Gitlink
/
forgeplus
Not watched
1
0
Fork 0
Code
Releases 16 Wiki evaluate Activity
Issues 0 Pull Requests 0 Datasets Model Cloudbrain HPC
You can not select more than 25 topics Topics must start with a chinese character,a letter or number, can include dashes ('-') and can be up to 35 characters long.
Tree: dfd4ff55a5
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'dfd4ff55a5'
${ noResults }
forgeplus/app/models/concerns/project_operable.rb

263 lines
12 kB
Raw Blame History 

  1. module ProjectOperable

  2.   extend ActiveSupport::Concern

  3. 

  4.   included do

  5.     has_many :members, dependent: :destroy

  6.     has_many :except_owner_members, -> { joins(:roles).where.not(roles: { name: 'Manager' }) }, class_name: 'Member'

  7.     has_many :managers,             -> { joins(:roles).where(roles: { name: 'Manager' }) }, class_name: 'Member'

  8.     has_many :developers,           -> { joins(:roles).where(roles: { name: 'Developer' }) }, class_name: 'Member'

  9.     has_many :reporters,            -> { joins(:roles).where(roles: { name: 'Reporter' }) }, class_name: 'Member'

  10.     has_many :writable_members,     -> { joins(:roles).where.not(roles: {name: 'Reporter'}) }, class_name: 'Member'

  11.     has_many :team_projects, dependent: :destroy

  12.     has_many :teams, through: :team_projects, source: :team

  13.   end

  14. 

  15.   def set_owner_permission(creator)

  16.     return unless owner.is_a?(Organization)

  17.     owner.build_permit_team_projects!(id)

  18.     # 避免自己创建的项目,却无法拥有访问权,因为该用户所在团队暂未获得项目访问权

  19.     return if creator.nil? || owner.is_owner?(creator.id)

  20.     add_member!(creator.id, "Manager") if creator.is_a?(User)

  21.   end

  22. 

  23.   def add_member!(user_id, role_name='Developer')

  24.     if self.owner.is_a?(Organization) 

  25.       case role_name 

  26.       when 'Manager'

  27.         # 构建相应的团队

  28.         team = self.owner.teams.admin.take

  29.         if team.nil? 

  30.           team = Team.build(self.user_id, 'admin', '管理员', '', 'admin', false, false)

  31.           gteam = $gitea_client.post_orgs_teams_by_org(self.owner.login, {body: team.to_gitea_hash.to_json}) rescue nil

  32.           team.update_attributes!({gtid: gteam["id"]}) unless gteam.nil?

  33.         end

  34. 

  35.         # 设置项目在团队中的访问权限

  36.         team_project = TeamProject.build(self.user_id, team.id, self.id)

  37.         tp_result = $gitea_client.put_teams_repos_by_id_org_repo(team.gtid, self.owner.login, self.identifier) rescue nil 

  38. 

  39.         # 新增对应的团队成员

  40.         team_user = TeamUser.build(self.user_id, user_id, team.id)

  41.         $gitea_client.put_teams_members_by_id_username(team&.gtid, team_user.user&.login) rescue nil # 新增新的

  42. 

  43.         # 确保组织成员中有该用户

  44.         OrganizationUser.build(self.user_id, user_id)

  45.       when 'Developer'

  46.         # 构建相应的团队

  47.         team = self.owner.teams.write.take

  48.         if team.nil? 

  49.           team = Team.build(self.user_id, 'developer', '开发者', '', 'write', false, false)

  50.           gteam = $gitea_client.post_orgs_teams_by_org(self.owner.login, {body: team.to_gitea_hash.to_json}) rescue nil

  51.           team.update_attributes!({gtid: gteam["id"]}) unless gteam.nil?

  52.         end

  53. 

  54.         # 设置项目在团队中的访问权限

  55.         team_project = TeamProject.build(self.user_id, team.id, self.id)

  56.         tp_result = $gitea_client.put_teams_repos_by_id_org_repo(team.gtid, self.owner.login, self.identifier) rescue nil 

  57. 

