Merge pull request #2431 from okriuchykhin/ok_SCI_4381

Add invite users to the team permission check [SCI-4381]
2025-02-21 22:33:13 +08:00 · 2020-02-28 16:40:57 +01:00 · 2020-02-28 16:40:57 +01:00 · f9ad438fb5
commit f9ad438fb5
parent f6a47eca14 62c19f7c02
4 changed files with 28 additions and 34 deletions
--- a/app/assets/javascripts/users/settings/teams/show.js
+++ b/app/assets/javascripts/users/settings/teams/show.js
@ -11,17 +11,6 @@
    });
  }

-  function AddUserButtonTemplate() {
-    return `
-      <a href="#" class="btn btn-primary" data-trigger="invite-users"
-         data-turbolinks="false" data-modal-id="team-invite-users-modal"
-      >
-        <span class="fas fa-plus"></span>
-        ${I18n.t('users.settings.teams.edit.add_user')}
-      </a>
-    `;
-  }
-
  // Initialize users DataTable
  function initUsersTable() {
    usersDatatable = $('#users-table').DataTable({
@ -70,7 +59,7 @@
        sSearch: I18n.t('general.filter')
      }
    });
-    $('.users-datatable .add-new-team-members').html(AddUserButtonTemplate());
+    $('#add-new-team-members-button').detach().appendTo('.users-datatable .add-new-team-members').removeClass('hidden');
    setTimeout(() => { $('#users-table').css('width', '100%'); }, 300);
  }

--- a/app/permissions/team.rb
+++ b/app/permissions/team.rb
@ -16,6 +16,11 @@ Canaid::Permissions.register_for(Team) do
    user.is_admin_of_team?(team)
  end

+  # team: invite new users to the team
+  can :invite_team_users do
+    true
+  end
+
  # project: create
  can :create_projects do |user, team|
    user.is_normal_user_or_admin_of_team?(team)
--- a/app/views/shared/_invite_users_modal.html.erb
+++ b/app/views/shared/_invite_users_modal.html.erb
@ -78,24 +78,21 @@ invite_to_team = type.in?(%w(invite_to_team invite_to_team_with_role))

          <% if type.in?(['invite_with_team_selector', 'invite_with_team_selector_and_role']) %>
            <% # Only allow inviting to teams where user is admin %>
-            <% uos = current_user ? current_user.user_teams.where(role: UserTeam.roles[:admin]).joins(:team) : [] %>
-            <% if uos.count > 0 %>
+            <% teams = current_user.teams
+                                   .joins(:user_teams)
+                                   .where('user_teams.role': UserTeam.roles[:admin])
+                                   .select { |team|  can_invite_team_users?(team) } %>
+            <% if teams.any? %>
              <div class="team-selector">
                <div class="heading">
                  <input type="checkbox" data-role="team-selector-checkbox" />
                  <span><%= t('invite_users.invite_to_team_heading') %></span>
                </div>
-                <%= select_tag(
-                  'team-select',
-                  options_for_select(
-                    uos.pluck('teams.name', 'teams.id')
-                  ),
-                  {
-                    class: 'form-control selectpicker',
-                    'data-role' => 'team-selector-dropdown',
-                    disabled: 'disabled'
-                  }
-                ) %>
+                <%= select_tag('team-select',
+                               options_for_select(teams.pluck(:name, :id)),
+                               { class: 'form-control selectpicker',
+                                 'data-role' => 'team-selector-dropdown',
+                                 disabled: 'disabled' }) %>
              </div>
            <% end %>
          <% end %>
--- a/app/views/users/settings/teams/show.html.erb
+++ b/app/views/users/settings/teams/show.html.erb
@ -78,6 +78,18 @@

    <!-- USERS TABLE -->
    <div class="users-datatable">
+      <% if can_invite_team_users?(@team) %>
+        <div id="add-new-team-members-button" class="hidden">
+          <a href="#" class="btn btn-primary" data-trigger="invite-users" data-turbolinks="false" data-modal-id="team-invite-users-modal">
+            <span class="fas fa-plus"></span>
+            <%= I18n.t('users.settings.teams.edit.add_user') %>
+          </a>
+        </div>
+        <%= render(partial: 'shared/invite_users_modal.html.erb',
+                   locals: { modal_id: 'team-invite-users-modal',
+                             type: 'invite_to_team',
+                             team: @team } ) %>
+      <% end %>
      <table id="users-table" class="table" data-source="<%= team_users_datatable_path(@team, format: :json) %>">
        <thead>
          <tr>
@ -100,15 +112,6 @@
 </div>

 <%= render partial: 'users/settings/teams/description_modal.html.erb' %>
-<%= render(
-      partial: 'shared/invite_users_modal.html.erb',
-      locals: {
-        modal_id: 'team-invite-users-modal',
-        type: 'invite_to_team',
-        team: @team
-      }
-    )
-%>
 <%= render partial: 'users/settings/teams/destroy_modal.html.erb', locals: { team: @team } %>
 <%= render partial: 'users/settings/user_teams/destroy_user_team_modal.html.erb' %>
 <%= stylesheet_link_tag 'datatables' %>