Class: Role

Inherits:

ActiveRecord::Base

• Object
• ActiveRecord::Base
• Role

Includes:

Redmine::SafeAttributes

Defined in:

app/models/role.rb

Overview

Redmine - project management software Copyright © 2006-2022 Jean-Philippe Lang

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.

Defined Under Namespace

Classes: PermissionsAttributeCoder

Constant Summary

BUILTIN_NON_MEMBER =

Built-in roles

1

BUILTIN_ANONYMOUS =

2

ISSUES_VISIBILITY_OPTIONS =

[
  ['all', :label_issues_visibility_all],
  ['default', :label_issues_visibility_public],
  ['own', :label_issues_visibility_own]
]

TIME_ENTRIES_VISIBILITY_OPTIONS =

[
  ['all', :label_time_entries_visibility_all],
  ['own', :label_time_entries_visibility_own]
]

USERS_VISIBILITY_OPTIONS =

[
  ['all', :label_users_visibility_all],
  ['members_of_visible_projects', :label_users_visibility_members_of_visible_projects]
]

Class Method Summary

• .anonymous ⇒ Object

  Return the builtin ‘anonymous’ role.

• .find_all_givable ⇒ Object

  Find all the roles that can be given to a project member.

• .non_member ⇒ Object

  Return the builtin ‘non member’ role.

Instance Method Summary

• #<=>(role) ⇒ Object
• #add_permission!(*perms) ⇒ Object
• #allowed_to?(action) ⇒ Boolean

  Return true if role is allowed to do the specified action action can be: * a parameter-like Hash (eg. :controller => ‘projects’, :action => ‘edit’) * a permission Symbol (eg. :edit_project).

• #anonymous? ⇒ Boolean

  Return true if the role is the anonymous role.

• #builtin? ⇒ Boolean

  Return true if the role is a builtin role.

• #consider_workflow? ⇒ Boolean
• #copy_from(arg, options = {}) ⇒ Object

  Copies attributes from another role, arg can be an id or a Role.

• #copy_workflow_rules(source_role) ⇒ Object
• #has_permission?(perm) ⇒ Boolean

  Returns true if the role has the given permission.

• #member? ⇒ Boolean

  Return true if the role is a project member role.

• #name ⇒ Object
• #permissions=(perms) ⇒ Object
• #permissions_all_trackers ⇒ Object
• #permissions_all_trackers=(arg) ⇒ Object
• #permissions_all_trackers?(permission) ⇒ Boolean

  Returns true if permission is given for all trackers.

• #permissions_tracker?(permission, tracker) ⇒ Boolean

  Returns true if permission is given for the tracker (explicitly or for all trackers).

• #permissions_tracker_ids(*args) ⇒ Object
• #permissions_tracker_ids=(arg) ⇒ Object
• #permissions_tracker_ids?(permission, tracker_id) ⇒ Boolean

  Returns true if tracker_id belongs to the list of trackers for which permission is given.

• #remove_permission!(*perms) ⇒ Object
• #set_permission_trackers(permission, tracker_ids) ⇒ Object

  Sets the trackers that are allowed for a permission.

• #setable_permissions ⇒ Object

  Return all the permissions that can be given to the role.

• #to_s ⇒ Object

Methods included from Redmine::SafeAttributes

#delete_unsafe_attributes, included, #safe_attribute?, #safe_attribute_names, #safe_attributes=

Class Method Details

.anonymous ⇒ Object

Return the builtin ‘anonymous’ role. If the role doesn’t exist, it will be created on the fly.

# File 'app/models/role.rb', line 288

def self.anonymous
  find_or_create_system_role(BUILTIN_ANONYMOUS, 'Anonymous')
end

.find_all_givable ⇒ Object

Find all the roles that can be given to a project member

# File 'app/models/role.rb', line 276

def self.find_all_givable
  Role.givable.to_a
end

.non_member ⇒ Object

Return the builtin ‘non member’ role. If the role doesn’t exist, it will be created on the fly.

# File 'app/models/role.rb', line 282

def self.non_member
  find_or_create_system_role(BUILTIN_NON_MEMBER, 'Non member')
end

Instance Method Details

#<=>(role) ⇒ Object

# File 'app/models/role.rb', line 154

def <=>(role)
  if role
    if builtin == role.builtin
      position <=> role.position
    else
      builtin <=> role.builtin
    end
  else
    -1
  end
end

#add_permission!(*perms) ⇒ Object

# File 'app/models/role.rb', line 126

def add_permission!(*perms)
  self.permissions = [] unless permissions.is_a?(Array)

  permissions_will_change!
  perms.each do |p|
    p = p.to_sym
    permissions << p unless permissions.include?(p)
  end
  save!
end

#allowed_to?(action) ⇒ Boolean

Return true if role is allowed to do the specified action action can be:

• a parameter-like Hash (eg. :controller => ‘projects’, :action => ‘edit’)

• a permission Symbol (eg. :edit_project)

Returns:

• (Boolean)

# File 'app/models/role.rb', line 198

def allowed_to?(action)
  if action.is_a? Hash
    allowed_actions.include? "#{action[:controller]}/#{action[:action]}"
  else
    allowed_permissions.include? action
  end
end

#anonymous? ⇒ Boolean

Return true if the role is the anonymous role

Returns:

• (Boolean)

# File 'app/models/role.rb', line 185

def anonymous?
  builtin == 2
end

#builtin? ⇒ Boolean

Return true if the role is a builtin role

Returns:

