From: Jean-Baptiste Barth Date: Wed, 29 Sep 2010 05:22:45 +0000 (+0000) Subject: Added ability to specify multiple projects in User#allowed_to? (#5332) X-Git-Tag: 1.1.0~308 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=e8f3dd07dd8462d8d80948d5c8f094bdcc966d9a;p=redmine.git Added ability to specify multiple projects in User#allowed_to? (#5332) git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4227 e93f8b46-1217-0410-a6f0-8f06a7374b81 --- diff --git a/app/models/user.rb b/app/models/user.rb index 638e5f7bd..4b65b3d11 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -344,12 +344,17 @@ class User < Principal !roles_for_project(project).detect {|role| role.member?}.nil? end - # Return true if the user is allowed to do the specified action on project - # action can be: + # Return true if the user is allowed to do the specified action on a specific context + # Action can be: # * a parameter-like Hash (eg. :controller => 'projects', :action => 'edit') # * a permission Symbol (eg. :edit_project) + # Context can be: + # * a project : returns true if user is allowed to do the specified action on this project + # * a group of projects : returns true if user is allowed on every project + # * nil with options[:global] set : check if user has at least one role allowed for this action, + # or falls back to Non Member / Anonymous permissions depending if the user is logged def allowed_to?(action, project, options={}) - if project + if project && project.is_a?(Project) # No action allowed on archived projects return false unless project.active? # No action allowed on disabled modules @@ -361,6 +366,11 @@ class User < Principal return false unless roles roles.detect {|role| (project.is_public? || role.member?) && role.allowed_to?(action)} + elsif project && project.is_a?(Array) + # Authorize if user is authorized on every element of the array + project.inject do |memo,p| + memo && allowed_to?(action,p,options) + end elsif options[:global] # Admin users are always authorized return true if admin? diff --git a/test/unit/user_test.rb b/test/unit/user_test.rb index f3e56ddd3..b451c1e6b 100644 --- a/test/unit/user_test.rb +++ b/test/unit/user_test.rb @@ -396,6 +396,19 @@ class UserTest < ActiveSupport::TestCase assert ! @dlopper.allowed_to?(:delete_messages, project) #Developper end end + + context "with multiple projects" do + should "return false if array is empty" do + assert ! @admin.allowed_to?(:view_project, []) + end + + should "return true only if user has permission on all these projects" do + assert @admin.allowed_to?(:view_project, Project.all) + assert ! @dlopper.allowed_to?(:view_project, Project.all) #cannot see Project(2) + assert @jsmith.allowed_to?(:edit_issues, @jsmith.projects) #Manager or Developer everywhere + assert ! @jsmith.allowed_to?(:delete_issue_watchers, @jsmith.projects) #Dev cannot delete_issue_watchers + end + end context "with options[:global]" do should "authorize if user has at least one role that has this permission" do