Chris@0
|
1 # redMine - project management software
|
Chris@0
|
2 # Copyright (C) 2006 Jean-Philippe Lang
|
Chris@0
|
3 #
|
Chris@0
|
4 # This program is free software; you can redistribute it and/or
|
Chris@0
|
5 # modify it under the terms of the GNU General Public License
|
Chris@0
|
6 # as published by the Free Software Foundation; either version 2
|
Chris@0
|
7 # of the License, or (at your option) any later version.
|
Chris@0
|
8 #
|
Chris@0
|
9 # This program is distributed in the hope that it will be useful,
|
Chris@0
|
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
|
Chris@0
|
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
Chris@0
|
12 # GNU General Public License for more details.
|
Chris@0
|
13 #
|
Chris@0
|
14 # You should have received a copy of the GNU General Public License
|
Chris@0
|
15 # along with this program; if not, write to the Free Software
|
Chris@0
|
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
Chris@0
|
17
|
Chris@0
|
18 class Role < ActiveRecord::Base
|
Chris@0
|
19 # Built-in roles
|
Chris@0
|
20 BUILTIN_NON_MEMBER = 1
|
Chris@0
|
21 BUILTIN_ANONYMOUS = 2
|
Chris@0
|
22
|
Chris@0
|
23 named_scope :givable, { :conditions => "builtin = 0", :order => 'position' }
|
Chris@0
|
24 named_scope :builtin, lambda { |*args|
|
Chris@0
|
25 compare = 'not' if args.first == true
|
Chris@0
|
26 { :conditions => "#{compare} builtin = 0" }
|
Chris@0
|
27 }
|
Chris@0
|
28
|
Chris@0
|
29 before_destroy :check_deletable
|
Chris@0
|
30 has_many :workflows, :dependent => :delete_all do
|
Chris@0
|
31 def copy(source_role)
|
Chris@0
|
32 Workflow.copy(nil, source_role, nil, proxy_owner)
|
Chris@0
|
33 end
|
Chris@0
|
34 end
|
Chris@0
|
35
|
Chris@0
|
36 has_many :member_roles, :dependent => :destroy
|
Chris@0
|
37 has_many :members, :through => :member_roles
|
Chris@0
|
38 acts_as_list
|
Chris@0
|
39
|
Chris@0
|
40 serialize :permissions, Array
|
Chris@0
|
41 attr_protected :builtin
|
Chris@0
|
42
|
Chris@0
|
43 validates_presence_of :name
|
Chris@0
|
44 validates_uniqueness_of :name
|
Chris@0
|
45 validates_length_of :name, :maximum => 30
|
Chris@0
|
46 validates_format_of :name, :with => /^[\w\s\'\-]*$/i
|
Chris@0
|
47
|
Chris@0
|
48 def permissions
|
Chris@0
|
49 read_attribute(:permissions) || []
|
Chris@0
|
50 end
|
Chris@0
|
51
|
Chris@0
|
52 def permissions=(perms)
|
Chris@0
|
53 perms = perms.collect {|p| p.to_sym unless p.blank? }.compact.uniq if perms
|
Chris@0
|
54 write_attribute(:permissions, perms)
|
Chris@0
|
55 end
|
Chris@0
|
56
|
Chris@0
|
57 def add_permission!(*perms)
|
Chris@0
|
58 self.permissions = [] unless permissions.is_a?(Array)
|
Chris@0
|
59
|
Chris@0
|
60 permissions_will_change!
|
Chris@0
|
61 perms.each do |p|
|
Chris@0
|
62 p = p.to_sym
|
Chris@0
|
63 permissions << p unless permissions.include?(p)
|
Chris@0
|
64 end
|
Chris@0
|
65 save!
|
Chris@0
|
66 end
|
Chris@0
|
67
|
Chris@0
|
68 def remove_permission!(*perms)
|
Chris@0
|
69 return unless permissions.is_a?(Array)
|
Chris@0
|
70 permissions_will_change!
|
Chris@0
|
71 perms.each { |p| permissions.delete(p.to_sym) }
|
Chris@0
|
72 save!
|
Chris@0
|
73 end
|
Chris@0
|
74
|
Chris@0
|
75 # Returns true if the role has the given permission
|
Chris@0
|
76 def has_permission?(perm)
|
Chris@0
|
77 !permissions.nil? && permissions.include?(perm.to_sym)
|
Chris@0
|
78 end
|
Chris@0
|
79
|
Chris@0
|
80 def <=>(role)
|
Chris@0
|
81 role ? position <=> role.position : -1
|
Chris@0
|
82 end
|
Chris@0
|
83
|
Chris@0
|
84 def to_s
|
Chris@0
|
85 name
|
Chris@0
|
86 end
|
Chris@0
|
87
|
Chris@0
|
88 # Return true if the role is a builtin role
|
Chris@0
|
89 def builtin?
