# * a group of projects : returns true if user is allowed on every project
# * nil with options[:global] set : check if user has at least one role allowed for this action,
# or falls back to Non Member / Anonymous permissions depending if the user is logged
- def allowed_to?(action, project, options={})
- if project && project.is_a?(Project)
+ def allowed_to?(action, context, options={})
+ if context && context.is_a?(Project)
# No action allowed on archived projects
- return false unless project.active?
+ return false unless context.active?
# No action allowed on disabled modules
- return false unless project.allows_to?(action)
+ return false unless context.allows_to?(action)
# Admin users are authorized for anything else
return true if admin?
- roles = roles_for_project(project)
+ roles = roles_for_project(context)
return false unless roles
- roles.detect {|role| (project.is_public? || role.member?) && role.allowed_to?(action)}
+ roles.detect {|role| (context.is_public? || role.member?) && role.allowed_to?(action)}
- elsif project && project.is_a?(Array)
+ elsif context && context.is_a?(Array)
# Authorize if user is authorized on every element of the array
- project.map do |p|
- allowed_to?(action,p,options)
- end.inject do |memo,p|
- memo && p
+ context.map do |project|
+ allowed_to?(action,project,options)
+ end.inject do |memo,allowed|
+ memo && allowed
end
elsif options[:global]
# Admin users are always authorized
projects / redmine.git / commitdiff