Project

General

Profile

Feature #24808 » 0005-oauth-Add-optional-scope-parameter-to-Role-allowed_t.patch

Jens Krämer, 2020-07-21 13:05

View differences:

app/models/role.rb
190 190
  # action can be:
191 191
  # * a parameter-like Hash (eg. :controller => 'projects', :action => 'edit')
192 192
  # * a permission Symbol (eg. :edit_project)
193
  def allowed_to?(action)
193
  # scope can be:
194
  # * an array of permissions which will be used as filter (logical AND)
195

  
196
  def allowed_to?(action, scope=nil)
194 197
    if action.is_a? Hash
195
      allowed_actions.include? "#{action[:controller]}/#{action[:action]}"
198
      allowed_actions(scope).include? "#{action[:controller]}/#{action[:action]}"
196 199
    else
197
      allowed_permissions.include? action
200
      allowed_permissions(scope).include? action
198 201
    end
199 202
  end
200 203

  
......
286 289

  
287 290
  private
288 291

  
289
  def allowed_permissions
290
    @allowed_permissions ||= permissions + Redmine::AccessControl.public_permissions.collect {|p| p.name}
292
  def allowed_permissions(scope = nil)
293
    scope = scope.sort if scope.present? # to maintain stable cache keys
294
    @allowed_permissions ||= {}
295
    @allowed_permissions[scope] ||= begin
296
      unscoped = permissions + Redmine::AccessControl.public_permissions.collect {|p| p.name}
297
      scope.present? ? unscoped & scope : unscoped
298
    end
291 299
  end
292 300

  
293
  def allowed_actions
294
    @actions_allowed ||=
295
      allowed_permissions.inject([]) {|actions, permission|
301
  def allowed_actions(scope = nil)
302
    scope = scope.sort if scope.present? # to maintain stable cache keys
303
    @actions_allowed ||= {}
304
    @actions_allowed[scope] ||=
305
      allowed_permissions(scope).inject([]) {|actions, permission|
296 306
        actions += Redmine::AccessControl.allowed_actions(permission)
297 307
      }.flatten
298 308
  end
test/unit/role_test.rb
101 101
    assert_equal false, role.has_permission?(:delete_issues)
102 102
  end
103 103

  
104
  def test_allowed_to_with_symbol
105
    role = Role.create!(:name => 'Test', :permissions => [:view_issues])
106
    assert_equal true, role.allowed_to?(:view_issues)
107
    assert_equal false, role.allowed_to?(:add_issues)
108
  end
109

  
110
  def test_allowed_to_with_symbol_and_scope
111
    role = Role.create!(:name => 'Test', :permissions => [:view_issues, :delete_issues])
112
    assert_equal true, role.allowed_to?(:view_issues, [:view_issues, :add_issues])
113
    assert_equal false, role.allowed_to?(:add_issues, [:view_issues, :add_issues])
114
    assert_equal false, role.allowed_to?(:delete_issues, [:view_issues, :add_issues])
115
  end
116

  
117
  def test_allowed_to_with_hash
118
    role = Role.create!(:name => 'Test', :permissions => [:view_issues])
119
    assert_equal true, role.allowed_to?( :controller => 'issues', :action => 'show')
120
    assert_equal false, role.allowed_to?( :controller => 'issues', :action => 'create')
121
  end
122

  
123
  def test_allowed_to_with_hash_and_scope
124
    role = Role.create!(:name => 'Test', :permissions => [:view_issues, :delete_issues])
125
    assert_equal true, role.allowed_to?({:controller => 'issues', :action => 'show'}, [:view_issues, :add_issues])
126
    assert_equal false, role.allowed_to?({:controller => 'issues', :action => 'create'}, [:view_issues, :add_issues])
127
    assert_equal false, role.allowed_to?({:controller => 'issues', :action => 'destroy'}, [:view_issues, :add_issues])
128
  end
129

  
104 130
  def test_has_permission_without_permissions
105 131
    role = Role.create!(:name => 'Test')
106 132
    assert_equal false, role.has_permission?(:delete_issues)
(16-16/24)