diff options
| author | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2007-08-29 16:52:35 +0000 |
|---|---|---|
| committer | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2007-08-29 16:52:35 +0000 |
| commit | 603e11d7a5aa62f923e7b013cac6c66462131232 (patch) | |
| tree | fbbb204d2b92b5a87b787d56fe3f9c62cc3f259b /lib | |
| parent | 8da5bad29516be6cbe1bc52e78837ac1ec292026 (diff) | |
| download | redmine-603e11d7a5aa62f923e7b013cac6c66462131232.tar.gz redmine-603e11d7a5aa62f923e7b013cac6c66462131232.zip | |
Merged 0.6 branch into trunk.
Permissions management was rewritten. Some permissions can now be specifically defined for non member and anonymous users.
This migration:
* is irreversible (please, don't forget to *backup* your database before upgrading)
* resets role's permissions (go to "Admin -> Roles & Permissions" to set them after upgrading)
git-svn-id: http://redmine.rubyforge.org/svn/trunk@674 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/redmine.rb | 77 | ||||
| -rw-r--r-- | lib/redmine/access_control.rb | 92 | ||||
| -rw-r--r-- | lib/redmine/acts_as_event/init.rb | 2 | ||||
| -rw-r--r-- | lib/redmine/acts_as_event/lib/acts_as_event.rb | 68 | ||||
| -rw-r--r-- | lib/redmine/menu_manager.rb | 61 | ||||
| -rw-r--r-- | lib/redmine/version.rb | 7 | ||||
| -rw-r--r-- | lib/tasks/load_default_data.rake | 81 |
7 files changed, 378 insertions, 10 deletions
diff --git a/lib/redmine.rb b/lib/redmine.rb index 9fc2a103b..df4d0a8cf 100644 --- a/lib/redmine.rb +++ b/lib/redmine.rb @@ -1,6 +1,9 @@ require 'redmine/version' +require 'redmine/access_control' +require 'redmine/menu_manager' require 'redmine/mime_type' require 'redmine/acts_as_watchable/init' +require 'redmine/acts_as_event/init' begin require_library_or_gem 'rmagick' unless Object.const_defined?(:Magick) @@ -9,3 +12,77 @@ rescue LoadError end REDMINE_SUPPORTED_SCM = %w( Subversion Darcs Mercurial Cvs ) + +# Permissions +Redmine::AccessControl.map do |map| + # Project + map.permission :view_project, {:projects => [:show, :activity, :changelog, :roadmap, :feeds]}, :public => true + map.permission :search_project, {:search => :index}, :public => true + map.permission :edit_project, {:projects => [:settings, :edit]}, :require => :member + map.permission :manage_members, {:projects => [:settings, :add_member], :members => [:edit, :destroy]}, :require => :member + map.permission :manage_versions, {:projects => [:settings, :add_version], :versions => [:edit, :destroy]}, :require => :member + map.permission :manage_categories, {:projects => [:settings, :add_issue_category], :issue_categories => [:edit, :destroy]}, :require => :member + + # Issues + map.permission :view_issues, {:projects => [:list_issues, :export_issues_csv, :export_issues_pdf], + :issues => [:show, :export_pdf], + :queries => :index, + :reports => :issue_report}, :public => true + map.permission :add_issues, {:projects => :add_issue}, :require => :loggedin + map.permission :edit_issues, {:issues => [:edit, :destroy_attachment]}, :require => :loggedin + map.permission :manage_issue_relations, {:issue_relations => [:new, :destroy]}, :require => :loggedin + map.permission :add_issue_notes, {:issues => :add_note}, :require => :loggedin + map.permission :change_issue_status, {:issues => :change_status}, :require => :loggedin + map.permission :move_issues, {:projects => :move_issues}, :require => :loggedin + map.permission :delete_issues, {:issues => :destroy}, :require => :member + # Queries + map.permission :manage_pulic_queries, {:queries => [:new, :edit, :destroy]}, :require => :member + map.permission :save_queries, {:queries => [:new, :edit, :destroy]}, :require => :loggedin + # Gantt & calendar + map.permission :view_gantt, :projects => :gantt + map.permission :view_calendar, :projects => :calendar + # Time tracking + map.permission :log_time, {:timelog => :edit}, :require => :loggedin + map.permission :view_time_entries, :timelog => [:details, :report] + # News + map.permission :view_news, {:projects => :list_news, :news => :show}, :public => true + map.permission :manage_news, {:projects => :add_news, :news => [:edit, :destroy, :destroy_comment]}, :require => :member + map.permission :comment_news, {:news => :add_comment}, :require => :loggedin + # Documents + map.permission :view_documents, :projects => :list_documents, :documents => [:show, :download] + map.permission :manage_documents, {:projects => :add_document, :documents => [:edit, :destroy, :add_attachment, :destroy_attachment]}, :require => :loggedin + # Wiki + map.permission :view_wiki_pages, :wiki => [:index, :history, :diff, :special] + map.permission :edit_wiki_pages, :wiki => [:edit, :preview, :add_attachment, :destroy_attachment] + map.permission :delete_wiki_pages, {:wiki => :destroy}, :require => :member + # Message boards + map.permission :view_messages, {:boards => [:index, :show], :messages => [:show]}, :public => true + map.permission :add_messages, {:messages => [:new, :reply]}, :require => :loggedin + map.permission :manage_boards, {:boards => [:new, :edit, :destroy]}, :require => :member + # Files + map.permission :view_files, :projects => :list_files, :versions => :download + map.permission :manage_files, {:projects => :add_file, :versions => :destroy_file}, :require => :loggedin + # Repository + map.permission :browse_repository, :repositories => [:show, :browse, :entry, :changes, :diff, :stats, :graph] + map.permission :view_changesets, :repositories => [:show, :revisions, :revision] +end + +# Project menu configuration +Redmine::MenuManager.map :project_menu do |menu| + menu.push :label_overview, :controller => 'projects', :action => 'show' + menu.push :label_calendar, :controller => 'projects', :action => 'calendar' + menu.push :label_gantt, :controller => 'projects', :action => 'gantt' + menu.push :label_issue_plural, :controller => 'projects', :action => 'list_issues' + menu.push :label_report_plural, :controller => 'reports', :action => 'issue_report' + menu.push :label_activity, :controller => 'projects', :action => 'activity' + menu.push :label_news_plural, :controller => 'projects', :action => 'list_news' + menu.push :label_change_log, :controller => 'projects', :action => 'changelog' + menu.push :label_roadmap, :controller => 'projects', :action => 'roadmap' + menu.push :label_document_plural, :controller => 'projects', :action => 'list_documents' + menu.push :label_wiki, { :controller => 'wiki', :action => 'index', :page => nil }, :if => Proc.new { |p| p.wiki && !p.wiki.new_record? } + menu.push :label_board_plural, { :controller => 'boards', :action => 'index', :id => nil }, :param => :project_id, :if => Proc.new { |p| p.boards.any? } + menu.push :label_attachment_plural, :controller => 'projects', :action => 'list_files' + menu.push :label_search, :controller => 'search', :action => 'index' + menu.push :label_repository, { :controller => 'repositories', :action => 'show' }, :if => Proc.new { |p| p.repository && !p.repository.new_record? } + menu.push :label_settings, :controller => 'projects', :action => 'settings' +end diff --git a/lib/redmine/access_control.rb b/lib/redmine/access_control.rb new file mode 100644 index 000000000..54b344b7e --- /dev/null +++ b/lib/redmine/access_control.rb @@ -0,0 +1,92 @@ +# redMine - project management software +# Copyright (C) 2006-2007 Jean-Philippe Lang +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +module Redmine + module AccessControl + + class << self + def map + mapper = Mapper.new + yield mapper + @permissions ||= [] + @permissions += mapper.mapped_permissions + end + + def permissions + @permissions + end + + def allowed_actions(permission_name) + perm = @permissions.detect {|p| p.name == permission_name} + perm ? perm.actions : [] + end + + def public_permissions + @public_permissions ||= @permissions.select {|p| p.public?} + end + + def members_only_permissions + @members_only_permissions ||= @permissions.select {|p| p.require_member?} + end + + def loggedin_only_permissions + @loggedin_only_permissions ||= @permissions.select {|p| p.require_loggedin?