Sutty/trabajo-afectivo
5
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
trabajo-afectivo/app/models/role.rb

150 lines
3.9 KiB
Ruby
Raw Normal View History

Updated copyright.
2016-10-19 03:11:36 +00:00
# Copyright (C) 2012-2016 Zammad Foundation, http://zammad-foundation.org/
Code reformattingand code layout beautying.
2013-06-12 15:59:58 +00:00
Added caching / delete of caches if user object changes.
2012-04-16 11:57:33 +00:00
class Role < ApplicationModel
Refactoring: Splitted ApplicationModel into multiple concerns. Notice: Includes object some method name changes.
2017-01-31 17:13:45 +00:00
include LogsActivityStream
include NotifiesClients
include LatestChangeObserved
Moved from to new permission management.
2016-08-12 16:39:09 +00:00
has_and_belongs_to_many :users, after_add: :cache_update, after_remove: :cache_update
Added agent limit support.
2017-04-18 07:38:53 +00:00
has_and_belongs_to_many :permissions, after_add: :cache_update, after_remove: :cache_update, before_add: :validate_agent_limit
Moved from to new permission management.
2016-08-12 16:39:09 +00:00
validates :name, presence: true
store :preferences
Moved to application model assets (for all models per default).
2013-12-26 21:51:25 +00:00
Moved from to new permission management.
2016-08-12 16:39:09 +00:00
before_create :validate_permissions
before_update :validate_permissions
Refactoring: Splitted ApplicationModel into multiple concerns. Notice: Includes object some method name changes.
2017-01-31 17:13:45 +00:00
association_attributes_ignored :user_ids
activity_stream_permission 'admin.role'
Moved from to new permission management.
2016-08-12 16:39:09 +00:00
=begin
changed function name from permission_grand to permission_grant in Role model
2017-02-24 13:47:55 +00:00
grant permission to role
Moved from to new permission management.
2016-08-12 16:39:09 +00:00
changed function name from permission_grand to permission_grant in Role model
2017-02-24 13:47:55 +00:00
role.permission_grant('permission.key')
Moved from to new permission management.
2016-08-12 16:39:09 +00:00
=end
changed function name from permission_grand to permission_grant in Role model
2017-02-24 13:47:55 +00:00
def permission_grant(key)
Moved from to new permission management.
2016-08-12 16:39:09 +00:00
permission = Permission.lookup(name: key)
raise "Invalid permission #{key}" if !permission
return true if permission_ids.include?(permission.id)
self.permission_ids = permission_ids.push permission.id
true
end
=begin
revoke permission of role
role.permission_revoke('permission.key')
=end
def permission_revoke(key)
permission = Permission.lookup(name: key)
raise "Invalid permission #{key}" if !permission
return true if !permission_ids.include?(permission.id)
self.permission_ids = self.permission_ids -= [permission.id]
true
end
=begin
get signup roles
Role.signup_roles
Rework, get unit tests up and running again.
2016-12-08 14:06:54 +00:00
returns
Moved from to new permission management.
2016-08-12 16:39:09 +00:00
[role1, role2, ...]
=end
def self.signup_roles
Role.where(active: true, default_at_signup: true)
end
=begin
get signup role ids
Role.signup_role_ids
Rework, get unit tests up and running again.
2016-12-08 14:06:54 +00:00
returns
Moved from to new permission management.
2016-08-12 16:39:09 +00:00
[role1, role2, ...]
=end
def self.signup_role_ids
Role.where(active: true, default_at_signup: true).map(&:id)
end
=begin
get all roles with permission
roles = Role.with_permissions('admin.session')
get all roles with permission "admin.session" or "ticket.agent"
roles = Role.with_permissions(['admin.session', 'ticket.agent'])
returns
Improved session validation and usage of cors headers.
2017-02-15 12:29:25 +00:00
[role1, role2, ...]
Moved from to new permission management.
2016-08-12 16:39:09 +00:00
=end
def self.with_permissions(keys)
if keys.class != Array
keys = [keys]
end
roles = []
permission_ids = []
keys.each { |key|
Object.const_get('Permission').with_parents(key).each { |local_key|
permission = Object.const_get('Permission').lookup(name: local_key)
next if !permission
permission_ids.push permission.id
}
next if permission_ids.empty?
Added permission.active attribute to disable features.
2016-09-22 19:05:29 +00:00
Role.joins(:roles_permissions).joins(:permissions).where('permissions_roles.permission_id IN (?) AND roles.active = ? AND permissions.active = ?', permission_ids, true, true).uniq().each { |role|
Moved from to new permission management.
2016-08-12 16:39:09 +00:00
roles.push role
}
}
return [] if roles.empty?
roles
end
private
def validate_permissions
return if !self.permission_ids
permission_ids.each { |permission_id|
permission = Permission.lookup(id: permission_id)
raise "Unable to find permission for id #{permission_id}" if !permission
raise "Permission #{permission.name} is disabled" if permission.preferences[:disabled] == true
next unless permission.preferences[:not]
permission.preferences[:not].each { |local_permission_name|
local_permission = Permission.lookup(name: local_permission_name)
next if !local_permission
raise "Permission #{permission.name} conflicts with #{local_permission.name}" if permission_ids.include?(local_permission.id)
}
}
end
Added agent limit support.
2017-04-18 07:38:53 +00:00
def validate_agent_limit(permission)
return if !Setting.get('system_agent_limit')
return if permission.name != 'ticket.agent'
ticket_agent_role_ids = Role.joins(:permissions).where(permissions: { name: 'ticket.agent' }).pluck(:id)
ticket_agent_role_ids.push(id)
count = User.joins(:roles).where(roles: { id: ticket_agent_role_ids }, users: { active: true }).count
raise Exceptions::UnprocessableEntity, 'Agent limit exceeded, please check your account settings.' if count > Setting.get('system_agent_limit')
end
Applied rubocop Style/TrailingBlankLines.
2015-04-27 14:15:29 +00:00
end
Reference in a new issue Copy permalink