sparc-request · kayla-glick · Jun 29, 2016 · Jun 8, 2016 · Jun 10, 2016 · Jun 10, 2016
diff --git a/app/assets/javascripts/dashboard/documents.js.coffee b/app/assets/javascripts/dashboard/documents.js.coffee
@@ -22,33 +22,32 @@ $ ->
 
   # DOCUMENTS LISTENERS BEGIN
 
-  $(document).on 'click', '#document_new', ->
-    data = 'sub_service_request_id': $(this).data('sub-service-request-id')
-    $.ajax
-      type: 'GET'
-      url: '/dashboard/documents/new'
-      data: data
-
-  $(document).on 'click', '.document_edit', ->
-    row_index   = $(this).parents('tr').data('index')
-    document_id = $(this).parents('table.documents_table').bootstrapTable('getData')[row_index].id
-    data = 'sub_service_request_id': $('#document_new').data('sub-service-request-id')
-    $.ajax
-      type: 'GET'
-      url: "/dashboard/documents/#{document_id}/edit"
-      data: data
-
-  $(document).on 'click', '.document_delete', ->
-    row_index   = $(this).parents('tr').data('index')
-    document_id = $(this).parents('table.documents_table').bootstrapTable('getData')[row_index].id
-    data = 'sub_service_request_id': $('#document_new').data('sub-service-request-id')
-    if confirm "Are you sure you want to delete the selected Document from this SubServiceRequest?"
+  $(document).on 'click', '#document-new', ->
+    if $(this).data('permission')
+      data = 'protocol_id': $(this).data('protocol-id')
       $.ajax
-        type: 'DELETE'
-        url: "/dashboard/documents/#{document_id}"
+        type: 'GET'
+        url: '/dashboard/documents/new'
         data: data
 
-  $(document).on 'change', '#document_doc_type', ->
+  $(document).on 'click', '.document-edit', ->
+    if $(this).data('permission')
+      row_index   = $(this).parents('tr').data('index')
+      document_id = $(this).parents('table#documents-table').bootstrapTable('getData')[row_index].id
+      $.ajax
+        type: 'GET'
+        url: "/dashboard/documents/#{document_id}/edit"
+
+  $(document).on 'click', '.document-delete', ->
+    if $(this).data('permission')
+      row_index   = $(this).parents('tr').data('index')
+      document_id = $(this).parents('table#documents-table').bootstrapTable('getData')[row_index].id
+      if confirm "Are you sure you want to delete the selected Document from this Protocol?"
+        $.ajax
+          type: 'DELETE'
+          url: "/dashboard/documents/#{document_id}"
+
+  $(document).on 'change', '#document-doc-type', ->
     if $(this).val() == 'other'
       $('#doc_type_other_field').show()
     else

diff --git a/app/assets/stylesheets/bootstrap-table-custom.sass b/app/assets/stylesheets/bootstrap-table-custom.sass
@@ -3,7 +3,7 @@
   a.task-reschedule
     display: block
 
-  #documents_table,
+  #documents-table,
   #reports_table
     a.edit-document,
     a.attached_file,

diff --git a/app/controllers/dashboard/documents_controller.rb b/app/controllers/dashboard/documents_controller.rb
@@ -19,53 +19,94 @@
 # TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 class Dashboard::DocumentsController < Dashboard::BaseController
-  before_filter :find_sub_service_request, only: [:index, :new, :edit]
+  before_filter :find_document,                   only: [:edit, :update, :destroy]
+  before_filter :find_protocol,                   only: [:index, :new, :create, :edit, :update, :destroy]
+  before_filter :find_admin_for_protocol,         only: [:index, :new, :create, :edit, :update, :destroy]
+  before_filter :protocol_authorizer_view,        only: [:index]
+  before_filter :protocol_authorizer_edit,        only: [:new, :create, :edit, :update, :destroy]
+
+  before_filter :authorize_admin_access_document, only: [:edit, :update, :destroy]
 
   def index
-    @documents = @sub_service_request.documents
+    @documents          = @protocol.documents
+    @permission_to_edit = @protocol.project_roles.where(identity: @user, project_rights: ['approve', 'request']).any?
+    permission_to_view  = @protocol.project_roles.where(identity: @user, project_rights: ['approve', 'request', 'view']).any?
+    @admin_orgs         = @user.authorized_admin_organizations
   end
 
   def new
-    @document     = Document.new(service_request_id: @sub_service_request.service_request_id)
+    @document     = @protocol.documents.new
+    @action       = 'new'
     @header_text  = t(:dashboard)[:documents][:add]
   end
 
