@@ -1,360 +1,360 | |||||
1 | # Redmine - project management software |
|
1 | # Redmine - project management software | |
2 | # Copyright (C) 2006-2009 Jean-Philippe Lang |
|
2 | # Copyright (C) 2006-2009 Jean-Philippe Lang | |
3 | # |
|
3 | # | |
4 | # This program is free software; you can redistribute it and/or |
|
4 | # This program is free software; you can redistribute it and/or | |
5 | # modify it under the terms of the GNU General Public License |
|
5 | # modify it under the terms of the GNU General Public License | |
6 | # as published by the Free Software Foundation; either version 2 |
|
6 | # as published by the Free Software Foundation; either version 2 | |
7 | # of the License, or (at your option) any later version. |
|
7 | # of the License, or (at your option) any later version. | |
8 | # |
|
8 | # | |
9 | # This program is distributed in the hope that it will be useful, |
|
9 | # This program is distributed in the hope that it will be useful, | |
10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
12 | # GNU General Public License for more details. |
|
12 | # GNU General Public License for more details. | |
13 | # |
|
13 | # | |
14 | # You should have received a copy of the GNU General Public License |
|
14 | # You should have received a copy of the GNU General Public License | |
15 | # along with this program; if not, write to the Free Software |
|
15 | # along with this program; if not, write to the Free Software | |
16 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
|
16 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. | |
17 |
|
17 | |||
18 | require "digest/sha1" |
|
18 | require "digest/sha1" | |
19 |
|
19 | |||
20 | class User < Principal |
|
20 | class User < Principal | |
21 |
|
21 | |||
22 | # Account statuses |
|
22 | # Account statuses | |
23 | STATUS_ANONYMOUS = 0 |
|
23 | STATUS_ANONYMOUS = 0 | |
24 | STATUS_ACTIVE = 1 |
|
24 | STATUS_ACTIVE = 1 | |
25 | STATUS_REGISTERED = 2 |
|
25 | STATUS_REGISTERED = 2 | |
26 | STATUS_LOCKED = 3 |
|
26 | STATUS_LOCKED = 3 | |
27 |
|
27 | |||
28 | USER_FORMATS = { |
|
28 | USER_FORMATS = { | |
29 | :firstname_lastname => '#{firstname} #{lastname}', |
|
29 | :firstname_lastname => '#{firstname} #{lastname}', | |
30 | :firstname => '#{firstname}', |
|
30 | :firstname => '#{firstname}', | |
31 | :lastname_firstname => '#{lastname} #{firstname}', |
|
31 | :lastname_firstname => '#{lastname} #{firstname}', | |
32 | :lastname_coma_firstname => '#{lastname}, #{firstname}', |
|
32 | :lastname_coma_firstname => '#{lastname}, #{firstname}', | |
33 | :username => '#{login}' |
|
33 | :username => '#{login}' | |
34 | } |
|
34 | } | |
35 |
|
35 | |||
36 | has_and_belongs_to_many :groups, :after_add => Proc.new {|user, group| group.user_added(user)}, |
|
36 | has_and_belongs_to_many :groups, :after_add => Proc.new {|user, group| group.user_added(user)}, | |
37 | :after_remove => Proc.new {|user, group| group.user_removed(user)} |
|
37 | :after_remove => Proc.new {|user, group| group.user_removed(user)} | |
38 | has_many :issue_categories, :foreign_key => 'assigned_to_id', :dependent => :nullify |
|
38 | has_many :issue_categories, :foreign_key => 'assigned_to_id', :dependent => :nullify | |
39 | has_many :changesets, :dependent => :nullify |
|
39 | has_many :changesets, :dependent => :nullify | |
40 | has_one :preference, :dependent => :destroy, :class_name => 'UserPreference' |
|
40 | has_one :preference, :dependent => :destroy, :class_name => 'UserPreference' | |
41 | has_one :rss_token, :dependent => :destroy, :class_name => 'Token', :conditions => "action='feeds'" |
|
41 | has_one :rss_token, :dependent => :destroy, :class_name => 'Token', :conditions => "action='feeds'" | |
42 | has_one :api_token, :dependent => :destroy, :class_name => 'Token', :conditions => "action='api'" |
|
42 | has_one :api_token, :dependent => :destroy, :class_name => 'Token', :conditions => "action='api'" | |
