CV2-3738: remove the privacy permissions (#1660)

* CV2-3738: remove a permission related to project privacy * CV2-3738: remove privacy code * CV2-3738: remove privacy condition from search * CV2-3738: fix tests
meedan · Sep 27, 2023 · c8518db · c8518db
1 parent 9ae1a1a
commit c8518db
Show file tree

Hide file tree

Showing 8 changed files with 10 additions and 29 deletions.
diff --git a/app/graph/types/team_type.rb b/app/graph/types/team_type.rb
@@ -215,7 +215,7 @@ def join_requests
   field :projects, ProjectType.connection_type, null: true
 
   def projects
-    object.recent_projects.allowed(object)
+    object.recent_projects
   end
 
   field :sources_count, GraphQL::Types::Int, null: true do

diff --git a/app/models/ability.rb b/app/models/ability.rb
@@ -77,7 +77,7 @@ def editor_perms
       obj.team_id == @context_team.id && !obj.is_default?
     end
     can :destroy, ProjectMedia do |obj|
-      obj.related_to_team?(@context_team) && obj.user_can_see_project?(@user)
+      obj.related_to_team?(@context_team)
     end
     can :manage, [TagText, TeamTask], team_id: @context_team.id
     can [:bulk_create], Tag, ['annotation_type = ?', 'tag'] do |obj|
@@ -110,7 +110,7 @@ def editor_perms
   def collaborator_perms
     can [:cud, :bulk_update, :bulk_destroy], Relationship, { source: { team_id: @context_team.id }, target: { team_id: @context_team.id } }
     can [:create, :update], ProjectMedia do |obj|
-      (obj.related_to_team?(@context_team) || TeamUser.where(user_id: @user.id, status: 'member', team_id: obj.team_id).exists?) && obj.user_can_see_project?(@user)
+      obj.related_to_team?(@context_team) || TeamUser.where(user_id: @user.id, status: 'member', team_id: obj.team_id).exists?
     end
     can :create, [Media, Link, Claim]
     can :update, [Media, Link, Claim], { user_id: @user.id }
@@ -119,7 +119,7 @@ def collaborator_perms
     end
     can :destroy, TeamUser, user_id: @user.id
     can :lock_annotation, ProjectMedia do |obj|
-      obj.related_to_team?(@context_team) && obj.archived_was == CheckArchivedFlags::FlagCodes::NONE && obj.user_can_see_project?(@user)
+      obj.related_to_team?(@context_team) && obj.archived_was == CheckArchivedFlags::FlagCodes::NONE
     end
     can :create, Source, :team_id => @context_team.id
     can [:create, :update], Account, source: { team: { team_users: { team_id: @context_team.id }}}, :user_id => @user.id
@@ -147,7 +147,7 @@ def collaborator_perms
       obj.team&.id == @context_team.id && changes.keys == [] && !obj.annotated_is_trashed?
     end
     can [:administer_content, :bulk_update, :bulk_mark_read], ProjectMedia do |obj|
-      obj.related_to_team?(@context_team) && obj.user_can_see_project?(@user)
+      obj.related_to_team?(@context_team)
     end
     can [:destroy, :update], [Dynamic, Annotation] do |obj|
       obj.annotator_id.to_i == @user.id and !obj.annotated_is_archived?

diff --git a/app/models/project.rb b/app/models/project.rb
@@ -5,14 +5,6 @@ class Project < ApplicationRecord
   include AssignmentConcern
   include AnnotationBase::Association
 
-  module PrivacySettings
-    ALL = 0
-    EDITORS = 1
-    ADMINS = 2
-  end
-
-  scope :allowed, ->(team) { where('privacy <= ?', Project.privacy_for_role(team)) }
-
   attr_accessor :project_media_ids_were, :previous_project_group_id, :previous_default_project_id, :items_destination_project_id
 
   belongs_to :user, optional: true
@@ -259,11 +251,6 @@ def self.bulk_update_medias_count(pids)
     pids_count.each { |pid, count| Rails.cache.write("check_cached_field:Project:#{pid}:medias_count", count) }
   end
 
-  def self.privacy_for_role(team = Team.current, user = User.current)
-    role = user && team ? user.role(team) : ''
-    { 'editor' => PrivacySettings::EDITORS, 'admin' => PrivacySettings::ADMINS }[role] || PrivacySettings::ALL
-  end
-
   def before_destroy_later
     self.move_project_medias
   end

diff --git a/app/models/project_media.rb b/app/models/project_media.rb
@@ -353,11 +353,6 @@ def feed_columns_values
     values
   end
 
-  def user_can_see_project?(user = User.current)
-    project = self.project
-    project.nil? || project.privacy <= Project.privacy_for_role(project.team, user)
-  end
-
   # FIXME: Required by GraphQL API
   def claim_descriptions
     self.claim_description ? [self.claim_description] : []

diff --git a/app/models/relationship.rb b/app/models/relationship.rb
@@ -319,7 +319,7 @@ def move_to_same_project_as_main
     if (self.is_confirmed? || self.is_suggested?) && secondary && main && secondary.project_id != main.project_id
       secondary.project_id = main.project_id
       secondary.save!
-      CheckNotification::InfoMessages.send('moved_to_private_folder', item_title: secondary.title) unless secondary.reload.user_can_see_project?(secondary.user)
+      CheckNotification::InfoMessages.send('moved_to_private_folder', item_title: secondary.title)
     end
   end
 

diff --git a/app/models/team.rb b/app/models/team.rb
@@ -54,7 +54,7 @@ def members_count
   end
 
   def projects_count
-    self.projects.allowed(self).permissioned.count
+    self.projects.permissioned.count
   end
 
   def as_json(_options = {})
@@ -63,7 +63,7 @@ def as_json(_options = {})
       id: self.team_graphql_id,
       avatar: self.avatar,
       name: self.name,
-      projects: self.recent_projects.allowed(team),
+      projects: self.recent_projects,
       slug: self.slug
     }
   end

diff --git a/lib/check_basic_abilities.rb b/lib/check_basic_abilities.rb
@@ -82,7 +82,7 @@ def extra_perms_for_all_users
     can :read, Account, source: { user_id: [@user.id, nil] }
     can :read, Relationship, { source: { team_id: @user.cached_teams }, target: { team_id: @user.cached_teams } }
     can :read, ProjectMedia do |obj|
-      (!obj.team.private || @user.cached_teams.include?(obj.team.id)) && obj.user_can_see_project?(@user)
+      !obj.team.private || @user.cached_teams.include?(obj.team.id)
     end
 
     can :read, Cluster do |obj|

diff --git a/lib/check_search.rb b/lib/check_search.rb
@@ -351,10 +351,9 @@ def adjust_project_filter
       # Invalidate the search if empty... otherwise, adjust the projects filter
       @options['projects'] = project_ids.empty? ? [0] : project_ids
     end
-    # Also, adjust projects filter taking projects' privacy settings into account
     if Team.current && !feed_query? && [@options['team_id']].flatten.size == 1
       t = Team.find([@options['team_id']].flatten.first)
-      @options['projects'] = @options['projects'].blank? ? (Project.where(team_id: t.id).allowed(t).map(&:id) + [nil]) : Project.where(id: @options['projects']).allowed(t).map(&:id)
+      @options['projects'] = @options['projects'].blank? ? (Project.where(team_id: t.id).map(&:id) + [nil]) : Project.where(id: @options['projects'], team_id: t.id).map(&:id)
     end
     @options['projects'] += [nil] if @options['none_project']
   end