diff options
Diffstat (limited to 'app/models/user.rb')
| -rw-r--r-- | app/models/user.rb | 31 |
1 files changed, 20 insertions, 11 deletions
diff --git a/app/models/user.rb b/app/models/user.rb index ae81d46d2..e0b1e238c 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -222,17 +222,26 @@ class User < ActiveRecord::Base # action can be: # * a parameter-like Hash (eg. :controller => 'projects', :action => 'edit') # * a permission Symbol (eg. :edit_project) - def allowed_to?(action, project) - # No action allowed on archived projects - return false unless project.active? - # No action allowed on disabled modules - return false unless project.allows_to?(action) - # Admin users are authorized for anything else - return true if admin? - - role = role_for_project(project) - return false unless role - role.allowed_to?(action) && (project.is_public? || role.member?) + def allowed_to?(action, project, options={}) + if project + # No action allowed on archived projects + return false unless project.active? + # No action allowed on disabled modules + return false unless project.allows_to?(action) + # Admin users are authorized for anything else + return true if admin? + + role = role_for_project(project) + return false unless role + role.allowed_to?(action) && (project.is_public? || role.member?) + + elsif options[:global] + # authorize if user has at least one role that has this permission + roles = memberships.collect {|m| m.role}.uniq + roles.detect {|r| r.allowed_to?(action)} + else + false + end end def self.current=(user) |