From cff56f2c88d08b4ef65e9c74659cd6a0cea65c1b Mon Sep 17 00:00:00 2001 From: Sawy Date: Tue, 19 Sep 2023 18:37:17 +0300 Subject: [PATCH] CV2-3738: remove a permission related to project privacy --- app/models/ability.rb | 8 ++++---- app/models/project_media.rb | 5 ----- app/models/relationship.rb | 2 +- lib/check_basic_abilities.rb | 2 +- 4 files changed, 6 insertions(+), 11 deletions(-) diff --git a/app/models/ability.rb b/app/models/ability.rb index 9fe2df5940..9d692b8530 100644 --- a/app/models/ability.rb +++ b/app/models/ability.rb @@ -77,7 +77,7 @@ def editor_perms obj.team_id == @context_team.id && !obj.is_default? end can :destroy, ProjectMedia do |obj| - obj.related_to_team?(@context_team) && obj.user_can_see_project?(@user) + obj.related_to_team?(@context_team) end can :manage, [TagText, TeamTask], team_id: @context_team.id can [:bulk_create], Tag, ['annotation_type = ?', 'tag'] do |obj| @@ -110,7 +110,7 @@ def editor_perms def collaborator_perms can [:cud, :bulk_update, :bulk_destroy], Relationship, { source: { team_id: @context_team.id }, target: { team_id: @context_team.id } } can [:create, :update], ProjectMedia do |obj| - (obj.related_to_team?(@context_team) || TeamUser.where(user_id: @user.id, status: 'member', team_id: obj.team_id).exists?) && obj.user_can_see_project?(@user) + obj.related_to_team?(@context_team) || TeamUser.where(user_id: @user.id, status: 'member', team_id: obj.team_id).exists? end can :create, [Media, Link, Claim] can :update, [Media, Link, Claim], { user_id: @user.id } @@ -119,7 +119,7 @@ def collaborator_perms end can :destroy, TeamUser, user_id: @user.id can :lock_annotation, ProjectMedia do |obj| - obj.related_to_team?(@context_team) && obj.archived_was == CheckArchivedFlags::FlagCodes::NONE && obj.user_can_see_project?(@user) + obj.related_to_team?(@context_team) && obj.archived_was == CheckArchivedFlags::FlagCodes::NONE end can :create, Source, :team_id => @context_team.id can [:create, :update], Account, source: { team: { team_users: { team_id: @context_team.id }}}, :user_id => @user.id @@ -147,7 +147,7 @@ def collaborator_perms obj.team&.id == @context_team.id && changes.keys == [] && !obj.annotated_is_trashed? end can [:administer_content, :bulk_update, :bulk_mark_read], ProjectMedia do |obj| - obj.related_to_team?(@context_team) && obj.user_can_see_project?(@user) + obj.related_to_team?(@context_team) end can [:destroy, :update], [Dynamic, Annotation] do |obj| obj.annotator_id.to_i == @user.id and !obj.annotated_is_archived? diff --git a/app/models/project_media.rb b/app/models/project_media.rb index f7ea917a39..bdfcbb1285 100644 --- a/app/models/project_media.rb +++ b/app/models/project_media.rb @@ -353,11 +353,6 @@ def feed_columns_values values end - def user_can_see_project?(user = User.current) - project = self.project - project.nil? || project.privacy <= Project.privacy_for_role(project.team, user) - end - # FIXME: Required by GraphQL API def claim_descriptions self.claim_description ? [self.claim_description] : [] diff --git a/app/models/relationship.rb b/app/models/relationship.rb index 1554830270..210d604a93 100644 --- a/app/models/relationship.rb +++ b/app/models/relationship.rb @@ -319,7 +319,7 @@ def move_to_same_project_as_main if (self.is_confirmed? || self.is_suggested?) && secondary && main && secondary.project_id != main.project_id secondary.project_id = main.project_id secondary.save! - CheckNotification::InfoMessages.send('moved_to_private_folder', item_title: secondary.title) unless secondary.reload.user_can_see_project?(secondary.user) + CheckNotification::InfoMessages.send('moved_to_private_folder', item_title: secondary.title) end end diff --git a/lib/check_basic_abilities.rb b/lib/check_basic_abilities.rb index f8baa96d34..1d9645591d 100644 --- a/lib/check_basic_abilities.rb +++ b/lib/check_basic_abilities.rb @@ -82,7 +82,7 @@ def extra_perms_for_all_users can :read, Account, source: { user_id: [@user.id, nil] } can :read, Relationship, { source: { team_id: @user.cached_teams }, target: { team_id: @user.cached_teams } } can :read, ProjectMedia do |obj| - (!obj.team.private || @user.cached_teams.include?(obj.team.id)) && obj.user_can_see_project?(@user) + !obj.team.private || @user.cached_teams.include?(obj.team.id) end can :read, Cluster do |obj|