1.给各角色添加项目相关的权限

2.添加课程权限解析系统
This commit is contained in:
nwb 2014-06-06 13:56:48 +08:00
parent 388d14f075
commit 59742b9ddb
14 changed files with 186 additions and 13 deletions

View File

@ -245,6 +245,24 @@ class ApplicationController < ActionController::Base
end end
end end
def authorize_course(ctrl = params[:controller], action = params[:action], global = false)
allowed = User.current.allowed_to?({:controller => ctrl, :action => action}, @course || @course, :global => global)
if allowed
true
else
if @course && @course.archived?
render_403 :message => :notice_not_authorized_archived_project
else
deny_access
end
end
end
def authorize_course_global(ctrl = params[:controller], action = params[:action], global = true)
authorize_course(ctrl, action, global)
end
# Authorize the user for the requested action outside a project # Authorize the user for the requested action outside a project
def authorize_global(ctrl = params[:controller], action = params[:action], global = true) def authorize_global(ctrl = params[:controller], action = params[:action], global = true)
authorize(ctrl, action, global) authorize(ctrl, action, global)

View File

@ -7,8 +7,8 @@ class CoursesController < ApplicationController
menu_item l(:label_sort_by_influence), :only => :index menu_item l(:label_sort_by_influence), :only => :index
before_filter :find_course, :except => [ :index, :search,:list, :new, :create, :copy, :statistics, :new_join, :course, :enterprise_course, :course_enterprise,:view_homework_attaches] before_filter :find_course, :except => [ :index, :search,:list, :new, :create, :copy, :statistics, :new_join, :course, :enterprise_course, :course_enterprise,:view_homework_attaches]
before_filter :authorize, :only => [:show, :settings, :edit, :update, :modules, :close, :reopen, :view_homework_attaches, :course] before_filter :authorize_course, :only => [:show, :settings, :edit, :update, :modules, :close, :reopen, :view_homework_attaches, :course]
before_filter :authorize_global, :only => [:view_homework_attaches, :new,:create] before_filter :authorize_course_global, :only => [:view_homework_attaches, :new,:create]
before_filter :require_admin, :only => [:copy, :archive, :unarchive, :destroy, :calendar] before_filter :require_admin, :only => [:copy, :archive, :unarchive, :destroy, :calendar]
before_filter :toggleCourse, only: [:finishcourse, :restartcourse] before_filter :toggleCourse, only: [:finishcourse, :restartcourse]

View File

@ -50,6 +50,21 @@ module CoursesHelper
garble count garble count
end end
def eventToLanguageCourse event_type, course
case event_type
when "issue-note"
l :label_issue
when "issue"
l :label_issue
when "attachment"
l :label_attachment
when "news"
l :label_notification
else
""
end
end
def garble count def garble count
count = count.round( 1-count.to_s.size ).to_i count = count.round( 1-count.to_s.size ).to_i
return count.to_s if count.to_s.size.eql?(1) return count.to_s if count.to_s.size.eql?(1)

View File

@ -18,6 +18,7 @@
class Board < ActiveRecord::Base class Board < ActiveRecord::Base
include Redmine::SafeAttributes include Redmine::SafeAttributes
belongs_to :project belongs_to :project
belongs_to :course
has_many :topics, :class_name => 'Message', :conditions => "#{Message.table_name}.parent_id IS NULL", :order => "#{Message.table_name}.created_on DESC" has_many :topics, :class_name => 'Message', :conditions => "#{Message.table_name}.parent_id IS NULL", :order => "#{Message.table_name}.created_on DESC"
has_many :messages, :dependent => :destroy, :order => "#{Message.table_name}.created_on DESC" has_many :messages, :dependent => :destroy, :order => "#{Message.table_name}.created_on DESC"
belongs_to :last_message, :class_name => 'Message', :foreign_key => :last_message_id belongs_to :last_message, :class_name => 'Message', :foreign_key => :last_message_id

