Compare commits

..

31 Commits

Author SHA1 Message Date
ricky a34b6a07fc fixed typos 2017-03-23 05:56:26 -04:00
ricky 2ce811bbbf Update auth_helper.rb 2017-03-23 05:50:31 -04:00
ricky 02153de8b0 Added before filters add_customer, view_customer 2017-03-23 05:47:37 -04:00
ricky 68be20459b Added global_check_permission 2017-03-23 05:45:45 -04:00
ricky bbd03cc337 Update init.rb 2017-03-23 05:42:54 -04:00
ricky 4fc71a93f2 Update init.rb 2017-03-23 05:42:09 -04:00
ricky 8e7e1908e4 Update customers_controller.rb 2017-03-23 05:39:55 -04:00
ricky 89fba883ef Update customers_controller.rb 2017-03-23 05:38:06 -04:00
ricky 15f317fba1 Update customers_controller.rb 2017-03-23 05:36:51 -04:00
ricky 894ee9abfd added check_permission 2017-03-23 05:33:58 -04:00
ricky ca17807117 Update payments_controller.rb 2017-03-23 05:29:54 -04:00
ricky a70ba2f164 Update payments_controller.rb 2017-03-23 05:27:38 -04:00
ricky 78ac97298c Update payments_controller.rb 2017-03-23 05:25:57 -04:00
ricky 72cd349c1b Update payments_controller.rb 2017-03-23 05:23:44 -04:00
ricky 6fc1d27dca Update auth_helper.rb 2017-03-23 05:21:56 -04:00
ricky 525c6b99d6 Update auth_helper.rb 2017-03-23 05:19:13 -04:00
ricky 3eaff0ab30 Update auth_helper.rb 2017-03-23 05:14:47 -04:00
ricky 85b40bc9cf Update payments_controller.rb 2017-03-23 05:11:15 -04:00
ricky 37a2b95447 Update payments_controller.rb 2017-03-23 05:10:05 -04:00
ricky 33feb91713 added permission_checker 2017-03-23 05:08:33 -04:00
ricky f7357f30ce Update payments_controller.rb 2017-03-23 05:03:58 -04:00
ricky c0ae01018b Update payments_controller.rb 2017-03-23 05:01:01 -04:00
ricky 4353e910c8 Update payments_controller.rb 2017-03-23 04:57:22 -04:00
ricky bef9774c4e Update payments_controller.rb 2017-03-23 04:52:19 -04:00
ricky 863437b1b7 Added before filter to check permissions 2017-03-23 04:50:17 -04:00
ricky 7cfa15910a Update init.rb 2017-03-23 04:41:31 -04:00
ricky 2154a3d001 Update init.rb 2017-03-22 23:09:05 -04:00
ricky fdab090a3d Update init.rb 2017-03-22 23:06:12 -04:00
ricky 3f32b7fef1 Update init.rb 2017-03-22 22:53:21 -04:00
ricky 14422bc549 Update init.rb 2017-03-22 22:52:24 -04:00
ricky 6bb66597e8 Added some permissions
view_customers, add_customers, view_payments, add_payments
2017-03-22 22:44:09 -04:00
4 changed files with 64 additions and 12 deletions
+10 -1
View File
@@ -27,7 +27,8 @@ class CustomersController < ApplicationController
include SortHelper
helper :timelog
before_filter :require_user, :except => :view
before_filter :add_customer, :only => :new
before_filter :view_customer, :except => :new
skip_before_filter :verify_authenticity_token, :check_if_login_required, :only => [:view]
default_search_scope :names
@@ -144,6 +145,14 @@ class CustomersController < ApplicationController
private
def add_customer
global_check_permission(:add_customers)
end
def view_customer
global_check_permission(:view_customers)
end
def only_one_non_zero?( array )
found_non_zero = false
array.each do |val|
+8 -2
View File
@@ -12,7 +12,7 @@ class PaymentsController < ApplicationController
include AuthHelper
before_filter :require_user
before_filter :check_permissions
def new
@payment = Payment.new
@@ -32,11 +32,17 @@ class PaymentsController < ApplicationController
else
flash[:error] = @payment.errors.full_messages.to_sentence
redirect_to new_customer_path
end
end
end
private
def check_permissions
if !allowed_to?(:add_payments)
render :file => "public/401.html.erb", :status => :unauthorized, :layout =>true
end
end
def only_one_non_zero?( array )
found_non_zero = false
array.each do |val|
+34
View File
@@ -16,4 +16,38 @@ module AuthHelper
render :file => "public/401.html.erb", :status => :unauthorized, :layout =>true
end
end
def allowed_to?(action)
return false if User.current.nil?
project = Project.find(params[:project_id])
return false if project.nil?
return true if User.current.allowed_to?(action, project)
false
end
def check_permission(permission)
if !allowed_to?(permission)
render :file => "public/401.html.erb", :status => :unauthorized, :layout =>true
end
end
def global_check_permission(permission)
if !globaly_allowed_to?(permission)
render :file => "public/401.html.erb", :status => :unauthorized, :layout =>true
end
end
def globaly_allowed_to?( action)
return false if User.current.nil?
projects = Project.all
projects.each { |p|
if User.current.allowed_to?(action, p)
return true
end
}
false
end
end
+10 -7
View File
@@ -48,17 +48,20 @@ Redmine::Plugin.register :redmine_qbo do
# set per_page globally
WillPaginate.per_page = 10
permission :view_customers, :customers => :index, :public => false
permission :add_customers, :customers => :new, :public => false
permission :view_payments, :payments => :index, :public => false
permission :add_payments, :payments => :new, :public => false
permission :view_vehicles, :payments => :new, :public => false
# Register QBO top menu item
#menu :top_menu, :qbo, { :controller => :qbo, :action => :index }, :caption => 'Quickbooks', :if => Proc.new { User.current.admin? }
menu :top_menu, :customers, { :controller => :customers, :action => :index }, :caption => 'Customers', :if => Proc.new { User.current.logged? }
menu :top_menu, :vehicles, { :controller => :vehicles, :action => :index }, :caption => 'Vehicles', :if => Proc.new { User.current.logged? }
menu :top_menu, :customers, { :controller => :customers, :action => :index }, :caption => 'Customers', :if => Proc.new {User.current.logged?}
menu :top_menu, :vehicles, { :controller => :vehicles, :action => :index }, :caption => 'Vehicles', :if => Proc.new { User.current.allowed_to?(:view_vehicles, @project) }
menu :application_menu, :new_customer, { :controller => :customers, :action => :new }, :caption => 'New Customer', :if => Proc.new { User.current.logged? }
menu :application_menu, :new_payment, { :controller => :payments, :action => :new }, :caption => 'New Payment', :if => Proc.new { User.current.logged? }
menu :application_menu, :new_customer, { :controller => :customers, :action => :new }, :caption => 'New Customer', :if => Proc.new { User.current.allowed_to?(:add_customers, @project) }
menu :application_menu, :new_payment, { :controller => :payments, :action => :new }, :caption => 'New Payment', :if => Proc.new { User.current.allowed_to?(:add_payments, @project)}
permission :customers, { :customers => [:index, :new] }, :public => false
menu :project_menu, :customers, { :controller => 'customers', :action => 'new' }, :caption => 'New Customer', :after => :new_issue, :param => :project_id
permission :payments, { :payments => [:index, :new] }, :public => false
menu :project_menu, :payments, { :controller => 'payments', :action => 'new' }, :caption => 'New Payment', :after => :customers, :param => :project_id
end