| @@ -0,0 +1,14 | |||||
|
|
1 | class AddRepositoryWriteAccess < ActiveRecord::Migration | |||
|
|
2 | ||||
|
|
3 | def self.up | |||
|
|
4 | Role.find(:all).select { |r| not r.builtin? }.each do |r| | |||
|
|
5 | r.add_permission!(:commit_access) | |||
|
|
6 | end | |||
|
|
7 | end | |||
|
|
8 | ||||
|
|
9 | def self.down | |||
|
|
10 | Role.find(:all).select { |r| not r.builtin? }.each do |r| | |||
|
|
11 | r.remove_permission!(:commit_access) | |||
|
|
12 | end | |||
|
|
13 | end | |||
|
|
14 | end | |||
| @@ -36,7 +36,7 class Role < ActiveRecord::Base | |||||
| 36 | has_many :members |
|
36 | has_many :members | |
| 37 | acts_as_list |
|
37 | acts_as_list | |
| 38 |
|
38 | |||
| 39 | serialize :permissions |
|
39 | serialize :permissions, Array | |
| 40 | attr_protected :builtin |
|
40 | attr_protected :builtin | |
| 41 |
|
41 | |||
| 42 | validates_presence_of :name |
|
42 | validates_presence_of :name | |
| @@ -49,10 +49,28 class Role < ActiveRecord::Base | |||||
| 49 | end |
|
49 | end | |
| 50 |
|
50 | |||
| 51 | def permissions=(perms) |
|
51 | def permissions=(perms) | |
| 52 | perms = perms.collect {|p| p.to_sym unless p.blank? }.compact if perms |
|
52 | perms = perms.collect {|p| p.to_sym unless p.blank? }.compact.uniq if perms | |
| 53 | write_attribute(:permissions, perms) |
|
53 | write_attribute(:permissions, perms) | |
| 54 | end |
|
54 | end | |
| 55 |
|
55 | |||
|
|
56 | def add_permission!(*perms) | |||
|
|
57 | self.permissions = [] unless permissions.is_a?(Array) | |||
|
|
58 | ||||
|
|
59 | permissions_will_change! | |||
|
|
60 | perms.each do |p| | |||
|
|
61 | p = p.to_sym | |||
|
|
62 | permissions << p unless permissions.include?(p) | |||
|
|
63 | end | |||
|
|
64 | save! | |||
|
|
65 | end | |||
|
|
66 | ||||
|
|
67 | def remove_permission!(*perms) | |||
|
|
68 | return unless permissions.is_a?(Array) | |||
|
|
69 | permissions_will_change! | |||
|
|
70 | perms.each { |p| permissions.delete(p.to_sym) } | |||
|
|
71 | save! | |||
|
|
72 | end | |||
|
|
73 | ||||
| 56 | def <=>(role) |
|
74 | def <=>(role) | |
| 57 | position <=> role.position |
|
75 | position <=> role.position | |
| 58 | end |
|
76 | end | |
| @@ -148,11 +148,12 sub RedmineDSN { | |||||
| 148 | my ($self, $parms, $arg) = @_; |
|
148 | my ($self, $parms, $arg) = @_; | |
| 149 | $self->{RedmineDSN} = $arg; |
|
149 | $self->{RedmineDSN} = $arg; | |
| 150 | my $query = "SELECT |
|
150 | my $query = "SELECT | |
| 151 | hashed_password, auth_source_id |
|
151 | hashed_password, auth_source_id, permissions | |
| 152 | FROM members, projects, users |
|
152 | FROM members, projects, users, roles | |
| 153 | WHERE |
|
153 | WHERE | |
| 154 | projects.id=members.project_id |
|
154 | projects.id=members.project_id | |
| 155 | AND users.id=members.user_id |
|
155 | AND users.id=members.user_id | |
|
|
156 | AND roles.id=members.role_id | |||
| 156 | AND users.status=1 |
|
157 | AND users.status=1 | |
| 157 | AND login=? |
|
158 | AND login=? | |
| 158 | AND identifier=? "; |
|
159 | AND identifier=? "; | |
| @@ -277,9 +278,11 sub is_member { | |||||
| 277 | $sth->execute($redmine_user, $project_id); |
|
278 | $sth->execute($redmine_user, $project_id); | |
| 278 |
|
279 | |||
| 279 | my $ret; |
|
280 | my $ret; | |
| 280 |
while (my |
|
281 | while (my ($hashed_password, $auth_source_id, $permissions) = $sth->fetchrow_array) { | |
| 281 | unless ($row[1]) { |
|
282 | ||
| 282 | if ($row[0] eq $pass_digest) { |
|
283 | unless ($auth_source_id) { | |
|
|
284 | my $method = $r->method; | |||
|
|
