2016-10-19 03:11:36 +00:00
# Copyright (C) 2012-2016 Zammad Foundation, http://zammad-foundation.org/
2013-06-12 15:59:58 +00:00
2012-04-16 11:57:33 +00:00
class Role < ApplicationModel
2017-01-31 17:13:45 +00:00
include LogsActivityStream
include NotifiesClients
include LatestChangeObserved
2016-08-12 16:39:09 +00:00
has_and_belongs_to_many :users , after_add : :cache_update , after_remove : :cache_update
has_and_belongs_to_many :permissions , after_add : :cache_update , after_remove : :cache_update
validates :name , presence : true
store :preferences
2013-12-26 21:51:25 +00:00
2016-08-12 16:39:09 +00:00
before_create :validate_permissions
before_update :validate_permissions
2017-01-31 17:13:45 +00:00
association_attributes_ignored :user_ids
activity_stream_permission 'admin.role'
2016-08-12 16:39:09 +00:00
= begin
grand permission to role
role . permission_grand ( 'permission.key' )
= end
def permission_grand ( key )
permission = Permission . lookup ( name : key )
raise " Invalid permission #{ key } " if ! permission
return true if permission_ids . include? ( permission . id )
self . permission_ids = permission_ids . push permission . id
true
end
= begin
revoke permission of role
role . permission_revoke ( 'permission.key' )
= end
def permission_revoke ( key )
permission = Permission . lookup ( name : key )
raise " Invalid permission #{ key } " if ! permission
return true if ! permission_ids . include? ( permission . id )
self . permission_ids = self . permission_ids -= [ permission . id ]
true
end
= begin
get signup roles
Role . signup_roles
2016-12-08 14:06:54 +00:00
returns
2016-08-12 16:39:09 +00:00
[ role1 , role2 , ... ]
= end
def self . signup_roles
Role . where ( active : true , default_at_signup : true )
end
= begin
get signup role ids
Role . signup_role_ids
2016-12-08 14:06:54 +00:00
returns
2016-08-12 16:39:09 +00:00
[ role1 , role2 , ... ]
= end
def self . signup_role_ids
Role . where ( active : true , default_at_signup : true ) . map ( & :id )
end
= begin
get all roles with permission
roles = Role . with_permissions ( 'admin.session' )
get all roles with permission " admin.session " or " ticket.agent "
roles = Role . with_permissions ( [ 'admin.session' , 'ticket.agent' ] )
returns
2017-02-15 12:29:25 +00:00
[ role1 , role2 , ... ]
2016-08-12 16:39:09 +00:00
= end
def self . with_permissions ( keys )
if keys . class != Array
keys = [ keys ]
end
roles = [ ]
permission_ids = [ ]
keys . each { | key |
Object . const_get ( 'Permission' ) . with_parents ( key ) . each { | local_key |
permission = Object . const_get ( 'Permission' ) . lookup ( name : local_key )
next if ! permission
permission_ids . push permission . id
}
next if permission_ids . empty?
2016-09-22 19:05:29 +00:00
Role . joins ( :roles_permissions ) . joins ( :permissions ) . where ( 'permissions_roles.permission_id IN (?) AND roles.active = ? AND permissions.active = ?' , permission_ids , true , true ) . uniq ( ) . each { | role |
2016-08-12 16:39:09 +00:00
roles . push role
}
}
return [ ] if roles . empty?
roles
end
private
def validate_permissions
return if ! self . permission_ids
permission_ids . each { | permission_id |
permission = Permission . lookup ( id : permission_id )
raise " Unable to find permission for id #{ permission_id } " if ! permission
raise " Permission #{ permission . name } is disabled " if permission . preferences [ :disabled ] == true
next unless permission . preferences [ :not ]
permission . preferences [ :not ] . each { | local_permission_name |
local_permission = Permission . lookup ( name : local_permission_name )
next if ! local_permission
raise " Permission #{ permission . name } conflicts with #{ local_permission . name } " if permission_ids . include? ( local_permission . id )
}
}
end
2015-04-27 14:15:29 +00:00
end
