trabajo-afectivo/app/models/role.rb

# Copyright (C) 2012-2014 Zammad Foundation, http://zammad-foundation.org/

class Role < ApplicationModel
  has_and_belongs_to_many :users, after_add: :cache_update, after_remove: :cache_update
  has_and_belongs_to_many :permissions, after_add: :cache_update, after_remove: :cache_update
  validates               :name,  presence: true
  store                   :preferences

  before_create  :validate_permissions
  before_update  :validate_permissions

  attributes_with_associations_support ignore: { user_ids: true }
  activity_stream_support permission: 'admin.role'
  notify_clients_support
  latest_change_support

=begin

grand permission to role

  role.permission_grand('permission.key')

=end

  def permission_grand(key)
    permission = Permission.lookup(name: key)
    raise "Invalid permission #{key}" if !permission
    return true if permission_ids.include?(permission.id)
    self.permission_ids = permission_ids.push permission.id
    true
  end

=begin

revoke permission of role

  role.permission_revoke('permission.key')

=end

  def permission_revoke(key)
    permission = Permission.lookup(name: key)
    raise "Invalid permission #{key}" if !permission
    return true if !permission_ids.include?(permission.id)
    self.permission_ids = self.permission_ids -= [permission.id]
    true
  end

=begin

get signup roles

  Role.signup_roles

returnes

  [role1, role2, ...]

=end

  def self.signup_roles
    Role.where(active: true, default_at_signup: true)
  end

=begin

get signup role ids

  Role.signup_role_ids

returnes

  [role1, role2, ...]

=end

  def self.signup_role_ids
    Role.where(active: true, default_at_signup: true).map(&:id)
  end

=begin

get all roles with permission

  roles = Role.with_permissions('admin.session')

get all roles with permission "admin.session" or "ticket.agent"

  roles = Role.with_permissions(['admin.session', 'ticket.agent'])

returns

  [user1, user2, ...]

=end

  def self.with_permissions(keys)
    if keys.class != Array
      keys = [keys]
    end
    roles = []
    permission_ids = []
    keys.each { |key|
      Object.const_get('Permission').with_parents(key).each { |local_key|
        permission = Object.const_get('Permission').lookup(name: local_key)
        next if !permission
        permission_ids.push permission.id
      }
      next if permission_ids.empty?
      Role.joins(:roles_permissions).where('permissions_roles.permission_id IN (?) AND roles.active = ?', permission_ids, true).uniq().each { |role|
        roles.push role
      }
    }
    return [] if roles.empty?
    roles
  end

  private

  def validate_permissions
    return if !self.permission_ids
    permission_ids.each { |permission_id|
      permission = Permission.lookup(id: permission_id)
      raise "Unable to find permission for id #{permission_id}" if !permission
      raise "Permission #{permission.name} is disabled" if permission.preferences[:disabled] == true
      next unless permission.preferences[:not]
      permission.preferences[:not].each { |local_permission_name|
        local_permission = Permission.lookup(name: local_permission_name)
        next if !local_permission
        raise "Permission #{permission.name} conflicts with #{local_permission.name}" if permission_ids.include?(local_permission.id)
      }
    }
  end

end
Updated header. 2014-02-03 19:23:00 +00:00			`# Copyright (C) 2012-2014 Zammad Foundation, http://zammad-foundation.org/`
Code reformattingand code layout beautying. 2013-06-12 15:59:58 +00:00
Added caching / delete of caches if user object changes. 2012-04-16 11:57:33 +00:00			`class Role < ApplicationModel`
Moved from to new permission management. 2016-08-12 16:39:09 +00:00			`has_and_belongs_to_many :users, after_add: :cache_update, after_remove: :cache_update`
			`has_and_belongs_to_many :permissions, after_add: :cache_update, after_remove: :cache_update`
			`validates :name, presence: true`
			`store :preferences`
Moved to application model assets (for all models per default). 2013-12-26 21:51:25 +00:00
Moved from to new permission management. 2016-08-12 16:39:09 +00:00			`before_create :validate_permissions`
			`before_update :validate_permissions`

