|
Chris@909
|
1 # Redmine - project management software
|
|
Chris@909
|
2 # Copyright (C) 2006-2011 Jean-Philippe Lang
|
|
Chris@909
|
3 #
|
|
Chris@909
|
4 # This program is free software; you can redistribute it and/or
|
|
Chris@909
|
5 # modify it under the terms of the GNU General Public License
|
|
Chris@909
|
6 # as published by the Free Software Foundation; either version 2
|
|
Chris@909
|
7 # of the License, or (at your option) any later version.
|
|
Chris@909
|
8 #
|
|
Chris@909
|
9 # This program is distributed in the hope that it will be useful,
|
|
Chris@909
|
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Chris@909
|
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
Chris@909
|
12 # GNU General Public License for more details.
|
|
Chris@909
|
13 #
|
|
Chris@909
|
14 # You should have received a copy of the GNU General Public License
|
|
Chris@909
|
15 # along with this program; if not, write to the Free Software
|
|
Chris@909
|
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
|
Chris@909
|
17
|
|
Chris@909
|
18 class Role < ActiveRecord::Base
|
|
Chris@909
|
19 # Built-in roles
|
|
Chris@909
|
20 BUILTIN_NON_MEMBER = 1
|
|
Chris@909
|
21 BUILTIN_ANONYMOUS = 2
|
|
Chris@909
|
22
|
|
Chris@909
|
23 ISSUES_VISIBILITY_OPTIONS = [
|
|
Chris@909
|
24 ['all', :label_issues_visibility_all],
|
|
Chris@909
|
25 ['default', :label_issues_visibility_public],
|
|
Chris@909
|
26 ['own', :label_issues_visibility_own]
|
|
Chris@909
|
27 ]
|
|
Chris@909
|
28
|
|
Chris@909
|
29 named_scope :givable, { :conditions => "builtin = 0", :order => 'position' }
|
|
Chris@909
|
30 named_scope :builtin, lambda { |*args|
|
|
Chris@909
|
31 compare = 'not' if args.first == true
|
|
Chris@909
|
32 { :conditions => "#{compare} builtin = 0" }
|
|
Chris@909
|
33 }
|
|
Chris@909
|
34
|
|
Chris@909
|
35 before_destroy :check_deletable
|
|
Chris@909
|
36 has_many :workflows, :dependent => :delete_all do
|
|
Chris@909
|
37 def copy(source_role)
|
|
Chris@909
|
38 Workflow.copy(nil, source_role, nil, proxy_owner)
|
|
Chris@909
|
39 end
|
|
Chris@909
|
40 end
|
|
Chris@909
|
41
|
|
Chris@909
|
42 has_many :member_roles, :dependent => :destroy
|
|
Chris@909
|
43 has_many :members, :through => :member_roles
|
|
Chris@909
|
44 acts_as_list
|
|
Chris@909
|
45
|
|
Chris@909
|
46 serialize :permissions, Array
|
|
Chris@909
|
47 attr_protected :builtin
|
|
Chris@909
|
48
|
|
Chris@909
|
49 validates_presence_of :name
|
|
Chris@909
|
50 validates_uniqueness_of :name
|
|
Chris@909
|
51 validates_length_of :name, :maximum => 30
|
|
Chris@909
|
52 validates_inclusion_of :issues_visibility,
|
|
Chris@909
|
53 :in => ISSUES_VISIBILITY_OPTIONS.collect(&:first),
|
|
Chris@909
|
54 :if => lambda {|role| role.respond_to?(:issues_visibility)}
|
|
Chris@909
|
55
|
|
Chris@909
|
56 def permissions
|
|
Chris@909
|
57 read_attribute(:permissions) || []
|
|
Chris@909
|
58 end
|
|
Chris@909
|
59
|
|
Chris@909
|
60 def permissions=(perms)
|
|
Chris@909
|
61 perms = perms.collect {|p| p.to_sym unless p.blank? }.compact.uniq if perms
|
|
Chris@909
|
62 write_attribute(:permissions, perms)
|
|
Chris@909
|
63 end
|
|
Chris@909
|
64
|
|
Chris@909
|
65 def add_permission!(*perms)
|
|
Chris@909
|
66 self.permissions = [] unless permissions.is_a?(Array)
|
|
Chris@909
|
67
|
|
Chris@909
|
68 permissions_will_change!
|
|
Chris@909
|
69 perms.each do |p|
|
|
Chris@909
|
70 p = p.to_sym
|
|
Chris@909
|
71 permissions << p unless permissions.include?(p)
|
|
Chris@909
|
72 end
|
|
Chris@909
|
73 save!
|
|
Chris@909
|
74 end
|
|
Chris@909
|
75
|
|
Chris@909
|
76 def remove_permission!(*perms)
|
|
Chris@909
|
77 return unless permissions.is_a?(Array)
|
|
Chris@909
|
78 permissions_will_change!
|
|
Chris@909
|
79 perms.each { |p| permissions.delete(p.to_sym) }
|
|
Chris@909
|
80 save!
