[refs #2249] Remove custom ACL from project

This commit is contained in:
konstantin.grabar 2011-11-19 16:11:44 +04:00
parent 44191926f7
commit 5e7ded2e93
14 changed files with 36 additions and 320 deletions

View File

@ -1,6 +1,5 @@
class CollaboratorsController < ApplicationController class CollaboratorsController < ApplicationController
before_filter :authenticate_user! before_filter :authenticate_user!
# before_filter :check_global_access
before_filter :find_project before_filter :find_project
@ -64,22 +63,6 @@ class CollaboratorsController < ApplicationController
} if params[r.to_sym] } if params[r.to_sym]
} }
puts users_for_removing.inspect
# if params[:group]
# groups_for_removing = @project.groups.select do |g|
# !params[:group].keys.map{|k| k.to_i}.include? g.id and @project.owner != g
# end
# groups_for_creating = params[:group].keys.map{|p| p.to_i} - @project.groups.map(&:id)
#
# puts groups_for_removing.inspect
# puts groups_for_creating.inspect
#
# @project.groups.delete_if{|g| groups_for_removing.include? g}
# groups_for_creating.each do |group|
# @project.add_roles_to Group.find(group), @def_group_roles
# end
# end
if @project.save if @project.save
flash[:notice] = t("flash.collaborators.successfully_changed") flash[:notice] = t("flash.collaborators.successfully_changed")
else else

View File

@ -1,3 +1,2 @@
class ContainersController < ApplicationController class ContainersController < ApplicationController
#before_filter :check_global_access
end end

View File

@ -1,6 +1,5 @@
class DownloadsController < ApplicationController class DownloadsController < ApplicationController
before_filter :authenticate_user! before_filter :authenticate_user!
#before_filter :check_global_access, :except => [:test_sudo]
authorize_resource authorize_resource

View File

@ -1,7 +1,6 @@
# coding: UTF-8 # coding: UTF-8
class EventLogsController < ApplicationController class EventLogsController < ApplicationController
before_filter :authenticate_user! before_filter :authenticate_user!
#before_filter :check_global_access
def index def index
@event_logs = EventLog.default_order.eager_loading.paginate :page => params[:page] @event_logs = EventLog.default_order.eager_loading.paginate :page => params[:page]

View File

@ -34,12 +34,10 @@ class PlatformsController < ApplicationController
end end
def new def new
#@platforms = Platform.visible_to current_user
@platform = Platform.new @platform = Platform.new
end end
def edit def edit
#@platforms = Platform.visible_to current_user
end end
def create def create
@ -52,7 +50,6 @@ class PlatformsController < ApplicationController
redirect_to @platform redirect_to @platform
else else
flash[:error] = I18n.t("flash.platform.saved_error") flash[:error] = I18n.t("flash.platform.saved_error")
#@platforms = Platform.visible_to current_user
render :action => :new render :action => :new
end end
end end

View File

@ -3,8 +3,6 @@ class RolesController < ApplicationController
before_filter :find_role, :only => [:show, :edit, :update, :destroy] before_filter :find_role, :only => [:show, :edit, :update, :destroy]
before_filter :find_visibilities, :only => [:new, :edit] before_filter :find_visibilities, :only => [:new, :edit]
# before_filter :check_global_access
def index def index
@roles = Role.all @roles = Role.all
end end

View File

@ -2,7 +2,6 @@ class RpcController < ApplicationController
exposes_xmlrpc_methods exposes_xmlrpc_methods
before_filter :authenticate_user! before_filter :authenticate_user!
#before_filter :check_global_access
before_filter lambda { EventLog.current_controller = self }, :only => :xe_index # should be after auth callback before_filter lambda { EventLog.current_controller = self }, :only => :xe_index # should be after auth callback
## Usage example: ## Usage example:

View File

@ -2,7 +2,6 @@
class UsersController < ApplicationController class UsersController < ApplicationController
before_filter :authenticate_user! before_filter :authenticate_user!
before_filter :find_user, :only => [:show, :edit, :update, :destroy] before_filter :find_user, :only => [:show, :edit, :update, :destroy]
#before_filter :check_global_access
authorize_resource authorize_resource