43 | belongs_to :auth_source |
|
43 | belongs_to :auth_source | |
44 |
|
44 | |||
45 | # Active non-anonymous users scope |
|
45 | # Active non-anonymous users scope | |
46 | named_scope :active, :conditions => "#{User.table_name}.status = #{STATUS_ACTIVE}" |
|
46 | named_scope :active, :conditions => "#{User.table_name}.status = #{STATUS_ACTIVE}" | |
47 |
|
47 | |||
48 | acts_as_customizable |
|
48 | acts_as_customizable | |
49 |
|
49 | |||
50 | attr_accessor :password, :password_confirmation |
|
50 | attr_accessor :password, :password_confirmation | |
51 | attr_accessor :last_before_login_on |
|
51 | attr_accessor :last_before_login_on | |
52 | # Prevents unauthorized assignments |
|
52 | # Prevents unauthorized assignments | |
53 | attr_protected :login, :admin, :password, :password_confirmation, :hashed_password, :group_ids |
|
53 | attr_protected :login, :admin, :password, :password_confirmation, :hashed_password, :group_ids | |
54 |
|
54 | |||
55 | validates_presence_of :login, :firstname, :lastname, :mail, :if => Proc.new { |user| !user.is_a?(AnonymousUser) } |
|
55 | validates_presence_of :login, :firstname, :lastname, :mail, :if => Proc.new { |user| !user.is_a?(AnonymousUser) } | |
56 | validates_uniqueness_of :login, :if => Proc.new { |user| !user.login.blank? } |
|
56 | validates_uniqueness_of :login, :if => Proc.new { |user| !user.login.blank? } | |
57 | validates_uniqueness_of :mail, :if => Proc.new { |user| !user.mail.blank? }, :case_sensitive => false |
|
57 | validates_uniqueness_of :mail, :if => Proc.new { |user| !user.mail.blank? }, :case_sensitive => false | |
58 | # Login must contain lettres, numbers, underscores only |
|
58 | # Login must contain lettres, numbers, underscores only | |
59 | validates_format_of :login, :with => /^[a-z0-9_\-@\.]*$/i |
|
59 | validates_format_of :login, :with => /^[a-z0-9_\-@\.]*$/i | |
60 | validates_length_of :login, :maximum => 30 |
|
60 | validates_length_of :login, :maximum => 30 | |
61 | validates_format_of :firstname, :lastname, :with => /^[\w\s\'\-\.]*$/i |
|
61 | validates_format_of :firstname, :lastname, :with => /^[\w\s\'\-\.]*$/i | |
62 | validates_length_of :firstname, :lastname, :maximum => 30 |
|
62 | validates_length_of :firstname, :lastname, :maximum => 30 | |
63 | validates_format_of :mail, :with => /^([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})$/i, :allow_nil => true |
|
63 | validates_format_of :mail, :with => /^([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})$/i, :allow_nil => true | |
64 | validates_length_of :mail, :maximum => 60, :allow_nil => true |
|
64 | validates_length_of :mail, :maximum => 60, :allow_nil => true | |
65 | validates_confirmation_of :password, :allow_nil => true |
|
65 | validates_confirmation_of :password, :allow_nil => true | |
66 |
|
66 | |||
67 | def before_create |
|
67 | def before_create | |
68 | self.mail_notification = false |
|
68 | self.mail_notification = false | |
69 | true |
|
69 | true | |
70 | end |
|
70 | end | |
71 |
|
71 | |||
72 | def before_save |
|
72 | def before_save | |
73 | # update hashed_password if password was set |
|
73 | # update hashed_password if password was set | |
74 | self.hashed_password = User.hash_password(self.password) if self.password |
|
74 | self.hashed_password = User.hash_password(self.password) if self.password | |
75 | end |
|
75 | end | |
76 |
|
76 | |||
77 | def reload(*args) |
|
77 | def reload(*args) | |
78 | @name = nil |
|
78 | @name = nil | |
79 | super |
|
79 | super | |
80 | end |
|
80 | end | |
81 |
|
81 | |||
82 | def identity_url=(url) |
|
82 | def identity_url=(url) | |
83 | if url.blank? |
|
83 | if url.blank? | |
84 | write_attribute(:identity_url, '') |
|
84 | write_attribute(:identity_url, '') | |
85 | else |
|
85 | else | |
86 | begin |
|
86 | begin | |
87 | write_attribute(:identity_url, OpenIdAuthentication.normalize_identifier(url)) |
|
