-
Notifications
You must be signed in to change notification settings - Fork 26
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
KG - Protocol Permissions Refactor (1.7.0) #404
Changes from 25 commits
2e94e53
4781f01
fe4ab40
15f8489
4cc7794
d8434ae
3fd36bb
b73d57b
d9b0010
3a33b23
4978a91
cc802f0
a73b66b
2f7d67a
5b63cbc
666ebbd
aee6163
9027bc2
6a83796
8538dd6
1162f45
2885b06
2371ac4
3dccf82
a3bc1ce
ce5204a
9591cab
fe95a57
f0f2cde
72f36f8
ddd50e9
ccb6ec8
06113e9
09fc9ea
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -21,10 +21,12 @@ | |
# Place all the behaviors and hooks related to the matching controller here. | ||
# All this logic will automatically be available in application.js. | ||
# You can use CoffeeScript in this file: http://jashkenas.github.com/coffee-script/ | ||
|
||
$(document).ready -> | ||
Sparc.protocol = | ||
ready: -> | ||
$('.service-requests-table').on 'all.bs.table', -> | ||
$(this).find('.selectpicker').selectpicker() #Find descendant selectpickers | ||
|
||
$(document).on 'click', '.service-request-button', -> | ||
if $(this).data('permission') | ||
window.location = $(this).data('url') | ||
|
@@ -55,6 +57,13 @@ $(document).ready -> | |
$.ajax | ||
type: 'get' | ||
url: "/dashboard/protocols/#{protocol_id}/display_requests" | ||
success: (data) -> | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Send the request, get the modal back through JSON and open it, then enable the bootstraptables and enable the selectpickers |
||
$('#modal_place').html(data.modal) | ||
$('#modal_place').modal 'show' | ||
$('.service-requests-table').bootstrapTable() | ||
$('.service-requests-table').on 'all.bs.table', -> | ||
$(this).find('.selectpicker').selectpicker() | ||
|
||
|
||
$(document).on 'click', '.protocol-archive-button', -> | ||
protocol_id = $(this).parents("tr").data('protocol-id') | ||
|
@@ -113,21 +122,20 @@ $(document).ready -> | |
method: 'get' | ||
url: "/dashboard/service_calendars/view_full_calendar.js?portal=true&protocol_id=#{protocol_id}" | ||
|
||
$(document).on 'click', '.view-sub-service-request-button', -> | ||
$(document).on 'click', '.view-service-request', -> | ||
id = $(this).data('sub-service-request-id') | ||
$.ajax | ||
method: 'GET' | ||
url: "/dashboard/sub_service_requests/#{id}.js" | ||
|
||
$(document).on 'click', '.edit_service_request', -> | ||
$(document).on 'click', '.edit-service-request', -> | ||
if $(this).data('permission') | ||
window.location = $(this).data('url') | ||
|
||
$(document).on 'click', '#add-services-button', -> | ||
protocol_id = $(this).data('protocol-id') | ||
|
||
if $(this).data('permission') | ||
window.location = "/?protocol_id=#{protocol_id}&from_portal=true" | ||
protocol_id = $(this).data('protocol-id') | ||
window.location = "/?protocol_id=#{protocol_id}&from_portal=true" | ||
# Protocol Show End | ||
|
||
# Protocol Edit Begin | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -69,6 +69,31 @@ textarea { | |
|
||
/* New/Edit Protocol Form End */ | ||
|
||
/* Show Protocol Begin */ | ||
.view-protocol-details-modal { | ||
width: 50% !important; | ||
} | ||
|
||
.export-consolidated-request { | ||
display: inline-block; | ||
} | ||
|
||
.service-requests-table { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Some specific styling to get the buttons to display nicely in both normal view and card view |
||
tr { | ||
td:nth-child(4) { | ||
.new-notification { | ||
width: 100% !important; | ||
} | ||
} | ||
|
||
td:nth-child(5) { | ||
text-align: center !important; | ||
} | ||
|
||
.view-service-request, .edit-service-request { | ||
margin: 5px 5px 5px 0px; | ||
} | ||
} | ||
} | ||
|
||
/* Show Protocol End*/ |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -20,16 +20,17 @@ | |
|
||
class Dashboard::AssociatedUsersController < Dashboard::BaseController | ||
