Project

General

Profile

Feature #24808 » 0003-Add-optional-scope-parameter-to-Role-allowed_to.patch

Jens Krämer, 2021-04-13 08:16

View differences:

app/models/role.rb
193 193
  # action can be:
194 194
  # * a parameter-like Hash (eg. :controller => 'projects', :action => 'edit')
195 195
  # * a permission Symbol (eg. :edit_project)
196
  def allowed_to?(action)
196
  # scope can be:
197
  # * an array of permissions which will be used as filter (logical AND)
198

  
199
  def allowed_to?(action, scope=nil)
197 200
    if action.is_a? Hash
198
      allowed_actions.include? "#{action[:controller]}/#{action[:action]}"
201
      allowed_actions(scope).include? "#{action[:controller]}/#{action[:action]}"
199 202
    else
200
      allowed_permissions.include? action
203
      allowed_permissions(scope).include? action
201 204
    end
202 205
  end
203 206

  
......
289 292

  
290 293
  private
291 294

  
292
  def allowed_permissions
293
    @allowed_permissions ||= permissions + Redmine::AccessControl.public_permissions.collect {|p| p.name}
295
  def allowed_permissions(scope = nil)
296
    scope = scope.sort if scope.present? # to maintain stable cache keys
297
    @allowed_permissions ||= {}
298
    @allowed_permissions[scope] ||= begin
299
      unscoped = permissions + Redmine::AccessControl.public_permissions.collect {|p| p.name}
300
      scope.present? ? unscoped & scope : unscoped
301
    end
294 302
  end
295 303

  
296
  def allowed_actions
297
    @actions_allowed ||=
298
      allowed_permissions.inject([]) do |actions, permission|
304
  def allowed_actions(scope = nil)
305
    scope = scope.sort if scope.present? # to maintain stable cache keys
306
    @actions_allowed ||= {}
307
    @actions_allowed[scope] ||=
308
      allowed_permissions(scope).inject([]) do |actions, permission|
299 309
        actions += Redmine::AccessControl.allowed_actions(permission)
300 310
      end.flatten
301 311
  end
test/unit/role_test.rb
101 101
    assert_equal false, role.has_permission?(:delete_issues)
102 102
  end
103 103

  
104
  def test_allowed_to_with_symbol
105
    role = Role.create!(:name => 'Test', :permissions => [:view_issues])
106
    assert_equal true, role.allowed_to?(:view_issues)
107
    assert_equal false, role.allowed_to?(:add_issues)
108
  end
109

  
110
  def test_allowed_to_with_symbol_and_scope
111
    role = Role.create!(:name => 'Test', :permissions => [:view_issues, :delete_issues])
112
    assert_equal true, role.allowed_to?(:view_issues, [:view_issues, :add_issues])
113
    assert_equal false, role.allowed_to?(:add_issues, [:view_issues, :add_issues])
114
    assert_equal false, role.allowed_to?(:delete_issues, [:view_issues, :add_issues])
115
  end
116

  
117
  def test_allowed_to_with_hash
118
    role = Role.create!(:name => 'Test', :permissions => [:view_issues])
119
    assert_equal true, role.allowed_to?(:controller => 'issues', :action => 'show')
120
    assert_equal false, role.allowed_to?(:controller => 'issues', :action => 'create')
121
  end
122

  
123
  def test_allowed_to_with_hash_and_scope
124
    role = Role.create!(:name => 'Test', :permissions => [:view_issues, :delete_issues])
125
    assert_equal true, role.allowed_to?({:controller => 'issues', :action => 'show'}, [:view_issues, :add_issues])
126
    assert_equal false, role.allowed_to?({:controller => 'issues', :action => 'create'}, [:view_issues, :add_issues])
127
    assert_equal false, role.allowed_to?({:controller => 'issues', :action => 'destroy'}, [:view_issues, :add_issues])
128
  end
129

  
104 130
  def test_has_permission_without_permissions
105 131
    role = Role.create!(:name => 'Test')
106 132
    assert_equal false, role.has_permission?(:delete_issues)
(23-23/24)