87 | write_attribute(:identity_url, OpenIdAuthentication.normalize_identifier(url)) | |
88 | rescue OpenIdAuthentication::InvalidOpenId |
|
88 | rescue OpenIdAuthentication::InvalidOpenId | |
89 | # Invlaid url, don't save |
|
89 | # Invlaid url, don't save | |
90 | end |
|
90 | end | |
91 | end |
|
91 | end | |
92 | self.read_attribute(:identity_url) |
|
92 | self.read_attribute(:identity_url) | |
93 | end |
|
93 | end | |
94 |
|
94 | |||
95 | # Returns the user that matches provided login and password, or nil |
|
95 | # Returns the user that matches provided login and password, or nil | |
96 | def self.try_to_login(login, password) |
|
96 | def self.try_to_login(login, password) | |
97 | # Make sure no one can sign in with an empty password |
|
97 | # Make sure no one can sign in with an empty password | |
98 | return nil if password.to_s.empty? |
|
98 | return nil if password.to_s.empty? | |
99 | user = find(:first, :conditions => ["login=?", login]) |
|
99 | user = find(:first, :conditions => ["login=?", login]) | |
100 | if user |
|
100 | if user | |
101 | # user is already in local database |
|
101 | # user is already in local database | |
102 | return nil if !user.active? |
|
102 | return nil if !user.active? | |
103 | if user.auth_source |
|
103 | if user.auth_source | |
104 | # user has an external authentication method |
|
104 | # user has an external authentication method | |
105 | return nil unless user.auth_source.authenticate(login, password) |
|
105 | return nil unless user.auth_source.authenticate(login, password) | |
106 | else |
|
106 | else | |
107 | # authentication with local password |
|
107 | # authentication with local password | |
108 | return nil unless User.hash_password(password) == user.hashed_password |
|
108 | return nil unless User.hash_password(password) == user.hashed_password | |
109 | end |
|
109 | end | |
110 | else |
|
110 | else | |
111 | # user is not yet registered, try to authenticate with available sources |
|
111 | # user is not yet registered, try to authenticate with available sources | |
112 | attrs = AuthSource.authenticate(login, password) |
|
112 | attrs = AuthSource.authenticate(login, password) | |
113 | if attrs |
|
113 | if attrs | |
114 | user = new(attrs) |
|
114 | user = new(attrs) | |
115 | user.login = login |
|
115 | user.login = login | |
116 | user.language = Setting.default_language |
|
116 | user.language = Setting.default_language | |
117 | if user.save |
|
117 | if user.save | |
118 | user.reload |
|
118 | user.reload | |
119 |
logger.info("User '#{user.login}' created from |
|
119 | logger.info("User '#{user.login}' created from external auth source: #{user.auth_source.type} - #{user.auth_source.name}") if logger | |
120 | end |
|
120 | end | |
121 | end |
|
121 | end | |
122 | end |
|
122 | end | |
123 | user.update_attribute(:last_login_on, Time.now) if user && !user.new_record? |
|
123 | user.update_attribute(:last_login_on, Time.now) if user && !user.new_record? | |
124 | user |
|
124 | user | |
125 | rescue => text |
|
125 | rescue => text | |
126 | raise text |
|
126 | raise text | |
127 | end |
|
127 | end | |
128 |
|
128 | |||
129 | # Returns the user who matches the given autologin +key+ or nil |
|
129 | # Returns the user who matches the given autologin +key+ or nil | |
130 | def self.try_to_autologin(key) |
|
130 | def self.try_to_autologin(key) | |
131 | tokens = Token.find_all_by_action_and_value('autologin', key) |
|
131 | tokens = Token.find_all_by_action_and_value('autologin', key) | |
132 | # Make sure there's only 1 token that matches the key |
|
132 | # Make sure there's only 1 token that matches the key | |
133 | if tokens.size == 1 |
|
133 | if tokens.size == 1 | |
134 | token = tokens.first |
|
134 | token = tokens.first | |
135 | if (token.created_on > Setting.autologin.to_i.day.ago) && token.user && token.user.active? |
|
135 | if (token.created_on > Setting.autologin.to_i.day.ago) && token.user && token.user.active? | |
