mirror of
https://github.com/scinote-eln/scinote-web.git
synced 2024-09-20 14:45:56 +08:00
Add status implications checks to the permissions [SCI-4825]
This commit is contained in:
parent
7fd004baa8
commit
fa62b33a42
|
@ -533,9 +533,9 @@ class MyModule < ApplicationRecord
|
|||
end
|
||||
|
||||
def assign_default_status_flow
|
||||
return unless MyModuleFlow.global.any?
|
||||
return unless MyModuleStatusFlow.global.any?
|
||||
|
||||
self.my_module_status = MyModuleFlow.global.first.initial_status
|
||||
self.my_module_status = MyModuleStatusFlow.global.first.initial_status
|
||||
end
|
||||
|
||||
def check_status_conditions
|
||||
|
|
|
@ -5,6 +5,7 @@ module MyModuleStatusImplications
|
|||
class ReadOnly < MyModuleStatusImplication
|
||||
def call(my_module)
|
||||
my_module.errors.add(:status_implication, 'Is read only')
|
||||
false
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -25,7 +25,14 @@ Canaid::Permissions.register_for(Experiment) do
|
|||
# module: create, copy, reposition, create/update/delete connection,
|
||||
# assign/reassign/unassign tags
|
||||
can :manage_experiment do |user, experiment|
|
||||
user.is_user_or_higher_of_project?(experiment.project)
|
||||
user.is_user_or_higher_of_project?(experiment.project) &&
|
||||
MyModule.joins(:experiment).where(experiment: experiment).all? do |my_module|
|
||||
if my_module.my_module_status
|
||||
my_module.my_module_status.my_module_status_implications.all? { |implication| implication.call(my_module) }
|
||||
else
|
||||
true
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
# experiment: archive
|
||||
|
@ -56,6 +63,7 @@ end
|
|||
Canaid::Permissions.register_for(MyModule) do
|
||||
# Module, its experiment and its project must be active for all the specified
|
||||
# permissions
|
||||
# Also checking status implications
|
||||
%i(manage_module
|
||||
manage_users_in_module
|
||||
assign_repository_rows_to_module
|
||||
|
@ -68,7 +76,12 @@ Canaid::Permissions.register_for(MyModule) do
|
|||
can perm do |_, my_module|
|
||||
my_module.active? &&
|
||||
my_module.experiment.active? &&
|
||||
my_module.experiment.project.active?
|
||||
my_module.experiment.project.active? &&
|
||||
(if my_module.my_module_status
|
||||
my_module.my_module_status&.my_module_status_implications&.all? { |implication| implication.call(my_module) }
|
||||
else
|
||||
true
|
||||
end)
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
@ -37,7 +37,14 @@ Canaid::Permissions.register_for(Project) do
|
|||
|
||||
# project: update/delete, assign/reassign/unassign users
|
||||
can :manage_project do |user, project|
|
||||
user.is_owner_of_project?(project)
|
||||
user.is_owner_of_project?(project) &&
|
||||
MyModule.joins(experiment: :project).where(experiments: { project: project }).all? do |my_module|
|
||||
if my_module.my_module_status
|
||||
my_module.my_module_status.my_module_status_implications.all? { |implication| implication.call(my_module) }
|
||||
else
|
||||
true
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
# project: archive
|
||||
|
|
Loading…
Reference in a new issue