rosa-build/app/controllers/application_controller.rb

90 lines
2.4 KiB
Ruby

# coding: UTF-8
class ApplicationController < ActionController::Base
protect_from_forgery
layout :layout_by_resource
private
def rights_to(type)
Right.where(:rtype => type.to_s).map{|r| r.name}
end
def rights_of_user(id)
User.find(id).global_role ? User.find(id).global_role.rights{|r| r.name} : "has no role"
end
def get_role(object_id, object_type, target_id, target_type)
Relation.where(:object_id=>object_id, :object_type=>object_type, :target_id=>target_id, :target_type=>target_type).first.try(:roles)
end
def checkaccess
@roles=current_user.roles+current.user.groups.roles
@ok=false
@roles.each { |role| @ok=checkright(role.id) unless @ok }
unless @ok
flash[:notice] = t('layout.not_access')
redirect_to(:back)
end
end
def checkright(role_id)
@role=Role.find(role_id)
if @role.name.downcase!="admin"
@c = self.controller_name
@a = self.action_name
case @c
when "projects"
case @a
when "new", "show", "create"
@right=1,2
when "build", "process_build"
@right=3
end
when "repositories"
case @a
when "show"
@right=4
when "add_project", "remove_project"
@right=5
when "new", "create"
@right=6
end
when "platforms"
case @a
when "edit", "update", "freeze", "unfreeze"
@right=7
end
else return true
end
Permission.where(:role_id => @role.id, :right_id => @right).first
@ok=false if @permission.nil?
if not @ok
return false
end
end
end
before_filter lambda { EventLog.current_controller = self }, :only => [:create, :destroy, :open_id] # :update
after_filter lambda { EventLog.current_controller = nil }
protected
def layout_by_resource
if devise_controller?
"sessions"
else
"application"
end
end
def authenticate_build_service!
if request.remote_ip != APP_CONFIG['build_service_ip']
render :nothing => true, :status => 403
end
end
def authenticate_product_builder!
if request.remote_ip != APP_CONFIG['product_builder_ip']
render :nothing => true, :status => 403
end
end
end