Class: Role

Inherits:
ActiveRecord::Base
  • Object
show all
Includes:
Redmine::SafeAttributes
Defined in:
app/models/role.rb

Overview

Redmine - project management software Copyright © 2006-2023 Jean-Philippe Lang

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.

Defined Under Namespace

Classes: PermissionsAttributeCoder

Constant Summary collapse

BUILTIN_NON_MEMBER =

Built-in roles

1
BUILTIN_ANONYMOUS = 
2
ISSUES_VISIBILITY_OPTIONS = 
[
  ['all', :label_issues_visibility_all],
  ['default', :label_issues_visibility_public],
  ['own', :label_issues_visibility_own]
]
TIME_ENTRIES_VISIBILITY_OPTIONS = 
[
  ['all', :label_time_entries_visibility_all],
  ['own', :label_time_entries_visibility_own]
]
USERS_VISIBILITY_OPTIONS = 
[
  ['all', :label_users_visibility_all],
  ['members_of_visible_projects', :label_users_visibility_members_of_visible_projects]
]

Class Method Summary collapse

Instance Method Summary collapse

Methods included from Redmine::SafeAttributes

#delete_unsafe_attributes, included, #safe_attribute?, #safe_attribute_names, #safe_attributes=

Class Method Details

.anonymousObject

Return the builtin ‘anonymous’ role. If the role doesn’t exist, it will be created on the fly.



295
296
297
 
# File 'app/models/role.rb', line 295

def self.anonymous
  find_or_create_system_role(BUILTIN_ANONYMOUS, 'Anonymous')
end

.find_all_givableObject

Find all the roles that can be given to a project member



283
284
285
 
# File 'app/models/role.rb', line 283

def self.find_all_givable
  Role.givable.to_a
end

.non_memberObject

Return the builtin ‘non member’ role. If the role doesn’t exist, it will be created on the fly.



289
290
291
 
# File 'app/models/role.rb', line 289

def self.non_member
  find_or_create_system_role(BUILTIN_NON_MEMBER, 'Non member')
end

Instance Method Details

#<=>(role) ⇒ Object 



157
158
159
160
161
162
163
164
165
166
167
 
# File 'app/models/role.rb', line 157

def <=>(role)
  # returns -1 for nil since r2726
  return -1 if role.nil?
  return nil unless role.is_a?(Role)

  if builtin == role.builtin
    position <=> role.position
  else
    builtin <=> role.builtin
  end
end

#add_permission!(*perms) ⇒ Object 



129
130
131
132
133
134
135
136
137
138
 
# File 'app/models/role.rb', line 129

def add_permission!(*perms)
  self.permissions = [] unless permissions.is_a?(Array)

  permissions_will_change!
  perms.each do |p|
    p = p.to_sym
    permissions << p unless permissions.include?(p)
  end
  save!
end

#allowed_to?(action) ⇒ Boolean

Return true if role is allowed to do the specified action action can be:

  • a parameter-like Hash (eg. :controller => ‘projects’, :action => ‘edit’)

  • a permission Symbol (eg. :edit_project)

Returns:

  • (Boolean) 


201
202
203
204
205
206
207
 
# File 'app/models/role.rb', line 201

def allowed_to?(action)
  if action.is_a? Hash
    allowed_actions.include? "#{action[:controller]}/#{action[:action]}"
  else
    allowed_permissions.include? action
  end
end

#anonymous?Boolean

Return true if the role is the anonymous role

Returns:

  • (Boolean) 


188
189
190
 
# File 'app/models/role.rb', line 188

def anonymous?
  builtin == 2
end

#builtin?Boolean

Return true if the role is a builtin role

Returns:

  • (Boolean) 


183
184
185
 
# File 'app/models/role.rb', line 183

def builtin?
  self.builtin != 0
end

#consider_workflow?Boolean

Returns:

  • (Boolean) 


153
154
155
 
# File 'app/models/role.rb', line 153

def consider_workflow?
  has_permission?(:add_issues) || has_permission?(:edit_issues)
end

#copy_from(arg, options = {}) ⇒ Object

Copies attributes from another role, arg can be an id or a Role



114
115
116
117
118
119
120
121
122
 
# File 'app/models/role.rb', line 114

def copy_from(arg, options={})
  return unless arg.present?

  role = arg.is_a?(Role) ? arg : Role.find_by_id(arg.to_s)
  self.attributes = role.attributes.dup.except("id", "name", "position", "builtin", "permissions")
  self.permissions = role.permissions.dup
  self.managed_role_ids = role.managed_role_ids.dup
  self
end

#copy_workflow_rules(source_role) ⇒ Object 



278
279
280
 
# File 'app/models/role.rb', line 278

def copy_workflow_rules(source_role)
  WorkflowRule.copy(nil, source_role, nil, self)
end

#has_permission?(perm) ⇒ Boolean

Returns true if the role has the given permission

Returns:

