scinote-eln/scinote-web
1
1
Fork 0
mirror of https://github.com/scinote-eln/scinote-web.git synced 2025-12-10 14:16:28 +08:00
Code Issues Projects Releases Packages Wiki Activity

refactor manage repository column permissions again because of addons

Browse source
This commit is contained in:
mlorb 2018-01-05 10:43:59 +01:00
parent abced181d5
commit ec851caa80
3 changed files with 17 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
app/controllers/repository_columns_controller.rb
View file

@ -3,7 +3,8 @@ class RepositoryColumnsController < ApplicationController
before_action :load_vars, except: :create before_action :load_vars, except: :create
before_action :load_vars_nested, only: :create before_action :load_vars_nested, only: :create
before_action :check_permissions before_action :check_create_permissions, only: :create
before_action :check_update_and_delete_permissions, except: :create
def create def create
@repository_column = RepositoryColumn.new(repository_column_params) @repository_column = RepositoryColumn.new(repository_column_params)
@ -106,10 +107,14 @@ class RepositoryColumnsController < ApplicationController
render_404 unless @repository render_404 unless @repository
end end
def check_permissions def check_create_permissions
render_403 unless can_manage_repository_column?(@repository.team) render_403 unless can_manage_repository_column?(@repository.team)
end end
def check_update_and_delete_permissions
render_403 unless can_update_or_delete_repository_column?(@repository_column)
end
def repository_column_params def repository_column_params
params.require(:repository_column).permit(:name) params.require(:repository_column).permit(:name)
end end

9
app/permissions/team.rb
View file

@ -48,7 +48,7 @@ Canaid::Permissions.register_for(Team) do
user.is_normal_user_or_admin_of_team?(team) user.is_normal_user_or_admin_of_team?(team)
end end
# create, update, delete repository column # create repository column
can :manage_repository_column do |user, team| can :manage_repository_column do |user, team|
user.is_normal_user_or_admin_of_team?(team) user.is_normal_user_or_admin_of_team?(team)
end end
@ -103,3 +103,10 @@ Canaid::Permissions.register_for(RepositoryRow) do
can_manage_repository_rows?(user, repository_row.repository.team) can_manage_repository_rows?(user, repository_row.repository.team)
end end
end end
Canaid::Permissions.register_for(RepositoryColumn) do
# update, delete repository column
can :update_or_delete_repository_column do |user, repository_column|
can_manage_repository_column?(user, repository_column.repository.team)
end
end

4
app/views/repositories/_repository_table.html.erb
View file

@ -21,8 +21,8 @@
<th id="added-by"><%= t("repositories.table.added_by") %></th> <th id="added-by"><%= t("repositories.table.added_by") %></th>
<% repository.repository_columns.order(:id).each do |column| %> <% repository.repository_columns.order(:id).each do |column| %>
<th class="repository-column" id="<%= column.id %>" <th class="repository-column" id="<%= column.id %>"
<%= 'data-editable' if can_manage_repository_column?(repository.team) %> <%= 'data-editable' if can_update_or_delete_repository_column?(column) %>
<%= 'data-deletable' if can_manage_repository_column?(repository.team) %> <%= 'data-deletable' if can_update_or_delete_repository_column?(column) %>
<%= "data-edit-url='#{edit_repository_repository_column_path(repository, column)}'" %> <%= "data-edit-url='#{edit_repository_repository_column_path(repository, column)}'" %>
<%= "data-update-url='#{repository_repository_column_path(repository, column)}'" %> <%= "data-update-url='#{repository_repository_column_path(repository, column)}'" %>
<%= "data-destroy-html-url='#{repository_columns_destroy_html_path(repository, column)}'" %> <%= "data-destroy-html-url='#{repository_columns_destroy_html_path(repository, column)}'" %>