layout nil | ||
|
||
respond_to :html, :json, :js | ||
|
||
before_filter :find_protocol_role, only: [:edit, :destroy] | ||
before_filter :find_protocol, only: [:index, :new, :create, :edit, :update] | ||
before_filter :find_protocol, only: [:index, :new, :create, :edit, :update, :destroy] | ||
before_filter :find_admin_for_protocol, only: [:index, :update] | ||
before_filter :protocol_authorizer_view, only: [:index] | ||
before_filter :protocol_authorizer_edit, only: [:new, :create, :edit, :update] | ||
before_filter :protocol_authorizer_edit, only: [:new, :create, :edit, :update, :destroy] | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. We need to authorize destroy |
||
|
||
def index | ||
@protocol_roles = @protocol.project_roles | ||
@permission_to_edit = @authorization.can_edit? || @admin | ||
@permission_to_edit = @authorization.can_edit? | ||
|
||
respond_to do |format| | ||
format.json | ||
|
@@ -88,12 +89,12 @@ def update | |
@current_user_updated = params[:project_role][:identity_id].to_i == @user.id | ||
|
||
if @current_user_updated | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. We need to track updating the current user because their permissions might change |
||
@protocol_type = @protocol.type | ||
protocol_role = updater.protocol_role | ||
@permission_to_edit = protocol_role.can_edit? || @admin | ||
@protocol_type = @protocol.type | ||
protocol_role = updater.protocol_role | ||
@permission_to_edit = protocol_role.can_edit? | ||
|
||
#If the user sets themselves to member and they're not an admin, go to dashboard | ||
@return_to_dashboard = protocol_role.project_rights == 'none' && !@permission_to_edit | ||
@return_to_dashboard = !protocol_role.can_view? && !@admin | ||
end | ||
|
||
flash.now[:success] = 'Authorized User Updated!' | ||
|
@@ -107,16 +108,25 @@ def update | |
end | ||
|
||
def destroy | ||
protocol = @protocol_role.protocol | ||
epic_access = @protocol_role.epic_access | ||
project_role_clone = @protocol_role.clone | ||
@protocol = @protocol_role.protocol | ||
epic_access = @protocol_role.epic_access | ||
protocol_role_clone = @protocol_role.clone | ||
|
||
@protocol_role.destroy | ||
|
||
if @current_user_destroyed = protocol_role_clone.identity_id == @user.id | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. See comments to AssociatedUsersController#Update |
||
@protocol_type = @protocol.type | ||
@permission_to_edit = false | ||
@admin = Protocol.for_admin(@user.id).include?(@protocol) | ||
|
||
#If the user sets themselves to member and they're not an admin, go to dashboard | ||
@return_to_dashboard = !@admin | ||
end | ||
|
||
flash.now[:alert] = 'Authorized User Removed!' | ||
|
||
if USE_EPIC && protocol.selected_for_epic && epic_access && !QUEUE_EPIC | ||
Notifier.notify_primary_pi_for_epic_user_removal(protocol, project_role_clone).deliver | ||
if USE_EPIC && @protocol.selected_for_epic && epic_access && !QUEUE_EPIC | ||
Notifier.notify_primary_pi_for_epic_user_removal(@protocol, protocol_role_clone).deliver | ||
end | ||
|
||
respond_to do |format| | ||
|
@@ -135,6 +145,7 @@ def search_identities | |
end | ||
|
||
private | ||
|
||
def find_protocol_role | ||
@protocol_role = ProjectRole.find(params[:id]) | ||
end | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -44,8 +44,8 @@ def clean_errors(errors) | |
|
||
def protocol_authorizer_view | ||
@authorization = ProtocolAuthorizer.new(@protocol, @user) | ||
@admin = !@user.authorized_admin_organizations.empty? | ||
|
||
# Admins should be able to view too | ||
unless @authorization.can_view? || @admin | ||
@protocol = nil | ||
render partial: 'service_requests/authorization_error', locals: { error: 'You are not allowed to access this protocol.' } | ||
|
@@ -54,9 +54,8 @@ def protocol_authorizer_view | |
