From 6dafc145aa6f6a843e6050bbf13e6be3c7a36093 Mon Sep 17 00:00:00 2001
From: Klaus Zanders <k.zanders@openproject.com>
Date: Wed, 26 Jun 2024 15:12:30 +0200
Subject: [PATCH] Fix loading of concern

---
 .../shares/work_packages/authorization.rb     | 52 -------------------
 app/controllers/shares_controller.rb          | 27 ++++++++--
 app/views/projects/index.html.erb             |  2 +-
 config/initializers/permissions.rb            |  2 +-
 config/routes.rb                              |  7 ++-
 5 files changed, 31 insertions(+), 59 deletions(-)
 delete mode 100644 app/controllers/concerns/shares/work_packages/authorization.rb

diff --git a/app/controllers/concerns/shares/work_packages/authorization.rb b/app/controllers/concerns/shares/work_packages/authorization.rb
deleted file mode 100644
index 32b4bf5f34e0..000000000000
--- a/app/controllers/concerns/shares/work_packages/authorization.rb
+++ /dev/null
@@ -1,52 +0,0 @@
-# frozen_string_literal: true
-
-# -- copyright
-# OpenProject is an open source project management software.
-# Copyright (C) 2010-2024 the OpenProject GmbH
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License version 3.
-#
-# OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows:
-# Copyright (C) 2006-2013 Jean-Philippe Lang
-# Copyright (C) 2010-2013 the ChiliProject Team
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
-#
-# See COPYRIGHT and LICENSE files for more details.
-# ++
-
-module Shares
-  module WorkPackages
-    module Authorization
-      extend ActiveSupport::Concern
-
-      included do
-        def sharing_manageable?
-          # TODO: Fix this to check based on the entity
-          case @entity
-          when WorkPackage
-            User.current.allowed_in_project?(:share_work_packages, @entity.project)
-          else
-            raise ArgumentError, <<~ERROR
-              Checking sharing capabilities for an unsupported entity:
-              - #{@entity.class}
-            ERROR
-          end
-        end
-      end
-    end
-  end
-end
diff --git a/app/controllers/shares_controller.rb b/app/controllers/shares_controller.rb
index e7c22b313a31..a7305b639ea4 100644
--- a/app/controllers/shares_controller.rb
+++ b/app/controllers/shares_controller.rb
@@ -29,16 +29,17 @@
 class SharesController < ApplicationController
   include OpTurbo::ComponentStream
   include OpTurbo::DialogStreamHelper
-  include Shares::WorkPackages::Authorization
   include MemberHelper
 
   before_action :load_entity
   before_action :load_shares, only: %i[index dialog]
   before_action :load_selected_shares, only: %i[bulk_update bulk_destroy]
   before_action :load_share, only: %i[destroy update resend_invite]
-  before_action :authorize
   before_action :enterprise_check, only: %i[index]
 
+  # TODO: Permission checks need to be implemented correctly depending on entity
+  before_action :authorize
+
   def dialog
     @sharing_manageable = sharing_manageable?
     @available_roles = available_roles
@@ -305,11 +306,16 @@ def respond_with_bulk_removed_shares
   def load_entity
     @entity = if params["work_package_id"]
                 WorkPackage.visible.find(params["work_package_id"])
-                # TODO: Add support for other entities
+              # TODO: Add support for other entities
+              elsif params["query_id"] && request.path.starts_with?("/projects/queries")
+                Queries::Projects::ProjectQuery.visible.find(params["query_id"])
               else
                 raise ArgumentError, <<~ERROR
                   Nested the SharesController under an entity controller that is not yet configured to support sharing.
                   Edit the SharesController#load_entity method to load the entity from the correct parent.
+
+                  Params: #{params.to_unsafe_h}
+                  Request Path: #{request.path}
                 ERROR
               end
 
@@ -381,4 +387,19 @@ def sharing_contract_scope
       Shares::WorkPackages
     end
   end
+
+  def sharing_manageable?
+    # TODO: Fix this to check based on the entity
+    case @entity
+    when WorkPackage
+      User.current.allowed_in_project?(:share_work_packages, @entity.project)
+    when Queries::Projects::ProjectQuery
+      @entity.editable?
+    else
+      raise ArgumentError, <<~ERROR
+        Checking sharing capabilities for an unsupported entity:
+        - #{@entity.class}
+      ERROR
+    end
+  end
 end
diff --git a/app/views/projects/index.html.erb b/app/views/projects/index.html.erb
index e4020a900f89..7c67b6aa1a6f 100644
--- a/app/views/projects/index.html.erb
+++ b/app/views/projects/index.html.erb
@@ -39,7 +39,7 @@ See COPYRIGHT and LICENSE files for more details.
   %>
   <%= render(Projects::IndexSubHeaderComponent.new(query:, current_user:, disable_buttons: state === :rename)) %>
   <%# TODO: Temporary %>
-  <%- if @query %>
+  <%- if @query.persisted? %>
     <%= render(Primer::Beta::Button.new(
   tag: :a,
   href: dialog_projects_query_members_path(@query),
diff --git a/config/initializers/permissions.rb b/config/initializers/permissions.rb
index 8b4ab0de9719..51abafd3c0be 100644
--- a/config/initializers/permissions.rb
+++ b/config/initializers/permissions.rb
@@ -331,7 +331,7 @@
       map.permission :share_work_packages,
                      {
                        members: %i[destroy_by_principal],
-                       shares: %i[index create destroy update resend_invite bulk_update bulk_destroy]
+                       shares: %i[dialog index create destroy update resend_invite bulk_update bulk_destroy]
                      },
                      permissible_on: :project,
                      dependencies: %i[edit_work_packages view_shared_work_packages],
diff --git a/config/routes.rb b/config/routes.rb
index 54471230ec61..ae4302ae1f1c 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -79,12 +79,13 @@
   # Shared route concerns
   # TODO: Add description how to configure controller to support shares
   concern :shareable do
-    resources :members, path: :shares, controller: "shares", only: %i[index create update destroy] do
+    resources :members, path: "shares", controller: "shares", only: %i[index create update destroy] do
       member do
         post "resend_invite" => "shares#resend_invite"
       end
 
       collection do
+        get :dialog, to: "shares#dialog"
         patch :bulk, to: "shares#bulk_update"
         put :bulk, to: "shares#bulk_update"
         delete :bulk, to: "shares#bulk_destroy"
@@ -536,7 +537,9 @@
     get "/bulk" => "bulk#destroy"
   end
 
-  resources :work_packages, only: [:index], concerns: [:shareable] do
+  resources :work_packages, only: [:index] do
+    concerns :shareable
+
     # move bulk of wps
     get "move/new" => "work_packages/moves#new", on: :collection, as: "new_move"
     post "move" => "work_packages/moves#create", on: :collection, as: "move"