[refs #2249] Remove custom ACL from project
This commit is contained in:
parent
44191926f7
commit
5e7ded2e93
|
@ -1,6 +1,5 @@
|
||||||
class CollaboratorsController < ApplicationController
|
class CollaboratorsController < ApplicationController
|
||||||
before_filter :authenticate_user!
|
before_filter :authenticate_user!
|
||||||
# before_filter :check_global_access
|
|
||||||
|
|
||||||
before_filter :find_project
|
before_filter :find_project
|
||||||
|
|
||||||
|
@ -64,22 +63,6 @@ class CollaboratorsController < ApplicationController
|
||||||
} if params[r.to_sym]
|
} if params[r.to_sym]
|
||||||
}
|
}
|
||||||
|
|
||||||
puts users_for_removing.inspect
|
|
||||||
|
|
||||||
# if params[:group]
|
|
||||||
# groups_for_removing = @project.groups.select do |g|
|
|
||||||
# !params[:group].keys.map{|k| k.to_i}.include? g.id and @project.owner != g
|
|
||||||
# end
|
|
||||||
# groups_for_creating = params[:group].keys.map{|p| p.to_i} - @project.groups.map(&:id)
|
|
||||||
#
|
|
||||||
# puts groups_for_removing.inspect
|
|
||||||
# puts groups_for_creating.inspect
|
|
||||||
#
|
|
||||||
# @project.groups.delete_if{|g| groups_for_removing.include? g}
|
|
||||||
# groups_for_creating.each do |group|
|
|
||||||
# @project.add_roles_to Group.find(group), @def_group_roles
|
|
||||||
# end
|
|
||||||
# end
|
|
||||||
if @project.save
|
if @project.save
|
||||||
flash[:notice] = t("flash.collaborators.successfully_changed")
|
flash[:notice] = t("flash.collaborators.successfully_changed")
|
||||||
else
|
else
|
||||||
|
|
|
@ -1,3 +1,2 @@
|
||||||
class ContainersController < ApplicationController
|
class ContainersController < ApplicationController
|
||||||
#before_filter :check_global_access
|
|
||||||
end
|
end
|
||||||
|
|
|
@ -1,6 +1,5 @@
|
||||||
class DownloadsController < ApplicationController
|
class DownloadsController < ApplicationController
|
||||||
before_filter :authenticate_user!
|
before_filter :authenticate_user!
|
||||||
#before_filter :check_global_access, :except => [:test_sudo]
|
|
||||||
|
|
||||||
authorize_resource
|
authorize_resource
|
||||||
|
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
# coding: UTF-8
|
# coding: UTF-8
|
||||||
class EventLogsController < ApplicationController
|
class EventLogsController < ApplicationController
|
||||||
before_filter :authenticate_user!
|
before_filter :authenticate_user!
|
||||||
#before_filter :check_global_access
|
|
||||||
|
|
||||||
def index
|
def index
|
||||||
@event_logs = EventLog.default_order.eager_loading.paginate :page => params[:page]
|
@event_logs = EventLog.default_order.eager_loading.paginate :page => params[:page]
|
||||||
|
|
|
@ -34,12 +34,10 @@ class PlatformsController < ApplicationController
|
||||||
end
|
end
|
||||||
|
|
||||||
def new
|
def new
|
||||||
#@platforms = Platform.visible_to current_user
|
|
||||||
@platform = Platform.new
|
@platform = Platform.new
|
||||||
end
|
end
|
||||||
|
|
||||||
def edit
|
def edit
|
||||||
#@platforms = Platform.visible_to current_user
|
|
||||||
end
|
end
|
||||||
|
|
||||||
def create
|
def create
|
||||||
|
@ -52,7 +50,6 @@ class PlatformsController < ApplicationController
|
||||||
redirect_to @platform
|
redirect_to @platform
|
||||||
else
|
else
|
||||||
flash[:error] = I18n.t("flash.platform.saved_error")
|
flash[:error] = I18n.t("flash.platform.saved_error")
|
||||||
#@platforms = Platform.visible_to current_user
|
|
||||||
render :action => :new
|
render :action => :new
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -3,8 +3,6 @@ class RolesController < ApplicationController
|
||||||
before_filter :find_role, :only => [:show, :edit, :update, :destroy]
|
before_filter :find_role, :only => [:show, :edit, :update, :destroy]
|
||||||
before_filter :find_visibilities, :only => [:new, :edit]
|
before_filter :find_visibilities, :only => [:new, :edit]
|
||||||
|
|
||||||
# before_filter :check_global_access
|
|
||||||
|
|
||||||
def index
|
def index
|
||||||
@roles = Role.all
|
@roles = Role.all
|
||||||
end
|
end
|
||||||
|
|
|
@ -2,7 +2,6 @@ class RpcController < ApplicationController
|
||||||
exposes_xmlrpc_methods
|
exposes_xmlrpc_methods
|
||||||
|
|
||||||
before_filter :authenticate_user!
