[refs #2249] Remove custom ACL from project

app/controllers/collaborators_controller.rb

@@ -1,6 +1,5 @@
 class CollaboratorsController < ApplicationController
   before_filter :authenticate_user!
-#  before_filter :check_global_access
 
   before_filter :find_project
 
@@ -34,52 +33,36 @@ class CollaboratorsController < ApplicationController
   end
 
   def update
-      authorize! :manage_collaborators, @project
+    authorize! :manage_collaborators, @project
 
-      all_user_ids = []
-      Relation::ROLES.each { |r| 
-        all_user_ids = all_user_ids | params[r.to_sym].keys if params[r.to_sym]
-      }
+    all_user_ids = []
+    Relation::ROLES.each { |r| 
+      all_user_ids = all_user_ids | params[r.to_sym].keys if params[r.to_sym]
+    }
 
-      # Remove relations
-      users_for_removing = @project.collaborators.select do |u|
-        !all_user_ids.map{|k| k.to_i}.include? u.id and @project.owner != u
-      end
-      users_for_removing.each do |u|
-        Relation.by_object(u).by_target(@project).each {|r| r.destroy}
-      end
-      
-      # Create relations
-      Relation::ROLES.each { |r|
-        #users_for_creating = users_for_creating params[:user].keys.map{|p| p.to_i} - @project.collaborators.map(&:id)
-        params[r.to_sym].keys.each { |u|
-          if relation = @project.relations.find_by_object_id_and_object_type(u, 'User')
-            relation.update_attribute(:role, r)
-          else
-            relation = @project.relations.build(:object_id => u, :object_type => 'User', :role => r)
-            puts relation.inspect
-            puts r
-            relation.save!
-          end
-        } if params[r.to_sym]
-      }
+    # Remove relations
+    users_for_removing = @project.collaborators.select do |u|
+      !all_user_ids.map{|k| k.to_i}.include? u.id and @project.owner != u
+    end
+    users_for_removing.each do |u|
+      Relation.by_object(u).by_target(@project).each {|r| r.destroy}
+    end
+    
+    # Create relations
+    Relation::ROLES.each { |r|
+      #users_for_creating = users_for_creating params[:user].keys.map{|p| p.to_i} - @project.collaborators.map(&:id)
+      params[r.to_sym].keys.each { |u|
+        if relation = @project.relations.find_by_object_id_and_object_type(u, 'User')
+          relation.update_attribute(:role, r)
+        else
+          relation = @project.relations.build(:object_id => u, :object_type => 'User', :role => r)
+          puts relation.inspect
+          puts r
+          relation.save!
+        end
+      } if params[r.to_sym]
+    }
 
-      puts users_for_removing.inspect
-
-  #    if params[:group]
-  #      groups_for_removing = @project.groups.select do |g|
-  #        !params[:group].keys.map{|k| k.to_i}.include? g.id and @project.owner != g
-  #      end
-  #      groups_for_creating = params[:group].keys.map{|p| p.to_i} - @project.groups.map(&:id)
-  #
-  #      puts groups_for_removing.inspect
-  #      puts groups_for_creating.inspect
-  #
-  #      @project.groups.delete_if{|g| groups_for_removing.include? g}
-  #      groups_for_creating.each do |group|
-  #        @project.add_roles_to Group.find(group), @def_group_roles
-  #      end
-  #    end
     if @project.save
       flash[:notice] = t("flash.collaborators.successfully_changed")
     else

app/controllers/containers_controller.rb

@@ -1,3 +1,2 @@
 class ContainersController < ApplicationController
-  #before_filter :check_global_access
 end

app/controllers/downloads_controller.rb

@@ -1,6 +1,5 @@
 class DownloadsController < ApplicationController
   before_filter :authenticate_user!
-  #before_filter :check_global_access, :except => [:test_sudo]
   
   authorize_resource
 

app/controllers/event_logs_controller.rb

@@ -1,7 +1,6 @@
 # coding: UTF-8
 class EventLogsController < ApplicationController
   before_filter :authenticate_user!
-  #before_filter :check_global_access
 
