project|
+  # project: create comment
+  can :create_comment_in_project do |user, project|
     user.is_technician_or_higher_of_project?(project)
   end
 
-  # create, update, delete
-  can :manage_tags do |user, project|
+  # project: create tag, update tag, delete tag
+  # module: create tag, update tag, delete tag
+  can :create_or_manage_tags do |user, project|
     user.is_user_or_higher_of_project?(project)
   end
 
-  # create, update, delete
-  can :manage_reports do |user, project|
+  # project: create report, update report, delete report
+  can :create_or_manage_reports do |user, project| # preimenuj
     user.is_technician_or_higher_of_project?(project)
   end
 
   %i(read_project
-     update_project
+     manage_project
      create_experiment
-     add_comment_to_project
-     manage_tags
-     manage_reports)
+     create_comment_in_project
+     create_or_manage_tags
+     create_or_manage_reports)
     .each do |perm|
     can perm do |_, project|
       project.active?
@@ -45,12 +52,13 @@ Canaid::Permissions.register_for(Project) do
 end
 
 Canaid::Permissions.register_for(Comment) do
-  can :update_or_delete_project_comment do |user, comment|
+  # project: update comment, delete comment
+  can :manage_comment_in_project do |user, comment|
     comment.project.present? && (comment.user == user ||
       user.is_owner_of_project?(project))
   end
 
-  %i(update_or_delete_project_comment)
+  %i(manage_comment_in_project)
     .each do |perm|
     can perm do |_, comment|
       comment.project.active?
diff --git a/app/views/canvas/_tags.html.erb b/app/views/canvas/_tags.html.erb
index f6a57528b..61a88a0df 100644
--- a/app/views/canvas/_tags.html.erb
+++ b/app/views/canvas/_tags.html.erb
@@ -13,7 +13,7 @@
       <%= my_module.tags.count %>
     </span>
   <% else %>
-    <span class="badge badge-indicator <%= "invisible" unless can_manage_tags?(my_module.experiment.project) %>">
+    <span class="badge badge-indicator <%= "invisible" unless can_create_or_manage_tags?(my_module.experiment.project) %>">
       +
     </span>
   <% end %>
diff --git a/app/views/canvas/full_zoom/_my_module.html.erb b/app/views/canvas/full_zoom/_my_module.html.erb
index 01ba64362..885b1dd7c 100644
--- a/app/views/canvas/full_zoom/_my_module.html.erb
+++ b/app/views/canvas/full_zoom/_my_module.html.erb
@@ -12,13 +12,13 @@
   data-module-tags-url="<%= my_module_my_module_tags_url(my_module, format: :json) %>"
   data-module-users-tab-url="<%= my_module_user_my_modules_url(my_module_id: my_module.id, format: :json) %>">
 
-  <% if can_manage_tags?(my_module.experiment.project) %>
+  <% if can_create_or_manage_tags?(my_module.experiment.project) %>
     <a class="edit-tags-link pull-right" data-remote="true" href="<%= my_module_tags_edit_url(my_module, format: :json) %>">
   <% else %>
     <span class="edit-tags-link pull-right">
   <% end %>
     <%= render partial: "canvas/tags.html.erb", locals: { my_module: my_module } %>
-  <% if can_manage_tags?(my_module.experiment.project) %>
+  <% if can_create_or_manage_tags?(my_module.experiment.project) %>
     </a>
   <% else %>
     </span>
diff --git a/app/views/canvas/medium_zoom/_my_module.html.erb b/app/views/canvas/medium_zoom/_my_module.html.erb
index 6fb01d258..e468aedc7 100644
--- a/app/views/canvas/medium_zoom/_my_module.html.erb
+++ b/app/views/canvas/medium_zoom/_my_module.html.erb
@@ -11,15 +11,13 @@
   data-module-conns="<%= construct_module_connections(my_module) %>"
   data-module-tags-url="<%= my_module_my_module_tags_url(my_module, format: :json) %>">
 
-  <% if can_manage_tags?(my_module.experiment.project) %>
+  <% if can_create_or_manage_tags?(my_module.experiment.project) %>
     <a class="edit-tags-link pull-right" data-remote="true" href="<%= my_module_tags_edit_url(my_module, format: :json) %>">
-  <% else %>
-    <span class="edit-tags-link pull-right">
-  <% end %>
-    <%= render partial: "canvas/tags.html.erb", locals: { my_module: my_module } %>
-  <% if can_manage_tags?(my_module.experiment.project) %>
+      <%= render partial: "canvas/tags.html.erb", locals: { my_module: my_module } %>
     </a>
   <% else %>
+    <span class="edit-tags-link pull-right">
+      <%= render partial: "canvas/tags.html.erb", locals: { my_module: my_module } %>
     </span>
   <% end %>
 
