mirrors
/
redmine
mirror of https://github.com/redmine/redmine.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 199 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
14060 Commits
33 Branches
Tree: e647e99b74
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'e647e99b74'
${ noResults }
redmine/lib/redmine/access_control.rb

access_control.rb 3.9KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137 
  1. # Redmine - project management software

  2. # Copyright (C) 2006-2017  Jean-Philippe Lang

  3. #

  4. # This program is free software; you can redistribute it and/or

  5. # modify it under the terms of the GNU General Public License

  6. # as published by the Free Software Foundation; either version 2

  7. # of the License, or (at your option) any later version.

  8. #

  9. # This program is distributed in the hope that it will be useful,

  10. # but WITHOUT ANY WARRANTY; without even the implied warranty of

  11. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

  12. # GNU General Public License for more details.

  13. #

  14. # You should have received a copy of the GNU General Public License

  15. # along with this program; if not, write to the Free Software

  16. # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

  17. 

  18. module Redmine

  19.   module AccessControl

  20. 

  21.     class << self

  22.       def map

  23.         mapper = Mapper.new

  24.         yield mapper

  25.         @permissions ||= []

  26.         @permissions += mapper.mapped_permissions

  27.       end

  28. 

  29.       def permissions

  30.         @permissions

  31.       end

  32. 

  33.       # Returns the permission of given name or nil if it wasn't found

  34.       # Argument should be a symbol

  35.       def permission(name)

  36.         permissions.detect {|p| p.name == name}

  37.       end

  38. 

  39.       # Returns the actions that are allowed by the permission of given name

  40.       def allowed_actions(permission_name)

  41.         perm = permission(permission_name)

  42.         perm ? perm.actions : []

  43.       end

  44. 

  45.       def public_permissions

  46.         @public_permissions ||= @permissions.select {|p| p.public?}

  47.       end

  48. 

  49.       def members_only_permissions

  50.         @members_only_permissions ||= @permissions.select {|p| p.require_member?}

  51.       end

  52. 

  53.       def loggedin_only_permissions

  54.         @loggedin_only_permissions ||= @permissions.select {|p| p.require_loggedin?}

  55.       end

  56. 

  57.       def read_action?(action)

  58.         if action.is_a?(Symbol)

  59.           perm = permission(action)

  60.           !perm.nil? && perm.read?

  61.         elsif action.is_a?(Hash)

  62.           s = "#{action[:controller]}/#{action[:action]}"

  63.           permissions.detect {|p| p.actions.include?(s) && p.read?}.present?

  64.         else

  65.           raise ArgumentError.new("Symbol or a Hash expected, #{action.class.name} given: #{action}")

  66.         end

  67.       end

  68. 

  69.       def available_project_modules

  70.         @available_project_modules ||= @permissions.collect(&:project_module).uniq.compact

  71.       end

  72. 

  73.       def modules_permissions(modules)

  74.         @permissions.select {|p| p.project_module.nil? || modules.include?(p.project_module.to_s)}

  75.       end

  76.     end

  77. 

  78.     class Mapper

  79.       def initialize

  80.         @project_module = nil

  81.       end

  82. 

  83.       def permission(name, hash, options={})

  84.         @permissions ||= []

  85.         options.merge!(:project_module => @project_module)

  86.         @permissions << Permission.new(name, hash, options)

  87.       end

  88. 

  89.       def project_module(name, options={})

  90.         @project_module = name

  91.         yield self

  92.         @project_module = nil

  93.       end

  94. 

  95.       def mapped_permissions

  96.         @permissions

  97.       end

  98.     end

  99. 

  100.     class Permission

  101.       attr_reader :name, :actions, :project_module

  102. 

  103.       def initialize(name, hash, options)

  104.         @name = name

  105.         @actions = []

  106.         @public = options[:public] || false

  107.         @require = options[:require]

  108.         @read = options[:read] || false

  109.         @project_module = options[:project_module]

  110.         hash.each do |controller, actions|

  111.           if actions.is_a? Array

  112.             @actions << actions.collect {|action| "#{controller}/#{action}"}

  113.           else

  114.             @actions << "#{controller}/#{actions}"

  115.           end

  116.         end

  117.         @actions.flatten!

  118.       end

  119. 

  120.       def public?

  121.         @public

  122.       end

  123. 

  124.       def require_member?

  125.         @require && @require == :member

  126.       end

  127. 

  128.       def require_loggedin?

  129.         @require && (@require == :member || @require == :loggedin)

  130.       end

  131. 

  132.       def read?

  133.         @read

  134.       end

  135.     end

  136.   end

  137. end