Separation of RSS/API auth actions.

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@6197 e93f8b46-1217-0410-a6f0-8f06a7374b81

app/controllers/activities_controller.rb

+# Redmine - project management software
+# Copyright (C) 2006-2011  Jean-Philippe Lang
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+
 class ActivitiesController < ApplicationController
   menu_item :activity
   before_filter :find_optional_project
-  accept_key_auth :index
+  accept_rss_auth :index
 
   def index
     @days = Setting.activity_days_default.to_i

app/controllers/application_controller.rb

       user = User.try_to_autologin(cookies[:autologin])
       session[:user_id] = user.id if user
       user
-    elsif params[:format] == 'atom' && request.get? && params[:key] && accept_key_auth_actions.include?(params[:action])
+    elsif params[:format] == 'atom' && params[:key] && request.get? && accept_rss_auth?
       # RSS key authentication does not start a session
       User.find_by_rss_key(params[:key])
-    elsif Setting.rest_api_enabled? && api_request?
-      if (key = api_key_from_request) && accept_key_auth_actions.include?(params[:action])
+    elsif Setting.rest_api_enabled? && accept_api_auth?
+      if (key = api_key_from_request)
         # Use API key
         User.find_by_api_key(key)
       else
     @title = options[:title] || Setting.app_title
     render :template => "common/feed.atom.rxml", :layout => false, :content_type => 'application/atom+xml'
   end
-
+  
+  # TODO: remove in Redmine 1.4
   def self.accept_key_auth(*actions)
-    actions = actions.flatten.map(&:to_s)
-    write_inheritable_attribute('accept_key_auth_actions', actions)
+    ActiveSupport::Deprecaction.warn "ApplicationController.accept_key_auth is deprecated and will be removed in Redmine 1.4. Use accept_rss_auth (or accept_api_auth) instead."
+    accept_rss_auth(*actions)
   end
 
+  # TODO: remove in Redmine 1.4
   def accept_key_auth_actions
-    self.class.read_inheritable_attribute('accept_key_auth_actions') || []
+    ActiveSupport::Deprecaction.warn "ApplicationController.accept_key_auth_actions is deprecated and will be removed in Redmine 1.4. Use accept_rss_auth (or accept_api_auth) instead."
+    self.class.accept_rss_auth
+  end
+  
+  def self.accept_rss_auth(*actions)
+    if actions.any?
+      write_inheritable_attribute('accept_rss_auth_actions', actions)
+    else
+      read_inheritable_attribute('accept_rss_auth_actions') || []
+    end
+  end
+  
+  def accept_rss_auth?(action=action_name)
+    self.class.accept_rss_auth.include?(action.to_sym)
+  end
+  
+  def self.accept_api_auth(*actions)
+    if actions.any?
+      write_inheritable_attribute('accept_api_auth_actions', actions)
+    else
+      read_inheritable_attribute('accept_api_auth_actions') || []
+    end
+  end
+  
+  def accept_api_auth?(action=action_name)
+    self.class.accept_api_auth.include?(action.to_sym)
   end
 
   # Returns the number of objects that should be displayed

app/controllers/boards_controller.rb

-# redMine - project management software
-# Copyright (C) 2006-2007  Jean-Philippe Lang
+# Redmine - project management software
+# Copyright (C) 2006-2011  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 class BoardsController < ApplicationController
   default_search_scope :messages
   before_filter :find_project, :find_board_if_available, :authorize
-  accept_key_auth :index, :show
+  accept_rss_auth :index, :show
 
   helper :messages
   include MessagesHelper

app/controllers/issue_relations_controller.rb

   before_filter :find_issue, :find_project_from_association, :authorize, :only => [:index, :create]
   before_filter :find_relation, :except => [:index, :create]
   
-  accept_key_auth :index, :show, :create, :destroy
+  accept_api_auth :index, :show, :create, :destroy
   
   def index
     @relations = @issue.relations

app/controllers/issues_controller.rb

   before_filter :find_optional_project, :only => [:index]
   before_filter :check_for_default_issue_status, :only => [:new, :create]
   before_filter :build_new_issue_from_params, :only => [:new, :create]
-  accept_key_auth :index, :show, :create, :update, :destroy
+  accept_rss_auth :index, :show
+  accept_api_auth :index, :show, :create, :update, :destroy
 
   rescue_from Query::StatementInvalid, :with => :query_statement_invalid
 

app/controllers/journals_controller.rb

   before_filter :find_issue, :only => [:new]
   before_filter :find_optional_project, :only => [:index]
   before_filter :authorize, :only => [:new, :edit, :diff]
-  accept_key_auth :index
+  accept_rss_auth :index
   menu_item :issues
   
   helper :issues

app/controllers/news_controller.rb

   before_filter :find_project, :only => [:new, :create]
   before_filter :authorize, :except => [:index]
   before_filter :find_optional_project, :only => :index
-  accept_key_auth :index
+  accept_rss_auth :index
+  accept_api_auth :index
   
   helper :watchers
   

app/controllers/projects_controller.rb

   before_filter :authorize, :except => [ :index, :list, :new, :create, :copy, :archive, :unarchive, :destroy]
   before_filter :authorize_global, :only => [:new, :create]
   before_filter :require_admin, :only => [ :copy, :archive, :unarchive, :destroy ]
-  accept_key_auth :index, :show, :create, :update, :destroy
+  accept_rss_auth :index
+  accept_api_auth :index, :show, :create, :update, :destroy
 
   after_filter :only => [:create, :edit, :update, :archive, :unarchive, :destroy] do |controller|
     if controller.request.post?

app/controllers/queries_controller.rb

   before_filter :find_query, :except => [:new, :index]
   before_filter :find_optional_project, :only => :new
   
-  accept_key_auth :index
+  accept_api_auth :index
   
   def index
     case params[:format]

app/controllers/repositories_controller.rb

   before_filter :find_repository, :except => :edit
   before_filter :find_project, :only => :edit
   before_filter :authorize
-  accept_key_auth :revisions
+  accept_rss_auth :revisions
 
   rescue_from Redmine::Scm::Adapters::CommandFailed, :with => :show_error_command_failed
 

app/controllers/timelog_controller.rb

 # Redmine - project management software
-# Copyright (C) 2006-2010  Jean-Philippe Lang
+# Copyright (C) 2006-2011  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
   before_filter :find_time_entries, :only => [:bulk_edit, :bulk_update, :destroy]
   before_filter :authorize, :except => [:index]
   before_filter :find_optional_project, :only => [:index]
-  accept_key_auth :index, :show, :create, :update, :destroy
+  accept_rss_auth :index
+  accept_api_auth :index, :show, :create, :update, :destroy
   
   helper :sort
   include SortHelper

app/controllers/users_controller.rb

   
   before_filter :require_admin, :except => :show
   before_filter :find_user, :only => [:show, :edit, :update, :destroy, :edit_membership, :destroy_membership]
-  accept_key_auth :index, :show, :create, :update, :destroy
+  accept_api_auth :index, :show, :create, :update, :destroy
 
   helper :sort
   include SortHelper

app/controllers/versions_controller.rb

   before_filter :find_project, :only => [:index, :new, :create, :close_completed]
   before_filter :authorize
 
-  accept_key_auth :index, :create, :update, :destroy
+  accept_api_auth :index, :create, :update, :destroy
   
   helper :custom_fields
   helper :projects