Merge branch 'private-permission-active2' into develop
This commit is contained in:
Martin Edenhofer
commit
3e44a2cb43
7 changed files with 80 additions and 30 deletions
|
|
@ -188,6 +188,11 @@ class App.User extends App.Model
|
||||||
# if any permission exists
|
# if any permission exists
|
||||||
return true if _.contains(keys, '*')
|
return true if _.contains(keys, '*')
|
||||||
|
|
||||||
|
# verify direct permissions
|
||||||
|
for key in keys
|
||||||
|
permission = App.Permission.findByAttribute('name', key)
|
||||||
|
return false if permission && permission.active is false
|
||||||
|
|
||||||
# get all permissions of user
|
# get all permissions of user
|
||||||
permissions = {}
|
permissions = {}
|
||||||
for role_id in @role_ids
|
for role_id in @role_ids
|
||||||
|
|
@ -195,6 +200,9 @@ class App.User extends App.Model
|
||||||
if role.active is true
|
if role.active is true
|
||||||
for permission_id in role.permission_ids
|
for permission_id in role.permission_ids
|
||||||
permission = App.Permission.findNative(permission_id)
|
permission = App.Permission.findNative(permission_id)
|
||||||
|
if !permission
|
||||||
|
throw "No such permission for id #{permission_id}"
|
||||||
|
if permission.active is true
|
||||||
permissions[permission.name] = true
|
permissions[permission.name] = true
|
||||||
|
|
||||||
for localKey in keys
|
for localKey in keys
|
||||||
|
|
|
||||||
|
|
@ -26,7 +26,7 @@ class UserAccessTokenController < ApplicationController
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
permissions = []
|
permissions = []
|
||||||
Permission.all.order(:name).each { |permission|
|
Permission.all.where(active: true).order(:name).each { |permission|
|
||||||
next if !local_permissions_new.key?(permission.name) && !current_user.permissions?(permission.name)
|
next if !local_permissions_new.key?(permission.name) && !current_user.permissions?(permission.name)
|
||||||
permission_attributes = permission.attributes
|
permission_attributes = permission.attributes
|
||||||
if local_permissions_new[permission.name] == false
|
if local_permissions_new[permission.name] == false
|
||||||
|
|
|
||||||
|
|
@ -107,7 +107,7 @@ returns
|
||||||
permission_ids.push permission.id
|
permission_ids.push permission.id
|
||||||
}
|
}
|
||||||
next if permission_ids.empty?
|
next if permission_ids.empty?
|
||||||
Role.joins(:roles_permissions).where('permissions_roles.permission_id IN (?) AND roles.active = ?', permission_ids, true).uniq().each { |role|
|
Role.joins(:roles_permissions).joins(:permissions).where('permissions_roles.permission_id IN (?) AND roles.active = ? AND permissions.active = ?', permission_ids, true, true).uniq().each { |role|
|
||||||
roles.push role
|
roles.push role
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -334,7 +334,7 @@ returns
|
||||||
|
|
||||||
def permissions
|
def permissions
|
||||||
list = {}
|
list = {}
|
||||||
Object.const_get('Permission').select('permissions.name, permissions.preferences').joins(:roles).where('roles.id IN (?)', role_ids).pluck(:name, :preferences).each { |permission|
|