   def index
     @event_logs = EventLog.default_order.eager_loading.paginate :page => params[:page]

app/controllers/platforms_controller.rb

@@ -34,12 +34,10 @@ class PlatformsController < ApplicationController
   end
 
   def new
-    #@platforms = Platform.visible_to current_user
     @platform = Platform.new
   end
   
   def edit
-    #@platforms = Platform.visible_to current_user
   end
 
   def create
@@ -52,7 +50,6 @@ class PlatformsController < ApplicationController
       redirect_to @platform
     else
       flash[:error] = I18n.t("flash.platform.saved_error")
-      #@platforms = Platform.visible_to current_user
       render :action => :new
     end
   end

app/controllers/roles_controller.rb

@@ -3,8 +3,6 @@ class RolesController < ApplicationController
   before_filter :find_role, :only => [:show, :edit, :update, :destroy]
   before_filter :find_visibilities, :only => [:new, :edit]
 
- # before_filter :check_global_access
-
   def index
     @roles = Role.all
   end

app/controllers/rpc_controller.rb

@@ -2,7 +2,6 @@ class RpcController < ApplicationController
   exposes_xmlrpc_methods
 
   before_filter :authenticate_user!
-  #before_filter :check_global_access
   before_filter lambda { EventLog.current_controller = self }, :only => :xe_index # should be after auth callback
 
   ## Usage example:

app/controllers/users_controller.rb

@@ -2,7 +2,6 @@
 class UsersController < ApplicationController
   before_filter :authenticate_user!
   before_filter :find_user, :only => [:show, :edit, :update, :destroy]
-  #before_filter :check_global_access
 
   authorize_resource
 

app/models/group.rb

@@ -24,8 +24,6 @@ class Group < ActiveRecord::Base
 
   include PersonalRepository
 
-  before_create :add_default_role
-  #before_save :add_owner_rel
   after_create :make_owner_rel
   before_save :check_owner_rel
 
@@ -45,24 +43,16 @@ class Group < ActiveRecord::Base
 
   protected
 
-    def add_owner_rel
-      if new_record? and owner
-        add_owner owner
-      elsif owner_id_changed?
-        remove_owner owner_type_was.classify.find(owner_id_was)
-        add_owner owner
-      end
-    end
+  def make_owner_rel
+    r = relations.build :object_id => owner.id, :object_type => 'User', :role => 'admin'
+    r.save
+  end
 
-    def make_owner_rel
-      add_owner owner
-    end
-
-    def check_owner_rel
-      if !new_record? and owner_id_changed?
-        remove_owner owner_type_was.classify.find(owner_id_was) if owner_type_was
-        add_owner owner if owner
-      end
+  def check_owner_rel
+    if !new_record? and owner_id_changed?
+      relations.by_object(owner).delete_all if owner_type_was
+      make_owner_rel if owner
     end
+  end
 
 end

app/models/project.rb

@@ -28,7 +28,6 @@ class Project < ActiveRecord::Base
   scope :addable_to_repository, lambda { |repository_id| where("projects.id NOT IN (SELECT project_to_repositories.project_id FROM project_to_repositories WHERE (project_to_repositories.repository_id = #{ repository_id }))") }
   scope :automateable, where("projects.id NOT IN (SELECT auto_build_lists.project_id FROM auto_build_lists)")
 
- # before_save :add_owner_rel
   after_create :make_owner_rel
   before_save :check_owner_rel
 
@@ -141,15 +140,6 @@ class Project < ActiveRecord::Base
       FileUtils.rm_rf git_repo_path
     end
 