|
before_filter :authenticate_user!
|
||||||
#before_filter :check_global_access
|
|
||||||
before_filter lambda { EventLog.current_controller = self }, :only => :xe_index # should be after auth callback
|
before_filter lambda { EventLog.current_controller = self }, :only => :xe_index # should be after auth callback
|
||||||
|
|
||||||
## Usage example:
|
## Usage example:
|
||||||
|
|
|
@ -2,7 +2,6 @@
|
||||||
class UsersController < ApplicationController
|
class UsersController < ApplicationController
|
||||||
before_filter :authenticate_user!
|
before_filter :authenticate_user!
|
||||||
before_filter :find_user, :only => [:show, :edit, :update, :destroy]
|
before_filter :find_user, :only => [:show, :edit, :update, :destroy]
|
||||||
#before_filter :check_global_access
|
|
||||||
|
|
||||||
authorize_resource
|
authorize_resource
|
||||||
|
|
||||||
|
|
|
@ -24,8 +24,6 @@ class Group < ActiveRecord::Base
|
||||||
|
|
||||||
include PersonalRepository
|
include PersonalRepository
|
||||||
|
|
||||||
before_create :add_default_role
|
|
||||||
#before_save :add_owner_rel
|
|
||||||
after_create :make_owner_rel
|
after_create :make_owner_rel
|
||||||
before_save :check_owner_rel
|
before_save :check_owner_rel
|
||||||
|
|
||||||
|
@ -45,23 +43,15 @@ class Group < ActiveRecord::Base
|
||||||
|
|
||||||
protected
|
protected
|
||||||
|
|
||||||
def add_owner_rel
|
|
||||||
if new_record? and owner
|
|
||||||
add_owner owner
|
|
||||||
elsif owner_id_changed?
|
|
||||||
remove_owner owner_type_was.classify.find(owner_id_was)
|
|
||||||
add_owner owner
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
def make_owner_rel
|
def make_owner_rel
|
||||||
add_owner owner
|
r = relations.build :object_id => owner.id, :object_type => 'User', :role => 'admin'
|
||||||
|
r.save
|
||||||
end
|
end
|
||||||
|
|
||||||
def check_owner_rel
|
def check_owner_rel
|
||||||
if !new_record? and owner_id_changed?
|
if !new_record? and owner_id_changed?
|
||||||
remove_owner owner_type_was.classify.find(owner_id_was) if owner_type_was
|
relations.by_object(owner).delete_all if owner_type_was
|
||||||
add_owner owner if owner
|
make_owner_rel if owner
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -28,7 +28,6 @@ class Project < ActiveRecord::Base
|
||||||
scope :addable_to_repository, lambda { |repository_id| where("projects.id NOT IN (SELECT project_to_repositories.project_id FROM project_to_repositories WHERE (project_to_repositories.repository_id = #{ repository_id }))") }
|
scope :addable_to_repository, lambda { |repository_id| where("projects.id NOT IN (SELECT project_to_repositories.project_id FROM project_to_repositories WHERE (project_to_repositories.repository_id = #{ repository_id }))") }
|
||||||
scope :automateable, where("projects.id NOT IN (SELECT auto_build_lists.project_id FROM auto_build_lists)")
|
scope :automateable, where("projects.id NOT IN (SELECT auto_build_lists.project_id FROM auto_build_lists)")
|
||||||
|
|
||||||
# before_save :add_owner_rel
|
|
||||||
after_create :make_owner_rel
|
after_create :make_owner_rel
|
||||||
before_save :check_owner_rel
|
before_save :check_owner_rel
|
||||||
|
|
||||||
|
@ -141,15 +140,6 @@ class Project < ActiveRecord::Base
|
||||||
FileUtils.rm_rf git_repo_path
|
FileUtils.rm_rf git_repo_path
|
||||||
end
|
end
|
||||||
|
|
||||||
def add_owner_rel
|
|
||||||
if new_record? and owner
|
|
||||||
add_owner owner
|
|
||||||
elsif owner_id_changed?
