summaryrefslogtreecommitdiffstats
path: root/app/models/role.rb
diff options
context:
space:
mode:
Diffstat (limited to 'app/models/role.rb')
-rw-r--r--app/models/role.rb78
1 files changed, 74 insertions, 4 deletions
diff --git a/app/models/role.rb b/app/models/role.rb
index 98d735e8e..015146dc4 100644
--- a/app/models/role.rb
+++ b/app/models/role.rb
@@ -16,23 +16,93 @@
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class Role < ActiveRecord::Base
- before_destroy :check_integrity
- has_and_belongs_to_many :permissions
+ # Built-in roles
+ BUILTIN_NON_MEMBER = 1
+ BUILTIN_ANONYMOUS = 2
+
+ before_destroy :check_deletable
has_many :workflows, :dependent => :delete_all
has_many :members
acts_as_list
+
+ serialize :permissions
+ attr_protected :builtin
validates_presence_of :name
validates_uniqueness_of :name
validates_length_of :name, :maximum => 30
validates_format_of :name, :with => /^[\w\s\'\-]*$/i
+ def permissions
+ read_attribute(:permissions) || []
+ end
+
+ def permissions=(perms)
+ perms = perms.collect {|p| p.to_sym unless p.blank? }.compact if perms
+ write_attribute(:permissions, perms)
+ end
+
def <=>(role)
position <=> role.position
end
+ # Return true if the role is a builtin role
+ def builtin?
+ self.builtin != 0
+ end
+
+ # Return true if the role is a project member role
+ def member?
+ !self.builtin?
+ end
+
+ # Return true if role is allowed to do the specified action
+ # action can be:
+ # * a parameter-like Hash (eg. :controller => 'projects', :action => 'edit')
+ # * a permission Symbol (eg. :edit_project)
+ def allowed_to?(action)
+ if action.is_a? Hash
+ allowed_actions.include? "#{action[:controller]}/#{action[:action]}"
+ else
+ allowed_permissions.include? action
+ end
+ end
+
+ # Return all the permissions that can be given to the role
+ def setable_permissions
+ setable_permissions = Redmine::AccessControl.permissions - Redmine::AccessControl.public_permissions
+ setable_permissions -= Redmine::AccessControl.members_only_permissions if self.builtin == BUILTIN_NON_MEMBER
+ setable_permissions -= Redmine::AccessControl.loggedin_only_permissions if self.builtin == BUILTIN_ANONYMOUS
+ setable_permissions
+ end
+
+ # Find all the roles that can be given to a project member
+ def self.find_all_givable
+ find(:all, :conditions => {:builtin => 0}, :order => 'position')
+ end
+
+ # Return the builtin 'non member' role
+ def self.non_member
+ find(:first, :conditions => {:builtin => BUILTIN_NON_MEMBER}) || raise('Missing non-member builtin role.')
+ end
+
+ # Return the builtin 'anonymous' role
+ def self.anonymous
+ find(:first, :conditions => {:builtin => BUILTIN_ANONYMOUS}) || raise('Missing anonymous builtin role.')
+ end
+
+
private
- def check_integrity
- raise "Can't delete role" if Member.find(:first, :conditions =>["role_id=?", self.id])
+ def allowed_permissions
+ @allowed_permissions ||= permissions + Redmine::AccessControl.public_permissions.collect {|p| p.name}
+ end
+
+ def allowed_actions
+ @actions_allowed ||= allowed_permissions.inject([]) { |actions, permission| actions += Redmine::AccessControl.allowed_actions(permission) }.flatten
+ end
+
+ def check_deletable
+ raise "Can't delete role" if members.any?
+ raise "Can't delete builtin role" if builtin?
end
end
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-26 06:50:45 +0000