OpenProject is the leading open source project management software.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
openproject/lib/costs_user_patch.rb

287 lines
9.2 KiB

require_dependency 'project'
require_dependency 'principal'
require_dependency 'user'
module CostsUserPatch
def self.included(base) # :nodoc:
base.send(:include, InstanceMethods)
base.class_eval do
unloadable
has_many :groups_users, :class_name => 'GroupUser', :dependent => :destroy,
:after_add => Proc.new {|user, group_user| group_user.group.user_added(user)},
:after_remove => Proc.new {|user, group_user| group_user.group.user_removed(user)}
has_many :groups, :through => :groups_users,
:after_add => Proc.new {|user, group| group.user_added(user)},
:after_remove => Proc.new {|user, group| group.user_removed(user)}
has_many :rates, :class_name => 'HourlyRate'
has_many :default_rates, :class_name => 'DefaultHourlyRate'
before_save :save_rates
alias_method_chain :allowed_to?, :inheritance
end
end
module InstanceMethods
def allowed_for_role(action, project, role, users, options={})
allowed = role.allowed_to?(action)
if action.is_a? Symbol
perm = Redmine::AccessControl.permission(action)
if perm.granular_for
allowed && users.include?(options[:for] || self)
elsif !allowed && options[:for] && granulars = Redmine::AccessControl.permissions.select{|p| p.granular_for == perm}
granulars.detect{|p| self.allowed_to? p.name, project, options}
else
allowed
end
else
allowed
end
end
def granular_roles_for_project(project)
roles = {}
# No role on archived projects
return roles unless project && project.active?
if logged?
# Find project membership
membership = memberships.detect {|m| m.project_id == project.id}
if membership
roles = granular_roles(membership.member_roles)
else
@role_non_member ||= Role.non_member
roles[@role_non_member] = [self]
end
else
@role_anonymous ||= Role.anonymous
roles[@role_anonymous] = [self]
end
roles
end
# Return true if the user is allowed to do the specified action on project
# action can be:
# * a parameter-like Hash (eg. :controller => 'projects', :action => 'edit')
# * a permission Symbol (eg. :edit_project)
def allowed_to_with_inheritance?(action, context, options={})
allowed_for_role = Proc.new do |role, users|
self.allowed_for_role(action, context, role, users, options)
end
options[:for] = self unless options.has_key?(:for)
if context && context.is_a?(Project)
# No action allowed on archived projects
return false unless context.active?
# No action allowed on disabled modules
return false unless context.allows_to?(action)
# Admin users are authorized for anything else
return true if admin?
roles = granular_roles_for_project(context)
return false unless roles
allowing_role_pair = roles.detect do |role, users|
if (context.is_public? || role.member?)
allowed_for_role.call(role, users)
else
false
end
end
allowing_role_pair ? allowing_role_pair[0] : allowing_role_pair #the role
elsif context && context.is_a?(Array)
# Authorize if user is authorized on every element of the array
context.map do |project|
allowed_to?(action, project, options)
end.inject do |memo,allowed|
memo && allowed
end
elsif options[:global]
# Admin users are always authorized
return true if admin?
# authorize if user has at least one role that has this permission
roles = memberships.inject({}) do |roles, m|
granular_roles(m.member_roles).each_pair do |role, users|
if roles[role]
roles[role] |= users unless users.nil?
else
roles[role] = users
end
roles
end
roles
end
allowing_role = roles.detect(&allowed_for_role)
if allowing_role
allowing_role[0]
else
self.logged? ? allowed_for_role.call(Role.non_member, [self]) : allowed_for_role.call(Role.anonymous, [self])
end
else
false
end
end
def allowed_for(permission, projects = nil)
unless projects.nil? or projects.blank?
