parent
5158b9c8a5
commit
b5ecd43331
@ -1,37 +0,0 @@ |
||||
#-- copyright |
||||
# OpenProject Global Roles Plugin |
||||
# |
||||
# Copyright (C) 2010 - 2014 the OpenProject Foundation (OPF) |
||||
# |
||||
# This program is free software; you can redistribute it and/or |
||||
# modify it under the terms of the GNU General Public License |
||||
# version 3. |
||||
# |
||||
# This program is distributed in the hope that it will be useful, |
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of |
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||||
# GNU General Public License for more details. |
||||
# |
||||
# You should have received a copy of the GNU General Public License |
||||
# along with this program; if not, write to the Free Software |
||||
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
||||
#++ |
||||
|
||||
module OpenProject |
||||
module GlobalRoles |
||||
module PrincipalAllowanceEvaluator |
||||
class Global < OpenProject::PrincipalAllowanceEvaluator::Base |
||||
def granted_for_global?(membership, action, options) |
||||
return false unless membership.is_a?(PrincipalRole) |
||||
granted = super |
||||
|
||||
granted || membership.role.allowed_to?(action).present? |
||||
end |
||||
|
||||
def global_granting_candidates |
||||
@user.principal_roles |
||||
end |
||||
end |
||||
end |
||||
end |
||||
end |
@ -1,92 +0,0 @@ |
||||
#-- copyright |
||||
# OpenProject Global Roles Plugin |
||||
# |
||||
# Copyright (C) 2010 - 2014 the OpenProject Foundation (OPF) |
||||
# |
||||
# This program is free software; you can redistribute it and/or |
||||
# modify it under the terms of the GNU General Public License |
||||
# version 3. |
||||
# |
||||
# This program is distributed in the hope that it will be useful, |
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of |
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||||
# GNU General Public License for more details. |
||||
# |
||||
# You should have received a copy of the GNU General Public License |
||||
# along with this program; if not, write to the Free Software |
||||
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
||||
#++ |
||||
|
||||
require File.dirname(__FILE__) + '/../../../spec_helper' |
||||
|
||||
describe OpenProject::GlobalRoles::PrincipalAllowanceEvaluator::Global do |
||||
let(:klass) { OpenProject::GlobalRoles::PrincipalAllowanceEvaluator::Global } |
||||
let(:user) { FactoryGirl.build(:user) } |
||||
let(:filter) { klass.new user } |
||||
let(:member) { FactoryGirl.build(:member) } |
||||
let(:principal_role) { |
||||
FactoryGirl.build(:principal_role, |
||||
role: role) |
||||
} |
||||
let(:principal_role2) { FactoryGirl.build(:principal_role) } |
||||
let(:role) { FactoryGirl.build(:global_role) } |
||||
let(:project) { FactoryGirl.build(:project) } |
||||
|
||||
describe '#granted_for_project?' do |
||||
it { expect(filter.granted_for_project?(member, :action, project)).to be_falsey } |
||||
end |
||||
|
||||
describe '#denied_for_project?' do |
||||
it { expect(filter.denied_for_project?(member, :action, project)).to be_falsey } |
||||
end |
||||
|
||||
describe '#granted_for_global?' do |
||||
describe 'WHEN checking a Member' do |
||||
it { expect(filter.granted_for_global?(member, :action, {})).to be_falsey } |
||||
end |
||||
|
||||
describe "WHEN checking a PrincipalRole |
||||
WHEN the PrincipalRole has a Role that is allowed the action" do |
||||
before do |
||||
role.permissions = [:action] |
||||
end |
||||
|
||||
it { expect(filter.granted_for_global?(principal_role, :action, {})).to be_truthy } |
||||
end |
||||
|
||||
describe "WHEN checking a PrincipalRole |
||||
WHEN the PrincipalRole has a Role that is not allowed the action" do |
||||
it { expect(filter.granted_for_global?(principal_role, :action, {})).to be_falsey } |
||||
end |
||||
end |
||||
|
||||
describe '#denied_for_global?' do |
||||
it { expect(filter.denied_for_global?(principal_role, :action, {})).to be_falsey } |
||||
end |
||||
|
||||
describe '#project_granting_candidates' do |
||||
it { expect(filter.project_granting_candidates(project)).to match_array([]) } |
||||
end |
||||
|
||||
describe '#global_granting_candidates' do |
||||
describe 'WHEN the user has a PrincipalRole assigned' do |
||||
before do |
||||
user.principal_roles = [principal_role] |
||||
end |
||||
|
||||
it { filter.global_granting_candidates =~ [principal_role] } |
||||
end |
||||
|
||||
describe 'WHEN the user has multiple PrincipalRole assigned' do |
||||
before do |
||||
user.principal_roles = [principal_role, principal_role2] |
||||
end |
||||
|
||||
it { filter.global_granting_candidates =~ [principal_role, principal_role2] } |
||||
end |
||||
|
||||
describe 'WHEN the user has no PrincipalRoles assigned' do |
||||
it { filter.global_granting_candidates =~ [] } |
||||
end |
||||
end |
||||
end |
@ -1,32 +0,0 @@ |
||||
#-- copyright |
||||
# OpenProject Global Roles Plugin |
||||
# |
||||
# Copyright (C) 2010 - 2014 the OpenProject Foundation (OPF) |
||||
# |
||||
# This program is free software; you can redistribute it and/or |
||||
# modify it under the terms of the GNU General Public License |
||||
# version 3. |
||||
# |
||||
# This program is distributed in the hope that it will be useful, |
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of |
