diff --git a/app/models/user.rb b/app/models/user.rb index 45ab4b4c..a4363193 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -353,25 +353,25 @@ class User < Principal # * a group of projects : returns true if user is allowed on every project # * nil with options[:global] set : check if user has at least one role allowed for this action, # or falls back to Non Member / Anonymous permissions depending if the user is logged - def allowed_to?(action, project, options={}) - if project && project.is_a?(Project) + def allowed_to?(action, context, options={}) + if context && context.is_a?(Project) # No action allowed on archived projects - return false unless project.active? + return false unless context.active? # No action allowed on disabled modules - return false unless project.allows_to?(action) + return false unless context.allows_to?(action) # Admin users are authorized for anything else return true if admin? - roles = roles_for_project(project) + roles = roles_for_project(context) return false unless roles - roles.detect {|role| (project.is_public? || role.member?) && role.allowed_to?(action)} + roles.detect {|role| (context.is_public? || role.member?) && role.allowed_to?(action)} - elsif project && project.is_a?(Array) + elsif context && context.is_a?(Array) # Authorize if user is authorized on every element of the array - project.map do |p| - allowed_to?(action,p,options) - end.inject do |memo,p| - memo && p + context.map do |project| + allowed_to?(action,project,options) + end.inject do |memo,allowed| + memo && allowed end elsif options[:global] # Admin users are always authorized