Update manage_repository_filters to allow permission to all team members[SCI-8707] (#5707)

2024-09-20 14:45:56 +08:00 · 2023-07-25 12:56:49 +01:00 · 2023-07-25 12:56:49 +01:00 · f0b052f39c
parent a0cebdfd5f
commit f0b052f39c
3 changed files with 33 additions and 3 deletions
--- a/app/permissions/repository.rb
+++ b/app/permissions/repository.rb
@ -92,8 +92,7 @@ Canaid::Permissions.register_for(Repository) do

  # repository: create/update/delete filters
  can :manage_repository_filters do |user, repository|
-    ((repository.team == user.current_team) && can_manage_team?(user, repository.team)) ||
-      (repository.shared_with_write?(user.current_team) && can_manage_team?(user, user.current_team))
+    repository.permission_granted?(user, RepositoryPermissions::FILTERS_MANAGE)
  end

  can :manage_repository_stock do |user, repository|
--- a/config/initializers/extends/permission_extends.rb
+++ b/config/initializers/extends/permission_extends.rb
@ -118,6 +118,7 @@ module PermissionExtends
      COLUMNS_UPDATE
      COLUMNS_DELETE
      USERS_MANAGE
+      FILTERS_MANAGE
    ).each { |permission| const_set(permission, "inventory_#{permission.underscore}") }
  end

@ -190,7 +191,8 @@ module PermissionExtends
      RepositoryPermissions::COLUMNS_CREATE,
      RepositoryPermissions::ROWS_CREATE,
      RepositoryPermissions::ROWS_UPDATE,
-      RepositoryPermissions::ROWS_DELETE
+      RepositoryPermissions::ROWS_DELETE,
+      RepositoryPermissions::FILTERS_MANAGE
    ]

    TECHNICIAN_PERMISSIONS = [
--- a/db/migrate/20230710204648_add_repository_filter_permissions.rb
+++ b/db/migrate/20230710204648_add_repository_filter_permissions.rb
@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+class AddRepositoryFilterPermissions < ActiveRecord::Migration[6.1]
+  REPOSITORY_FILTER_PERMISSION = [
+    RepositoryPermissions::FILTERS_MANAGE
+  ].freeze
+
+  def change
+    reversible do |dir|
+      dir.up do
+        @owner_role = UserRole.find_predefined_owner_role
+        @normal_user_role = UserRole.find_predefined_normal_user_role
+        @owner_role.permissions = @owner_role.permissions | REPOSITORY_FILTER_PERMISSION
+        @normal_user_role.permissions = @normal_user_role.permissions | REPOSITORY_FILTER_PERMISSION
+        @owner_role.save(validate: false)
+        @normal_user_role.save(validate: false)
+      end
+
+      dir.down do
+        @owner_role = UserRole.find_predefined_owner_role
+        @normal_user_role = UserRole.find_predefined_normal_user_role
+        @owner_role.permissions = @owner_role.permissions - REPOSITORY_FILTER_PERMISSION
+        @normal_user_role.permissions = @normal_user_role.permissions - REPOSITORY_FILTER_PERMISSION
+        @owner_role.save(validate: false)
+        @normal_user_role.save(validate: false)
+      end
+    end
+  end
+end