   def create
-    @sub_service_request = SubServiceRequest.find(params[:document][:sub_service_request_id])
-    @document = Document.create(params[:document].except!(:sub_service_request_id))
+    @document = Document.create(params[:document])
+    @document.update_attributes(protocol_id: @protocol.id)
+
     if @document.valid?
-      @sub_service_request.documents << @document
-      @sub_service_request.save
+      assign_organization_access
+
       flash.now[:success] = t(:dashboard)[:documents][:created]
     else
       @errors = @document.errors
     end
   end
 
   def edit
-    @sub_service_request = SubServiceRequest.find(params[:sub_service_request_id])
-    @document = Document.find(params[:id])
-    @header_text = t(:dashboard)[:documents][:edit]
+    @action       = 'edit'
+    @header_text  = t(:dashboard)[:documents][:edit]
   end
 
   def update
-    @document = Document.find(params[:id])
-    if @document.update_attributes(params[:document].except!(:sub_service_request_id))
+    if @document.update_attributes(params[:document])
+      assign_organization_access
+
       flash.now[:success] = t(:dashboard)[:documents][:updated]
     else
       @errors = @document.errors
     end
   end
 
   def destroy
-    Dashboard::DocumentRemover.new(id: params[:id],
-      sub_service_request_id: params[:sub_service_request_id])
+    Dashboard::DocumentRemover.new(params[:id])
+
     flash.now[:success] = t(:dashboard)[:documents][:destroyed]
   end
 
+  def protocol_index
+    @documents          = Document.where(service_request: @protocol.service_requests)
+    @permission_to_edit = @protocol.project_roles.where(identity: @user, project_rights: ['approve', 'request']).any?
+
+    if !@permission_to_edit
+      admin_orgs = @user.authorized_admin_organizations
+      @documents = @documents.reject { |document| (admin_orgs & document.sub_service_requests.map(&:org_tree).flatten.uniq).empty? }
+    end
+  end
+
   private
 
-  def find_sub_service_request
-    @sub_service_request = params[:sub_service_request_id].present? ? SubServiceRequest.find(params[:sub_service_request_id]) : nil
+  def find_document
+    @document = Document.find(params[:id])
+  end
+
+  def find_protocol
+    if @document
+      @protocol = @document.protocol
+    else
+      @protocol = Protocol.find(params[:protocol_id])
+    end
+  end
+
+  def assign_organization_access
+    @document.sub_service_requests = @protocol.sub_service_requests.where(organization_id: params[:org_ids])
+  end
+
+  def authorize_admin_access_document
+    @admin_orgs = @user.authorized_admin_organizations
+
+    unless @authorization.can_edit? || (@admin_orgs & @document.all_organizations).any?
+      render partial: 'service_requests/authorization_error', locals: { error: 'You are not allowed to edit this document.' }
+    end
   end
 end
diff --git a/app/controllers/portal/sub_service_requests_controller.rb b/app/controllers/portal/sub_service_requests_controller.rb
@@ -246,7 +246,7 @@ def delete_documents
     # deletes a group of documents
     sub_service_request = SubServiceRequest.find(params[:id])
     service_request = sub_service_request.service_request
-    document = service_request.documents.find params[:document_id]
+    document = service_request.protocol.documents.find params[:document_id]
     @tr_id = "#document_id_#{document.id}"
 
     sub_service_request.documents.delete document
@@ -257,7 +257,7 @@ def delete_documents
   def edit_documents
     @sub_service_request = SubServiceRequest.find(params[:id])
     service_request = @sub_service_request.service_request
-    @document = service_request.documents.find params[:document_id]
+    @document = service_request.protocol.documents.find params[:document_id]
     @service_list = service_request.service_list
   end
 

diff --git a/app/controllers/service_requests_controller.rb b/app/controllers/service_requests_controller.rb
@@ -462,7 +462,7 @@ def feedback
 
   def delete_documents
     # deletes a document unless we are working with a sub_service_request
-    @document = @service_request.documents.find params[:document_id]
+    @document = @service_request.protocol.documents.find params[:document_id]
     @tr_id = "#document_id_#{@document.id}"
 
     if @sub_service_request.nil?
@@ -475,7 +475,7 @@ def delete_documents
   end
 
   def edit_documents
-    @document = @service_request.documents.find params[:document_id]
+    @document = @service_request.protocol.documents.find params[:document_id]
     @service_list = @service_request.service_list
   end
 