-    def add_owner_rel
-      if new_record? and owner
-        add_owner owner
-      elsif owner_id_changed?
-        remove_owner owner_type_was.classify.find(owner_id_was)
-        add_owner owner
-      end
-    end
-
     def make_owner_rel
       r = relations.build :object_id => owner.id, :object_type => 'User', :role => 'admin'
       r.save

app/models/repository.rb

@@ -19,7 +19,6 @@ class Repository < ActiveRecord::Base
   after_create :make_owner_rel
   before_save :check_owner_rel
   #before_save :create_directory
-  #before_save :add_owner_rel
   #after_destroy :remove_directory
 
   before_create :xml_rpc_create, :unless => lambda {Thread.current[:skip]}

config/initializers/ext.rb

@@ -1,4 +0,0 @@
-# Load extensions to existing classes.
-Dir["lib/ext/**/*.rb"].each do |fn|
-  require File.expand_path( fn )
-end

lib/ext/active_record/base.rb

@@ -1,203 +0,0 @@
-class ActiveRecord::Base
-
-  def add_role_to model, role
-    return false unless ActiveRecord::Base.relation_acter? model.class and ActiveRecord::Base.relation_target? self.class
-    return false unless ['', model.class.to_s].include? role.to
-    rel = Relation.by_object(model).by_target(self).first ||
-      Relation.new(:object_id => model.id, :object_type => model.class.to_s,
-                   :target_id => self.id,  :target_type => self.class.to_s)
-    rel.roles << role unless rel.roles.include? role
-    rel.save
-  end
-
-  def add_role_on model, role
-    return false unless ActiveRecord::Base.relation_target? model.class and ActiveRecord::Base.relation_acter? self.class
-    return false unless ['', self.class.to_s].include? role.to
-    rel = Relation.by_object(self).by_target(model).first
-    rel = Relation.new(:object_id => self.id,  :object_type => self.class.to_s,
-                       :target_id => model.id, :target_type => model.class.to_s) if rel.nil?
-    rel.roles << role unless rel.roles.include? role
-    rel.save
-  end
-
-  def add_roles_to model, roles
-    return false unless ActiveRecord::Base.relation_acter? model.class and ActiveRecord::Base.relation_target? self.class
-    roles = roles.select{|role| ['', model.class.to_s].include? role.to}
-    return false if roles.empty?
-    rel = Relation.by_object(model).by_target(self).first ||
-      Relation.new(:object_id => model.id, :object_type => model.class.to_s,
-                   :target_id => self.id,  :target_type => self.class.to_s)
-    rel.roles.concat(roles - rel.roles) if roles
-    rel.save
-  end
-
-  def add_roles_on model, roles
-    return false unless ActiveRecord::Base.relation_target? model.class and ActiveRecord::Base.relation_acter? self.class
-    roles = roles.select{|role| ['', self.class.to_s].include? role.to}
-    return false if roles.empty?
-    rel = Relation.by_object(self).by_target(model).first ||
-      Relation.new(:object_id => self.id,  :object_type => self.class.to_s,
-                   :target_id => model.id, :target_type => model.class.to_s)
-    rel.roles.concat(roles - rel.roles) if roles
-    rel.save
-  end
-
-  def remove_roles_from_acter acter, roles
-    return false unless ActiveRecord::Base.relation_acter? acter.class
-    return false unless ActiveRecord::Base.relation_target? self.class
-
-    rel = Relation.by_object(self).by_target(model).first
-    return false unless rel
-    rel.roles = rel.roles - roles
-    if rel.roles.empty?
-      rel.destroy
-    else
-      rel.save
-    end
-  end
-
-  def roles_to object
-    return [] unless ActiveRecord::Base.relation_acter? self.class
-    object = object.downcase.to_sym if object.is_a? String
-    possible = [self]
-    if @@relationable[self.class.to_s][:inherits]
-      @@relationable[self.class.to_s][:inherits].each do |n|
-        possible.concat method(n).call
-      end
-    end
-    possible.flatten
-    if object.is_a? Symbol and object == :system
-      return possible.map{|obj| obj.global_role}.uniq
-    else
-      r = possible.inject([]) do |arr, mod|
-        rels = Relation.by_object(mod).by_target(object)
-        arr.concat rels.map{|rel| rel.roles} if rels.size > 0
-        arr << mod.global_role
-        arr
-      end
-      return r.flatten.uniq
-    end
-  end
-
-  def can_perform? controller, action, target = :system
-    all_rights = rights_to target
