kanbanworkflowstimelinescrumrubyroadmapproject-planningproject-managementopenprojectangularissue-trackerifcgantt-chartganttbug-trackerboardsbcf
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
286 lines
9.2 KiB
286 lines
9.2 KiB
require_dependency 'project'
|
|
|
|
require_dependency 'principal'
|
|
require_dependency 'user'
|
|
|
|
module CostsUserPatch
|
|
def self.included(base) # :nodoc:
|
|
base.send(:include, InstanceMethods)
|
|
|
|
base.class_eval do
|
|
unloadable
|
|
|
|
has_many :groups_users, :class_name => 'GroupUser', :dependent => :destroy,
|
|
:after_add => Proc.new {|user, group_user| group_user.group.user_added(user)},
|
|
:after_remove => Proc.new {|user, group_user| group_user.group.user_removed(user)}
|
|
|
|
has_many :groups, :through => :groups_users,
|
|
:after_add => Proc.new {|user, group| group.user_added(user)},
|
|
:after_remove => Proc.new {|user, group| group.user_removed(user)}
|
|
|
|
|
|
has_many :rates, :class_name => 'HourlyRate'
|
|
has_many :default_rates, :class_name => 'DefaultHourlyRate'
|
|
|
|
before_save :save_rates
|
|
|
|
alias_method_chain :allowed_to?, :inheritance
|
|
end
|
|
|
|
end
|
|
|
|
module InstanceMethods
|
|
def allowed_for_role(action, project, role, users, options={})
|
|
allowed = role.allowed_to?(action)
|
|
|
|
if action.is_a? Symbol
|
|
perm = Redmine::AccessControl.permission(action)
|
|
if perm.granular_for
|
|
allowed && users.include?(options[:for] || self)
|
|
elsif !allowed && options[:for] && granulars = Redmine::AccessControl.permissions.select{|p| p.granular_for == perm}
|
|
granulars.detect{|p| self.allowed_to? p.name, project, options}
|
|
else
|
|
allowed
|
|
end
|
|
else
|
|
allowed
|
|
end
|
|
end
|
|
|
|
def granular_roles_for_project(project)
|
|
roles = {}
|
|
# No role on archived projects
|
|
return roles unless project && project.active?
|
|
if logged?
|
|
# Find project membership
|
|
membership = memberships.detect {|m| m.project_id == project.id}
|
|
if membership
|
|
roles = granular_roles(membership.member_roles)
|
|
else
|
|
@role_non_member ||= Role.non_member
|
|
roles[@role_non_member] = [self]
|
|
end
|
|
else
|
|
@role_anonymous ||= Role.anonymous
|
|
roles[@role_anonymous] = [self]
|
|
end
|
|
roles
|
|
end
|
|
|
|
# Return true if the user is allowed to do the specified action on project
|
|
# action can be:
|
|
# * a parameter-like Hash (eg. :controller => 'projects', :action => 'edit')
|
|
# * a permission Symbol (eg. :edit_project)
|
|
def allowed_to_with_inheritance?(action, context, options={})
|
|
allowed_for_role = Proc.new do |role, users|
|
|
self.allowed_for_role(action, context, role, users, options)
|
|
end
|
|
|
|
options[:for] = self unless options.has_key?(:for)
|
|
|
|
if context && context.is_a?(Project)
|
|
# No action allowed on archived projects
|
|
return false unless context.active?
|
|
# No action allowed on disabled modules
|
|
return false unless context.allows_to?(action)
|
|
# Admin users are authorized for anything else
|
|
return true if admin?
|
|
|
|
roles = granular_roles_for_project(context)
|
|
return false unless roles
|
|
allowing_role_pair = roles.detect do |role, users|
|
|
if (context.is_public? || role.member?)
|
|
allowed_for_role.call(role, users)
|
|
else
|
|
false
|
|
end
|
|
end
|
|
allowing_role_pair ? allowing_role_pair[0] : allowing_role_pair #the role
|
|
elsif context && context.is_a?(Array)
|
|
# Authorize if user is authorized on every element of the array
|
|
context.map do |project|
|
|
allowed_to?(action, project, options)
|
|
end.inject do |memo,allowed|
|
|
memo && allowed
|
|
end
|
|
|
|
elsif options[:global]
|
|
# Admin users are always authorized
|
|
return true if admin?
|
|
|
|
# authorize if user has at least one role that has this permission
|
|
roles = memberships.inject({}) do |roles, m|
|
|
granular_roles(m.member_roles).each_pair do |role, users|
|
|
if roles[role]
|
|
roles[role] |= users unless users.nil?
|
|
else
|
|
roles[role] = users
|
|
end
|
|
|
|
roles
|
|
end
|
|
roles
|
|
end
|
|
|
|
allowing_role = roles.detect(&allowed_for_role)
|
|
if allowing_role
|
|
allowing_role[0]
|
|
else
|
|
self.logged? ? allowed_for_role.call(Role.non_member, [self]) : allowed_for_role.call(Role.anonymous, [self])
|
|
end
|
|
|
|
else
|
|
false
|
|
end
|
|
end
|
|
|
|
def allowed_for(permission, projects = nil)
|
|
unless projects.nil? or projects.blank?
