git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@6186 e93f8b46-1217-0410-a6f0-8f06a7374b81tags/1.3.0
@@ -1,5 +1,5 @@ | |||
# redMine - project management software | |||
# Copyright (C) 2006-2007 Jean-Philippe Lang | |||
# Redmine - project management software | |||
# Copyright (C) 2006-2011 Jean-Philippe Lang | |||
# | |||
# This program is free software; you can redistribute it and/or | |||
# modify it under the terms of the GNU General Public License | |||
@@ -17,9 +17,29 @@ | |||
class QueriesController < ApplicationController | |||
menu_item :issues | |||
before_filter :find_query, :except => :new | |||
before_filter :find_query, :except => [:new, :index] | |||
before_filter :find_optional_project, :only => :new | |||
accept_key_auth :index | |||
def index | |||
case params[:format] | |||
when 'xml', 'json' | |||
@offset, @limit = api_offset_and_limit | |||
else | |||
@limit = per_page_option | |||
end | |||
@query_count = Query.visible.count | |||
@query_pages = Paginator.new self, @query_count, @limit, params['page'] | |||
@queries = Query.visible.all(:limit => @limit, :offset => @offset, :order => "#{Query.table_name}.name") | |||
respond_to do |format| | |||
format.html { render :nothing => true } | |||
format.api | |||
end | |||
end | |||
def new | |||
@query = Query.new(params[:query]) | |||
@query.project = params[:query_is_for_all] ? nil : @project |
@@ -146,6 +146,16 @@ class Query < ActiveRecord::Base | |||
] | |||
cattr_reader :available_columns | |||
named_scope :visible, lambda {|*args| | |||
user = args.shift || User.current | |||
base = Project.allowed_to_condition(user, :view_issues, *args) | |||
user_id = user.logged? ? user.id : 0 | |||
{ | |||
:conditions => ["(#{table_name}.project_id IS NULL OR (#{base})) AND (#{table_name}.is_public = ? OR #{table_name}.user_id = ?)", true, user_id], | |||
:include => :project | |||
} | |||
} | |||
def initialize(attributes = nil) | |||
super attributes | |||
self.filters ||= { 'status_id' => {:operator => "o", :values => [""]} } | |||
@@ -168,7 +178,7 @@ class Query < ActiveRecord::Base | |||
# Returns true if the query is visible to +user+ or the current user. | |||
def visible?(user=User.current) | |||
self.is_public? || self.user_id == user.id | |||
(project.nil? || user.allowed_to?(:view_issues, project)) && (self.is_public? || self.user_id == user.id) | |||
end | |||
def editable_by?(user) |
@@ -0,0 +1,10 @@ | |||
api.array :queries, api_meta(:total_count => @query_count, :offset => @offset, :limit => @limit) do | |||
@queries.each do |query| | |||
api.query do | |||
api.id query.id | |||
api.name query.name | |||
api.is_public query.is_public | |||
api.project_id query.project_id | |||
end | |||
end | |||
end |
@@ -77,6 +77,7 @@ ActionController::Routing::Routes.draw do |map| | |||
end | |||
map.resources :issue_moves, :only => [:new, :create], :path_prefix => '/issues', :as => 'move' | |||
map.resources :queries, :only => [:index] | |||
# Misc issue routes. TODO: move into resources | |||
map.auto_complete_issues '/issues/auto_complete', :controller => 'auto_completes', :action => 'issues' |
@@ -0,0 +1,55 @@ | |||
# Redmine - project management software | |||
# Copyright (C) 2006-2011 Jean-Philippe Lang | |||
# | |||
# This program is free software; you can redistribute it and/or | |||
# modify it under the terms of the GNU General Public License | |||
# as published by the Free Software Foundation; either version 2 | |||
# of the License, or (at your option) any later version. | |||
# | |||
# This program is distributed in the hope that it will be useful, | |||
# but WITHOUT ANY WARRANTY; without even the implied warranty of | |||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |||
# GNU General Public License for more details. | |||
# | |||
# You should have received a copy of the GNU General Public License | |||
# along with this program; if not, write to the Free Software | |||
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. | |||
require File.expand_path('../../../test_helper', __FILE__) | |||
class ApiTest::QueriesTest < ActionController::IntegrationTest | |||
fixtures :all | |||
def setup | |||
Setting.rest_api_enabled = '1' | |||
end | |||
context "/queries" do | |||
context "GET" do | |||
should "return queries" do | |||
get '/queries.xml' | |||
assert_response :success | |||
assert_equal 'application/xml', @response.content_type | |||
assert_tag :tag => 'queries', | |||
:attributes => {:type => 'array'}, | |||
:child => { | |||
:tag => 'query', | |||
:child => { | |||
:tag => 'id', | |||
:content => '4', | |||
:sibling => { | |||
:tag => 'name', | |||
:content => 'Public query for all projects' | |||
} | |||
} | |||
} | |||
end | |||
end | |||
end | |||
def credentials(user, password=nil) | |||
ActionController::HttpAuthentication::Basic.encode_credentials(user, password || user) | |||
end | |||
end |
@@ -210,6 +210,9 @@ class RoutingTest < ActionController::IntegrationTest | |||
end | |||
context "queries" do | |||
should_route :get, "/queries.xml", :controller => 'queries', :action => 'index', :format => 'xml' | |||
should_route :get, "/queries.json", :controller => 'queries', :action => 'index', :format => 'json' | |||
should_route :get, "/queries/new", :controller => 'queries', :action => 'new' | |||
should_route :get, "/projects/redmine/queries/new", :controller => 'queries', :action => 'new', :project_id => 'redmine' | |||
@@ -417,6 +417,16 @@ class QueryTest < ActiveSupport::TestCase | |||
assert !q.editable_by?(manager) | |||
assert !q.editable_by?(developer) | |||
end | |||
def test_visible_scope | |||
query_ids = Query.visible(User.anonymous).map(&:id) | |||
assert query_ids.include?(1), 'public query on public project was not visible' | |||
assert query_ids.include?(4), 'public query for all projects was not visible' | |||
assert !query_ids.include?(2), 'private query on public project was visible' | |||
assert !query_ids.include?(3), 'private query for all projects was visible' | |||
assert !query_ids.include?(7), 'public query on private project was visible' | |||
end | |||
context "#available_filters" do | |||
setup do |