Object.const_get('Permission').select('permissions.name, permissions.preferences').joins(:roles).where('roles.id IN (?) AND permissions.active = ?', role_ids, true).pluck(:name, :preferences).each { |permission|
|
||||||
next if permission[1]['selectable'] == false
|
next if permission[1]['selectable'] == false
|
||||||
list[permission[0]] = true
|
list[permission[0]] = true
|
||||||
}
|
}
|
||||||
|
|
@ -375,10 +375,12 @@ returns
|
||||||
if local_key =~ /\.\*$/
|
if local_key =~ /\.\*$/
|
||||||
local_key.sub!('.*', '.%')
|
local_key.sub!('.*', '.%')
|
||||||
permissions = Object.const_get('Permission').with_parents(local_key)
|
permissions = Object.const_get('Permission').with_parents(local_key)
|
||||||
list = Object.const_get('Permission').select('preferences').joins(:roles).where('roles.id IN (?) AND roles.active = ? AND (permissions.name IN (?) OR permissions.name LIKE ?)', role_ids, true, permissions, local_key).pluck(:preferences)
|
list = Object.const_get('Permission').select('preferences').joins(:roles).where('roles.id IN (?) AND roles.active = ? AND (permissions.name IN (?) OR permissions.name LIKE ?) AND permissions.active = ?', role_ids, true, permissions, local_key, true).pluck(:preferences)
|
||||||
else
|
else
|
||||||
|
permission = Object.const_get('Permission').lookup(name: local_key)
|
||||||
|
break if permission && permission.active == false
|
||||||
permissions = Object.const_get('Permission').with_parents(local_key)
|
permissions = Object.const_get('Permission').with_parents(local_key)
|
||||||
list = Object.const_get('Permission').select('preferences').joins(:roles).where('roles.id IN (?) AND roles.active = ? AND permissions.name IN (?)', role_ids, true, permissions).pluck(:preferences)
|
list = Object.const_get('Permission').select('preferences').joins(:roles).where('roles.id IN (?) AND roles.active = ? AND permissions.name IN (?) AND permissions.active = ?', role_ids, true, permissions, true).pluck(:preferences)
|
||||||
end
|
end
|
||||||
list.each { |preferences|
|
list.each { |preferences|
|
||||||
next if preferences[:selectable] == false
|
next if preferences[:selectable] == false
|
||||||
|
|
@ -420,7 +422,7 @@ returns
|
||||||
permission_ids.push permission.id
|
permission_ids.push permission.id
|
||||||
}
|
}
|
||||||
next if permission_ids.empty?
|
next if permission_ids.empty?
|
||||||
Role.joins(:roles_permissions).where('permissions_roles.permission_id IN (?) AND roles.active = ?', permission_ids, true).uniq().pluck(:id).each { |role_id|
|
Role.joins(:roles_permissions).joins(:permissions).where('permissions_roles.permission_id IN (?) AND roles.active = ? AND permissions.active = ?', permission_ids, true, true).uniq().pluck(:id).each { |role_id|
|
||||||
role_ids.push role_id
|
role_ids.push role_id
|
||||||
}
|
}
|
||||||
total_role_ids.push role_ids
|
total_role_ids.push role_ids
|
||||||
|
|
|
||||||
|
|
@ -109,6 +109,7 @@ class CreateBase < ActiveRecord::Migration
|
||||||
t.string :name, limit: 255, null: false
|
t.string :name, limit: 255, null: false
|
||||||
t.string :note, limit: 500, null: true
|
t.string :note, limit: 500, null: true
|
||||||
t.string :preferences, limit: 10_000, null: true
|
t.string :preferences, limit: 10_000, null: true
