[refs #2249] Remove bitmask. Add new rules. Add some authorize filters. Add some template can? helpers

This commit is contained in:
konstantin.grabar 2011-11-16 22:45:01 +04:00
parent 827936a06c
commit 4d4f5deed4
16 changed files with 86 additions and 25 deletions

View File

@ -9,7 +9,7 @@ gem 'devise', '~> 1.4.8'
gem 'omniauth', '~> 0.3.2'
gem 'oa-openid', '~> 0.3.2', :require => 'omniauth/openid'
gem 'cancan', '~> 1.6.7'
gem 'bitmask_attributes'
#gem 'bitmask_attributes'
gem "haml-rails", '~> 0.3.4'
gem "compass", '~> 0.11.5'

View File

@ -10,7 +10,7 @@ class ApplicationController < ActionController::Base
helper_method :get_owner
rescue_from CanCan::AccessDenied do |exception|
redirect_to root_url, :alert => exception.message
redirect_to forbidden_url, :alert => exception.message
end
protected

View File

@ -4,6 +4,8 @@ class PersonalRepositoriesController < ApplicationController
before_filter :check_repository
#before_filter :check_global_access
authorize_resource
def show
#can_perform? @repository if @repository
if params[:query]

View File

@ -5,6 +5,8 @@ class PlatformsController < ApplicationController
before_filter :get_paths, :only => [:new, :create, :clone]
#before_filter :check_global_access, :only => [:index, :new, :create]#:except => :easy_urpmi
authorize_resource
def index
#@platforms = Platform.visible_to(current_user).paginate(:page => params[:platform_page])
@platforms = Platform.accessible_by(current_ability).paginate(:page => params[:platform_page])
@ -108,6 +110,9 @@ class PlatformsController < ApplicationController
redirect_to root_path
end
def forbidden
end
protected
def get_paths
if params[:user_id]

View File

@ -4,7 +4,7 @@ class ProjectsController < ApplicationController
before_filter :get_paths, :only => [:new, :create, :edit, :update]
#before_filter :check_global_access, :only => [:index, :new, :create]#:except => :auto_build
#check_authorization
#authorize_resource
authorize_resource
def index
if params[:query]

View File

@ -5,14 +5,16 @@ class Ability
# Define abilities for the passed in user here. For example:
#
user ||= User.new # guest user (not logged in)
if user.admin?
can :manage, :all
else
# Block access to all objects on the site
cannot :read, :all
# Shared rights between guests and registered users
can :read, Platform
can :index, [Platform, Project, User, Category, Download]
can :forbidden, Platform
cannot :read, Platform, :visibility => 'hidden'
cannot :read, Platform, :platform_type => 'personal'
# Guest rights
if user.guest?
@ -24,8 +26,27 @@ class Ability
can [:read, :update, :process_build, :build], Project, :owner_type => 'User', :owner_id => user.id
# If rules goes one by one CanCan joins them by 'OR' sql operator
can :read, Project, :visibility => 'open'
can [:read, :update, :process_build, :build], Project, :collaborators => {:id => user.id}
#can [:read, :update, :process_build, :build], Project, :collaborators => {:id => user.id}
can :read, Project, :relations => {:role => 'read'}
can [:update, :process_build, :build], Project, :relations => {:role => 'write'}
can :manage, Platform, :owner_type => 'User', :owner_id => user.id
can :read, Platform, :members => {:id => user.id}
#can :read, Repository
# TODO: Add personal repos rules
# Same rights for groups:
can [:read, :update, :process_build, :build], Project, :owner_type => 'Group', :owner_id => user.group_ids
can :read, Project, :relations => {:role => 'read', :object_type => 'Group', :object_id => user.group_ids}
can [:update, :process_build, :build], Project, :relations => {:role => 'write', :object_type => 'Group', :object_id => user.group_ids}
can :manage, Platform, :owner_type => 'Group', :owner_id => user.group_ids
can :read, Platform, :groups => {:id => user.group_ids}
end
end
# Shared rights for all users (guests, registered, admin)
cannot :destroy, Platform, :platform_type => 'personal'
end
end

