|
|
@@ -5,12 +5,12 @@ |
|
|
|
# modify it under the terms of the GNU General Public License |
|
|
|
# as published by the Free Software Foundation; either version 2 |
|
|
|
# of the License, or (at your option) any later version. |
|
|
|
# |
|
|
|
# |
|
|
|
# This program is distributed in the hope that it will be useful, |
|
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
|
|
# GNU General Public License for more details. |
|
|
|
# |
|
|
|
# |
|
|
|
# You should have received a copy of the GNU General Public License |
|
|
|
# along with this program; if not, write to the Free Software |
|
|
|
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
|
|
@@ -19,7 +19,7 @@ class Role < ActiveRecord::Base |
|
|
|
# Built-in roles |
|
|
|
BUILTIN_NON_MEMBER = 1 |
|
|
|
BUILTIN_ANONYMOUS = 2 |
|
|
|
|
|
|
|
|
|
|
|
ISSUES_VISIBILITY_OPTIONS = [ |
|
|
|
['all', :label_issues_visibility_all], |
|
|
|
['default', :label_issues_visibility_public], |
|
|
@@ -31,18 +31,18 @@ class Role < ActiveRecord::Base |
|
|
|
compare = 'not' if args.first == true |
|
|
|
{ :conditions => "#{compare} builtin = 0" } |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
before_destroy :check_deletable |
|
|
|
has_many :workflows, :dependent => :delete_all do |
|
|
|
def copy(source_role) |
|
|
|
Workflow.copy(nil, source_role, nil, proxy_owner) |
|
|
|
end |
|
|
|
end |
|
|
|
|
|
|
|
|
|
|
|
has_many :member_roles, :dependent => :destroy |
|
|
|
has_many :members, :through => :member_roles |
|
|
|
acts_as_list |
|
|
|
|
|
|
|
|
|
|
|
serialize :permissions, Array |
|
|
|
attr_protected :builtin |
|
|
|
|
|
|
@@ -52,11 +52,11 @@ class Role < ActiveRecord::Base |
|
|
|
validates_inclusion_of :issues_visibility, |
|
|
|
:in => ISSUES_VISIBILITY_OPTIONS.collect(&:first), |
|
|
|
:if => lambda {|role| role.respond_to?(:issues_visibility)} |
|
|
|
|
|
|
|
|
|
|
|
def permissions |
|
|
|
read_attribute(:permissions) || [] |
|
|
|
end |
|
|
|
|
|
|
|
|
|
|
|
def permissions=(perms) |
|
|
|
perms = perms.collect {|p| p.to_sym unless p.blank? }.compact.uniq if perms |
|
|
|
write_attribute(:permissions, perms) |
|
|
@@ -79,20 +79,20 @@ class Role < ActiveRecord::Base |
|
|
|
perms.each { |p| permissions.delete(p.to_sym) } |
|
|
|
save! |
|
|
|
end |
|
|
|
|
|
|
|
|
|
|
|
# Returns true if the role has the given permission |
|
|
|
def has_permission?(perm) |
|
|
|
!permissions.nil? && permissions.include?(perm.to_sym) |
|
|
|
end |
|
|
|
|
|
|
|
|
|
|
|
def <=>(role) |
|
|
|
role ? position <=> role.position : -1 |
|
|
|
end |
|
|
|
|
|
|
|
|
|
|
|
def to_s |
|
|
|
name |
|
|
|
end |
|
|
|
|
|
|
|
|
|
|
|
def name |
|
|
|
case builtin |
|
|
|
when 1; l(:label_role_non_member, :default => read_attribute(:name)) |
|
|
@@ -100,17 +100,17 @@ class Role < ActiveRecord::Base |
|
|
|
else; read_attribute(:name) |
|
|
|
end |
|
|
|
end |
|
|
|
|
|
|
|
|
|
|
|
# Return true if the role is a builtin role |
|
|
|
def builtin? |
|
|
|
self.builtin != 0 |
|
|
|
end |
|
|
|
|
|
|
|
|
|
|
|
# Return true if the role is a project member role |
|
|
|
def member? |
|
|
|
!self.builtin? |
|
|
|
end |
|
|
|
|
|
|
|
|
|
|
|
# Return true if role is allowed to do the specified action |
|
|
|
# action can be: |
|
|
|
# * a parameter-like Hash (eg. :controller => 'projects', :action => 'edit') |
|
|
@@ -122,7 +122,7 @@ class Role < ActiveRecord::Base |
|
|
|
allowed_permissions.include? action |
|
|
|
end |
|
|
|
end |
|
|
|
|
|
|
|
|
|
|
|
# Return all the permissions that can be given to the role |
|
|
|
def setable_permissions |
|
|
|
setable_permissions = Redmine::AccessControl.permissions - Redmine::AccessControl.public_permissions |
|
|
@@ -147,9 +147,9 @@ class Role < ActiveRecord::Base |
|
|
|
def self.anonymous |
|
|
|
find_or_create_system_role(BUILTIN_ANONYMOUS, 'Anonymous') |
|
|
|
end |
|
|
|
|
|
|
|
|
|
|
|
private |
|
|
|
|
|
|
|
|
|
|
|
def allowed_permissions |
|
|
|
@allowed_permissions ||= permissions + Redmine::AccessControl.public_permissions.collect {|p| p.name} |
|
|
|
end |
|
|
@@ -157,12 +157,12 @@ private |
|
|
|
def allowed_actions |
|
|
|
@actions_allowed ||= allowed_permissions.inject([]) { |actions, permission| actions += Redmine::AccessControl.allowed_actions(permission) }.flatten |
|
|
|
end |
|
|
|
|
|
|
|
|
|
|
|
def check_deletable |
|
|
|
raise "Can't delete role" if members.any? |
|
|
|
raise "Can't delete builtin role" if builtin? |
|
|
|
end |
|
|
|
|
|
|
|
|
|
|
|
def self.find_or_create_system_role(builtin, name) |
|
|
|
role = first(:conditions => {:builtin => builtin}) |
|
|
|
if role.nil? |