|
|
||||||
remove_owner owner_type_was.classify.find(owner_id_was)
|
|
||||||
add_owner owner
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
def make_owner_rel
|
def make_owner_rel
|
||||||
r = relations.build :object_id => owner.id, :object_type => 'User', :role => 'admin'
|
r = relations.build :object_id => owner.id, :object_type => 'User', :role => 'admin'
|
||||||
r.save
|
r.save
|
||||||
|
|
|
@ -19,7 +19,6 @@ class Repository < ActiveRecord::Base
|
||||||
after_create :make_owner_rel
|
after_create :make_owner_rel
|
||||||
before_save :check_owner_rel
|
before_save :check_owner_rel
|
||||||
#before_save :create_directory
|
#before_save :create_directory
|
||||||
#before_save :add_owner_rel
|
|
||||||
#after_destroy :remove_directory
|
#after_destroy :remove_directory
|
||||||
|
|
||||||
before_create :xml_rpc_create, :unless => lambda {Thread.current[:skip]}
|
before_create :xml_rpc_create, :unless => lambda {Thread.current[:skip]}
|
||||||
|
|
|
@ -1,4 +0,0 @@
|
||||||
# Load extensions to existing classes.
|
|
||||||
Dir["lib/ext/**/*.rb"].each do |fn|
|
|
||||||
require File.expand_path( fn )
|
|
||||||
end
|
|
|
@ -1,203 +0,0 @@
|
||||||
class ActiveRecord::Base
|
|
||||||
|
|
||||||
def add_role_to model, role
|
|
||||||
return false unless ActiveRecord::Base.relation_acter? model.class and ActiveRecord::Base.relation_target? self.class
|
|
||||||
return false unless ['', model.class.to_s].include? role.to
|
|
||||||
rel = Relation.by_object(model).by_target(self).first ||
|
|
||||||
Relation.new(:object_id => model.id, :object_type => model.class.to_s,
|
|
||||||
:target_id => self.id, :target_type => self.class.to_s)
|
|
||||||
rel.roles << role unless rel.roles.include? role
|
|
||||||
rel.save
|
|
||||||
end
|
|
||||||
|
|
||||||
def add_role_on model, role
|
|
||||||
return false unless ActiveRecord::Base.relation_target? model.class and ActiveRecord::Base.relation_acter? self.class
|
|
||||||
return false unless ['', self.class.to_s].include? role.to
|
|
||||||
rel = Relation.by_object(self).by_target(model).first
|
|
||||||
rel = Relation.new(:object_id => self.id, :object_type => self.class.to_s,
|
|
||||||
:target_id => model.id, :target_type => model.class.to_s) if rel.nil?
|
|
||||||
rel.roles << role unless rel.roles.include? role
|
|
||||||
rel.save
|
|
||||||
end
|
|
||||||
|
|
||||||
def add_roles_to model, roles
|
|
||||||
return false unless ActiveRecord::Base.relation_acter? model.class and ActiveRecord::Base.relation_target? self.class
|
|
||||||
roles = roles.select{|role| ['', model.class.to_s].include? role.to}
|
|
||||||
return false if roles.empty?
|
|
||||||
rel = Relation.by_object(model).by_target(self).first ||
|
|
||||||
Relation.new(:object_id => model.id, :object_type => model.class.to_s,
|
|
||||||
:target_id => self.id, :target_type => self.class.to_s)
|
|
||||||
rel.roles.concat(roles - rel.roles) if roles
|
|
||||||
rel.save
|
|
||||||
end
|
|
||||||
|
|
||||||
def add_roles_on model, roles
|
|
||||||
return false unless ActiveRecord::Base.relation_target? model.class and ActiveRecord::Base.relation_acter? self.class
|
|
||||||
roles = roles.select{|role| ['', self.class.to_s].include? role.to}
|
|
||||||
return false if roles.empty?