-    needed_right = right_to controller, action
-    return all_rights.include? needed_right
-  end
-
-  def right_to controller, action
-    Right.where(:controller => controller, :action => action).first
-  end
-
-  def rights_to object
-    r = roles_to(object).compact.uniq
-    return [] if r.nil?
-    r.map {|role| role.rights}.flatten.compact.uniq
-  end
-
-  protected
-    def add_default_role
-      return false unless ActiveRecord::Base.relation_acter? self.class
-      role = Role.by_acter(self.class).by_target(:system).default.first ||
-             Role.by_acter(:all).by_target(:system).default.first
-      self.global_role = role
-    end
-
-    def add_owner owner
-      return false unless ActiveRecord::Base.relation_acter? owner.class
-      return false unless ActiveRecord::Base.relation_target? self.class
-      roles = Role.by_acter(owner.class).by_target(self.class).owner_default +
-              Role.by_acter(:all).by_target(self.class).owner_default
-      add_roles_to owner, roles
-    end
-
-    def remove_owner owner
-      return false unless ActiveRecord::Base.relation_acter? owner.class
-      return false unless ActiveRecord::Base.relation_target? self.class
-      roles = Role.by_acter(owner.class).by_target(self.class).owner_default +
-              Role.by_acter(:all).by_target(self.class).owner_default
-      remove_roles_form_acter owner, roles
-    end
-
-  class << self
-
-    def visible_to object
-      return scoped unless (public_instance_methods + column_names).include? 'visibility'
-      rs = (object.roles_to :system).compact
-      vis = rs.inject({}) do |h, r|
-        unless r.can_see.nil?
-          h.merge!(r.can_see) {|k, old, new| old.concat(new).uniq}
-        end
-        h
-      end
-      vis = vis[self.name]
-      return where('1=2') if !vis or vis.empty?
-      if vis == self::VISIBILITIES
-        return scoped # all
-      else
-        return by_visibilities(vis)
-      end
-    end
-
-    def inherit_rights_from arg
-      if relation_acters.include? self
-        @@relationable[self.name] ||= {}
-        @@relationable[self.name][:inherits] ||= []
-
-        if arg.is_a? Array
-          @@relationable[self.name][:inherits].concat(arg)
-        else
-          @@relationable[self.name][:inherits] << arg
-        end
-      end
-    end
-
-    def relationable?
-      return true if @@relationable[self.name] and @@relationable[self.name].size > 0
-      false
-    end
-
-    def relation_acter? model
-      relation_acters.include? model
-    end
-
-    def relation_target? model
-      relation_targets.include? model
-    end
-
-    def relation_acters
-      load_all unless @@all_models_loaded
-      return Hash[@@relationable.select {|(k,v)| v[:as].include? :object}].keys.map{|m| m.constantize}
-    end
-
-    def relation_targets
-      load_all unless @@all_models_loaded
-      return Hash[@@relationable.select {|(k,v)| v[:as].include? :target}].keys.map{|m| m.constantize}
-    end
-
-    def load_all
-      Dir["app/models/**/*.rb"].each do |fn|
-        require File.expand_path(fn)
-      end
-      @@all_modles_loaded = true
-    end
-
-    protected
-
-      @@relationable = {}
-      @@all_models_loaded = false
-
-      def relationable(arg)
-        @@relationable[self.name] ||= {}
-        @@relationable[self.name][:as] ||= []
-
-        if arg[:as] and [:object, :target].include? arg[:as]
-          @@relationable[self.name][:as] << arg[:as]
-        else
-          @@relationable[self.name][:as] << :target
-        end
-        @@relationable[self.name][:as].uniq!
-      end
-  end
-
-end

lib/ext/application_controller/base.rb

@@ -1,29 +0,0 @@
-class ActionController::Base
-
-    def can_perform? target = :system
-      c = self.controller_name
-      a = self.action_name
-
-      unless current_user.can_perform? c, a, target
-        flash[:notice] = t('layout.not_access')
-        if request.env['HTTP_REFERER']
-          redirect_to(:back) and return
-        else
-          redirect_to(:root) and return
-        end
-      end
-    end
-
-    def check_global_access
-      can_perform? :system
-    end
-
-    def rights_to target
-      ActiveRecord::Base.rights_to target
-    end
-
-    def roles_to target
-      ActiveRecord::Base.roles_to target
-    end
-
-end