summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJean-Philippe Lang <jp_lang@yahoo.fr>2008-12-24 10:03:13 +0000
committerJean-Philippe Lang <jp_lang@yahoo.fr>2008-12-24 10:03:13 +0000
commit5c97a83a705f9dd7b7e8dd4470a2bc12fa5b22c1 (patch)
treedf9ac134224e4c43cdec2bd33d8801885c5d242b
parent7776b5b6659ee213c031fd1ed3f73d503af6541e (diff)
downloadredmine-5c97a83a705f9dd7b7e8dd4470a2bc12fa5b22c1.tar.gz
redmine-5c97a83a705f9dd7b7e8dd4470a2bc12fa5b22c1.zip
Validates sort_key and sort_order params (#2378).
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@2171 e93f8b46-1217-0410-a6f0-8f06a7374b81
-rw-r--r--app/controllers/admin_controller.rb2
-rw-r--r--app/controllers/boards_controller.rb6
-rw-r--r--app/controllers/issues_controller.rb10
-rw-r--r--app/controllers/projects_controller.rb8
-rw-r--r--app/controllers/timelog_controller.rb7
-rw-r--r--app/controllers/users_controller.rb2
-rw-r--r--app/helpers/queries_helper.rb4
-rw-r--r--app/helpers/sort_helper.rb18
-rw-r--r--app/models/mailer.rb2
-rw-r--r--app/views/boards/show.rhtml6
-rw-r--r--app/views/issues/_list.rhtml2
-rw-r--r--app/views/projects/list_files.rhtml8
-rw-r--r--app/views/timelog/_list.rhtml8
-rw-r--r--test/functional/issues_controller_test.rb10
14 files changed, 62 insertions, 31 deletions
diff --git a/app/controllers/admin_controller.rb b/app/controllers/admin_controller.rb
index d3afeeea1..be260b419 100644
--- a/app/controllers/admin_controller.rb
+++ b/app/controllers/admin_controller.rb
@@ -27,7 +27,7 @@ class AdminController < ApplicationController
def projects
sort_init 'name', 'asc'
- sort_update
+ sort_update %w(name is_public created_on)
@status = params[:status] ? params[:status].to_i : 1
c = ARCondition.new(@status == 0 ? "status <> 0" : ["status = ?", @status])
diff --git a/app/controllers/boards_controller.rb b/app/controllers/boards_controller.rb
index 4532a88fe..c6ce934ee 100644
--- a/app/controllers/boards_controller.rb
+++ b/app/controllers/boards_controller.rb
@@ -35,8 +35,10 @@ class BoardsController < ApplicationController
end
def show
- sort_init "#{Message.table_name}.updated_on", "desc"
- sort_update
+ sort_init 'updated_on', 'desc'
+ sort_update 'created_on' => "#{Message.table_name}.created_on",
+ 'replies' => "#{Message.table_name}.replies_count",
+ 'updated_on' => "#{Message.table_name}.updated_on"
@topic_count = @board.topics.count
@topic_pages = Paginator.new self, @topic_count, per_page_option, params['page']
diff --git a/app/controllers/issues_controller.rb b/app/controllers/issues_controller.rb
index e13658241..dd7676a78 100644
--- a/app/controllers/issues_controller.rb
+++ b/app/controllers/issues_controller.rb
@@ -45,9 +45,10 @@ class IssuesController < ApplicationController
helper :timelog
def index
- sort_init "#{Issue.table_name}.id", "desc"
- sort_update
retrieve_query
+ sort_init 'id', 'desc'
+ sort_update({'id' => "#{Issue.table_name}.id"}.merge(@query.columns.inject({}) {|h, c| h[c.name.to_s] = c.sortable; h}))
+
if @query.valid?
limit = per_page_option
respond_to do |format|
@@ -78,9 +79,10 @@ class IssuesController < ApplicationController
end
def changes
- sort_init "#{Issue.table_name}.id", "desc"
- sort_update
retrieve_query
+ sort_init 'id', 'desc'
+ sort_update({'id' => "#{Issue.table_name}.id"}.merge(@query.columns.inject({}) {|h, c| h[c.name.to_s] = c.sortable; h}))
+
if @query.valid?
