require_dependency 'user' # Patches Redmine's Users dynamically. module UserPatch def self.included(base) # :nodoc: base.extend(ClassMethods) base.send(:include, InstanceMethods) # Same as typing in the class base.class_eval do unloadable has_many :groups_users, :class_name => 'GroupUser', :dependent => :destroy, :after_add => Proc.new {|user, group_user| group_user.group.user_added(user)}, :after_remove => Proc.new {|user, group_user| group_user.group.user_removed(user)} has_many :groups, :through => :groups_users, :after_add => Proc.new {|user, group| group.user_added(user)}, :after_remove => Proc.new {|user, group| group.user_removed(user)} has_many :rates, :class_name => 'HourlyRate' has_many :default_rates, :class_name => 'DefaultHourlyRate' before_save :save_rates unless instance_methods.include? "allowed_to_without_inheritance?" alias_method_chain :allowed_to?, :inheritance end end end module ClassMethods end module InstanceMethods def allowed_for_role(action, project, role, users, options={}) allowed = role.allowed_to?(action) if action.is_a? Symbol perm = Redmine::AccessControl.permission(action) if perm.granular_for allowed && users.include?(options[:for] || self) elsif !allowed && options[:for] && granulars = Redmine::AccessControl.permissions.select{|p| p.granular_for == perm} granulars.detect{|p| self.allowed_to? p.name, project, options} else allowed end else allowed end end def granular_roles_for_project(project) roles = {} # No role on archived projects return roles unless project && project.active? if logged? # Find project membership membership = memberships.detect {|m| m.project_id == project.id} if membership roles = granular_roles(membership.member_roles) else @role_non_member ||= Role.non_member roles[@role_non_member] = [self] end else @role_anonymous ||= Role.anonymous roles[@role_anonymous] = [self] end roles end # Return true if the user is allowed to do the specified action on project # action can be: # * a parameter-like Hash (eg. :controller => 'projects', :action => 'edit') # * a permission Symbol (eg. :edit_project) def allowed_to_with_inheritance?(action, project, options={}) allowed_for_role = Proc.new do |role, users| self.allowed_for_role(action, project, role, users, options) end if project # No action allowed on archived projects return false unless project.active? # No action allowed on disabled modules return false unless project.allows_to?(action) # Admin users are authorized for anything else return true if admin? roles = granular_roles_for_project(project) return false unless roles roles.detect do |role, users| if (project.is_public? || role.member?) allowed_for_role.call(role, users) else false end end elsif options[:global] # Admin users are always authorized return true if admin? # authorize if user has at least one role that has this permission roles = memberships.inject({}) do |roles, m| granular_roles(m.member_roles).each_pair do |role, users| if roles[role] roles[role] |= users unless users.nil? else roles[role] = users end roles end end roles.detect(&allowed_for_role) || (self.logged? ? allowed_for_role.call(Role.non_member, [self]) : allowed_for_role.call(Role.anonymous, [self])) else false end end def allowed_for(permission, projects = nil) if projects projects = [projects] unless projects.is_a? Array projects, ids = projects.partition{|p| p.is_a?(Project)} projects += Project.find_all_by_id(ids) else projects = Project.find(:all, :conditions => Project.visible_by(self), :include => [:enabled_modules]) end user_list = projects.inject({}) do |user_list, project| roles = granular_roles_for_project(project) if roles users_for_project = [] roles.each_pair do |role, users| if (project.is_public? || role.member?) && self.allowed_for_role(permission, project, role, users, :for => self) users_for_project += users.collect(&:id) end end unless users_for_project.blank? users_for_project.sort!.uniq! user_list[users_for_project] ||= [] user_list[users_for_project] << project.id end end user_list end cond = ["0=1"] user_list.each_pair do |users, projects| cond << "(#{Project.table_name}.id in (#{projects.join(", ")}) AND #{User.table_name}.id IN (#{users.join(", ")}))" end "(#{cond.join " OR "})" end def current_rate(project = nil, include_default = true) rate_at(Date.today, project, include_default) end def rate_at(date, project = nil, include_default = true) unless project.nil? rate = HourlyRate.find(:first, :conditions => [ "user_id = ? and project_id = ? and valid_from <= ?", id, project, date], :order => "valid_from DESC") # TODO: this is Redmine 0.8 specific. Sort by project.lft first if using redmine 0.9! if rate.nil? project = Project.find(project) unless project.is_a?(Project) rate = HourlyRate.find(:first, :conditions => [ "user_id = ? and project_id in (?) and valid_from <= ?", id, project.ancestors, date], :order => "valid_from DESC") end end rate ||= default_rate_at(date) if include_default rate end def current_default_rate() default_rate_at(Date.today) end def default_rate_at(date) DefaultHourlyRate.find(:first, :conditions => [ "user_id = ? and valid_from <= ?", id, date], :order => "valid_from DESC") end def add_rates(project, rate_attributes) # set project to nil to set the default rates return unless rate_attributes rate_attributes.each do |index, attributes| attributes[:rate] = Rate.clean_currency(attributes[:rate]) if project.nil? default_rates.build(attributes) if attributes[:rate].to_f > 0 else attributes[:project] = project rates.build(attributes) if attributes[:rate].to_f > 0 end end end def set_existing_rates (project, rate_attributes) if project.nil? default_rates.reject(&:new_record?).each do |rate| update_rate(rate, rate_attributes, false) end else rates.reject{|r| r.new_record? || r.project_id != project.id}.each do |rate| update_rate(rate, rate_attributes, true) end end end def save_rates (default_rates + rates).each do |rate| rate.save(false) end end private def granular_roles(member_roles) roles = {} member_roles.each do |r| roles[r.role] = [self] if r.inherited_from # the role was inherited from a group case r.membership_type when :controller inherited = MemberRole.find_by_id(r.inherited_from) users = [self] users += inherited.member.users# if inherited.member.principal.is_a? Group roles[r.role] = users else # :default #nothing end end end roles end def update_rate(rate, rate_attributes, project_rate = true) attributes = rate_attributes[rate.id.to_s] if rate_attributes has_rate = false if attributes && attributes[:rate] attributes[:rate] = Rate.clean_currency(attributes[:rate]) has_rate = attributes[:rate].to_f > 0 end if has_rate rate.attributes = attributes else project_rate ? rates.delete(rate) : default_rates.delete(rate) end end end end