Class: Principal

Inherits:
ActiveRecord::Base
  • Object
show all
Defined in:
app/models/principal.rb

Overview

– copyright ChiliProject is a project management system.

Copyright (C) 2010-2013 the ChiliProject Team

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

See doc/COPYRIGHT.rdoc for more details. ++

Direct Known Subclasses

Group, User

Instance Method Summary collapse

Instance Method Details

#<=>(principal) ⇒ Object


42
43
44
45
46
47
48
49
# File 'app/models/principal.rb', line 42

def <=>(principal)
  if self.class.name == principal.class.name
    self.to_s.downcase <=> principal.to_s.downcase
  else
    # groups after users
    principal.class.name <=> self.class.name
  end
end

#active?Boolean

Returns:

  • (Boolean)

51
52
53
# File 'app/models/principal.rb', line 51

def active?
  true
end

#allowed_to?(action, context, options = {}) ⇒ Boolean

Return true if the user is allowed to do the specified action on a specific context Action can be:

  • a parameter-like Hash (eg. :controller => 'projects', :action => 'edit')

  • a permission Symbol (eg. :edit_project)

Context can be:

  • a project : returns true if user is allowed to do the specified action on this project

  • a group of projects : returns true if user is allowed on every project

  • nil with options set : check if user has at least one role allowed for this action, or falls back to Non Member / Anonymous permissions depending if the user is logged

Returns:

  • (Boolean)

68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
# File 'app/models/principal.rb', line 68

def allowed_to?(action, context, options={})
  if context && context.is_a?(Project)
    # No action allowed on archived projects
    return false unless context.active?
    # No action allowed on disabled modules
    return false unless context.allows_to?(action)
    # Admin users are authorized for anything else
    return true if admin?

    roles = roles_for_project(context)
    return false unless roles
    roles.detect {|role| (context.is_public? || role.member?) && role.allowed_to?(action)}

  elsif context && context.is_a?(Array)
    # Authorize if user is authorized on every element of the array
    context.map do |project|
      allowed_to?(action,project,options)
    end.inject do |memo,allowed|
      memo && allowed
    end
  elsif options[:global]
    # Admin users are always authorized
    return true if admin?

    # authorize if user has at least one role that has this permission
    roles = memberships.collect {|m| m.roles}.flatten.uniq
    roles.detect {|r| r.allowed_to?(action)} || (self.logged? ? Role.non_member.allowed_to?(action) : Role.anonymous.allowed_to?(action))
  else
    false
  end
end

#allowed_to_globally?(action, options) ⇒ Boolean

Is the user allowed to do the specified action on any project? See allowed_to? for the actions and valid options.

Returns:

  • (Boolean)

102
103
104
# File 'app/models/principal.rb', line 102

def allowed_to_globally?(action, options)
  allowed_to?(action, nil, options.reverse_merge(:global => true))
end

#logged?Boolean

Returns:

  • (Boolean)

55
56
57
# File 'app/models/principal.rb', line 55

def logged?
  true # TODO: should all principals default to logged or not?
end

#name(formatter = nil) ⇒ Object


38
39
40
# File 'app/models/principal.rb', line 38

def name(formatter = nil)
  to_s
end

#roles_for_project(project) ⇒ Object

Return user's roles for project


107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
# File 'app/models/principal.rb', line 107

def roles_for_project(project)
  roles = []
  # No role on archived projects
  return roles unless project && project.active?
  if logged?
    # Find project membership
    membership = memberships.detect {|m| m.project_id == project.id}
    if membership
      roles = membership.roles
    else
      @role_non_member ||= Role.non_member
      roles << @role_non_member
    end
  else
    @role_anonymous ||= Role.anonymous
    roles << @role_anonymous
  end
  roles
end

#to_liquidObject


34
35
36
# File 'app/models/principal.rb', line 34

def to_liquid
  PrincipalDrop.new(self)
end