openproject/app/services/authorization/user_project_roles_query.rb

#-- encoding: UTF-8
#-- copyright
# OpenProject is a project management system.
# Copyright (C) 2012-2015 the OpenProject Foundation (OPF)
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License version 3.
#
# OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows:
# Copyright (C) 2006-2013 Jean-Philippe Lang
# Copyright (C) 2010-2013 the ChiliProject Team
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
#
# See doc/COPYRIGHT.rdoc for more details.
#++

class Authorization::UserProjectRolesQuery < Authorization::UserRolesQuery
  transformations.register :all, :project_where_projection do |statement, user, _|
    statement.where(users_table[:id].eq(user.id))
  end

  transformations.register users_members_join, :project_id_limit do |statement, _, project|
    statement.and(members_table[:project_id].eq(project.id))
  end

  transformations.register roles_member_roles_join, :builtin_role do |statement, user, project|
    if project.is_public?
      builtin_role = if user.logged?
                       Role::BUILTIN_NON_MEMBER
                     else
                       Role::BUILTIN_ANONYMOUS
                     end

      builtin_role_condition = members_table[:id]
                               .eq(nil)
                               .and(roles_table[:builtin]
                                    .eq(builtin_role))

      statement = statement.or(builtin_role_condition)
    end

    statement
  end
end
replaces ruby based permission check for allowed_to? with sql based query 8 years ago			`#-- encoding: UTF-8`
provide every possible file with a short copyright notice This was done using the rake task: rake copyright:update 12 years ago			`#-- copyright`
			`# OpenProject is a project management system.`
Update year in copyright header to 2015 [ci skip] 10 years ago			`# Copyright (C) 2012-2015 the OpenProject Foundation (OPF)`
provide every possible file with a short copyright notice This was done using the rake task: rake copyright:update 12 years ago			`#`
			`# This program is free software; you can redistribute it and/or`
			`# modify it under the terms of the GNU General Public License version 3.`
			`#`
new copyright header #1903 11 years ago			`# OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows:`
			`# Copyright (C) 2006-2013 Jean-Philippe Lang`
			`# Copyright (C) 2010-2013 the ChiliProject Team`
			`#`
			`# This program is free software; you can redistribute it and/or`
			`# modify it under the terms of the GNU General Public License`
			`# as published by the Free Software Foundation; either version 2`
			`# of the License, or (at your option) any later version.`
			`#`
			`# This program is distributed in the hope that it will be useful,`
			`# but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`# GNU General Public License for more details.`
			`#`
			`# You should have received a copy of the GNU General Public License`
			`# along with this program; if not, write to the Free Software`
			`# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.`
			`#`
provide every possible file with a short copyright notice This was done using the rake task: rake copyright:update 12 years ago			`# See doc/COPYRIGHT.rdoc for more details.`
			`#++`

replaces ruby based permission check for allowed_to? with sql based query 8 years ago			`class Authorization::UserProjectRolesQuery < Authorization::UserRolesQuery`
			`transformations.register :all, :project_where_projection do \|statement, user, _\|`
			`statement.where(users_table[:id].eq(user.id))`
refactored allowed_to to be more extensible * AllowanceEvaluator can be registered to decide whether to grant or deny a permission request * default AllowanceEvaluator is functionally identical with former impelmentation * broken up allowed_to into allowed_to_for_project and allowed_to_globally to reduce method length 13 years ago			`end`

replaces ruby based permission check for allowed_to? with sql based query 8 years ago			`transformations.register users_members_join, :project_id_limit do \|statement, _, project\|`
			`statement.and(members_table[:project_id].eq(project.id))`
refactored allowed_to to be more extensible * AllowanceEvaluator can be registered to decide whether to grant or deny a permission request * default AllowanceEvaluator is functionally identical with former impelmentation * broken up allowed_to into allowed_to_for_project and allowed_to_globally to reduce method length 13 years ago			`end`

replaces ruby based permission check for allowed_to? with sql based query 8 years ago			`transformations.register roles_member_roles_join, :builtin_role do \|statement, user, project\|`
			`if project.is_public?`
			`builtin_role = if user.logged?`
			`Role::BUILTIN_NON_MEMBER`
			`else`
			`Role::BUILTIN_ANONYMOUS`
			`end`
refactored allowed_to to be more extensible * AllowanceEvaluator can be registered to decide whether to grant or deny a permission request * default AllowanceEvaluator is functionally identical with former impelmentation * broken up allowed_to into allowed_to_for_project and allowed_to_globally to reduce method length 13 years ago
replaces ruby based permission check for allowed_to? with sql based query 8 years ago			`builtin_role_condition = members_table[:id]`
			`.eq(nil)`
			`.and(roles_table[:builtin]`
			`.eq(builtin_role))`
refactored allowed_to to be more extensible * AllowanceEvaluator can be registered to decide whether to grant or deny a permission request * default AllowanceEvaluator is functionally identical with former impelmentation * broken up allowed_to into allowed_to_for_project and allowed_to_globally to reduce method length 13 years ago
replaces ruby based permission check for allowed_to? with sql based query 8 years ago			`statement = statement.or(builtin_role_condition)`
			`end`
improve performance of watcher determination 10 years ago
replaces ruby based permission check for allowed_to? with sql based query 8 years ago			`statement`
improve performance of watcher determination 10 years ago			`end`
refactored allowed_to to be more extensible * AllowanceEvaluator can be registered to decide whether to grant or deny a permission request * default AllowanceEvaluator is functionally identical with former impelmentation * broken up allowed_to into allowed_to_for_project and allowed_to_globally to reduce method length 13 years ago			`end`