From 5e7ded2e9313734d626ac6635e0fc80e69d68c84 Mon Sep 17 00:00:00 2001 From: "konstantin.grabar" Date: Sat, 19 Nov 2011 16:11:44 +0400 Subject: [PATCH] [refs #2249] Remove custom ACL from project --- app/controllers/collaborators_controller.rb | 71 +++---- app/controllers/containers_controller.rb | 1 - app/controllers/downloads_controller.rb | 1 - app/controllers/event_logs_controller.rb | 1 - app/controllers/platforms_controller.rb | 3 - app/controllers/roles_controller.rb | 2 - app/controllers/rpc_controller.rb | 1 - app/controllers/users_controller.rb | 1 - app/models/group.rb | 28 +-- app/models/project.rb | 10 - app/models/repository.rb | 1 - config/initializers/ext.rb | 4 - lib/ext/active_record/base.rb | 203 -------------------- lib/ext/application_controller/base.rb | 29 --- 14 files changed, 36 insertions(+), 320 deletions(-) delete mode 100644 config/initializers/ext.rb delete mode 100644 lib/ext/active_record/base.rb delete mode 100644 lib/ext/application_controller/base.rb diff --git a/app/controllers/collaborators_controller.rb b/app/controllers/collaborators_controller.rb index 8d4af45c0..96b065fb1 100644 --- a/app/controllers/collaborators_controller.rb +++ b/app/controllers/collaborators_controller.rb @@ -1,6 +1,5 @@ class CollaboratorsController < ApplicationController before_filter :authenticate_user! -# before_filter :check_global_access before_filter :find_project @@ -34,52 +33,36 @@ class CollaboratorsController < ApplicationController end def update - authorize! :manage_collaborators, @project + authorize! :manage_collaborators, @project - all_user_ids = [] - Relation::ROLES.each { |r| - all_user_ids = all_user_ids | params[r.to_sym].keys if params[r.to_sym] - } + all_user_ids = [] + Relation::ROLES.each { |r| + all_user_ids = all_user_ids | params[r.to_sym].keys if params[r.to_sym] + } - # Remove relations - users_for_removing = @project.collaborators.select do |u| - !all_user_ids.map{|k| k.to_i}.include? u.id and @project.owner != u - end - users_for_removing.each do |u| - Relation.by_object(u).by_target(@project).each {|r| r.destroy} - end - - # Create relations - Relation::ROLES.each { |r| - #users_for_creating = users_for_creating params[:user].keys.map{|p| p.to_i} - @project.collaborators.map(&:id) - params[r.to_sym].keys.each { |u| - if relation = @project.relations.find_by_object_id_and_object_type(u, 'User') - relation.update_attribute(:role, r) - else - relation = @project.relations.build(:object_id => u, :object_type => 'User', :role => r) - puts relation.inspect - puts r - relation.save! - end - } if params[r.to_sym] - } + # Remove relations + users_for_removing = @project.collaborators.select do |u| + !all_user_ids.map{|k| k.to_i}.include? u.id and @project.owner != u + end + users_for_removing.each do |u| + Relation.by_object(u).by_target(@project).each {|r| r.destroy} + end + + # Create relations + Relation::ROLES.each { |r| + #users_for_creating = users_for_creating params[:user].keys.map{|p| p.to_i} - @project.collaborators.map(&:id) + params[r.to_sym].keys.each { |u| + if relation = @project.relations.find_by_object_id_and_object_type(u, 'User') + relation.update_attribute(:role, r) + else + relation = @project.relations.build(:object_id => u, :object_type => 'User', :role => r) + puts relation.inspect + puts r + relation.save! + end + } if params[r.to_sym] + } - puts users_for_removing.inspect - - # if params[:group] - # groups_for_removing = @project.groups.select do |g| - # !params[:group].keys.map{|k| k.to_i}.include? g.id and @project.owner != g - # end - # groups_for_creating = params[:group].keys.map{|p| p.to_i} - @project.groups.map(&:id) - # - # puts groups_for_removing.inspect - # puts groups_for_creating.inspect - # - # @project.groups.delete_if{|g| groups_for_removing.include? g} - # groups_for_creating.each do |group| - # @project.add_roles_to Group.find(group), @def_group_roles - # end - # end if @project.save flash[:notice] = t("flash.collaborators.successfully_changed") else diff --git a/app/controllers/containers_controller.rb b/app/controllers/containers_controller.rb index 80c58816e..57c27003c 100644 --- a/app/controllers/containers_controller.rb +++ b/app/controllers/containers_controller.rb @@ -1,3 +1,2 @@ class ContainersController < ApplicationController - #before_filter :check_global_access end diff --git a/app/controllers/downloads_controller.rb b/app/controllers/downloads_controller.rb index 17a92ad1a..4ba699807 100644 --- a/app/controllers/downloads_controller.rb +++ b/app/controllers/downloads_controller.rb @@ -1,6 +1,5 @@ class DownloadsController < ApplicationController before_filter :authenticate_user! - #before_filter :check_global_access, :except => [:test_sudo] authorize_resource diff --git a/app/controllers/event_logs_controller.rb b/app/controllers/event_logs_controller.rb index bd11ca1c1..a3d62b8ed 100644 --- a/app/controllers/event_logs_controller.rb +++ b/app/controllers/event_logs_controller.rb @@ -1,7 +1,6 @@ # coding: UTF-8 class EventLogsController < ApplicationController before_filter :authenticate_user! - #before_filter :check_global_access def index @event_logs = EventLog.default_order.eager_loading.paginate :page => params[:page] diff --git a/app/controllers/platforms_controller.rb b/app/controllers/platforms_controller.rb index 0fdc8251f..95fc0f19a 100644 --- a/app/controllers/platforms_controller.rb +++ b/app/controllers/platforms_controller.rb @@ -34,12 +34,10 @@ class PlatformsController < ApplicationController end def new - #@platforms = Platform.visible_to current_user @platform = Platform.new end def edit - #@platforms = Platform.visible_to current_user end def create @@ -52,7 +50,6 @@ class PlatformsController < ApplicationController redirect_to @platform else flash[:error] = I18n.t("flash.platform.saved_error") - #@platforms = Platform.visible_to current_user render :action => :new end end diff --git a/app/controllers/roles_controller.rb b/app/controllers/roles_controller.rb index ffb93acec..705b446e5 100644 --- a/app/controllers/roles_controller.rb +++ b/app/controllers/roles_controller.rb @@ -3,8 +3,6 @@ class RolesController < ApplicationController before_filter :find_role, :only => [:show, :edit, :update, :destroy] before_filter :find_visibilities, :only => [:new, :edit] - # before_filter :check_global_access - def index @roles = Role.all end diff --git a/app/controllers/rpc_controller.rb b/app/controllers/rpc_controller.rb index cc8da96d2..71d5023cf 100644 --- a/app/controllers/rpc_controller.rb +++ b/app/controllers/rpc_controller.rb @@ -2,7 +2,6 @@ class RpcController < ApplicationController exposes_xmlrpc_methods before_filter :authenticate_user! - #before_filter :check_global_access before_filter lambda { EventLog.current_controller = self }, :only => :xe_index # should be after auth callback ## Usage example: diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index f641fb23b..6534dd10c 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -2,7 +2,6 @@ class UsersController < ApplicationController before_filter :authenticate_user! before_filter :find_user, :only => [:show, :edit, :update, :destroy] - #before_filter :check_global_access authorize_resource diff --git a/app/models/group.rb b/app/models/group.rb index dc19da356..9700a8e6a 100644 --- a/app/models/group.rb +++ b/app/models/group.rb @@ -24,8 +24,6 @@ class Group < ActiveRecord::Base include PersonalRepository - before_create :add_default_role - #before_save :add_owner_rel after_create :make_owner_rel before_save :check_owner_rel @@ -45,24 +43,16 @@ class Group < ActiveRecord::Base protected - def add_owner_rel - if new_record? and owner - add_owner owner - elsif owner_id_changed? - remove_owner owner_type_was.classify.find(owner_id_was) - add_owner owner - end - end + def make_owner_rel + r = relations.build :object_id => owner.id, :object_type => 'User', :role => 'admin' + r.save + end - def make_owner_rel - add_owner owner - end - - def check_owner_rel - if !new_record? and owner_id_changed? - remove_owner owner_type_was.classify.find(owner_id_was) if owner_type_was - add_owner owner if owner - end + def check_owner_rel + if !new_record? and owner_id_changed? + relations.by_object(owner).delete_all if owner_type_was + make_owner_rel if owner end + end end diff --git a/app/models/project.rb b/app/models/project.rb index f1e0672d6..1b2e39f69 100644 --- a/app/models/project.rb +++ b/app/models/project.rb @@ -28,7 +28,6 @@ class Project < ActiveRecord::Base scope :addable_to_repository, lambda { |repository_id| where("projects.id NOT IN (SELECT project_to_repositories.project_id FROM