From 4f825bb6e35e98dbd144219e31b8724bce9f48bf Mon Sep 17 00:00:00 2001
From: John Ferlito <johnf@inodes.org>
Date: Sat, 4 May 2024 12:28:43 +1000
Subject: [PATCH] Update delete permissions and set button red

---
 Rakefile                                  |  2 +-
 app/assets/stylesheets/_layout_style.scss |  5 ++++
 app/models/ability.rb                     |  6 ++--
 app/views/collections/show.html.haml      | 15 ++++++----
 app/views/essences/show.html.haml         |  4 +--
 app/views/items/show.html.haml            | 18 ++++++------
 config/environments/development.rb        |  5 ++++
 docker/app.dev.Dockerfile                 | 34 -----------------------
 8 files changed, 35 insertions(+), 54 deletions(-)

diff --git a/Rakefile b/Rakefile
index e37f06dc..b9533718 100644
--- a/Rakefile
+++ b/Rakefile
@@ -3,6 +3,6 @@
 
 require 'dotenv/tasks'
 
-require_relative "config/application"
+require_relative 'config/application'
 
 Rails.application.load_tasks
diff --git a/app/assets/stylesheets/_layout_style.scss b/app/assets/stylesheets/_layout_style.scss
index 6a4ba9e0..7c74f706 100644
--- a/app/assets/stylesheets/_layout_style.scss
+++ b/app/assets/stylesheets/_layout_style.scss
@@ -403,6 +403,11 @@ body.bp {
     height: 30px;
   }
 
+  .button-red {
+    background-color: #DC2626;
+    color: white;
+  }
+
   .left {
     float: left;
   }
diff --git a/app/models/ability.rb b/app/models/ability.rb
index bfbf92fa..99f181c3 100644
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -54,9 +54,9 @@ def initialize(user)
     # Only collection_admins can manage a collection
     can :read,   Collection, items: { item_users: { user_id: user.id } }
     can :read,   Collection, items: { item_admins: { user_id: user.id } }
-    can :manage, Collection, collection_admins: { user_id: user.id }
-    can :update, Collection, operator_id: user.id
-    can :update, Collection, collector_id: user.id
+    can %i[read update], Collection, collection_admins: { user_id: user.id }
+    can %i[read update], Collection, operator_id: user.id
+    can %i[read update], Collection, collector_id: user.id
 
     # Only admins can create a collection
     cannot :create, Collection
diff --git a/app/views/collections/show.html.haml b/app/views/collections/show.html.haml
index 62eda184..3e5e932c 100644
--- a/app/views/collections/show.html.haml
+++ b/app/views/collections/show.html.haml
@@ -6,7 +6,7 @@
     =link_to 'Return To Results', session[:search_from].merge(session[:search_params]), :class => 'button'
 
 .right
-  - if can? :manage, @collection
+  - if can? :update, @collection
     = link_to 'Edit collection', edit_collection_path(@collection), :class => 'button'
 
 .clear
@@ -194,13 +194,16 @@
           %td= number_to_human @num_essences
 
 
-    .right
-      -if @collection.items.any?
+  .right
+    - if can? :destroy, Collection
+      - if @collection.items.any?
         %p.delete-warning
           %strong This collection contains items! If you choose to delete it they will be deleted too, as well as any content files they contain. This action can not be undone!
-        = button_to 'Delete collection and contents', collection_path(@collection), :method => :delete, :data => { :confirm_delete_message => 'Do you really want to delete this collection and all of its items?' }
-      -else
-        = button_to 'Delete collection', collection_path(@collection), :method => :delete, :data => { :confirm_delete_message => 'Do you really want to delete this collection?' }
+        = button_to 'Delete collection and contents', collection_path(@collection), :method => :delete, :data => { :confirm_delete_message => 'Do you really want to delete this collection and all of its items?' }, :class => 'button-red'
+      - else
+        = button_to 'Delete collection', collection_path(@collection), :method => :delete, :data => { :confirm_delete_message => 'Do you really want to delete this collection?' }, :class => 'button-red'
+
+    - if can? :update, Collection
       = link_to 'Edit collection', edit_collection_path(@collection), :class => 'button right'
 
 = render partial: 'terms/licence_footer', locals: {all_work: false}
diff --git a/app/views/essences/show.html.haml b/app/views/essences/show.html.haml
index 1f3eb753..b5a40fc9 100644
--- a/app/views/essences/show.html.haml
+++ b/app/views/essences/show.html.haml
@@ -95,8 +95,8 @@
           To request access, contact
           =link_to 'admin@paradisec.org.au', 'mailto:admin@paradisec.org.au'
 
-  - if admin_user_signed_in?
+  - if can? :destroy, @essence
     .right
-      = button_to 'Delete essence', collection_item_essence_path(@collection, @item, @essence), :method => :delete, :data => { :confirm_delete_message => 'Do you really want to delete this file and its metadata from the archive (no undo possible)?' }
+      = button_to 'Delete essence', collection_item_essence_path(@collection, @item, @essence), :method => :delete, :data => { :confirm_delete_message => 'Do you really want to delete this file and its metadata from the archive (no undo possible)?' }, :class => 'button-red'
 
 = render partial: 'terms/licence_footer', locals: {all_work: false}
diff --git a/app/views/items/show.html.haml b/app/views/items/show.html.haml
index 0c1be970..4d8ea22a 100644
--- a/app/views/items/show.html.haml
+++ b/app/views/items/show.html.haml
@@ -292,14 +292,16 @@
     = render :partial => 'comments/new', :locals => { :item => @item }
     = render :partial => 'comments/comments', :locals => {:comments => @item.comments.approved}
 
-  - if can? :update, @item
     .right
-      -if @item.essences.any?
-        %p.delete-warning
-          %strong This item contains content files. If you choose to delete it, they will be deleted too and this action can not be undone!
-        = button_to 'Delete item and contents', collection_item_path(@collection, @item), :method => :delete, :data => { :confirm_delete_message => 'Do you really want to delete this item and all of its content files?' }
-      -else
-        = button_to 'Delete item', collection_item_path(@collection, @item), :method => :delete, :data => { :confirm_delete_message => 'Do you really want to delete this item?' }
-      = link_to 'Edit item', edit_collection_item_path(@collection, @item), :class => 'button right', style: 'margin-left: 0.4rem;'
+      - if can? :destroy, @item
+        - if @item.essences.any?
+          %p.delete-warning
+            %strong This item contains content files. If you choose to delete it, they will be deleted too and this action can not be undone!
+          = button_to 'Delete item and contents', collection_item_path(@collection, @item), :method => :delete, :data => { :confirm_delete_message => 'Do you really want to delete this item and all of its content files?' }, :class => 'button-red'
+        - else
+          = button_to 'Delete item', collection_item_path(@collection, @item), :method => :delete, :data => { :confirm_delete_message => 'Do you really want to delete this item?' }, :class => 'button-red'
+
+      - if can? :update, @item
+        = link_to 'Edit item', edit_collection_item_path(@collection, @item), :class => 'button right', style: 'margin-left: 0.4rem;'
 
 = render partial: 'terms/licence_footer', locals: {all_work: false}
diff --git a/config/environments/development.rb b/config/environments/development.rb
index d12a3991..369bbeae 100644
--- a/config/environments/development.rb
+++ b/config/environments/development.rb
@@ -83,4 +83,9 @@
   # Show emails in the browser
   config.action_mailer.delivery_method = :letter_opener
   config.action_mailer.perform_deliveries = true
+
+  config.web_console.permissions = ['192.168.88.150', '172.18.0.3']
+
+  # NOTE: Not sure why we need this and the magic isn't happening by itself
+  config.assets.digest = false
 end
diff --git a/docker/app.dev.Dockerfile b/docker/app.dev.Dockerfile
index b01f589c..970d608e 100644
--- a/docker/app.dev.Dockerfile
+++ b/docker/app.dev.Dockerfile
@@ -34,37 +34,3 @@ ENTRYPOINT ["/rails/bin/docker-entrypoint"]
 # Start the server by default, this can be overwritten at runtime
 EXPOSE 3000
 CMD ["./bin/rails", "server"]
-
-
-# RUN cd /tmp \
-# && curl -s "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" \
-# && unzip -q awscliv2.zip \
-# && ./aws/install \
-# && rm -rf /tmp/awscliv2.zip /tmp/aws \
-# && curl "https://s3.amazonaws.com/session-manager-downloads/plugin/latest/ubuntu_64bit/session-manager-plugin.deb" -o "session-manager-plugin.deb" \
-# && dpkg -i session-manager-plugin.deb
-# Stuff we might need
-# net-tools \
-# ruby-kgio \
-# git-core \
-# curl \
-# zlib1g-dev \
-# build-essential \
-# libssl-dev \
-# libreadline-dev \
-# libsqlite3-dev \
-# sqlite3 \
-# libxml2-dev \
-# libxslt1-dev \
-# software-properties-common \
-# libffi-dev \
-# nodejs \
-# openjdk-17-jre \
-# wget \
-# npm
-
-
-# Chrome for headless testing
-# RUN wget -q https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb
-# RUN apt-get -y install ./google-chrome-stable_current_amd64.deb
-