Mercurial > hg > soundsoftware-site

comparison app/models/.svn/text-base/user.rb.svn-base @ 441:cbce1fd3b1b7 redmine-1.2

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Update to Redmine 1.2-stable branch (Redmine SVN rev 6000)
author Chris Cannam
date Mon, 06 Jun 2011 14:24:13 +0100
parents 051f544170fe
children 753f1380d6bc
comparison
equal deleted inserted replaced
245:051f544170fe 441:cbce1fd3b1b7
1 # Redmine - project management software 1 # Redmine - project management software
2 # Copyright (C) 2006-2009 Jean-Philippe Lang 2 # Copyright (C) 2006-2011 Jean-Philippe Lang
3 # 3 #
4 # This program is free software; you can redistribute it and/or 4 # This program is free software; you can redistribute it and/or
5 # modify it under the terms of the GNU General Public License 5 # modify it under the terms of the GNU General Public License
6 # as published by the Free Software Foundation; either version 2 6 # as published by the Free Software Foundation; either version 2
7 # of the License, or (at your option) any later version. 7 # of the License, or (at your option) any later version.
74 validates_confirmation_of :password, :allow_nil => true 74 validates_confirmation_of :password, :allow_nil => true
75 validates_inclusion_of :mail_notification, :in => MAIL_NOTIFICATION_OPTIONS.collect(&:first), :allow_blank => true 75 validates_inclusion_of :mail_notification, :in => MAIL_NOTIFICATION_OPTIONS.collect(&:first), :allow_blank => true
76 76
77 before_destroy :remove_references_before_destroy 77 before_destroy :remove_references_before_destroy
78 78
79 named_scope :in_group, lambda {|group|
80 group_id = group.is_a?(Group) ? group.id : group.to_i
81 { :conditions => ["#{User.table_name}.id IN (SELECT gu.user_id FROM #{table_name_prefix}groups_users#{table_name_suffix} gu WHERE gu.group_id = ?)", group_id] }
82 }
83 named_scope :not_in_group, lambda {|group|
84 group_id = group.is_a?(Group) ? group.id : group.to_i
85 { :conditions => ["#{User.table_name}.id NOT IN (SELECT gu.user_id FROM #{table_name_prefix}groups_users#{table_name_suffix} gu WHERE gu.group_id = ?)", group_id] }
86 }
87
79 def before_create 88 def before_create
80 self.mail_notification = Setting.default_notification_option if self.mail_notification.blank? 89 self.mail_notification = Setting.default_notification_option if self.mail_notification.blank?
81 true 90 true
82 end 91 end
83 92
88 end 97 end
89 end 98 end
90 99
91 def reload(*args) 100 def reload(*args)
92 @name = nil 101 @name = nil
102 @projects_by_role = nil
93 super 103 super
94 end 104 end
95 105
96 def mail=(arg) 106 def mail=(arg)
97 write_attribute(:mail, arg.to_s.strip) 107 write_attribute(:mail, arg.to_s.strip)
359 # Return true if the user is a member of project 369 # Return true if the user is a member of project
360 def member_of?(project) 370 def member_of?(project)
361 !roles_for_project(project).detect {|role| role.member?}.nil? 371 !roles_for_project(project).detect {|role| role.member?}.nil?
362 end 372 end
363 373
374 # Returns a hash of user's projects grouped by roles
375 def projects_by_role
376 return @projects_by_role if @projects_by_role
377
378 @projects_by_role = Hash.new {|h,k| h[k]=[]}
379 memberships.each do |membership|
380 membership.roles.each do |role|
381 @projects_by_role[role] << membership.project if membership.project
382 end
383 end
384 @projects_by_role.each do |role, projects|
385 projects.uniq!
