[myexperiment-hackers] [3649] branches/packs: fixed issue with always seeing resource delete icons

[noreply]

Revision

3649

Author

dgc

Date

2013-09-01 13:32:51 +0000 (Sun, 01 Sep 2013)

Log Message

fixed issue with always seeing resource delete icons

Modified Paths

• branches/packs/app/views/packs/_resource_tile.html.erb
• branches/packs/lib/authorization.rb

Diff

Modified: branches/packs/app/views/packs/_resource_tile.html.erb (3648 => 3649)

--- branches/packs/app/views/packs/_resource_tile.html.erb	2013-09-01 10:47:33 UTC (rev 3648)
+++ branches/packs/app/views/packs/_resource_tile.html.erb	2013-09-01 13:32:51 UTC (rev 3649)
@@ -5,9 +5,11 @@
   <td><%=h resource.content_type -%></td>
   <td><%=h resource.annotations.count -%></td>
   <td>
-    <%= link_to("<img src='' />",
-        pack_item_path(pack, ore_path),
-        :method => :delete,
-        :confirm => "Are you sure you want to delete this item?") %>
+    <% if Authorization.check('destroy', resource, current_user) %>
+      <%= link_to("<img src='' />",
+          pack_item_path(pack, ore_path),
+          :method => :delete,
+          :confirm => "Are you sure you want to delete this item?") %>
+    <% end %>
   </td>
 </tr>

Modified: branches/packs/lib/authorization.rb (3648 => 3649)

--- branches/packs/lib/authorization.rb	2013-09-01 10:47:33 UTC (rev 3648)
+++ branches/packs/lib/authorization.rb	2013-09-01 13:32:51 UTC (rev 3649)
@@ -328,7 +328,7 @@
             return Authorization.check('edit', object.context, user)
         end
 
-      when "PackContributableEntry", "PackRemoteEntry"
+      when "PackContributableEntry"
 
         case action
 
@@ -339,7 +339,43 @@
             # Only users that can edit a pack can add items to it
             return !user.nil? && Authorization.check('edit', context, user)
 
+          when "view"
+
+            # Only users can can view the pack and also view the contributable
+            # can view it.
+
+            return false unless Authorization.check('view', object.pack, user)
+
+            return Authorization.check('view', object.contributable, user)
+
           when "edit", "destroy"
+
+            # Users that can edit the pack can also edit / delete items, but
+            # only if they can view the items.
+
+            return false unless Authorization.check('edit', object.pack, user)
+
+            return Authorization.check('view', object.contributable, user)
+        end
+
+      when "PackRemoteEntry"
+
+        case action
+
+          when "create"
+
+            raise "Context required for authorisation check" unless context
+
+            # Only users that can edit a pack can add items to it
+            return !user.nil? && Authorization.check('edit', context, user)
+
+          when "view"
+
+            # Only users can can view the pack can see remote items.
+
+            return Authorization.check('view', object.pack, user)
+
+          when "edit", "destroy"
             # Users that can edit the pack can also edit / delete items
             return Authorization.check('edit', object.pack, user)
 
@@ -358,14 +394,20 @@
             # contributable if it is local to myExperiment
 
             if object.pack_contributable_entry
-              return false unless Authorization.check('view', object.pack_contributable_entry, user)
+              return Authorization.check('view', object.pack_contributable_entry, user)
             end
 
+            return false
+
           when "create"
 
             # Only users that can edit the pack can create RO resources
-            return Authorization.check('edit', context, user)
+            return Authorization.check('edit', object.research_object.pack, user)
 
+          when "destroy"
+
+            # Only users that can edit the pack can delete RO resources
+            return Authorization.check('edit', object.research_object.pack, user)
         end
 
       when "Message"