|
|
||||||
rel = Relation.by_object(self).by_target(model).first ||
|
|
||||||
Relation.new(:object_id => self.id, :object_type => self.class.to_s,
|
|
||||||
:target_id => model.id, :target_type => model.class.to_s)
|
|
||||||
rel.roles.concat(roles - rel.roles) if roles
|
|
||||||
rel.save
|
|
||||||
end
|
|
||||||
|
|
||||||
def remove_roles_from_acter acter, roles
|
|
||||||
return false unless ActiveRecord::Base.relation_acter? acter.class
|
|
||||||
return false unless ActiveRecord::Base.relation_target? self.class
|
|
||||||
|
|
||||||
rel = Relation.by_object(self).by_target(model).first
|
|
||||||
return false unless rel
|
|
||||||
rel.roles = rel.roles - roles
|
|
||||||
if rel.roles.empty?
|
|
||||||
rel.destroy
|
|
||||||
else
|
|
||||||
rel.save
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
def roles_to object
|
|
||||||
return [] unless ActiveRecord::Base.relation_acter? self.class
|
|
||||||
object = object.downcase.to_sym if object.is_a? String
|
|
||||||
possible = [self]
|
|
||||||
if @@relationable[self.class.to_s][:inherits]
|
|
||||||
@@relationable[self.class.to_s][:inherits].each do |n|
|
|
||||||
possible.concat method(n).call
|
|
||||||
end
|
|
||||||
end
|
|
||||||
possible.flatten
|
|
||||||
if object.is_a? Symbol and object == :system
|
|
||||||
return possible.map{|obj| obj.global_role}.uniq
|
|
||||||
else
|
|
||||||
r = possible.inject([]) do |arr, mod|
|
|
||||||
rels = Relation.by_object(mod).by_target(object)
|
|
||||||
arr.concat rels.map{|rel| rel.roles} if rels.size > 0
|
|
||||||
arr << mod.global_role
|
|
||||||
arr
|
|
||||||
end
|
|
||||||
return r.flatten.uniq
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
def can_perform? controller, action, target = :system
|
|
||||||
all_rights = rights_to target
|
|
||||||
needed_right = right_to controller, action
|
|
||||||
return all_rights.include? needed_right
|
|
||||||
end
|
|
||||||
|
|
||||||
def right_to controller, action
|
|
||||||
Right.where(:controller => controller, :action => action).first
|
|
||||||
end
|
|
||||||
|
|
||||||
def rights_to object
|
|
||||||
r = roles_to(object).compact.uniq
|
|
||||||
return [] if r.nil?
|
|
||||||
r.map {|role| role.rights}.flatten.compact.uniq
|
|
||||||
end
|
|
||||||
|
|
||||||
protected
|
|
||||||
def add_default_role
|
|
||||||
return false unless ActiveRecord::Base.relation_acter? self.class
|
|
||||||
role = Role.by_acter(self.class).by_target(:system).default.first ||
|
|
||||||
Role.by_acter(:all).by_target(:system).default.first
|
|
||||||
self.global_role = role
|
|
||||||
end
|
|
||||||
|
|
||||||
def add_owner owner
|
|
||||||
return false unless ActiveRecord::Base.relation_acter? owner.class
|
|
||||||
return false unless ActiveRecord::Base.relation_target? self.class
|
|
||||||
roles = Role.by_acter(owner.class).by_target(self.class).owner_default +
|
|
||||||
Role.by_acter(:all).by_target(self.class).owner_default
|
|
||||||
add_roles_to owner, roles
|
|
||||||
end
|
|
||||||
|
|
||||||
def remove_owner owner
|
|
||||||
return false unless ActiveRecord::Base.relation_acter? owner.class
|
|
||||||
return false unless ActiveRecord::Base.relation_target? self.class
|
|
||||||
roles = Role.by_acter(owner.class).by_target(self.class).owner_default +
|
|
||||||
Role.by_acter(:all).by_target(self.class).owner_default
|
|
||||||
remove_roles_form_acter owner, roles
|
|
||||||
end
|
|
||||||
|
|
||||||
class << self
|
|
||||||
|
|
||||||
def visible_to object
|
|
||||||
return scoped unless (public_instance_methods + column_names).include? 'visibility'
|
|
||||||
rs = (object.roles_to :system).compact
|
|
||||||
vis = rs.inject({}) do |h, r|
|
|
||||||
unless r.can_see.nil?