project_to_repositories WHERE (project_to_repositories.repository_id = #{ repository_id }))") } scope :automateable, where("projects.id NOT IN (SELECT auto_build_lists.project_id FROM auto_build_lists)") - # before_save :add_owner_rel after_create :make_owner_rel before_save :check_owner_rel @@ -141,15 +140,6 @@ class Project < ActiveRecord::Base FileUtils.rm_rf git_repo_path end - def add_owner_rel - if new_record? and owner - add_owner owner - elsif owner_id_changed? - remove_owner owner_type_was.classify.find(owner_id_was) - add_owner owner - end - end - def make_owner_rel r = relations.build :object_id => owner.id, :object_type => 'User', :role => 'admin' r.save diff --git a/app/models/repository.rb b/app/models/repository.rb index 3a40b0860..465aa46be 100644 --- a/app/models/repository.rb +++ b/app/models/repository.rb @@ -19,7 +19,6 @@ class Repository < ActiveRecord::Base after_create :make_owner_rel before_save :check_owner_rel #before_save :create_directory - #before_save :add_owner_rel #after_destroy :remove_directory before_create :xml_rpc_create, :unless => lambda {Thread.current[:skip]} diff --git a/config/initializers/ext.rb b/config/initializers/ext.rb deleted file mode 100644 index 26cb643b3..000000000 --- a/config/initializers/ext.rb +++ /dev/null @@ -1,4 +0,0 @@ -# Load extensions to existing classes. -Dir["lib/ext/**/*.rb"].each do |fn| - require File.expand_path( fn ) -end diff --git a/lib/ext/active_record/base.rb b/lib/ext/active_record/base.rb deleted file mode 100644 index b154bdb14..000000000 --- a/lib/ext/active_record/base.rb +++ /dev/null @@ -1,203 +0,0 @@ -class ActiveRecord::Base - - def add_role_to model, role - return false unless ActiveRecord::Base.relation_acter? model.class and ActiveRecord::Base.relation_target? self.class - return false unless ['', model.class.to_s].include? role.to - rel = Relation.by_object(model).by_target(self).first || - Relation.new(:object_id => model.id, :object_type => model.class.to_s, - :target_id => self.id, :target_type => self.class.to_s) - rel.roles << role unless rel.roles.include? role - rel.save - end - - def add_role_on model, role - return false unless ActiveRecord::Base.relation_target? model.class and ActiveRecord::Base.relation_acter? self.class - return false unless ['', self.class.to_s].include? role.to - rel = Relation.by_object(self).by_target(model).first - rel = Relation.new(:object_id => self.id, :object_type => self.class.to_s, - :target_id => model.id, :target_type => model.class.to_s) if rel.nil? - rel.roles << role unless rel.roles.include? role - rel.save - end - - def add_roles_to model, roles - return false unless ActiveRecord::Base.relation_acter? model.class and ActiveRecord::Base.relation_target? self.class - roles = roles.select{|role| ['', model.class.to_s].include? role.to} - return false if roles.empty? - rel = Relation.by_object(model).by_target(self).first || - Relation.new(:object_id => model.id, :object_type => model.class.to_s, - :target_id => self.id, :target_type => self.class.to_s) - rel.roles.concat(roles - rel.roles) if roles - rel.save - end - - def add_roles_on model, roles - return false unless ActiveRecord::Base.relation_target? model.class and ActiveRecord::Base.relation_acter? self.class - roles = roles.select{|role| ['', self.class.to_s].include? role.to} - return false if roles.empty? - rel = Relation.by_object(self).by_target(model).first || - Relation.new(:object_id => self.id, :object_type => self.class.to_s, - :target_id => model.id, :target_type => model.class.to_s) - rel.roles.concat(roles - rel.roles) if roles - rel.save - end - - def remove_roles_from_acter acter, roles - return false unless ActiveRecord::Base.relation_acter? acter.class - return false unless ActiveRecord::Base.relation_target? self.class - - rel = Relation.by_object(self).by_target(model).first - return false unless rel - rel.roles = rel.roles - roles - if rel.roles.empty? - rel.destroy - else - rel.save - end - end - - def roles_to object - return [] unless ActiveRecord::Base.relation_acter? self.class - object = object.downcase.to_sym if object.is_a? String - possible = [self] - if @@relationable[self.class.to_s][:inherits] - @@relationable[self.class.to_s][:inherits].each do |n| - possible.concat method(n).call - end - end - possible.flatten - if