136 | token.user.update_attribute(:last_login_on, Time.now) |
|
136 | token.user.update_attribute(:last_login_on, Time.now) | |
137 | token.user |
|
137 | token.user | |
138 | end |
|
138 | end | |
139 | end |
|
139 | end | |
140 | end |
|
140 | end | |
141 |
|
141 | |||
142 | # Return user's full name for display |
|
142 | # Return user's full name for display | |
143 | def name(formatter = nil) |
|
143 | def name(formatter = nil) | |
144 | if formatter |
|
144 | if formatter | |
145 | eval('"' + (USER_FORMATS[formatter] || USER_FORMATS[:firstname_lastname]) + '"') |
|
145 | eval('"' + (USER_FORMATS[formatter] || USER_FORMATS[:firstname_lastname]) + '"') | |
146 | else |
|
146 | else | |
147 | @name ||= eval('"' + (USER_FORMATS[Setting.user_format] || USER_FORMATS[:firstname_lastname]) + '"') |
|
147 | @name ||= eval('"' + (USER_FORMATS[Setting.user_format] || USER_FORMATS[:firstname_lastname]) + '"') | |
148 | end |
|
148 | end | |
149 | end |
|
149 | end | |
150 |
|
150 | |||
151 | def active? |
|
151 | def active? | |
152 | self.status == STATUS_ACTIVE |
|
152 | self.status == STATUS_ACTIVE | |
153 | end |
|
153 | end | |
154 |
|
154 | |||
155 | def registered? |
|
155 | def registered? | |
156 | self.status == STATUS_REGISTERED |
|
156 | self.status == STATUS_REGISTERED | |
157 | end |
|
157 | end | |
158 |
|
158 | |||
159 | def locked? |
|
159 | def locked? | |
160 | self.status == STATUS_LOCKED |
|
160 | self.status == STATUS_LOCKED | |
161 | end |
|
161 | end | |
162 |
|
162 | |||
163 | def check_password?(clear_password) |
|
163 | def check_password?(clear_password) | |
164 | User.hash_password(clear_password) == self.hashed_password |
|
164 | User.hash_password(clear_password) == self.hashed_password | |
165 | end |
|
165 | end | |
166 |
|
166 | |||
167 | # Generate and set a random password. Useful for automated user creation |
|
167 | # Generate and set a random password. Useful for automated user creation | |
168 | # Based on Token#generate_token_value |
|
168 | # Based on Token#generate_token_value | |
169 | # |
|
169 | # | |
170 | def random_password |
|
170 | def random_password | |
171 | chars = ("a".."z").to_a + ("A".."Z").to_a + ("0".."9").to_a |
|
171 | chars = ("a".."z").to_a + ("A".."Z").to_a + ("0".."9").to_a | |
172 | password = '' |
|
172 | password = '' | |
173 | 40.times { |i| password << chars[rand(chars.size-1)] } |
|
173 | 40.times { |i| password << chars[rand(chars.size-1)] } | |
174 | self.password = password |
|
174 | self.password = password | |
175 | self.password_confirmation = password |
|
175 | self.password_confirmation = password | |
176 | self |
|
176 | self | |
177 | end |
|
177 | end | |
178 |
|
178 | |||
179 | def pref |
|
179 | def pref | |
180 | self.preference ||= UserPreference.new(:user => self) |
|
180 | self.preference ||= UserPreference.new(:user => self) | |
181 | end |
|
181 | end | |
182 |
|
182 | |||
183 | def time_zone |
|
183 | def time_zone | |
184 | @time_zone ||= (self.pref.time_zone.blank? ? nil : ActiveSupport::TimeZone[self.pref.time_zone]) |
|
184 | @time_zone ||= (self.pref.time_zone.blank? ? nil : ActiveSupport::TimeZone[self.pref.time_zone]) | |
185 | end |
|
185 | end | |
186 |
|
186 | |||
187 | def wants_comments_in_reverse_order? |
|
187 | def wants_comments_in_reverse_order? | |
188 | self.pref[:comments_sorting] == 'desc' |
|
188 | self.pref[:comments_sorting] == 'desc' | |
189 | end |
|
189 | end | |
190 |
|
190 | |||
191 | # Return user's RSS key (a 40 chars long string), used to access feeds |
|
191 | # Return user's RSS key (a 40 chars long string), used to access feeds | |
192 | def rss_key |
|
192 | def rss_key | |
193 | token = self.rss_token || Token.create(:user => self, :action => 'feeds') |
|
193 | token = self.rss_token || Token.create(:user => self, :action => 'feeds') | |
194 | token.value |
|
194 | token.value | |
195 | end |
|
195 | end | |
196 |
|
196 | |||
197 | # Return user's API key (a 40 chars long string), used to access the API |
|
197 | # Return user's API key (a 40 chars long string), used to access the API | |
198 | def api_key |
|
198 | def api_key | |
199 | token = self.api_token || self.create_api_token(:action => 'api') |
|
199 | token = self.api_token || self.create_api_token(:action => 'api') | |
200 | token.value |
|
200 | token.value | |
201 | end |
|
201 | end | |
202 |
|
202 | |||
203 | # Return an array of project ids for which the user has explicitly turned mail notifications on |
|
203 | # Return an array of project ids for which the user has explicitly turned mail notifications on | |
204 | def notified_projects_ids |
|
204 | def notified_projects_ids | |
205 | @notified_projects_ids ||= memberships.select {|m| m.mail_notification?}.collect(&:project_id) |
|
205 | @notified_projects_ids ||= memberships.select {|m| m.mail_notification?}.collect(&:project_id) | |
206 | end |
|
206 | end | |
207 |
|
207 | |||
208 | def notified_project_ids=(ids) |
|
208 | def notified_project_ids=(ids) | |
209 | Member.update_all("mail_notification = #{connection.quoted_false}", ['user_id = ?', id]) |
|
209 | Member.update_all("mail_notification = #{connection.quoted_false}", ['user_id = ?', id]) | |
210 | Member.update_all("mail_notification = #{connection.quoted_true}", ['user_id = ? AND project_id IN (?)', id, ids]) if ids && !ids.empty? |
|
210 | Member.update_all("mail_notification = #{connection.quoted_true}", ['user_id = ? AND project_id IN (?)', id, ids]) if ids && !ids.empty? | |
211 | @notified_projects_ids = nil |
|
211 | @notified_projects_ids = nil | |
212 | notified_projects_ids |
|
212 | notified_projects_ids | |
213 | end |
|
213 | end | |
214 |
|
214 | |||
215 | def self.find_by_rss_key(key) |
|
215 | def self.find_by_rss_key(key) | |
216 | token = Token.find_by_value(key) |
|
216 | token = Token.find_by_value(key) | |
217 | token && token.user.active? ? token.user : nil |
|
217 | token && token.user.active? ? token.user : nil | |
218 | end |
|
218 | end | |
219 |
|
219 | |||
220 | def self.find_by_api_key(key) |
|
220 | def self.find_by_api_key(key) | |
221 | token = Token.find_by_action_and_value('api', key) |
|
221 | token = Token.find_by_action_and_value('api', key) | |
222 | token && token.user.active? ? token.user : nil |
|
222 | token && token.user.active? ? token.user : nil | |
223 | end |
|
223 | end | |
224 |
|
224 | |||
225 | # Makes find_by_mail case-insensitive |
|
225 | # Makes find_by_mail case-insensitive | |
226 | def self.find_by_mail(mail) |
|
226 | def self.find_by_mail(mail) | |
227 | find(:first, :conditions => ["LOWER(mail) = ?", mail.to_s.downcase]) |
|
227 | find(:first, :conditions => ["LOWER(mail) = ?", mail.to_s.downcase]) | |
228 | end |
|
228 | end | |
229 |
|
229 | |||
230 | def to_s |
|
230 | def to_s | |
231 | name |
|
231 | name | |
232 | end |
|
232 | end | |
233 |
|
233 | |||
234 | # Returns the current day according to user's time zone |
|
234 | # Returns the current day according to user's time zone | |
235 | def today |
|
235 | def today | |
236 | if time_zone.nil? |
|
236 | if time_zone.nil? | |
237 | Date.today |
|
237 | Date.today | |
238 | else |
|
238 | else | |
239 | Time.now.in_time_zone(time_zone).to_date |
|
239 | Time.now.in_time_zone(time_zone).to_date | |
240 | end |
|
240 | end | |
241 | end |
|
241 | end | |
242 |
|
242 | |||
243 | def logged? |
|
243 | def logged? | |
244 | true |
|
244 | true | |
245 | end |
|
245 | end | |
246 |
|
246 | |||
247 | def anonymous? |
|
247 | def anonymous? | |
248 | !logged? |
|
248 | !logged? | |
249 | end |
|
249 | end | |
250 |
|
250 | |||
251 | # Return user's roles for project |
|
251 | # Return user's roles for project | |
252 | def roles_for_project(project) |
|
252 | def roles_for_project(project) | |
253 | roles = [] |
|
253 | roles = [] | |