View File

@ -2,10 +2,14 @@ class Relation < ActiveRecord::Base
belongs_to :target, :polymorphic => true
belongs_to :object, :polymorphic => true
has_many :role_lines
has_many :roles, :autosave => true, :through => :role_lines
#has_many :role_lines
#has_many :roles, :autosave => true, :through => :role_lines
bitmask :roles, :as => [:read, :update]
ROLES = %w[read write]
validates :role, :inclusion => {:in => ROLES}
#bitmask :roles, :as => [:read, :update]
after_create {
with_ga do |ga|
@ -24,6 +28,12 @@ class Relation < ActiveRecord::Base
end if target_type == 'Project' and object_type == 'User'
}
#after_create {
# if self.role.blank?
# update_attribute(:role, 'read')
# end
#}
scope :by_object, lambda {|obj| {:conditions => ['object_id = ? AND object_type = ?', obj.id, obj.class.to_s]}}
scope :by_target, lambda {|tar| {:conditions => ['target_id = ? AND target_type = ?', tar.id, tar.class.to_s]}}
end

View File

@ -2,6 +2,8 @@ class User < ActiveRecord::Base
relationable :as => :object
inherit_rights_from :groups
ROLES = %w[admin]
devise :database_authenticatable, :registerable, :omniauthable, # :token_authenticatable, :encryptable, :timeoutable
:recoverable, :rememberable, :validatable #, :trackable, :confirmable, :lockable
@ -31,6 +33,7 @@ class User < ActiveRecord::Base
validate lambda {
errors.add(:uname, I18n.t('flash.user.group_uname_exists')) if Group.exists? :uname => uname
}
validates :role, :inclusion => {:in => ROLES}
attr_accessible :email, :password, :password_confirmation, :remember_me, :login, :name, :ssh_key, :uname
attr_readonly :uname
@ -51,7 +54,7 @@ class User < ActiveRecord::Base
# after_create() { UserMailer.new_user_notification(self).deliver }
def admin?
self.id == 1
role == 'admin'
end
def guest?

View File

@ -10,4 +10,6 @@
%td
= platform.distrib_type
%td.last
#{link_to t("layout.show"), platform_path(platform)} | #{link_to t("layout.delete"), platform_path(platform), :method => :delete, :confirm => t("layout.platforms.confirm_delete")}
= link_to t("layout.show"), platform_path(platform)
|
= link_to t("layout.delete"), platform_path(platform), :method => :delete, :confirm => t("layout.platforms.confirm_delete") if can? :destroy, platform

View File

View File

@ -83,7 +83,9 @@
%td
= link_to repository.name, platform_repository_path(@platform, repository)
%td.last
#{link_to t("layout.show"), platform_repository_path(@platform, repository)} | #{link_to t("layout.delete"), platform_repository_path(@platform, repository), :method => :delete, :confirm => t("layout.repositories.confirm_delete")}
= link_to t("layout.show"), platform_repository_path(@platform, repository)}
|
= link_to t("layout.delete"), platform_repository_path(@platform, repository), :method => :delete, :confirm => t("layout.repositories.confirm_delete") if can? :destroy, project
.actions-bar.wat-cf
.actions
@ -106,7 +108,10 @@
%td
= link_to product.name, [@platform, product]
%td.last
#{link_to t("layout.edit"), edit_platform_product_path(@platform, product)} | #{link_to t("layout.delete"), platform_product_path(@platform, product), :method => :delete, :confirm => t("layout.products.confirm_delete")} #{(product.can_clone? ? "| #{link_to t("layout.products.clone"), clone_platform_product_path(@platform, product)}" : "").html_safe }
= link_to t("layout.edit"), edit_platform_product_path(@platform, product)}
|
= link_to t("layout.delete"), platform_product_path(@platform, product), :method => :delete, :confirm => t("layout.products.confirm_delete") if can? :destroy, project
= (product.can_clone? ? "| #{link_to t("layout.products.clone"), clone_platform_product_path(@platform, product)}" : "").html_safe
.actions-bar.wat-cf
.actions
- content_for :sidebar, render(:partial => 'sidebar')

