- rename plugin

- update readme
- bump version
- fix issue module name in init.rb

README.rdoc

@@ -0,0 +1,6 @@
+= issue_custom_fields_rights
+
+TODO:
+1. fix many queries problems
+2. fix some hacky solutions
+3. validate params to protect from manual user injection (not by rendered form)

app/models/custom_fields_right.rb

@@ -0,0 +1,7 @@
+class CustomFieldsRight < ActiveRecord::Base
+  unloadable
+  belongs_to :role
+  belongs_to :issue_custom_field, inverse_of: :custom_fields_rights
+
+  validates_presence_of :role_id, :rights, :issue_custom_field
+end

app/views/custom_fields/_form_edit.html.erb

@@ -0,0 +1,17 @@
+<%= form.fields_for :custom_fields_rights do |field| %>
+  <%= field.hidden_field :role_id %>
+  <tr>
+    <td>
+      <%= field.object.role %>
+    </td>
+    <td>
+      <%= field.radio_button :rights, '1', checked: (field.object.rights == 1) %>
+    </td>
+    <td>
+      <%= field.radio_button :rights, '2', checked: (field.object.rights == 2) %>
+    </td>
+    <td>
+      <%= field.radio_button :rights, '0' %>
+    </td>
+  </tr>
+<% end %>

app/views/custom_fields/_form_new.html.erb

@@ -0,0 +1,19 @@
+<% Role.givable.each do |role| %>
+  <%= form.fields_for :custom_fields_rights, custom_field.custom_fields_rights.build(role: role) do |field| %>
+    <%= field.hidden_field :role_id %>
+    <tr>
+      <td>
+        <%= field.object.role %>
+      </td>
+      <td>
+        <%= field.radio_button :rights, '1', checked: (field.object.rights == 1) %>
+      </td>
+      <td>
+        <%= field.radio_button :rights, '2', checked: (field.object.rights == 2) %>
+      </td>
+      <td>
+        <%= field.radio_button :rights, '0' %>
+      </td>
+    </tr>
+  <% end %>
+<% end %>

app/views/custom_fields/_role_access.html.erb

@@ -0,0 +1,15 @@
+<p>
+  <table>
+    <tr>
+      <td><%= l(:role) %></td>
+      <td><%= l(:read) %></td>
+      <td><%= l(:write) %></td>
+      <td><%= l(:denied) %></td>
+    </tr>
+    <% if params[:action] == 'new' || params[:action] == 'create' %>
+      <%= render partial: 'form_new', locals: { form: form, custom_field: custom_field } %>
+    <% elsif params[:action] == 'edit' || params[:action] == 'update' %>
+      <%= render partial: 'form_edit', locals: { form: form, custom_field: custom_field } %>
+    <% end %>
+  </table>
+</p>

config/locales/en.yml

@@ -0,0 +1,3 @@
+# English strings go here for Rails i18n
+en:
+  my_label: "My label"

config/locales/ru.yml

@@ -0,0 +1,7 @@
+ru:
+  field_custom_fields_read_rights: "Могут читать поле:"
+  field_custom_fields_write_rights: "Могут изменять поле:"
+  role: 'Роль'
+  read: "Чтение"
+  write: "Изменение"
+  denied: "Нет доступа"

config/routes.rb

@@ -0,0 +1,2 @@
+# Plugin's routes
+# See: http://guides.rubyonrails.org/routing.html

db/migrate/010_create_custom_fields_rights.rb

@@ -0,0 +1,17 @@
+class CreateCustomFieldsRights < ActiveRecord::Migration
+  def change
+    create_table :custom_fields_rights do |t|
+      t.references :role
+      t.references :issue_custom_field
+      t.integer :rights, default: 0
+    end
+    # Add denied rights for all roles for all issue custom fields.
+    say_with_time 'Add denied rights for all roles for all IssueCustomField.' do
+      Role.givable.each do |role|
+        IssueCustomField.all.each do |cf|
+          cf.custom_fields_rights.create(role: role, rights: 0)
+        end
+      end
+    end
+  end
+end

init.rb

@@ -0,0 +1,30 @@
+require 'redmine'
+
+Rails.configuration.to_prepare do
+  require 'issue_custom_field_patch'
+  IssueCustomField.send :include, IssueCustomFieldPatch
+  require 'role_patch'
+  Role.send             :include, RolePatch
+  require 'custom_fields_controller_patch'
+  CustomFieldsController.send :include, CustomFieldsControllerPatch
+  require 'user_patch'
+  User.send             :include, UserPatch
+  require 'issues_helper_patch'
+  IssuesHelper.send     :include, IssuesHelperPatch
+  require 'issue_patch'
+  Issue.send     :include, IssuePatch
+end
+
+class ViewsHooks < Redmine::Hook::ViewListener
+  render_on :view_custom_fields_form_issue_custom_field, :partial => "custom_fields/role_access"
+end
+
+
+Redmine::Plugin.register :issue_custom_fields_rights do
+  name 'Issue custom fields rights plugin'
+  author 'Alexandr Elhovenko'
+  description 'Add read/write access settings for each role for each issue custom field.'
+  version '0.1.0'
+  url 'http://example.com/path/to/plugin'
+  author_url '[email protected]'
+end

lib/custom_fields_controller_patch.rb

@@ -0,0 +1,18 @@
+module CustomFieldsControllerPatch
+  module ClassMethods
+
+  end
+
+  module InstanceMethods
+
+  end
+
+  def self.included(receiver)
+    receiver.extend         ClassMethods
+    receiver.send :include, InstanceMethods
+
+    receiver.class_eval do
+      unloadable
+    end
+  end
+end