254 | # No role on archived projects |
|
254 | # No role on archived projects | |
255 | return roles unless project && project.active? |
|
255 | return roles unless project && project.active? | |
256 | if logged? |
|
256 | if logged? | |
257 | # Find project membership |
|
257 | # Find project membership | |
258 | membership = memberships.detect {|m| m.project_id == project.id} |
|
258 | membership = memberships.detect {|m| m.project_id == project.id} | |
259 | if membership |
|
259 | if membership | |
260 | roles = membership.roles |
|
260 | roles = membership.roles | |
261 | else |
|
261 | else | |
262 | @role_non_member ||= Role.non_member |
|
262 | @role_non_member ||= Role.non_member | |
263 | roles << @role_non_member |
|
263 | roles << @role_non_member | |
264 | end |
|
264 | end | |
265 | else |
|
265 | else | |
266 | @role_anonymous ||= Role.anonymous |
|
266 | @role_anonymous ||= Role.anonymous | |
267 | roles << @role_anonymous |
|
267 | roles << @role_anonymous | |
268 | end |
|
268 | end | |
269 | roles |
|
269 | roles | |
270 | end |
|
270 | end | |
271 |
|
271 | |||
272 | # Return true if the user is a member of project |
|
272 | # Return true if the user is a member of project | |
273 | def member_of?(project) |
|
273 | def member_of?(project) | |
274 | !roles_for_project(project).detect {|role| role.member?}.nil? |
|
274 | !roles_for_project(project).detect {|role| role.member?}.nil? | |
275 | end |
|
275 | end | |
276 |
|
276 | |||
277 | # Return true if the user is allowed to do the specified action on project |
|
277 | # Return true if the user is allowed to do the specified action on project | |
278 | # action can be: |
|
278 | # action can be: | |
279 | # * a parameter-like Hash (eg. :controller => 'projects', :action => 'edit') |
|
279 | # * a parameter-like Hash (eg. :controller => 'projects', :action => 'edit') | |
280 | # * a permission Symbol (eg. :edit_project) |
|
280 | # * a permission Symbol (eg. :edit_project) | |
281 | def allowed_to?(action, project, options={}) |
|
281 | def allowed_to?(action, project, options={}) | |
282 | if project |
|
282 | if project | |
283 | # No action allowed on archived projects |
|
283 | # No action allowed on archived projects | |
284 | return false unless project.active? |
|
284 | return false unless project.active? | |
285 | # No action allowed on disabled modules |
|
285 | # No action allowed on disabled modules | |
286 | return false unless project.allows_to?(action) |
|
286 | return false unless project.allows_to?(action) | |
287 | # Admin users are authorized for anything else |
|
287 | # Admin users are authorized for anything else | |
288 | return true if admin? |
|
288 | return true if admin? | |
289 |
|
289 | |||
290 | roles = roles_for_project(project) |
|
290 | roles = roles_for_project(project) | |
291 | return false unless roles |
|
291 | return false unless roles | |
292 | roles.detect {|role| (project.is_public? || role.member?) && role.allowed_to?(action)} |
|
292 | roles.detect {|role| (project.is_public? || role.member?) && role.allowed_to?(action)} | |
293 |
|
293 | |||
294 | elsif options[:global] |
|
294 | elsif options[:global] | |
295 | # Admin users are always authorized |
|
295 | # Admin users are always authorized | |
296 | return true if admin? |
|
296 | return true if admin? | |
297 |
|
297 | |||
298 | # authorize if user has at least one role that has this permission |
|
298 | # authorize if user has at least one role that has this permission | |
299 | roles = memberships.collect {|m| m.roles}.flatten.uniq |
|
299 | roles = memberships.collect {|m| m.roles}.flatten.uniq | |
300 | roles.detect {|r| r.allowed_to?(action)} || (self.logged? ? Role.non_member.allowed_to?(action) : Role.anonymous.allowed_to?(action)) |
|
300 | roles.detect {|r| r.allowed_to?(action)} || (self.logged? ? Role.non_member.allowed_to?(action) : Role.anonymous.allowed_to?(action)) | |