  58.         # 新增对应的团队成员

  59.         team_user = TeamUser.build(self.user_id, user_id, team.id)

  60.         $gitea_client.put_teams_members_by_id_username(team&.gtid, team_user.user&.login) rescue nil # 新增新的

  61. 

  62.         # 确保组织成员中有该用户

  63.         OrganizationUser.build(self.user_id, user_id)

  64.       when 'Reporter'

  65.         # 构建相应的团队

  66.         team = self.owner.teams.read.take

  67.         if team.nil? 

  68.           team = Team.build(self.user_id, 'reporter', '报告者', '', 'read', false, false)

  69.           gteam = $gitea_client.post_orgs_teams_by_org(self.owner.login, {body: team.to_gitea_hash.to_json}) rescue nil

  70.           team.update_attributes!({gtid: gteam["id"]}) unless gteam.nil?

  71.         end

  72. 

  73.         # 设置项目在团队中的访问权限

  74.         team_project = TeamProject.build(self.user_id, team.id, self.id)

  75.         tp_result = $gitea_client.put_teams_repos_by_id_org_repo(team.gtid, self.owner.login, self.identifier) rescue nil 

  76. 

  77.         # 新增对应的团队成员

  78.         team_user = TeamUser.build(self.user_id, user_id, team.id)

  79.         $gitea_client.put_teams_members_by_id_username(team&.gtid, team_user.user&.login) rescue nil # 新增新的

  80. 

  81.         # 确保组织成员中有该用户

  82.         OrganizationUser.build(self.user_id, user_id)

  83.       end

  84.     end

  85.     member = members.create!(user_id: user_id, team_user_id: team_user&.id)

  86.     set_developer_role(member, role_name)

  87.   end

  88. 

  89.   def remove_member!(user_id)

  90.     member = members.find_by(user_id: user_id)

  91.     member.destroy! if member && self.user_id != user_id

  92.     team_user = TeamUser.find_by_id(member&.team_user_id)

  93.     team_user.destroy! if team_user

  94.   end

  95. 

  96.   # 安装bot后的权限

  97.   def is_install_bot?(user)

  98.     user.platform == "bot" && BotInstall.joins(:bot).where(bot: { uid: user.id }).where(store_id: self.id).exists?

  99.   end

  100. 

  101.   def member?(user_id)

  102.     if owner.is_a?(User)

  103.       members.exists?(user_id: user_id) || is_install_bot?(User.find_by(id: user_id))

  104.     elsif owner.is_a?(Organization)

  105.       members.exists?(user_id: user_id) || team_projects.joins(team: :team_users).where(team_users: {user_id: user_id}).present?

  106.     else

  107.       false

  108.     end

  109.   end

  110. 

  111.   # 除了项目创建者本身

  112.   def member(user_id)

  113.     members.where.not("members.user_id = ? ", owner.id).find_by(user_id: user_id)

  114.   end

  115. 

  116.   def change_member_role!(user_id, role)

  117.     member = self.member(user_id)

  118.     # 所有者为组织,并且该用户属于组织成员

  119.     if self.owner.is_a?(Organization) && member.team_user.present?

  120.       case role&.name

  121.       when 'Manager'

  122.         # 构建相应的团队

  123.         team = self.owner.teams.admin.take

  124.         if team.nil? 

  125.           team = Team.build(self.user_id, 'admin', '管理员', '', 'admin', false, false)

  126.           gteam = $gitea_client.post_orgs_teams_by_org(self.owner.login, {body: team.to_gitea_hash.to_json}) rescue nil

  127.           team.update_attributes!({gtid: gteam["id"]}) unless gteam.nil?

  128.         end

  129. 

