Added ability to specify multiple projects in User#allowed_to? (#5332)
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4227 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
parent
fda1a0cb3b
commit
e8f3dd07dd
|
@ -344,12 +344,17 @@ class User < Principal
|
|||
!roles_for_project(project).detect {|role| role.member?}.nil?
|
||||
end
|
||||
|
||||
# Return true if the user is allowed to do the specified action on project
|
||||
# action can be:
|
||||
# Return true if the user is allowed to do the specified action on a specific context
|
||||
# Action can be:
|
||||
# * a parameter-like Hash (eg. :controller => 'projects', :action => 'edit')
|
||||
# * a permission Symbol (eg. :edit_project)
|
||||
# Context can be:
|
||||
# * a project : returns true if user is allowed to do the specified action on this project
|
||||
# * a group of projects : returns true if user is allowed on every project
|
||||
# * nil with options[:global] set : check if user has at least one role allowed for this action,
|
||||
# or falls back to Non Member / Anonymous permissions depending if the user is logged
|
||||
def allowed_to?(action, project, options={})
|
||||
if project
|
||||
if project && project.is_a?(Project)
|
||||
# No action allowed on archived projects
|
||||
return false unless project.active?
|
||||
# No action allowed on disabled modules
|
||||
|
@ -361,6 +366,11 @@ class User < Principal
|
|||
return false unless roles
|
||||
roles.detect {|role| (project.is_public? || role.member?) && role.allowed_to?(action)}
|
||||
|
||||
elsif project && project.is_a?(Array)
|
||||
# Authorize if user is authorized on every element of the array
|
||||
project.inject do |memo,p|
|
||||
memo && allowed_to?(action,p,options)
|
||||
end
|
||||
elsif options[:global]
|
||||
# Admin users are always authorized
|
||||
return true if admin?
|
||||
|
|
|
@ -397,6 +397,19 @@ class UserTest < ActiveSupport::TestCase
|
|||
end
|
||||
end
|
||||
|
||||
context "with multiple projects" do
|
||||
should "return false if array is empty" do
|
||||
assert ! @admin.allowed_to?(:view_project, [])
|
||||
end
|
||||
|
||||
should "return true only if user has permission on all these projects" do
|
||||
assert @admin.allowed_to?(:view_project, Project.all)
|
||||
assert ! @dlopper.allowed_to?(:view_project, Project.all) #cannot see Project(2)
|
||||
assert @jsmith.allowed_to?(:edit_issues, @jsmith.projects) #Manager or Developer everywhere
|
||||
assert ! @jsmith.allowed_to?(:delete_issue_watchers, @jsmith.projects) #Dev cannot delete_issue_watchers
|
||||
end
|
||||
end
|
||||
|
||||
context "with options[:global]" do
|
||||
should "authorize if user has at least one role that has this permission" do
|
||||
@dlopper2 = User.find(5) #only Developper on a project, not Manager anywhere
|
||||
|
|
Loading…
Reference in New Issue