diff --git a/app/views/my_module_tags/_index_edit.html.erb b/app/views/my_module_tags/_index_edit.html.erb
index edd3507bc..b8ccf9f11 100644
--- a/app/views/my_module_tags/_index_edit.html.erb
+++ b/app/views/my_module_tags/_index_edit.html.erb
@@ -11,7 +11,7 @@
             <h4><%= tag.name %></h4>
           </div>
             <div class="pull-right">
-              <% if can_manage_tags?(@my_module.experiment.project) then %>
+              <% if can_create_or_manage_tags?(@my_module.experiment.project) then %>
                 <%= link_to "", remote: true, class: 'btn btn-link edit-tag-link', title: t("experiments.canvas.modal_manage_tags.edit_tag") do %>
                   <span class="glyphicon glyphicon-adjust"></span>
                 <% end %>
@@ -28,7 +28,7 @@
             </div>
         </div>
 
-        <% if can_manage_tags?(@my_module.experiment.project) %>
+        <% if can_create_or_manage_tags?(@my_module.experiment.project) %>
           <div class="row tag-edit" style="display: none;">
             <%= bootstrap_form_for tag, remote: true, url: project_tag_path(@my_module.experiment.project, tag, format: :json), method: :put, html: { class: "edit-tag-form" } do |f| %>
               <%= hidden_field_tag :my_module_id, @my_module.id %>
@@ -55,7 +55,7 @@
 
 <hr>
 <div class="row">
-  <% if can_manage_tags?(@my_module.experiment.project) then %>
+  <% if can_create_or_manage_tags?(@my_module.experiment.project) then %>
     <%= bootstrap_form_for [@my_module, @new_mmt], remote: true, format: :json, html: { class: 'add-tag-form' } do |f| %>
       <div class="col-xs-6">
         <div class="well well-sm">
diff --git a/app/views/my_modules/_module_header.html.erb b/app/views/my_modules/_module_header.html.erb
index 139f38865..8597c02db 100644
--- a/app/views/my_modules/_module_header.html.erb
+++ b/app/views/my_modules/_module_header.html.erb
@@ -52,12 +52,12 @@
 <div class="row">
   <div class="col-xs-12 col-sm-12 col-md-12" id="module-tags" data-module-tags-url="<%= my_module_my_module_tags_url(@my_module, format: :json) %>">
     <div class="badge-icon bg-primary">
-      <% if can_manage_tags?(@my_module.experiment.project) %>
+      <% if can_create_or_manage_tags?(@my_module.experiment.project) %>
         <a class="edit-tags-link" data-remote="true" href="<%= my_module_tags_edit_url(@my_module, format: :json) %>" style="color: inherit">
-      <% end %>
-      <span class="glyphicon glyphicon-tags"></span>
-      <% if can_manage_tags?(@my_module.experiment.project) %>
+          <span class="glyphicon glyphicon-tags"></span>
         </a>
+      <% else %>
+        <span class="glyphicon glyphicon-tags"></span>
       <% end %>
     </div>
     <div class="well well-sm">
diff --git a/app/views/project_comments/_comment.html.erb b/app/views/project_comments/_comment.html.erb
index 44646e320..4f050a8db 100644
--- a/app/views/project_comments/_comment.html.erb
+++ b/app/views/project_comments/_comment.html.erb
@@ -1,6 +1,6 @@
 <div class="pull-right">
   <span class="text-muted"><%= l comment.created_at, format: '%H:%M' %></span>
-  <% if can_update_or_delete_project_comment?(comment) %>
+  <% if can_manage_comment_in_project?(comment) %>
     <div class="dropdown dropdown-comment">
       <a href="#"
          class="dropdown-toggle"
diff --git a/app/views/project_comments/_index.html.erb b/app/views/project_comments/_index.html.erb
index 506fd48c3..f773832ed 100644
--- a/app/views/project_comments/_index.html.erb
+++ b/app/views/project_comments/_index.html.erb
@@ -13,7 +13,7 @@
   <%= render 'project_comments/list.html.erb', comments: @comments %>
   <% end %>
 </ul>
-<% if can_add_comment_to_project?(@project) %>
+<% if can_create_comment_in_project?(@project) %>
   <ul class="no-style double-line">
     <li>
       <hr>
diff --git a/app/views/reports/index.html.erb b/app/views/reports/index.html.erb
index af60f381e..e9308cc6a 100644
--- a/app/views/reports/index.html.erb
+++ b/app/views/reports/index.html.erb
@@ -4,7 +4,7 @@
 
 <div id="content">
   <div>
-    <% if can_manage_reports?(@project) %>
+    <% if can_create_or_manage_reports?(@project) %>
       <%= link_to new_project_reports_path(@project), class: 'btn btn-primary', id: 'new-report-btn', 'data-no-turbolink' => true do %>
         <span class="glyphicon glyphicon-plus" aria-hidden="true"></span>
         <span class="hidden-xs"><%=t "projects.reports.index.new" %></span>