jro_apps/redmine Commit - r15530:a2b17dae6e89

Fixed that r15668 prevents from setting managed roles....

Jean-Philippe Lang -

r15530:a2b17dae6e89

parent child

Context file:

r15530:a2b17dae6e89

Collapse all files

app/models/role.rb +1 0

             # Redmine - project management software
             # Copyright (C) 2006-2016  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             class Role < ActiveRecord::Base
               include Redmine::SafeAttributes
               # Custom coder for the permissions attribute that should be an
               # array of symbols. Rails 3 uses Psych which can be *unbelievably*
               # slow on some platforms (eg. mingw32).
               class PermissionsAttributeCoder
                 def self.load(str)
                   str.to_s.scan(/:([a-z0-9_]+)/).flatten.map(&:to_sym)
                 end
                 def self.dump(value)
                   YAML.dump(value)
                 end
               end
               # Built-in roles
               BUILTIN_NON_MEMBER = 1
               BUILTIN_ANONYMOUS  = 2
               ISSUES_VISIBILITY_OPTIONS = [
                 ['all', :label_issues_visibility_all],
                 ['default', :label_issues_visibility_public],
                 ['own', :label_issues_visibility_own]
               ]
               TIME_ENTRIES_VISIBILITY_OPTIONS = [
                 ['all', :label_time_entries_visibility_all],
                 ['own', :label_time_entries_visibility_own]
               ]
               USERS_VISIBILITY_OPTIONS = [
                 ['all', :label_users_visibility_all],
                 ['members_of_visible_projects', :label_users_visibility_members_of_visible_projects]
               ]
               scope :sorted, lambda { order(:builtin, :position) }
               scope :givable, lambda { order(:position).where(:builtin => 0) }
               scope :builtin, lambda { |*args|
                 compare = (args.first == true ? 'not' : '')
                 where("#{compare} builtin = 0")
               }
               before_destroy :check_deletable
               has_many :workflow_rules, :dependent => :delete_all do
                 def copy(source_role)
                   WorkflowRule.copy(nil, source_role, nil, proxy_association.owner)
                 end
               end
               has_and_belongs_to_many :custom_fields, :join_table => "#{table_name_prefix}custom_fields_roles#{table_name_suffix}", :foreign_key => "role_id"
               has_and_belongs_to_many :managed_roles, :class_name => 'Role',
                 :join_table => "#{table_name_prefix}roles_managed_roles#{table_name_suffix}",
                 :association_foreign_key => "managed_role_id"
               has_many :member_roles, :dependent => :destroy
               has_many :members, :through => :member_roles
               acts_as_positioned :scope => :builtin
               serialize :permissions, ::Role::PermissionsAttributeCoder
               store :settings, :accessors => [:permissions_all_trackers, :permissions_tracker_ids]
               attr_protected :builtin
               validates_presence_of :name
               validates_uniqueness_of :name
               validates_length_of :name, :maximum => 30
               validates_inclusion_of :issues_visibility,
                 :in => ISSUES_VISIBILITY_OPTIONS.collect(&:first),
                 :if => lambda {|role| role.respond_to?(:issues_visibility) && role.issues_visibility_changed?}
               validates_inclusion_of :users_visibility,
                 :in => USERS_VISIBILITY_OPTIONS.collect(&:first),
                 :if => lambda {|role| role.respond_to?(:users_visibility) && role.users_visibility_changed?}
               validates_inclusion_of :time_entries_visibility,
                 :in => TIME_ENTRIES_VISIBILITY_OPTIONS.collect(&:first),
                 :if => lambda {|role| role.respond_to?(:time_entries_visibility) && role.time_entries_visibility_changed?}
               safe_attributes 'name',
                   'assignable',
                   'position',
                   'issues_visibility',
                   'users_visibility',
                   'time_entries_visibility',
                   'all_roles_managed',
+                  'managed_role_ids',
                   'permissions',
                   'permissions_all_trackers',
                   'permissions_tracker_ids'
               # Copies attributes from another role, arg can be an id or a Role
               def copy_from(arg, options={})
                 return unless arg.present?
                 role = arg.is_a?(Role) ? arg : Role.find_by_id(arg.to_s)
                 self.attributes = role.attributes.dup.except("id", "name", "position", "builtin", "permissions")
                 self.permissions = role.permissions.dup
                 self
               end
               def permissions=(perms)
                 perms = perms.collect {|p| p.to_sym unless p.blank? }.compact.uniq if perms
                 write_attribute(:permissions, perms)
               end
               def add_permission!(*perms)
                 self.permissions = [] unless permissions.is_a?(Array)
                 permissions_will_change!
                 perms.each do |p|
                   p = p.to_sym
                   permissions << p unless permissions.include?(p)
                 end
                 save!
               end
               def remove_permission!(*perms)
                 return unless permissions.is_a?(Array)
                 permissions_will_change!
                 perms.each { |p| permissions.delete(p.to_sym) }
                 save!
               end
               # Returns true if the role has the given permission
               def has_permission?(perm)
                 !permissions.nil? && permissions.include?(perm.to_sym)
               end
               def consider_workflow?
                 has_permission?(:add_issues) || has_permission?(:edit_issues)
               end
               def <=>(role)
                 if role
                   if builtin == role.builtin