View File

@ -22,6 +22,7 @@ class Course < ActiveRecord::Base
has_many :homework_for_courses, :dependent => :destroy has_many :homework_for_courses, :dependent => :destroy
has_many :student, :through => :students_for_courses, :source => :user has_many :student, :through => :students_for_courses, :source => :user
has_many :course_infos, :class_name => 'CourseInfos',:dependent => :destroy has_many :course_infos, :class_name => 'CourseInfos',:dependent => :destroy
has_many :enabled_modules, :dependent => :delete_all
acts_as_taggable acts_as_taggable
#acts_as_nested_set :order => 'name', :dependent => :destroy #acts_as_nested_set :order => 'name', :dependent => :destroy
@ -72,11 +73,44 @@ class Course < ActiveRecord::Base
self.status == STATUS_ARCHIVED self.status == STATUS_ARCHIVED
end end
def self.visible_condition(user, options={}) def self.visible_condition(user, options={})
allowed_to_condition(user, :view_course, options) allowed_to_condition(user, :view_course, options)
end end
# 返回用户组可以访问的课程 def active?
self.status == STATUS_ACTIVE
end
#课程权限判断
def allows_to?(action)
if archived?
# No action allowed on archived projects
return false
end
unless active? || Redmine::AccessControl.read_action?(action)
# No write action allowed on closed projects
return false
end
# No action allowed on disabled modules
if action.is_a? Hash
allowed_actions.include? "#{action[:controller]}/#{action[:action]}"
else
allowed_permissions.include? action
end
end
def allowed_permissions
@allowed_permissions ||= begin
module_names = enabled_modules.all(:select => :name).collect {|m| m.name}
Redmine::AccessControl.modules_permissions(module_names).collect {|p| p.name}
end
end
def allowed_actions
@actions_allowed ||= allowed_permissions.inject([]) { |actions, permission| actions += Redmine::AccessControl.allowed_actions(permission) }.flatten
end
# 返回用户组可以访问的课程
def users_by_role def users_by_role
members.includes(:user, :roles).all.inject({}) do |h, m| members.includes(:user, :roles).all.inject({}) do |h, m|
m.roles.each do |r| m.roles.each do |r|

View File

@ -31,6 +31,10 @@ class Message < ActiveRecord::Base
:include => {:board => :project}, :include => {:board => :project},
:project_key => "#{Board.table_name}.project_id", :project_key => "#{Board.table_name}.project_id",
:date_column => "#{table_name}.created_on" :date_column => "#{table_name}.created_on"
acts_as_searchable :columns => ['subject', 'content'],
:include => {:board => :course},
:course_key => "#{Board.table_name}.course_id",
:date_column => "#{table_name}.created_at"
acts_as_event :title => Proc.new {|o| "#{o.board.name}: #{o.subject}"}, acts_as_event :title => Proc.new {|o| "#{o.board.name}: #{o.subject}"},
:description => :content, :description => :content,
:datetime => :updated_on, :datetime => :updated_on,
@ -42,6 +46,8 @@ class Message < ActiveRecord::Base
acts_as_activity_provider :find_options => {:include => [{:board => :project}, :author]}, acts_as_activity_provider :find_options => {:include => [{:board => :project}, :author]},
:author_key => :author_id :author_key => :author_id
acts_as_activity_provider :find_options => {:include => [{:board => :course}, :author]},
:author_key => :author_id
acts_as_watchable acts_as_watchable
validates_presence_of :board, :subject, :content validates_presence_of :board, :subject, :content
@ -60,6 +66,7 @@ class Message < ActiveRecord::Base
includes(:board => :project).where(Project.allowed_to_condition(args.shift || User.current, :view_messages, *args)) includes(:board => :project).where(Project.allowed_to_condition(args.shift || User.current, :view_messages, *args))
} }
safe_attributes 'subject', 'content' safe_attributes 'subject', 'content'
safe_attributes 'locked', 'sticky', 'board_id', safe_attributes 'locked', 'sticky', 'board_id',
:if => lambda {|message, user| :if => lambda {|message, user|
@ -67,7 +74,11 @@ class Message < ActiveRecord::Base
} }
def visible?(user=User.current) def visible?(user=User.current)
!user.nil? && user.allowed_to?(:view_messages, project) if project
!user.nil? && user.allowed_to?(:view_messages, project)
elsif course
!user.nil? && user.allowed_to?(:view_messages, course)
end
end end
def cannot_reply_to_locked_topic def cannot_reply_to_locked_topic
@ -87,7 +98,7 @@ class Message < ActiveRecord::Base
if parent && parent.id if parent && parent.id
Message.update_all({:last_reply_id => parent.children.maximum(:id)}, {:id => parent.id}) Message.update_all({:last_reply_id => parent.children.maximum(:id)}, {:id => parent.id})
end end
board.reset_counters! board.reset_counters!(board.id)
end end
def sticky=(arg) def sticky=(arg)
@ -102,6 +113,10 @@ class Message < ActiveRecord::Base
board.project board.project
end end
def course
board.course
end
def editable_by?(usr) def editable_by?(usr)
usr && usr.logged? && (usr.allowed_to?(:edit_messages, project) || (self.author == usr && usr.allowed_to?(:edit_own_messages, project))) usr && usr.logged? && (usr.allowed_to?(:edit_messages, project) || (self.author == usr && usr.allowed_to?(:edit_own_messages, project)))
end end