|
||||||
|
t.boolean :active, null: false, default: true
|
||||||
t.timestamps limit: 3, null: false
|
t.timestamps limit: 3, null: false
|
||||||
end
|
end
|
||||||
add_index :permissions, [:name], unique: true
|
add_index :permissions, [:name], unique: true
|
||||||
|
|
|
||||||
10
db/migrate/20160921000001_permission_active.rb.rb
Normal file
10
db/migrate/20160921000001_permission_active.rb.rb
Normal file
|
|
@ -0,0 +1,10 @@
|
||||||
|
class PermissionActive < ActiveRecord::Migration
|
||||||
|
def up
|
||||||
|
# return if it's a new setup
|
||||||
|
return if !Setting.find_by(name: 'system_init_done')
|
||||||
|
|
||||||
|
add_column :permissions, :active, :boolean, null: false, default: true
|
||||||
|
|
||||||
|
Cache.clear
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
@ -12,10 +12,17 @@ class PermissionTest < ActiveSupport::TestCase
|
||||||
|
|
||||||
test 'user permission' do
|
test 'user permission' do
|
||||||
|
|
||||||
Permission.create_if_not_exists(
|
permission1 = Permission.create_or_update(
|
||||||
name: 'admin.permission1',
|
name: 'admin.permission1',
|
||||||
note: 'Admin Interface',
|
note: 'Admin Interface',
|
||||||
preferences: {},
|
preferences: {},
|
||||||
|
active: true,
|
||||||
|
)
|
||||||
|
permission2 = Permission.create_or_update(
|
||||||
|
name: 'admin.permission2',
|
||||||
|
note: 'Admin Interface',
|
||||||
|
preferences: {},
|
||||||
|
active: true,
|
||||||
)
|
)
|
||||||
role_permission1 = Role.create_or_update(
|
role_permission1 = Role.create_or_update(
|
||||||
name: 'AdminPermission1',
|
name: 'AdminPermission1',
|
||||||
|
|
@ -27,6 +34,7 @@ class PermissionTest < ActiveSupport::TestCase
|
||||||
updated_by_id: 1,
|
updated_by_id: 1,
|
||||||
created_by_id: 1,
|
created_by_id: 1,
|
||||||
)
|
)
|
||||||
|
role_permission1.permission_revoke('admin')
|
||||||
role_permission1.permission_grand('admin.permission1')
|
role_permission1.permission_grand('admin.permission1')
|
||||||
user_with_permission1 = User.create_or_update(
|
user_with_permission1 = User.create_or_update(
|
||||||
login: 'setting-permission1',
|
login: 'setting-permission1',
|
||||||
|
|
@ -39,24 +47,45 @@ class PermissionTest < ActiveSupport::TestCase
|
||||||
updated_by_id: 1,
|
updated_by_id: 1,
|
||||||
created_by_id: 1,
|
created_by_id: 1,
|
||||||
)
|
)
|
||||||
|
|
||||||
assert_equal(true, user_with_permission1.permissions?('admin.permission1'))
|
assert_equal(true, user_with_permission1.permissions?('admin.permission1'))
|
||||||
assert_equal(true, user_with_permission1.permissions?('admin.*'))
|
assert_equal(true, user_with_permission1.permissions?('admin.*'))
|
||||||
assert_equal(false, user_with_permission1.permissions?('admi.*'))
|
assert_equal(false, user_with_permission1.permissions?('admi.*'))
|
||||||
assert_equal(false, user_with_permission1.permissions?('admin.permission2'))
|
assert_equal(false, user_with_permission1.permissions?('admin.permission2'))
|
||||||
assert_equal(false, user_with_permission1.permissions?('admin'))
|
assert_equal(false, user_with_permission1.permissions?('admin'))
|
||||||
|
|
||||||
|
permission1.active = false
|
||||||
|
permission1.save!
