openproject/config/initializers/permissions.rb

#-- encoding: UTF-8
#-- copyright
# OpenProject is a project management system.
# Copyright (C) 2012-2015 the OpenProject Foundation (OPF)
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License version 3.
#
# OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows:
# Copyright (C) 2006-2013 Jean-Philippe Lang
# Copyright (C) 2010-2013 the ChiliProject Team
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
#
# See doc/COPYRIGHT.rdoc for more details.
#++

require 'redmine/access_control'

Redmine::AccessControl.map do |map|
  map.permission :view_project,
                 { projects: [:show],
                   activities: [:index] },
                 public: true

  map.permission :search_project,
                 { search: :index },
                 public: true

  map.permission :add_project,
                 { projects: [:new, :create],
                   members: [:paginate_users] },
                 require: :loggedin

  map.permission :edit_project,
                 { projects: [:settings, :edit, :update, :custom_fields],
                   members: [:paginate_users] },
                 require: :member

  map.permission :select_project_modules,
                 { projects: :modules },
                 require: :member

  map.permission :manage_members,
                 { members: [:index, :new, :create, :update, :destroy, :autocomplete_for_member] },
                 require: :member

  map.permission :view_members,
                 { members: [:index] },
                 require: :member

  map.permission :manage_versions,
                 { projects: :settings,
                   versions: [:new, :create, :edit, :update,
                              :close_completed, :destroy] },
                 require: :member

  map.permission :manage_types,
                 { projects: :types },
                 require: :member

  map.permission :add_subprojects,
                 { projects: [:new, :create] },
                 require: :member

  map.permission :copy_projects,
                 { copy_projects: [:copy, :copy_project],
                   members: [:paginate_users] },
                 require: :member

  map.project_module :work_package_tracking do |wpt|
    # Issue categories
    wpt.permission :manage_categories,
                   { projects: :settings,
                     categories: [:new, :create, :edit, :update, :destroy] },
                   require: :member
    # Issues
    wpt.permission :view_work_packages,
                   issues: [:index, :all, :show],
                   auto_complete: [:issues],
                   versions: [:index, :show, :status_by],
                   journals: [:index, :diff],
                   work_packages: [:show, :index],
                   work_packages_api: [:get],
                   :'work_packages/reports' => [:report, :report_details],
                   planning_elements: [:index, :all, :show, :recycle_bin],
                   planning_element_journals: [:index],
                   :'api/experimental/queries' => [:available_columns,
                                                   :custom_field_filters,
                                                   :grouped],
                   :'api/experimental/users' => [:index],
                   :'api/experimental/roles' => [:index],
                   :'api/experimental/groups' => [:index],
                   :'api/experimental/versions' => [:index],
                   :'api/experimental/projects' => [:show,
                                                    :sub_projects,
                                                    :index],
                   :'api/experimental/work_packages' => [:index,
                                                         :column_data,
                                                         :column_sums],
                   # This is api/v2/planning_element_types
                   :planning_element_types => [:index,
                                               :show]

    wpt.permission :export_work_packages,
                   work_packages: [:index, :all]

    wpt.permission :add_work_packages,
                   issues: [:new, :create, :update_form],
                   :'issues/previews' => :create,
                   work_packages: [:new, :new_type, :preview, :create]

    wpt.permission :move_work_packages,
                   { :'work_packages/moves' => [:new, :create] },
                   require: :loggedin

    wpt.permission :edit_work_packages,
                   { issues: [:edit, :update, :update_form],
                     :'work_packages/bulk' => [:edit, :update],
                     work_packages: [:edit, :update, :new_type,
                                     :preview, :quoted],
                     journals: :preview,
                     planning_elements: [:new, :create, :edit, :update],
                     planning_element_journals: [:create] },
                   require: :member

    wpt.permission :add_work_package_notes,
                   work_packages: [:edit, :update],
                   journals: [:new]

    wpt.permission :edit_work_package_notes,
                   { journals: [:edit, :update] },
                   require: :loggedin

    wpt.permission :edit_own_work_package_notes,
                   { journals: [:edit, :update] },
                   require: :loggedin

    wpt.permission :delete_work_packages,
                   { issues: :destroy,
                     work_packages: :destroy,
                     :'work_packages/bulk' => :destroy,
                     planning_elements: [:confirm_destroy,
                                         :destroy,
                                         :destroy_all,
                                         :confirm_destroy_all] },
                   require: :member

    wpt.permission :manage_work_package_relations,
                   work_package_relations: [:create, :destroy]

