Merge pull request #7814 from artoscinote/ma_SCI_11000

Fix deleted result activities, experiment activity permission checks, dashboard permission checks [SCI-11000]
2025-01-08 08:27:44 +08:00 · 2024-08-26 12:53:50 +02:00 · 2024-08-26 12:53:50 +02:00 · ff0a5e3b2a
commit ff0a5e3b2a
parent 8ba8e3b2c8 64f7f1bad4
2 changed files with 9 additions and 4 deletions
--- a/app/controllers/dashboard/calendars_controller.rb
+++ b/app/controllers/dashboard/calendars_controller.rb
@ -9,7 +9,7 @@ module Dashboard
      date = params[:date].in_time_zone(current_user.time_zone)
      start_date = date.at_beginning_of_month.utc - 8.days
      end_date = date.at_end_of_month.utc + 15.days
-      due_dates = current_user.my_modules.active.uncomplete
+      due_dates = current_user.my_modules.readable_by_user(current_user).active.uncomplete
                              .joins(experiment: :project)
                              .where(experiments: { archived: false })
                              .where(projects: { archived: false })
@ -23,7 +23,7 @@ module Dashboard
      date = params[:date].in_time_zone(current_user.time_zone)
      start_date = date.utc
      end_date = date.end_of_day.utc
-      my_modules = current_user.my_modules.active.uncomplete
+      my_modules = current_user.my_modules.readable_by_user(current_user).active.uncomplete
                               .joins(experiment: :project)
                               .where(experiments: { archived: false })
                               .where(projects: { archived: false })
--- a/app/services/activities_service.rb
+++ b/app/services/activities_service.rb
@ -15,14 +15,18 @@ class ActivitiesService
    visible_by_repositories = Activity.where(subject_type: %w(RepositoryBase RepositoryRow), team_id: visible_repository_teams.select(:id))
                                      .order(created_at: :desc)
    visible_by_projects = Activity.where(project_id: visible_projects.select(:id))
-                                  .where.not(subject_type: %w(MyModule Result Protocol))
+                                  .where.not(subject_type: %w(Experiment MyModule Result Protocol))
                                  .order(created_at: :desc)

+    visible_by_experiments = Activity.where(subject_type: 'Experiment')
+                                     .where(subject_id: Experiment.viewable_by_user(user, visible_teams))
+                                     .order(created_at: :desc)
+
    visible_by_my_modules = Activity.where("subject_id IN (?) AND subject_type = 'MyModule' OR " \
                                           "subject_id IN (?) AND subject_type = 'Result' OR " \
                                           "subject_id IN (?) AND subject_type = 'Protocol'",
                                           visible_my_modules.select(:id),
-                                           Result.where(my_module: visible_my_modules).select(:id),
+                                           Result.with_discarded.where(my_module: visible_my_modules).select(:id),
                                           Protocol.where(my_module: visible_my_modules).select(:id))
                                    .order(created_at: :asc)

@ -36,6 +40,7 @@ class ActivitiesService
      "((#{visible_by_teams.to_sql}) UNION ALL " \
      "(#{visible_by_repositories.to_sql}) UNION ALL " \
      "(#{visible_by_protocol_templates.to_sql}) UNION ALL " \
+      "(#{visible_by_experiments.to_sql}) UNION ALL " \
      "(#{visible_by_my_modules.to_sql}) UNION ALL " \
      "(#{visible_by_projects.to_sql})) AS activities"
    )