|
|
projects = [projects] unless projects.is_a? Array
|
|
projects, ids = projects.partition{|p| p.is_a?(Project)}
|
|
projects += Project.find_all_by_id(ids)
|
|
else
|
|
vis_projects = Project.find(:all, :conditions => Project.visible_by(self), :include => [:enabled_modules])
|
|
projects = vis_projects + (projects.nil? ? [] : projects)
|
|
# In case there is no Project, we assume that an admin still has all the permissions
|
|
return (self.admin? ? "(1=1)" : "(1=0)") if projects.blank?
|
|
end
|
|
|
|
return "(#{Project.table_name}.id in (#{projects.collect(&:id).join(", ")}))" if self.admin?
|
|
|
|
user_list = projects.inject({}) do |user_list, project|
|
|
roles = granular_roles_for_project(project)
|
|
return user_list unless roles
|
|
|
|
users_for_project = []
|
|
roles.each_pair do |role, users|
|
|
if (project.is_public? || role.member?)
|
|
if !Redmine::AccessControl.permission(permission).granular_for && self.allowed_for_role(permission, project, role, users)
|
|
users_for_project = nil
|
|
break
|
|
elsif self.allowed_for_role(permission, project, role, users, :for => self)
|
|
users_for_project += users.collect(&:id)
|
|
end
|
|
end
|
|
end
|
|
if users_for_project.nil? || !users_for_project.empty?
|
|
users_for_project.sort!.uniq! unless users_for_project.nil?
|
|
user_list[users_for_project] ||= []
|
|
user_list[users_for_project] << project.id
|
|
end
|
|
user_list
|
|
end
|
|
|
|
cond = ["0=1"]
|
|
user_list.each_pair do |users, projects|
|
|
if users
|
|
cond << "(#{Project.table_name}.id in (#{projects.join(", ")}) AND #{User.table_name}.id IN (#{users.join(", ")}))"
|
|
else
|
|
cond << "(#{Project.table_name}.id in (#{projects.join(", ")}))"
|
|
end
|
|
end
|
|
"(#{cond.join " OR "})"
|
|
end
|
|
|
|
def current_rate(project = nil, include_default = true)
|
|
rate_at(Date.today, project, include_default)
|
|
end
|
|
|
|
def rate_at(date, project = nil, include_default = true)
|
|
unless project.nil?
|
|
rate = HourlyRate.find(:first, :conditions => [ "user_id = ? and project_id = ? and valid_from <= ?", id, project, date], :order => "valid_from DESC")
|
|
if rate.nil?
|
|
project = Project.find(project) unless project.is_a?(Project)
|
|
rate = HourlyRate.find(:first, :conditions => [ "user_id = ? and project_id in (?) and valid_from <= ?", id, project.ancestors, date], :include => :project, :order => "projects.lft DESC, valid_from DESC")
|
|
end
|
|
end
|
|
rate ||= default_rate_at(date) if include_default
|
|
rate
|
|
end
|
|
|
|
def current_default_rate()
|
|
default_rate_at(Date.today)
|
|
end
|
|
|
|
def default_rate_at(date)
|
|
DefaultHourlyRate.find(:first, :conditions => [ "user_id = ? and valid_from <= ?", id, date], :order => "valid_from DESC")
|
|
end
|
|
|
|
def add_rates(project, rate_attributes)
|
|
# set project to nil to set the default rates
|
|
|
|
return unless rate_attributes
|
|
|
|
rate_attributes.each do |index, attributes|
|
|
attributes[:rate] = Rate.clean_currency(attributes[:rate])
|
|
|
|
if project.nil?
|
|
default_rates.build(attributes)
|
|
else
|
|
attributes[:project] = project
|
|
rates.build(attributes)
|
|
end
|
|
end
|
|
end
|
|
|
|
def set_existing_rates (project, rate_attributes)
|
|
if project.nil?
|
|
default_rates.reject(&:new_record?).each do |rate|
|
|
update_rate(rate, rate_attributes, false)
|
|
end
|
|
else
|
|
rates.reject{|r| r.new_record? || r.project_id != project.id}.each do |rate|
|
|
update_rate(rate, rate_attributes, true)
|
|
end
|
|
end
|
|
end
|
|
|
|
def save_rates
|
|
(default_rates + rates).each do |rate|
|
|
rate.save(false)
|
|
end
|
|
end
|
|
|
|
|
|
private
|
|
def granular_roles(member_roles)
|
|
roles = {}
|
|
member_roles.each do |r|
|
|
roles[r.role] = [self]
|
|
|
|
if r.inherited_from
|
|
# the role was inherited from a group
|
|
case r.membership_type
|
|
when :controller
|
|
inherited = MemberRole.find_by_id(r.inherited_from)
|
|
users = [self]
|
|
users += inherited.member.users# if inherited.member.principal.is_a? Group
|
|
|
|
roles[r.role] = users
|
|
else # :default
|
|
#nothing
|
|
end
|
|
end
|
|
end
|
|
roles
|
|
end
|
|
|
|
def update_rate(rate, rate_attributes, project_rate = true)
|
|
attributes = rate_attributes[rate.id.to_s] if rate_attributes
|
|
|
|
has_rate = false
|
|
if attributes && attributes[:rate].present?
|
|
attributes[:rate] = Rate.clean_currency(attributes[:rate])
|
|
has_rate = true
|
|
end
|
|
|
|
if has_rate
|
|
rate.attributes = attributes
|
|
else
|
|
project_rate ? rates.delete(rate) : default_rates.delete(rate)
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
User.send(:include, CostsUserPatch)
|
|
|