  130.         # 设置项目在团队中的访问权限

  131.         team_project = TeamProject.build(self.user_id, team.id, self.id)

  132.         tp_result = $gitea_client.put_teams_repos_by_id_org_repo(team.gtid, self.owner.login, self.identifier) rescue nil 

  133. 

  134.         # 更改对应的团队成员

  135.         team_user = member.team_user

  136.         $gitea_client.delete_teams_members_by_id_username(team_user.team.gtid, team_user.user&.login) rescue nil # 移除旧的

  137.         $gitea_client.put_teams_members_by_id_username(team&.gtid, team_user.user&.login) rescue nil # 新增新的

  138.         team_user.update_attributes!({team_id: team.id}) unless team.team_users.exists?(user_id: member.user_id)

  139. 

  140.         # 确保组织成员中有该用户

  141.         OrganizationUser.build(self.user_id, user_id)

  142.       when 'Developer'

  143.         # 构建相应的团队

  144.         team = self.owner.teams.write.take

  145.         if team.nil? 

  146.           team = Team.build(self.user_id, 'developer', '开发者', '', 'write', false, false)

  147.           gteam = $gitea_client.post_orgs_teams_by_org(self.owner.login, {body: team.to_gitea_hash.to_json}) rescue nil

  148.           team.update_attributes!({gtid: gteam["id"]}) unless gteam.nil?

  149.         end

  150.         # 设置项目在团队中的访问权限

  151.         team_project = TeamProject.build(self.user_id, team.id, self.id)

  152.         $gitea_client.put_teams_repos_by_id_org_repo(team.gtid, self.owner.login, self.identifier) rescue nil 

  153. 

  154.         # 更改对应的团队成员

  155.         team_user = member.team_user

  156.         $gitea_client.delete_teams_members_by_id_username(team_user.team.gtid, team_user.user&.login) rescue nil # 移除旧的

  157.         $gitea_client.put_teams_members_by_id_username(team&.gtid, team_user.user&.login) rescue nil # 新增新的

  158.         team_user.update_attributes!({team_id: team.id}) unless team.team_users.exists?(user_id: member.user_id)

  159. 

  160.         OrganizationUser.build(self.user_id, user_id)

  161.       when 'Reporter'

  162.         # 构建相应的团队

  163.         team = self.owner.teams.read.take

  164.         if team.nil? 

  165.           team = Team.build(self.user_id, 'reporter', '报告者', '', 'read', false, false)

  166.           gteam = $gitea_client.post_orgs_teams_by_org(self.owner.login, {body: team.to_gitea_hash.to_json}) rescue nil

  167.           team.update_attributes!({gtid: gteam["id"]}) unless gteam.nil?

  168.         end

  169. 

  170.         # 设置项目在团队中的访问权限

  171.         team_project = TeamProject.build(self.user_id, team.id, self.id)

  172.         tp_result = $gitea_client.put_teams_repos_by_id_org_repo(team.gtid, self.owner.login, self.identifier) rescue nil 

  173. 

  174.         # 更改对应的团队成员

  175.         team_user = member.team_user

  176.         $gitea_client.delete_teams_members_by_id_username(team_user.team.gtid, team_user.user&.login) rescue nil # 移除旧的

  177.         $gitea_client.put_teams_members_by_id_username(team&.gtid, team_user.user&.login) rescue nil # 新增新的

  178.         team_user.update_attributes!({team_id: team.id}) unless team.team_users.exists?(user_id: member.user_id)

  179. 

  180.         # 确保组织成员中有该用户

  181.         OrganizationUser.build(self.user_id, user_id)

  182.       end

  183.     end

  184.     member.member_roles.last.update_attributes!(role: role)

  185.   end

  186. 

  187.   def owner?(user)

  188.     if owner.is_a?(User)

  189.       self.owner == user

  190.     elsif owner.is_a?(Organization)

  191.       owner.is_owner?(user.id)

  192.     else

  193.       false

  194.     end

  195.   end

  196. 

