##// END OF EJS Templates
jro_apps » redmine
RSS
Restores migration broken by r8182 and removes default scope on Role (#9800)....
Jean-Philippe Lang -
r8093:7c00a4a11fc3
parent child
Show More
Side by Side Unified
Context file:
r8093:7c00a4a11fc3 Loading diff...:
Show file before | Show file after | Hide comments
@@ -1,92 +1,92
1 # Redmine - project management software
1 # Redmine - project management software
2 # Copyright (C) 2006-2011 Jean-Philippe Lang
2 # Copyright (C) 2006-2011 Jean-Philippe Lang
3 #
3 #
4 # This program is free software; you can redistribute it and/or
4 # This program is free software; you can redistribute it and/or
5 # modify it under the terms of the GNU General Public License
5 # modify it under the terms of the GNU General Public License
6 # as published by the Free Software Foundation; either version 2
6 # as published by the Free Software Foundation; either version 2
7 # of the License, or (at your option) any later version.
7 # of the License, or (at your option) any later version.
8 #
8 #
9 # This program is distributed in the hope that it will be useful,
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
12 # GNU General Public License for more details.
13 #
13 #
14 # You should have received a copy of the GNU General Public License
14 # You should have received a copy of the GNU General Public License
15 # along with this program; if not, write to the Free Software
15 # along with this program; if not, write to the Free Software
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17
17
18 class RolesController < ApplicationController
18 class RolesController < ApplicationController
19 layout 'admin'
19 layout 'admin'
20
20
21 before_filter :require_admin
21 before_filter :require_admin
22 before_filter :find_role, :only => [:edit, :update, :destroy]
22 before_filter :find_role, :only => [:edit, :update, :destroy]
23
23
24
24
25 def index
25 def index
26 @role_pages, @roles = paginate :roles, :per_page => 25, :order => 'builtin, position'
26 @role_pages, @roles = paginate :roles, :per_page => 25, :order => 'builtin, position'
27 render :action => "index", :layout => false if request.xhr?
27 render :action => "index", :layout => false if request.xhr?
28 end
28 end
29
29
30 def new
30 def new
31 # Prefills the form with 'Non member' role permissions
31 # Prefills the form with 'Non member' role permissions
32 @role = Role.new(params[:role] || {:permissions => Role.non_member.permissions})
32 @role = Role.new(params[:role] || {:permissions => Role.non_member.permissions})
33 @roles = Role.all
33 @roles = Role.sorted.all
34 end
34 end
35
35
36 def create
36 def create
37 @role = Role.new(params[:role])
37 @role = Role.new(params[:role])
38 if request.post? && @role.save
38 if request.post? && @role.save
39 # workflow copy
39 # workflow copy
40 if !params[:copy_workflow_from].blank? && (copy_from = Role.find_by_id(params[:copy_workflow_from]))
40 if !params[:copy_workflow_from].blank? && (copy_from = Role.find_by_id(params[:copy_workflow_from]))
41 @role.workflows.copy(copy_from)
41 @role.workflows.copy(copy_from)
42 end
42 end
43 flash[:notice] = l(:notice_successful_create)
43 flash[:notice] = l(:notice_successful_create)
44 redirect_to :action => 'index'
44 redirect_to :action => 'index'
45 else
45 else
46 @roles = Role.all
46 @roles = Role.sorted.all
47 render :action => 'new'
47 render :action => 'new'
48 end
48 end
49 end
49 end
50
50
51 def edit
51 def edit
52 end
52 end
53
53
54 def update
54 def update
55 if request.put? and @role.update_attributes(params[:role])
55 if request.put? and @role.update_attributes(params[:role])
56 flash[:notice] = l(:notice_successful_update)
56 flash[:notice] = l(:notice_successful_update)
57 redirect_to :action => 'index'
57 redirect_to :action => 'index'
58 else
58 else
59 render :action => 'edit'
59 render :action => 'edit'
60 end
60 end
61 end
61 end
62
62
63 verify :method => :delete, :only => :destroy, :redirect_to => { :action => :index }
63 verify :method => :delete, :only => :destroy, :redirect_to => { :action => :index }
64 def destroy
64 def destroy
65 @role.destroy
65 @role.destroy
66 redirect_to :action => 'index'
66 redirect_to :action => 'index'
67 rescue
67 rescue
68 flash[:error] = l(:error_can_not_remove_role)
68 flash[:error] = l(:error_can_not_remove_role)
69 redirect_to :action => 'index'
69 redirect_to :action => 'index'
70 end
70 end
71
71
72 def permissions
72 def permissions
73 @roles = Role.find(:all, :order => 'builtin, position')
73 @roles = Role.sorted.all
74 @permissions = Redmine::AccessControl.permissions.select { |p| !p.public? }
74 @permissions = Redmine::AccessControl.permissions.select { |p| !p.public? }
75 if request.post?
