Skip to content

Commit

Permalink
add ability for journal editors to manage project grants
Browse files Browse the repository at this point in the history
  • Loading branch information
@timbot1789
timbot1789 committed Feb 28, 2025
1 parent eba7381 commit 65f4e99
Show file tree
Hide file tree
Showing 3 changed files with 8 additions and 2 deletions.
2 changes: 2 additions & 0 deletions api/app/authorizers/entitlement_authorizer.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,13 +58,15 @@ def default(_adjective, user, options = {})
# @param [Hash] options
# @option options [ApplicationRecord] :for
def creatable_by?(user, options = {})
return false if user.marketeer?
might_access? user, options
end

# @param [User] user
# @param [Hash] options
# @option options [ApplicationRecord] :for
def manageable_by?(user, options = {})
return false if user.marketeer?
might_access? user, options
end

Expand Down
6 changes: 4 additions & 2 deletions api/app/authorizers/project_authorizer.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -106,9 +106,10 @@ def project_administered_by?(user, _options = {})
# @param [User] user
# @param [Hash] options
def entitlements_creatable_by?(user, options = {})
return false if resource.draft? && !has_any_role?(user, :admin, :editor)
options ||= {}

options[:subject] = resource
options[:for] = resource

user.can_create? Entitlement, options
end
Expand All @@ -117,9 +118,10 @@ def entitlements_creatable_by?(user, options = {})
# @param [User] user
# @param [Hash] options
def entitlements_manageable_by?(user, options = {})
return false if resource.draft? && !has_any_role?(user, :admin, :editor)
options ||= {}

options[:subject] = resource
options[:for] = resource

user.can_manage? Entitlement, options
end
Expand Down
2 changes: 2 additions & 0 deletions api/spec/authorizers/project_authorizer_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -341,6 +341,8 @@
it { is_expected.to be_able_to(:read).on(journal_issue.project) }
it { is_expected.to be_able_to(:update).on(journal_issue.project) }
it { is_expected.not_to be_able_to(:create).on(journal_issue.project) }
it { is_expected.to be_able_to(:manage_entitlements).on(journal_issue.project) }
it { is_expected.to be_able_to(:create_entitlements).on(journal_issue.project) }

it "cannot delete a journal issue's project directly (delete the journal issue itself)" do
is_expected.not_to be_able_to(:delete).on(journal_issue.project)
Expand Down

0 comments on commit 65f4e99

Please sign in to comment.