From cb738231a482dcd5c6d329f1ee22a035d427fe11 Mon Sep 17 00:00:00 2001 From: data-repo application owner Date: Thu, 28 Jan 2021 20:46:50 +0000 Subject: [PATCH 1/2] prevent non-admin users from creating collections and items prevent non-admins from creating new content. add notice to that effect --- app/assets/stylesheets/global.scss | 9 +++++++++ app/controllers/collections_controller.rb | 2 ++ app/controllers/generic_files_controller.rb | 5 +++++ app/models/ability.rb | 4 ++-- app/views/layouts/homepage.html.erb | 1 + app/views/layouts/sufia-dashboard.html.erb | 3 ++- app/views/layouts/sufia-one-column.html.erb | 3 ++- 7 files changed, 23 insertions(+), 4 deletions(-) diff --git a/app/assets/stylesheets/global.scss b/app/assets/stylesheets/global.scss index 05eb25b..e4d32a9 100755 --- a/app/assets/stylesheets/global.scss +++ b/app/assets/stylesheets/global.scss @@ -27,3 +27,12 @@ $link-blue: #0000cc; padding-left: 0; padding-right: 0; } +#transfer-notice { + padding: 10px; + font-size: 2.0rem; + color: white; + background-color: $hokie-maroon; + a, a:hover, a:visited { + color: white; + } +} diff --git a/app/controllers/collections_controller.rb b/app/controllers/collections_controller.rb index 75cc7e5..8e4b533 100644 --- a/app/controllers/collections_controller.rb +++ b/app/controllers/collections_controller.rb @@ -34,6 +34,8 @@ def show def new super flash[:notice] = nil + redirect_to sufia.dashboard_index_path, alert: "Sorry, you are not authorized to view that page" if (current_user.blank? || !current_user.admin?) + end def after_create diff --git a/app/controllers/generic_files_controller.rb b/app/controllers/generic_files_controller.rb index 6b6f685..3891c6f 100644 --- a/app/controllers/generic_files_controller.rb +++ b/app/controllers/generic_files_controller.rb @@ -37,4 +37,9 @@ def update end end + def new + super + redirect_to sufia.dashboard_index_path, alert: "Sorry, you are not authorized to view that page" if (current_user.blank? || !current_user.admin?) + end + end diff --git a/app/models/ability.rb b/app/models/ability.rb index f4a91ec..0b1bd17 100644 --- a/app/models/ability.rb +++ b/app/models/ability.rb @@ -16,11 +16,11 @@ def custom_permissions # can [:create], ActiveFedora::Base # end ezid_shoulder = Rails.application.secrets['doi']['default_shoulder'] - cannot [:update, :destroy], ::Collection do |c| + cannot [:create, :update, :destroy], ::Collection do |c| c.identifier.any? { |identifier| !identifier.blank? } end unless admin_user? - cannot [:update, :destroy], ::GenericFile do |g_f| + cannot [:create, :update, :destroy], ::GenericFile do |g_f| g_f.collections.any? { |c| c.identifier.any? { |identifier| !identifier.blank? } } end unless admin_user? diff --git a/app/views/layouts/homepage.html.erb b/app/views/layouts/homepage.html.erb index 4a71848..5ac7994 100644 --- a/app/views/layouts/homepage.html.erb +++ b/app/views/layouts/homepage.html.erb @@ -10,6 +10,7 @@
<%= render partial: '/masthead' %>
+
To publish a dataset on VTechData please contact vtechdata@vt.edu. The ability to create and edit data on VTechData is restricted as we move to a new repository platform.
<%= render partial: '/logo_title_row' %> <%= render partial: '/homepage/home_content_welcome' %> diff --git a/app/views/layouts/sufia-dashboard.html.erb b/app/views/layouts/sufia-dashboard.html.erb index bd42873..94a2a84 100755 --- a/app/views/layouts/sufia-dashboard.html.erb +++ b/app/views/layouts/sufia-dashboard.html.erb @@ -8,7 +8,8 @@ Skip to Content <%= render partial: '/masthead' %>
- <%= render partial: '/logo_title_row' %> +
To publish a dataset on VTechData please contact vtechdata@vt.edu. The ability to create and edit data on VTechData is restricted as we move to a new repository platform.
