Allow Team Managers to create (and own) Scripts

CHANGELOG.md

@@ -17,6 +17,7 @@ For upgrade instructions, please check the [migration guide](MIGRATIONS.md).
 
 ### Changed
 
+- Team managers are now also allowed to create and own scripts. [#3676](https://github.com/scalableminds/webknossos/pull/3676)
 - Statistics are now separated by organization, rather than showing the webKnossos instance’s totals. [#3663](https://github.com/scalableminds/webknossos/pull/3663)
 
 ### Fixed

app/assets/javascripts/admin/admin_rest_api.js

@@ -127,6 +127,13 @@ export async function getUsers(): Promise<Array<APIUser>> {
   return users;
 }
 
+export async function getTeamManagerOrAdminUsers(): Promise<Array<APIUser>> {
+  const users = await Request.receiveJSON("/api/users?isTeamManagerOrAdmin=true");
+  assertResponseLimit(users);
+
+  return users;
+}
+
 export async function getAdminUsers(): Promise<Array<APIUser>> {
   const users = await Request.receiveJSON("/api/users?isAdmin=true");
   assertResponseLimit(users);

app/assets/javascripts/admin/scripts/script_create_view.js

@@ -7,7 +7,12 @@ import React from "react";
 import type { APIUser } from "admin/api_flow_types";
 import type { OxalisState } from "oxalis/store";
 import { enforceActiveUser } from "oxalis/model/accessors/user_accessor";
-import { getAdminUsers, updateScript, createScript, getScript } from "admin/admin_rest_api";
+import {
+  getTeamManagerOrAdminUsers,
+  updateScript,
+  createScript,
+  getScript,
+} from "admin/admin_rest_api";
 
 const FormItem = Form.Item;
 const Option = Select.Option;
@@ -37,7 +42,7 @@ class ScriptCreateView extends React.PureComponent<Props, State> {
   }
 
   async fetchData() {
-    const users = await getAdminUsers();
+    const users = await getTeamManagerOrAdminUsers();
     this.setState({ users: users.filter(user => user.isActive) });
   }
 

app/controllers/ScriptController.scala

@@ -5,6 +5,7 @@ import com.scalableminds.util.tools.{Fox, FoxImplicits}
 import models.task._
 import oxalis.security.WkEnv
 import com.mohiva.play.silhouette.api.Silhouette
+import models.user.UserService
 import play.api.libs.functional.syntax._
 import play.api.libs.json.Reads._
 import play.api.libs.json._
@@ -15,6 +16,7 @@ import scala.concurrent.ExecutionContext
 class ScriptController @Inject()(scriptDAO: ScriptDAO,
                                  taskDAO: TaskDAO,
                                  scriptService: ScriptService,
+                                 userService: UserService,
                                  sil: Silhouette[WkEnv])(implicit ec: ExecutionContext)
     extends Controller
     with FoxImplicits {
@@ -27,7 +29,8 @@ class ScriptController @Inject()(scriptDAO: ScriptDAO,
   def create = sil.SecuredAction.async(parse.json) { implicit request =>
     withJsonBodyUsing(scriptPublicReads) { script =>
       for {
-        _ <- bool2Fox(request.identity.isAdmin) ?~> "notAllowed"
+        isTeamManagerOrAdmin <- userService.isTeamManagerOrAdminOfOrg(request.identity, request.identity._organization)
+        _ <- bool2Fox(isTeamManagerOrAdmin) ?~> "notAllowed"
         _ <- scriptDAO.insertOne(script)
         js <- scriptService.publicWrites(script) ?~> "script.write.failed"
       } yield {

app/controllers/UserController.scala

@@ -184,6 +184,12 @@ class UserController @Inject()(userService: UserService,
       Filter("isEditable",
              (value: Boolean, el: User) =>
                for { isEditable <- userService.isEditableBy(el, request.identity) } yield isEditable == value),
+      Filter(
+        "isTeamManagerOrAdmin",
+        (value: Boolean, el: User) =>
+          for { isTeamManagerOrAdmin <- userService.isTeamManagerOrAdminOfOrg(el, request.identity._organization) } yield
+            isTeamManagerOrAdmin == value
+      ),
       Filter("isAdmin", (value: Boolean, el: User) => Fox.successful(el.isAdmin == value))
     ) { filter =>
       for {