Class: Role

Inherits:
ActiveRecord::Base
  • Object
show all
Includes:
Redmine::SafeAttributes
Defined in:
app/models/role.rb

Overview

Redmine - project management software Copyright (C) 2006-2021 Jean-Philippe Lang

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.

Defined Under Namespace

Classes: PermissionsAttributeCoder

Constant Summary collapse

BUILTIN_NON_MEMBER =

Built-in roles

1
BUILTIN_ANONYMOUS =
2
ISSUES_VISIBILITY_OPTIONS =
[
  ['all', :label_issues_visibility_all],
  ['default', :label_issues_visibility_public],
  ['own', :label_issues_visibility_own]
]
TIME_ENTRIES_VISIBILITY_OPTIONS =
[
  ['all', :label_time_entries_visibility_all],
  ['own', :label_time_entries_visibility_own]
]
USERS_VISIBILITY_OPTIONS =
[
  ['all', :label_users_visibility_all],
  ['members_of_visible_projects', :label_users_visibility_members_of_visible_projects]
]

Class Method Summary collapse

Instance Method Summary collapse

Methods included from Redmine::SafeAttributes

#delete_unsafe_attributes, included, #safe_attribute?, #safe_attribute_names, #safe_attributes=

Class Method Details

.anonymousObject

Return the builtin 'anonymous' role. If the role doesn't exist, it will be created on the fly.


286
287
288
# File 'app/models/role.rb', line 286

def self.anonymous
  find_or_create_system_role(BUILTIN_ANONYMOUS, 'Anonymous')
end

.find_all_givableObject

Find all the roles that can be given to a project member


274
275
276
# File 'app/models/role.rb', line 274

def self.find_all_givable
  Role.givable.to_a
end

.non_memberObject

Return the builtin 'non member' role. If the role doesn't exist, it will be created on the fly.


280
281
282
# File 'app/models/role.rb', line 280

def self.non_member
  find_or_create_system_role(BUILTIN_NON_MEMBER, 'Non member')
end

Instance Method Details

#<=>(role) ⇒ Object


152
153
154
155
156
157
158
159
160
161
162
# File 'app/models/role.rb', line 152

def <=>(role)
  if role
    if builtin == role.builtin
      position <=> role.position
    else
      builtin <=> role.builtin
    end
  else
    -1
  end
end

#add_permission!(*perms) ⇒ Object


124
125
126
127
128
129
130
131
132
133
# File 'app/models/role.rb', line 124

def add_permission!(*perms)
  self.permissions = [] unless permissions.is_a?(Array)

  permissions_will_change!
  perms.each do |p|
    p = p.to_sym
    permissions << p unless permissions.include?(p)
  end
  save!
end

#allowed_to?(action) ⇒ Boolean

Return true if role is allowed to do the specified action action can be:

  • a parameter-like Hash (eg. :controller => 'projects', :action => 'edit')

  • a permission Symbol (eg. :edit_project)

Returns:

  • (Boolean)

196
197
198
199
200
201
202
# File 'app/models/role.rb', line 196

def allowed_to?(action)
  if action.is_a? Hash
    allowed_actions.include? "#{action[:controller]}/#{action[:action]}"
  else
    allowed_permissions.include? action
  end
end

#anonymous?Boolean

Return true if the role is the anonymous role

Returns:

  • (Boolean)

183
184
185
# File 'app/models/role.rb', line 183

def anonymous?
  builtin == 2
end

#builtin?Boolean

Return true if the role is a builtin role

Returns:

  • (Boolean)

178
179
180
# File 'app/models/role.rb', line 178

def builtin?
  self.builtin != 0
end

#consider_workflow?Boolean

Returns:

  • (Boolean)

148
149
150
# File 'app/models/role.rb', line 148

def consider_workflow?
  has_permission?(:add_issues) || has_permission?(:edit_issues)
end

#copy_from(arg, options = {}) ⇒ Object

Copies attributes from another role, arg can be an id or a Role


109
110
111
112
113
114
115
116
117
# File 'app/models/role.rb', line 109

def copy_from(arg, options={})
  return unless arg.present?

  role = arg.is_a?(Role) ? arg : Role.find_by_id(arg.to_s)
  self.attributes = role.attributes.dup.except("id", "name", "position", "builtin", "permissions")
  self.permissions = role.permissions.dup
  self.managed_role_ids = role.managed_role_ids.dup
  self
end

#copy_workflow_rules(source_role) ⇒ Object


269
270
271
# File 'app/models/role.rb', line 269

def copy_workflow_rules(source_role)
  WorkflowRule.copy(nil, source_role, nil, self)
end

#has_permission?(perm) ⇒ Boolean

Returns true if the role has the given permission

Returns:

