Revision acfbc458
Added by Marek Hulán about 10 years ago
app/models/role.rb | ||
---|---|---|
before_destroy :check_deletable
|
||
|
||
has_many :user_roles, :dependent => :destroy
|
||
has_many :users, :through => :user_roles
|
||
has_many :users, :through => :user_roles, :source => :owner, :source_type => 'User'
|
||
has_many :usergroups, :through => :user_roles, :source => :owner, :source_type => 'Usergroup'
|
||
has_many :cached_user_roles, :dependent => :destroy
|
||
has_many :cached_users, :through => :cached_user_roles, :source => :user
|
||
|
||
serialize :permissions, Array
|
||
has_many :filters, :dependent => :destroy
|
||
|
||
has_many :permissions, :through => :filters
|
||
attr_protected :builtin
|
||
|
||
validates :name, :presence => true, :uniqueness => true, :length => {:maximum => 30}, :format => {:with => /\A\w[\w\s\'\-]*\w\Z/i}
|
||
validates :name, :presence => true, :uniqueness => true, :format => {:with => /\A\w[\w\s\'\-]*\w\Z/i}
|
||
validates :builtin, :inclusion => { :in => 0..2 }
|
||
|
||
scoped_search :on => :name, :complete_value => true
|
||
... | ... | |
self.builtin = 0
|
||
end
|
||
|
||
def permissions
|
||
read_attribute(:permissions) || []
|
||
end
|
||
|
||
def permissions=(perms)
|
||
perms = perms.collect {|p| p.to_sym unless p.blank? }.compact.uniq if perms
|
||
write_attribute(:permissions, perms)
|
||
end
|
||
|
||
def add_permission!(*perms)
|
||
self.permissions = [] unless permissions.is_a?(Array)
|
||
|
||
permissions_will_change!
|
||
perms.each do |p|
|
||
p = p.to_sym
|
||
permissions << p unless permissions.include?(p)
|
||
end
|
||
save!
|
||
end
|
||
|
||
def remove_permission!(*perms)
|
||
return unless permissions.is_a?(Array)
|
||
permissions_will_change!
|
||
perms.each { |p| permissions.delete(p.to_sym) }
|
||
save!
|
||
end
|
||
|
||
# Returns true if the role has the given permission
|
||
def has_permission?(perm)
|
||
!permissions.nil? && permissions.include?(perm.to_sym)
|
||
permission_names.include?(perm.to_sym)
|
||
end
|
||
|
||
def permission_names
|
||
@permission_names ||= permissions.map { |p| p.name.to_sym }
|
||
end
|
||
|
||
# Return true if the role is a builtin role
|
||
... | ... | |
# * a permission Symbol (eg. :edit_project)
|
||
def allowed_to?(action)
|
||
if action.is_a? Hash
|
||
action[:controller] = action[:controller][1..-1] if action[:controller].starts_with?('/')
|
||
allowed_actions.include? "#{action[:controller]}/#{action[:action]}"
|
||
else
|
||
allowed_permissions.include? action
|
||
end
|
||
end
|
||
|
||
# Return all the permissions that can be given to the role
|
||
def setable_permissions
|
||
setable_permissions = Foreman::AccessControl.permissions - Foreman::AccessControl.public_permissions
|
||
setable_permissions -= Foreman::AccessControl.loggedin_only_permissions if self.builtin == BUILTIN_ANONYMOUS
|
||
setable_permissions
|
||
end
|
||
|
||
# Find all the roles that can be given to a user
|
||
def self.find_all_givable
|
||
all(:conditions => {:builtin => 0}, :order => 'name')
|
||
... | ... | |
anonymous_role
|
||
end
|
||
|
||
# options can have following keys
|
||
# :search - scoped search applied to built filters
|
||
def add_permissions(permissions, options = {})
|
||
permissions = Array(permissions)
|
||
search = options.delete(:search)
|
||
|
||
collection = Permission.where(:name => permissions).all
|
||
raise ArgumentError, 'some permissions were not found' if collection.size != permissions.size
|
||
|
||
collection.group_by(&:resource_type).each do |resource_type, grouped_permissions|
|
||
filter = self.filters.build(:search => search)
|
||
filter.role ||= self
|
||
|
||
grouped_permissions.each do |permission|
|
||
filtering = filter.filterings.build
|
||
filtering.filter = filter
|
||
filtering.permission = permission
|
||
end
|
||
end
|
||
end
|
||
|
||
def add_permissions!(*args)
|
||
add_permissions(*args)
|
||
save!
|
||
end
|
||
|
||
private
|
||
def allowed_permissions
|
||
@allowed_permissions ||= permissions + Foreman::AccessControl.public_permissions.collect {|p| p.name}
|
||
@allowed_permissions ||= permission_names + Foreman::AccessControl.public_permissions.map(&:name)
|
||
end
|
||
|
||
def allowed_actions
|
Also available in: Unified diff
fixes #812 - new permissions model, user group role and nest support, role filters for better granularity
Contributions from: