From 08103b61a03d0dbcfca25475f09326be00af8a8e Mon Sep 17 00:00:00 2001
From: pabois <pierreandre.boissinot@noesya.coop>
Date: Thu, 3 Feb 2022 14:00:36 +0100
Subject: [PATCH] roles

---
 app/models/ability.rb                                      | 3 +++
 app/views/admin/education/program/roles/index.html.erb     | 2 +-
 app/views/admin/education/program/teachers/_list.html.erb  | 2 +-
 app/views/admin/education/programs/show/_roles.html.erb    | 2 +-
 app/views/admin/education/programs/show/_teachers.html.erb | 2 +-
 app/views/admin/university/people/_list.html.erb           | 4 ++--
 6 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/app/models/ability.rb b/app/models/ability.rb
index 31123452e..0a189db00 100644
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -32,9 +32,12 @@ class Ability
 
   def teacher
     can :manage, University::Person, user_id: @user.id
+    # can :read, University::Person, university_id: @user.university_id
+    cannot :create, University::Person
     can :read, Education::Program, university_id: @user.university_id
     can :read, University::Role, university_id: @user.university_id
     can :manage, University::Person::Involvement, person_id: @user.person&.id
+    can :read, University::Person::Involvement, university_id: @user.university_id
   end
 
   def program_manager
diff --git a/app/views/admin/education/program/roles/index.html.erb b/app/views/admin/education/program/roles/index.html.erb
index 0587a753e..fa4e8a549 100644
--- a/app/views/admin/education/program/roles/index.html.erb
+++ b/app/views/admin/education/program/roles/index.html.erb
@@ -2,5 +2,5 @@
 <%= render 'admin/education/program/roles/list', roles: @roles %>
 
 <% content_for :action_bar_right do %>
-  <%= link_to t('add'), new_admin_education_program_role_path(program_id: @program.id), class: button_classes %>
+  <%= link_to t('add'), new_admin_education_program_role_path(program_id: @program.id), class: button_classes if can? :create, University::Role %>
 <% end %>
diff --git a/app/views/admin/education/program/teachers/_list.html.erb b/app/views/admin/education/program/teachers/_list.html.erb
index 58fb98d07..ce1593838 100644
--- a/app/views/admin/education/program/teachers/_list.html.erb
+++ b/app/views/admin/education/program/teachers/_list.html.erb
@@ -11,7 +11,7 @@
       <% involvements.each do |involvement| %>
         <tr>
           <td class="ps-0">
-            <%= involvement %>
+            <%= link_to_if can?(:read, involvement.person), involvement.person.to_s, admin_university_person_path(involvement.person) %>
           </td>
           <td><%= involvement.description %></td>
           <td class="text-end pe-0">
diff --git a/app/views/admin/education/programs/show/_roles.html.erb b/app/views/admin/education/programs/show/_roles.html.erb
index fdafdb823..55828eecf 100644
--- a/app/views/admin/education/programs/show/_roles.html.erb
+++ b/app/views/admin/education/programs/show/_roles.html.erb
@@ -20,7 +20,7 @@
                             role,
                             admin_education_program_role_path(role, { program_id: @program.id }) %>
           </td>
-          <td><%= role.involvements.includes(:person).ordered.map { |involvement| involvement.person.to_s }.to_sentence %></td>
+          <td><%= role.involvements.includes(:person).ordered.map { |involvement| link_to_if can?(:read, involvement.person), involvement.person.to_s, admin_university_person_path(involvement.person) }.to_sentence.html_safe %></td>
         </tr>
       <% end %>
     </tbody>
diff --git a/app/views/admin/education/programs/show/_teachers.html.erb b/app/views/admin/education/programs/show/_teachers.html.erb
index c66520fe4..b222ae5d2 100644
--- a/app/views/admin/education/programs/show/_teachers.html.erb
+++ b/app/views/admin/education/programs/show/_teachers.html.erb
@@ -16,7 +16,7 @@
       <% @teacher_involvements.each do |involvement| %>
         <tr>
           <td class="ps-0">
-            <%= involvement %>
+            <%= link_to_if can?(:read, involvement.person), involvement.person.to_s, admin_university_person_path(involvement.person) %>
           </td>
           <td><%= involvement.description %></td>
         </tr>
diff --git a/app/views/admin/university/people/_list.html.erb b/app/views/admin/university/people/_list.html.erb
index d7e02ab29..621853564 100644
--- a/app/views/admin/university/people/_list.html.erb
+++ b/app/views/admin/university/people/_list.html.erb
@@ -15,12 +15,12 @@
           <div class="btn-group" role="group">
             <%= link_to t('edit'),
                       edit_admin_university_person_path(person),
-                      class: button_classes %>
+                      class: button_classes if can?(:update, person) %>
             <%= link_to t('delete'),
                       admin_university_person_path(person),
                       method: :delete,
                       data: { confirm: t('please_confirm') },
-                      class: button_classes_danger %>
+                      class: button_classes_danger if can?(:destroy, person) %>
           </div>
         </td>
       </tr>
-- 
GitLab