projects = [projects] unless projects.is_a? Array
projects, ids = projects.partition{|p| p.is_a?(Project)}
projects += Project.find_all_by_id(ids)
else
vis_projects = Project.find(:all, :conditions => Project.visible_by(self), :include => [:enabled_modules])
projects = vis_projects + (projects.nil? ? [] : projects)
# In case there is no Project, we assume that an admin still has all the permissions
return (self.admin? ? "(1=1)" : "(1=0)") if projects.blank?
end
return "(#{Project.table_name}.id in (#{projects.collect(&:id).join(", ")}))" if self.admin?
user_list = projects.inject({}) do |user_list, project|
roles = granular_roles_for_project(project)
return user_list unless roles
users_for_project = []
roles.each_pair do |role, users|
if (project.is_public? || role.member?)
if !Redmine::AccessControl.permission(permission).granular_for && self.allowed_for_role(permission, project, role, users)
users_for_project = nil
break
elsif self.allowed_for_role(permission, project, role, users, :for => self)
users_for_project += users.collect(&:id)
end
end
end
if users_for_project.nil? || !users_for_project.empty?
users_for_project.sort!.uniq! unless users_for_project.nil?
user_list[users_for_project] ||= []
user_list[users_for_project] << project.id
end
user_list
end
cond = ["0=1"]
user_list.each_pair do |users, projects|
if users
cond << "(#{Project.table_name}.id in (#{projects.join(", ")}) AND #{User.table_name}.id IN (#{users.join(", ")}))"
else
cond << "(#{Project.table_name}.id in (#{projects.join(", ")}))"
end
end
"(#{cond.join " OR "})"
end
def current_rate(project = nil, include_default = true)
rate_at(Date.today, project, include_default)
end
def rate_at(date, project = nil, include_default = true)
unless project.nil?
rate = HourlyRate.find(:first, :conditions => [ "user_id = ? and project_id = ? and valid_from <= ?", id, project, date], :order => "valid_from DESC")
if rate.nil?
project = Project.find(project) unless project.is_a?(Project)
rate = HourlyRate.find(:first, :conditions => [ "user_id = ? and project_id in (?) and valid_from <= ?", id, project.ancestors, date], :include => :project, :order => "projects.lft DESC, valid_from DESC")
end
end
rate ||= default_rate_at(date) if include_default
rate
end
def current_default_rate()
default_rate_at(Date.today)
end
def default_rate_at(date)
DefaultHourlyRate.find(:first, :conditions => [ "user_id = ? and valid_from <= ?", id, date], :order => "valid_from DESC")
end
def add_rates(project, rate_attributes)
# set project to nil to set the default rates
return unless rate_attributes
rate_attributes.each do |index, attributes|
attributes[:rate] = Rate.clean_currency(attributes[:rate])
if project.nil?
default_rates.build(attributes)
else
attributes[:project] = project
rates.build(attributes)
end
end
end
def set_existing_rates (project, rate_attributes)
if project.nil?
default_rates.reject(&:new_record?).each do |rate|
update_rate(rate, rate_attributes, false)
end
else
rates.reject{|r| r.new_record? || r.project_id != project.id}.each do |rate|
update_rate(rate, rate_attributes, true)
end
end
end
def save_rates
(default_rates + rates).each do |rate|
rate.save(false)
end
end
private
def granular_roles(member_roles)
roles = {}
member_roles.each do |r|
roles[r.role] = [self]
if r.inherited_from
# the role was inherited from a group
case r.membership_type
when :controller
inherited = MemberRole.find_by_id(r.inherited_from)
users = [self]
users += inherited.member.users# if inherited.member.principal.is_a? Group
roles[r.role] = users
else # :default
#nothing
end
end
end
roles
end
def update_rate(rate, rate_attributes, project_rate = true)
attributes = rate_attributes[rate.id.to_s] if rate_attributes
has_rate = false
if attributes && attributes[:rate].present?
attributes[:rate] = Rate.clean_currency(attributes[:rate])
has_rate = true
end
if has_rate
rate.attributes = attributes
else
project_rate ? rates.delete(rate) : default_rates.delete(rate)
end
end
end
end
User.send(:include, CostsUserPatch)