Add status implications checks to the permissions [SCI-4825]

app/models/my_module.rb

@@ -533,9 +533,9 @@ class MyModule < ApplicationRecord
   end
 
   def assign_default_status_flow
-    return unless MyModuleFlow.global.any?
+    return unless MyModuleStatusFlow.global.any?
 
-    self.my_module_status = MyModuleFlow.global.first.initial_status
+    self.my_module_status = MyModuleStatusFlow.global.first.initial_status
   end
 
   def check_status_conditions

app/models/my_module_status_implications/read_only.rb

@@ -5,6 +5,7 @@ module MyModuleStatusImplications
   class ReadOnly < MyModuleStatusImplication
     def call(my_module)
       my_module.errors.add(:status_implication, 'Is read only')
+      false
     end
   end
 end

app/permissions/experiment.rb

@@ -25,7 +25,14 @@ Canaid::Permissions.register_for(Experiment) do
   # module: create, copy, reposition, create/update/delete connection,
   #         assign/reassign/unassign tags
   can :manage_experiment do |user, experiment|
-    user.is_user_or_higher_of_project?(experiment.project)
+    user.is_user_or_higher_of_project?(experiment.project) &&
+      MyModule.joins(:experiment).where(experiment: experiment).all? do |my_module|
+        if my_module.my_module_status
+          my_module.my_module_status.my_module_status_implications.all? { |implication| implication.call(my_module) }
+        else
+          true
+        end
+      end
   end
 
   # experiment: archive
@@ -56,6 +63,7 @@ end
 Canaid::Permissions.register_for(MyModule) do
   # Module, its experiment and its project must be active for all the specified
   # permissions
+  # Also checking status implications
   %i(manage_module
      manage_users_in_module
      assign_repository_rows_to_module
@@ -68,7 +76,12 @@ Canaid::Permissions.register_for(MyModule) do
     can perm do |_, my_module|
       my_module.active? &&
         my_module.experiment.active? &&
-        my_module.experiment.project.active?
+        my_module.experiment.project.active? &&
+        (if my_module.my_module_status
+           my_module.my_module_status&.my_module_status_implications&.all? { |implication| implication.call(my_module) }
+         else
+           true
+         end)
     end
   end
 

app/permissions/project.rb

@@ -37,7 +37,14 @@ Canaid::Permissions.register_for(Project) do
 
   # project: update/delete, assign/reassign/unassign users
   can :manage_project do |user, project|
-    user.is_owner_of_project?(project)
+    user.is_owner_of_project?(project) &&
+      MyModule.joins(experiment: :project).where(experiments: { project: project }).all? do |my_module|
+        if my_module.my_module_status
+          my_module.my_module_status.my_module_status_implications.all? { |implication| implication.call(my_module) }
+        else
+          true
+        end
+      end
   end
 
   # project: archive