##// END OF EJS Templates
jro_apps » redmine
RSS
Modified logged_in_user_membership controller method so that it returns a role...
Jean-Philippe Lang -
r412:8e6d575d4e86
parent child
Show More
Show file before | Show file after | Hide comments
@@ -1,147 +1,148
1 # redMine - project management software
1 # redMine - project management software
2 # Copyright (C) 2006-2007 Jean-Philippe Lang
2 # Copyright (C) 2006-2007 Jean-Philippe Lang
3 #
3 #
4 # This program is free software; you can redistribute it and/or
4 # This program is free software; you can redistribute it and/or
5 # modify it under the terms of the GNU General Public License
5 # modify it under the terms of the GNU General Public License
6 # as published by the Free Software Foundation; either version 2
6 # as published by the Free Software Foundation; either version 2
7 # of the License, or (at your option) any later version.
7 # of the License, or (at your option) any later version.
8 #
8 #
9 # This program is distributed in the hope that it will be useful,
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
12 # GNU General Public License for more details.
13 #
13 #
14 # You should have received a copy of the GNU General Public License
14 # You should have received a copy of the GNU General Public License
15 # along with this program; if not, write to the Free Software
15 # along with this program; if not, write to the Free Software
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17
17
18 class ApplicationController < ActionController::Base
18 class ApplicationController < ActionController::Base
19 before_filter :check_if_login_required, :set_localization
19 before_filter :check_if_login_required, :set_localization
20 filter_parameter_logging :password
20 filter_parameter_logging :password
21
21
22 def logged_in_user=(user)
22 def logged_in_user=(user)
23 @logged_in_user = user
23 @logged_in_user = user
24 session[:user_id] = (user ? user.id : nil)
24 session[:user_id] = (user ? user.id : nil)
25 end
25 end
26
26
27 def logged_in_user
27 def logged_in_user
28 if session[:user_id]
28 if session[:user_id]
29 @logged_in_user ||= User.find(session[:user_id])
29 @logged_in_user ||= User.find(session[:user_id])
30 else
30 else
31 nil
31 nil
32 end
32 end
33 end
33 end
34
34
35 # Returns the role that the logged in user has on the current project
36 # or nil if current user is not a member of the project
35 def logged_in_user_membership
37 def logged_in_user_membership
36 @user_membership ||= Member.find(:first, :conditions => ["user_id=? and project_id=?", self.logged_in_user.id, @project.id])
38 @user_membership ||= logged_in_user.role_for_project(@project)
37 end
39 end
38
40
39 # check if login is globally required to access the application
41 # check if login is globally required to access the application
40 def check_if_login_required
42 def check_if_login_required
41 require_login if Setting.login_required?
43 require_login if Setting.login_required?
42 end
44 end
43
45
44 def set_localization
46 def set_localization
45 lang = begin
47 lang = begin
46 if self.logged_in_user and self.logged_in_user.language and !self.logged_in_user.language.empty? and GLoc.valid_languages.include? self.logged_in_user.language.to_sym
48 if self.logged_in_user and self.logged_in_user.language and !self.logged_in_user.language.empty? and GLoc.valid_languages.include? self.logged_in_user.language.to_sym
47 self.logged_in_user.language
49 self.logged_in_user.language
48 elsif request.env['HTTP_ACCEPT_LANGUAGE']
50 elsif request.env['HTTP_ACCEPT_LANGUAGE']
49 accept_lang = parse_qvalues(request.env['HTTP_ACCEPT_LANGUAGE']).first.split('-').first
51 accept_lang = parse_qvalues(request.env['HTTP_ACCEPT_LANGUAGE']).first.split('-').first
50 if accept_lang and !accept_lang.empty? and GLoc.valid_languages.include? accept_lang.to_sym
52 if accept_lang and !accept_lang.empty? and GLoc.valid_languages.include? accept_lang.to_sym
51 accept_lang
53 accept_lang
52 end
54 end
53 end
55 end
54 rescue
56 rescue
55 nil
57 nil
56 end || Setting.default_language
58 end || Setting.default_language
57 set_language_if_valid(lang)
59 set_language_if_valid(lang)
58 end
60 end
59
61
60 def require_login
62 def require_login
61 unless self.logged_in_user
63 unless self.logged_in_user
62 store_location
64 store_location
63 redirect_to :controller => "account", :action => "login"
65 redirect_to :controller => "account", :action => "login"
64 return false
66 return false
65 end
67 end
66 true
68 true
67 end
69 end
68
70
69 def require_admin
71 def require_admin
70 return unless require_login
72 return unless require_login
71 unless self.logged_in_user.admin?