|
||||||
|
|
||||||
|
assert_equal(false, user_with_permission1.permissions?('admin.permission1'))
|
||||||
|
assert_equal(false, user_with_permission1.permissions?('admin.*'))
|
||||||
|
assert_equal(false, user_with_permission1.permissions?('admi.*'))
|
||||||
|
assert_equal(false, user_with_permission1.permissions?('admin.permission2'))
|
||||||
|
assert_equal(false, user_with_permission1.permissions?('admin'))
|
||||||
|
|
||||||
|
role_permission1.permission_grand('admin')
|
||||||
|
|
||||||
|
assert_equal(false, user_with_permission1.permissions?('admin.permission1'))
|
||||||
|
assert_equal(true, user_with_permission1.permissions?('admin.*'))
|
||||||
|
assert_equal(false, user_with_permission1.permissions?('admi.*'))
|
||||||
|
assert_equal(true, user_with_permission1.permissions?('admin.permission2'))
|
||||||
|
assert_equal(true, user_with_permission1.permissions?('admin'))
|
||||||
|
|
||||||
|
role_permission1.permission_revoke('admin')
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
||||||
test 'user permission with invalid role' do
|
test 'user permission with invalid role' do
|
||||||
|
|
||||||
Permission.create_if_not_exists(
|
permission3 = Permission.create_or_update(
|
||||||
name: 'admin.permission2',
|
name: 'admin.permission3',
|
||||||
note: 'Admin Interface',
|
note: 'Admin Interface',
|
||||||
preferences: {},
|
preferences: {},
|
||||||
|
active: true,
|
||||||
)
|
)
|
||||||
role_permission2 = Role.create_or_update(
|
role_permission3 = Role.create_or_update(
|
||||||
name: 'AdminPermission2',
|
name: 'AdminPermission2',
|
||||||
note: 'To configure your permission2.',
|
note: 'To configure your permission3.',
|
||||||
preferences: {
|
preferences: {
|
||||||
not: ['Customer'],
|
not: ['Customer'],
|
||||||
},
|
},
|
||||||
|
|
@ -65,32 +94,32 @@ class PermissionTest < ActiveSupport::TestCase
|
||||||
updated_by_id: 1,
|
updated_by_id: 1,
|
||||||
created_by_id: 1,
|
created_by_id: 1,
|
||||||
)
|
)
|
||||||
role_permission2.permission_grand('admin.permission2')
|
role_permission3.permission_grand('admin.permission3')
|
||||||
user_with_permission2 = User.create_or_update(
|
user_with_permission3 = User.create_or_update(
|
||||||
login: 'setting-permission2',
|
login: 'setting-permission3',
|
||||||
firstname: 'Setting',
|
firstname: 'Setting',
|
||||||
lastname: 'Admin Permission2',
|
lastname: 'Admin Permission2',
|
||||||
email: 'setting-admin-permission2@example.com',
|
email: 'setting-admin-permission3@example.com',
|
||||||
password: 'some_pw',
|
password: 'some_pw',
|
||||||
active: true,
|
active: true,
|
||||||
roles: [role_permission2],
|
roles: [role_permission3],
|
||||||
updated_by_id: 1,
|
updated_by_id: 1,
|
||||||
created_by_id: 1,
|
created_by_id: 1,
|
||||||
)
|
)
|
||||||
assert_equal(true, user_with_permission2.permissions?('admin.permission2'))
|
assert_equal(true, user_with_permission3.permissions?('admin.permission3'))
|
||||||
assert_equal(true, user_with_permission2.permissions?('admin.*'))
|
assert_equal(true, user_with_permission3.permissions?('admin.*'))
|
||||||
assert_equal(false, user_with_permission2.permissions?('admi.*'))
|
assert_equal(false, user_with_permission3.permissions?('admi.*'))
|
||||||
assert_equal(false, user_with_permission2.permissions?('admin.permission3'))
|
assert_equal(false, user_with_permission3.permissions?('admin.permission4'))
|
||||||
assert_equal(false, user_with_permission2.permissions?('admin'))
|
assert_equal(false, user_with_permission3.permissions?('admin'))
|
||||||
|
|
||||||
role_permission2.active = false
|
role_permission3.active = false
|
||||||
role_permission2.save
|
role_permission3.save
|
||||||
user_with_permission2.reload
|
user_with_permission3.reload
|
||||||
assert_equal(false, user_with_permission2.permissions?('admin.permission2'))
|
assert_equal(false, user_with_permission3.permissions?('admin.permission3'))
|
||||||
assert_equal(false, user_with_permission2.permissions?('admin.*'))
|
assert_equal(false, user_with_permission3.permissions?('admin.*'))
|
||||||
assert_equal(false, user_with_permission2.permissions?('admi.*'))
|
assert_equal(false, user_with_permission3.permissions?('admi.*'))
|
||||||
assert_equal(false, user_with_permission2.permissions?('admin.permission3'))
|
assert_equal(false, user_with_permission3.permissions?('admin.permission4'))
|
||||||
assert_equal(false, user_with_permission2.permissions?('admin'))
|
assert_equal(false, user_with_permission3.permissions?('admin'))
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue