mirrors
/
redmine
mirror of https://github.com/redmine/redmine.git


			
				
					
						
						
							1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889
							# frozen_string_literal: true

# Redmine - project management software
# Copyright (C) 2006-  Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

class SysController < ActionController::Base
  include ActiveSupport::SecurityUtils

  before_action :check_enabled

  # Requests from repository WS clients don't contain CSRF tokens
  skip_before_action :verify_authenticity_token

  def projects
    p = Project.active.has_module(:repository).
          order("#{Project.table_name}.identifier").preload(:repository).to_a
    # extra_info attribute from repository breaks activeresource client
    render :json =>
              p.to_json(:only => [:id, :identifier, :name, :is_public, :status],
                        :include => {:repository => {:only => [:id, :url]}})
  end

  def create_project_repository
    project = Project.find(params[:id])
    if project.repository
      head 409
    else
      logger.info "Repository for #{project.name} was reported to be created by #{request.remote_ip}."
      repository = Repository.factory(params[:vendor])
      repository.safe_attributes = params[:repository]
      repository.project = project
      if repository.save
        render :json => {repository.class.name.underscore.tr('/', '-') => {:id => repository.id, :url => repository.url}}, :status => 201
      else
        head 422
      end
    end
  end

  def fetch_changesets
    projects = []
    scope = Project.active.has_module(:repository)
    if params[:id]
      project = nil
      if /^\d*$/.match?(params[:id].to_s)
        project = scope.find(params[:id])
      else
        project = scope.find_by_identifier(params[:id])
      end
      raise ActiveRecord::RecordNotFound unless project

      projects << project
    else
      projects = scope.to_a
    end
    projects.each do |project|
      project.repositories.each do |repository|
        repository.fetch_changesets
      end
    end
    head 200
  rescue ActiveRecord::RecordNotFound
    head 404
  end

  protected

  def check_enabled
    User.current = nil
    unless Setting.sys_api_enabled? && secure_compare(params[:key].to_s, Setting.sys_api_key.to_s)
      render :plain => 'Access denied. Repository management WS is disabled or key is invalid.', :status => 403
      return false
    end
  end
end