75 if request.post?
76 @roles.each do |role|
76 @roles.each do |role|
77 role.permissions = params[:permissions][role.id.to_s]
77 role.permissions = params[:permissions][role.id.to_s]
78 role.save
78 role.save
79 end
79 end
80 flash[:notice] = l(:notice_successful_update)
80 flash[:notice] = l(:notice_successful_update)
81 redirect_to :action => 'index'
81 redirect_to :action => 'index'
82 end
82 end
83 end
83 end
84
84
85 private
85 private
86
86
87 def find_role
87 def find_role
88 @role = Role.find(params[:id])
88 @role = Role.find(params[:id])
89 rescue ActiveRecord::RecordNotFound
89 rescue ActiveRecord::RecordNotFound
90 render_404
90 render_404
91 end
91 end
92 end
92 end
Show file before | Show file after | Hide comments
@@ -1,177 +1,177
1 # Redmine - project management software
1 # Redmine - project management software
2 # Copyright (C) 2006-2011 Jean-Philippe Lang
2 # Copyright (C) 2006-2011 Jean-Philippe Lang
3 #
3 #
4 # This program is free software; you can redistribute it and/or
4 # This program is free software; you can redistribute it and/or
5 # modify it under the terms of the GNU General Public License
5 # modify it under the terms of the GNU General Public License
6 # as published by the Free Software Foundation; either version 2
6 # as published by the Free Software Foundation; either version 2
7 # of the License, or (at your option) any later version.
7 # of the License, or (at your option) any later version.
8 #
8 #
9 # This program is distributed in the hope that it will be useful,
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
12 # GNU General Public License for more details.
13 #
13 #
14 # You should have received a copy of the GNU General Public License
14 # You should have received a copy of the GNU General Public License
15 # along with this program; if not, write to the Free Software
15 # along with this program; if not, write to the Free Software
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17
17
18 class Role < ActiveRecord::Base
18 class Role < ActiveRecord::Base
19 # Built-in roles
19 # Built-in roles
20 BUILTIN_NON_MEMBER = 1
20 BUILTIN_NON_MEMBER = 1
21 BUILTIN_ANONYMOUS = 2
21 BUILTIN_ANONYMOUS = 2
22
22
23 ISSUES_VISIBILITY_OPTIONS = [
23 ISSUES_VISIBILITY_OPTIONS = [
24 ['all', :label_issues_visibility_all],
24 ['all', :label_issues_visibility_all],
25 ['default', :label_issues_visibility_public],
25 ['default', :label_issues_visibility_public],
26 ['own', :label_issues_visibility_own]
26 ['own', :label_issues_visibility_own]
27 ]
27 ]
28
28
29 default_scope :order => 'builtin, position'
29 named_scope :sorted, {:order => 'builtin, position'}
30 named_scope :givable, { :conditions => "builtin = 0", :order => 'position' }
30 named_scope :givable, { :conditions => "builtin = 0", :order => 'position' }
31 named_scope :builtin, lambda { |*args|
31 named_scope :builtin, lambda { |*args|
32 compare = 'not' if args.first == true
32 compare = 'not' if args.first == true
33 { :conditions => "#{compare} builtin = 0" }
33 { :conditions => "#{compare} builtin = 0" }
34 }
34 }
35
35
36 before_destroy :check_deletable
36 before_destroy :check_deletable
37 has_many :workflows, :dependent => :delete_all do
37 has_many :workflows, :dependent => :delete_all do
38 def copy(source_role)
38 def copy(source_role)
39 Workflow.copy(nil, source_role, nil, proxy_owner)
39 Workflow.copy(nil, source_role, nil, proxy_owner)
40 end
40 end
41 end
41 end
42
42
43 has_many :member_roles, :dependent => :destroy
43 has_many :member_roles, :dependent => :destroy
44 has_many :members, :through => :member_roles
44 has_many :members, :through => :member_roles
45 acts_as_list
45 acts_as_list
46
46
47 serialize :permissions, Array
47 serialize :permissions, Array
48 attr_protected :builtin
48 attr_protected :builtin
49
49
50 validates_presence_of :name
50 validates_presence_of :name
51 validates_uniqueness_of :name
51 validates_uniqueness_of :name
52 validates_length_of :name, :maximum => 30
52 validates_length_of :name, :maximum => 30
53 validates_inclusion_of :issues_visibility,
53 validates_inclusion_of :issues_visibility,
54 :in => ISSUES_VISIBILITY_OPTIONS.collect(&:first),
54 :in => ISSUES_VISIBILITY_OPTIONS.collect(&:first),
55 :if => lambda {|role| role.respond_to?(:issues_visibility)}
55 :if => lambda {|role| role.respond_to?(:issues_visibility)}
56
56
57 def permissions
57 def permissions
58 read_attribute(:permissions) || []
58 read_attribute(:permissions) || []
59 end
59 end
60
60
61 def permissions=(perms)
61 def permissions=(perms)
62 perms = perms.collect {|p| p.to_sym unless p.blank? }.compact.uniq if perms
62 perms = perms.collect {|p| p.to_sym unless p.blank? }.compact.uniq if perms
63 write_attribute(:permissions, perms)
63 write_attribute(:permissions, perms)
64 end
64 end
65
65
66 def add_permission!(*perms)
66 def add_permission!(*perms)
67 self.permissions = [] unless permissions.is_a?(Array)
67 self.permissions = [] unless permissions.is_a?(Array)
68
68
69 permissions_will_change!
