Feature #24808 » 0003-Add-optional-scope-parameter-to-Role-allowed_to.patch
app/models/role.rb | ||
---|---|---|
193 | 193 |
# action can be: |
194 | 194 |
# * a parameter-like Hash (eg. :controller => 'projects', :action => 'edit') |
195 | 195 |
# * a permission Symbol (eg. :edit_project) |
196 |
def allowed_to?(action) |
|
196 |
# scope can be: |
|
197 |
# * an array of permissions which will be used as filter (logical AND) |
|
198 | ||
199 |
def allowed_to?(action, scope=nil) |
|
197 | 200 |
if action.is_a? Hash |
198 |
allowed_actions.include? "#{action[:controller]}/#{action[:action]}" |
|
201 |
allowed_actions(scope).include? "#{action[:controller]}/#{action[:action]}"
|
|
199 | 202 |
else |
200 |
allowed_permissions.include? action |
|
203 |
allowed_permissions(scope).include? action
|
|
201 | 204 |
end |
202 | 205 |
end |
203 | 206 | |
... | ... | |
289 | 292 | |
290 | 293 |
private |
291 | 294 | |
292 |
def allowed_permissions |
|
293 |
@allowed_permissions ||= permissions + Redmine::AccessControl.public_permissions.collect {|p| p.name} |
|
295 |
def allowed_permissions(scope = nil) |
|
296 |
scope = scope.sort if scope.present? # to maintain stable cache keys |
|
297 |
@allowed_permissions ||= {} |
|
298 |
@allowed_permissions[scope] ||= begin |
|
299 |
unscoped = permissions + Redmine::AccessControl.public_permissions.collect {|p| p.name} |
|
300 |
scope.present? ? unscoped & scope : unscoped |
|
301 |
end |
|
294 | 302 |
end |
295 | 303 | |
296 |
def allowed_actions |
|
297 |
@actions_allowed ||= |
|
298 |
allowed_permissions.inject([]) do |actions, permission| |
|
304 |
def allowed_actions(scope = nil) |
|
305 |
scope = scope.sort if scope.present? # to maintain stable cache keys |
|
306 |
@actions_allowed ||= {} |
|
307 |
@actions_allowed[scope] ||= |
|
308 |
allowed_permissions(scope).inject([]) do |actions, permission| |
|
299 | 309 |
actions += Redmine::AccessControl.allowed_actions(permission) |
300 | 310 |
end.flatten |
301 | 311 |
end |
test/unit/role_test.rb | ||
---|---|---|
101 | 101 |
assert_equal false, role.has_permission?(:delete_issues) |
102 | 102 |
end |
103 | 103 | |
104 |
def test_allowed_to_with_symbol |
|
105 |
role = Role.create!(:name => 'Test', :permissions => [:view_issues]) |
|
106 |
assert_equal true, role.allowed_to?(:view_issues) |
|
107 |
assert_equal false, role.allowed_to?(:add_issues) |
|
108 |
end |
|
109 | ||
110 |
def test_allowed_to_with_symbol_and_scope |
|
111 |
role = Role.create!(:name => 'Test', :permissions => [:view_issues, :delete_issues]) |
|
112 |
assert_equal true, role.allowed_to?(:view_issues, [:view_issues, :add_issues]) |
|
113 |
assert_equal false, role.allowed_to?(:add_issues, [:view_issues, :add_issues]) |
|
114 |
assert_equal false, role.allowed_to?(:delete_issues, [:view_issues, :add_issues]) |
|
115 |
end |
|
116 | ||
117 |
def test_allowed_to_with_hash |
|
118 |
role = Role.create!(:name => 'Test', :permissions => [:view_issues]) |
|
119 |
assert_equal true, role.allowed_to?(:controller => 'issues', :action => 'show') |
|
120 |
assert_equal false, role.allowed_to?(:controller => 'issues', :action => 'create') |
|
121 |
end |
|
122 | ||
123 |
def test_allowed_to_with_hash_and_scope |
|
124 |
role = Role.create!(:name => 'Test', :permissions => [:view_issues, :delete_issues]) |
|
125 |
assert_equal true, role.allowed_to?({:controller => 'issues', :action => 'show'}, [:view_issues, :add_issues]) |
|
126 |
assert_equal false, role.allowed_to?({:controller => 'issues', :action => 'create'}, [:view_issues, :add_issues]) |
|
127 |
assert_equal false, role.allowed_to?({:controller => 'issues', :action => 'destroy'}, [:view_issues, :add_issues]) |
|
128 |
end |
|
129 | ||
104 | 130 |
def test_has_permission_without_permissions |
105 | 131 |
role = Role.create!(:name => 'Test') |
106 | 132 |
assert_equal false, role.has_permission?(:delete_issues) |