Class: Role

Inherits:
ActiveRecord::Base
  • Object
show all
Includes:
Redmine::SafeAttributes
Defined in:
app/models/role.rb

Overview

Redmine - project management software Copyright (C) 2006-2016 Jean-Philippe Lang

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.

Defined Under Namespace

Classes: PermissionsAttributeCoder

Constant Summary

BUILTIN_NON_MEMBER =

Built-in roles

1
BUILTIN_ANONYMOUS =
2
ISSUES_VISIBILITY_OPTIONS =
[
  ['all', :label_issues_visibility_all],
  ['default', :label_issues_visibility_public],
  ['own', :label_issues_visibility_own]
]
TIME_ENTRIES_VISIBILITY_OPTIONS =
[
  ['all', :label_time_entries_visibility_all],
  ['own', :label_time_entries_visibility_own]
]
USERS_VISIBILITY_OPTIONS =
[
  ['all', :label_users_visibility_all],
  ['members_of_visible_projects', :label_users_visibility_members_of_visible_projects]
]

Class Method Summary collapse

Instance Method Summary collapse

Methods included from Redmine::SafeAttributes

#delete_unsafe_attributes, included, #safe_attribute?, #safe_attribute_names, #safe_attributes=

Class Method Details

.anonymousObject

Return the builtin 'anonymous' role. If the role doesn't exist, it will be created on the fly.



277
278
279
# File 'app/models/role.rb', line 277

def self.anonymous
  find_or_create_system_role(BUILTIN_ANONYMOUS, 'Anonymous')
end

.find_all_givableObject

Find all the roles that can be given to a project member



265
266
267
# File 'app/models/role.rb', line 265

def self.find_all_givable
  Role.givable.to_a
end

.non_memberObject

Return the builtin 'non member' role. If the role doesn't exist, it will be created on the fly.



271
272
273
# File 'app/models/role.rb', line 271

def self.non_member
  find_or_create_system_role(BUILTIN_NON_MEMBER, 'Non member')
end

Instance Method Details

#<=>(role) ⇒ Object



148
149
150
151
152
153
154
155
156
157
158
# File 'app/models/role.rb', line 148

def <=>(role)
  if role
    if builtin == role.builtin
      position <=> role.position
    else
      builtin <=> role.builtin
    end
  else
    -1
  end
end

#add_permission!(*perms) ⇒ Object



121
122
123
124
125
126
127
128
129
130
# File 'app/models/role.rb', line 121

def add_permission!(*perms)
  self.permissions = [] unless permissions.is_a?(Array)

  permissions_will_change!
  perms.each do |p|
    p = p.to_sym
    permissions << p unless permissions.include?(p)
  end
  save!
end

#allowed_to?(action) ⇒ Boolean

Return true if role is allowed to do the specified action action can be:

  • a parameter-like Hash (eg. :controller => 'projects', :action => 'edit')

  • a permission Symbol (eg. :edit_project)

Returns:

  • (Boolean)


191
192
193
194
195
196
197
# File 'app/models/role.rb', line 191

def allowed_to?(action)
  if action.is_a? Hash
    allowed_actions.include? "#{action[:controller]}/#{action[:action]}"
  else
    allowed_permissions.include? action
  end
end

#anonymous?Boolean

Return true if the role is the anonymous role

Returns:

  • (Boolean)


178
179
180
# File 'app/models/role.rb', line 178

def anonymous?
  builtin == 2
end

#builtin?Boolean

Return true if the role is a builtin role

Returns:

  • (Boolean)


173
174
175
# File 'app/models/role.rb', line 173

def builtin?
  self.builtin != 0
end

#consider_workflow?Boolean

Returns:

  • (Boolean)


144
145
146
# File 'app/models/role.rb', line 144

def consider_workflow?
  has_permission?(:add_issues) || has_permission?(:edit_issues)
end

#copy_from(arg, options = {}) ⇒ Object

Copies attributes from another role, arg can be an id or a Role



107
108
109
110
111
112
113
114
# File 'app/models/role.rb', line 107

def copy_from(arg, options={})
  return unless arg.present?
  role = arg.is_a?(Role) ? arg : Role.find_by_id(arg.to_s)
  self.attributes = role.attributes.dup.except("id", "name", "position", "builtin", "permissions")
  self.permissions = role.permissions.dup
  self.managed_role_ids = role.managed_role_ids.dup
  self
end

#has_permission?(perm) ⇒ Boolean

Returns true if the role has the given permission

Returns:

  • (Boolean)


