Feature #24808 » 0005-oauth-Add-optional-scope-parameter-to-Role-allowed_t.patch
app/models/role.rb | ||
---|---|---|
190 | 190 |
# action can be: |
191 | 191 |
# * a parameter-like Hash (eg. :controller => 'projects', :action => 'edit') |
192 | 192 |
# * a permission Symbol (eg. :edit_project) |
193 |
def allowed_to?(action) |
|
193 |
# scope can be: |
|
194 |
# * an array of permissions which will be used as filter (logical AND) |
|
195 | ||
196 |
def allowed_to?(action, scope=nil) |
|
194 | 197 |
if action.is_a? Hash |
195 |
allowed_actions.include? "#{action[:controller]}/#{action[:action]}" |
|
198 |
allowed_actions(scope).include? "#{action[:controller]}/#{action[:action]}"
|
|
196 | 199 |
else |
197 |
allowed_permissions.include? action |
|
200 |
allowed_permissions(scope).include? action
|
|
198 | 201 |
end |
199 | 202 |
end |
200 | 203 | |
... | ... | |
286 | 289 | |
287 | 290 |
private |
288 | 291 | |
289 |
def allowed_permissions |
|
290 |
@allowed_permissions ||= permissions + Redmine::AccessControl.public_permissions.collect {|p| p.name} |
|
292 |
def allowed_permissions(scope = nil) |
|
293 |
scope = scope.sort if scope.present? # to maintain stable cache keys |
|
294 |
@allowed_permissions ||= {} |
|
295 |
@allowed_permissions[scope] ||= begin |
|
296 |
unscoped = permissions + Redmine::AccessControl.public_permissions.collect {|p| p.name} |
|
297 |
scope.present? ? unscoped & scope : unscoped |
|
298 |
end |
|
291 | 299 |
end |
292 | 300 | |
293 |
def allowed_actions |
|
294 |
@actions_allowed ||= |
|
295 |
allowed_permissions.inject([]) {|actions, permission| |
|
301 |
def allowed_actions(scope = nil) |
|
302 |
scope = scope.sort if scope.present? # to maintain stable cache keys |
|
303 |
@actions_allowed ||= {} |
|
304 |
@actions_allowed[scope] ||= |
|
305 |
allowed_permissions(scope).inject([]) {|actions, permission| |
|
296 | 306 |
actions += Redmine::AccessControl.allowed_actions(permission) |
297 | 307 |
}.flatten |
298 | 308 |
end |
test/unit/role_test.rb | ||
---|---|---|
101 | 101 |
assert_equal false, role.has_permission?(:delete_issues) |
102 | 102 |
end |
103 | 103 | |
104 |
def test_allowed_to_with_symbol |
|
105 |
role = Role.create!(:name => 'Test', :permissions => [:view_issues]) |
|
106 |
assert_equal true, role.allowed_to?(:view_issues) |
|
107 |
assert_equal false, role.allowed_to?(:add_issues) |
|
108 |
end |
|
109 | ||
110 |
def test_allowed_to_with_symbol_and_scope |
|
111 |
role = Role.create!(:name => 'Test', :permissions => [:view_issues, :delete_issues]) |
|
112 |
assert_equal true, role.allowed_to?(:view_issues, [:view_issues, :add_issues]) |
|
113 |
assert_equal false, role.allowed_to?(:add_issues, [:view_issues, :add_issues]) |
|
114 |
assert_equal false, role.allowed_to?(:delete_issues, [:view_issues, :add_issues]) |
|
115 |
end |
|
116 | ||
117 |
def test_allowed_to_with_hash |
|
118 |
role = Role.create!(:name => 'Test', :permissions => [:view_issues]) |
|
119 |
assert_equal true, role.allowed_to?( :controller => 'issues', :action => 'show') |
|
120 |
assert_equal false, role.allowed_to?( :controller => 'issues', :action => 'create') |
|
121 |
end |
|
122 | ||
123 |
def test_allowed_to_with_hash_and_scope |
|
124 |
role = Role.create!(:name => 'Test', :permissions => [:view_issues, :delete_issues]) |
|
125 |
assert_equal true, role.allowed_to?({:controller => 'issues', :action => 'show'}, [:view_issues, :add_issues]) |
|
126 |
assert_equal false, role.allowed_to?({:controller => 'issues', :action => 'create'}, [:view_issues, :add_issues]) |
|
127 |
assert_equal false, role.allowed_to?({:controller => 'issues', :action => 'destroy'}, [:view_issues, :add_issues]) |
|
128 |
end |
|
129 | ||
104 | 130 |
def test_has_permission_without_permissions |
105 | 131 |
role = Role.create!(:name => 'Test') |
106 | 132 |
assert_equal false, role.has_permission?(:delete_issues) |