Merge pull request #14017 from opf/replace-allowed-to-in-policies

Permission Rework [9/x]: Replace `allowed_to?` calls in policies
opf · Oct 27, 2023 · e204764 · e204764
2 parents 1ad2302 + a15ee1e
commit e204764
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 15 deletions.
diff --git a/app/policies/query_policy.rb b/app/policies/query_policy.rb
@@ -91,41 +91,49 @@ def reorder_work_packages?(query)
 
   def view_work_packages_allowed?(query)
     @view_work_packages_cache ||= Hash.new do |hash, project|
-      hash[project] = user.allowed_to?(:view_work_packages, project, global: project.nil?)
+      hash[project] = allowed_in_project_or_any_project?(:view_work_packages, project)
     end
 
     @view_work_packages_cache[query.project]
   end
 
   def edit_work_packages_allowed?(query)
     @edit_work_packages_cache ||= Hash.new do |hash, project|
-      hash[project] = user.allowed_to?(:edit_work_packages, project, global: project.nil?)
+      hash[project] = allowed_in_project_or_any_project?(:edit_work_packages, project)
     end
 
     @edit_work_packages_cache[query.project]
   end
 
   def save_queries_allowed?(query)
     @save_queries_cache ||= Hash.new do |hash, project|
-      hash[project] = user.allowed_to?(:save_queries, project, global: project.nil?)
+      hash[project] = allowed_in_project_or_any_project?(:save_queries, project)
     end
 
     @save_queries_cache[query.project]
   end
 
   def manage_public_queries_allowed?(query)
     @manage_public_queries_cache ||= Hash.new do |hash, project|
-      hash[project] = user.allowed_to?(:manage_public_queries, project, global: project.nil?)
+      hash[project] = allowed_in_project_or_any_project?(:manage_public_queries, project)
     end
 
     @manage_public_queries_cache[query.project]
   end
 
   def share_via_ical_allowed?(query)
     @share_via_ical_cache ||= Hash.new do |hash, project|
-      hash[project] = user.allowed_to?(:share_calendars, project, global: project.nil?)
+      hash[project] = allowed_in_project_or_any_project?(:share_calendars, project)
     end
 
     @share_via_ical_cache[query.project]
   end
+
+  def allowed_in_project_or_any_project?(permission, project)
+    if project
+      user.allowed_in_project?(permission, project)
+    else
+      user.allowed_in_any_project?(permission)
+    end
+  end
 end
diff --git a/app/policies/scm/authorization_policy.rb b/app/policies/scm/authorization_policy.rb
@@ -55,12 +55,12 @@ def readonly_request?(_params)
   ##
   # Returns whether the user has read access permission to the repository
   def read_access?
-    user.allowed_to?(:browse_repository, project)
+    user.allowed_in_project?(:browse_repository, project)
   end
 
   ##
   # Returns whether the user has read/write access permission to the repository
   def write_access?
-    user.allowed_to?(:commit_access, project)
+    user.allowed_in_project?(:commit_access, project)
   end
 end
diff --git a/app/policies/work_package_policy.rb b/app/policies/work_package_policy.rb
@@ -57,15 +57,15 @@ def allowed_hash(work_package)
 
   def edit_allowed?(work_package)
     @edit_cache ||= Hash.new do |hash, project|
-      hash[project] = work_package.persisted? && user.allowed_to?(:edit_work_packages, project)
+      hash[project] = work_package.persisted? && user.allowed_in_project?(:edit_work_packages, project)
     end
 
     @edit_cache[work_package.project]
   end
 
   def move_allowed?(work_package)
     @move_cache ||= Hash.new do |hash, project|
-      hash[project] = user.allowed_to?(:move_work_packages, project)
+      hash[project] = user.allowed_in_project?(:move_work_packages, project)
     end
 
     @move_cache[work_package.project]
@@ -77,15 +77,15 @@ def copy_allowed?(work_package)
 
   def delete_allowed?(work_package)
     @delete_cache ||= Hash.new do |hash, project|
-      hash[project] = user.allowed_to?(:delete_work_packages, project)
+      hash[project] = user.allowed_in_project?(:delete_work_packages, project)
     end
 
     @delete_cache[work_package.project]
   end
 
   def add_allowed?(work_package)
     @add_cache ||= Hash.new do |hash, project|
-      hash[project] = user.allowed_to?(:add_work_packages, project)
+      hash[project] = user.allowed_in_project?(:add_work_packages, project)
     end
 
     @add_cache[work_package.project]
@@ -103,24 +103,23 @@ def type_active_in_project?(work_package)
 
   def manage_subtasks_allowed?(work_package)
     @manage_subtasks_cache ||= Hash.new do |hash, project|
-      hash[project] = user.allowed_to?(:manage_subtasks, work_package.project, global: work_package.project.nil?)
+      hash[project] = user.allowed_in_project?(:manage_subtasks, project)
     end
 
     @manage_subtasks_cache[work_package.project]
   end
 
   def comment_allowed?(work_package)
     @comment_cache ||= Hash.new do |hash, project|
-      hash[project] = user.allowed_to?(:add_work_package_notes, work_package.project) ||
-                      edit_allowed?(work_package)
+      hash[project] = user.allowed_in_project?(:add_work_package_notes, project) || edit_allowed?(work_package)
     end
 
     @comment_cache[work_package.project]
   end
 
   def assign_version_allowed?(work_package)
     @assign_version_cache ||= Hash.new do |hash, project|
-      hash[project] = user.allowed_to?(:assign_versions, work_package.project)
+      hash[project] = user.allowed_in_project?(:assign_versions, project)
     end
 
     @assign_version_cache[work_package.project]