• (Boolean)

# File 'app/models/role.rb', line 180

def builtin?
  self.builtin != 0
end

#consider_workflow? ⇒ Boolean

Returns:

• (Boolean)

# File 'app/models/role.rb', line 150

def consider_workflow?
  has_permission?(:add_issues) || has_permission?(:edit_issues)
end

#copy_from(arg, options = {}) ⇒ Object

Copies attributes from another role, arg can be an id or a Role

# File 'app/models/role.rb', line 111

def copy_from(arg, options={})
  return unless arg.present?

  role = arg.is_a?(Role) ? arg : Role.find_by_id(arg.to_s)
  self.attributes = role.attributes.dup.except("id", "name", "position", "builtin", "permissions")
  self.permissions = role.permissions.dup
  self.managed_role_ids = role.managed_role_ids.dup
  self
end

#copy_workflow_rules(source_role) ⇒ Object

# File 'app/models/role.rb', line 271

def copy_workflow_rules(source_role)
  WorkflowRule.copy(nil, source_role, nil, self)
end

#has_permission?(perm) ⇒ Boolean

Returns true if the role has the given permission

Returns:

• (Boolean)

# File 'app/models/role.rb', line 146

def has_permission?(perm)
  !permissions.nil? && permissions.include?(perm.to_sym)
end

#member? ⇒ Boolean

Return true if the role is a project member role

Returns:

• (Boolean)

# File 'app/models/role.rb', line 190

def member?
  !self.builtin?
end

#name ⇒ Object

# File 'app/models/role.rb', line 170

def name
  case builtin
  when 1 then l(:label_role_non_member, :default => read_attribute(:name))
  when 2 then l(:label_role_anonymous,  :default => read_attribute(:name))
  else
    read_attribute(:name)
  end
end

#permissions=(perms) ⇒ Object

# File 'app/models/role.rb', line 121

def permissions=(perms)
  perms = perms.collect {|p| p.to_sym unless p.blank?}.compact.uniq if perms
  write_attribute(:permissions, perms)
end

#permissions_all_trackers ⇒ Object

# File 'app/models/role.rb', line 234

def permissions_all_trackers
  super || {}
end

#permissions_all_trackers=(arg) ⇒ Object

# File 'app/models/role.rb', line 238

def permissions_all_trackers=(arg)
  super(arg.to_hash)
end

#permissions_all_trackers?(permission) ⇒ Boolean

Returns true if permission is given for all trackers

Returns:

• (Boolean)

# File 'app/models/role.rb', line 243

def permissions_all_trackers?(permission)
  permissions_all_trackers[permission.to_s].to_s != '0'
end

#permissions_tracker?(permission, tracker) ⇒ Boolean

Returns true if permission is given for the tracker (explicitly or for all trackers)

Returns:

• (Boolean)

# File 'app/models/role.rb', line 249

def permissions_tracker?(permission, tracker)
  permissions_all_trackers?(permission) ||
    permissions_tracker_ids?(permission, tracker.try(:id))
end

#permissions_tracker_ids(*args) ⇒ Object

# File 'app/models/role.rb', line 214

def permissions_tracker_ids(*args)
  if args.any?
    Array(permissions_tracker_ids[args.first.to_s]).map(&:to_i)
  else
    super || {}
  end
end

#permissions_tracker_ids=(arg) ⇒ Object

# File 'app/models/role.rb', line 222

def permissions_tracker_ids=(arg)
  h = arg.to_hash
  h.values.each {|v| v.reject!(&:blank?)}
  super(h)
end

#permissions_tracker_ids?(permission, tracker_id) ⇒ Boolean

Returns true if tracker_id belongs to the list of trackers for which permission is given

Returns:

• (Boolean)

# File 'app/models/role.rb', line 230

def permissions_tracker_ids?(permission, tracker_id)
  permissions_tracker_ids(permission).include?(tracker_id)
end

#remove_permission!(*perms) ⇒ Object

# File 'app/models/role.rb', line 137

def remove_permission!(*perms)
  return unless permissions.is_a?(Array)

  permissions_will_change!
  perms.each {|p| permissions.delete(p.to_sym)}
  save!
end

#set_permission_trackers(permission, tracker_ids) ⇒ Object

Sets the trackers that are allowed for a permission. tracker_ids can be an array of tracker ids or :all for no restrictions.

Examples:

role.set_permission_trackers :add_issues, [1, 3]
role.set_permission_trackers :add_issues, :all

# File 'app/models/role.rb', line 261

def set_permission_trackers(permission, tracker_ids)
  h = {permission.to_s => (tracker_ids == :all ? '1' : '0')}
  self.permissions_all_trackers = permissions_all_trackers.merge(h)

  h = {permission.to_s => (tracker_ids == :all ? [] : tracker_ids)}
  self.permissions_tracker_ids = permissions_tracker_ids.merge(h)

  self
end

#setable_permissions ⇒ Object

Return all the permissions that can be given to the role

# File 'app/models/role.rb', line 207

def setable_permissions
  setable_permissions = Redmine::AccessControl.permissions - Redmine::AccessControl.public_permissions
  setable_permissions -= Redmine::AccessControl.members_only_permissions if self.builtin == BUILTIN_NON_MEMBER
  setable_permissions -= Redmine::AccessControl.loggedin_only_permissions if self.builtin == BUILTIN_ANONYMOUS
  setable_permissions
end

#to_s ⇒ Object

# File 'app/models/role.rb', line 166

def to_s
  name
end