  • (Boolean)

144
145
146
# File 'app/models/role.rb', line 144

def has_permission?(perm)
  !permissions.nil? && permissions.include?(perm.to_sym)
end

#member?Boolean

Return true if the role is a project member role

Returns:

  • (Boolean)

188
189
190
# File 'app/models/role.rb', line 188

def member?
  !self.builtin?
end

#nameObject


168
169
170
171
172
173
174
175
# File 'app/models/role.rb', line 168

def name
  case builtin
  when 1 then l(:label_role_non_member, :default => read_attribute(:name))
  when 2 then l(:label_role_anonymous,  :default => read_attribute(:name))
  else
    read_attribute(:name)
  end
end

#permissions=(perms) ⇒ Object


119
120
121
122
# File 'app/models/role.rb', line 119

def permissions=(perms)
  perms = perms.collect {|p| p.to_sym unless p.blank?}.compact.uniq if perms
  write_attribute(:permissions, perms)
end

#permissions_all_trackersObject


232
233
234
# File 'app/models/role.rb', line 232

def permissions_all_trackers
  super || {}
end

#permissions_all_trackers=(arg) ⇒ Object


236
237
238
# File 'app/models/role.rb', line 236

def permissions_all_trackers=(arg)
  super(arg.to_hash)
end

#permissions_all_trackers?(permission) ⇒ Boolean

Returns true if permission is given for all trackers

Returns:

  • (Boolean)

241
242
243
# File 'app/models/role.rb', line 241

def permissions_all_trackers?(permission)
  permissions_all_trackers[permission.to_s].to_s != '0'
end

#permissions_tracker?(permission, tracker) ⇒ Boolean

Returns true if permission is given for the tracker (explicitly or for all trackers)

Returns:

  • (Boolean)

247
248
249
250
# File 'app/models/role.rb', line 247

def permissions_tracker?(permission, tracker)
  permissions_all_trackers?(permission) ||
    permissions_tracker_ids?(permission, tracker.try(:id))
end

#permissions_tracker_ids(*args) ⇒ Object


212
213
214
215
216
217
218
# File 'app/models/role.rb', line 212

def permissions_tracker_ids(*args)
  if args.any?
    Array(permissions_tracker_ids[args.first.to_s]).map(&:to_i)
  else
    super || {}
  end
end

#permissions_tracker_ids=(arg) ⇒ Object


220
221
222
223
224
# File 'app/models/role.rb', line 220

def permissions_tracker_ids=(arg)
  h = arg.to_hash
  h.values.each {|v| v.reject!(&:blank?)}
  super(h)
end

#permissions_tracker_ids?(permission, tracker_id) ⇒ Boolean

Returns true if tracker_id belongs to the list of trackers for which permission is given

Returns:

  • (Boolean)

228
229
230
# File 'app/models/role.rb', line 228

def permissions_tracker_ids?(permission, tracker_id)
  permissions_tracker_ids(permission).include?(tracker_id)
end

#remove_permission!(*perms) ⇒ Object


135
136
137
138
139
140
141
# File 'app/models/role.rb', line 135

def remove_permission!(*perms)
  return unless permissions.is_a?(Array)

  permissions_will_change!
  perms.each {|p| permissions.delete(p.to_sym)}
  save!
end

#set_permission_trackers(permission, tracker_ids) ⇒ Object

Sets the trackers that are allowed for a permission. tracker_ids can be an array of tracker ids or :all for no restrictions.

Examples:

role.set_permission_trackers :add_issues, [1, 3]
role.set_permission_trackers :add_issues, :all

259
260
261
262
263
264
265
266
267
# File 'app/models/role.rb', line 259

def set_permission_trackers(permission, tracker_ids)
  h = {permission.to_s => (tracker_ids == :all ? '1' : '0')}
  self.permissions_all_trackers = permissions_all_trackers.merge(h)

  h = {permission.to_s => (tracker_ids == :all ? [] : tracker_ids)}
  self.permissions_tracker_ids = permissions_tracker_ids.merge(h)

  self
end

#setable_permissionsObject

Return all the permissions that can be given to the role


205
206
207
208
209
210
# File 'app/models/role.rb', line 205

def setable_permissions
  setable_permissions = Redmine::AccessControl.permissions - Redmine::AccessControl.public_permissions
  setable_permissions -= Redmine::AccessControl.members_only_permissions if self.builtin == BUILTIN_NON_MEMBER
  setable_permissions -= Redmine::AccessControl.loggedin_only_permissions if self.builtin == BUILTIN_ANONYMOUS
  setable_permissions
end

#to_sObject


164
165
166
# File 'app/models/role.rb', line 164

def to_s
  name
end