Various code cleaning, mainly on User, Permission and IssueStatus models.
git-svn-id: http://redmine.rubyforge.org/svn/trunk@414 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
parent
a9a082f05c
commit
e227b92972
|
@ -86,8 +86,8 @@ class ApplicationController < ActionController::Base
|
||||||
# admin is always authorized
|
# admin is always authorized
|
||||||
return true if self.logged_in_user.admin?
|
return true if self.logged_in_user.admin?
|
||||||
# if not admin, check membership permission
|
# if not admin, check membership permission
|
||||||
@user_membership ||= Member.find(:first, :conditions => ["user_id=? and project_id=?", self.logged_in_user.id, @project.id])
|
@user_membership ||= logged_in_user.role_for_project(@project)
|
||||||
if @user_membership and Permission.allowed_to_role( "%s/%s" % [ ctrl, action ], @user_membership.role_id )
|
if @user_membership and Permission.allowed_to_role( "%s/%s" % [ ctrl, action ], @user_membership )
|
||||||
return true
|
return true
|
||||||
end
|
end
|
||||||
render :nothing => true, :status => 403
|
render :nothing => true, :status => 403
|
||||||
|
|
|
@ -84,7 +84,7 @@ private
|
||||||
# project feed
|
# project feed
|
||||||
# check if project is public or if the user is a member
|
# check if project is public or if the user is a member
|
||||||
@project = Project.find(params[:project_id])
|
@project = Project.find(params[:project_id])
|
||||||
render(:nothing => true, :status => 403) and return false unless @project.is_public? || (@user && @user.role_for_project(@project.id))
|
render(:nothing => true, :status => 403) and return false unless @project.is_public? || (@user && @user.role_for_project(@project))
|
||||||
scope = ["#{Project.table_name}.id=?", params[:project_id].to_i]
|
scope = ["#{Project.table_name}.id=?", params[:project_id].to_i]
|
||||||
else
|
else
|
||||||
# global feed
|
# global feed
|
||||||
|
|
|
@ -25,7 +25,7 @@ class IssuesController < ApplicationController
|
||||||
include IfpdfHelper
|
include IfpdfHelper
|
||||||
|
|
||||||
def show
|
def show
|
||||||
@status_options = ([@issue.status] + @issue.status.workflows.find(:all, :order => 'position', :include => :new_status, :conditions => ["role_id=? and tracker_id=?", self.logged_in_user.role_for_project(@project.id), @issue.tracker.id]).collect{ |w| w.new_status }) if self.logged_in_user
|
@status_options = @issue.status.find_new_statuses_allowed_to(logged_in_user.role_for_project(@project), @issue.tracker) if logged_in_user
|
||||||
@custom_values = @issue.custom_values.find(:all, :include => :custom_field)
|
@custom_values = @issue.custom_values.find(:all, :include => :custom_field)
|
||||||
@journals_count = @issue.journals.count
|
@journals_count = @issue.journals.count
|
||||||
@journals = @issue.journals.find(:all, :include => [:user, :details], :limit => 15, :order => "#{Journal.table_name}.created_on desc")
|
@journals = @issue.journals.find(:all, :include => [:user, :details], :limit => 15, :order => "#{Journal.table_name}.created_on desc")
|
||||||
|
@ -67,9 +67,6 @@ class IssuesController < ApplicationController
|
||||||
def add_note
|
def add_note
|
||||||
unless params[:notes].empty?
|
unless params[:notes].empty?
|
||||||
journal = @issue.init_journal(self.logged_in_user, params[:notes])
|
journal = @issue.init_journal(self.logged_in_user, params[:notes])
|
||||||
#@history = @issue.histories.build(params[:history])
|
|
||||||
#@history.author_id = self.logged_in_user.id if self.logged_in_user
|
|
||||||
#@history.status = @issue.status
|
|
||||||
if @issue.save
|
if @issue.save
|
||||||
flash[:notice] = l(:notice_successful_update)
|
flash[:notice] = l(:notice_successful_update)
|
||||||
Mailer.deliver_issue_edit(journal) if Permission.find_by_controller_and_action(params[:controller], params[:action]).mail_enabled?