} + end + end + + class Mapper + def permission(name, hash, options={}) + @permissions ||= [] + @permissions << Permission.new(name, hash, options) + end + + def mapped_permissions + @permissions + end + end + + class Permission + attr_reader :name, :actions + + def initialize(name, hash, options) + @name = name + @actions = [] + @public = options[:public] || false + @require = options[:require] + hash.each do |controller, actions| + if actions.is_a? Array + @actions << actions.collect {|action| "#{controller}/#{action}"} + else + @actions << "#{controller}/#{actions}" + end + end + end + + def public? + @public + end + + def require_member? + @require && @require == :member + end + + def require_loggedin? + @require && (@require == :member || @require == :loggedin) + end + end + end +end diff --git a/lib/redmine/acts_as_event/init.rb b/lib/redmine/acts_as_event/init.rb new file mode 100644 index 000000000..91051510a --- /dev/null +++ b/lib/redmine/acts_as_event/init.rb @@ -0,0 +1,2 @@ +require File.dirname(__FILE__) + '/lib/acts_as_event' +ActiveRecord::Base.send(:include, Redmine::Acts::Event) diff --git a/lib/redmine/acts_as_event/lib/acts_as_event.rb b/lib/redmine/acts_as_event/lib/acts_as_event.rb new file mode 100644 index 000000000..a0d1822ad --- /dev/null +++ b/lib/redmine/acts_as_event/lib/acts_as_event.rb @@ -0,0 +1,68 @@ +# redMine - project management software +# Copyright (C) 2006-2007 Jean-Philippe Lang +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +module Redmine + module Acts + module Event + def self.included(base) + base.extend ClassMethods + end + + module ClassMethods + def acts_as_event(options = {}) + return if self.included_modules.include?(Redmine::Acts::Event::InstanceMethods) + options[:datetime] ||= 'created_on' + options[:title] ||= 'title' + options[:description] ||= 'description' + options[:author] ||= 'author' + options[:url] ||= {:controller => 'welcome'} + cattr_accessor :event_options + self.event_options = options + send :include, Redmine::Acts::Event::InstanceMethods + end + end + + module InstanceMethods + def self.included(base) + base.extend ClassMethods + end + + %w(datetime title description author).each do |attr| + src = <<-END_SRC + def event_#{attr} + option = event_options[:#{attr}] + option.is_a?(Proc) ? option.call(self) : send(option) + end + END_SRC + class_eval src, __FILE__, __LINE__ + end + + def event_date + event_datetime.to_date + end + + def event_url(options = {}) + option = event_options[:url] + (option.is_a?(Proc) ? option.call(self) : send(option)).merge(options) + end + + module ClassMethods + end + end + end + end +end diff --git a/lib/redmine/menu_manager.rb b/lib/redmine/menu_manager.rb new file mode 100644 index 000000000..afb7699b0 --- /dev/null +++ b/lib/redmine/menu_manager.rb @@ -0,0 +1,61 @@ +# redMine - project management software +# Copyright (C) 2006-2007 Jean-Philippe Lang +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +module Redmine + module MenuManager + + class << self + def map(menu_name) + mapper = Mapper.new + yield mapper + @items ||= {} + @items[menu_name.to_sym] ||= [] + @items[menu_name.to_sym] += mapper.items + end + + def items(menu_name) + @items[menu_name.to_sym] || [] + end + + def allowed_items(menu_name, role) + items(menu_name).select {|item| role && role.allowed_to?(item.url)} + end + end + + class Mapper + def push(name, url, options={}) + @items ||= [] + @items << MenuItem.new(name, url, options) + end + + def items + @items + end + end + + class MenuItem + attr_reader :name, :url, :param, :condition + + def initialize(name, url, options) + @name = name + @url = url + @condition = options[:if] + @param = options[:param] || :id + end + end + end +end diff --git a/lib/redmine/version.rb b/lib/redmine/version.rb index 5934af03e..494bb2de2 100644 --- a/lib/redmine/version.rb +++ b/lib/redmine/version.rb @@ -8,4 +8,11 @@ module Redmine def self.to_s; STRING end end + + module Info + class << self + def name; 'Redmine' end + def url; 'http://www.redmine.org/' end + end + end end diff --git a/lib/tasks/load_default_data.rake b/lib/tasks/load_default_data.rake index 488cd2a64..e59c3c5fe 100644 --- a/lib/tasks/load_default_data.rake +++ b/lib/tasks/load_default_data.rake @@ -19,7 +19,7 @@ task :load_default_data => :environment do begin
# check that no data already exists
- if Role.find(:first)
+ if Role.find(:first, :conditions => {:builtin => 0})
raise "Some roles are already defined."