301 | else |
|
301 | else | |
302 | false |
|
302 | false | |
303 | end |
|
303 | end | |
304 | end |
|
304 | end | |
305 |
|
305 | |||
306 | def self.current=(user) |
|
306 | def self.current=(user) | |
307 | @current_user = user |
|
307 | @current_user = user | |
308 | end |
|
308 | end | |
309 |
|
309 | |||
310 | def self.current |
|
310 | def self.current | |
311 | @current_user ||= User.anonymous |
|
311 | @current_user ||= User.anonymous | |
312 | end |
|
312 | end | |
313 |
|
313 | |||
314 | # Returns the anonymous user. If the anonymous user does not exist, it is created. There can be only |
|
314 | # Returns the anonymous user. If the anonymous user does not exist, it is created. There can be only | |
315 | # one anonymous user per database. |
|
315 | # one anonymous user per database. | |
316 | def self.anonymous |
|
316 | def self.anonymous | |
317 | anonymous_user = AnonymousUser.find(:first) |
|
317 | anonymous_user = AnonymousUser.find(:first) | |
318 | if anonymous_user.nil? |
|
318 | if anonymous_user.nil? | |
319 | anonymous_user = AnonymousUser.create(:lastname => 'Anonymous', :firstname => '', :mail => '', :login => '', :status => 0) |
|
319 | anonymous_user = AnonymousUser.create(:lastname => 'Anonymous', :firstname => '', :mail => '', :login => '', :status => 0) | |
320 | raise 'Unable to create the anonymous user.' if anonymous_user.new_record? |
|
320 | raise 'Unable to create the anonymous user.' if anonymous_user.new_record? | |
321 | end |
|
321 | end | |
322 | anonymous_user |
|
322 | anonymous_user | |
323 | end |
|
323 | end | |
324 |
|
324 | |||
325 | protected |
|
325 | protected | |
326 |
|
326 | |||
327 | def validate |
|
327 | def validate | |
328 | # Password length validation based on setting |
|
328 | # Password length validation based on setting | |
329 | if !password.nil? && password.size < Setting.password_min_length.to_i |
|
329 | if !password.nil? && password.size < Setting.password_min_length.to_i | |
330 | errors.add(:password, :too_short, :count => Setting.password_min_length.to_i) |
|
330 | errors.add(:password, :too_short, :count => Setting.password_min_length.to_i) | |
331 | end |
|
331 | end | |
332 | end |
|
332 | end | |
333 |
|
333 | |||
334 | private |
|
334 | private | |
335 |
|
335 | |||
336 | # Return password digest |
|
336 | # Return password digest | |
337 | def self.hash_password(clear_password) |
|
337 | def self.hash_password(clear_password) | |
338 | Digest::SHA1.hexdigest(clear_password || "") |
|
338 | Digest::SHA1.hexdigest(clear_password || "") | |
339 | end |
|
339 | end | |
340 | end |
|
340 | end | |
341 |
|
341 | |||
342 | class AnonymousUser < User |
|
342 | class AnonymousUser < User | |
343 |
|
343 | |||
344 | def validate_on_create |
|
344 | def validate_on_create | |
345 | # There should be only one AnonymousUser in the database |
|
345 | # There should be only one AnonymousUser in the database | |
346 | errors.add_to_base 'An anonymous user already exists.' if AnonymousUser.find(:first) |
|
346 | errors.add_to_base 'An anonymous user already exists.' if AnonymousUser.find(:first) | |
347 | end |
|
347 | end | |
348 |
|
348 | |||
349 | def available_custom_fields |
|
349 | def available_custom_fields | |
350 | [] |
|
350 | [] | |
351 | end |
|
351 | end | |
352 |
|
352 | |||
353 | # Overrides a few properties |
|
353 | # Overrides a few properties | |
354 | def logged?; false end |
|
354 | def logged?; false end | |
355 | def admin; false end |
|
355 | def admin; false end | |
356 | def name(*args); I18n.t(:label_user_anonymous) end |
|
356 | def name(*args); I18n.t(:label_user_anonymous) end | |
357 | def mail; nil end |
|
357 | def mail; nil end | |
358 | def time_zone; nil end |
|
358 | def time_zone; nil end | |
359 | def rss_key; nil end |
|
359 | def rss_key; nil end | |
360 | end |
|
360 | end |
General Comments 0
You need to be logged in to leave comments.
Login now