mirror of
https://github.com/scinote-eln/scinote-web.git
synced 2025-01-01 21:21:50 +08:00
f68d724202
* Rework experiment permissions [SCI-6054]
40 lines
1.3 KiB
Ruby
40 lines
1.3 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
Canaid::Permissions.register_for(Result) do
|
|
can :read_result do |user, result|
|
|
can_read_my_module?(user, result.my_module)
|
|
end
|
|
|
|
can :manage_result do |user, result|
|
|
!result.archived? &&
|
|
!result.my_module.archived_branch? &&
|
|
result.unlocked?(result) &&
|
|
result.my_module.permission_granted?(user, MyModulePermissions::RESULTS_MANAGE)
|
|
end
|
|
|
|
can :delete_result do |user, result|
|
|
result.archived? &&
|
|
result.unlocked?(result) &&
|
|
result.my_module.permission_granted?(user, MyModulePermissions::RESULTS_DELETE_ARCHIVED)
|
|
end
|
|
end
|
|
|
|
Canaid::Permissions.register_for(ResultComment) do
|
|
# Module, its experiment and its project must be active for all the specified
|
|
# permissions
|
|
%i(manage_result_comment)
|
|
.each do |perm|
|
|
can perm do |_, comment|
|
|
!comment.result.my_module.archived_branch?
|
|
end
|
|
end
|
|
|
|
# module: update/delete comment
|
|
# result: update/delete comment
|
|
# step: update/delete comment
|
|
can :manage_result_comment do |user, comment|
|
|
my_module = comment.result.my_module
|
|
(comment.user == user && my_module.permission_granted?(user, MyModulePermissions::RESULTS_COMMENTS_MANAGE_OWN)) ||
|
|
my_module.permission_granted?(user, MyModulePermissions::RESULTS_COMMENTS_MANAGE)
|
|
end
|
|
end
|