View File

@ -151,7 +151,7 @@ class Role < ActiveRecord::Base
if action.is_a? Hash if action.is_a? Hash
allowed_actions.include? "#{action[:controller]}/#{action[:action]}" allowed_actions.include? "#{action[:controller]}/#{action[:action]}"
else else
allowed_permissions.include? action allowed_permissions.include? action
end end
end end

View File

@ -655,6 +655,27 @@ class User < Principal
roles roles
end end
# 用户课程权限判断
def roles_for_course(course)
roles = []
# No role on archived courses
return roles if course.nil? || course.archived?
if logged?
# Find course membership
membership = membership(course)
if membership
roles = membership.roles
else
@role_non_member ||= Role.non_member
roles << @role_non_member
end
else
@role_anonymous ||= Role.anonymous
roles << @role_anonymous
end
roles
end
# Return true if the user is a member of project # Return true if the user is a member of project
def member_of?(project) def member_of?(project)
projects.to_a.include?(project) projects.to_a.include?(project)
@ -733,7 +754,20 @@ class User < Principal
role.allowed_to?(action) && role.allowed_to?(action) &&
(block_given? ? yield(role, self) : true) (block_given? ? yield(role, self) : true)
} }
elsif context && context.is_a?(Array) #添加课程相关的权限判断
elsif context && context.is_a?(Course)
return false unless context.allows_to?(action)
# Admin users are authorized for anything else
return true if admin?
roles = roles_for_course(context)
return false unless roles
roles.any? {|role|
(context.is_public? || role.member?) &&
role.allowed_to?(action) &&
(block_given? ? yield(role, self) : true)
}
elsif context && context.is_a?(Array)
if context.empty? if context.empty?
false false
else else

View File

@ -16,7 +16,7 @@
<table width="580px" border="0"> <table width="580px" border="0">
<tr> <tr>
<td colspan="2" valign="top"> <td colspan="2" valign="top">
<strong> <%= h(e.course) if @course.nil? || @course.id != e.course.id %></strong> <strong> <%= h(e.course) if @course.nil? || (e.course != nil && @course.id != e.course.id) %></strong>
<span class="font_lighter"> <span class="font_lighter">
<% if @canShowRealName %> <% if @canShowRealName %>
<%= link_to_user(e.event_author) if e.respond_to?(:event_author) %>(<%= link_to_user(e.event_author,@canShowRealName) if e.respond_to?(:event_author) %>) <%= link_to_user(e.event_author) if e.respond_to?(:event_author) %>(<%= link_to_user(e.event_author,@canShowRealName) if e.respond_to?(:event_author) %>)

