OpenProject is the leading open source project management software.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 
openproject/lib/role_patch.rb

84 lines
2.7 KiB

require_dependency 'user'
# Patches Redmine's Users dynamically.
module RolePatch
def self.included(base) # :nodoc:
base.extend(ClassMethods)
base.send(:include, InstanceMethods)
# Same as typing in the class
base.class_eval do
unloadable
unless instance_methods.include? "allowed_to_without_inheritance?"
alias_method_chain :allowed_to?, :inheritance
end
end
end
module ClassMethods
def self.enclosed_permissions(permission_name)
# FIXME: Remove me!
sub_permissions = [permission_name]
permission_tree.each_pair do |k, v|
if (v == permission_name) || (v.is_a?(Array) && v.include?(permission_name))
sub_permissions << enclosed_permissions(k)
end
end
sub_permissions.flatten.uniq
end
end
module InstanceMethods
# Return true if the user is allowed to do the specified action on project
# action can be:
# * a parameter-like Hash (eg. :controller => 'projects', :action => 'edit')
# * a permission Symbol (eg. :edit_project)
def allowed_to_with_inheritance?(action)
return true if allowed_to_without_inheritance?(action)
if action.is_a? Hash
# action is a parameter hash
# check the action based on the permissions of the role and all
# included permissions
allowed_inherited_actions.include? "#{action[:controller]}/#{action[:action]}"
else
# check, if the role has one of the parent permissions granted
permission = Redmine::AccessControl.permission(action)
permission.inherited_by.detect {|parent| allowed_inherited_permissions.include? parent}
# if parents = self.class.permission_tree[action]
# parents = [parents] unless parents.is_a? Array
# parents.each {|parent| return true if allowed_to? parent, for_user}
# end
#
# # check, if the current user can see the own objects of for_user
# if personal = personal_permissions[action]
# return true if ((for_user == User.current) && allowed_to?(personal, nil))
# end
end
end
private
def allowed_inherited_permissions
@allowed_inherited_permissions ||= begin
all_permissions = allowed_permissions || []
(all_permissions | allowed_permissions.collect do |sym|
p = Redmine::AccessControl.permission(sym)
p ? p.inherits.collect(&:name) : []
end.flatten).uniq
end
end
def allowed_inherited_actions
@actions_allowed_inherited ||= begin
allowed_inherited_permissions.inject({}){|actions, p| actions[p] = Redmine::AccessControl.allowed_actions(p); actions}
end
end
end
end