386 end
387
388 @projects_by_role
389 end
390
364 # Return true if the user is allowed to do the specified action on a specific context 391 # Return true if the user is allowed to do the specified action on a specific context
365 # Action can be: 392 # Action can be:
366 # * a parameter-like Hash (eg. :controller => 'projects', :action => 'edit') 393 # * a parameter-like Hash (eg. :controller => 'projects', :action => 'edit')
367 # * a permission Symbol (eg. :edit_project) 394 # * a permission Symbol (eg. :edit_project)
368 # Context can be: 395 # Context can be:
369 # * a project : returns true if user is allowed to do the specified action on this project 396 # * a project : returns true if user is allowed to do the specified action on this project
370 # * a group of projects : returns true if user is allowed on every project 397 # * an array of projects : returns true if user is allowed on every project
371 # * nil with options[:global] set : check if user has at least one role allowed for this action, 398 # * nil with options[:global] set : check if user has at least one role allowed for this action,
372 # or falls back to Non Member / Anonymous permissions depending if the user is logged 399 # or falls back to Non Member / Anonymous permissions depending if the user is logged
373 def allowed_to?(action, context, options={}) 400 def allowed_to?(action, context, options={}, &block)
374 if context && context.is_a?(Project) 401 if context && context.is_a?(Project)
375 # No action allowed on archived projects 402 # No action allowed on archived projects
376 return false unless context.active? 403 return false unless context.active?
377 # No action allowed on disabled modules 404 # No action allowed on disabled modules
378 return false unless context.allows_to?(action) 405 return false unless context.allows_to?(action)
379 # Admin users are authorized for anything else 406 # Admin users are authorized for anything else
380 return true if admin? 407 return true if admin?
381 408
382 roles = roles_for_project(context) 409 roles = roles_for_project(context)
383 return false unless roles 410 return false unless roles
384 roles.detect {|role| (context.is_public? || role.member?) && role.allowed_to?(action)} 411 roles.detect {|role|
385 412 (context.is_public? || role.member?) &&
413 role.allowed_to?(action) &&
414 (block_given? ? yield(role, self) : true)
415 }
386 elsif context && context.is_a?(Array) 416 elsif context && context.is_a?(Array)
387 # Authorize if user is authorized on every element of the array 417 # Authorize if user is authorized on every element of the array
388 context.map do |project| 418 context.map do |project|
389 allowed_to?(action,project,options) 419 allowed_to?(action, project, options, &block)
390 end.inject do |memo,allowed| 420 end.inject do |memo,allowed|
391 memo && allowed 421 memo && allowed
392 end 422 end
393 elsif options[:global] 423 elsif options[:global]
394 # Admin users are always authorized 424 # Admin users are always authorized
395 return true if admin? 425 return true if admin?
396 426
397 # authorize if user has at least one role that has this permission 427 # authorize if user has at least one role that has this permission
398 roles = memberships.collect {|m| m.roles}.flatten.uniq 428 roles = memberships.collect {|m| m.roles}.flatten.uniq
399 roles.detect {|r| r.allowed_to?(action)} || (self.logged? ? Role.non_member.allowed_to?(action) : Role.anonymous.allowed_to?(action)) 429 roles << (self.logged? ? Role.non_member : Role.anonymous)
430 roles.detect {|role|
431 role.allowed_to?(action) &&
432 (block_given? ? yield(role, self) : true)
433 }
400 else 434 else
401 false 435 false
402 end 436 end
403 end 437 end
404 438
405 # Is the user allowed to do the specified action on any project? 439 # Is the user allowed to do the specified action on any project?
406 # See allowed_to? for the actions and valid options. 440 # See allowed_to? for the actions and valid options.
407 def allowed_to_globally?(action, options) 441 def allowed_to_globally?(action, options, &block)
408 allowed_to?(action, nil, options.reverse_merge(:global => true)) 442 allowed_to?(action, nil, options.reverse_merge(:global => true), &block)
409 end 443 end
410 444
411 safe_attributes 'login', 445 safe_attributes 'login',
412 'firstname', 446 'firstname',
413 'lastname', 447 'lastname',