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||||
# GNU General Public License for more details. |
||||
# |
||||
# You should have received a copy of the GNU General Public License |
||||
# along with this program; if not, write to the Free Software |
||||
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
||||
#++ |
||||
|
||||
require File.dirname(__FILE__) + '/../spec_helper' |
||||
|
||||
describe User, type: :model do |
||||
let(:klass) { User } |
||||
|
||||
describe '#registered_allowance_evaluators' do |
||||
it { |
||||
expect(klass.registered_allowance_evaluators).to include( |
||||
OpenProject::GlobalRoles::PrincipalAllowanceEvaluator::Global |
||||
) |
||||
} |
||||
end |
||||
end |
@ -0,0 +1,145 @@ |
||||
#-- copyright |
||||
# OpenProject is a project management system. |
||||
# |
||||
# Copyright (C) 2010-2013 the OpenProject Foundation (OPF) |
||||
# |
||||
# This program is free software; you can redistribute it and/or |
||||
# modify it under the terms of the GNU General Public License version 3. |
||||
# |
||||
# See doc/COPYRIGHT.rdoc for more details. |
||||
#++ |
||||
|
||||
require 'spec_helper' |
||||
|
||||
describe User, 'allowed to' do |
||||
let(:user) { member.principal } |
||||
let(:anonymous) { FactoryGirl.build(:anonymous) } |
||||
let(:project) { FactoryGirl.build(:project, is_public: false) } |
||||
let(:project2) { FactoryGirl.build(:project, is_public: false) } |
||||
let(:role) { FactoryGirl.build(:role) } |
||||
let(:role2) { FactoryGirl.build(:role) } |
||||
let(:anonymous_role) { FactoryGirl.build(:anonymous_role) } |
||||
let(:member) { FactoryGirl.build(:member, project: project, |
||||
roles: [role]) } |
||||
|
||||
let(:action) { :the_one } |
||||
let(:other_action) { :another } |
||||
let(:public_action) { :view_project } |
||||
let(:global_permission) { Redmine::AccessControl.permissions.find { |p| p.global? } } |
||||
let(:global_role) { FactoryGirl.build(:global_role, :permissions => [global_permission.name]) } |
||||
let(:principal_role) { FactoryGirl.build(:empty_principal_role, principal: user, |
||||
role: global_role) } |
||||
|
||||
|
||||
before do |
||||
user.save! |
||||
anonymous.save! |
||||
end |
||||
|
||||
context "w/o the context being a project |
||||
w/o the user being member in a project |
||||
w/ the user having the global role |
||||
w/ the global role having the necessary permission" do |
||||
before do |
||||
global_role.save! |
||||
|
||||
principal_role.save! |
||||
end |
||||
|
||||
it 'is true' do |
||||
expect(user.allowed_to?(global_permission.name, nil, global: true)).to be_truthy |
||||
end |
||||
end |
||||
|
||||
context "w/o the context being a project |
||||
w/o the user being member in a project |
||||
w/ the user having the global role |
||||
w/o the global role having the necessary permission" do |
||||
|
||||
before do |
||||
global_role.permissions = [] |
||||
global_role.save! |
||||
|
||||
principal_role.save! |
||||
end |
||||
|
||||
it 'is false' do |
||||
expect(user.allowed_to?(global_permission.name, nil, global: true)).to be_falsey |
||||
end |
||||
end |
||||
|
||||
context "w/o the context being a project |
||||
w/o the user being member in a project |
||||
w/o the user having the global role |
||||
w/ the global role having the necessary permission" do |
||||
|
||||
before do |
||||
global_role.permissions = [] |
||||
global_role.save! |
||||
end |
||||
|
||||
it 'is false' do |
||||
expect(user.allowed_to?(global_permission.name, nil, global: true)).to be_falsey |
||||
end |
||||
end |
||||
|
||||
context "w/o the context being a project |
||||
w/o the user being member in a project |
||||
w/o the user having the global role |
||||
w/ the user being admin" do |
||||
|
||||
before do |
||||
user.update_attribute(:admin, true) |
||||
end |
||||
|
||||
it 'is true' do |
||||
expect(user.allowed_to?(global_permission.name, nil, global: true)).to be_truthy |
||||
end |
||||
end |
||||
|
||||
context "w/ the context being a project |
||||
w/o the user being member in the project |
||||
w/ the user having the global role |
||||
w/o the global role having the necessary permission" do |
||||
before do |
||||
global_role.permissions = [] |
||||
global_role.save! |
||||
|
||||
principal_role.save! |
||||
end |
||||
|
||||
it 'is false' do |
||||
expect(user.allowed_to?(global_permission.name, project)).to be_falsey |
||||
end |
||||
end |
||||
|
||||
context "w/ the context being a project |
||||
w/o the user being member in a project |
||||
w/o the user having the global role |
||||
w/ the global role having the necessary permission" do |
||||
|
||||
before do |
||||
global_role.permissions = [] |
||||
global_role.save! |
||||
end |
||||
|
||||
it 'is false' do |
||||
expect(user.allowed_to?(global_permission.name, project)).to be_falsey |
||||
end |
||||
end |
||||
|
||||
context "w/ the context being a project |
||||
w/o the user being member in a project |
||||
w/o the user having the global role |
||||
w/ the user being admin" do |
||||
|
||||
before do |
||||
user.update_attribute(:admin, true) |
||||
end |
||||
|
||||
it 'is true' do |
||||
expect(user.allowed_to?(global_permission.name, project)).to be_truthy |
||||
end |
||||
end |
||||
end |
||||
|
Loading…
Reference in new issue