@@ -616,7 +616,7 @@ def document_save_update errors
         if doc_object
           if @sub_service_request and doc_object.sub_service_requests.size > 1
             new_doc = document ? document : doc_object.document # if no new document provided use the old document
-            newDocument = Document.create(document: new_doc, doc_type: params[:doc_type], doc_type_other: params[:doc_type_other], service_request_id: @service_request.id)
+            newDocument = Document.create(document: new_doc, doc_type: params[:doc_type], doc_type_other: params[:doc_type_other], protocol_id: @service_request.protocol_id)
             @sub_service_request.documents << newDocument
             @sub_service_request.documents.delete doc_object
             @sub_service_request.save
@@ -626,7 +626,7 @@ def document_save_update errors
           end
         end
       else # new document
-        newDocument = Document.create(document: document, doc_type: doc_type, doc_type_other: doc_type_other, service_request_id: @service_request.id)
+        newDocument = Document.create(document: document, doc_type: doc_type, doc_type_other: doc_type_other, protocol_id: @service_request.protocol_id)
         process_ssr_organization_ids.each do |org_id|
           sub_service_request = @service_request.sub_service_requests.find_by_organization_id org_id.to_i
           sub_service_request.documents << newDocument

diff --git a/app/helpers/dashboard/documents_helper.rb b/app/helpers/dashboard/documents_helper.rb
@@ -20,23 +20,37 @@
 
 module Dashboard::DocumentsHelper
 
-  def display_document_title(document)
-    link_to document.document_file_name, document.document.url
+  def display_document_title(document, permission)
+    if permission
+      link_to document.document_file_name, document.document.url
+    else
+      document.document_file_name
+    end
   end
 
-  def document_edit_button(permission_to_edit)
+  def document_edit_button(document, permission)
     content_tag(:button,
       raw(
         content_tag(:span, '', class: "glyphicon glyphicon-edit", aria: {hidden: "true"})
-      ), type: 'button', class: "btn btn-warning actions-button document_edit"
+      ), type: 'button', class: "btn btn-warning actions-button document-edit #{permission ? '' : 'disabled'}", data: { permission: permission.to_s }
     )
   end
 
-  def document_delete_button(permission_to_edit)
+  def document_delete_button(document, permission)
     content_tag(:button,
       raw(
         content_tag(:span, '', class: "glyphicon glyphicon-remove", aria: {hidden: "true"})
-      ), type: 'button', class: "btn btn-danger actions-button document_delete"
+      ), type: 'button', class: "btn btn-danger actions-button document-delete #{permission ? '' : 'disabled'}", data: { permission: permission.to_s }
     )
   end
+
+  def document_org_access_collection(document, action)
+    default_select  = if action == 'new'
+                        current_user.authorized_admin_organizations.ids
+                      else
+                        document.sub_service_requests.map(&:organization_id)
+                      end
+
+    options_from_collection_for_select(document.protocol.organizations.distinct.sort_by(&:name), :id, :name, default_select)
+  end
 end
diff --git a/app/models/document.rb b/app/models/document.rb
@@ -23,14 +23,14 @@ class Document < ActiveRecord::Base
 
   include Paperclip::Glue
   has_and_belongs_to_many :sub_service_requests
-  belongs_to :service_request
+  belongs_to :protocol
   has_attached_file :document #, :preserve_files => true
 
   attr_accessible :document
   attr_accessible :doc_type
   attr_accessible :doc_type_other
   attr_accessible :sub_service_requests
-  attr_accessible :service_request_id
+  attr_accessible :protocol_id
 
   validates :doc_type, :document, presence: true
   validates :doc_type_other, presence: true, if: Proc.new { |doc| doc.doc_type == 'other' }
@@ -39,4 +39,7 @@ def display_document_type
     self.doc_type == "other" ? self.doc_type_other.try(:humanize) : DOCUMENT_TYPES.key(self.doc_type)
   end
 
+  def all_organizations
+    sub_service_requests.map(&:org_tree).flatten.uniq
+  end
 end
diff --git a/app/models/protocol.rb b/app/models/protocol.rb
@@ -41,6 +41,7 @@ class Protocol < ActiveRecord::Base
   has_many :study_type_answers,           dependent: :destroy
   has_many :notes, as: :notable,          dependent: :destroy
   has_many :study_type_questions,         through: :study_type_question_group
+  has_many :documents,                    dependent: :destroy
 
   belongs_to :study_type_question_group
 

diff --git a/app/models/service_request.rb b/app/models/service_request.rb
@@ -32,10 +32,9 @@ class ServiceRequest < ActiveRecord::Base
   has_many :charges, :dependent => :destroy
   has_many :tokens, :dependent => :destroy
   has_many :approvals, :dependent => :destroy
-  has_many :documents, :dependent => :destroy
   has_many :arms, :through => :protocol
   has_many :notes, as: :notable, dependent: :destroy
-
+  
   after_save :set_original_submitted_date
 