View File

@ -24,8 +24,6 @@ class Group < ActiveRecord::Base
include PersonalRepository include PersonalRepository
before_create :add_default_role
#before_save :add_owner_rel
after_create :make_owner_rel after_create :make_owner_rel
before_save :check_owner_rel before_save :check_owner_rel
@ -45,23 +43,15 @@ class Group < ActiveRecord::Base
protected protected
def add_owner_rel
if new_record? and owner
add_owner owner
elsif owner_id_changed?
remove_owner owner_type_was.classify.find(owner_id_was)
add_owner owner
end
end
def make_owner_rel def make_owner_rel
add_owner owner r = relations.build :object_id => owner.id, :object_type => 'User', :role => 'admin'
r.save
end end
def check_owner_rel def check_owner_rel
if !new_record? and owner_id_changed? if !new_record? and owner_id_changed?
remove_owner owner_type_was.classify.find(owner_id_was) if owner_type_was relations.by_object(owner).delete_all if owner_type_was
add_owner owner if owner make_owner_rel if owner
end end
end end

View File

@ -28,7 +28,6 @@ class Project < ActiveRecord::Base
scope :addable_to_repository, lambda { |repository_id| where("projects.id NOT IN (SELECT project_to_repositories.project_id FROM project_to_repositories WHERE (project_to_repositories.repository_id = #{ repository_id }))") } scope :addable_to_repository, lambda { |repository_id| where("projects.id NOT IN (SELECT project_to_repositories.project_id FROM project_to_repositories WHERE (project_to_repositories.repository_id = #{ repository_id }))") }
scope :automateable, where("projects.id NOT IN (SELECT auto_build_lists.project_id FROM auto_build_lists)") scope :automateable, where("projects.id NOT IN (SELECT auto_build_lists.project_id FROM auto_build_lists)")
# before_save :add_owner_rel
after_create :make_owner_rel after_create :make_owner_rel
before_save :check_owner_rel before_save :check_owner_rel
@ -141,15 +140,6 @@ class Project < ActiveRecord::Base
FileUtils.rm_rf git_repo_path FileUtils.rm_rf git_repo_path
end end
def add_owner_rel
if new_record? and owner
add_owner owner
elsif owner_id_changed?
remove_owner owner_type_was.classify.find(owner_id_was)
add_owner owner
end
end
def make_owner_rel def make_owner_rel
r = relations.build :object_id => owner.id, :object_type => 'User', :role => 'admin' r = relations.build :object_id => owner.id, :object_type => 'User', :role => 'admin'
r.save r.save

View File

@ -19,7 +19,6 @@ class Repository < ActiveRecord::Base
after_create :make_owner_rel after_create :make_owner_rel
before_save :check_owner_rel before_save :check_owner_rel
#before_save :create_directory #before_save :create_directory
#before_save :add_owner_rel
#after_destroy :remove_directory #after_destroy :remove_directory
before_create :xml_rpc_create, :unless => lambda {Thread.current[:skip]} before_create :xml_rpc_create, :unless => lambda {Thread.current[:skip]}

View File

@ -1,4 +0,0 @@
# Load extensions to existing classes.
Dir["lib/ext/**/*.rb"].each do |fn|
require File.expand_path( fn )
end

