diff options
| author | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2007-03-10 15:09:49 +0000 |
|---|---|---|
| committer | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2007-03-10 15:09:49 +0000 |
| commit | c514316a2efcf4e8df4bc2f2681548ebffa30adf (patch) | |
| tree | b9b7bc9ccbbbad1cce2701430788f4dfbf872610 /app/controllers/application.rb | |
| parent | 8b98ceb92c8fba72315d28c3b7664f481547bf24 (diff) | |
| download | redmine-c514316a2efcf4e8df4bc2f2681548ebffa30adf.tar.gz redmine-c514316a2efcf4e8df4bc2f2681548ebffa30adf.zip | |
wiki branch merged into trunk
git-svn-id: http://redmine.rubyforge.org/svn/trunk@323 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat (limited to 'app/controllers/application.rb')
| -rw-r--r-- | app/controllers/application.rb | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/app/controllers/application.rb b/app/controllers/application.rb index 91cf074e6..c0b24902c 100644 --- a/app/controllers/application.rb +++ b/app/controllers/application.rb @@ -32,6 +32,10 @@ class ApplicationController < ActionController::Base end
end
+ def logged_in_user_membership
+ @user_membership ||= Member.find(:first, :conditions => ["user_id=? and project_id=?", self.logged_in_user.id, @project.id])
+ end
+
# check if login is globally required to access the application
def check_if_login_required
require_login if Setting.login_required?
@@ -89,6 +93,16 @@ class ApplicationController < ActionController::Base render :nothing => true, :status => 403
false
end
+
+ # make sure that the user is a member of the project (or admin) if project is private
+ # used as a before_filter for actions that do not require any particular permission on the project
+ def check_project_privacy
+ return true if @project.is_public?
+ return false unless logged_in_user
+ return true if logged_in_user.admin? || logged_in_user_membership
+ render :nothing => true, :status => 403
+ false
+ end
# store current uri in session. # return to this location by calling redirect_back_or_default |