    wpt.permission :manage_subtasks,
                   {}
    # Queries
    wpt.permission :manage_public_queries,
                   { :'api/experimental/queries' => [:create,
                                                     :update,
                                                     :destroy],
                     queries: [:star, :unstar] },
                   require: :member

    wpt.permission :save_queries,
                   { :'api/experimental/queries' => [:create, :update, :destroy],
                     :queries => [:star, :unstar] },
                   require: :loggedin
    # Watchers
    wpt.permission :view_work_package_watchers,
                   {}

    wpt.permission :add_work_package_watchers,
                   watchers: [:new, :create]

    wpt.permission :delete_work_package_watchers,
                   watchers: :destroy
  end

  map.project_module :time_tracking do |time|
    time.permission :log_time,
                    { timelog: [:new, :create, :edit, :update] },
                    require: :loggedin

    time.permission :view_time_entries,
                    timelog: [:index, :show],
                    time_entry_reports: [:report]

    time.permission :edit_time_entries,
                    { timelog: [:new, :create, :edit, :update, :destroy] },
                    require: :member

    time.permission :edit_own_time_entries,
                    { timelog: [:new, :create, :edit, :update, :destroy] },
                    require: :loggedin

    time.permission :manage_project_activities,
                    { project_enumerations: [:update, :destroy] },
                    require: :member
  end

  map.project_module :news do |news|
    news.permission :manage_news,
                    { news: [:new, :create, :edit, :update, :destroy, :preview],
                      :'news/comments' => [:destroy] },
                    require: :member

    news.permission :view_news,
                    { news: [:index, :show] },
                    public: true

    news.permission :comment_news,
                    :'news/comments' => :create
  end

  map.project_module :wiki do |wiki|
    wiki.permission :manage_wiki,
                    { wikis: [:edit, :destroy] },
                    require: :member

    wiki.permission :manage_wiki_menu,
                    { wiki_menu_items: [:edit, :update, :select_main_menu_item,
                                        :replace_main_menu_item] },
                    require: :member

    wiki.permission :rename_wiki_pages,
                    { wiki: :rename },
                    require: :member

    wiki.permission :change_wiki_parent_page,
                    { wiki: [:edit_parent_page, :update_parent_page] },
                    require: :member

    wiki.permission :delete_wiki_pages,
                    { wiki: :destroy },
                    require: :member

    wiki.permission :view_wiki_pages,
                    wiki: [:index, :show, :special, :date_index]

    wiki.permission :export_wiki_pages,
                    wiki: [:export]

    wiki.permission :view_wiki_edits,
                    wiki: [:history, :diff, :annotate]

    wiki.permission :edit_wiki_pages,
                    wiki: [:edit, :update, :preview, :add_attachment,
                           :new, :new_child, :create]

    wiki.permission :delete_wiki_pages_attachments,
                    {}

    wiki.permission :protect_wiki_pages,
                    { wiki: :protect },
                    require: :member

    wiki.permission :list_attachments,
                    { wiki: :list_attachments },
                    require: :member
  end

  map.project_module :repository do |repo|
    repo.permission :manage_repository,
                    { repositories: [:edit, :create, :update, :committers,
                                     :destroy_info, :destroy] },
                    require: :member

    repo.permission :browse_repository,
                    repositories: [:show, :browse, :entry, :annotate,
                                   :changes, :diff, :stats, :graph]

    repo.permission :view_changesets,
                    repositories: [:show, :revisions, :revision]

    repo.permission :commit_access,
                    {}

    repo.permission :view_commit_author_statistics,
                    {}
  end

  map.project_module :boards do |board|
    board.permission :manage_boards,
                     { boards: [:new, :create, :edit, :update, :move, :destroy] },
                     require: :member

    board.permission :view_messages,
                     { boards: [:index, :show],
                       messages: [:show] },
                     public: true

    board.permission :add_messages,
                     messages: [:new, :create, :reply, :quote, :preview]

    board.permission :edit_messages,
                     { messages: [:edit, :update, :preview] },
                     require: :member

    board.permission :edit_own_messages,
                     { messages: [:edit, :update, :preview] },
                     require: :loggedin

    board.permission :delete_messages,
                     { messages: :destroy },
                     require: :member

    board.permission :delete_own_messages,
                     { messages: :destroy },
                     require: :loggedin
  end

  map.project_module :calendar do |cal|
    cal.permission :view_calendar,
                   :'work_packages/calendars' => [:index]
  end

  map.project_module :activity

  map.project_module :timelines do |timelines|
    timelines.permission :view_project_associations,
                         project_associations: [:index, :show]

    timelines.permission :edit_project_associations,
                         { project_associations: [:edit, :update, :new,
                                                  :create,
                                                  :available_projects] },
                         require: :member

