# # Defines which views and which blocks of that view are available # Each user can have different Permissions, which can be # recursive as well. # # A permission is either # - an action, which is given as a ViewName.Block.Label syntax # - a permission-name, which is resolved recursively # # Every "name" has a permission to # - view: that is, display things # - change: that is, modify the parameters # - allow: that is, add permissions to other people class Permission def self.clear @@view = {} @@parent = {} @@sessions = {} end self.clear def self.list return @@view.keys end def self.add( name, view, parent = '' ) @@view[ name.to_s ] = view.split(',') @@parent[ name.to_s ] = parent.split(',') end def self.views( permissions ) #dputs_func dputs(5){"Permissions: #{permissions.inspect}"} dputs(5){"Views: #{@@view.inspect}"} [permissions].flatten.collect{|p| ret = @@view[p.to_s] @@parent[p.to_s] and ret += @@parent[p.to_s].collect{|a| self.views(a) } if not ret ret = [] end dputs(5){"Having #{ret.inspect}"} ret }.flatten.sort.uniq end def self.session_add( session, perm ) dputs( 0 ){ "Deprecated - #{caller.inspect}" } exit # dputs( 4 ){ "Adding permission for session #{session}: #{perm}" } # @@sessions[session.to_s] = perm end def self.session_remove( session ) dputs( 0 ){ "Deprecated - #{caller.inspect}" } exit # @@sessions[session.to_s] = nil end def self.getViewParent( view ) @@view[view].to_a.collect{|c| "view:#{c}"} + @@parent[view].to_a.collect{|c| "name:#{c}"} end def self.can( session, view ) dputs( 0 ){ "Deprecated - #{caller.inspect}" } exit # If the list is not initialized, then everybody can do everything! if list.size == 0 return true end dputs( 4 ){ "@@sessions is #{@@sessions.inspect}" } permission = @@sessions[session.to_s] if not permission or permission.length == 0 permission = 'default' end self.can_view( permission, view ) end def self.can_view( permission, view ) action = view.to_s.gsub( /^View\./, '' ) dputs( 4 ){ "Does #{permission.inspect} allow to do #{action} knowing #{@@view.inspect} and #{@@parent.inspect}" } if not permission or permission.length == 0 permission = %w( default ) end permission.to_a.each{|p| perm_list = self.getViewParent( p ) dputs( 5 ){ "p is #{p} and perm_list is #{perm_list.inspect}" } perm_list.each{|pl| type, data = pl.split(':') dputs( 5 ){ "view = #{type} and data = #{data}" } case type when 'name' dputs( 5 ){ "Pushing #{self.getViewParent(data)}" } perm_list.push( *self.getViewParent( data ) ) when 'view' if data dputs( 5 ){ "Searching #{action} - #{data.tab_name} for #{data} - #{action.class}" } if action =~ /^#{data}$/ or action =~ /^#{data.tab_name}Tabs$/ dputs( 3 ){ "#{action} is allowed" } return true end end end } } dputs( 3 ){ "#{action} is NOT allowed" } return false end def self.has_role( permission, role ) permission.to_a.each{|perm| dputs(4){"Testing #{perm} on #{role}"} return true if role.to_s =~ /^#{perm}$/ @@parent[perm] and @@parent[perm].each{|par| dputs(4){"Testing parent #{par} on #{role}"} return true if par == role.to_s || self.has_role( par, role ) } } dputs(4){"Nothing found for #{permission.inspect} on #{role}"} return false end # Get session def self.get_session( data ) dputs( 0 ){ "Deprecated - #{caller.inspect}" } exit if data[0] =~ /^session_id:/ return data[0].gsub(/^session_id:/, '' ) else return nil end end # Try to find out what the permissions are, should be changed! def self.which( *data ) return '' end end