   validation_group :protocol do

diff --git a/app/views/dashboard/associated_users/create.js.coffee b/app/views/dashboard/associated_users/create.js.coffee
@@ -21,11 +21,15 @@
 <% if @errors.present? %>
 $("#modal_errors").html("<%= escape_javascript(render(partial: 'shared/modal_errors', locals: {errors: @errors})) %>")
 <% else %>
-<% if @current_user_created && @permission_to_edit %>
+<% if @current_user_created %>
+$("#documents-panel").html("<%= escape_javascript(render( 'dashboard/documents/documents_table', protocol: @protocol, permission_to_edit: @permission_to_edit || @admin )) %>")
 $("#service-requests-panel").html("<%= escape_javascript(render('dashboard/service_requests/service_requests', protocol: @protocol, permission_to_edit: @permission_to_edit, user: @user, view_only: false)) %>")
+
+$("#documents-table").bootstrapTable()
+$(".service-requests-table").bootstrapTable()
+
 $('.service-requests-table').on 'all.bs.table', ->
   $(this).find('.selectpicker').selectpicker() #Find descendant selectpickers
-$(".service-requests-table").bootstrapTable()
 <% end %>
 $("#modal_place").modal 'hide'
 $("#associated-users-table").bootstrapTable 'refresh', {silent: true}

diff --git a/app/views/dashboard/associated_users/destroy.js.coffee b/app/views/dashboard/associated_users/destroy.js.coffee
@@ -24,11 +24,15 @@ window.location = "/dashboard"
 <% elsif @current_user_destroyed && @admin %>
 $("#summary-panel").html("<%= escape_javascript(render('dashboard/protocols/summary', protocol: @protocol, protocol_type: @protocol_type, permission_to_edit: @permission_to_edit || @admin)) %>")
 $("#authorized-users-panel").html("<%= escape_javascript(render('dashboard/associated_users/table', protocol: @protocol, permission_to_edit: @permission_to_edit || @admin)) %>")
+$("#documents-panel").html("<%= escape_javascript(render( 'dashboard/documents/documents_table', protocol: @protocol, permission_to_edit: @permission_to_edit || @admin )) %>")
 $("#service-requests-panel").html("<%= escape_javascript(render('dashboard/service_requests/service_requests', protocol: @protocol, permission_to_edit: @permission_to_edit, user: @user, view_only: false)) %>")
+
 $("#associated-users-table").bootstrapTable()
+$("#documents-table").bootstrapTable()
+$(".service-requests-table").bootstrapTable()
+
 $('.service-requests-table').on 'all.bs.table', ->
 	$(this).find('.selectpicker').selectpicker() #Find descendant selectpickers
-$(".service-requests-table").bootstrapTable()
 <% else %>
 $("#associated-users-table").bootstrapTable 'refresh', {silent: true}
 <% end %>

diff --git a/app/views/dashboard/associated_users/update.js.coffee b/app/views/dashboard/associated_users/update.js.coffee
@@ -28,11 +28,15 @@ window.location = "/dashboard"
 <% elsif @current_user_updated %>
 $("#summary-panel").html("<%= escape_javascript(render('dashboard/protocols/summary', protocol: @protocol, protocol_type: @protocol_type, permission_to_edit: @permission_to_edit || @admin)) %>")
 $("#authorized-users-panel").html("<%= escape_javascript(render('dashboard/associated_users/table', protocol: @protocol, permission_to_edit: @permission_to_edit || @admin)) %>")
+$("#documents-panel").html("<%= escape_javascript(render( 'dashboard/documents/documents_table', protocol: @protocol, permission_to_edit: @permission_to_edit || @admin )) %>")
 $("#service-requests-panel").html("<%= escape_javascript(render('dashboard/service_requests/service_requests', protocol: @protocol, permission_to_edit: @permission_to_edit, user: @user, view_only: false)) %>")
+
 $("#associated-users-table").bootstrapTable()
+$("#documents-table").bootstrapTable()
+$(".service-requests-table").bootstrapTable()
+
 $('.service-requests-table').on 'all.bs.table', ->
   $(this).find('.selectpicker').selectpicker() #Find descendant selectpickers
-$(".service-requests-table").bootstrapTable()
 <% else %>
 $("#associated-users-table").bootstrapTable 'refresh', {silent: true}
 <% end %>