90 lines
2.4 KiB
Ruby
90 lines
2.4 KiB
Ruby
# coding: UTF-8
|
|
class ApplicationController < ActionController::Base
|
|
protect_from_forgery
|
|
layout :layout_by_resource
|
|
|
|
private
|
|
def rights_to(type)
|
|
Right.where(:rtype => type.to_s).map{|r| r.name}
|
|
end
|
|
|
|
def rights_of_user(id)
|
|
User.find(id).global_role ? User.find(id).global_role.rights{|r| r.name} : "has no role"
|
|
end
|
|
|
|
def get_role(object_id, object_type, target_id, target_type)
|
|
Relation.where(:object_id=>object_id, :object_type=>object_type, :target_id=>target_id, :target_type=>target_type).first.try(:roles)
|
|
end
|
|
|
|
def checkaccess
|
|
@roles=current_user.roles+current.user.groups.roles
|
|
@ok=false
|
|
@roles.each { |role| @ok=checkright(role.id) unless @ok }
|
|
unless @ok
|
|
flash[:notice] = t('layout.not_access')
|
|
redirect_to(:back)
|
|
end
|
|
end
|
|
|
|
def checkright(role_id)
|
|
@role=Role.find(role_id)
|
|
if @role.name.downcase!="admin"
|
|
@c = self.controller_name
|
|
@a = self.action_name
|
|
case @c
|
|
when "projects"
|
|
case @a
|
|
when "new", "show", "create"
|
|
@right=1,2
|
|
when "build", "process_build"
|
|
@right=3
|
|
end
|
|
when "repositories"
|
|
case @a
|
|
when "show"
|
|
@right=4
|
|
when "add_project", "remove_project"
|
|
@right=5
|
|
when "new", "create"
|
|
@right=6
|
|
end
|
|
when "platforms"
|
|
case @a
|
|
when "edit", "update", "freeze", "unfreeze"
|
|
@right=7
|
|
end
|
|
else return true
|
|
end
|
|
Permission.where(:role_id => @role.id, :right_id => @right).first
|
|
@ok=false if @permission.nil?
|
|
if not @ok
|
|
return false
|
|
end
|
|
end
|
|
end
|
|
|
|
before_filter lambda { EventLog.current_controller = self }, :only => [:create, :destroy, :open_id] # :update
|
|
after_filter lambda { EventLog.current_controller = nil }
|
|
|
|
protected
|
|
def layout_by_resource
|
|
if devise_controller?
|
|
"sessions"
|
|
else
|
|
"application"
|
|
end
|
|
end
|
|
|
|
def authenticate_build_service!
|
|
if request.remote_ip != APP_CONFIG['build_service_ip']
|
|
render :nothing => true, :status => 403
|
|
end
|
|
end
|
|
|
|
def authenticate_product_builder!
|
|
if request.remote_ip != APP_CONFIG['product_builder_ip']
|
|
render :nothing => true, :status => 403
|
|
end
|
|
end
|
|
end
|