Prevent user_ids lookup for role assets (not needed in frontend - Customer role will have almost any user id in it). 2016-08-19 11:02:34 +00:00			`attributes_with_associations_support ignore: { user_ids: true }`
Moved from to new permission management. 2016-08-12 16:39:09 +00:00			`activity_stream_support permission: 'admin.role'`
Added table dnd support for sort prio in overviews. 2016-03-12 00:49:51 +00:00			`notify_clients_support`
Improved cache backend. Heavy reduce of sql queries. 2015-02-25 20:52:14 +00:00			`latest_change_support`
Moved from to new permission management. 2016-08-12 16:39:09 +00:00
			`=begin`

			`grand permission to role`

			`role.permission_grand('permission.key')`

			`=end`

			`def permission_grand(key)`
			`permission = Permission.lookup(name: key)`
			`raise "Invalid permission #{key}" if !permission`
			`return true if permission_ids.include?(permission.id)`
			`self.permission_ids = permission_ids.push permission.id`
			`true`
			`end`

			`=begin`

			`revoke permission of role`

			`role.permission_revoke('permission.key')`

			`=end`

			`def permission_revoke(key)`
			`permission = Permission.lookup(name: key)`
			`raise "Invalid permission #{key}" if !permission`
			`return true if !permission_ids.include?(permission.id)`
			`self.permission_ids = self.permission_ids -= [permission.id]`
			`true`
			`end`

			`=begin`

			`get signup roles`

			`Role.signup_roles`

			`returnes`

			`[role1, role2, ...]`

			`=end`

			`def self.signup_roles`
			`Role.where(active: true, default_at_signup: true)`
			`end`

			`=begin`

			`get signup role ids`

			`Role.signup_role_ids`

			`returnes`

			`[role1, role2, ...]`

			`=end`

			`def self.signup_role_ids`
			`Role.where(active: true, default_at_signup: true).map(&:id)`
			`end`

			`=begin`

			`get all roles with permission`

			`roles = Role.with_permissions('admin.session')`

			`get all roles with permission "admin.session" or "ticket.agent"`

			`roles = Role.with_permissions(['admin.session', 'ticket.agent'])`

			`returns`

			`[user1, user2, ...]`

			`=end`

			`def self.with_permissions(keys)`
			`if keys.class != Array`
			`keys = [keys]`
			`end`
			`roles = []`
			`permission_ids = []`
			`keys.each { \|key\|`
			`Object.const_get('Permission').with_parents(key).each { \|local_key\|`
			`permission = Object.const_get('Permission').lookup(name: local_key)`
			`next if !permission`
			`permission_ids.push permission.id`
			`}`
			`next if permission_ids.empty?`
			`Role.joins(:roles_permissions).where('permissions_roles.permission_id IN (?) AND roles.active = ?', permission_ids, true).uniq().each { \|role\|`
			`roles.push role`
			`}`
			`}`
			`return [] if roles.empty?`
			`roles`
			`end`

			`private`

			`def validate_permissions`
			`return if !self.permission_ids`
			`permission_ids.each { \|permission_id\|`
			`permission = Permission.lookup(id: permission_id)`
			`raise "Unable to find permission for id #{permission_id}" if !permission`
			`raise "Permission #{permission.name} is disabled" if permission.preferences[:disabled] == true`
			`next unless permission.preferences[:not]`
			`permission.preferences[:not].each { \|local_permission_name\|`
			`local_permission = Permission.lookup(name: local_permission_name)`
			`next if !local_permission`
			`raise "Permission #{permission.name} conflicts with #{local_permission.name}" if permission_ids.include?(local_permission.id)`
			`}`
			`}`
			`end`

Applied rubocop Style/TrailingBlankLines. 2015-04-27 14:15:29 +00:00			`end`