Merged 0.6 branch into trunk.

Permissions management was rewritten. Some permissions can now be specifically defined for non member and anonymous users. This migration: * is irreversible (please, don't forget to *backup* your database before upgrading) * resets role's permissions (go to "Admin -> Roles & Permissions" to set them after upgrading) git-svn-id: http://redmine.rubyforge.org/svn/trunk@674 e93f8b46-1217-0410-a6f0-8f06a7374b81
author: Jean-Philippe Lang <jp_lang@yahoo.fr> 2007-08-29 16:52:35 +0000
committer: Jean-Philippe Lang <jp_lang@yahoo.fr> 2007-08-29 16:52:35 +0000
commit: 603e11d7a5aa62f923e7b013cac6c66462131232 (patch)
tree: fbbb204d2b92b5a87b787d56fe3f9c62cc3f259b /app/controllers/account_controller.rb
parent: 8da5bad29516be6cbe1bc52e78837ac1ec292026 (diff)
download: redmine-603e11d7a5aa62f923e7b013cac6c66462131232.tar.gz
redmine-603e11d7a5aa62f923e7b013cac6c66462131232.zip
1 files changed, 16 insertions, 6 deletions
diff --git a/app/controllers/account_controller.rb b/app/controllers/account_controller.rb
index 8ee046a0c..44e4cc221 100644
--- a/app/controllers/account_controller.rb
+++ b/app/controllers/account_controller.rb
@@ -22,7 +22,6 @@ class AccountController < ApplicationController
   
   # prevents login action to be filtered by check_if_login_required application scope filter
   skip_before_filter :check_if_login_required, :only => [:login, :lost_password, :register]
-  before_filter :require_login, :only => :logout
 
   # Show user's account
   def show
@@ -31,7 +30,7 @@ class AccountController < ApplicationController
     
     # show only public projects and private projects that the logged in user is also a member of
     @memberships = @user.memberships.select do |membership|
-      membership.project.is_public? || (logged_in_user && logged_in_user.role_for_project(membership.project))
+      membership.project.is_public? || (User.current.role_for_project(membership.project))
     end
   rescue ActiveRecord::RecordNotFound
     render_404
@@ -41,12 +40,12 @@ class AccountController < ApplicationController
   def login
     if request.get?
       # Logout user
-      self.logged_in_user = nil
+      self.logged_user = nil
     else
       # Authenticate user
       user = User.try_to_login(params[:login], params[:password])
       if user
-        self.logged_in_user = user
+        self.logged_user = user
         # generate a key and set cookie if autologin
         if params[:autologin] && Setting.autologin?
           token = Token.create(:user => user, :action => 'autologin')
@@ -62,8 +61,8 @@ class AccountController < ApplicationController
   # Log out current user and redirect to welcome page
   def logout
     cookies.delete :autologin
-    Token.delete_all(["user_id = ? AND action = ?", logged_in_user.id, "autologin"]) if logged_in_user
-    self.logged_in_user = nil
+    Token.delete_all(["user_id = ? AND action = ?", User.current.id, 'autologin']) if User.current.logged?
+    self.logged_user = nil
     redirect_to :controller => 'welcome'
   end
   
@@ -140,4 +139,15 @@ class AccountController < ApplicationController
       end
     end
   end
+  
+private
+  def logged_user=(user)
+    if user && user.is_a?(User)
+      User.current = user
+      session[:user_id] = user.id
+    else
+      User.current = User.anonymous
+      session[:user_id] = nil
+    end
+  end
 end
author	Jean-Philippe Lang <jp_lang@yahoo.fr>	2007-08-29 16:52:35 +0000
committer	Jean-Philippe Lang <jp_lang@yahoo.fr>	2007-08-29 16:52:35 +0000
commit	603e11d7a5aa62f923e7b013cac6c66462131232 (patch)
tree	fbbb204d2b92b5a87b787d56fe3f9c62cc3f259b /app/controllers/account_controller.rb
parent	8da5bad29516be6cbe1bc52e78837ac1ec292026 (diff)
download	redmine-603e11d7a5aa62f923e7b013cac6c66462131232.tar.gz redmine-603e11d7a5aa62f923e7b013cac6c66462131232.zip