/app/models/user.rb - Diff - Foreman

« Previous | Next »

Revision acfbc458

Added by Marek Hulán about 10 years ago

ID acfbc45886c4d81a2a3ca5af433a6124a0a7191a
Parent 8cf10332
Child 0bebeaf3

fixes #812 - new permissions model, user group role and nest support, role filters for better granularity

Contributions from:

Daniel Lobato <elobatocs@gmail.com>
Joseph Magen <jmagen@redhat.com>
Tom McKay <thomasmckay@redhat.com>
Greg Sutcliffe <gsutclif@redhat.com>
Dominic Cleal <dcleal@redhat.com>

     require 'digest/sha1'
     class User < ActiveRecord::Base
       include Authorization
       include Authorizable
       include Foreman::ThreadSession::UserModel
       include Taxonomix
       audited :except => [:last_login_on, :password, :password_hash, :password_salt, :password_confirmation], :allow_mass_assignment => true
-...
       has_many :auditable_changes, :class_name => '::Audit', :as => :user
       has_many :usergroup_member, :as => :member, :dependent => :destroy
       has_many :usergroups, :through => :usergroup_member
       has_many :cached_usergroup_members
       has_many :cached_usergroups, :through => :cached_usergroup_members, :source => :usergroup
       has_many :direct_hosts, :as => :owner, :class_name => "Host"
       has_and_belongs_to_many :notices, :join_table => 'user_notices'
       has_many :user_roles, :dependent => :destroy
       has_many :roles, :through => :user_roles
       has_many :user_roles, :dependent => :destroy, :foreign_key => 'owner_id', :conditions => {:owner_type => self.to_s}
       has_many :roles, :through => :user_roles, :dependent => :destroy
       has_many :cached_user_roles, :dependent => :destroy
       has_many :cached_roles, :through => :cached_user_roles, :source => :role, :uniq => true
       has_many :filters, :through => :cached_roles
       has_many :permissions, :through => :filters
       has_and_belongs_to_many :compute_resources, :join_table => "user_compute_resources"
       has_and_belongs_to_many :domains,           :join_table => "user_domains"
       has_many :user_hostgroups, :dependent => :destroy
-...
       has_many :facts, :through => :user_facts, :source => :fact_name
       attr_name :login
       scope :except_admin, lambda { where(:admin => false) }
       scope :only_admin, lambda { where(:admin => true) }
       scope :except_admin, lambda {
         includes(:cached_usergroups).
             where(["(#{self.table_name}.admin = ? OR #{self.table_name}.admin IS NULL) AND " +
                        "(#{Usergroup.table_name}.admin = ? OR #{Usergroup.table_name}.admin IS NULL)",
                    false, false])
+      }
       scope :only_admin, lambda {
         includes(:cached_usergroups).
             where(["#{self.table_name}.admin = ? OR #{Usergroup.table_name}.admin = ?", true, true])
+      }
       accepts_nested_attributes_for :user_facts, :reject_if => lambda { |a| a[:criteria].blank? }, :allow_destroy => true
-...
       scoped_search :on => :firstname, :complete_value => :true
       scoped_search :on => :lastname, :complete_value => :true
       scoped_search :on => :mail, :complete_value => :true
       scoped_search :on => :admin, :complete_value => {:true => true, :false => false}
       scoped_search :on => :admin, :complete_value => { :true => true, :false => false }, :ext_method => :search_by_admin
       scoped_search :on => :last_login_on, :complete_value => :true, :only_explicit => true
       scoped_search :in => :roles, :on => :name, :rename => :role, :complete_value => true
       scoped_search :in => :cached_usergroups, :on => :name, :rename => :usergroup, :complete_value => true
       default_scope lambda {
         with_taxonomy_scope do
-...
         end
+      }
       def can?(permission, subject = nil)
         if self.admin?
           true
         else
           @authorizer ||= Authorizer.new(self)
           @authorizer.can?(permission, subject)
         end
       end
       def self.search_by_admin(key, operator, value)
         value      = value == 'true'
         value      = !value if operator == '<>'
         conditions = [self.table_name, Usergroup.table_name].map do |base|
           "(#{base}.admin = ?" + (value ? ')' : " OR #{base}.admin IS NULL)")
         end
         conditions = conditions.join(value ? ' OR ' : ' AND ')
+        {
             :include    => :cached_usergroups,
             :conditions => sanitize_sql_for_conditions([conditions, value, value])
+        }
       end
       # note that if you assign user new usergroups which change the admin flag you must save
       # the record before #admin? will reflect this
       def admin?
         read_attribute(:admin) || cached_usergroups.any?(&:admin?)
       end
       def to_label
         (firstname.present? || lastname.present?) ? "#{firstname} #{lastname}" : login
       end
-...
           action[:controller] = action[:controller].to_s.gsub(/::/, "_").sub(/^\//,'').underscore
           return true if editing_self?(action)
         end
         roles.detect {|role| role.allowed_to?(action)}.present?
         cached_roles.detect {|role| role.allowed_to?(action)}.present?
       end
       def logged?

Also available in: Unified diff

Project

General

Profile

Revision acfbc458

Added by Marek Hulán about 10 years ago

Project

General

Profile

Revision acfbc458

Added by Marek Hulán about 10 years ago

Related issues