scinote-web/app/permissions/project.rb
2020-09-25 10:14:57 +02:00

96 lines
2.7 KiB
Ruby

Canaid::Permissions.register_for(Project) do
# Project must be active for all the specified permissions
%i(read_project
manage_project
archive_project
create_experiments
create_comments_in_project
manage_tags)
.each do |perm|
can perm do |_, project|
project.active?
end
end
%i(read_project
export_project)
.each do |perm|
can perm do |user, project|
user.is_member_of_project?(project) ||
user.is_admin_of_team?(project.team) ||
(project.visible? && user.is_member_of_team?(project.team))
end
end
# project: read, read activities, read comments, read users, read archive,
# read notifications
# reports: read
can :read_project do |_, _|
# Already checked by the wrapper
true
end
# team: export projects
can :export_project do |_, _|
# Already checked by the wrapper
true
end
# project: update/delete, assign/reassign/unassign users
can :manage_project do |user, project|
user.is_owner_of_project?(project) &&
MyModule.joins(experiment: :project)
.where(experiments: { project: project })
.preload(my_module_status: :my_module_status_implications)
.all? do |my_module|
if my_module.my_module_status
my_module.my_module_status.my_module_status_implications.all? { |implication| implication.call(my_module) }
else
true
end
end
end
# project: archive
can :archive_project do |user, project|
can_manage_project?(user, project)
end
# NOTE: Must not be dependent on canaid parmision for which we check if it's
# active
# project: restore
can :restore_project do |user, project|
user.is_owner_of_project?(project) && project.archived?
end
# experiment: create
can :create_experiments do |user, project|
user.is_user_or_higher_of_project?(project)
end
# project: create comment
can :create_comments_in_project do |user, project|
user.is_technician_or_higher_of_project?(project)
end
# project: create/update/delete tag
# module: assign/reassign/unassign tag
can :manage_tags do |user, project|
user.is_user_or_higher_of_project?(project)
end
end
Canaid::Permissions.register_for(ProjectComment) do
# Project must be active for all the specified permissions
%i(manage_comment_in_project)
.each do |perm|
can perm do |_, project_comment|
project_comment.project.active?
end
end
# project: update/delete comment
can :manage_comment_in_project do |user, project_comment|
project_comment.project.present? && (project_comment.user == user ||
user.is_owner_of_project?(project_comment.project))
end
end