Class: Role

Inherits:
ActiveRecord::Base
  • Object
show all
Includes:
Redmine::SafeAttributes
Defined in:
app/models/role.rb

Overview

Redmine - project management software Copyright (C) 2006-2020 Jean-Philippe Lang

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.

Defined Under Namespace

Classes: PermissionsAttributeCoder

Constant Summary collapse

BUILTIN_NON_MEMBER =

Built-in roles

1
BUILTIN_ANONYMOUS =
2
ISSUES_VISIBILITY_OPTIONS =
[
  ['all', :label_issues_visibility_all],
  ['default', :label_issues_visibility_public],
  ['own', :label_issues_visibility_own]
]
TIME_ENTRIES_VISIBILITY_OPTIONS =
[
  ['all', :label_time_entries_visibility_all],
  ['own', :label_time_entries_visibility_own]
]
USERS_VISIBILITY_OPTIONS =
[
  ['all', :label_users_visibility_all],
  ['members_of_visible_projects', :label_users_visibility_members_of_visible_projects]
]

Class Method Summary collapse

Instance Method Summary collapse

Methods included from Redmine::SafeAttributes

#delete_unsafe_attributes, included, #safe_attribute?, #safe_attribute_names, #safe_attributes=

Class Method Details

.anonymousObject

Return the builtin 'anonymous' role. If the role doesn't exist, it will be created on the fly.


283
284
285
# File 'app/models/role.rb', line 283

def self.anonymous
  find_or_create_system_role(BUILTIN_ANONYMOUS, 'Anonymous')
end

.find_all_givableObject

Find all the roles that can be given to a project member


271
272
273
# File 'app/models/role.rb', line 271

def self.find_all_givable
  Role.givable.to_a
end

.non_memberObject

Return the builtin 'non member' role. If the role doesn't exist, it will be created on the fly.


277
278
279
# File 'app/models/role.rb', line 277

def self.non_member
  find_or_create_system_role(BUILTIN_NON_MEMBER, 'Non member')
end

Instance Method Details

#<=>(role) ⇒ Object


149
150
151
152
153
154
155
156
157
158
159
# File 'app/models/role.rb', line 149

def <=>(role)
  if role
    if builtin == role.builtin
      position <=> role.position
    else
      builtin <=> role.builtin
    end
  else
    -1
  end
end

#add_permission!(*perms) ⇒ Object


122
123
124
125
126
127
128
129
130
131
# File 'app/models/role.rb', line 122

def add_permission!(*perms)
  self.permissions = [] unless permissions.is_a?(Array)

  permissions_will_change!
  perms.each do |p|
    p = p.to_sym
    permissions << p unless permissions.include?(p)
  end
  save!
end

#allowed_to?(action) ⇒ Boolean

Return true if role is allowed to do the specified action action can be:

  • a parameter-like Hash (eg. :controller => 'projects', :action => 'edit')

  • a permission Symbol (eg. :edit_project)

Returns:

  • (Boolean)

193
194
195
196
197
198
199
# File 'app/models/role.rb', line 193

def allowed_to?(action)
  if action.is_a? Hash
    allowed_actions.include? "#{action[:controller]}/#{action[:action]}"
  else
    allowed_permissions.include? action
  end
end

#anonymous?Boolean

Return true if the role is the anonymous role

Returns:

  • (Boolean)

180
181
182
# File 'app/models/role.rb', line 180

def anonymous?
  builtin == 2
end

#builtin?Boolean

Return true if the role is a builtin role

Returns:

  • (Boolean)

175
176
177
# File 'app/models/role.rb', line 175

def builtin?
  self.builtin != 0
end

#consider_workflow?Boolean

Returns:

  • (Boolean)

145
146
147
# File 'app/models/role.rb', line 145

def consider_workflow?
  has_permission?(:add_issues) || has_permission?(:edit_issues)
end

#copy_from(arg, options = {}) ⇒ Object

Copies attributes from another role, arg can be an id or a Role


108
109
110
111
112
113
114
115
# File 'app/models/role.rb', line 108

def copy_from(arg, options={})
  return unless arg.present?
  role = arg.is_a?(Role) ? arg : Role.find_by_id(arg.to_s)
  self.attributes = role.attributes.dup.except("id", "name", "position", "builtin", "permissions")
  self.permissions = role.permissions.dup
  self.managed_role_ids = role.managed_role_ids.dup
  self
end

#copy_workflow_rules(source_role) ⇒ Object


266
267
268
# File 'app/models/role.rb', line 266

def copy_workflow_rules(source_role)
  WorkflowRule.copy(nil, source_role, nil, self)
end

#has_permission?(perm) ⇒ Boolean

Returns true if the role has the given permission

Returns:

