def check_if_login_required
# no check needed if user is already logged in
return true if User.current.logged?
+
require_login if Setting.login_required?
end
def require_admin
return unless require_login
+
if !User.current.admin?
render_403
return false
# if the issue actually exists but requires authentication
@issue = Issue.find(params[:id])
raise Unauthorized unless @issue.visible?
+
@project = @issue.project
rescue ActiveRecord::RecordNotFound
render_404
to_a
raise ActiveRecord::RecordNotFound if @issues.empty?
raise Unauthorized unless @issues.all?(&:visible?)
+
@projects = @issues.collect(&:project).compact.uniq
@project = @projects.first if @projects.size == 1
rescue ActiveRecord::RecordNotFound
if uri.send(component).present? && uri.send(component) != request.send(component)
return false
end
+
uri.send(:"#{component}=", nil)
end
# Always ignore basic user:password in the URL
# but have no HTML representation for non admin users
def require_admin_or_api_request
return true if api_request?
+
if User.current.admin?
true
elsif User.current.logged?
projects / redmine.git / commitdiff