|
Chris@0
|
90 self.builtin != 0
|
Chris@0
|
91 end
|
Chris@0
|
92
|
Chris@0
|
93 # Return true if the role is a project member role
|
Chris@0
|
94 def member?
|
Chris@0
|
95 !self.builtin?
|
Chris@0
|
96 end
|
Chris@0
|
97
|
Chris@0
|
98 # Return true if role is allowed to do the specified action
|
Chris@0
|
99 # action can be:
|
Chris@0
|
100 # * a parameter-like Hash (eg. :controller => 'projects', :action => 'edit')
|
Chris@0
|
101 # * a permission Symbol (eg. :edit_project)
|
Chris@0
|
102 def allowed_to?(action)
|
Chris@0
|
103 if action.is_a? Hash
|
Chris@0
|
104 allowed_actions.include? "#{action[:controller]}/#{action[:action]}"
|
Chris@0
|
105 else
|
Chris@0
|
106 allowed_permissions.include? action
|
Chris@0
|
107 end
|
Chris@0
|
108 end
|
Chris@0
|
109
|
Chris@0
|
110 # Return all the permissions that can be given to the role
|
Chris@0
|
111 def setable_permissions
|
Chris@0
|
112 setable_permissions = Redmine::AccessControl.permissions - Redmine::AccessControl.public_permissions
|
Chris@0
|
113 setable_permissions -= Redmine::AccessControl.members_only_permissions if self.builtin == BUILTIN_NON_MEMBER
|
Chris@0
|
114 setable_permissions -= Redmine::AccessControl.loggedin_only_permissions if self.builtin == BUILTIN_ANONYMOUS
|
Chris@0
|
115 setable_permissions
|
Chris@0
|
116 end
|
Chris@0
|
117
|
Chris@0
|
118 # Find all the roles that can be given to a project member
|
Chris@0
|
119 def self.find_all_givable
|
Chris@0
|
120 find(:all, :conditions => {:builtin => 0}, :order => 'position')
|
Chris@0
|
121 end
|
Chris@0
|
122
|
Chris@0
|
123 # Return the builtin 'non member' role. If the role doesn't exist,
|
Chris@0
|
124 # it will be created on the fly.
|
Chris@0
|
125 def self.non_member
|
Chris@0
|
126 non_member_role = find(:first, :conditions => {:builtin => BUILTIN_NON_MEMBER})
|
Chris@0
|
127 if non_member_role.nil?
|
Chris@0
|
128 non_member_role = create(:name => 'Non member', :position => 0) do |role|
|
Chris@0
|
129 role.builtin = BUILTIN_NON_MEMBER
|
Chris@0
|
130 end
|
Chris@0
|
131 raise 'Unable to create the non-member role.' if non_member_role.new_record?
|
Chris@0
|
132 end
|
Chris@0
|
133 non_member_role
|
Chris@0
|
134 end
|
Chris@0
|
135
|
Chris@0
|
136 # Return the builtin 'anonymous' role. If the role doesn't exist,
|
Chris@0
|
137 # it will be created on the fly.
|
Chris@0
|
138 def self.anonymous
|
Chris@0
|
139 anonymous_role = find(:first, :conditions => {:builtin => BUILTIN_ANONYMOUS})
|
Chris@0
|
140 if anonymous_role.nil?
|
Chris@0
|
141 anonymous_role = create(:name => 'Anonymous', :position => 0) do |role|
|
Chris@0
|
142 role.builtin = BUILTIN_ANONYMOUS
|
Chris@0
|
143 end
|
Chris@0
|
144 raise 'Unable to create the anonymous role.' if anonymous_role.new_record?
|
Chris@0
|
145 end
|
Chris@0
|
146 anonymous_role
|
Chris@0
|
147 end
|
Chris@0
|
148
|
Chris@0
|
149
|
Chris@0
|
150 private
|
Chris@0
|
151 def allowed_permissions
|
Chris@0
|
152 @allowed_permissions ||= permissions + Redmine::AccessControl.public_permissions.collect {|p| p.name}
|
Chris@0
|
153 end
|
Chris@0
|
154
|
Chris@0
|
155 def allowed_actions
|
Chris@0
|
156 @actions_allowed ||= allowed_permissions.inject([]) { |actions, permission| actions += Redmine::AccessControl.allowed_actions(permission) }.flatten
|
Chris@0
|
157 end
|
Chris@0
|
158
|
Chris@0
|
159 def check_deletable
|
Chris@0
|
160 raise "Can't delete role" if members.any?
|
Chris@0
|
161 raise "Can't delete builtin role" if builtin?
|
Chris@0
|
162 end
|
Chris@0
|
163 end
|