lib/issue_custom_field_patch.rb

@@ -0,0 +1,50 @@
+require_dependency 'issue_custom_field'
+
+module IssueCustomFieldPatch
+  def self.included(base)
+    base.extend         ClassMethods
+    base.send :include, InstanceMethods
+
+    base.class_eval do
+      unloadable
+      has_many :custom_fields_rights, inverse_of: :issue_custom_field, dependent: :destroy
+      accepts_nested_attributes_for :custom_fields_rights
+    end
+  end
+
+  module ClassMethods
+
+  end
+
+  module InstanceMethods
+    def allows_to?(action, role = nil)
+      if role # If allows this action for role.
+        return false unless allows_to?(action)
+        rights = custom_fields_rights.where(role_id: role.id)
+        if rights.present?
+          rights = rights.first.rights
+          permited_actions = []
+          permited_actions << :read if rights > 0
+          permited_actions << :write if rights > 1
+          if action.is_a?(Symbol)
+            permited_actions.include?(action)
+          elsif action.is_a?(Array)
+            action.map { |action| permited_actions.include?(action) }.reduce(:&)
+          else
+            false
+          end
+        else
+          false
+        end
+      else # If allows this action at least for some role.
+        if action.is_a?(Array)
+          action.map { |action| allows_to?(action) }.reduce(:&)
+        elsif action.is_a?(Symbol)
+          [:read, :write].include?(action)
+        else
+          false
+        end
+      end
+    end
+  end
+end

lib/issue_patch.rb

@@ -0,0 +1,29 @@
+module IssuePatch
+  module ClassMethods
+
+  end
+
+  module InstanceMethods
+    def editable_custom_field_values_with_custom_fields_rights(user=nil)
+      editable_custom_field_values_without_custom_fields_rights(user).select do |value|
+        if value.custom_field.type == 'IssueCustomField'
+          user ||= User.current
+          user.allowed_to?(:write, [value.custom_field, project])
+        else
+          true
+        end
+      end
+    end
+  end
+
+  def self.included(receiver)
+    receiver.extend         ClassMethods
+    receiver.send :include, InstanceMethods
+
+    receiver.class_eval do
+      unloadable
+
+      alias_method_chain :editable_custom_field_values, :custom_fields_rights
+    end
+  end
+end

lib/issues_helper_patch.rb

@@ -0,0 +1,38 @@
+module IssuesHelperPatch
+  module ClassMethods
+
+  end
+
+  module InstanceMethods
+  end
+
+  def self.included(receiver)
+    receiver.extend         ClassMethods
+    receiver.send :include, InstanceMethods
+
+    receiver.class_eval do
+      unloadable
+
+      def render_custom_fields_rows(issue)
+        custom_field_values = issue.custom_field_values
+        custom_field_values.select! { |f| User.current.allowed_to?(:read, [f.custom_field, issue.project]) }
+        return if issue.custom_field_values.empty?
+        ordered_values = []
+        half = (issue.custom_field_values.size / 2.0).ceil
+        half.times do |i|
+          ordered_values << issue.custom_field_values[i]
+          ordered_values << issue.custom_field_values[i + half]
+        end
+        s = "<tr>\n"
+        n = 0
+        ordered_values.compact.each do |value|
+          s << "</tr>\n<tr>\n" if n > 0 && (n % 2) == 0
+          s << "\t<th>#{ h(value.custom_field.name) }:</th><td>#{ simple_format_without_paragraph(h(show_value(value))) }</td>\n"
+          n += 1
+        end
+        s << "</tr>\n"
+        s.html_safe
+      end
+    end
+  end
+end

lib/role_patch.rb

@@ -0,0 +1,26 @@
+module RolePatch
+  module ClassMethods
+
+  end
+
+  module InstanceMethods
+
+  private
+    def update_custom_fields_rights
+      IssueCustomField.all.each do |cf|
+        custom_fields_rights.create(issue_custom_field: cf)
+      end
+    end
+  end
+
+  def self.included(receiver)
+    receiver.extend         ClassMethods
+    receiver.send :include, InstanceMethods
+
+    receiver.class_eval do
+      unloadable
+      has_many :custom_fields_rights, dependent: :destroy
+      after_create :update_custom_fields_rights
+    end
+  end
+end

lib/user_patch.rb

@@ -0,0 +1,36 @@
+module UserPatch
+  module ClassMethods
+
+  end
+
+  module InstanceMethods
+    def allowed_to_with_issue_custom_field?(action, context, options={}, &block)
+      if context && context.is_a?(Array) && context.size == 2 && context.first.is_a?(IssueCustomField) && context.last.is_a?(Project)
+        custom_field = context.first
+        project = context.last
+        return false unless custom_field.allows_to?(action)
+        # Admin users are authorized for anything else
+        return true if admin?
+
+        roles = roles_for_project(project)
+        return false unless roles
+        roles.any? do |role|
+          custom_field.allows_to?(action, role)
+        end
+      else
+        allowed_to_without_issue_custom_field?(action, context, options, &block)
+      end
+    end
+  end
+
+  def self.included(receiver)
+    receiver.extend         ClassMethods
+    receiver.send :include, InstanceMethods
+
+    receiver.class_eval do
+      unloadable
+
+      alias_method_chain :allowed_to?, :issue_custom_field
+    end
+  end
+end

test/test_helper.rb

@@ -0,0 +1,2 @@
+# Load the Redmine helper
+require File.expand_path(File.dirname(__FILE__) + '/../../../test/test_helper')

test/unit/custom_fields_rights_test.rb

@@ -0,0 +1,9 @@
+require File.expand_path('../../test_helper', __FILE__)
+
+class CustomFieldsRightsTest < ActiveSupport::TestCase
+
+  # Replace this with your real tests.
+  def test_truth
+    assert true
+  end
+end