    timelines.permission :delete_project_associations,
                         { project_associations: [:confirm_destroy, :destroy] },
                         require: :member

    timelines.permission :view_timelines,
                         timelines: [:index, :show]

    timelines.permission :edit_timelines,
                         { timelines: [:edit, :update, :new, :create] },
                         require: :member

    timelines.permission :delete_timelines,
                         { timelines: [:confirm_destroy, :destroy] },
                         require: :member

    timelines.permission :view_reportings,
                         reportings: [:index, :all, :show]

    timelines.permission :edit_reportings,
                         { reportings: [:new, :create, :edit,
                                        :update, :available_projects] },
                         require: :member

    timelines.permission :delete_reportings,
                         { reportings: [:confirm_destroy, :destroy] },
                         require: :member
  end
end
splits redmine.rb into initializers 10 years ago			`#-- encoding: UTF-8`
			`#-- copyright`
			`# OpenProject is a project management system.`
Update year in copyright header to 2015 [ci skip] 10 years ago			`# Copyright (C) 2012-2015 the OpenProject Foundation (OPF)`
splits redmine.rb into initializers 10 years ago			`#`
			`# This program is free software; you can redistribute it and/or`
			`# modify it under the terms of the GNU General Public License version 3.`
			`#`
			`# OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows:`
			`# Copyright (C) 2006-2013 Jean-Philippe Lang`
			`# Copyright (C) 2010-2013 the ChiliProject Team`
			`#`
			`# This program is free software; you can redistribute it and/or`
			`# modify it under the terms of the GNU General Public License`
			`# as published by the Free Software Foundation; either version 2`
			`# of the License, or (at your option) any later version.`
			`#`
			`# This program is distributed in the hope that it will be useful,`
			`# but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`# GNU General Public License for more details.`
			`#`
			`# You should have received a copy of the GNU General Public License`
			`# along with this program; if not, write to the Free Software`
			`# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.`
			`#`
			`# See doc/COPYRIGHT.rdoc for more details.`
			`#++`

			`require 'redmine/access_control'`

			`Redmine::AccessControl.map do \|map\|`
			`map.permission :view_project,`
			`{ projects: [:show],`
			`activities: [:index] },`
			`public: true`

			`map.permission :search_project,`
			`{ search: :index },`
			`public: true`

			`map.permission :add_project,`
			`{ projects: [:new, :create],`
			`members: [:paginate_users] },`
			`require: :loggedin`

			`map.permission :edit_project,`
Authorize custom fields controller method 9 years ago			`{ projects: [:settings, :edit, :update, :custom_fields],`
splits redmine.rb into initializers 10 years ago			`members: [:paginate_users] },`
			`require: :member`

			`map.permission :select_project_modules,`
			`{ projects: :modules },`
			`require: :member`

			`map.permission :manage_members,`
added :view_members permission 9 years ago			`{ members: [:index, :new, :create, :update, :destroy, :autocomplete_for_member] },`
			`require: :member`

			`map.permission :view_members,`
			`{ members: [:index] },`
splits redmine.rb into initializers 10 years ago			`require: :member`

			`map.permission :manage_versions,`
			`{ projects: :settings,`
			`versions: [:new, :create, :edit, :update,`
			`:close_completed, :destroy] },`
			`require: :member`

			`map.permission :manage_types,`
			`{ projects: :types },`
			`require: :member`

			`map.permission :add_subprojects,`
			`{ projects: [:new, :create] },`
			`require: :member`

			`map.permission :copy_projects,`
			`{ copy_projects: [:copy, :copy_project],`
			`members: [:paginate_users] },`
			`require: :member`

			`map.project_module :work_package_tracking do \|wpt\|`
			`# Issue categories`
			`wpt.permission :manage_categories,`
			`{ projects: :settings,`
			`categories: [:new, :create, :edit, :update, :destroy] },`
			`require: :member`
			`# Issues`
			`wpt.permission :view_work_packages,`
			`issues: [:index, :all, :show],`
			`auto_complete: [:issues],`
			`versions: [:index, :show, :status_by],`
			`journals: [:index, :diff],`
			`work_packages: [:show, :index],`
			`work_packages_api: [:get],`
			`:'work_packages/reports' => [:report, :report_details],`
			`planning_elements: [:index, :all, :show, :recycle_bin],`
			`planning_element_journals: [:index],`
			`:'api/experimental/queries' => [:available_columns,`
			`:custom_field_filters,`
			`:grouped],`
			`:'api/experimental/users' => [:index],`
			`:'api/experimental/roles' => [:index],`
			`:'api/experimental/groups' => [:index],`
			`:'api/experimental/versions' => [:index],`
			`:'api/experimental/projects' => [:show,`
			`:sub_projects,`
			`:index],`
			`:'api/experimental/work_packages' => [:index,`
			`:column_data,`
			`:column_sums],`
			`# This is api/v2/planning_element_types`
Fix syntax (w/Rubocop) in Rails routes, config Signed-off-by: Alex Coles <alex@alexbcoles.com> 9 years ago			`:planning_element_types => [:index,`
			`:show]`
splits redmine.rb into initializers 10 years ago
			`wpt.permission :export_work_packages,`
			`work_packages: [:index, :all]`