@journals = Journal.find :all, :include => [ :details, :user, {:issue => [:project, :author, :tracker, :status]} ],
:conditions => @query.statement,
diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb
index a6016bc22..8fd79533f 100644
--- a/app/controllers/projects_controller.rb
+++ b/app/controllers/projects_controller.rb
@@ -200,8 +200,12 @@ class ProjectsController < ApplicationController
end
def list_files
- sort_init "#{Attachment.table_name}.filename", "asc"
- sort_update
+ sort_init 'filename', 'asc'
+ sort_update 'filename' => "#{Attachment.table_name}.filename",
+ 'created_on' => "#{Attachment.table_name}.created_on",
+ 'size' => "#{Attachment.table_name}.filesize",
+ 'downloads' => "#{Attachment.table_name}.downloads"
+
@containers = [ Project.find(@project.id, :include => :attachments, :order => sort_clause)]
@containers += @project.versions.find(:all, :include => :attachments, :order => sort_clause).sort.reverse
render :layout => !request.xhr?
diff --git a/app/controllers/timelog_controller.rb b/app/controllers/timelog_controller.rb
index c333c02bb..58df1f5bc 100644
--- a/app/controllers/timelog_controller.rb
+++ b/app/controllers/timelog_controller.rb
@@ -138,7 +138,12 @@ class TimelogController < ApplicationController
def details
sort_init 'spent_on', 'desc'
- sort_update
+ sort_update 'spent_on' => 'spent_on',
+ 'user' => 'user_id',
+ 'activity' => 'activity_id',
+ 'project' => "#{Project.table_name}.name",
+ 'issue' => 'issue_id',
+ 'hours' => 'hours'
cond = ARCondition.new
if @project.nil?
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index e2ab510fb..4c9302824 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -30,7 +30,7 @@ class UsersController < ApplicationController
def list
sort_init 'login', 'asc'
- sort_update
+ sort_update %w(login firstname lastname mail admin created_on last_login_on)
@status = params[:status] ? params[:status].to_i : 1
c = ARCondition.new(@status == 0 ? "status <> 0" : ["status = ?", @status])
diff --git a/app/helpers/queries_helper.rb b/app/helpers/queries_helper.rb
index cf9819fd5..63d6a5356 100644
--- a/app/helpers/queries_helper.rb
+++ b/app/helpers/queries_helper.rb
@@ -22,8 +22,8 @@ module QueriesHelper
end
def column_header(column)
- column.sortable ? sort_header_tag(column.sortable, :caption => column.caption,
- :default_order => column.default_order) :
+ column.sortable ? sort_header_tag(column.name.to_s, :caption => column.caption,
+ :default_order => column.default_order) :
content_tag('th', column.caption)
end
diff --git a/app/helpers/sort_helper.rb b/app/helpers/sort_helper.rb
index 9ca5c11bd..d0a292987 100644
--- a/app/helpers/sort_helper.rb
+++ b/app/helpers/sort_helper.rb
@@ -67,23 +67,31 @@ module SortHelper
# Updates the sort state. Call this in the controller prior to calling
# sort_clause.
- #
- def sort_update()
- if params[:sort_key]
- sort = {:key => params[:sort_key], :order => params[:sort_order]}
+ # sort_keys can be either an array or a hash of allowed keys
+ def sort_update(sort_keys)
+ sort_key = params[:sort_key]
+ sort_key = nil unless (sort_keys.is_a?(Array) ? sort_keys.include?(sort_key) : sort_keys[sort_key])
+
+ sort_order = (params[:sort_order] == 'desc' ? 'DESC' : 'ASC')
+
+ if sort_key
+ sort = {:key => sort_key, :order => sort_order}
elsif session[@sort_name]
sort = session[@sort_name] # Previous sort.
else
sort = @sort_default
end
session[@sort_name] = sort
+
+ sort_column = (sort_keys.is_a?(Hash) ? sort_keys[sort[:key]] : sort[:key])
+ @sort_clause = (sort_column.blank? ? '' : "#{sort_column} #{sort[:order]}")
end
# Returns an SQL sort clause corresponding to the current sort state.
# Use this to sort the controller's table items collection.
#
def sort_clause()
- session[@sort_name][:key] + ' ' + (session[@sort_name][:order] || 'ASC')
+ @sort_clause || '' #session[@sort_name][:key] + ' ' + (session[@sort_name][:order] || 'ASC')