View File

@ -8,6 +8,6 @@
%td= link_to "#{project.name} (#{project.unixname})", project
%td= link_to "#{project.owner.name} (#{project.owner.uname})", project.owner
%td
= link_to t("layout.edit"), edit_project_path(project)
= link_to t("layout.edit"), edit_project_path(project) if can? :update, project
|
= link_to t("layout.delete"), project_path(project), :method => :delete, :confirm => t("layout.projects.confirm_delete")
= link_to t("layout.delete"), project_path(project), :method => :delete, :confirm => t("layout.projects.confirm_delete") if can? :destroy, project

View File

@ -36,8 +36,8 @@
= git_repo_url @project.git_repo_name
.wat-cf
= link_to image_tag("web-app-theme/icons/application_edit.png", :alt => t("layout.edit")) + " " + t("layout.edit"), edit_project_path(@project), :class => "button"
= link_to image_tag("web-app-theme/icons/cross.png", :alt => t("layout.delete")) + " " + t("layout.delete"), project_path(@project), :method => "delete", :class => "button", :confirm => t("layout.projects.confirm_delete")
= link_to image_tag("web-app-theme/icons/application_edit.png", :alt => t("layout.edit")) + " " + t("layout.edit"), edit_project_path(@project), :class => "button" if can? :update, @project
= link_to image_tag("web-app-theme/icons/cross.png", :alt => t("layout.delete")) + " " + t("layout.delete"), project_path(@project), :method => "delete", :class => "button", :confirm => t("layout.projects.confirm_delete") if can? :destroy, project
%a{ :name => "build_lists"}
.block

View File

@ -148,4 +148,5 @@ Rosa::Application.routes.draw do
match '/projects/:project_id/git/commit/raw/:commit_hash/*path', :controller => "git/blobs", :action => :raw, :as => :raw_commit
root :to => "platforms#index"
match '/forbidden', :to => 'platforms#forbidden', :as => 'forbidden'
end

View File

@ -0,0 +1,11 @@
class AddRolesToRelations < ActiveRecord::Migration
def self.up
add_column :relations, :role, :string
add_column :users, :role, :string
end
def self.down
remove_column :relations, :role
remove_column :users, :role
end
end

View File

@ -10,7 +10,7 @@
#
# It's strongly recommended to check this file into your version control system.
ActiveRecord::Schema.define(:version => 20111111184657) do
ActiveRecord::Schema.define(:version => 20111116140040) do
create_table "arches", :force => true do |t|
t.string "name", :null => false
@ -228,9 +228,9 @@ ActiveRecord::Schema.define(:version => 20111111184657) do
t.string "object_type"
t.integer "target_id"
t.string "target_type"
t.integer "role_id"
t.datetime "created_at"
t.datetime "updated_at"
t.string "role"
end
create_table "repositories", :force => true do |t|
@ -284,15 +284,16 @@ ActiveRecord::Schema.define(:version => 20111111184657) do
t.string "name"
t.string "email", :default => "", :null => false
t.string "encrypted_password", :limit => 128, :default => "", :null => false
t.string "password_salt", :default => "", :null => false
t.string "reset_password_token"
t.datetime "reset_password_sent_at"
t.string "remember_token"
t.datetime "remember_created_at"
t.datetime "created_at"
t.datetime "updated_at"
t.string "uname"
t.text "ssh_key"
t.integer "role_id"
t.string "uname"
t.integer "global_role_id"
t.string "role"
end
add_index "users", ["email"], :name => "index_users_on_email", :unique => true