Modified logged_in_user_membership controller method so that it returns a role
git-svn-id: http://redmine.rubyforge.org/svn/trunk@415 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
parent
e227b92972
commit
8e6d575d4e
|
@ -32,8 +32,10 @@ class ApplicationController < ActionController::Base
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
# Returns the role that the logged in user has on the current project
|
||||||
|
# or nil if current user is not a member of the project
|
||||||
def logged_in_user_membership
|
def logged_in_user_membership
|
||||||
@user_membership ||= Member.find(:first, :conditions => ["user_id=? and project_id=?", self.logged_in_user.id, @project.id])
|
@user_membership ||= logged_in_user.role_for_project(@project)
|
||||||
end
|
end
|
||||||
|
|
||||||
# check if login is globally required to access the application
|
# check if login is globally required to access the application
|
||||||
|
@ -86,8 +88,7 @@ class ApplicationController < ActionController::Base
|
||||||
# admin is always authorized
|
# admin is always authorized
|
||||||
return true if self.logged_in_user.admin?
|
return true if self.logged_in_user.admin?
|
||||||
# if not admin, check membership permission
|
# if not admin, check membership permission
|
||||||
@user_membership ||= logged_in_user.role_for_project(@project)
|
if logged_in_user_membership and Permission.allowed_to_role( "%s/%s" % [ ctrl, action ], logged_in_user_membership )
|
||||||
if @user_membership and Permission.allowed_to_role( "%s/%s" % [ ctrl, action ], @user_membership )
|
|
||||||
return true
|
return true
|
||||||
end
|
end
|
||||||
render :nothing => true, :status => 403
|
render :nothing => true, :status => 403
|
||||||
|
|
Loading…
Reference in New Issue