|
Mailer.deliver_issue_edit(journal) if Permission.find_by_controller_and_action(params[:controller], params[:action]).mail_enabled?
|
||||||
|
@ -82,17 +79,10 @@ class IssuesController < ApplicationController
|
||||||
end
|
end
|
||||||
|
|
||||||
def change_status
|
def change_status
|
||||||
#@history = @issue.histories.build(params[:history])
|
@status_options = @issue.status.find_new_statuses_allowed_to(logged_in_user.role_for_project(@project), @issue.tracker) if logged_in_user
|
||||||
@status_options = ([@issue.status] + @issue.status.workflows.find(:all, :order => 'position', :include => :new_status, :conditions => ["role_id=? and tracker_id=?", self.logged_in_user.role_for_project(@project.id), @issue.tracker.id]).collect{ |w| w.new_status }) if self.logged_in_user
|
|
||||||
@new_status = IssueStatus.find(params[:new_status_id])
|
@new_status = IssueStatus.find(params[:new_status_id])
|
||||||
if params[:confirm]
|
if params[:confirm]
|
||||||
begin
|
begin
|
||||||
#@history.author_id = self.logged_in_user.id if self.logged_in_user
|
|
||||||
#@issue.status = @history.status
|
|
||||||
#@issue.fixed_version_id = (params[:issue][:fixed_version_id])
|
|
||||||
#@issue.assigned_to_id = (params[:issue][:assigned_to_id])
|
|
||||||
#@issue.done_ratio = (params[:issue][:done_ratio])
|
|
||||||
#@issue.lock_version = (params[:issue][:lock_version])
|
|
||||||
journal = @issue.init_journal(self.logged_in_user, params[:notes])
|
journal = @issue.init_journal(self.logged_in_user, params[:notes])
|
||||||
@issue.status = @new_status
|
@issue.status = @new_status
|
||||||
if @issue.update_attributes(params[:issue])
|
if @issue.update_attributes(params[:issue])
|
||||||
|
|
|
@ -215,8 +215,7 @@ class ProjectsController < ApplicationController
|
||||||
|
|
||||||
default_status = IssueStatus.default
|
default_status = IssueStatus.default
|
||||||
@issue = Issue.new(:project => @project, :tracker => @tracker, :status => default_status)
|
@issue = Issue.new(:project => @project, :tracker => @tracker, :status => default_status)
|
||||||
@allowed_statuses = [default_status] + default_status.workflows.find(:all, :order => 'position', :include => :new_status, :conditions => ["role_id=? and tracker_id=?", self.logged_in_user.role_for_project(@project.id), @issue.tracker.id]).collect{ |w| w.new_status }
|
@allowed_statuses = default_status.find_new_statuses_allowed_to(logged_in_user.role_for_project(@project), @issue.tracker) if logged_in_user
|
||||||
|
|
||||||
if request.get?
|
if request.get?
|
||||||
@issue.start_date = Date.today
|
@issue.start_date = Date.today
|
||||||
@custom_values = @project.custom_fields_for_issues(@tracker).collect { |x| CustomValue.new(:custom_field => x, :customized => @issue) }
|
@custom_values = @project.custom_fields_for_issues(@tracker).collect { |x| CustomValue.new(:custom_field => x, :customized => @issue) }
|
||||||
|
@ -349,7 +348,7 @@ class ProjectsController < ApplicationController
|
||||||
redirect_to :action => 'list_issues', :id => @project and return unless @issues
|
redirect_to :action => 'list_issues', :id => @project and return unless @issues
|
||||||
@projects = []
|
@projects = []
|
||||||
# find projects to which the user is allowed to move the issue
|
# find projects to which the user is allowed to move the issue
|
||||||
@logged_in_user.memberships.each {|m| @projects << m.project if Permission.allowed_to_role("projects/move_issues", m.role_id)}
|
@logged_in_user.memberships.each {|m| @projects << m.project if Permission.allowed_to_role("projects/move_issues", m.role)}
|
||||||
# issue can be moved to any tracker
|