|
||
def protocol_authorizer_edit | ||
@authorization = ProtocolAuthorizer.new(@protocol, @user) | ||
@admin = !@user.authorized_admin_organizations.empty? | ||
|
||
unless @authorization.can_edit? || @admin | ||
unless @authorization.can_edit? | ||
@protocol = nil | ||
render partial: 'service_requests/authorization_error', locals: { error: 'You are not allowed to edit this protocol.' } | ||
end | ||
|
@@ -67,4 +66,8 @@ def establish_breadcrumber | |
session[:breadcrumbs] = Dashboard::Breadcrumber.new | ||
end | ||
end | ||
|
||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. In general (besides protocol index), admin is defined by having admin orgs on a protocol |
||
def find_admin_for_protocol | ||
@admin = Protocol.for_admin(@user).include?(@protocol) | ||
end | ||
end |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -22,9 +22,10 @@ class Dashboard::ProtocolsController < Dashboard::BaseController | |
|
||
respond_to :html, :json, :xlsx | ||
|
||
before_filter :find_protocol, only: [:show, :edit, :update, :update_protocol_type, :display_requests, :archive, :view_full_calendar, :view_details] | ||
before_filter :protocol_authorizer_view, only: [:show, :view_full_calendar, :display_requests] | ||
before_filter :protocol_authorizer_edit, only: [:edit, :update, :update_protocol_type] | ||
before_filter :find_protocol, only: [:show, :edit, :update, :update_protocol_type, :display_requests, :archive, :view_full_calendar, :view_details] | ||
before_filter :find_admin_for_protocol, only: [:show, :edit, :update, :update_protocol_type, :display_requests] | ||
before_filter :protocol_authorizer_view, only: [:show, :view_full_calendar, :display_requests] | ||
before_filter :protocol_authorizer_edit, only: [:edit, :update, :update_protocol_type] | ||
|
||
def index | ||
admin_orgs = @user.authorized_admin_organizations | ||
|
@@ -34,9 +35,9 @@ def index | |
|
||
# if we are an admin we want to default to admin organizations | ||
if @admin | ||
default_filter_params[:for_admin] = @user.id | ||
default_filter_params[:for_admin] = @user.id.to_s | ||
else | ||
default_filter_params[:for_identity_id] = @user.id | ||
default_filter_params[:for_identity_id] = @user.id.to_s | ||
end | ||
|
||
@filterrific = | ||
|
@@ -64,22 +65,18 @@ def show | |
format.js { render } | ||
format.html { | ||
session[:breadcrumbs].clear.add_crumbs(protocol_id: @protocol.id) | ||
admin = !@user.authorized_admin_organizations.empty? | ||
@permission_to_edit = @authorization.can_edit? || admin | ||
@permission_to_edit = @authorization.present? ? @authorization.can_edit? : false | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Admins can't edit unless they are an Authorized User on the Protocol |
||
@protocol_type = @protocol.type.capitalize | ||
@service_requests = @protocol.service_requests | ||
render | ||
} | ||
format.xlsx { render } | ||
end | ||
end | ||
|
||
def new | ||
admin_orgs = @user.authorized_admin_organizations | ||
@admin = !admin_orgs.empty? | ||
@protocol_type = params[:protocol_type] | ||
@protocol = @protocol_type.capitalize.constantize.new | ||
@protocol.requester_id = current_user.id | ||
@protocol_type = params[:protocol_type] | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Admin doesn't affect new protocols |
||
@protocol = @protocol_type.capitalize.constantize.new | ||
@protocol.requester_id = current_user.id | ||
@protocol.populate_for_edit | ||
session[:protocol_type] = params[:protocol_type] | ||
end | ||
|
@@ -108,7 +105,6 @@ def create | |
end | ||
|
||
def edit | ||
@admin = !@user.authorized_admin_organizations.empty? | ||
@protocol_type = @protocol.type | ||
protocol_role = @protocol.project_roles.find_by(identity_id: @user.id) | ||
@permission_to_edit = protocol_role.nil? ? false : protocol_role.can_edit? | ||
