Merged 0.6 branch into trunk.

Permissions management was rewritten. Some permissions can now be specifically defined for non member and anonymous users. This migration: * is irreversible (please, don't forget to *backup* your database before upgrading) * resets role's permissions (go to "Admin -> Roles & Permissions" to set them after upgrading) git-svn-id: http://redmine.rubyforge.org/svn/trunk@674 e93f8b46-1217-0410-a6f0-8f06a7374b81
author: Jean-Philippe Lang <jp_lang@yahoo.fr> 2007-08-29 16:52:35 +0000
committer: Jean-Philippe Lang <jp_lang@yahoo.fr> 2007-08-29 16:52:35 +0000
commit: 603e11d7a5aa62f923e7b013cac6c66462131232 (patch)
tree: fbbb204d2b92b5a87b787d56fe3f9c62cc3f259b /app/controllers/application.rb
parent: 8da5bad29516be6cbe1bc52e78837ac1ec292026 (diff)
download: redmine-603e11d7a5aa62f923e7b013cac6c66462131232.tar.gz
redmine-603e11d7a5aa62f923e7b013cac6c66462131232.zip
1 files changed, 43 insertions, 49 deletions
diff --git a/app/controllers/application.rb b/app/controllers/application.rb
index 3f5a2c76f..cac2d6464 100644
--- a/app/controllers/application.rb
+++ b/app/controllers/application.rb
@@ -16,48 +16,47 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
 
 class ApplicationController < ActionController::Base
-  before_filter :check_if_login_required, :set_localization
+  before_filter :user_setup, :check_if_login_required, :set_localization
   filter_parameter_logging :password
   
   REDMINE_SUPPORTED_SCM.each do |scm|
     require_dependency "repository/#{scm.underscore}"
   end
   
-  def logged_in_user=(user)
-    @logged_in_user = user
-    session[:user_id] = (user ? user.id : nil)
+  def logged_in_user
+    User.current.logged? ? User.current : nil
   end
   
-  def logged_in_user
+  def current_role
+    @current_role ||= User.current.role_for_project(@project)
+  end
+  
+  def user_setup
     if session[:user_id]
-      @logged_in_user ||= User.find(session[:user_id])
+      # existing session
+      User.current = User.find(session[:user_id])
+    elsif cookies[:autologin] && Setting.autologin?
+      # auto-login feature
+      User.current = User.find_by_autologin_key(autologin_key)
+    elsif params[:key] && accept_key_auth_actions.include?(params[:action])
+      # RSS key authentication
+      User.current = User.find_by_rss_key(params[:key])
     else
-      nil
+      User.current = User.anonymous
     end
   end
   
-  # Returns the role that the logged in user has on the current project
-  # or nil if current user is not a member of the project
-  def logged_in_user_membership
-    @user_membership ||= logged_in_user.role_for_project(@project)
-  end
-  
   # check if login is globally required to access the application
   def check_if_login_required
     # no check needed if user is already logged in
-    return true if logged_in_user
-    # auto-login feature
-    autologin_key = cookies[:autologin]
-    if autologin_key && Setting.autologin?
-      self.logged_in_user = User.find_by_autologin_key(autologin_key)
-    end
+    return true if User.current.logged?
     require_login if Setting.login_required?
   end 
   
   def set_localization
     lang = begin
-      if self.logged_in_user and self.logged_in_user.language and !self.logged_in_user.language.empty? and GLoc.valid_languages.include? self.logged_in_user.language.to_sym
-        self.logged_in_user.language
+      if !User.current.language.blank? and GLoc.valid_languages.include? User.current.language.to_sym
+        User.current.language
       elsif request.env['HTTP_ACCEPT_LANGUAGE']
         accept_lang = parse_qvalues(request.env['HTTP_ACCEPT_LANGUAGE']).first.split('-').first
         if accept_lang and !accept_lang.empty? and GLoc.valid_languages.include? accept_lang.to_sym
@@ -71,7 +70,7 @@ class ApplicationController < ActionController::Base
   end
   
   def require_login
-    unless self.logged_in_user
+    if !User.current.logged?
       store_location
       redirect_to :controller => "account", :action => "login"
       return false
@@ -81,34 +80,17 @@ class ApplicationController < ActionController::Base
 
   def require_admin
     return unless require_login
-    unless self.logged_in_user.admin?
+    if !User.current.admin?
       render_403
       return false
     end
     true
   end
 
-  # authorizes the user for the requested action.
+  # Authorize the user for the requested action
   def authorize(ctrl = params[:controller], action = params[:action])
-    unless @project.active?
-      @project = nil
-      render_404
-      return false
-    end
-    # check if action is allowed on public projects
-    if @project.is_public? and Permission.allowed_to_public "%s/%s" % [ ctrl, action ]
-      return true
-    end    
-    # if action is not public, force login
-    return unless require_login    
-    # admin is always authorized
-    return true if self.logged_in_user.admin?
-    # if not admin, check membership permission    
-    if logged_in_user_membership and Permission.allowed_to_role( "%s/%s" % [ ctrl, action ], logged_in_user_membership )    
-      return true		
-    end		
-    render_403
-    false
+    allowed = User.current.allowed_to?({:controller => ctrl, :action => action}, @project)
+    allowed ? true : (User.current.logged? ? render_403 : require_login)
   end
   
   # make sure that the user is a member of the project (or admin) if project is private
@@ -119,11 +101,8 @@ class ApplicationController < ActionController::Base
       render_404
       return false
     end
-    return true if @project.is_public?
-    return false unless logged_in_user
-    return true if logged_in_user.admin? || logged_in_user_membership
-    render_403
-    false
+    return true if @project.is_public? || User.current.member_of?(@project) || User.current.admin?
+    User.current.logged? ? render_403 : require_login
   end
 
   # store current uri in session.
@@ -154,6 +133,21 @@ class ApplicationController < ActionController::Base
     render :template => "common/404", :layout => true, :status => 404
     return false
   end
+  
+  def render_feed(items, options={})
+    @items = items.sort {|x,y| y.event_datetime <=> x.event_datetime }
+    @title = options[:title] || Setting.app_title
+    render :template => "common/feed.atom.rxml", :layout => false, :content_type => 'application/atom+xml'
+  end
+  
+  def self.accept_key_auth(*actions)
+    actions = actions.flatten.map(&:to_s)
+    write_inheritable_attribute('accept_key_auth_actions', actions)
+  end
+  
+  def accept_key_auth_actions
+    self.class.read_inheritable_attribute('accept_key_auth_actions') || []
+  end
 
   # qvalues http header parser
   # code taken from webrick
@@ -173,4 +167,4 @@ class ApplicationController < ActionController::Base
     end
     return tmp
   end
-end
-\ No newline at end of file
+end
author	Jean-Philippe Lang <jp_lang@yahoo.fr>	2007-08-29 16:52:35 +0000
committer	Jean-Philippe Lang <jp_lang@yahoo.fr>	2007-08-29 16:52:35 +0000
commit	603e11d7a5aa62f923e7b013cac6c66462131232 (patch)
tree	fbbb204d2b92b5a87b787d56fe3f9c62cc3f259b /app/controllers/application.rb
parent	8da5bad29516be6cbe1bc52e78837ac1ec292026 (diff)
download	redmine-603e11d7a5aa62f923e7b013cac6c66462131232.tar.gz redmine-603e11d7a5aa62f923e7b013cac6c66462131232.zip