  • (Boolean) 


149
150
151
 
# File 'app/models/role.rb', line 149

def has_permission?(perm)
  !permissions.nil? && permissions.include?(perm.to_sym)
end

#member?Boolean

Return true if the role is a project member role

Returns:

  • (Boolean) 


193
194
195
 
# File 'app/models/role.rb', line 193

def member?
  !self.builtin?
end

#nameObject 



173
174
175
176
177
178
179
180
 
# File 'app/models/role.rb', line 173

def name
  case builtin
  when 1 then l(:label_role_non_member, :default => read_attribute(:name))
  when 2 then l(:label_role_anonymous,  :default => read_attribute(:name))
  else
    read_attribute(:name)
  end
end

#permissions=(perms) ⇒ Object 



124
125
126
127
 
# File 'app/models/role.rb', line 124

def permissions=(perms)
  perms = perms.filter_map {|p| p.to_sym unless p.blank?}.uniq if perms
  write_attribute(:permissions, perms)
end

#permissions_all_trackersObject 



239
240
241
 
# File 'app/models/role.rb', line 239

def permissions_all_trackers
  super || {}
end

#permissions_all_trackers=(arg) ⇒ Object 



243
244
245
 
# File 'app/models/role.rb', line 243

def permissions_all_trackers=(arg)
  super(arg.to_hash)
end

#permissions_all_trackers?(permission) ⇒ Boolean

Returns true if permission is given for all trackers

Returns:

  • (Boolean) 


248
249
250
251
252
 
# File 'app/models/role.rb', line 248

def permissions_all_trackers?(permission)
  return false unless has_permission?(permission)

  permissions_all_trackers[permission.to_s].to_s != '0'
end

#permissions_tracker?(permission, tracker) ⇒ Boolean

Returns true if permission is given for the tracker (explicitly or for all trackers)

Returns:

  • (Boolean) 


256
257
258
259
 
# File 'app/models/role.rb', line 256

def permissions_tracker?(permission, tracker)
  permissions_all_trackers?(permission) ||
    permissions_tracker_ids?(permission, tracker.try(:id))
end

#permissions_tracker_ids(*args) ⇒ Object 



217
218
219
220
221
222
223
 
# File 'app/models/role.rb', line 217

def permissions_tracker_ids(*args)
  if args.any?
    Array(permissions_tracker_ids[args.first.to_s]).map(&:to_i)
  else
    super || {}
  end
end

#permissions_tracker_ids=(arg) ⇒ Object 



225
226
227
228
229
 
# File 'app/models/role.rb', line 225

def permissions_tracker_ids=(arg)
  h = arg.to_hash
  h.values.each {|v| v.reject!(&:blank?)}
  super(h)
end

#permissions_tracker_ids?(permission, tracker_id) ⇒ Boolean

Returns true if tracker_id belongs to the list of trackers for which permission is given

Returns:

  • (Boolean) 


233
234
235
236
237
 
# File 'app/models/role.rb', line 233

def permissions_tracker_ids?(permission, tracker_id)
  return false unless has_permission?(permission)

  permissions_tracker_ids(permission).include?(tracker_id)
end

#remove_permission!(*perms) ⇒ Object 



140
141
142
143
144
145
146
 
# File 'app/models/role.rb', line 140

def remove_permission!(*perms)
  return unless permissions.is_a?(Array)

  permissions_will_change!
  perms.each {|p| permissions.delete(p.to_sym)}
  save!
end

#set_permission_trackers(permission, tracker_ids) ⇒ Object

Sets the trackers that are allowed for a permission. tracker_ids can be an array of tracker ids or :all for no restrictions.

Examples:

role.set_permission_trackers :add_issues, [1, 3]
role.set_permission_trackers :add_issues, :all



268
269
270
271
272
273
274
275
276
 
# File 'app/models/role.rb', line 268

def set_permission_trackers(permission, tracker_ids)
  h = {permission.to_s => (tracker_ids == :all ? '1' : '0')}
  self.permissions_all_trackers = permissions_all_trackers.merge(h)

  h = {permission.to_s => (tracker_ids == :all ? [] : tracker_ids)}
  self.permissions_tracker_ids = permissions_tracker_ids.merge(h)

  self
end

#setable_permissionsObject

Return all the permissions that can be given to the role



210
211
212
213
214
215
 
# File 'app/models/role.rb', line 210

def setable_permissions
  setable_permissions = Redmine::AccessControl.permissions - Redmine::AccessControl.public_permissions
  setable_permissions -= Redmine::AccessControl.members_only_permissions if self.builtin == BUILTIN_NON_MEMBER
  setable_permissions -= Redmine::AccessControl.loggedin_only_permissions if self.builtin == BUILTIN_ANONYMOUS
  setable_permissions
end

#to_sObject 



169
170
171
 
# File 'app/models/role.rb', line 169

def to_s
  name
end