diff options
| author | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2011-04-11 17:53:15 +0000 |
|---|---|---|
| committer | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2011-04-11 17:53:15 +0000 |
| commit | aa0d01b3d9f5ae5634eda73e1becd75cc4668f3e (patch) | |
| tree | 8a2a59ba70b18777cf35940ff01b961709405893 /app/models/user.rb | |
| parent | 5fd891aa72243e7fff19a05d080c921ae420eeeb (diff) | |
| download | redmine-aa0d01b3d9f5ae5634eda73e1becd75cc4668f3e.tar.gz redmine-aa0d01b3d9f5ae5634eda73e1becd75cc4668f3e.zip | |
Adds an issues visibility level on roles (#7412).
It can be set so that users only see their own issues (created or assigned).
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@5416 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat (limited to 'app/models/user.rb')
| -rw-r--r-- | app/models/user.rb | 23 |
1 files changed, 15 insertions, 8 deletions
diff --git a/app/models/user.rb b/app/models/user.rb index 1018c33e0..c06a907fe 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -394,10 +394,10 @@ class User < Principal # * a permission Symbol (eg. :edit_project) # Context can be: # * a project : returns true if user is allowed to do the specified action on this project - # * a group of projects : returns true if user is allowed on every project + # * an array of projects : returns true if user is allowed on every project # * nil with options[:global] set : check if user has at least one role allowed for this action, # or falls back to Non Member / Anonymous permissions depending if the user is logged - def allowed_to?(action, context, options={}) + def allowed_to?(action, context, options={}, &block) if context && context.is_a?(Project) # No action allowed on archived projects return false unless context.active? @@ -408,12 +408,15 @@ class User < Principal roles = roles_for_project(context) return false unless roles - roles.detect {|role| (context.is_public? || role.member?) && role.allowed_to?(action)} - + roles.detect {|role| + (context.is_public? || role.member?) && + role.allowed_to?(action) && + (block_given? ? yield(role, self) : true) + } elsif context && context.is_a?(Array) # Authorize if user is authorized on every element of the array context.map do |project| - allowed_to?(action,project,options) + allowed_to?(action, project, options, &block) end.inject do |memo,allowed| memo && allowed end @@ -423,7 +426,11 @@ class User < Principal # authorize if user has at least one role that has this permission roles = memberships.collect {|m| m.roles}.flatten.uniq - roles.detect {|r| r.allowed_to?(action)} || (self.logged? ? Role.non_member.allowed_to?(action) : Role.anonymous.allowed_to?(action)) + roles << (self.logged? ? Role.non_member : Role.anonymous) + roles.detect {|role| + role.allowed_to?(action) && + (block_given? ? yield(role, self) : true) + } else false end @@ -431,8 +438,8 @@ class User < Principal # Is the user allowed to do the specified action on any project? # See allowed_to? for the actions and valid options. - def allowed_to_globally?(action, options) - allowed_to?(action, nil, options.reverse_merge(:global => true)) + def allowed_to_globally?(action, options, &block) + allowed_to?(action, nil, options.reverse_merge(:global => true), &block) end safe_attributes 'login', |