scinote-eln/scinote-web
1
1
Fork 0
mirror of https://github.com/scinote-eln/scinote-web.git synced 2024-09-21 23:46:21 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1071 from okriuchykhin/ok_SCI_2265

Browse source 
Fix repository rows permissions [SCI-2265]
This commit is contained in:
okriuchykhin 2018-04-03 11:03:41 +02:00 committed by GitHub
parent 31c68ab4bc d8d2d75631
commit f20aebbed0
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 2 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
app/controllers/repository_rows_controller.rb
View file

@ -170,7 +170,7 @@ class RepositoryRowsController < ApplicationController
if selected_params
selected_params.each do |row_id|
row = @repository.repository_rows.find_by_id(row_id)
if row && can_manage_repository_row?(row)
if row && can_manage_repository_rows?(@repository.team)
row.destroy && deleted_count += 1
end
end
@ -221,9 +221,7 @@ class RepositoryRowsController < ApplicationController
end
def check_manage_permissions
render_403 unless @repository.repository_rows.all? do |row|
can_manage_repository_row?(row)
end
render_403 unless can_manage_repository_rows?(@repository.team)
end
def record_params

7
app/permissions/team.rb
View file

@ -114,13 +114,6 @@ Canaid::Permissions.register_for(Repository) do
end
end
Canaid::Permissions.register_for(RepositoryRow) do
# repository: update/delete record
can :manage_repository_row do |user, repository_row|
can_create_repository_rows?(user, repository_row.repository.team)
end
end
Canaid::Permissions.register_for(RepositoryColumn) do
# repository: update/delete field
can :manage_repository_column do |user, repository_column|