| @@ -0,0 +1,14 | |||
|
|
1 | class AddRepositoryWriteAccess < ActiveRecord::Migration | |
|
|
2 | ||
|
|
3 | def self.up | |
|
|
4 | Role.find(:all).select { |r| not r.builtin? }.each do |r| | |
|
|
5 | r.add_permission!(:commit_access) | |
|
|
6 | end | |
|
|
7 | end | |
|
|
8 | ||
|
|
9 | def self.down | |
|
|
10 | Role.find(:all).select { |r| not r.builtin? }.each do |r| | |
|
|
11 | r.remove_permission!(:commit_access) | |
|
|
12 | end | |
|
|
13 | end | |
|
|
14 | end | |
| @@ -36,7 +36,7 class Role < ActiveRecord::Base | |||
|
|
36 | 36 | has_many :members |
|
|
37 | 37 | acts_as_list |
|
|
38 | 38 | |
|
|
39 | serialize :permissions | |
|
|
39 | serialize :permissions, Array | |
|
|
40 | 40 | attr_protected :builtin |
|
|
41 | 41 | |
|
|
42 | 42 | validates_presence_of :name |
| @@ -49,9 +49,27 class Role < ActiveRecord::Base | |||
|
|
49 | 49 | end |
|
|
50 | 50 | |
|
|
51 | 51 | def permissions=(perms) |
|
|
52 | perms = perms.collect {|p| p.to_sym unless p.blank? }.compact if perms | |
|
|
52 | perms = perms.collect {|p| p.to_sym unless p.blank? }.compact.uniq if perms | |
|
|
53 | 53 | write_attribute(:permissions, perms) |
|
|
54 | 54 | end |
|
|
55 | ||
|
|
56 | def add_permission!(*perms) | |
|
|
57 | self.permissions = [] unless permissions.is_a?(Array) | |
|
|
58 | ||
|
|
59 | permissions_will_change! | |
|
|
60 | perms.each do |p| | |
|
|
61 | p = p.to_sym | |
|
|
62 | permissions << p unless permissions.include?(p) | |
|
|
63 | end | |
|
|
64 | save! | |
|
|
65 | end | |
|
|
66 | ||
|
|
67 | def remove_permission!(*perms) | |
|
|
68 | return unless permissions.is_a?(Array) | |
|
|
69 | permissions_will_change! | |
|
|
70 | perms.each { |p| permissions.delete(p.to_sym) } | |
|
|
71 | save! | |
|
|
72 | end | |
|
|
55 | 73 | |
|
|
56 | 74 | def <=>(role) |
|
|
57 | 75 | position <=> role.position |
| @@ -148,11 +148,12 sub RedmineDSN { | |||
|
|
148 | 148 | my ($self, $parms, $arg) = @_; |
|
|
149 | 149 | $self->{RedmineDSN} = $arg; |
|
|
150 | 150 | my $query = "SELECT |
|
|
151 | hashed_password, auth_source_id | |
|
|
152 | FROM members, projects, users | |
|
|
151 | hashed_password, auth_source_id, permissions | |
|
|
152 | FROM members, projects, users, roles | |
|
|
153 | 153 | WHERE |
|
|
154 | 154 | projects.id=members.project_id |
|
|
155 | 155 | AND users.id=members.user_id |
|
|
156 | AND roles.id=members.role_id | |
|
|
156 | 157 | AND users.status=1 |
|
|
157 | 158 | AND login=? |
|
|
158 | 159 | AND identifier=? "; |
| @@ -277,9 +278,11 sub is_member { | |||
|
|
277 | 278 | $sth->execute($redmine_user, $project_id); |
|
|
278 | 279 | |
|
|
279 | 280 | my $ret; |
|
|
280 |
while (my |
|
|
|
281 | unless ($row[1]) { | |
|
|
282 | if ($row[0] eq $pass_digest) { | |
|
|
281 | while (my ($hashed_password, $auth_source_id, $permissions) = $sth->fetchrow_array) { | |
|
|
282 | ||
|
|
283 | unless ($auth_source_id) { | |
|
|
284 | my $method = $r->method; | |
|
|
285 | if ($hashed_password eq $pass_digest && (defined $read_only_methods{$method} || $permissions =~ /:commit_access/) ) { | |
|
|
283 | 286 | $ret = 1; |
|
|
284 | 287 | last; |
|
|
285 | 288 | } |
| @@ -287,7 +290,7 sub is_member { | |||
|
|
287 | 290 | my $sthldap = $dbh->prepare( |
|
|
288 | 291 | "SELECT host,port,tls,account,account_password,base_dn,attr_login from auth_sources WHERE id = ?;" |
|
|
289 | 292 | ); |
|
|
290 |
$sthldap->execute($ |
|
|
|
293 | $sthldap->execute($auth_source_id); | |
|
|
291 | 294 | while (my @rowldap = $sthldap->fetchrow_array) { |
|
|
292 | 295 | my $ldap = Authen::Simple::LDAP->new( |
|
|
293 | 296 | host => ($rowldap[2] == 1 || $rowldap[2] eq "t") ? "ldaps://$rowldap[0]" : $rowldap[0], |
| @@ -88,6 +88,7 Redmine::AccessControl.map do |map| | |||
|
|
88 | 88 | map.permission :manage_repository, {:repositories => [:edit, :destroy]}, :require => :member |
|
|
89 | 89 | map.permission :browse_repository, :repositories => [:show, :browse, :entry, :annotate, :changes, :diff, :stats, :graph] |
|
|
90 | 90 | map.permission :view_changesets, :repositories => [:show, :revisions, :revision] |
|
|
91 | map.permission :commit_access, {} | |
|
|
91 | 92 | end |
|
|
92 | 93 | |
|
|
93 | 94 | map.project_module :boards do |map| |
| @@ -67,7 +67,8 module Redmine | |||
|
|
67 | 67 | :view_files, |
|
|
68 | 68 | :manage_files, |
|
|
69 | 69 | :browse_repository, |
|
|
70 |
:view_changesets |
|
|
|
70 | :view_changesets, | |
|
|
71 | :commit_access] | |
|
|
71 | 72 | |
|
|
72 | 73 | reporter = Role.create! :name => l(:default_role_reporter), |
|
|
73 | 74 | :position => 3, |
| @@ -30,4 +30,24 class RoleTest < Test::Unit::TestCase | |||
|
|
30 | 30 | target.reload |
|
|
31 | 31 | assert_equal 90, target.workflows.size |
|
|
32 | 32 | end |
|
|
33 | ||
|
|
34 | def test_add_permission | |
|
|
35 | role = Role.find(1) | |
|
|
36 | size = role.permissions.size | |
|
|
37 | role.add_permission!("apermission", "anotherpermission") | |
|
|
38 | role.reload | |
|
|
39 | assert role.permissions.include?(:anotherpermission) | |
|
|
40 | assert_equal size + 2, role.permissions.size | |
|
|
41 | end | |
|
|
42 | ||
|
|
43 | def test_remove_permission | |
|
|
44 | role = Role.find(1) | |
|
|
45 | size = role.permissions.size | |
|
|
46 | perm = role.permissions[0..1] | |
|
|
47 | role.remove_permission!(*perm) | |
|
|
48 | role.reload | |
|
|
49 | assert ! role.permissions.include?(perm[0]) | |
|
|
50 | assert_equal size - 2, role.permissions.size | |
|
|
51 | end | |
|
|
52 | ||
|
|
33 | 53 | end |
General Comments 0
You need to be logged in to leave comments.
Login now