# SPDX-License-Identifier: Apache-2.0 # Copyright (C) 2021 OKTET Labs Ltd. All rights reserved. # # Class Policy for Diary Management Application. # require_relative 'ldap_record' #require_relative 'project' require_relative 'diary_env' require_relative 'diary_datamapper' # Policy for full employees class EmployeePolicy def initialize(user) @user = user end def customer_list Organization.all.sort end def project_list Project.where("1").sort end def engineer_list Person.find_by_org(DiaryEnv::HOME_ORGANIZATION).sort end # Check whether current user can edit entries for user {who} # in project {prj} def can_edit?(prj, who) @user == who or @user == self.is_director? or (prj != nil and (@user.uid == prj["leader"] or @user.uid == prj["manager"])) end # Check whether current user needs confirmations when editing things in # the past def needs_confirmation?(prj, who) not (self.is_director? or (prj != nil and (@user.uid == prj["leader"] or @user.uid == prj["manager"]))) end def can_approve?(prj, who) prj.approvals[who.uid] == @user.uid end def can_account?(prj) true end def can_edit_project?(prj = nil) true end def is_director? DiaryEnv.director.include?(@user) end def can_edit_approval?(prj) #@user.director? or @user.uid == prj["leader"] true end def restriction [] end end # Policy for customers and contractors class CustomerPolicy def initialize(user) @user = user @extra_prj = nil end def extra_project_list return @extra_prj if @extra_prj @extra_prj = Array.new Project.where("extra_rights IS NOT NULL").each do |prj| if not Person.find_by_filter("(&(uid=#{@user.uid})#{prj["extra_rights"]})").empty? @extra_prj.push(prj) end end @extra_prj end def customer_list ([@user.organization] + extra_project_list.collect {|prj| prj.customer }).uniq.sort end def project_list (Project.where("customer=? AND extra_rights IS NULL", @user.organization.uid) + extra_project_list).uniq.sort end def engineer_list return [@user] if @user.local? # For contractors engs = Person.find_by_org(DiaryEnv::HOME_ORGANIZATION) if @user.customer? engs_active = Array.new DataMapper.database.select_all("SELECT DISTINCT who " + "FROM diary INNER JOIN project " + "ON diary.prj_id = project.id " + "WHERE project.id IN " + "(#{project_list.collect {"?"}.join(",")})", *(project_list.collect { |prj| prj.id }) ) do |row| engs_active.push(row["who"]) end engs.delete_if { |x| not engs_active.include?(x.uid) } end engs.sort end def can_account?(prj) not prj["hide_hrs"] end def can_edit?(prj, who) @user.local? ? who == @user : false end def needs_confirmation?(prj, who) return true end def can_approve?(prj, who) false end def can_edit_project?(prj = nil) false end def can_edit_approval?(prj) false end def is_director? false end def restriction @user.local? ? [:project, :engineer] : [:project] end end