			`wpt.permission :add_work_packages,`
			`issues: [:new, :create, :update_form],`
			`:'issues/previews' => :create,`
			`work_packages: [:new, :new_type, :preview, :create]`

			`wpt.permission :move_work_packages,`
			`{ :'work_packages/moves' => [:new, :create] },`
			`require: :loggedin`

			`wpt.permission :edit_work_packages,`
			`{ issues: [:edit, :update, :update_form],`
			`:'work_packages/bulk' => [:edit, :update],`
			`work_packages: [:edit, :update, :new_type,`
			`:preview, :quoted],`
			`journals: :preview,`
			`planning_elements: [:new, :create, :edit, :update],`
			`planning_element_journals: [:create] },`
			`require: :member`

			`wpt.permission :add_work_package_notes,`
			`work_packages: [:edit, :update],`
			`journals: [:new]`

			`wpt.permission :edit_work_package_notes,`
			`{ journals: [:edit, :update] },`
			`require: :loggedin`

			`wpt.permission :edit_own_work_package_notes,`
			`{ journals: [:edit, :update] },`
			`require: :loggedin`

			`wpt.permission :delete_work_packages,`
			`{ issues: :destroy,`
			`work_packages: :destroy,`
			`:'work_packages/bulk' => :destroy,`
			`planning_elements: [:confirm_destroy,`
			`:destroy,`
			`:destroy_all,`
			`:confirm_destroy_all] },`
			`require: :member`

			`wpt.permission :manage_work_package_relations,`
			`work_package_relations: [:create, :destroy]`

			`wpt.permission :manage_subtasks,`
			`{}`
			`# Queries`
			`wpt.permission :manage_public_queries,`
			`{ :'api/experimental/queries' => [:create,`
			`:update,`
			`:destroy],`
			`queries: [:star, :unstar] },`
			`require: :member`

			`wpt.permission :save_queries,`
			`{ :'api/experimental/queries' => [:create, :update, :destroy],`
Fix syntax (w/Rubocop) in Rails routes, config Signed-off-by: Alex Coles <alex@alexbcoles.com> 9 years ago			`:queries => [:star, :unstar] },`
splits redmine.rb into initializers 10 years ago			`require: :loggedin`
			`# Watchers`
			`wpt.permission :view_work_package_watchers,`
			`{}`

			`wpt.permission :add_work_package_watchers,`
			`watchers: [:new, :create]`

			`wpt.permission :delete_work_package_watchers,`
			`watchers: :destroy`
			`end`

			`map.project_module :time_tracking do \|time\|`
			`time.permission :log_time,`
			`{ timelog: [:new, :create, :edit, :update] },`
			`require: :loggedin`

			`time.permission :view_time_entries,`
			`timelog: [:index, :show],`
			`time_entry_reports: [:report]`

			`time.permission :edit_time_entries,`
			`{ timelog: [:new, :create, :edit, :update, :destroy] },`
			`require: :member`

			`time.permission :edit_own_time_entries,`
			`{ timelog: [:new, :create, :edit, :update, :destroy] },`
			`require: :loggedin`

			`time.permission :manage_project_activities,`
			`{ project_enumerations: [:update, :destroy] },`
			`require: :member`
			`end`

			`map.project_module :news do \|news\|`
			`news.permission :manage_news,`
			`{ news: [:new, :create, :edit, :update, :destroy, :preview],`
			`:'news/comments' => [:destroy] },`
			`require: :member`

			`news.permission :view_news,`
			`{ news: [:index, :show] },`
			`public: true`

			`news.permission :comment_news,`
			`:'news/comments' => :create`
			`end`

			`map.project_module :wiki do \|wiki\|`
			`wiki.permission :manage_wiki,`
			`{ wikis: [:edit, :destroy] },`
			`require: :member`

			`wiki.permission :manage_wiki_menu,`
			`{ wiki_menu_items: [:edit, :update, :select_main_menu_item,`
			`:replace_main_menu_item] },`
			`require: :member`