View File

@ -1,6 +1,6 @@
<div class="user_course_list menu-div"> <div class="user_course_list menu-div">
<div class="menu"> <div class="menu">
<%= link_to "#{l(:label_course_new)}", new_course_path(course: 1, project_type: 1), class: 'icon icon-add' if @user == User.current %> <%= link_to "#{l(:label_course_new)}", new_course_path, class: 'icon icon-add' if @user == User.current %>
<ul> <ul>
<li mode='doing' class="on">进行中</li> <li mode='doing' class="on">进行中</li>
<li mode='end'>已完结</li> <li mode='end'>已完结</li>

View File

@ -0,0 +1,50 @@
# -*coding:utf-8 -*-
class AddCourseRoles < ActiveRecord::Migration
def change
# 添加课程权限
Role.all.each do |role|
if role.name == 'Non member'
role.permissions.append(:view_course )
role.permissions.append(:search_course )
elsif role.name == 'Anonymous'
role.permissions.append(:view_course )
role.permissions.append(:search_course )
elsif role.name == 'Manager'
role.permissions.append(:view_course )
role.permissions.append(:search_course )
role.permissions.append(:add_course )
role.permissions.append(:close_course )
role.permissions.append(:select_course_modules )
role.permissions.append(:edit_course )
elsif role.name =='Developer'
role.permissions.append(:view_course )
role.permissions.append(:search_course )
role.permissions.append(:add_course )
role.permissions.append(:close_course )
role.permissions.append(:select_course_modules )
role.permissions.append(:edit_course )
elsif role.name == 'Reporter'
role.permissions.append(:view_course )
role.permissions.append(:search_course )
elsif role.name == '助教'
role.permissions.append(:view_course )
role.permissions.append(:search_course )
role.permissions.append(:add_course )
role.permissions.append(:select_course_modules )
role.permissions.append(:edit_course )
elsif role.name == '老师'
role.permissions.append(:view_course )
role.permissions.append(:search_course )
role.permissions.append(:add_course )
role.permissions.append(:close_course )
role.permissions.append(:select_course_modules )
role.permissions.append(:edit_course )
elsif role.name == '学生'
role.permissions.append(:view_course )
role.permissions.append(:search_course )
end
role.save
end
end
end

View File

@ -11,7 +11,7 @@
# #
# It's strongly recommended to check this file into your version control system. # It's strongly recommended to check this file into your version control system.
ActiveRecord::Schema.define(:version => 20140606027403) do ActiveRecord::Schema.define(:version => 20140606028512) do
create_table "activities", :force => true do |t| create_table "activities", :force => true do |t|
t.integer "act_id", :null => false t.integer "act_id", :null => false

View File

@ -99,9 +99,14 @@ Redmine::AccessControl.map do |map|
map.permission :view_journals_for_messages, {:gantts => [:show, :update]}, :read => true map.permission :view_journals_for_messages, {:gantts => [:show, :update]}, :read => true
#课程权限模块 #课程权限模块
map.permission :view_course, {:courses => [:show], :activities => [:index]}, :public => true, :read => true
map.permission :search_course, {:search => :index}, :public => true, :read => true
map.permission :add_course, {:courses => [:new, :create]}, :require => :loggedin
map.permission :edit_course, {:courses => [:settings, :edit, :update]}, :require => :member
map.permission :close_course, {:courses => [:close, :reopen]}, :require => :member, :read => true
map.permission :select_course_modules, {:courses => :modules}, :require => :member
map.course_module :course do map.course_module :course do
map.permission :view_course, {:courses => [:show], :activities => [:index]}, :public => true, :read => true
map.permission :view_courses,{:courses => [:course]},:read => true
end end
map.project_module :issue_tracking do |map| map.project_module :issue_tracking do |map|

View File

@ -110,6 +110,7 @@ module Redmine
@public = options[:public] || false @public = options[:public] || false
@require = options[:require] @require = options[:require]
@read = options[:read] || false @read = options[:read] || false
@course_module = options[:course_module]
@project_module = options[:project_module] @project_module = options[:project_module]
hash.each do |controller, actions| hash.each do |controller, actions|
if actions.is_a? Array if actions.is_a? Array