Diff
Modified: branches/datasets/app/controllers/data_items_controller.rb (2833 => 2834)
--- branches/datasets/app/controllers/data_items_controller.rb 2011-11-22 10:03:18 UTC (rev 2833)
+++ branches/datasets/app/controllers/data_items_controller.rb 2011-11-22 15:16:31 UTC (rev 2834)
@@ -5,8 +5,9 @@
class DataItemsController < ApplicationController
+ before_filter :fetch_data_set_and_workflow
+ before_filter :auth
before_filter :fetch_relationship, :except => [:create, :new]
- before_filter :fetch_data_set_and_workflow
before_filter :fetch_port_names, : [:new, :edit]
before_filter :fetch_blobs, : [:new, :edit]
@@ -190,4 +191,13 @@
@blobs = current_user.blobs +
(current_user.bookmarks.find(:all, :conditions => ["bookmarkable_type = 'Blob'"]).map {|b| b.bookmarkable})
end
+
+ def auth
+ puts action_name
+ unless Authorization.is_authorized?(action_name, nil, @workflow, current_user)
+ respond_to do |format|
+ format.html { render :nothing => true, :status => 403 }
+ end
+ end
+ end
end
\ No newline at end of file
Modified: branches/datasets/app/controllers/data_sets_controller.rb (2833 => 2834)
--- branches/datasets/app/controllers/data_sets_controller.rb 2011-11-22 10:03:18 UTC (rev 2833)
+++ branches/datasets/app/controllers/data_sets_controller.rb 2011-11-22 15:16:31 UTC (rev 2834)
@@ -7,10 +7,13 @@
before_filter :fetch_workflow
before_filter :fetch_data_set, :except => [:create, :new, :index]
+ before_filter :auth
before_filter :fetch_data_sets, : [:index, :show]
def create
@data_set = @workflow.data_sets.build(params[:data_set])
+ @data_set.contributor = current_user
+
if @data_set.save
respond_to do |format|
format.html { redirect_to workflow_data_set_url(@workflow, @data_set) }
@@ -85,4 +88,15 @@
@data_sets = @workflow.data_sets
end
+ def auth
+ unless Authorization.is_authorized?(action_name, nil, @workflow, current_user)
+ action = ""
+ action = "" if action_name == "show"
+ flash[:error] = "You are not authorized to #{action} this data set"
+
+ respond_to do |format|
+ format.html { redirect_to workflow_url(@workflow) }
+ end
+ end
+ end
end
Modified: branches/datasets/app/models/data_set.rb (2833 => 2834)
--- branches/datasets/app/models/data_set.rb 2011-11-22 10:03:18 UTC (rev 2833)
+++ branches/datasets/app/models/data_set.rb 2011-11-22 15:16:31 UTC (rev 2834)
@@ -12,12 +12,14 @@
format_attribute :description
belongs_to :workflow
+ belongs_to :contributor, :polymorphic => true
#todo: Rails 2: can probably use separate finders for input/output relationships as it supports conditions on
# joined tables;
has_many :relationships, :class_name => "Relationship", :as => :context,
:dependent => :destroy
+ #this association is just to ensure text data is deleted when the data set is. not actually used.
has_many :text_datas, :dependent => :destroy
end
Modified: branches/datasets/app/views/data_sets/_data_item.rhtml (2833 => 2834)
--- branches/datasets/app/views/data_sets/_data_item.rhtml 2011-11-22 10:03:18 UTC (rev 2833)
+++ branches/datasets/app/views/data_sets/_data_item.rhtml 2011-11-22 15:16:31 UTC (rev 2834)
@@ -21,18 +21,30 @@
</div>
<% elsif data.kind_of?(Blob) %>
<div class="file_data">
- <div style="float:left">
- <b>Title:</b> <%= link_to "#{h truncate(data.label, 70)}", file_path(data), :class => "file_link" %><br/>
- <b>Type: </b> <%= h data.content_type.title %><br/>
- <b>Size: </b> <%= number_to_human_size(data.content_blob.data.size) %><br/>
- </div>
- <div style="float:right">
- <ul class="sectionIcons">
- <li>
- <%= icon('download', download_file_path(data), nil, nil, 'Download') %>
- </li>
- </ul>
- </div>
+ <% if Authorization.is_authorized?("show", nil, data, current_user) -%>
+ <div style="float:left">
+ <b>Title:</b> <%= link_to "#{h truncate(data.label, 70)}", file_path(data), :class => "file_link" %><br/>
+ <b>Type: </b> <%= h data.content_type.title %><br/>
+ <b>Size: </b> <%= number_to_human_size(data.content_blob.data.size) %><br/>
+ </div>
+ <div style="float:right; width: 11em">
+ <ul class="sectionIcons" style="text-align: right">
+ <% if Authorization.is_authorized?("download", nil, data, current_user) -%>
+ <li>
+ <%= icon('download', download_file_path(data), nil, nil, 'Download') %>
+ </li>
+ <% else %>
+ <p class="denied_text" style="text-align: center;">
+ You are not authorized to download this data file.