                     position <=> role.position
                   else
                     builtin <=> role.builtin
                   end
                 else
                   -1
                 end
               end
               def to_s
                 name
               end
               def name
                 case builtin
                 when 1; l(:label_role_non_member, :default => read_attribute(:name))
                 when 2; l(:label_role_anonymous,  :default => read_attribute(:name))
                 else; read_attribute(:name)
                 end
               end
               # Return true if the role is a builtin role
               def builtin?
                 self.builtin != 0
               end
               # Return true if the role is the anonymous role
               def anonymous?
                 builtin == 2
               end
               # Return true if the role is a project member role
               def member?
                 !self.builtin?
               end
               # Return true if role is allowed to do the specified action
               # action can be:
               # * a parameter-like Hash (eg. :controller => 'projects', :action => 'edit')
               # * a permission Symbol (eg. :edit_project)
               def allowed_to?(action)
                 if action.is_a? Hash
                   allowed_actions.include? "#{action[:controller]}/#{action[:action]}"
                 else
                   allowed_permissions.include? action
                 end
               end
               # Return all the permissions that can be given to the role
               def setable_permissions
                 setable_permissions = Redmine::AccessControl.permissions - Redmine::AccessControl.public_permissions
                 setable_permissions -= Redmine::AccessControl.members_only_permissions if self.builtin == BUILTIN_NON_MEMBER
                 setable_permissions -= Redmine::AccessControl.loggedin_only_permissions if self.builtin == BUILTIN_ANONYMOUS
                 setable_permissions
               end
               def permissions_tracker_ids(*args)
                 if args.any?
                   Array(permissions_tracker_ids[args.first.to_s]).map(&:to_i)
                 else
                   super || {}
                 end
               end
               def permissions_tracker_ids=(arg)
                 h = arg.to_hash
                 h.values.each {|v| v.reject!(&:blank?)}
                 super(h)
               end
               # Returns true if tracker_id belongs to the list of
               # trackers for which permission is given
               def permissions_tracker_ids?(permission, tracker_id)
                 permissions_tracker_ids(permission).include?(tracker_id)
               end
               def permissions_all_trackers
                 super || {}
               end
               def permissions_all_trackers=(arg)
                 super(arg.to_hash)
               end
               # Returns true if permission is given for all trackers
               def permissions_all_trackers?(permission)
                 permissions_all_trackers[permission.to_s].to_s != '0'
               end
               # Returns true if permission is given for the tracker
               # (explicitly or for all trackers)
               def permissions_tracker?(permission, tracker)
                 permissions_all_trackers?(permission) ||
                   permissions_tracker_ids?(permission, tracker.try(:id))
               end
               # Sets the trackers that are allowed for a permission.
               # tracker_ids can be an array of tracker ids or :all for
               # no restrictions.
               #
               # Examples:
               #   role.set_permission_trackers :add_issues, [1, 3]
               #   role.set_permission_trackers :add_issues, :all
               def set_permission_trackers(permission, tracker_ids)
                 h = {permission.to_s => (tracker_ids == :all ? '1' : '0')}
                 self.permissions_all_trackers = permissions_all_trackers.merge(h)
                 h = {permission.to_s => (tracker_ids == :all ? [] : tracker_ids)}
                 self.permissions_tracker_ids = permissions_tracker_ids.merge(h)
                 self
               end
               # Find all the roles that can be given to a project member
               def self.find_all_givable
                 Role.givable.to_a
               end
               # Return the builtin 'non member' role.  If the role doesn't exist,
               # it will be created on the fly.
               def self.non_member
                 find_or_create_system_role(BUILTIN_NON_MEMBER, 'Non member')
               end
               # Return the builtin 'anonymous' role.  If the role doesn't exist,
               # it will be created on the fly.
               def self.anonymous
                 find_or_create_system_role(BUILTIN_ANONYMOUS, 'Anonymous')
               end
             private
               def allowed_permissions
                 @allowed_permissions ||= permissions + Redmine::AccessControl.public_permissions.collect {|p| p.name}
               end
               def allowed_actions
                 @actions_allowed ||= allowed_permissions.inject([]) { |actions, permission| actions += Redmine::AccessControl.allowed_actions(permission) }.flatten
               end
               def check_deletable
                 raise "Cannot delete role" if members.any?
                 raise "Cannot delete builtin role" if builtin?
               end
               def self.find_or_create_system_role(builtin, name)
                 role = where(:builtin => builtin).first
                 if role.nil?
                   role = create(:name => name) do |r|
                     r.builtin = builtin
                   end
                   raise "Unable to create the #{name} role (#{role.errors.full_messages.join(',')})." if role.new_record?
                 end
                 role
               end
             end

