Merge branch 'dev' of github.com:finnlabs/openproject-global_roles into dev

8 years ago · 900b6b2788
parent 0628d68f33 94dbc0dcc0
commit 900b6b2788
6 changed files with 172 additions and 164 deletions
--- a/lib/open_project/global_roles/engine.rb
+++ b/lib/open_project/global_roles/engine.rb
@ -47,7 +47,26 @@ module OpenProject::GlobalRoles
    end

    config.to_prepare do
-      User.register_allowance_evaluator OpenProject::GlobalRoles::PrincipalAllowanceEvaluator::Global
+      principal_roles_table = PrincipalRole.arel_table
+      query = Authorization::UserGlobalRolesQuery
+      roles_table = query.roles_table
+      users_table = query.users_table
+
+      query.transformations
+           .register :all,
+                     :principal_roles_join,
+                     before: [:roles_join] do |statement, user|
+
+        statement.outer_join(principal_roles_table)
+                 .on(users_table[:id].eq(principal_roles_table[:principal_id]))
+      end
+
+      query.transformations
+           .register query.roles_member_roles_join,
+                     :or_is_principal_role do |statement, user|
+
+        statement.or(principal_roles_table[:role_id].eq(roles_table[:id]))
+      end
    end
  end
 end
--- a/lib/open_project/global_roles/principal_allowance_evaluator/global.rb
+++ b/lib/open_project/global_roles/principal_allowance_evaluator/global.rb
@ -1,37 +0,0 @@
-#-- copyright
-# OpenProject Global Roles Plugin
-#
-# Copyright (C) 2010 - 2014 the OpenProject Foundation (OPF)
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# version 3.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
-#++
-
-module OpenProject
-  module GlobalRoles
-    module PrincipalAllowanceEvaluator
-      class Global < OpenProject::PrincipalAllowanceEvaluator::Base
-        def granted_for_global?(membership, action, options)
-          return false unless membership.is_a?(PrincipalRole)
-          granted = super
-
-          granted || membership.role.allowed_to?(action).present?
-        end
-
-        def global_granting_candidates
-          @user.principal_roles
-        end
-      end
-    end
-  end
-end
--- a/spec/factories/principal_role_factory.rb
+++ b/spec/factories/principal_role_factory.rb
@ -19,7 +19,12 @@