|
|
||||||
h.merge!(r.can_see) {|k, old, new| old.concat(new).uniq}
|
|
||||||
end
|
|
||||||
h
|
|
||||||
end
|
|
||||||
vis = vis[self.name]
|
|
||||||
return where('1=2') if !vis or vis.empty?
|
|
||||||
if vis == self::VISIBILITIES
|
|
||||||
return scoped # all
|
|
||||||
else
|
|
||||||
return by_visibilities(vis)
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
def inherit_rights_from arg
|
|
||||||
if relation_acters.include? self
|
|
||||||
@@relationable[self.name] ||= {}
|
|
||||||
@@relationable[self.name][:inherits] ||= []
|
|
||||||
|
|
||||||
if arg.is_a? Array
|
|
||||||
@@relationable[self.name][:inherits].concat(arg)
|
|
||||||
else
|
|
||||||
@@relationable[self.name][:inherits] << arg
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
def relationable?
|
|
||||||
return true if @@relationable[self.name] and @@relationable[self.name].size > 0
|
|
||||||
false
|
|
||||||
end
|
|
||||||
|
|
||||||
def relation_acter? model
|
|
||||||
relation_acters.include? model
|
|
||||||
end
|
|
||||||
|
|
||||||
def relation_target? model
|
|
||||||
relation_targets.include? model
|
|
||||||
end
|
|
||||||
|
|
||||||
def relation_acters
|
|
||||||
load_all unless @@all_models_loaded
|
|
||||||
return Hash[@@relationable.select {|(k,v)| v[:as].include? :object}].keys.map{|m| m.constantize}
|
|
||||||
end
|
|
||||||
|
|
||||||
def relation_targets
|
|
||||||
load_all unless @@all_models_loaded
|
|
||||||
return Hash[@@relationable.select {|(k,v)| v[:as].include? :target}].keys.map{|m| m.constantize}
|
|
||||||
end
|
|
||||||
|
|
||||||
def load_all
|
|
||||||
Dir["app/models/**/*.rb"].each do |fn|
|
|
||||||
require File.expand_path(fn)
|
|
||||||
end
|
|
||||||
@@all_modles_loaded = true
|
|
||||||
end
|
|
||||||
|
|
||||||
protected
|
|
||||||
|
|
||||||
@@relationable = {}
|
|
||||||
@@all_models_loaded = false
|
|
||||||
|
|
||||||
def relationable(arg)
|
|
||||||
@@relationable[self.name] ||= {}
|
|
||||||
@@relationable[self.name][:as] ||= []
|
|
||||||
|
|
||||||
if arg[:as] and [:object, :target].include? arg[:as]
|
|
||||||
@@relationable[self.name][:as] << arg[:as]
|
|
||||||
else
|
|
||||||
@@relationable[self.name][:as] << :target
|
|
||||||
end
|
|
||||||
@@relationable[self.name][:as].uniq!
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
end
|
|
|
@ -1,29 +0,0 @@
|
||||||
class ActionController::Base
|
|
||||||
|
|
||||||
def can_perform? target = :system
|
|
||||||
c = self.controller_name
|
|
||||||
a = self.action_name
|
|
||||||
|
|
||||||
unless current_user.can_perform? c, a, target
|
|
||||||
flash[:notice] = t('layout.not_access')
|
|
||||||
if request.env['HTTP_REFERER']
|
|
||||||
redirect_to(:back) and return
|
|
||||||
else
|
|
||||||
redirect_to(:root) and return
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
def check_global_access
|
|
||||||
can_perform? :system
|
|
||||||
end
|
|
||||||
|
|
||||||
def rights_to target
|
|
||||||
ActiveRecord::Base.rights_to target
|
|
||||||
end
|
|
||||||
|
|
||||||
def roles_to target
|
|
||||||
ActiveRecord::Base.roles_to target
|
|
||||||
end
|
|
||||||
|
|
||||||
end
|
|
Loading…
Reference in New Issue