test/functional/roles_controller_test.rb +15 0

             # Redmine - project management software
             # Copyright (C) 2006-2016  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             require File.expand_path('../../test_helper', __FILE__)
             class RolesControllerTest < Redmine::ControllerTest
               fixtures :roles, :users, :members, :member_roles, :workflows, :trackers
               def setup
                 User.current = nil
                 @request.session[:user_id] = 1 # admin
               end
               def test_index
                 get :index
                 assert_response :success
                 assert_select 'table.roles tbody' do
                   assert_select 'tr', Role.count
                   assert_select 'a[href="/roles/1/edit"]', :text => 'Manager'
                 end
               end
               def test_new
                 get :new
                 assert_response :success
                 assert_select 'input[name=?]', 'role[name]'
                 assert_select 'input[name=?]', 'role[permissions][]'
               end
               def test_new_should_prefill_permissions_with_non_member_permissions
                 role = Role.non_member
                 role.permissions = [:view_issues, :view_documents]
                 role.save!
                 get :new
                 assert_response :success
                 assert_equal %w(view_documents view_issues),
                   css_select('input[name="role[permissions][]"][checked=checked]').map {|e| e.attr('value')}.sort
               end
               def test_new_with_copy
                 copy_from = Role.find(2)
                 get :new, :params => {:copy => copy_from.id.to_s}
                 assert_response :success
                 assert_select 'input[name=?]', 'role[name]'
                 assert_select 'form' do
                   # blank name
                   assert_select 'input[name=?][value=""]', 'role[name]'
                   # edit_project permission checked
                   assert_select 'input[type=checkbox][name=?][value=edit_project][checked=checked]', 'role[permissions][]'
                   # add_project permission not checked
                   assert_select 'input[type=checkbox][name=?][value=add_project]', 'role[permissions][]'
                   assert_select 'input[type=checkbox][name=?][value=add_project][checked=checked]', 'role[permissions][]', 0
                   # workflow copy selected
                   assert_select 'select[name=?]', 'copy_workflow_from' do
                     assert_select 'option[value="2"][selected=selected]'
                   end
                 end
               end
               def test_create_with_validaton_failure
                 post :create, :params => {
                   :role => {
                     :name => '',
                     :permissions => ['add_issues', 'edit_issues', 'log_time', ''],
                     :assignable => '0'
                   }
                 }
                 assert_response :success
                 assert_select_error /Name cannot be blank/
               end
               def test_create_without_workflow_copy
                 post :create, :params => {
                   :role => {
                     :name => 'RoleWithoutWorkflowCopy',
                     :permissions => ['add_issues', 'edit_issues', 'log_time', ''],
                     :assignable => '0'
                   }
                 }
                 assert_redirected_to '/roles'
                 role = Role.find_by_name('RoleWithoutWorkflowCopy')
                 assert_not_nil role
                 assert_equal [:add_issues, :edit_issues, :log_time], role.permissions
                 assert !role.assignable?
               end
               def test_create_with_workflow_copy
                 post :create, :params => {
                   :role => {
                     :name => 'RoleWithWorkflowCopy',
                     :permissions => ['add_issues', 'edit_issues', 'log_time', ''],
                     :assignable => '0'
                   },
                   :copy_workflow_from => '1'
                 }
                 assert_redirected_to '/roles'
                 role = Role.find_by_name('RoleWithWorkflowCopy')
                 assert_not_nil role
                 assert_equal Role.find(1).workflow_rules.size, role.workflow_rules.size
               end
+              def test_create_with_managed_roles
+                role = new_record(Role) do
+                  post :create, :params => {
+                    :role => {
+                      :name => 'Role',
+                      :all_roles_managed => '0',
+                      :managed_role_ids => ['2', '3', '']
+                    }
+                  }
+                  assert_response 302
+                end
+                assert_equal false, role.all_roles_managed
+                assert_equal [2, 3], role.managed_role_ids
+              end
               def test_edit
                 get :edit, :params => {:id => 1}
                 assert_response :success