140
141
142
# File 'app/models/role.rb', line 140

def has_permission?(perm)
  !permissions.nil? && permissions.include?(perm.to_sym)
end

#member?Boolean

Return true if the role is a project member role

Returns:

  • (Boolean)


183
184
185
# File 'app/models/role.rb', line 183

def member?
  !self.builtin?
end

#nameObject



164
165
166
167
168
169
170
# File 'app/models/role.rb', line 164

def name
  case builtin
  when 1; l(:label_role_non_member, :default => read_attribute(:name))
  when 2; l(:label_role_anonymous,  :default => read_attribute(:name))
  else; read_attribute(:name)
  end
end

#permissions=(perms) ⇒ Object



116
117
118
119
# File 'app/models/role.rb', line 116

def permissions=(perms)
  perms = perms.collect {|p| p.to_sym unless p.blank? }.compact.uniq if perms
  write_attribute(:permissions, perms)
end

#permissions_all_trackersObject



227
228
229
# File 'app/models/role.rb', line 227

def permissions_all_trackers
  super || {}
end

#permissions_all_trackers=(arg) ⇒ Object



231
232
233
# File 'app/models/role.rb', line 231

def permissions_all_trackers=(arg)
  super(arg.to_hash)
end

#permissions_all_trackers?(permission) ⇒ Boolean

Returns true if permission is given for all trackers

Returns:

  • (Boolean)


236
237
238
# File 'app/models/role.rb', line 236

def permissions_all_trackers?(permission)
  permissions_all_trackers[permission.to_s].to_s != '0'
end

#permissions_tracker?(permission, tracker) ⇒ Boolean

Returns true if permission is given for the tracker (explicitly or for all trackers)

Returns:

  • (Boolean)


242
243
244
245
# File 'app/models/role.rb', line 242

def permissions_tracker?(permission, tracker)
  permissions_all_trackers?(permission) ||
    permissions_tracker_ids?(permission, tracker.try(:id))
end

#permissions_tracker_ids(*args) ⇒ Object



207
208
209
210
211
212
213
# File 'app/models/role.rb', line 207

def permissions_tracker_ids(*args)
  if args.any?
    Array(permissions_tracker_ids[args.first.to_s]).map(&:to_i)
  else
    super || {}
  end
end

#permissions_tracker_ids=(arg) ⇒ Object



215
216
217
218
219
# File 'app/models/role.rb', line 215

def permissions_tracker_ids=(arg)
  h = arg.to_hash
  h.values.each {|v| v.reject!(&:blank?)}
  super(h)
end

#permissions_tracker_ids?(permission, tracker_id) ⇒ Boolean

Returns true if tracker_id belongs to the list of trackers for which permission is given

Returns:

  • (Boolean)


223
224
225
# File 'app/models/role.rb', line 223

def permissions_tracker_ids?(permission, tracker_id)
  permissions_tracker_ids(permission).include?(tracker_id)
end

#remove_permission!(*perms) ⇒ Object



132
133
134
135
136
137
# File 'app/models/role.rb', line 132

def remove_permission!(*perms)
  return unless permissions.is_a?(Array)
  permissions_will_change!
  perms.each { |p| permissions.delete(p.to_sym) }
  save!
end

#set_permission_trackers(permission, tracker_ids) ⇒ Object

Sets the trackers that are allowed for a permission. tracker_ids can be an array of tracker ids or :all for no restrictions.

Examples:

role.set_permission_trackers :add_issues, [1, 3]
role.set_permission_trackers :add_issues, :all


254
255
256
257
258
259
260
261
262
# File 'app/models/role.rb', line 254

def set_permission_trackers(permission, tracker_ids)
  h = {permission.to_s => (tracker_ids == :all ? '1' : '0')}
  self.permissions_all_trackers = permissions_all_trackers.merge(h)

  h = {permission.to_s => (tracker_ids == :all ? [] : tracker_ids)}
  self.permissions_tracker_ids = permissions_tracker_ids.merge(h)

  self
end

#setable_permissionsObject

Return all the permissions that can be given to the role



200
201
202
203
204
205
# File 'app/models/role.rb', line 200

def setable_permissions
  setable_permissions = Redmine::AccessControl.permissions - Redmine::AccessControl.public_permissions
  setable_permissions -= Redmine::AccessControl.members_only_permissions if self.builtin == BUILTIN_NON_MEMBER
  setable_permissions -= Redmine::AccessControl.loggedin_only_permissions if self.builtin == BUILTIN_ANONYMOUS
  setable_permissions
end

#to_sObject



160
161
162
# File 'app/models/role.rb', line 160

def to_s
  name
end