|
|
Chris@909
|
81 end
|
|
Chris@909
|
82
|
|
Chris@909
|
83 # Returns true if the role has the given permission
|
|
Chris@909
|
84 def has_permission?(perm)
|
|
Chris@909
|
85 !permissions.nil? && permissions.include?(perm.to_sym)
|
|
Chris@909
|
86 end
|
|
Chris@909
|
87
|
|
Chris@909
|
88 def <=>(role)
|
|
Chris@909
|
89 role ? position <=> role.position : -1
|
|
Chris@909
|
90 end
|
|
Chris@909
|
91
|
|
Chris@909
|
92 def to_s
|
|
Chris@909
|
93 name
|
|
Chris@909
|
94 end
|
|
Chris@909
|
95
|
|
Chris@909
|
96 def name
|
|
Chris@909
|
97 case builtin
|
|
Chris@909
|
98 when 1; l(:label_role_non_member, :default => read_attribute(:name))
|
|
Chris@909
|
99 when 2; l(:label_role_anonymous, :default => read_attribute(:name))
|
|
Chris@909
|
100 else; read_attribute(:name)
|
|
Chris@909
|
101 end
|
|
Chris@909
|
102 end
|
|
Chris@909
|
103
|
|
Chris@909
|
104 # Return true if the role is a builtin role
|
|
Chris@909
|
105 def builtin?
|
|
Chris@909
|
106 self.builtin != 0
|
|
Chris@909
|
107 end
|
|
Chris@909
|
108
|
|
Chris@909
|
109 # Return true if the role is a project member role
|
|
Chris@909
|
110 def member?
|
|
Chris@909
|
111 !self.builtin?
|
|
Chris@909
|
112 end
|
|
Chris@909
|
113
|
|
Chris@909
|
114 # Return true if role is allowed to do the specified action
|
|
Chris@909
|
115 # action can be:
|
|
Chris@909
|
116 # * a parameter-like Hash (eg. :controller => 'projects', :action => 'edit')
|
|
Chris@909
|
117 # * a permission Symbol (eg. :edit_project)
|
|
Chris@909
|
118 def allowed_to?(action)
|
|
Chris@909
|
119 if action.is_a? Hash
|
|
Chris@909
|
120 allowed_actions.include? "#{action[:controller]}/#{action[:action]}"
|
|
Chris@909
|
121 else
|
|
Chris@909
|
122 allowed_permissions.include? action
|
|
Chris@909
|
123 end
|
|
Chris@909
|
124 end
|
|
Chris@909
|
125
|
|
Chris@909
|
126 # Return all the permissions that can be given to the role
|
|
Chris@909
|
127 def setable_permissions
|
|
Chris@909
|
128 setable_permissions = Redmine::AccessControl.permissions - Redmine::AccessControl.public_permissions
|
|
Chris@909
|
129 setable_permissions -= Redmine::AccessControl.members_only_permissions if self.builtin == BUILTIN_NON_MEMBER
|
|
Chris@909
|
130 setable_permissions -= Redmine::AccessControl.loggedin_only_permissions if self.builtin == BUILTIN_ANONYMOUS
|
|
Chris@909
|
131 setable_permissions
|
|
Chris@909
|
132 end
|
|
Chris@909
|
133
|
|
Chris@909
|
134 # Find all the roles that can be given to a project member
|
|
Chris@909
|
135 def self.find_all_givable
|
|
Chris@909
|
136 find(:all, :conditions => {:builtin => 0}, :order => 'position')
|
|
Chris@909
|
137 end
|
|
Chris@909
|
138
|
|
Chris@909
|
139 # Return the builtin 'non member' role. If the role doesn't exist,
|
|
Chris@909
|
140 # it will be created on the fly.
|
|
Chris@909
|
141 def self.non_member
|
|
Chris@909
|
142 find_or_create_system_role(BUILTIN_NON_MEMBER, 'Non member')
|
|
Chris@909
|
143 end
|
|
Chris@909
|
144
|
|
Chris@909
|
145 # Return the builtin 'anonymous' role. If the role doesn't exist,
|
|
Chris@909
|
146 # it will be created on the fly.
|
|
Chris@909
|
147 def self.anonymous
|
|
Chris@909
|
148 find_or_create_system_role(BUILTIN_ANONYMOUS, 'Anonymous')
|
|
Chris@909
|
149 end
|
|
Chris@909
|
150
|
|
Chris@909
|
151 private
|
|
Chris@909
|
152
|
|
Chris@909
|
153 def allowed_permissions
|
|
Chris@909
|
154 @allowed_permissions ||= permissions + Redmine::AccessControl.public_permissions.collect {|p| p.name}
|
|
Chris@909
|
155 end
|
|
Chris@909
|
156
|
|
Chris@909
|
157 def allowed_actions
|
|
Chris@909
|
158 @actions_allowed ||= allowed_permissions.inject([]) { |actions, permission| actions += Redmine::AccessControl.allowed_actions(permission) }.flatten
|
|
Chris@909
|
159 end
|
|
Chris@909
|
160
|
|
Chris@909
|
161 def check_deletable
|
|
Chris@909
|
162 raise "Can't delete role" if members.any?
|
|
Chris@909
|
163 raise "Can't delete builtin role" if builtin?
|
|
Chris@909
|
164 end
|
|
Chris@909
|
165
|
|
Chris@909
|
166 def self.find_or_create_system_role(builtin, name)
|
|
Chris@909
|
167 role = first(:conditions => {:builtin => builtin})
|
|
Chris@909
|
168 if role.nil?
|
|
Chris@909
|
169 role = create(:name => name, :position => 0) do |r|
|
|
Chris@909
|
170 r.builtin = builtin
|
|
Chris@909
|
171 end
|
|
Chris@909
|
172 raise "Unable to create the #{name} role." if role.new_record?
|
|
Chris@909
|
173 end
|
|
Chris@909
|
174 role
|
|
Chris@909
|
175 end
|
|
Chris@909
|
176 end
|