View File

@ -1,203 +0,0 @@
class ActiveRecord::Base
def add_role_to model, role
return false unless ActiveRecord::Base.relation_acter? model.class and ActiveRecord::Base.relation_target? self.class
return false unless ['', model.class.to_s].include? role.to
rel = Relation.by_object(model).by_target(self).first ||
Relation.new(:object_id => model.id, :object_type => model.class.to_s,
:target_id => self.id, :target_type => self.class.to_s)
rel.roles << role unless rel.roles.include? role
rel.save
end
def add_role_on model, role
return false unless ActiveRecord::Base.relation_target? model.class and ActiveRecord::Base.relation_acter? self.class
return false unless ['', self.class.to_s].include? role.to
rel = Relation.by_object(self).by_target(model).first
rel = Relation.new(:object_id => self.id, :object_type => self.class.to_s,
:target_id => model.id, :target_type => model.class.to_s) if rel.nil?
rel.roles << role unless rel.roles.include? role
rel.save
end
def add_roles_to model, roles
return false unless ActiveRecord::Base.relation_acter? model.class and ActiveRecord::Base.relation_target? self.class
roles = roles.select{|role| ['', model.class.to_s].include? role.to}
return false if roles.empty?
rel = Relation.by_object(model).by_target(self).first ||
Relation.new(:object_id => model.id, :object_type => model.class.to_s,
:target_id => self.id, :target_type => self.class.to_s)
rel.roles.concat(roles - rel.roles) if roles
rel.save
end
def add_roles_on model, roles
return false unless ActiveRecord::Base.relation_target? model.class and ActiveRecord::Base.relation_acter? self.class
roles = roles.select{|role| ['', self.class.to_s].include? role.to}
return false if roles.empty?
rel = Relation.by_object(self).by_target(model).first ||
Relation.new(:object_id => self.id, :object_type => self.class.to_s,
:target_id => model.id, :target_type => model.class.to_s)
rel.roles.concat(roles - rel.roles) if roles
rel.save
end
def remove_roles_from_acter acter, roles
return false unless ActiveRecord::Base.relation_acter? acter.class
return false unless ActiveRecord::Base.relation_target? self.class
rel = Relation.by_object(self).by_target(model).first
return false unless rel
rel.roles = rel.roles - roles
if rel.roles.empty?
rel.destroy
else
rel.save
end
end
def roles_to object
return [] unless ActiveRecord::Base.relation_acter? self.class
object = object.downcase.to_sym if object.is_a? String
possible = [self]
if @@relationable[self.class.to_s][:inherits]
@@relationable[self.class.to_s][:inherits].each do |n|
possible.concat method(n).call
end
end
possible.flatten
if object.is_a? Symbol and object == :system
return possible.map{|obj| obj.global_role}.uniq
else
r = possible.inject([]) do |arr, mod|
rels = Relation.by_object(mod).by_target(object)
arr.concat rels.map{|rel| rel.roles} if rels.size > 0
arr << mod.global_role
arr
end
return r.flatten.uniq
end
end
def can_perform? controller, action, target = :system
all_rights = rights_to target
needed_right = right_to controller, action
return all_rights.include? needed_right
end
def right_to controller, action
Right.where(:controller => controller, :action => action).first
end
def rights_to object
r = roles_to(object).compact.uniq
return [] if r.nil?
r.map {|role| role.rights}.flatten.compact.uniq
end
protected
def add_default_role
return false unless ActiveRecord::Base.relation_acter? self.class
role = Role.by_acter(self.class).by_target(:system).default.first ||
Role.by_acter(:all).by_target(:system).default.first
self.global_role = role
end
def add_owner owner
return false unless ActiveRecord::Base.relation_acter? owner.class
return false unless ActiveRecord::Base.relation_target? self.class
roles = Role.by_acter(owner.class).by_target(self.class).owner_default +
Role.by_acter(:all).by_target(self.class).owner_default
add_roles_to owner, roles
end
def remove_owner owner
return false unless ActiveRecord::Base.relation_acter? owner.class
return false unless ActiveRecord::Base.relation_target? self.class
roles = Role.by_acter(owner.class).by_target(self.class).owner_default +
Role.by_acter(:all).by_target(self.class).owner_default
remove_roles_form_acter owner, roles
end
class << self
def visible_to object
return scoped unless (public_instance_methods + column_names).include? 'visibility'
rs = (object.roles_to :system).compact
vis = rs.inject({}) do |h, r|
unless r.can_see.nil?
h.merge!(r.can_see) {|k, old, new| old.concat(new).uniq}
end
h
end
vis = vis[self.name]
return where('1=2') if !vis or vis.empty?
if vis == self::VISIBILITIES
return scoped # all
else
return by_visibilities(vis)
end
end
def inherit_rights_from arg
if relation_acters.include? self
@@relationable[self.name] ||= {}
@@relationable[self.name][:inherits] ||= []
if arg.is_a? Array
@@relationable[self.name][:inherits].concat(arg)
else
@@relationable[self.name][:inherits] << arg
end
end
end
def relationable?
return true if @@relationable[self.name] and @@relationable[self.name].size > 0
false
end
def relation_acter? model
relation_acters.include? model
end
def relation_target? model
relation_targets.include? model
end
def relation_acters
load_all unless @@all_models_loaded
return Hash[@@relationable.select {|(k,v)| v[:as].include? :object}].keys.map{|m| m.constantize}
end
def relation_targets
load_all unless @@all_models_loaded
return Hash[@@relationable.select {|(k,v)| v[:as].include? :target}].keys.map{|m| m.constantize}
end
def load_all
Dir["app/models/**/*.rb"].each do |fn|
require File.expand_path(fn)
end
@@all_modles_loaded = true
end
protected
@@relationable = {}
@@all_models_loaded = false
def relationable(arg)
@@relationable[self.name] ||= {}
@@relationable[self.name][:as] ||= []
if arg[:as] and [:object, :target].include? arg[:as]
@@relationable[self.name][:as] << arg[:as]
else
@@relationable[self.name][:as] << :target
end
@@relationable[self.name][:as].uniq!
end
end
end

View File

@ -1,29 +0,0 @@
class ActionController::Base
def can_perform? target = :system
c = self.controller_name
a = self.action_name
unless current_user.can_perform? c, a, target
flash[:notice] = t('layout.not_access')
if request.env['HTTP_REFERER']
redirect_to(:back) and return
else
redirect_to(:root) and return
end
end
end
def check_global_access
can_perform? :system
end
def rights_to target
ActiveRecord::Base.rights_to target
end
def roles_to target
ActiveRecord::Base.roles_to target
end
end