ChiliProject is not maintained anymore. Please be advised that there will be no more updates.

We do not recommend that you setup new ChiliProject instances and we urge all existing users to migrate their data to a maintained system, e.g. Redmine. We will provide a migration script later. In the meantime, you can use the instructions by Christian Daehn.

Permissions for Queries

Added by Chris Woerle at 2011-07-11 08:00 pm

I am still working on queries.
As a matter of fact, that a lot of code is hm... frightening though powerful,
I decided not to try to change thousands of small things on the fly.

But this one was something i thought could be done easily.

Originally the only place where permissions for queries have been used was in IssuesHelper


  def sidebar_queries
    unless @sidebar_queries
      # User can see public queries and his own queries
      visible = ARCondition.new(["is_public = ? OR user_id = ?", true, (User.current.logged? ? User.current.id : 0)])
      # Project specific queries and global queries
      visible << (@project.nil? ? ["project_id IS NULL"] : ["project_id IS NULL OR project_id = ?", @project.id])
      @sidebar_queries = Query.find(:all,
                                    :select => 'id, name, is_public',
                                    :order => "name ASC",
                                    :conditions => visible.conditions)
    end
    @sidebar_queries
  end

Instead we can do this


  #
  # This method helps to tear the permission logic out of sidebar_queries in IssuesHelper
  #
  def self.visible(project=nil)

    # User can see public queries and his own queries
    visible = ARCondition.new(["is_public = ? OR user_id = ?", true, (User.current.logged? ? User.current.id : 0)])
    # Project specific queries and global queries
    visible << (project.nil? ? ["project_id IS NULL"] : ["project_id IS NULL OR project_id = ?", project.id])
    Query.find(:all,
               :select => 'id, name, is_public',
               :order => "name ASC",
               :conditions => visible.conditions)
  end


Replies (2)

RE: Permissions for Queries - Added by Felix Schäfer at 2011-08-21 11:41 am

This seems like a good refactoring, care to post it as a pull request on github and create an issue? (see Contribute_Code for details)

RE: Permissions for Queries - Added by Chris Woerle at 2011-09-26 10:38 am

yeah, i think we have to clarify our contribution workflow internally to avoid too much loss of time.

there will follow some other things, that need to be done for query.
maybe we meet, if you are in berlin.

(1-2/2)