object.is_a? Symbol and object == :system - return possible.map{|obj| obj.global_role}.uniq - else - r = possible.inject([]) do |arr, mod| - rels = Relation.by_object(mod).by_target(object) - arr.concat rels.map{|rel| rel.roles} if rels.size > 0 - arr << mod.global_role - arr - end - return r.flatten.uniq - end - end - - def can_perform? controller, action, target = :system - all_rights = rights_to target - needed_right = right_to controller, action - return all_rights.include? needed_right - end - - def right_to controller, action - Right.where(:controller => controller, :action => action).first - end - - def rights_to object - r = roles_to(object).compact.uniq - return [] if r.nil? - r.map {|role| role.rights}.flatten.compact.uniq - end - - protected - def add_default_role - return false unless ActiveRecord::Base.relation_acter? self.class - role = Role.by_acter(self.class).by_target(:system).default.first || - Role.by_acter(:all).by_target(:system).default.first - self.global_role = role - end - - def add_owner owner - return false unless ActiveRecord::Base.relation_acter? owner.class - return false unless ActiveRecord::Base.relation_target? self.class - roles = Role.by_acter(owner.class).by_target(self.class).owner_default + - Role.by_acter(:all).by_target(self.class).owner_default - add_roles_to owner, roles - end - - def remove_owner owner - return false unless ActiveRecord::Base.relation_acter? owner.class - return false unless ActiveRecord::Base.relation_target? self.class - roles = Role.by_acter(owner.class).by_target(self.class).owner_default + - Role.by_acter(:all).by_target(self.class).owner_default - remove_roles_form_acter owner, roles - end - - class << self - - def visible_to object - return scoped unless (public_instance_methods + column_names).include? 'visibility' - rs = (object.roles_to :system).compact - vis = rs.inject({}) do |h, r| - unless r.can_see.nil? - h.merge!(r.can_see) {|k, old, new| old.concat(new).uniq} - end - h - end - vis = vis[self.name] - return where('1=2') if !vis or vis.empty? - if vis == self::VISIBILITIES - return scoped # all - else - return by_visibilities(vis) - end - end - - def inherit_rights_from arg - if relation_acters.include? self - @@relationable[self.name] ||= {} - @@relationable[self.name][:inherits] ||= [] - - if arg.is_a? Array - @@relationable[self.name][:inherits].concat(arg) - else - @@relationable[self.name][:inherits] << arg - end - end - end - - def relationable? - return true if @@relationable[self.name] and @@relationable[self.name].size > 0 - false - end - - def relation_acter? model - relation_acters.include? model - end - - def relation_target? model - relation_targets.include? model - end - - def relation_acters - load_all unless @@all_models_loaded - return Hash[@@relationable.select {|(k,v)| v[:as].include? :object}].keys.map{|m| m.constantize} - end - - def relation_targets - load_all unless @@all_models_loaded - return Hash[@@relationable.select {|(k,v)| v[:as].include? :target}].keys.map{|m| m.constantize} - end - - def load_all - Dir["app/models/**/*.rb"].each do |fn| - require File.expand_path(fn) - end - @@all_modles_loaded = true - end - - protected - - @@relationable = {} - @@all_models_loaded = false - - def relationable(arg) - @@relationable[self.name] ||= {} - @@relationable[self.name][:as] ||= [] - - if arg[:as] and [:object, :target].include? arg[:as] - @@relationable[self.name][:as] << arg[:as] - else - @@relationable[self.name][:as] << :target - end - @@relationable[self.name][:as].uniq! - end - end - -end diff --git a/lib/ext/application_controller/base.rb b/lib/ext/application_controller/base.rb deleted file mode 100644 index 16a9e5330..000000000 --- a/lib/ext/application_controller/base.rb +++ /dev/null @@ -1,29 +0,0 @@ -class ActionController::Base - - def can_perform? target = :system - c = self.controller_name - a = self.action_name - - unless current_user.can_perform? c, a, target - flash[:notice] = t('layout.not_access') - if request.env['HTTP_REFERER'] - redirect_to(:back) and return - else - redirect_to(:root) and return - end - end - end - - def check_global_access - can_perform? :system - end - - def rights_to target - ActiveRecord::Base.rights_to target - end - - def roles_to target - ActiveRecord::Base.roles_to target - end - -end