+ <%= render partial: '/logo_title_row' %>
<%= render partial: '/catalog/search_form' %> diff --git a/app/views/layouts/sufia-one-column.html.erb b/app/views/layouts/sufia-one-column.html.erb index f204e65..93f2a5e 100644 --- a/app/views/layouts/sufia-one-column.html.erb +++ b/app/views/layouts/sufia-one-column.html.erb @@ -11,7 +11,8 @@ Skip to Content <%= render partial: '/masthead' %>
- <%= render partial: '/logo_title_row' %> +
To publish a dataset on VTechData please contact vtechdata@vt.edu. The ability to create and edit data on VTechData is restricted as we move to a new repository platform.
+ <%= render partial: '/logo_title_row' %>
<%= render partial: '/catalog/search_form' %> From a50cb99149e61aea33e9e7ba68e2da79782a340b Mon Sep 17 00:00:00 2001 From: Lee Hunter Date: Mon, 1 Feb 2021 20:08:27 +0000 Subject: [PATCH 2/2] redirect non-admins away from generic_files and collections edit pages and all dashboard pages --- app/controllers/collections_controller.rb | 7 ++++++- app/controllers/dashboard_controller.rb | 5 +++++ app/controllers/generic_files_controller.rb | 3 ++- 3 files changed, 13 insertions(+), 2 deletions(-) diff --git a/app/controllers/collections_controller.rb b/app/controllers/collections_controller.rb index 8e4b533..5dd5f68 100644 --- a/app/controllers/collections_controller.rb +++ b/app/controllers/collections_controller.rb @@ -34,7 +34,7 @@ def show def new super flash[:notice] = nil - redirect_to sufia.dashboard_index_path, alert: "Sorry, you are not authorized to view that page" if (current_user.blank? || !current_user.admin?) + redirect_to root_path, alert: "Sorry, you are not authorized to view that page" if (current_user.blank? || !current_user.admin?) end @@ -79,6 +79,11 @@ def create end end + def edit + super + redirect_to root_path, alert: "Sorry, you are not authorized to view that page" if (current_user.blank? || !current_user.admin?) + end + def update process_member_changes if @collection.update(collection_params.except(:members)) diff --git a/app/controllers/dashboard_controller.rb b/app/controllers/dashboard_controller.rb index f224d69..0179c4f 100644 --- a/app/controllers/dashboard_controller.rb +++ b/app/controllers/dashboard_controller.rb @@ -1,9 +1,14 @@ class DashboardController < ApplicationController include Sufia::DashboardControllerBehavior + before_action :non_admin_redirect + def admin_metadata_download Sufia.queue.push(AdminMetadataExportJob.new(request.base_url, current_user)) redirect_to sufia.dashboard_index_path, notice: 'Your export is running in the background. You should receive an email when it is complete.' end + def non_admin_redirect + redirect_to root_path, alert: "Sorry, you are not authorized to view that page" if (current_user.blank? || !current_user.admin?) + end end diff --git a/app/controllers/generic_files_controller.rb b/app/controllers/generic_files_controller.rb index 3891c6f..bff5198 100644 --- a/app/controllers/generic_files_controller.rb +++ b/app/controllers/generic_files_controller.rb @@ -9,6 +9,7 @@ class GenericFilesController < ApplicationController def edit super + redirect_to root_path, alert: "Sorry, you are not authorized to view that page" if (current_user.blank? || !current_user.admin?) unless current_user.admin? self.edit_form_class.terms -= [:provenance] @provenance_display = "records/show_fields/provenance" @@ -39,7 +40,7 @@ def update def new super - redirect_to sufia.dashboard_index_path, alert: "Sorry, you are not authorized to view that page" if (current_user.blank? || !current_user.admin?) + redirect_to root_path, alert: "Sorry, you are not authorized to view that page" if (current_user.blank? || !current_user.admin?) end end