  • (Boolean)

141
142
143
# File 'app/models/role.rb', line 141

def has_permission?(perm)
  !permissions.nil? && permissions.include?(perm.to_sym)
end

#member?Boolean

Return true if the role is a project member role

Returns:

  • (Boolean)

185
186
187
# File 'app/models/role.rb', line 185

def member?
  !self.builtin?
end

#nameObject


165
166
167
168
169
170
171
172
# File 'app/models/role.rb', line 165

def name
  case builtin
  when 1 then l(:label_role_non_member, :default => read_attribute(:name))
  when 2 then l(:label_role_anonymous,  :default => read_attribute(:name))
  else
    read_attribute(:name)
  end
end

#permissions=(perms) ⇒ Object


117
118
119
120
# File 'app/models/role.rb', line 117

def permissions=(perms)
  perms = perms.collect {|p| p.to_sym unless p.blank? }.compact.uniq if perms
  write_attribute(:permissions, perms)
end

#permissions_all_trackersObject


229
230
231
# File 'app/models/role.rb', line 229

def permissions_all_trackers
  super || {}
end

#permissions_all_trackers=(arg) ⇒ Object


233
234
235
# File 'app/models/role.rb', line 233

def permissions_all_trackers=(arg)
  super(arg.to_hash)
end

#permissions_all_trackers?(permission) ⇒ Boolean

Returns true if permission is given for all trackers

Returns:

  • (Boolean)

238
239
240
# File 'app/models/role.rb', line 238

def permissions_all_trackers?(permission)
  permissions_all_trackers[permission.to_s].to_s != '0'
end

#permissions_tracker?(permission, tracker) ⇒ Boolean

Returns true if permission is given for the tracker (explicitly or for all trackers)

Returns:

  • (Boolean)

244
245
246
247
# File 'app/models/role.rb', line 244

def permissions_tracker?(permission, tracker)
  permissions_all_trackers?(permission) ||
    permissions_tracker_ids?(permission, tracker.try(:id))
end

#permissions_tracker_ids(*args) ⇒ Object


209
210
211
212
213
214
215
# File 'app/models/role.rb', line 209

def permissions_tracker_ids(*args)
  if args.any?
    Array(permissions_tracker_ids[args.first.to_s]).map(&:to_i)
  else
    super || {}
  end
end

#permissions_tracker_ids=(arg) ⇒ Object


217
218
219
220
221
# File 'app/models/role.rb', line 217

def permissions_tracker_ids=(arg)
  h = arg.to_hash
  h.values.each {|v| v.reject!(&:blank?)}
  super(h)
end

#permissions_tracker_ids?(permission, tracker_id) ⇒ Boolean

Returns true if tracker_id belongs to the list of trackers for which permission is given

Returns:

  • (Boolean)

225
226
227
# File 'app/models/role.rb', line 225

def permissions_tracker_ids?(permission, tracker_id)
  permissions_tracker_ids(permission).include?(tracker_id)
end

#remove_permission!(*perms) ⇒ Object


133
134
135
136
137
138
# File 'app/models/role.rb', line 133

def remove_permission!(*perms)
  return unless permissions.is_a?(Array)
  permissions_will_change!
  perms.each { |p| permissions.delete(p.to_sym) }
  save!
end

#set_permission_trackers(permission, tracker_ids) ⇒ Object

Sets the trackers that are allowed for a permission. tracker_ids can be an array of tracker ids or :all for no restrictions.

Examples:

role.set_permission_trackers :add_issues, [1, 3]
role.set_permission_trackers :add_issues, :all

256
257
258
259
260
261
262
263
264
# File 'app/models/role.rb', line 256

def set_permission_trackers(permission, tracker_ids)
  h = {permission.to_s => (tracker_ids == :all ? '1' : '0')}
  self.permissions_all_trackers = permissions_all_trackers.merge(h)

  h = {permission.to_s => (tracker_ids == :all ? [] : tracker_ids)}
  self.permissions_tracker_ids = permissions_tracker_ids.merge(h)

  self
end

#setable_permissionsObject

Return all the permissions that can be given to the role


202
203
204
205
206
207
# File 'app/models/role.rb', line 202

def setable_permissions
  setable_permissions = Redmine::AccessControl.permissions - Redmine::AccessControl.public_permissions
  setable_permissions -= Redmine::AccessControl.members_only_permissions if self.builtin == BUILTIN_NON_MEMBER
  setable_permissions -= Redmine::AccessControl.loggedin_only_permissions if self.builtin == BUILTIN_ANONYMOUS
  setable_permissions
end

#to_sObject


161
162
163
# File 'app/models/role.rb', line 161

def to_s
  name
end