285 | if ($hashed_password eq $pass_digest && (defined $read_only_methods{$method} || $permissions =~ /:commit_access/) ) { | |||
| 283 | $ret = 1; |
|
286 | $ret = 1; | |
| 284 | last; |
|
287 | last; | |
| 285 | } |
|
288 | } | |
| @@ -287,7 +290,7 sub is_member { | |||||
| 287 | my $sthldap = $dbh->prepare( |
|
290 | my $sthldap = $dbh->prepare( | |
| 288 | "SELECT host,port,tls,account,account_password,base_dn,attr_login from auth_sources WHERE id = ?;" |
|
291 | "SELECT host,port,tls,account,account_password,base_dn,attr_login from auth_sources WHERE id = ?;" | |
| 289 | ); |
|
292 | ); | |
| 290 |
$sthldap->execute($ |
|
293 | $sthldap->execute($auth_source_id); | |
| 291 | while (my @rowldap = $sthldap->fetchrow_array) { |
|
294 | while (my @rowldap = $sthldap->fetchrow_array) { | |
| 292 | my $ldap = Authen::Simple::LDAP->new( |
|
295 | my $ldap = Authen::Simple::LDAP->new( | |
| 293 | host => ($rowldap[2] == 1 || $rowldap[2] eq "t") ? "ldaps://$rowldap[0]" : $rowldap[0], |
|
296 | host => ($rowldap[2] == 1 || $rowldap[2] eq "t") ? "ldaps://$rowldap[0]" : $rowldap[0], | |
| @@ -88,6 +88,7 Redmine::AccessControl.map do |map| | |||||
| 88 | map.permission :manage_repository, {:repositories => [:edit, :destroy]}, :require => :member |
|
88 | map.permission :manage_repository, {:repositories => [:edit, :destroy]}, :require => :member | |
| 89 | map.permission :browse_repository, :repositories => [:show, :browse, :entry, :annotate, :changes, :diff, :stats, :graph] |
|
89 | map.permission :browse_repository, :repositories => [:show, :browse, :entry, :annotate, :changes, :diff, :stats, :graph] | |
| 90 | map.permission :view_changesets, :repositories => [:show, :revisions, :revision] |
|
90 | map.permission :view_changesets, :repositories => [:show, :revisions, :revision] | |
|
|
91 | map.permission :commit_access, {} | |||
| 91 | end |
|
92 | end | |
| 92 |
|
93 | |||
| 93 | map.project_module :boards do |map| |
|
94 | map.project_module :boards do |map| | |
| @@ -67,7 +67,8 module Redmine | |||||
| 67 | :view_files, |
|
67 | :view_files, | |
| 68 | :manage_files, |
|
68 | :manage_files, | |
| 69 | :browse_repository, |
|
69 | :browse_repository, | |
| 70 |
:view_changesets |
|
70 | :view_changesets, | |
|
|
71 | :commit_access] | |||
| 71 |
|
72 | |||
| 72 | reporter = Role.create! :name => l(:default_role_reporter), |
|
73 | reporter = Role.create! :name => l(:default_role_reporter), | |
| 73 | :position => 3, |
|
74 | :position => 3, | |
| @@ -30,4 +30,24 class RoleTest < Test::Unit::TestCase | |||||
| 30 | target.reload |
|
30 | target.reload | |
| 31 | assert_equal 90, target.workflows.size |
|
31 | assert_equal 90, target.workflows.size | |
| 32 | end |
|
32 | end | |
|
|
33 | ||||
|
|
34 | def test_add_permission | |||
|
|
35 | role = Role.find(1) | |||
|
|
36 | size = role.permissions.size | |||
|
|
37 | role.add_permission!("apermission", "anotherpermission") | |||
|
|
38 | role.reload | |||
|
|
39 | assert role.permissions.include?(:anotherpermission) | |||
|
|
40 | assert_equal size + 2, role.permissions.size | |||
|
|
41 | end | |||
|
|
42 | ||||
|
|
43 | def test_remove_permission | |||
|
|
44 | role = Role.find(1) | |||
|
|
45 | size = role.permissions.size | |||
|
|
46 | perm = role.permissions[0..1] | |||
|
|
47 | role.remove_permission!(*perm) | |||
|
|
48 | role.reload | |||
|
|
49 | assert ! role.permissions.include?(perm[0]) | |||
|
|
50 | assert_equal size - 2, role.permissions.size | |||
|
|
51 | end | |||
|
|
52 | ||||
| 33 | end |
|
53 | end | |
General Comments 0
You need to be logged in to leave comments.
Login now