73 unless self.logged_in_user.admin?
72 render :nothing => true, :status => 403
74 render :nothing => true, :status => 403
73 return false
75 return false
74 end
76 end
75 true
77 true
76 end
78 end
77
79
78 # authorizes the user for the requested action.
80 # authorizes the user for the requested action.
79 def authorize(ctrl = params[:controller], action = params[:action])
81 def authorize(ctrl = params[:controller], action = params[:action])
80 # check if action is allowed on public projects
82 # check if action is allowed on public projects
81 if @project.is_public? and Permission.allowed_to_public "%s/%s" % [ ctrl, action ]
83 if @project.is_public? and Permission.allowed_to_public "%s/%s" % [ ctrl, action ]
82 return true
84 return true
83 end
85 end
84 # if action is not public, force login
86 # if action is not public, force login
85 return unless require_login
87 return unless require_login
86 # admin is always authorized
88 # admin is always authorized
87 return true if self.logged_in_user.admin?
89 return true if self.logged_in_user.admin?
88 # if not admin, check membership permission
90 # if not admin, check membership permission
89 @user_membership ||= logged_in_user.role_for_project(@project)
91 if logged_in_user_membership and Permission.allowed_to_role( "%s/%s" % [ ctrl, action ], logged_in_user_membership )
90 if @user_membership and Permission.allowed_to_role( "%s/%s" % [ ctrl, action ], @user_membership )
91 return true
92 return true
92 end
93 end
93 render :nothing => true, :status => 403
94 render :nothing => true, :status => 403
94 false
95 false
95 end
96 end
96
97
97 # make sure that the user is a member of the project (or admin) if project is private
98 # make sure that the user is a member of the project (or admin) if project is private
98 # used as a before_filter for actions that do not require any particular permission on the project
99 # used as a before_filter for actions that do not require any particular permission on the project
99 def check_project_privacy
100 def check_project_privacy
100 return true if @project.is_public?
101 return true if @project.is_public?
101 return false unless logged_in_user
102 return false unless logged_in_user
102 return true if logged_in_user.admin? || logged_in_user_membership
103 return true if logged_in_user.admin? || logged_in_user_membership
103 render :nothing => true, :status => 403
104 render :nothing => true, :status => 403
104 false
105 false
105 end
106 end
106
107
107 # store current uri in session.
108 # store current uri in session.
108 # return to this location by calling redirect_back_or_default
109 # return to this location by calling redirect_back_or_default
109 def store_location
110 def store_location
110 session[:return_to_params] = params
111 session[:return_to_params] = params
111 end
112 end
112
113
113 # move to the last store_location call or to the passed default one
114 # move to the last store_location call or to the passed default one
114 def redirect_back_or_default(default)
115 def redirect_back_or_default(default)
115 if session[:return_to_params].nil?
116 if session[:return_to_params].nil?
116 redirect_to default
117 redirect_to default
117 else
118 else
118 redirect_to session[:return_to_params]
119 redirect_to session[:return_to_params]
119 session[:return_to_params] = nil
120 session[:return_to_params] = nil
120 end
121 end
121 end
122 end
122
123
123 def render_404
124 def render_404
124 @html_title = "404"
125 @html_title = "404"
125 render :template => "common/404", :layout => true, :status => 404
126 render :template => "common/404", :layout => true, :status => 404
126 return false
127 return false
127 end
128 end
128
129
129 # qvalues http header parser
130 # qvalues http header parser
130 # code taken from webrick
131 # code taken from webrick
131 def parse_qvalues(value)
132 def parse_qvalues(value)
132 tmp = []
133 tmp = []
133 if value
134 if value
134 parts = value.split(/,\s*/)
135 parts = value.split(/,\s*/)
135 parts.each {|part|
136 parts.each {|part|
136 if m = %r{^([^\s,]+?)(?:;\s*q=(\d+(?:\.\d+)?))?$}.match(part)
137 if m = %r{^([^\s,]+?)(?:;\s*q=(\d+(?:\.\d+)?))?$}.match(part)
137 val = m[1]
138 val = m[1]
138 q = (m[2] or 1).to_f
139 q = (m[2] or 1).to_f
139 tmp.push([val, q])
140 tmp.push([val, q])
140 end
141 end
141 }
142 }
142 tmp = tmp.sort_by{|val, q| -q}
143 tmp = tmp.sort_by{|val, q| -q}
143 tmp.collect!{|val, q| val}
144 tmp.collect!{|val, q| val}
144 end
145 end
145 return tmp
146 return tmp
146 end
147 end
147 end No newline at end of file
148 end
General Comments 0
You need to be logged in to leave comments. Login now