# issue can be moved to any tracker
|
||||||
@trackers = Tracker.find(:all)
|
@trackers = Tracker.find(:all)
|
||||||
if request.post? and params[:new_project_id] and params[:new_tracker_id]
|
if request.post? and params[:new_project_id] and params[:new_tracker_id]
|
||||||
|
|
|
@ -34,7 +34,7 @@ module ApplicationHelper
|
||||||
return true
|
return true
|
||||||
end
|
end
|
||||||
# check if user is authorized
|
# check if user is authorized
|
||||||
if @logged_in_user and (@logged_in_user.admin? or Permission.allowed_to_role( "%s/%s" % [ controller, action ], @logged_in_user.role_for_project(@project.id) ) )
|
if @logged_in_user and (@logged_in_user.admin? or Permission.allowed_to_role( "%s/%s" % [ controller, action ], @logged_in_user.role_for_project(@project) ) )
|
||||||
return true
|
return true
|
||||||
end
|
end
|
||||||
return false
|
return false
|
||||||
|
|
|
@ -36,12 +36,19 @@ class IssueStatus < ActiveRecord::Base
|
||||||
end
|
end
|
||||||
|
|
||||||
# Returns an array of all statuses the given role can switch to
|
# Returns an array of all statuses the given role can switch to
|
||||||
|
# Uses association cache when called more than one time
|
||||||
def new_statuses_allowed_to(role, tracker)
|
def new_statuses_allowed_to(role, tracker)
|
||||||
statuses = []
|
new_statuses = [self] + workflows.select {|w| w.role_id == role.id && w.tracker_id == tracker.id}.collect{|w| w.new_status}
|
||||||
for workflow in self.workflows
|
new_statuses.sort{|x, y| x.position <=> y.position }
|
||||||
statuses << workflow.new_status if workflow.role_id == role.id and workflow.tracker_id == tracker.id
|
end
|
||||||
end unless role.nil? or tracker.nil?
|
|
||||||
statuses
|
# Same thing as above but uses a database query
|
||||||
|
# More efficient than the previous method if called just once
|
||||||
|
def find_new_statuses_allowed_to(role, tracker)
|
||||||
|
new_statuses = [self] + workflows.find(:all,
|
||||||
|
:include => :new_status,
|
||||||
|
:conditions => ["role_id=? and tracker_id=?", role.id, tracker.id]).collect{ |w| w.new_status }
|
||||||
|
new_statuses.sort{|x, y| x.position <=> y.position }
|
||||||
end
|
end
|
||||||
|
|
||||||
private
|
private
|
||||||
|
|
|
@ -57,7 +57,7 @@ class Permission < ActiveRecord::Base
|
||||||
find(:all, :include => :roles).each {|p| perms.store "#{p.controller}/#{p.action}", p.roles.collect {|r| r.id } }
|
find(:all, :include => :roles).each {|p| perms.store "#{p.controller}/#{p.action}", p.roles.collect {|r| r.id } }
|
||||||
perms
|
perms
|
||||||
end
|
end
|
||||||
allowed_to_public(action) or (@@cached_perms_for_roles[action] and @@cached_perms_for_roles[action].include? role)
|
allowed_to_public(action) or (role && @@cached_perms_for_roles[action] && @@cached_perms_for_roles[action].include?(role.id))
|
||||||
end
|
end
|
||||||
|
|
||||||
def self.allowed_to_role_expired
|
def self.allowed_to_role_expired
|
||||||
|
|
|
@ -124,14 +124,8 @@ class User < ActiveRecord::Base
|
||||||
User.hash_password(clear_password) == self.hashed_password
|
User.hash_password(clear_password) == self.hashed_password
|
||||||
end
|
end
|
||||||
|
|
||||||
def role_for_project(project_id)
|
def role_for_project(project)
|
||||||
@role_for_projects ||=
|
memberships.detect {|m| m.project_id == project.id}
|
||||||
begin
|
|
||||||
roles = {}
|
|
||||||
self.memberships.each { |m| roles.store m.project_id, m.role_id }
|
|
||||||
roles
|
|
||||||
end
|
|
||||||
@role_for_projects[project_id]
|
|
||||||
end
|
end
|
||||||
|
|
||||||
def pref
|
def pref
|
||||||
|
|
Loading…
Reference in New Issue