Chris@1296: # Redmine - project management software
Chris@1296: # Copyright (C) 2006-2012  Jean-Philippe Lang
Chris@1296: #
Chris@1296: # This program is free software; you can redistribute it and/or
Chris@1296: # modify it under the terms of the GNU General Public License
Chris@1296: # as published by the Free Software Foundation; either version 2
Chris@1296: # of the License, or (at your option) any later version.
Chris@1296: #
Chris@1296: # This program is distributed in the hope that it will be useful,
Chris@1296: # but WITHOUT ANY WARRANTY; without even the implied warranty of
Chris@1296: # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
Chris@1296: # GNU General Public License for more details.
Chris@1296: #
Chris@1296: # You should have received a copy of the GNU General Public License
Chris@1296: # along with this program; if not, write to the Free Software
Chris@1296: # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
Chris@1296: 
Chris@1296: module Redmine
Chris@1296:   module AccessControl
Chris@1296: 
Chris@1296:     class << self
Chris@1296:       def map
Chris@1296:         mapper = Mapper.new
Chris@1296:         yield mapper
Chris@1296:         @permissions ||= []
Chris@1296:         @permissions += mapper.mapped_permissions
Chris@1296:       end
Chris@1296: 
Chris@1296:       def permissions
Chris@1296:         @permissions
Chris@1296:       end
Chris@1296: 
Chris@1296:       # Returns the permission of given name or nil if it wasn't found
Chris@1296:       # Argument should be a symbol
Chris@1296:       def permission(name)
Chris@1296:         permissions.detect {|p| p.name == name}
Chris@1296:       end
Chris@1296: 
Chris@1296:       # Returns the actions that are allowed by the permission of given name
Chris@1296:       def allowed_actions(permission_name)
Chris@1296:         perm = permission(permission_name)
Chris@1296:         perm ? perm.actions : []
Chris@1296:       end
Chris@1296: 
Chris@1296:       def public_permissions
Chris@1296:         @public_permissions ||= @permissions.select {|p| p.public?}
Chris@1296:       end
Chris@1296: 
Chris@1296:       def members_only_permissions
Chris@1296:         @members_only_permissions ||= @permissions.select {|p| p.require_member?}
Chris@1296:       end
Chris@1296: 
Chris@1296:       def loggedin_only_permissions
Chris@1296:         @loggedin_only_permissions ||= @permissions.select {|p| p.require_loggedin?}
Chris@1296:       end
Chris@1296: 
Chris@1296:       def read_action?(action)
Chris@1296:         if action.is_a?(Symbol)
Chris@1296:           perm = permission(action)
Chris@1296:           !perm.nil? && perm.read?
Chris@1296:         else
Chris@1296:           s = "#{action[:controller]}/#{action[:action]}"
Chris@1296:           permissions.detect {|p| p.actions.include?(s) && !p.read?}.nil?
Chris@1296:         end
Chris@1296:       end
Chris@1296: 
Chris@1296:       def available_project_modules
Chris@1296:         @available_project_modules ||= @permissions.collect(&:project_module).uniq.compact
Chris@1296:       end
Chris@1296: 
Chris@1296:       def modules_permissions(modules)
Chris@1296:         @permissions.select {|p| p.project_module.nil? || modules.include?(p.project_module.to_s)}
Chris@1296:       end
Chris@1296:     end
Chris@1296: 
Chris@1296:     class Mapper
Chris@1296:       def initialize
Chris@1296:         @project_module = nil
Chris@1296:       end
Chris@1296: 
Chris@1296:       def permission(name, hash, options={})
Chris@1296:         @permissions ||= []
Chris@1296:         options.merge!(:project_module => @project_module)
Chris@1296:         @permissions << Permission.new(name, hash, options)
Chris@1296:       end
Chris@1296: 
Chris@1296:       def project_module(name, options={})
Chris@1296:         @project_module = name
Chris@1296:         yield self
Chris@1296:         @project_module = nil
Chris@1296:       end
Chris@1296: 
Chris@1296:       def mapped_permissions
Chris@1296:         @permissions
Chris@1296:       end
Chris@1296:     end
Chris@1296: 
Chris@1296:     class Permission
Chris@1296:       attr_reader :name, :actions, :project_module
Chris@1296: 
Chris@1296:       def initialize(name, hash, options)
Chris@1296:         @name = name
Chris@1296:         @actions = []
Chris@1296:         @public = options[:public] || false
Chris@1296:         @require = options[:require]
Chris@1296:         @read = options[:read] || false
Chris@1296:         @project_module = options[:project_module]
Chris@1296:         hash.each do |controller, actions|
Chris@1296:           if actions.is_a? Array
Chris@1296:             @actions << actions.collect {|action| "#{controller}/#{action}"}
Chris@1296:           else
Chris@1296:             @actions << "#{controller}/#{actions}"
Chris@1296:           end
Chris@1296:         end
Chris@1296:         @actions.flatten!
Chris@1296:       end
Chris@1296: 
Chris@1296:       def public?
Chris@1296:         @public
Chris@1296:       end
Chris@1296: 
Chris@1296:       def require_member?
Chris@1296:         @require && @require == :member
Chris@1296:       end
Chris@1296: 
Chris@1296:       def require_loggedin?
Chris@1296:         @require && (@require == :member || @require == :loggedin)
Chris@1296:       end
Chris@1296: 
Chris@1296:       def read?
Chris@1296:         @read
Chris@1296:       end
Chris@1296:     end
Chris@1296:   end
Chris@1296: end