+ </p>
+ <% end %>
+ </ul>
+ </div>
+ <% else %>
+ <p class="denied_text" style="text-align: center;">
+ You are not authorised to view this data file.
+ </p>
+ <% end %>
</div>
<% end %>
</td>
@@ -42,7 +54,8 @@
<td class="arrow"><img src=""
<%= port_type == "input" ? port_td : data_td %>
-<%# if mine? @workflow %>
+<%# data sets should probably have their own policy %>
+<% if mine? @workflow %>
<td class="controls">
<%= icon('destroy', {:url ="" data_set_data_item_path(@data_set, data_item), :method => :delete,
:update => {:success => "data_set_container"},
@@ -60,4 +73,4 @@
<br/>
<img id="data_item_<%=data_item.id-%>_spinner" src="" style="display:none; vertical-align: middle;"/>
</td>
-<%# end %>
+<% end %>
Modified: branches/datasets/app/views/data_sets/_data_set.rhtml (2833 => 2834)
--- branches/datasets/app/views/data_sets/_data_set.rhtml 2011-11-22 10:03:18 UTC (rev 2833)
+++ branches/datasets/app/views/data_sets/_data_set.rhtml 2011-11-22 15:16:31 UTC (rev 2834)
@@ -34,10 +34,12 @@
</tr>
</tbody>
</table>
+
<% if @data_set.relationships.select{|r| r.objekt.input?}.empty? %>
<span class="none_text">No output data specified</span>
<% end %>
- <%# if mine? @workflow %>
+
+ <% if mine? @workflow %>
<ul class="sectionIcons">
<li>
<%= icon('new', {:url ="" new_data_set_data_item_path(:data_set_id => @data_set.id, :port_type => "input"), :method => :get,
@@ -49,7 +51,7 @@
<img id="data_item_input_form_spinner" src="" style="display:none; vertical-align: middle;"/>
</li>
</ul>
- <%# end %>
+ <% end %>
<h3>Output data</h3>
@@ -70,7 +72,8 @@
<% if @data_set.relationships.select{|r| r.objekt.output?}.empty? %>
<span class="none_text">No output data specified</span>
<% end %>
- <%# if mine? @workflow %>
+
+ <% if mine? @workflow %>
<ul class="sectionIcons">
<li>
<%= icon('new', {:url ="" new_data_set_data_item_path(:data_set_id => @data_set.id, :port_type => "output"), :method => :get,
@@ -82,6 +85,6 @@
<img id="data_item_output_form_spinner" src="" style="display:none; vertical-align: middle;"/>
</li>
</ul>
- <%# end %>
+ <% end %>
</div>
Modified: branches/datasets/app/views/data_sets/show.rhtml (2833 => 2834)
--- branches/datasets/app/views/data_sets/show.rhtml 2011-11-22 10:03:18 UTC (rev 2833)
+++ branches/datasets/app/views/data_sets/show.rhtml 2011-11-22 15:16:31 UTC (rev 2834)
@@ -10,15 +10,17 @@
<li>
<%= icon('download', "#", nil, nil, 'Download this data set') %>
</li>
- <li>
- <%= icon('edit', edit_workflow_data_set_path(@workflow, @data_set), nil, nil, 'Edit data set') %>
- </li>
- <li>
- <%= icon('destroy', workflow_data_set_path(@workflow, @data_set), nil,
- {:method => :delete, :confirm => "Are you sure wish to delete this data set? All associated text data "+
- "will be deleted, but any uploaded files will remain on #{Conf.sitename}."},
- 'Delete data set') %>
- </li>
+ <% if mine?(@workflow) %>
+ <li>
+ <%= icon('edit', edit_workflow_data_set_path(@workflow, @data_set), nil, nil, 'Edit data set') %>
+ </li>
+ <li>
+ <%= icon('destroy', workflow_data_set_path(@workflow, @data_set), nil,
+ {:method => :delete, :confirm => "Are you sure wish to delete this data set? All associated text data "+
+ "will be deleted, but any uploaded files will remain on #{Conf.sitename}."},
+ 'Delete data set') %>
+ </li>
+ <% end %>
</ul>
</div>
<br class="clearer"/>
Modified: branches/datasets/config/schema.d/workflows.xml (2833 => 2834)
--- branches/datasets/config/schema.d/workflows.xml 2011-11-22 10:03:18 UTC (rev 2833)
+++ branches/datasets/config/schema.d/workflows.xml 2011-11-22 15:16:31 UTC (rev 2834)
@@ -53,7 +53,8 @@
<table name="data_sets">
- <column type="integer" name="user_id"/>
+ <column type="integer" name="contributor_id"/>
+ <column type="string" name="contributor_type"/>
<column type="integer" name="workflow_id"/>
<column type="datetime" name="created_at"/>
<column type="datetime" name="updated_at"/>
@@ -63,8 +64,8 @@
<column type="text" name="category"/>
<column type="integer" name="workflow_version"/>
- <belongs-to target="users"/>
- <belongs-to target="workflow"/>
+ <belongs-to target="contributors" polymorphic="true"/>
+ <belongs-to target="workflows"/>
</table>
@@ -72,7 +73,7 @@
<column type="integer" name="data_set_id"/>
<column type="text" name="data"/>
- <belongs-to target="data_set"/>
+ <belongs-to target="data_sets"/>
</table>
<table name="workflow_ports">
@@ -82,7 +83,7 @@
<column type="string" name="name"/>
<column type="string" name="port_type"/>
- <belongs-to target="workflow"/>
+ <belongs-to target="workflows"/>
</table>
Modified: branches/datasets/db/schema.rb (2833 => 2834)
--- branches/datasets/db/schema.rb 2011-11-22 10:03:18 UTC (rev 2833)
+++ branches/datasets/db/schema.rb 2011-11-22 15:16:31 UTC (rev 2834)
@@ -200,10 +200,11 @@
t.column "created_at", :datetime
t.column "title", :text
t.column "updated_at", :datetime
- t.column "version", :integer
- t.column "user_id", :integer
t.column "workflow_id", :integer
t.column "description", :text
+ t.column "workflow_version", :integer
+ t.column "contributor_id", :integer
+ t.column "contributor_type", :string
end
create_table "downloads", :force => true do |t|
@@ -768,10 +769,10 @@
end
create_table "workflow_ports", :force => true do |t|
- t.column "name", :string
- t.column "port_type", :string
- t.column "version", :integer
- t.column "workflow_id", :integer
+ t.column "name", :string
+ t.column "port_type", :string
+ t.column "workflow_id", :integer
+ t.column "workflow_version", :integer
end
create_table "workflow_processors", :force => true do |t|
Modified: branches/datasets/public/stylesheets/styles.css (2833 => 2834)
--- branches/datasets/public/stylesheets/styles.css 2011-11-22 10:03:18 UTC (rev 2833)
+++ branches/datasets/public/stylesheets/styles.css 2011-11-22 15:16:31 UTC (rev 2834)
@@ -2452,7 +2452,7 @@
.data_set .output {
border-color: #9F9;
- background-color: #CFC;
+ background-color: #DFD;
}
.data_set h5 {
@@ -2513,7 +2513,7 @@
margin-top: 1em;
}
-.data_set input[type=text].readonly, .data_set textarea.readonly {
+.data_set input[type=text].readonly, .data_set textarea {
background-color: #FFF;
border: 1px dashed #CCC;
padding: 3px;
@@ -2548,8 +2548,6 @@
.data_set td.data .file_data {
padding: 0.5em;
- background-color: #fff;
- border: 1px solid #ccc;
overflow: auto;
line-height: 1.1;
}