CV2-3738: remove a permission related to project privacy

meedan · Sep 19, 2023 · cff56f2 · cff56f2
1 parent 8c0737d
commit cff56f2
Show file tree

Hide file tree

Showing 4 changed files with 6 additions and 11 deletions.
diff --git a/app/models/ability.rb b/app/models/ability.rb
@@ -77,7 +77,7 @@ def editor_perms
       obj.team_id == @context_team.id && !obj.is_default?
     end
     can :destroy, ProjectMedia do |obj|
-      obj.related_to_team?(@context_team) && obj.user_can_see_project?(@user)
+      obj.related_to_team?(@context_team)
     end
     can :manage, [TagText, TeamTask], team_id: @context_team.id
     can [:bulk_create], Tag, ['annotation_type = ?', 'tag'] do |obj|
@@ -110,7 +110,7 @@ def editor_perms
   def collaborator_perms
     can [:cud, :bulk_update, :bulk_destroy], Relationship, { source: { team_id: @context_team.id }, target: { team_id: @context_team.id } }
     can [:create, :update], ProjectMedia do |obj|
-      (obj.related_to_team?(@context_team) || TeamUser.where(user_id: @user.id, status: 'member', team_id: obj.team_id).exists?) && obj.user_can_see_project?(@user)
+      obj.related_to_team?(@context_team) || TeamUser.where(user_id: @user.id, status: 'member', team_id: obj.team_id).exists?
     end
     can :create, [Media, Link, Claim]
     can :update, [Media, Link, Claim], { user_id: @user.id }
@@ -119,7 +119,7 @@ def collaborator_perms
     end
     can :destroy, TeamUser, user_id: @user.id
     can :lock_annotation, ProjectMedia do |obj|
-      obj.related_to_team?(@context_team) && obj.archived_was == CheckArchivedFlags::FlagCodes::NONE && obj.user_can_see_project?(@user)
+      obj.related_to_team?(@context_team) && obj.archived_was == CheckArchivedFlags::FlagCodes::NONE
     end
     can :create, Source, :team_id => @context_team.id
     can [:create, :update], Account, source: { team: { team_users: { team_id: @context_team.id }}}, :user_id => @user.id
@@ -147,7 +147,7 @@ def collaborator_perms
       obj.team&.id == @context_team.id && changes.keys == [] && !obj.annotated_is_trashed?
     end
     can [:administer_content, :bulk_update, :bulk_mark_read], ProjectMedia do |obj|
-      obj.related_to_team?(@context_team) && obj.user_can_see_project?(@user)
+      obj.related_to_team?(@context_team)
     end
     can [:destroy, :update], [Dynamic, Annotation] do |obj|
       obj.annotator_id.to_i == @user.id and !obj.annotated_is_archived?

diff --git a/app/models/project_media.rb b/app/models/project_media.rb
@@ -353,11 +353,6 @@ def feed_columns_values
     values
   end
 
-  def user_can_see_project?(user = User.current)
-    project = self.project
-    project.nil? || project.privacy <= Project.privacy_for_role(project.team, user)
-  end
-
   # FIXME: Required by GraphQL API
   def claim_descriptions
     self.claim_description ? [self.claim_description] : []

diff --git a/app/models/relationship.rb b/app/models/relationship.rb
@@ -319,7 +319,7 @@ def move_to_same_project_as_main
     if (self.is_confirmed? || self.is_suggested?) && secondary && main && secondary.project_id != main.project_id
       secondary.project_id = main.project_id
       secondary.save!
-      CheckNotification::InfoMessages.send('moved_to_private_folder', item_title: secondary.title) unless secondary.reload.user_can_see_project?(secondary.user)
+      CheckNotification::InfoMessages.send('moved_to_private_folder', item_title: secondary.title)
     end
   end
 

diff --git a/lib/check_basic_abilities.rb b/lib/check_basic_abilities.rb
@@ -82,7 +82,7 @@ def extra_perms_for_all_users
     can :read, Account, source: { user_id: [@user.id, nil] }
     can :read, Relationship, { source: { team_id: @user.cached_teams }, target: { team_id: @user.cached_teams } }
     can :read, ProjectMedia do |obj|
-      (!obj.team.private || @user.cached_teams.include?(obj.team.id)) && obj.user_can_see_project?(@user)
+      !obj.team.private || @user.cached_teams.include?(obj.team.id)
     end
 
     can :read, Cluster do |obj|