1 # Redmine - project management software
2 # Copyright (C) 2006-2011 Jean-Philippe Lang
3 #
4 # This program is free software; you can redistribute it and/or
5 # modify it under the terms of the GNU General Public License
6 # as published by the Free Software Foundation; either version 2
7 # of the License, or (at your option) any later version.
8 #
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
13 #
14 # You should have received a copy of the GNU General Public License
15 # along with this program; if not, write to the Free Software
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17
18 module Redmine
19 module AccessControl
20
21 class << self
22 def map
23 mapper = Mapper.new
24 yield mapper
25 @permissions ||= []
26 @permissions += mapper.mapped_permissions
27 end
28
29 def permissions
30 @permissions
31 end
32
33 # Returns the permission of given name or nil if it wasn't found
34 # Argument should be a symbol
35 def permission(name)
36 permissions.detect {|p| p.name == name}
37 end
38
39 # Returns the actions that are allowed by the permission of given name
40 def allowed_actions(permission_name)
41 perm = permission(permission_name)
42 perm ? perm.actions : []
43 end
44
45 def public_permissions
46 @public_permissions ||= @permissions.select {|p| p.public?}
47 end
48
49 def members_only_permissions
50 @members_only_permissions ||= @permissions.select {|p| p.require_member?}
51 end
52
53 def loggedin_only_permissions
54 @loggedin_only_permissions ||= @permissions.select {|p| p.require_loggedin?}
55 end
56
57 def available_project_modules
58 @available_project_modules ||= @permissions.collect(&:project_module).uniq.compact
59 end
60
61 def modules_permissions(modules)
62 @permissions.select {|p| p.project_module.nil? || modules.include?(p.project_module.to_s)}
63 end
64 end
65
66 class Mapper
67 def initialize
68 @project_module = nil
69 end
70
71 def permission(name, hash, options={})
72 @permissions ||= []
73 options.merge!(:project_module => @project_module)
74 @permissions << Permission.new(name, hash, options)
75 end
76
77 def project_module(name, options={})
78 @project_module = name
79 yield self
80 @project_module = nil
81 end
82
83 def mapped_permissions
84 @permissions
85 end
86 end
87
88 class Permission
89 attr_reader :name, :actions, :project_module
90
91 def initialize(name, hash, options)
92 @name = name
93 @actions = []
94 @public = options[:public] || false
95 @require = options[:require]
96 @project_module = options[:project_module]
97 hash.each do |controller, actions|
98 if actions.is_a? Array
99 @actions << actions.collect {|action| "#{controller}/#{action}"}
100 else
101 @actions << "#{controller}/#{actions}"
102 end
103 end
104 @actions.flatten!
105 end
106
107 def public?
108 @public
109 end
110
111 def require_member?
112 @require && @require == :member
113 end
114
115 def require_loggedin?
116 @require && (@require == :member || @require == :loggedin)
117 end
118 end
119 end
120 end