|
@@ -127,14 +123,11 @@ def edit | |
end | ||
|
||
def update | ||
attrs = params[:protocol] | ||
|
||
attrs[:start_date] = Time.strptime(attrs[:start_date], "%m-%d-%Y") if attrs[:start_date] | ||
attrs[:end_date] = Time.strptime(attrs[:end_date], "%m-%d-%Y") if attrs[:end_date] | ||
|
||
@admin = !@user.authorized_admin_organizations.empty? | ||
protocol_role = @protocol.project_roles.find_by(identity_id: @user.id) | ||
|
||
attrs = params[:protocol] | ||
attrs[:start_date] = Time.strptime(attrs[:start_date], "%m-%d-%Y") if attrs[:start_date] | ||
attrs[:end_date] = Time.strptime(attrs[:end_date], "%m-%d-%Y") if attrs[:end_date] | ||
protocol_role = @protocol.project_roles.find_by(identity_id: @user.id) | ||
|
||
# admin is not able to activate study_type_question_group | ||
if @admin && protocol_role.nil? && @protocol.update_attributes(attrs) | ||
flash[:success] = "#{@protocol.type} Updated!" | ||
|
@@ -152,7 +145,6 @@ def update | |
|
||
def update_protocol_type | ||
# Using update_attribute here is intentional, type is a protected attribute | ||
@admin = !@user.authorized_admin_organizations.empty? | ||
protocol_role = @protocol.project_roles.find_by(identity_id: @user.id) | ||
@permission_to_edit = protocol_role.nil? ? false : protocol_role.can_edit? | ||
@protocol_type = params[:type] | ||
|
@@ -177,31 +169,37 @@ def archive | |
end | ||
|
||
def view_full_calendar | ||
@service_request = @protocol.any_service_requests_to_display? | ||
@service_request = @protocol.any_service_requests_to_display? | ||
arm_id = params[:arm_id] if params[:arm_id] | ||
page = params[:page] if params[:page] | ||
|
||
session[:service_calendar_pages] = params[:pages] if params[:pages] | ||
session[:service_calendar_pages][arm_id] = page if page && arm_id | ||
|
||
arm_id = params[:arm_id] if params[:arm_id] | ||
page = params[:page] if params[:page] | ||
session[:service_calendar_pages] = params[:pages] if params[:pages] | ||
session[:service_calendar_pages][arm_id] = page if page && arm_id | ||
@tab = 'calendar' | ||
@tab = 'calendar' | ||
@portal = params[:portal] | ||
|
||
if @service_request | ||
@pages = {} | ||
@protocol.arms.each do |arm| | ||
new_page = (session[:service_calendar_pages].nil?) ? 1 : session[:service_calendar_pages][arm.id.to_s].to_i | ||
@pages[arm.id] = @service_request.set_visit_page(new_page, arm) | ||
new_page = (session[:service_calendar_pages].nil?) ? 1 : session[:service_calendar_pages][arm.id.to_s].to_i | ||
@pages[arm.id] = @service_request.set_visit_page(new_page, arm) | ||
end | ||
end | ||
|
||
@merged = true | ||
respond_to do |format| | ||
format.js | ||
end | ||
end | ||
|
||
def display_requests | ||
@protocol_role = @protocol.project_roles.find_by(identity_id: @user.id) | ||
@protocol_role = @protocol.project_roles.find_by(identity_id: @user.id) | ||
@permission_to_edit = @protocol_role.present? ? @protocol_role.can_edit? : false | ||
modal = render_to_string(partial: 'dashboard/protocols/requests_modal', locals: { protocol: @protocol, user: @user, permission_to_edit: @permission_to_edit }) | ||
|
||
@permission_to_edit = @protocol_role.present? ? @protocol_role.can_edit? : Protocol.for_admin(@user.id).include?(@protocol) | ||
data = { modal: modal } | ||
render json: data | ||
end | ||
|
||
def view_details | ||
|
@@ -216,12 +214,8 @@ def find_protocol | |
@protocol = Protocol.find(params[:id]) | ||
end | ||
|
||
def admin? | ||
!@user.authorized_admin_organizations.empty? | ||
end | ||
|
||
def conditionally_activate_protocol | ||
if admin? | ||
if @admin | ||
if @protocol_type == "Study" && @protocol.virgin_project? | ||
@protocol.activate | ||
end | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This did not serve a purpose in SPARC. It seems to be a copy-over from CWF