Merge pull request #255 from LabKey/fb_merge_25.3_to_develop

bbimber · web-flow · commit 167dd6457cff · 2025-07-02T15:34:58.000-07:00
Merge discvr-25.3 to develop
diff --git a/mcc/resources/queries/mcc/animalRequests.js b/mcc/resources/queries/mcc/animalRequests.js
@@ -36,9 +36,18 @@ function beforeUpsert(row, oldRow, errors) {
 
     row.status = row.status || 'Draft'
 
-    if (!triggerHelper.hasPermission(row.status)) {
-        errors._form = 'Insufficient permissions to update request with status: ' + row.status;
+    // This logic here is that the user needs update permissions on the original status, and insert permissions to the new one:
+    if (oldRow) {
+        if (oldRow.status && !triggerHelper.hasUpdatePermission(oldRow.status)) {
+            errors._form = 'Insufficient permissions to update request with status: ' + row.status;
+        }
+        else if (!oldRow.status) {
+            console.error('MCC request being submitted without a value for oldRow.status!')
+        }
+    }
 
+    if (!triggerHelper.hasInsertPermission(row.status)) {
+        errors._form = 'Insufficient permissions to create request with status: ' + row.status;
     }
 }
 
@@ -72,6 +81,7 @@ function beforeDelete(row, errors){
         return;
     }
 
+    //
     if (!triggerHelper.hasPermission(row.status)) {
         errors._form = 'Insufficient permissions to delete this request';
         return;
diff --git a/mcc/src/org/labkey/mcc/MccManager.java b/mcc/src/org/labkey/mcc/MccManager.java
@@ -50,26 +50,38 @@ public enum RequestStatus
         Submitted(2, "Submitted", MccRequestorPermission.class),
         RabReview(3, "RAB Review", MccRequestAdminPermission.class),
         PendingDecision(4, "Decision Pending", MccFinalReviewPermission.class),
-        Approved(5, "Approved", MccRequestAdminPermission.class),
-        Rejected(6, "Rejected", MccRequestAdminPermission.class),
+        Approved(5, "Approved", MccRequestAdminPermission.class, MccFinalReviewPermission.class),
+        Rejected(6, "Rejected", MccRequestAdminPermission.class, MccFinalReviewPermission.class),
         Processing(7, "Processing", MccRequestAdminPermission.class),
         Fulfilled(8, "Fulfilled", MccRequestAdminPermission.class),
         Withdrawn(9, "Withdrawn", MccRequestorPermission.class);
 
         int sortOrder;
         String label;
-        Class<? extends Permission> editPermission;
+        Class<? extends Permission> updatePermission;
+        Class<? extends Permission> insertPermission;
 
         RequestStatus(int sortOrder, String label, Class<? extends Permission> editPermission)
+        {
+            this(sortOrder, label, editPermission, editPermission);
+        }
+
+        RequestStatus(int sortOrder, String label, Class<? extends Permission> updatePermission, Class<? extends Permission> insertPermission)
         {
             this.sortOrder = sortOrder;
             this.label = label;
-            this.editPermission = editPermission;
+            this.updatePermission = updatePermission;
+            this.insertPermission= insertPermission;
+        }
+
+        public boolean canUpdate(User u, Container c)
+        {
+            return c.hasPermission(u, this.updatePermission);
         }
 
-        public boolean canEdit(User u, Container c)
+        public boolean canInsert(User u, Container c)
         {
-            return c.hasPermission(u, this.editPermission);
+            return c.hasPermission(u, this.insertPermission);
         }
 
         public String getLabel()
diff --git a/mcc/src/org/labkey/mcc/query/TriggerHelper.java b/mcc/src/org/labkey/mcc/query/TriggerHelper.java
@@ -212,11 +212,30 @@ public void cascadeDelete(String schemaName, String queryName, String keyField,
         }
     }
 
-    public boolean hasPermission(String status)
+    public boolean hasUpdatePermission(String status)
+    {
+        return hasPermission(status, false);
+    }
+
+    public boolean hasInsertPermission(String status)
+    {
+        return hasPermission(status, true);
+    }
+
+    private boolean hasPermission(String status, boolean forInsert)
     {
         try
         {
-            return MccManager.RequestStatus.resolveStatus(status).canEdit(_user, _container);
+            MccManager.RequestStatus s = MccManager.RequestStatus.resolveStatus(status);
+            if (forInsert)
+            {
+                return MccManager.RequestStatus.resolveStatus(status).canInsert(_user, _container);
+            }
+            else
+            {
+                return MccManager.RequestStatus.resolveStatus(status).canUpdate(_user, _container);
+            }
+
         }
         catch (IllegalArgumentException e)
         {

Original file line number	Diff line number	Diff line change
`@@ -212,11 +212,30 @@ public void cascadeDelete(String schemaName, String queryName, String keyField,`
`212`	`212`	`}`
`213`	`213`	`}`
`214`	`214`
`215`		`- public boolean hasPermission(String status)`
	`215`	`+ public boolean hasUpdatePermission(String status)`
	`216`	`+ {`
	`217`	`+ return hasPermission(status, false);`
	`218`	`+ }`
	`219`	`+`
	`220`	`+ public boolean hasInsertPermission(String status)`
	`221`	`+ {`
	`222`	`+ return hasPermission(status, true);`
	`223`	`+ }`
	`224`	`+`
	`225`	`+ private boolean hasPermission(String status, boolean forInsert)`
`216`	`226`	`{`
`217`	`227`	`try`
`218`	`228`	`{`
`219`		`- return MccManager.RequestStatus.resolveStatus(status).canEdit(_user, _container);`
	`229`	`+ MccManager.RequestStatus s = MccManager.RequestStatus.resolveStatus(status);`
	`230`	`+ if (forInsert)`
	`231`	`+ {`
	`232`	`+ return MccManager.RequestStatus.resolveStatus(status).canInsert(_user, _container);`
	`233`	`+ }`
	`234`	`+ else`
	`235`	`+ {`
	`236`	`+ return MccManager.RequestStatus.resolveStatus(status).canUpdate(_user, _container);`
	`237`	`+ }`
	`238`	`+`
`220`	`239`	`}`
`221`	`240`	`catch (IllegalArgumentException e)`
`222`	`241`	`{`