69 permissions_will_change!
70 perms.each do |p|
70 perms.each do |p|
71 p = p.to_sym
71 p = p.to_sym
72 permissions << p unless permissions.include?(p)
72 permissions << p unless permissions.include?(p)
73 end
73 end
74 save!
74 save!
75 end
75 end
76
76
77 def remove_permission!(*perms)
77 def remove_permission!(*perms)
78 return unless permissions.is_a?(Array)
78 return unless permissions.is_a?(Array)
79 permissions_will_change!
79 permissions_will_change!
80 perms.each { |p| permissions.delete(p.to_sym) }
80 perms.each { |p| permissions.delete(p.to_sym) }
81 save!
81 save!
82 end
82 end
83
83
84 # Returns true if the role has the given permission
84 # Returns true if the role has the given permission
85 def has_permission?(perm)
85 def has_permission?(perm)
86 !permissions.nil? && permissions.include?(perm.to_sym)
86 !permissions.nil? && permissions.include?(perm.to_sym)
87 end
87 end
88
88
89 def <=>(role)
89 def <=>(role)
90 role ? position <=> role.position : -1
90 role ? position <=> role.position : -1
91 end
91 end
92
92
93 def to_s
93 def to_s
94 name
94 name
95 end
95 end
96
96
97 def name
97 def name
98 case builtin
98 case builtin
99 when 1; l(:label_role_non_member, :default => read_attribute(:name))
99 when 1; l(:label_role_non_member, :default => read_attribute(:name))
100 when 2; l(:label_role_anonymous, :default => read_attribute(:name))
100 when 2; l(:label_role_anonymous, :default => read_attribute(:name))
101 else; read_attribute(:name)
101 else; read_attribute(:name)
102 end
102 end
103 end
103 end
104
104
105 # Return true if the role is a builtin role
105 # Return true if the role is a builtin role
106 def builtin?
106 def builtin?
107 self.builtin != 0
107 self.builtin != 0
108 end
108 end
109
109
110 # Return true if the role is a project member role
110 # Return true if the role is a project member role
111 def member?
111 def member?
112 !self.builtin?
112 !self.builtin?
113 end
113 end
114
114
115 # Return true if role is allowed to do the specified action
115 # Return true if role is allowed to do the specified action
116 # action can be:
116 # action can be:
117 # * a parameter-like Hash (eg. :controller => 'projects', :action => 'edit')
117 # * a parameter-like Hash (eg. :controller => 'projects', :action => 'edit')
118 # * a permission Symbol (eg. :edit_project)
118 # * a permission Symbol (eg. :edit_project)
119 def allowed_to?(action)
119 def allowed_to?(action)
120 if action.is_a? Hash
120 if action.is_a? Hash
121 allowed_actions.include? "#{action[:controller]}/#{action[:action]}"
121 allowed_actions.include? "#{action[:controller]}/#{action[:action]}"
122 else
122 else
123 allowed_permissions.include? action
123 allowed_permissions.include? action
124 end
124 end
125 end
125 end
126
126
127 # Return all the permissions that can be given to the role
127 # Return all the permissions that can be given to the role
128 def setable_permissions
128 def setable_permissions
129 setable_permissions = Redmine::AccessControl.permissions - Redmine::AccessControl.public_permissions
129 setable_permissions = Redmine::AccessControl.permissions - Redmine::AccessControl.public_permissions
130 setable_permissions -= Redmine::AccessControl.members_only_permissions if self.builtin == BUILTIN_NON_MEMBER
130 setable_permissions -= Redmine::AccessControl.members_only_permissions if self.builtin == BUILTIN_NON_MEMBER
131 setable_permissions -= Redmine::AccessControl.loggedin_only_permissions if self.builtin == BUILTIN_ANONYMOUS
131 setable_permissions -= Redmine::AccessControl.loggedin_only_permissions if self.builtin == BUILTIN_ANONYMOUS
132 setable_permissions
132 setable_permissions
133 end
133 end
134
134
135 # Find all the roles that can be given to a project member
135 # Find all the roles that can be given to a project member
136 def self.find_all_givable
136 def self.find_all_givable
137 find(:all, :conditions => {:builtin => 0}, :order => 'position')
137 find(:all, :conditions => {:builtin => 0}, :order => 'position')
138 end
138 end
139
139
140 # Return the builtin 'non member' role. If the role doesn't exist,
140 # Return the builtin 'non member' role. If the role doesn't exist,
141 # it will be created on the fly.
141 # it will be created on the fly.
142 def self.non_member
142 def self.non_member
143 find_or_create_system_role(BUILTIN_NON_MEMBER, 'Non member')
143 find_or_create_system_role(BUILTIN_NON_MEMBER, 'Non member')
144 end
144 end
145
145
146 # Return the builtin 'anonymous' role. If the role doesn't exist,
146 # Return the builtin 'anonymous' role. If the role doesn't exist,
147 # it will be created on the fly.
147 # it will be created on the fly.
148 def self.anonymous
148 def self.anonymous
149 find_or_create_system_role(BUILTIN_ANONYMOUS, 'Anonymous')
149 find_or_create_system_role(BUILTIN_ANONYMOUS, 'Anonymous')
150 end
150 end
151
151
152 private
152 private
153
153
154 def allowed_permissions
154 def allowed_permissions
155 @allowed_permissions ||= permissions + Redmine::AccessControl.public_permissions.collect {|p| p.name}
155 @allowed_permissions ||= permissions + Redmine::AccessControl.public_permissions.collect {|p| p.name}
156 end
156 end
157
157
158 def allowed_actions
158 def allowed_actions
159 @actions_allowed ||= allowed_permissions.inject([]) { |actions, permission| actions += Redmine::AccessControl.allowed_actions(permission) }.flatten
159 @actions_allowed ||= allowed_permissions.inject([]) { |actions, permission| actions += Redmine::AccessControl.allowed_actions(permission) }.flatten
160 end
160 end
161
161
162 def check_deletable
162 def check_deletable
163 raise "Can't delete role" if members.any?
163 raise "Can't delete role" if members.any?
164 raise "Can't delete builtin role" if builtin?
164 raise "Can't delete builtin role" if builtin?
165 end
165 end
166
166
167 def self.find_or_create_system_role(builtin, name)
167 def self.find_or_create_system_role(builtin, name)
168 role = first(:conditions => {:builtin => builtin})
168 role = first(:conditions => {:builtin => builtin})
169 if role.nil?
169 if role.nil?
170 role = create(:name => name, :position => 0) do |r|
170 role = create(:name => name, :position => 0) do |r|
171 r.builtin = builtin
171 r.builtin = builtin
172 end
172 end
173 raise "Unable to create the #{name} role." if role.new_record?
173 raise "Unable to create the #{name} role." if role.new_record?
174 end
174 end
175 role
175 role
176 end
176 end
177 end
177 end
Show file before | Show file after | Hide comments
@@ -1,10 +1,10
1 class AddRolePosition < ActiveRecord::Migration
1 class AddRolePosition < ActiveRecord::Migration
2 def self.up
2 def self.up
3 add_column :roles, :position, :integer, :default => 1
3 add_column :roles, :position, :integer, :default => 1
4 Role.update_all("position = (SELECT COUNT(*) FROM #{Role.table_name} r WHERE r.id < id) + 1")
4 Role.all.each_with_index {|role, i| role.update_attribute(:position, i+1)}
5 end
5 end
6
6
7 def self.down
7 def self.down
8 remove_column :roles, :position
8 remove_column :roles, :position
9 end
9 end
10 end
10 end
General Comments 0
You need to be logged in to leave comments. Login now