Chris@1517: # Redmine - project management software Chris@1517: # Copyright (C) 2006-2014 Jean-Philippe Lang Chris@1517: # Chris@1517: # This program is free software; you can redistribute it and/or Chris@1517: # modify it under the terms of the GNU General Public License Chris@1517: # as published by the Free Software Foundation; either version 2 Chris@1517: # of the License, or (at your option) any later version. Chris@1517: # Chris@1517: # This program is distributed in the hope that it will be useful, Chris@1517: # but WITHOUT ANY WARRANTY; without even the implied warranty of Chris@1517: # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Chris@1517: # GNU General Public License for more details. Chris@1517: # Chris@1517: # You should have received a copy of the GNU General Public License Chris@1517: # along with this program; if not, write to the Free Software Chris@1517: # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. Chris@1517: Chris@1517: module Redmine Chris@1517: module AccessControl Chris@1517: Chris@1517: class << self Chris@1517: def map Chris@1517: mapper = Mapper.new Chris@1517: yield mapper Chris@1517: @permissions ||= [] Chris@1517: @permissions += mapper.mapped_permissions Chris@1517: end Chris@1517: Chris@1517: def permissions Chris@1517: @permissions Chris@1517: end Chris@1517: Chris@1517: # Returns the permission of given name or nil if it wasn't found Chris@1517: # Argument should be a symbol Chris@1517: def permission(name) Chris@1517: permissions.detect {|p| p.name == name} Chris@1517: end Chris@1517: Chris@1517: # Returns the actions that are allowed by the permission of given name Chris@1517: def allowed_actions(permission_name) Chris@1517: perm = permission(permission_name) Chris@1517: perm ? perm.actions : [] Chris@1517: end Chris@1517: Chris@1517: def public_permissions Chris@1517: @public_permissions ||= @permissions.select {|p| p.public?} Chris@1517: end Chris@1517: Chris@1517: def members_only_permissions Chris@1517: @members_only_permissions ||= @permissions.select {|p| p.require_member?} Chris@1517: end Chris@1517: Chris@1517: def loggedin_only_permissions Chris@1517: @loggedin_only_permissions ||= @permissions.select {|p| p.require_loggedin?} Chris@1517: end Chris@1517: Chris@1517: def read_action?(action) Chris@1517: if action.is_a?(Symbol) Chris@1517: perm = permission(action) Chris@1517: !perm.nil? && perm.read? Chris@1517: else Chris@1517: s = "#{action[:controller]}/#{action[:action]}" Chris@1517: permissions.detect {|p| p.actions.include?(s) && p.read?}.present? Chris@1517: end Chris@1517: end Chris@1517: Chris@1517: def available_project_modules Chris@1517: @available_project_modules ||= @permissions.collect(&:project_module).uniq.compact Chris@1517: end Chris@1517: Chris@1517: def modules_permissions(modules) Chris@1517: @permissions.select {|p| p.project_module.nil? || modules.include?(p.project_module.to_s)} Chris@1517: end Chris@1517: end Chris@1517: Chris@1517: class Mapper Chris@1517: def initialize Chris@1517: @project_module = nil Chris@1517: end Chris@1517: Chris@1517: def permission(name, hash, options={}) Chris@1517: @permissions ||= [] Chris@1517: options.merge!(:project_module => @project_module) Chris@1517: @permissions << Permission.new(name, hash, options) Chris@1517: end Chris@1517: Chris@1517: def project_module(name, options={}) Chris@1517: @project_module = name Chris@1517: yield self Chris@1517: @project_module = nil Chris@1517: end Chris@1517: Chris@1517: def mapped_permissions Chris@1517: @permissions Chris@1517: end Chris@1517: end Chris@1517: Chris@1517: class Permission Chris@1517: attr_reader :name, :actions, :project_module Chris@1517: Chris@1517: def initialize(name, hash, options) Chris@1517: @name = name Chris@1517: @actions = [] Chris@1517: @public = options[:public] || false Chris@1517: @require = options[:require] Chris@1517: @read = options[:read] || false Chris@1517: @project_module = options[:project_module] Chris@1517: hash.each do |controller, actions| Chris@1517: if actions.is_a? Array Chris@1517: @actions << actions.collect {|action| "#{controller}/#{action}"} Chris@1517: else Chris@1517: @actions << "#{controller}/#{actions}" Chris@1517: end Chris@1517: end Chris@1517: @actions.flatten! Chris@1517: end Chris@1517: Chris@1517: def public? Chris@1517: @public Chris@1517: end Chris@1517: Chris@1517: def require_member? Chris@1517: @require && @require == :member Chris@1517: end Chris@1517: Chris@1517: def require_loggedin? Chris@1517: @require && (@require == :member || @require == :loggedin) Chris@1517: end Chris@1517: Chris@1517: def read? Chris@1517: @read Chris@1517: end Chris@1517: end Chris@1517: end Chris@1517: end