 FactoryGirl.define do
  factory :principal_role do |pr|
-    pr.association :role, factory: :global_role
-    pr.association :principal, factory: :user
+    pr.association :role, :factory => :global_role
+    pr.association :principal, :factory => :user
+  end
+end
+
+FactoryGirl.define do
+  factory :empty_principal_role, :class => PrincipalRole do |pr|
  end
 end
--- a/spec/lib/global_roles/principal_allowance_evaluator/global_spec.rb
+++ b/spec/lib/global_roles/principal_allowance_evaluator/global_spec.rb
@ -1,92 +0,0 @@
-#-- copyright
-# OpenProject Global Roles Plugin
-#
-# Copyright (C) 2010 - 2014 the OpenProject Foundation (OPF)
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# version 3.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
-#++
-
-require File.dirname(__FILE__) + '/../../../spec_helper'
-
-describe OpenProject::GlobalRoles::PrincipalAllowanceEvaluator::Global do
-  let(:klass) { OpenProject::GlobalRoles::PrincipalAllowanceEvaluator::Global }
-  let(:user) { FactoryGirl.build(:user) }
-  let(:filter) { klass.new user }
-  let(:member) { FactoryGirl.build(:member) }
-  let(:principal_role) {
-    FactoryGirl.build(:principal_role,
-                      role: role)
-  }
-  let(:principal_role2) { FactoryGirl.build(:principal_role) }
-  let(:role) { FactoryGirl.build(:global_role) }
-  let(:project) { FactoryGirl.build(:project) }
-
-  describe '#granted_for_project?' do
-    it { expect(filter.granted_for_project?(member, :action, project)).to be_falsey }
-  end
-
-  describe '#denied_for_project?' do
-    it { expect(filter.denied_for_project?(member, :action, project)).to be_falsey }
-  end
-
-  describe '#granted_for_global?' do
-    describe 'WHEN checking a Member' do
-      it { expect(filter.granted_for_global?(member, :action, {})).to be_falsey }
-    end
-
-    describe "WHEN checking a PrincipalRole
-              WHEN the PrincipalRole has a Role that is allowed the action" do
-      before do
-        role.permissions = [:action]
-      end
-
-      it { expect(filter.granted_for_global?(principal_role, :action, {})).to be_truthy }
-    end
-
-    describe "WHEN checking a PrincipalRole
-              WHEN the PrincipalRole has a Role that is not allowed the action" do
-      it { expect(filter.granted_for_global?(principal_role, :action, {})).to be_falsey }
-    end
-  end
-
-  describe '#denied_for_global?' do
-    it { expect(filter.denied_for_global?(principal_role, :action, {})).to be_falsey }
-  end
-
-  describe '#project_granting_candidates' do
-    it { expect(filter.project_granting_candidates(project)).to match_array([]) }
-  end
-
-  describe '#global_granting_candidates' do
-    describe 'WHEN the user has a PrincipalRole assigned' do
-      before do
-        user.principal_roles = [principal_role]
-      end
-
-      it { filter.global_granting_candidates =~ [principal_role] }
-    end
-
-    describe 'WHEN the user has multiple PrincipalRole assigned' do
-      before do
-        user.principal_roles = [principal_role, principal_role2]
-      end
-
-      it { filter.global_granting_candidates =~ [principal_role, principal_role2] }
-    end
-
-    describe 'WHEN the user has no PrincipalRoles assigned' do
-      it { filter.global_granting_candidates =~ [] }
-    end
-  end
-end
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@ -1,32 +0,0 @@
-#-- copyright
-# OpenProject Global Roles Plugin
-#
-# Copyright (C) 2010 - 2014 the OpenProject Foundation (OPF)
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# version 3.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
-#++
-
-require File.dirname(__FILE__) + '/../spec_helper'
-
-describe User, type: :model do
-  let(:klass) { User }
-
-  describe '#registered_allowance_evaluators' do
-    it {
-      expect(klass.registered_allowance_evaluators).to include(
-        OpenProject::GlobalRoles::PrincipalAllowanceEvaluator::Global
-      )
-    }
-  end
-end
--- a/spec/models/users/allowed_to_spec.rb
+++ b/spec/models/users/allowed_to_spec.rb
@ -0,0 +1,145 @@
+#-- copyright
+# OpenProject is a project management system.
+#
+# Copyright (C) 2010-2013 the OpenProject Foundation (OPF)
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License version 3.
+#
+# See doc/COPYRIGHT.rdoc for more details.
+#++
+
+require 'spec_helper'
+
+describe User, 'allowed to' do
+  let(:user) { member.principal }
+  let(:anonymous) { FactoryGirl.build(:anonymous) }
+  let(:project) { FactoryGirl.build(:project, is_public: false) }
+  let(:project2) { FactoryGirl.build(:project, is_public: false) }
+  let(:role) { FactoryGirl.build(:role) }
+  let(:role2) { FactoryGirl.build(:role) }
+  let(:anonymous_role) { FactoryGirl.build(:anonymous_role) }
+  let(:member) { FactoryGirl.build(:member, project:  project,
+                                            roles: [role]) }
+
+  let(:action) { :the_one }
+  let(:other_action) { :another }
+  let(:public_action) { :view_project }
+  let(:global_permission) { Redmine::AccessControl.permissions.find { |p| p.global? } }
+  let(:global_role) { FactoryGirl.build(:global_role, :permissions => [global_permission.name]) }
+  let(:principal_role) { FactoryGirl.build(:empty_principal_role, principal: user,
+                                                                  role: global_role) }
+
+
+  before do
+    user.save!
+    anonymous.save!
+  end
+
+  context "w/o the context being a project
+           w/o the user being member in a project
+           w/ the user having the global role
+           w/ the global role having the necessary permission" do
+    before do
+      global_role.save!
+
+      principal_role.save!
+    end
+
+    it 'is true' do
+      expect(user.allowed_to?(global_permission.name, nil, global: true)).to be_truthy
+    end
+  end
+
+  context "w/o the context being a project
+           w/o the user being member in a project
+           w/ the user having the global role
+           w/o the global role having the necessary permission" do
+
+    before do
+      global_role.permissions = []
+      global_role.save!
+
+      principal_role.save!
+    end
+
+    it 'is false' do
+      expect(user.allowed_to?(global_permission.name, nil, global: true)).to be_falsey
+    end
+  end
+
+  context "w/o the context being a project
+           w/o the user being member in a project
+           w/o the user having the global role
+           w/ the global role having the necessary permission" do
+
+    before do
+      global_role.permissions = []
+      global_role.save!
+    end
+
+    it 'is false' do
+      expect(user.allowed_to?(global_permission.name, nil, global: true)).to be_falsey
+    end
+  end
+
+  context "w/o the context being a project
+           w/o the user being member in a project
+           w/o the user having the global role
+           w/ the user being admin" do
+
+    before do
+      user.update_attribute(:admin, true)
+    end
+
+    it 'is true' do
+      expect(user.allowed_to?(global_permission.name, nil, global: true)).to be_truthy
+    end
+  end
+
+  context "w/ the context being a project
+           w/o the user being member in the project
+           w/ the user having the global role
+           w/o the global role having the necessary permission" do
+    before do
+      global_role.permissions = []
+      global_role.save!
+
+      principal_role.save!
+    end
+
+    it 'is false' do
+      expect(user.allowed_to?(global_permission.name, project)).to be_falsey
+    end
+  end
+
+  context "w/ the context being a project
+           w/o the user being member in a project
+           w/o the user having the global role
+           w/ the global role having the necessary permission" do
+
+    before do
+      global_role.permissions = []
+      global_role.save!
+    end
+
+    it 'is false' do
+      expect(user.allowed_to?(global_permission.name, project)).to be_falsey
+    end
+  end
+
+  context "w/ the context being a project
+           w/o the user being member in a project
+           w/o the user having the global role
+           w/ the user being admin" do
+
+    before do
+      user.update_attribute(:admin, true)
+    end
+
+    it 'is true' do
+      expect(user.allowed_to?(global_permission.name, project)).to be_truthy
+    end
+  end
+end
+