                 assert_select 'input[name=?][value=?]', 'role[name]', 'Manager'
                 assert_select 'select[name=?]', 'role[issues_visibility]'
               end
               def test_edit_anonymous
                 get :edit, :params => {:id => Role.anonymous.id}
                 assert_response :success
                 assert_select 'input[name=?]', 'role[name]', 0
                 assert_select 'select[name=?]', 'role[issues_visibility]', 0
               end
               def test_edit_invalid_should_respond_with_404
                 get :edit, :params => {:id => 999}
                 assert_response 404
               end
               def test_update
                 put :update, :params => {
                   :id => 1,
                   :role => {
                     :name => 'Manager',
                     :permissions => ['edit_project', ''],
                     :assignable => '0'
                   }
                 }
                 assert_redirected_to '/roles'
                 role = Role.find(1)
                 assert_equal [:edit_project], role.permissions
               end
               def test_update_trackers_permissions
                 put :update, :params => {
                   :id => 1,
                   :role => {
                     :permissions_all_trackers => {'add_issues' => '0'},
                     :permissions_tracker_ids => {'add_issues' => ['1', '3', '']}
                   }
                 }
                 assert_redirected_to '/roles'
                 role = Role.find(1)
                 assert_equal({'add_issues' => '0'}, role.permissions_all_trackers)
                 assert_equal({'add_issues' => ['1', '3']}, role.permissions_tracker_ids)
                 assert_equal false, role.permissions_all_trackers?(:add_issues)
                 assert_equal [1, 3], role.permissions_tracker_ids(:add_issues).sort
               end
               def test_update_with_failure
                 put :update, :params => {:id => 1, :role => {:name => ''}}
                 assert_response :success
                 assert_select_error /Name cannot be blank/
               end
               def test_destroy
                 r = Role.create!(:name => 'ToBeDestroyed', :permissions => [:view_wiki_pages])
                 delete :destroy, :params => {:id => r}
                 assert_redirected_to '/roles'
                 assert_nil Role.find_by_id(r.id)
               end
               def test_destroy_role_in_use
                 delete :destroy, :params => {:id => 1}
                 assert_redirected_to '/roles'
                 assert_equal 'This role is in use and cannot be deleted.', flash[:error]
                 assert_not_nil Role.find_by_id(1)
               end
               def test_get_permissions
                 get :permissions
                 assert_response :success
                 assert_select 'input[name=?][type=checkbox][value=add_issues][checked=checked]', 'permissions[3][]'
                 assert_select 'input[name=?][type=checkbox][value=delete_issues]:not([checked])', 'permissions[3][]'
               end
               def test_post_permissions
                 post :permissions, :params => {
                   :permissions => {
                     '0' => '',
                     '1' => ['edit_issues'],
                     '3' => ['add_issues', 'delete_issues']
                   }
                 }
                 assert_redirected_to '/roles'
                 assert_equal [:edit_issues], Role.find(1).permissions
                 assert_equal [:add_issues, :delete_issues], Role.find(3).permissions
                 assert Role.find(2).permissions.empty?
               end
               def test_clear_all_permissions
                 post :permissions, :params => {:permissions => { '0' => '' }}
                 assert_redirected_to '/roles'
                 assert Role.find(1).permissions.empty?
               end
               def test_move_highest
                 put :update, :params => {:id => 3, :role => {:position => 1}}
                 assert_redirected_to '/roles'
                 assert_equal 1, Role.find(3).position
               end
               def test_move_higher
                 position = Role.find(3).position
                 put :update, :params => {:id => 3, :role => {:position => position - 1}}
                 assert_redirected_to '/roles'
                 assert_equal position - 1, Role.find(3).position
               end
               def test_move_lower
                 position = Role.find(2).position
                 put :update, :params => {:id => 2, :role => {:position => position + 1}}
                 assert_redirected_to '/roles'
                 assert_equal position + 1, Role.find(2).position
               end
               def test_move_lowest
                 put :update, :params => {:id => 2, :role => {:position => Role.givable.count}}
                 assert_redirected_to '/roles'
                 assert_equal Role.givable.count, Role.find(2).position
               end
             end

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages