Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix/final global sharing #2

Merged
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 2 additions & 3 deletions js/components/security/access/configure-access-modal.html
Original file line number Diff line number Diff line change
Expand Up @@ -92,15 +92,14 @@
<label data-bind="css: classes('new-access-label'), text: ko.i18n('common.configureAccessModal.globalReadStatus', 'Status of global READ access:')"></label>
<div/>
<div class="btn-group" data-toggle="buttons">
<label data-bind="css: { active: !shareFlag()},
<label data-bind="css: { active: shareFlag()},
click: function () { shareFlag(false); grantGlobalReadAccess();},
clickBubble: false,
text: ko.i18n('common.configureAccessModal.globalReadStatusNotGranted', 'Granted')
"
class="btn btn-primary",
/>
<label data-bind="css: {
active: shareFlag()},
<label data-bind="css: { active: !shareFlag()},
click: function () { shareFlag(true); revokeGlobalReadAccess();},
clickBubble: false,
text: ko.i18n('common.configureAccessModal.globalReadStatusIsGranted', 'Not Granted')
Expand Down
28 changes: 9 additions & 19 deletions js/pages/cohort-definitions/cohort-definition-manager.js
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ define(['jquery', 'knockout', 'text!./cohort-definition-manager.html',
'appConfig',
'components/cohortbuilder/CohortDefinition',
'services/CohortDefinition',
'services/ShareRoleCheck',
'services/MomentAPI',
'services/ConceptSet',
'services/Permission',
Expand Down Expand Up @@ -66,8 +65,7 @@ define(['jquery', 'knockout', 'text!./cohort-definition-manager.html',
view,
config,
CohortDefinition,
cohortDefinitionService,
shareRoleCheck,
cohortDefinitionService,
momentApi,
conceptSetService,
PermissionService,
Expand Down Expand Up @@ -201,22 +199,14 @@ define(['jquery', 'knockout', 'text!./cohort-definition-manager.html',
this.authApi = authApi;
this.config = config;

this.enablePermissionManagement = ko.observable(false);
this.enablePermissionManagement(config.enablePermissionManagement);

this.userCanShare = ko.observable(false);
if (config.permissionManagementRoleId === "") {
this.userCanShare(true);
} else {
shareRoleCheck.checkIfRoleCanShare(authApi.subject(), config.permissionManagementRoleId)
.then(res=>{
this.userCanShare(res);
})
.catch(error => {
console.error(error);
alert(ko.i18n('cohortDefinitions.cohortDefinitionManager.shareRoleCheck', 'Error when determining if user can share cohorts')());
});
}
this.enablePermissionManagement = ko.observable(config.enablePermissionManagement);
if (config.enablePermissionManagement) {
this.userCanShare = ko.observable(
!config.limitedPermissionManagement ||
authApi.isPermittedGlobalShareCohort());
} else {
this.userCanShare = ko.observable(false);
}

this.relatedSourcecodesOptions = globalConstants.relatedSourcecodesOptions;
this.commonUtils = commonUtils;
Expand Down
31 changes: 10 additions & 21 deletions js/pages/concept-sets/conceptset-manager.js
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,7 @@ define([
'./const',
'const',
'components/conceptset/utils',
'services/Vocabulary',
'services/ShareRoleCheck',
'services/Vocabulary',
'services/Permission',
'services/Tags',
'components/security/access/const',
Expand Down Expand Up @@ -56,8 +55,7 @@ define([
constants,
globalConstants,
utils,
vocabularyAPI,
shareRoleCheck,
vocabularyAPI,
GlobalPermissionService,
TagsService,
{ entityType },
Expand Down Expand Up @@ -177,24 +175,15 @@ define([
return this.currentConceptSet() && this.currentConceptSet().id > 0;
});

this.enablePermissionManagement = ko.observable(false);
this.enablePermissionManagement(config.enablePermissionManagement);

this.userCanShare = ko.observable(false);
if (config.permissionManagementRoleId === "") {
this.userCanShare(true);
} else {
shareRoleCheck.checkIfRoleCanShare(authApi.subject(), config.permissionManagementRoleId)
.then(res=>{
this.userCanShare(res);
})
.catch(error => {
console.error(error);
alert(ko.i18n('conceptSets.conceptSetManager.shareRoleCheck', 'Error when determining if user can share concept sets')());
});
}
this.enablePermissionManagement = ko.observable(config.enablePermissionManagement);
if (config.enablePermissionManagement) {
this.userCanShare = ko.observable(
!config.limitedPermissionManagement ||
authApi.isPermittedGlobalShareCohort());
} else {
this.userCanShare = ko.observable(false);
}


this.isSaving = ko.observable(false);
this.isDeleting = ko.observable(false);
this.isOptimizing = ko.observable(false);
Expand Down
29 changes: 18 additions & 11 deletions js/services/AuthAPI.js
Original file line number Diff line number Diff line change
Expand Up @@ -395,6 +395,12 @@ define(function(require, exports) {
return isPermitted('cohortdefinition:' + id + ':copy:get');
}

var isPermittedGlobalShareCohort = function() {
// special * permission (intended for admins) that allows the
// user to share any cohort with a "global reader role":
return isPermitted('cohortdefinition:global:share:put');
}

var isPermittedUpdateCohort = function(id) {
var permission = 'cohortdefinition:' + id + ':put';
return isPermitted(permission);
Expand All @@ -407,17 +413,17 @@ define(function(require, exports) {
}

var isPermittedGenerateCohort = function(cohortId, sourceKey) {
var v = isPermitted('cohortdefinition:' + cohortId + ':generate:' + sourceKey + ':get') &&
isPermitted('cohortdefinition:' + cohortId + ':info:get');

// By default, everyone can generate any artifact they have
// permission to read. If a permissionManagementRoleId has
// been assigned, (non- empty string assignment), the default
// generate functionality is not desired. Rather, users will have to
// have a role that allows them to update the specific cohort definition.
if (config.permissionManagementRoleId !== ""){
v = v && isPermitted('cohortdefinition:' + cohortId + ':put')
}
var v = isPermitted('cohortdefinition:' + cohortId + ':generate:' + sourceKey + ':get') &&
isPermitted('cohortdefinition:' + cohortId + ':info:get');

// By default, everyone can generate any artifact they have
// permission to read. If limitedPermissionManagement has
// been set to true, the default
// generate functionality is not desired. Rather, users will have to
// have a permission that allows them to update the specific cohort definition.
if (config.limitedPermissionManagement){
v = v && isPermitted('cohortdefinition:' + cohortId + ':put')
}
return v
}

Expand Down Expand Up @@ -586,6 +592,7 @@ define(function(require, exports) {
isPermittedReadCohort: isPermittedReadCohort,
isPermittedCreateCohort: isPermittedCreateCohort,
isPermittedCopyCohort: isPermittedCopyCohort,
isPermittedGlobalShareCohort: isPermittedGlobalShareCohort,
isPermittedUpdateCohort: isPermittedUpdateCohort,
isPermittedDeleteCohort: isPermittedDeleteCohort,
isPermittedGenerateCohort: isPermittedGenerateCohort,
Expand Down
32 changes: 0 additions & 32 deletions js/services/ShareRoleCheck.js

This file was deleted.