mirror of
https://github.com/scinote-eln/scinote-web.git
synced 2024-12-27 02:04:33 +08:00
135 lines
4.4 KiB
Ruby
135 lines
4.4 KiB
Ruby
Canaid::Permissions.register_for(Experiment) do
|
|
# Experiment and its project must be active for all the specified permissions
|
|
%i(manage_experiment
|
|
manage_experiment_tasks
|
|
manage_experiment_users
|
|
archive_experiment
|
|
clone_experiment)
|
|
.each do |perm|
|
|
can perm do |_, experiment|
|
|
experiment.active? &&
|
|
experiment.project.active?
|
|
end
|
|
end
|
|
|
|
# experiment: create/update/delete
|
|
# canvas: update
|
|
# module: create, copy, reposition, create/update/delete connection,
|
|
# assign/reassign/unassign tags
|
|
can :manage_experiment do |user, experiment|
|
|
next false unless experiment.permission_granted?(user, ExperimentPermissions::MANAGE)
|
|
|
|
my_modules = experiment.my_modules
|
|
unless experiment.association(:my_modules).loaded?
|
|
my_modules = my_modules.preload(my_module_status: :my_module_status_implications)
|
|
end
|
|
|
|
my_modules.all? do |my_module|
|
|
if my_module.my_module_status
|
|
my_module.my_module_status.my_module_status_implications.all? { |implication| implication.call(my_module) }
|
|
else
|
|
true
|
|
end
|
|
end
|
|
end
|
|
|
|
can :read_experiment do |user, experiment|
|
|
experiment.permission_granted?(user, ExperimentPermissions::READ)
|
|
end
|
|
|
|
can :read_archived_experiment do |user, experiment|
|
|
experiment.permission_granted?(user, ExperimentPermissions::READ_ARCHIVED)
|
|
end
|
|
|
|
can :read_experiment_canvas do |user, experiment|
|
|
experiment.permission_granted?(user, ExperimentPermissions::READ_CANVAS)
|
|
end
|
|
|
|
can :read_experiment_activities do |user, experiment|
|
|
experiment.permission_granted?(user, ExperimentPermissions::ACTIVITIES_READ)
|
|
end
|
|
|
|
can :read_experiment_users do |user, experiment|
|
|
experiment.permission_granted?(user, ExperimentPermissions::USERS_READ)
|
|
end
|
|
|
|
can :manage_experiment_users do |user, experiment|
|
|
experiment.permission_granted?(user, ExperimentPermissions::USERS_MANAGE)
|
|
end
|
|
|
|
can :manage_experiment_tasks do |user, experiment|
|
|
experiment.permission_granted?(user, ExperimentPermissions::TASKS_MANAGE)
|
|
end
|
|
|
|
can :manage_all_experiment_my_modules do |user, experiment|
|
|
experiment.my_modules.where.not(id: experiment.my_modules.with_user_permission(user,
|
|
MyModulePermissions::MANAGE)).none?
|
|
end
|
|
|
|
can :archive_experiment do |user, experiment|
|
|
experiment.permission_granted?(user, ExperimentPermissions::MANAGE)
|
|
end
|
|
|
|
can :restore_experiment do |user, experiment|
|
|
project = experiment.project
|
|
experiment.permission_granted?(user, ExperimentPermissions::MANAGE) &&
|
|
experiment.archived? &&
|
|
project.active?
|
|
end
|
|
|
|
can :clone_experiment do |user, experiment|
|
|
experiment.permission_granted?(user, ExperimentPermissions::READ)
|
|
end
|
|
|
|
can :move_experiment do |user, experiment|
|
|
experiment.permission_granted?(user, ExperimentPermissions::MANAGE)
|
|
end
|
|
|
|
can :designate_users_to_new_task do |user, experiment|
|
|
experiment.permission_granted?(user, MyModulePermissions::DESIGNATED_USERS_MANAGE)
|
|
end
|
|
end
|
|
|
|
Canaid::Permissions.register_for(Protocol) do
|
|
# Protocol needs to be in a module for all Protocol permissions below
|
|
# experiment level
|
|
%i(read_protocol_in_module
|
|
manage_protocol_in_module
|
|
complete_or_checkbox_step)
|
|
.each do |perm|
|
|
can perm do |_, protocol|
|
|
protocol.in_module?
|
|
end
|
|
end
|
|
|
|
# Module, its experiment and its project must be active for all the specified
|
|
# permissions
|
|
%i(manage_protocol_in_module
|
|
complete_or_checkbox_step)
|
|
.each do |perm|
|
|
can perm do |_, protocol|
|
|
my_module = protocol.my_module
|
|
my_module.active? &&
|
|
my_module.experiment.active? &&
|
|
my_module.experiment.project.active?
|
|
end
|
|
end
|
|
|
|
# protocol in module: read
|
|
# step in module: read, read comments, read/download assets
|
|
can :read_protocol_in_module do |user, protocol|
|
|
protocol.my_module.permission_granted?(user, MyModulePermissions::READ)
|
|
end
|
|
|
|
# protocol in module: create/update/delete, unlink, revert, update from
|
|
# protocol in repository, update from file
|
|
# step in module: create/update/delete, reorder
|
|
can :manage_protocol_in_module do |user, protocol|
|
|
can_manage_my_module_protocol?(user, protocol.my_module)
|
|
end
|
|
|
|
# step: complete/uncomplete
|
|
can :complete_or_checkbox_step do |user, protocol|
|
|
can_update_my_module_status?(user, protocol.my_module)
|
|
end
|
|
end
|