			`wiki.permission :rename_wiki_pages,`
			`{ wiki: :rename },`
			`require: :member`

			`wiki.permission :change_wiki_parent_page,`
			`{ wiki: [:edit_parent_page, :update_parent_page] },`
			`require: :member`

			`wiki.permission :delete_wiki_pages,`
			`{ wiki: :destroy },`
			`require: :member`

			`wiki.permission :view_wiki_pages,`
			`wiki: [:index, :show, :special, :date_index]`

			`wiki.permission :export_wiki_pages,`
			`wiki: [:export]`

			`wiki.permission :view_wiki_edits,`
			`wiki: [:history, :diff, :annotate]`

			`wiki.permission :edit_wiki_pages,`
			`wiki: [:edit, :update, :preview, :add_attachment,`
			`:new, :new_child, :create]`

			`wiki.permission :delete_wiki_pages_attachments,`
			`{}`

			`wiki.permission :protect_wiki_pages,`
			`{ wiki: :protect },`
			`require: :member`

			`wiki.permission :list_attachments,`
			`{ wiki: :list_attachments },`
			`require: :member`
			`end`

			`map.project_module :repository do \|repo\|`
			`repo.permission :manage_repository,`
Frontend extensions and build refactoring - switched to toggleable-attribute-groups to provide means for adding buttons in the attribute header (e.g., delete button). - added separate destroy_info page with different notifications for managed and linked repositories to ensure ramifications of removing physical repositories are communicated to the user. - Fixed several issues regarding scm_type selection and the building of repositories. Open questions still concern the question of acessing unsupported repositories (e.g., the soon-to-be-removed filesystem adapter). Acessing the class should will then throw an error, but we still have to allow users to remove the affected repository (somehow). 9 years ago			`{ repositories: [:edit, :create, :update, :committers,`
			`:destroy_info, :destroy] },`
splits redmine.rb into initializers 10 years ago			`require: :member`

			`repo.permission :browse_repository,`
			`repositories: [:show, :browse, :entry, :annotate,`
			`:changes, :diff, :stats, :graph]`

			`repo.permission :view_changesets,`
			`repositories: [:show, :revisions, :revision]`

			`repo.permission :commit_access,`
			`{}`

			`repo.permission :view_commit_author_statistics,`
			`{}`
			`end`

			`map.project_module :boards do \|board\|`
			`board.permission :manage_boards,`
			`{ boards: [:new, :create, :edit, :update, :move, :destroy] },`
			`require: :member`

			`board.permission :view_messages,`
			`{ boards: [:index, :show],`
			`messages: [:show] },`
			`public: true`

			`board.permission :add_messages,`
			`messages: [:new, :create, :reply, :quote, :preview]`

			`board.permission :edit_messages,`
			`{ messages: [:edit, :update, :preview] },`
			`require: :member`

			`board.permission :edit_own_messages,`
			`{ messages: [:edit, :update, :preview] },`
			`require: :loggedin`

			`board.permission :delete_messages,`
			`{ messages: :destroy },`
			`require: :member`

			`board.permission :delete_own_messages,`
			`{ messages: :destroy },`
			`require: :loggedin`
			`end`

			`map.project_module :calendar do \|cal\|`
			`cal.permission :view_calendar,`
			`:'work_packages/calendars' => [:index]`
			`end`

			`map.project_module :activity`

			`map.project_module :timelines do \|timelines\|`
			`timelines.permission :view_project_associations,`
			`project_associations: [:index, :show]`

			`timelines.permission :edit_project_associations,`
			`{ project_associations: [:edit, :update, :new,`
			`:create,`
			`:available_projects] },`
			`require: :member`

			`timelines.permission :delete_project_associations,`
			`{ project_associations: [:confirm_destroy, :destroy] },`
			`require: :member`

			`timelines.permission :view_timelines,`
			`timelines: [:index, :show]`

			`timelines.permission :edit_timelines,`
			`{ timelines: [:edit, :update, :new, :create] },`
			`require: :member`

			`timelines.permission :delete_timelines,`
			`{ timelines: [:confirm_destroy, :destroy] },`
			`require: :member`

			`timelines.permission :view_reportings,`
			`reportings: [:index, :all, :show]`

			`timelines.permission :edit_reportings,`
			`{ reportings: [:new, :create, :edit,`
			`:update, :available_projects] },`
			`require: :member`

			`timelines.permission :delete_reportings,`
			`{ reportings: [:confirm_destroy, :destroy] },`
			`require: :member`
			`end`
			`end`