end
if Tracker.find(:first)
@@ -35,17 +35,78 @@ begin puts "Loading default configuration data for language: #{current_language}"
# roles
- manager = Role.create :name => l(:default_role_manager), :position => 1
- manager.permissions = Permission.find(:all, :conditions => ["is_public=?", false])
+ manager = Role.create :name => l(:default_role_manager),
+ :position => 1
+ manager.permissions = manager.setable_permissions.collect {|p| p.name}
+ manager.save
- developper = Role.create :name => l(:default_role_developper), :position => 2
- perms = [150, 320, 321, 322, 420, 421, 422, 1050, 1060, 1070, 1075, 1130, 1220, 1221, 1222, 1223, 1224, 1320, 1322, 1061, 1057, 1520]
- developper.permissions = Permission.find(:all, :conditions => ["sort IN (#{perms.join(',')})"])
-
- reporter = Role.create :name => l(:default_role_reporter), :position => 3
- perms = [1050, 1060, 1070, 1057, 1130]
- reporter.permissions = Permission.find(:all, :conditions => ["sort IN (#{perms.join(',')})"])
+ developper = Role.create :name => l(:default_role_developper),
+ :position => 2,
+ :permissions => [:manage_versions,
+ :manage_categories,
+ :add_issues,
+ :edit_issues,
+ :manage_issue_relations,
+ :add_issue_notes,
+ :change_issue_status,
+ :save_queries,
+ :view_gantt,
+ :view_calendar,
+ :log_time,
+ :view_time_entries,
+ :comment_news,
+ :view_documents,
+ :view_wiki_pages,
+ :edit_wiki_pages,
+ :delete_wiki_pages,
+ :add_messages,
+ :view_files,
+ :manage_files,
+ :browse_repository,
+ :view_changesets]
+ reporter = Role.create :name => l(:default_role_reporter),
+ :position => 3,
+ :permissions => [:add_issues,
+ :add_issue_notes,
+ :change_issue_status,
+ :save_queries,
+ :view_gantt,
+ :view_calendar,
+ :log_time,
+ :view_time_entries,
+ :comment_news,
+ :view_documents,
+ :view_wiki_pages,
+ :add_messages,
+ :view_files,
+ :browse_repository,
+ :view_changesets]
+
+ Role.non_member.update_attribute :permissions, [:add_issues,
+ :add_issue_notes,
+ :change_issue_status,
+ :save_queries,
+ :view_gantt,
+ :view_calendar,
+ :view_time_entries,
+ :comment_news,
+ :view_documents,
+ :view_wiki_pages,
+ :add_messages,
+ :view_files,
+ :browse_repository,
+ :view_changesets]
+
+ Role.anonymous.update_attribute :permissions, [:view_gantt,
+ :view_calendar,
+ :view_time_entries,
+ :view_documents,
+ :view_wiki_pages,
+ :view_files,
+ :browse_repository,
+ :view_changesets]
+
# trackers
Tracker.create(:name => l(:default_tracker_bug), :is_in_chlog => true, :is_in_roadmap => false, :position => 1)
Tracker.create(:name => l(:default_tracker_feature), :is_in_chlog => true, :is_in_roadmap => true, :position => 2)
|