Feature #24808 » 0005-oauth-Add-optional-scope-parameter-to-Role-allowed_t.patch
| app/models/role.rb | ||
|---|---|---|
| 190 | 190 |
# action can be: |
| 191 | 191 |
# * a parameter-like Hash (eg. :controller => 'projects', :action => 'edit') |
| 192 | 192 |
# * a permission Symbol (eg. :edit_project) |
| 193 |
def allowed_to?(action) |
|
| 193 |
# scope can be: |
|
| 194 |
# * an array of permissions which will be used as filter (logical AND) |
|
| 195 | ||
| 196 |
def allowed_to?(action, scope=nil) |
|
| 194 | 197 |
if action.is_a? Hash |
| 195 |
allowed_actions.include? "#{action[:controller]}/#{action[:action]}"
|
|
| 198 |
allowed_actions(scope).include? "#{action[:controller]}/#{action[:action]}"
|
|
| 196 | 199 |
else |
| 197 |
allowed_permissions.include? action |
|
| 200 |
allowed_permissions(scope).include? action
|
|
| 198 | 201 |
end |
| 199 | 202 |
end |
| 200 | 203 | |
| ... | ... | |
| 286 | 289 | |
| 287 | 290 |
private |
| 288 | 291 | |
| 289 |
def allowed_permissions |
|
| 290 |
@allowed_permissions ||= permissions + Redmine::AccessControl.public_permissions.collect {|p| p.name}
|
|
| 292 |
def allowed_permissions(scope = nil) |
|
| 293 |
scope = scope.sort if scope.present? # to maintain stable cache keys |
|
| 294 |
@allowed_permissions ||= {}
|
|
| 295 |
@allowed_permissions[scope] ||= begin |
|
| 296 |
unscoped = permissions + Redmine::AccessControl.public_permissions.collect {|p| p.name}
|
|
| 297 |
scope.present? ? unscoped & scope : unscoped |
|
| 298 |
end |
|
| 291 | 299 |
end |
| 292 | 300 | |
| 293 |
def allowed_actions |
|
| 294 |
@actions_allowed ||= |
|
| 295 |
allowed_permissions.inject([]) {|actions, permission|
|
|
| 301 |
def allowed_actions(scope = nil) |
|
| 302 |
scope = scope.sort if scope.present? # to maintain stable cache keys |
|
| 303 |
@actions_allowed ||= {}
|
|
| 304 |
@actions_allowed[scope] ||= |
|
| 305 |
allowed_permissions(scope).inject([]) {|actions, permission|
|
|
| 296 | 306 |
actions += Redmine::AccessControl.allowed_actions(permission) |
| 297 | 307 |
}.flatten |
| 298 | 308 |
end |
| test/unit/role_test.rb | ||
|---|---|---|
| 101 | 101 |
assert_equal false, role.has_permission?(:delete_issues) |
| 102 | 102 |
end |
| 103 | 103 | |
| 104 |
def test_allowed_to_with_symbol |
|
| 105 |
role = Role.create!(:name => 'Test', :permissions => [:view_issues]) |
|
| 106 |
assert_equal true, role.allowed_to?(:view_issues) |
|
| 107 |
assert_equal false, role.allowed_to?(:add_issues) |
|
| 108 |
end |
|
| 109 | ||
| 110 |
def test_allowed_to_with_symbol_and_scope |
|
| 111 |
role = Role.create!(:name => 'Test', :permissions => [:view_issues, :delete_issues]) |
|
| 112 |
assert_equal true, role.allowed_to?(:view_issues, [:view_issues, :add_issues]) |
|
| 113 |
assert_equal false, role.allowed_to?(:add_issues, [:view_issues, :add_issues]) |
|
| 114 |
assert_equal false, role.allowed_to?(:delete_issues, [:view_issues, :add_issues]) |
|
| 115 |
end |
|
| 116 | ||
| 117 |
def test_allowed_to_with_hash |
|
| 118 |
role = Role.create!(:name => 'Test', :permissions => [:view_issues]) |
|
| 119 |
assert_equal true, role.allowed_to?( :controller => 'issues', :action => 'show') |
|
| 120 |
assert_equal false, role.allowed_to?( :controller => 'issues', :action => 'create') |
|
| 121 |
end |
|
| 122 | ||
| 123 |
def test_allowed_to_with_hash_and_scope |
|
| 124 |
role = Role.create!(:name => 'Test', :permissions => [:view_issues, :delete_issues]) |
|
| 125 |
assert_equal true, role.allowed_to?({:controller => 'issues', :action => 'show'}, [:view_issues, :add_issues])
|
|
| 126 |
assert_equal false, role.allowed_to?({:controller => 'issues', :action => 'create'}, [:view_issues, :add_issues])
|
|
| 127 |
assert_equal false, role.allowed_to?({:controller => 'issues', :action => 'destroy'}, [:view_issues, :add_issues])
|
|
| 128 |
end |
|
| 129 | ||
| 104 | 130 |
def test_has_permission_without_permissions |
| 105 | 131 |
role = Role.create!(:name => 'Test') |
| 106 | 132 |
assert_equal false, role.has_permission?(:delete_issues) |