end
# Returns a link which sorts by the named column.
diff --git a/app/models/mailer.rb b/app/models/mailer.rb
index d9207cd92..dd4b5be87 100644
--- a/app/models/mailer.rb
+++ b/app/models/mailer.rb
@@ -58,7 +58,7 @@ class Mailer < ActionMailer::Base
subject l(:mail_subject_reminder, issues.size)
body :issues => issues,
:days => days,
- :issues_url => url_for(:controller => 'issues', :action => 'index', :set_filter => 1, :assigned_to_id => user.id, :sort_key => 'issues.due_date', :sort_order => 'asc')
+ :issues_url => url_for(:controller => 'issues', :action => 'index', :set_filter => 1, :assigned_to_id => user.id, :sort_key => 'due_date', :sort_order => 'asc')
end
def document_added(document)
diff --git a/app/views/boards/show.rhtml b/app/views/boards/show.rhtml
index 06bb87ac7..adf0b46b4 100644
--- a/app/views/boards/show.rhtml
+++ b/app/views/boards/show.rhtml
@@ -33,9 +33,9 @@
<thead><tr>
<th><%= l(:field_subject) %></th>
<th><%= l(:field_author) %></th>
- <%= sort_header_tag("#{Message.table_name}.created_on", :caption => l(:field_created_on)) %>
- <%= sort_header_tag("#{Message.table_name}.replies_count", :caption => l(:label_reply_plural)) %>
- <%= sort_header_tag("#{Message.table_name}.updated_on", :caption => l(:label_message_last)) %>
+ <%= sort_header_tag('created_on', :caption => l(:field_created_on)) %>
+ <%= sort_header_tag('replies', :caption => l(:label_reply_plural)) %>
+ <%= sort_header_tag('updated_on', :caption => l(:label_message_last)) %>
</tr></thead>
<tbody>
<% @topics.each do |topic| %>
diff --git a/app/views/issues/_list.rhtml b/app/views/issues/_list.rhtml
index cbdd4fd72..932676015 100644
--- a/app/views/issues/_list.rhtml
+++ b/app/views/issues/_list.rhtml
@@ -4,7 +4,7 @@
<th><%= link_to image_tag('toggle_check.png'), {}, :onclick => 'toggleIssuesSelection(Element.up(this, "form")); return false;',
:title => "#{l(:button_check_all)}/#{l(:button_uncheck_all)}" %>
</th>
- <%= sort_header_tag("#{Issue.table_name}.id", :caption => '#', :default_order => 'desc') %>
+ <%= sort_header_tag('id', :caption => '#', :default_order => 'desc') %>
<% query.columns.each do |column| %>
<%= column_header(column) %>
<% end %>
diff --git a/app/views/projects/list_files.rhtml b/app/views/projects/list_files.rhtml
index 2ec782c0e..0871ba249 100644
--- a/app/views/projects/list_files.rhtml
+++ b/app/views/projects/list_files.rhtml
@@ -8,10 +8,10 @@
<table class="list">
<thead><tr>
- <%= sort_header_tag("#{Attachment.table_name}.filename", :caption => l(:field_filename)) %>
- <%= sort_header_tag("#{Attachment.table_name}.created_on", :caption => l(:label_date), :default_order => 'desc') %>
- <%= sort_header_tag("#{Attachment.table_name}.filesize", :caption => l(:field_filesize), :default_order => 'desc') %>
- <%= sort_header_tag("#{Attachment.table_name}.downloads", :caption => l(:label_downloads_abbr), :default_order => 'desc') %>
+ <%= sort_header_tag('filename', :caption => l(:field_filename)) %>
+ <%= sort_header_tag('created_on', :caption => l(:label_date), :default_order => 'desc') %>
+ <%= sort_header_tag('size', :caption => l(:field_filesize), :default_order => 'desc') %>
+ <%= sort_header_tag('downloads', :caption => l(:label_downloads_abbr), :default_order => 'desc') %>
<th>MD5</th>
<th></th>
</tr></thead>
diff --git a/app/views/timelog/_list.rhtml b/app/views/timelog/_list.rhtml
index 8aebd75de..1144d42cc 100644
--- a/app/views/timelog/_list.rhtml
+++ b/app/views/timelog/_list.rhtml
@@ -2,10 +2,10 @@
<thead>
<tr>
<%= sort_header_tag('spent_on', :caption => l(:label_date), :default_order => 'desc') %>
-<%= sort_header_tag('user_id', :caption => l(:label_member)) %>
-<%= sort_header_tag('activity_id', :caption => l(:label_activity)) %>
-<%= sort_header_tag("#{Project.table_name}.name", :caption => l(:label_project)) %>
-<%= sort_header_tag('issue_id', :caption => l(:label_issue), :default_order => 'desc') %>
+<%= sort_header_tag('user', :caption => l(:label_member)) %>
+<%= sort_header_tag('activity', :caption => l(:label_activity)) %>
+<%= sort_header_tag('project', :caption => l(:label_project)) %>
+<%= sort_header_tag('issue', :caption => l(:label_issue), :default_order => 'desc') %>
<th><%= l(:field_comments) %></th>
<%= sort_header_tag('hours', :caption => l(:field_hours)) %>
<th></th>
diff --git a/test/functional/issues_controller_test.rb b/test/functional/issues_controller_test.rb
index 49dddf91c..2af1c5153 100644
--- a/test/functional/issues_controller_test.rb
+++ b/test/functional/issues_controller_test.rb
@@ -137,6 +137,16 @@ class IssuesControllerTest < Test::Unit::TestCase
assert_not_nil assigns(:issues)
assert_equal 'application/pdf', @response.content_type
end
+
+ def test_index_sort
+ get :index, :sort_key => 'tracker'
+ assert_response :success
+
+ sort_params = @request.session['issuesindex_sort']
+ assert sort_params.is_a?(Hash)
+ assert_equal 'tracker', sort_params[:key]
+ assert_equal 'ASC', sort_params[:order]
+ end
def test_gantt
get :gantt, :project_id => 1