From fa62b33a42dd1b65984d165152b9a1e5ce973a2a Mon Sep 17 00:00:00 2001 From: Oleksii Kriuchykhin Date: Tue, 21 Jul 2020 16:00:09 +0200 Subject: [PATCH] Add status implications checks to the permissions [SCI-4825] --- app/models/my_module.rb | 4 ++-- .../my_module_status_implications/read_only.rb | 1 + app/permissions/experiment.rb | 17 +++++++++++++++-- app/permissions/project.rb | 9 ++++++++- 4 files changed, 26 insertions(+), 5 deletions(-) diff --git a/app/models/my_module.rb b/app/models/my_module.rb index a51059df4..f682ee7d6 100644 --- a/app/models/my_module.rb +++ b/app/models/my_module.rb @@ -533,9 +533,9 @@ class MyModule < ApplicationRecord end def assign_default_status_flow - return unless MyModuleFlow.global.any? + return unless MyModuleStatusFlow.global.any? - self.my_module_status = MyModuleFlow.global.first.initial_status + self.my_module_status = MyModuleStatusFlow.global.first.initial_status end def check_status_conditions diff --git a/app/models/my_module_status_implications/read_only.rb b/app/models/my_module_status_implications/read_only.rb index 2d69d2d4b..df9c5a2a2 100644 --- a/app/models/my_module_status_implications/read_only.rb +++ b/app/models/my_module_status_implications/read_only.rb @@ -5,6 +5,7 @@ module MyModuleStatusImplications class ReadOnly < MyModuleStatusImplication def call(my_module) my_module.errors.add(:status_implication, 'Is read only') + false end end end diff --git a/app/permissions/experiment.rb b/app/permissions/experiment.rb index ec4909f27..327a75beb 100644 --- a/app/permissions/experiment.rb +++ b/app/permissions/experiment.rb @@ -25,7 +25,14 @@ Canaid::Permissions.register_for(Experiment) do # module: create, copy, reposition, create/update/delete connection, # assign/reassign/unassign tags can :manage_experiment do |user, experiment| - user.is_user_or_higher_of_project?(experiment.project) + user.is_user_or_higher_of_project?(experiment.project) && + MyModule.joins(:experiment).where(experiment: experiment).all? do |my_module| + if my_module.my_module_status + my_module.my_module_status.my_module_status_implications.all? { |implication| implication.call(my_module) } + else + true + end + end end # experiment: archive @@ -56,6 +63,7 @@ end Canaid::Permissions.register_for(MyModule) do # Module, its experiment and its project must be active for all the specified # permissions + # Also checking status implications %i(manage_module manage_users_in_module assign_repository_rows_to_module @@ -68,7 +76,12 @@ Canaid::Permissions.register_for(MyModule) do can perm do |_, my_module| my_module.active? && my_module.experiment.active? && - my_module.experiment.project.active? + my_module.experiment.project.active? && + (if my_module.my_module_status + my_module.my_module_status&.my_module_status_implications&.all? { |implication| implication.call(my_module) } + else + true + end) end end diff --git a/app/permissions/project.rb b/app/permissions/project.rb index 3747d438c..5b026e637 100644 --- a/app/permissions/project.rb +++ b/app/permissions/project.rb @@ -37,7 +37,14 @@ Canaid::Permissions.register_for(Project) do # project: update/delete, assign/reassign/unassign users can :manage_project do |user, project| - user.is_owner_of_project?(project) + user.is_owner_of_project?(project) && + MyModule.joins(experiment: :project).where(experiments: { project: project }).all? do |my_module| + if my_module.my_module_status + my_module.my_module_status.my_module_status_implications.all? { |implication| implication.call(my_module) } + else + true + end + end end # project: archive