  197.   # 项目管理员(包含项目拥有者),权限:仓库设置、仓库可读可写

  198.   # 增加bot用户权限,已安装bot,当前bot用户即拥有权限,权限粒度待完善

  199.   def manager?(user)

  200.     if owner.is_a?(User)

  201.       managers.exists?(user_id: user.id) || (user.platform == "bot" && BotInstall.joins(:bot).where(bot: { uid: user.id }).where(store_id: self.id).exists?)

  202.     elsif owner.is_a?(Organization)

  203.       managers.exists?(user_id: user.id) || owner.is_owner?(user.id) || (owner.is_only_admin?(user.id) && (teams.pluck(:id) & user.teams.pluck(:id)).size > 0) || (user.platform == "bot" && BotInstall.joins(:bot).where(bot: { uid: user.id }).where(store_id: self.id).exists?)

  204.     else

  205.       false

  206.     end

  207.   end

  208. 

  209.   # 项目开发者,可读可写权限

  210.   # 增加bot用户权限,已安装当前bot用户对应的bot即拥有权限,权限粒度待完善

  211.   def develper?(user)

  212.     if owner.is_a?(User)

  213.       developers.exists?(user_id: user.id) || (user.platform == "bot" && BotInstall.joins(:bot).where(bot: { uid: user.id }).where(store_id: self.id).exists?)

  214.     elsif owner.is_a?(Organization)

  215.       developers.exists?(user_id: user.id) || (owner.is_only_write?(user.id) && (teams.pluck(:id) & user.teams.pluck(:id)).size > 0) || (user.platform == "bot" && BotInstall.joins(:bot).where(bot: { uid: user.id }).where(store_id: self.id).exists?)

  216.     else

  217.       false

  218.     end

  219.   end

  220. 

  221.   # 报告者,只有可读权限

  222.   def reporter?(user)

  223.     if owner.is_a?(User)

  224.       reporters.exists?(user_id: user.id)

  225.     elsif owner.is_a?(Organization)

  226.       reporters.exists?(user_id: user.id) || owner.is_only_read?(user.id)

  227.     else

  228.       false

  229.     end

  230.   end

  231. 

  232.   def operator?(user)

  233.     user.admin? || (member?(user.id) && !reporter?(user))

  234.   end

  235. 

  236.   def set_developer_role(member, role_name)

  237.     role = Role.find_by(name: role_name)

  238.     member.member_roles.create!(role: role)

  239.   end

  240. 

  241.   def has_menu_permission(unit_type)

  242.     self.project_units.where(unit_type: unit_type).exists?

  243.   end

  244. 

  245.   def all_collaborators 

  246.     member_sql = User.joins(members: :roles).where(members: {project_id: self.id}, roles: {name: %w(Manager Developer Reporter)}).to_sql 

  247.     team_user_sql = User.joins(teams: :team_projects).where(team_projects: {project_id: self.id}).to_sql

  248.     return User.from("( #{ member_sql } UNION #{ team_user_sql } ) AS users").distinct

  249.   end

  250. 

  251.   def all_developers

  252.     member_sql = User.joins(members: :roles).where(members: {project_id: self.id}, roles: {name: %w(Manager Developer)}).to_sql 

  253.     team_user_sql = User.joins(teams: :team_projects).where(teams: {authorize: %w(owner admin write)}, team_projects: {project_id: self.id}).to_sql

  254.     return User.from("( #{ member_sql } UNION #{ team_user_sql } ) AS users").distinct

  255.   end

  256. 

  257.   def all_managers 

  258.     member_sql = User.joins(members: :roles).where(members: {project_id: self.id}, roles: {name: %w(Manager)}).to_sql 

  259.     team_user_sql = User.joins(teams: :team_projects).where(teams: {authorize: %w(owner admin)},team_projects: {project_id: self.id}).to_sql 

  260.     return User.from("( #{ member_sql} UNION #{ team_user_sql } ) AS users").distinct

  261.   end

  262. end