Merged r2116, r2117 and r2187 from trunk.

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/branches/0.8-stable@2217 e93f8b46-1217-0410-a6f0-8f06a7374b81

6 files changed, 35 insertions, 43 deletions

diff --git a/app/controllers/attachments_controller.rb b/app/controllers/attachments_controller.rb
index 788bab94d..2851f91a6 100644
--- a/app/controllers/attachments_controller.rb
+++ b/app/controllers/attachments_controller.rb
@@ -1,5 +1,5 @@
-# redMine - project management software
-# Copyright (C) 2006-2007  Jean-Philippe Lang
+# Redmine - project management software
+# Copyright (C) 2006-2008  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -17,7 +17,11 @@
 
 class AttachmentsController < ApplicationController
   before_filter :find_project
-
+  before_filter :read_authorize, :except => :destroy
+  before_filter :delete_authorize, :only => :destroy
+  
+  verify :method => :post, :only => :destroy
+  
   def show
     if @attachment.is_diff?
       @diff = File.new(@attachment.diskfile, "rb").read
@@ -37,19 +41,32 @@ class AttachmentsController < ApplicationController
     send_file @attachment.diskfile, :filename => filename_for_content_disposition(@attachment.filename),
                                     :type => @attachment.content_type, 
                                     :disposition => (@attachment.image? ? 'inline' : 'attachment')
+   
   end
- 
+  
+  def destroy
+    # Make sure association callbacks are called
+    @attachment.container.attachments.delete(@attachment)
+    redirect_to :back
+  rescue ::ActionController::RedirectBackError
+    redirect_to :controller => 'projects', :action => 'show', :id => @project
+  end
+  
 private
   def find_project
     @attachment = Attachment.find(params[:id])
     # Show 404 if the filename in the url is wrong
     raise ActiveRecord::RecordNotFound if params[:filename] && params[:filename] != @attachment.filename
-    
     @project = @attachment.project
-    permission = @attachment.container.is_a?(Version) ? :view_files : "view_#{@attachment.container.class.name.underscore.pluralize}".to_sym
-    allowed = User.current.allowed_to?(permission, @project)
-    allowed ? true : (User.current.logged? ? render_403 : require_login)
   rescue ActiveRecord::RecordNotFound
     render_404
   end
+  
+  def read_authorize
+    @attachment.visible? ? true : deny_access
+  end
+  
+  def delete_authorize
+    @attachment.deletable? ? true : deny_access
+  end
 end
diff --git a/app/controllers/documents_controller.rb b/app/controllers/documents_controller.rb
index aebd48bec..2d1c414c9 100644
--- a/app/controllers/documents_controller.rb
+++ b/app/controllers/documents_controller.rb
@@ -71,11 +71,6 @@ class DocumentsController < ApplicationController
     Mailer.deliver_attachments_added(attachments) if !attachments.empty? && Setting.notified_events.include?('document_added')
     redirect_to :action => 'show', :id => @document
   end
-  
-  def destroy_attachment
-    @document.attachments.find(params[:attachment_id]).destroy
-    redirect_to :action => 'show', :id => @document
-  end
 
 private
   def find_project
diff --git a/app/controllers/issues_controller.rb b/app/controllers/issues_controller.rb
index 7df4177e6..dd7676a78 100644
--- a/app/controllers/issues_controller.rb
+++ b/app/controllers/issues_controller.rb
@@ -18,7 +18,7 @@
 class IssuesController < ApplicationController
   menu_item :new_issue, :only => :new
   
-  before_filter :find_issue, :only => [:show, :edit, :reply, :destroy_attachment]
+  before_filter :find_issue, :only => [:show, :edit, :reply]
   before_filter :find_issues, :only => [:bulk_edit, :move, :destroy]
   before_filter :find_project, :only => [:new, :update_form, :preview]
   before_filter :authorize, :except => [:index, :changes, :gantt, :calendar, :preview, :update_form, :context_menu]
@@ -318,17 +318,6 @@ class IssuesController < ApplicationController
     @issues.each(&:destroy)
     redirect_to :action => 'index', :project_id => @project
   end
-
-  def destroy_attachment
-    a = @issue.attachments.find(params[:attachment_id])
-    a.destroy
-    journal = @issue.init_journal(User.current)
-    journal.details << JournalDetail.new(:property => 'attachment',
-                                         :prop_key => a.id,
-                                         :old_value => a.filename)
-    journal.save
-    redirect_to :action => 'show', :id => @issue
-  end
   
   def gantt
     @gantt = Redmine::Helpers::Gantt.new(params)
diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb
index efb690144..8fd79533f 100644
--- a/app/controllers/projects_controller.rb
+++ b/app/controllers/projects_controller.rb
@@ -188,10 +188,13 @@ class ProjectsController < ApplicationController
 
   def add_file
     if request.post?
-      @version = @project.versions.find_by_id(params[:version_id])
-      attachments = attach_files(@version, params[:attachments])
-      Mailer.deliver_attachments_added(attachments) if !attachments.empty? && Setting.notified_events.include?('file_added')
+      container = (params[:version_id].blank? ? @project : @project.versions.find_by_id(params[:version_id]))
+      attachments = attach_files(container, params[:attachments])
+      if !attachments.empty? && Setting.notified_events.include?('file_added')
+        Mailer.deliver_attachments_added(attachments)
+      end
       redirect_to :controller => 'projects', :action => 'list_files', :id => @project
+      return
     end
     @versions = @project.versions.sort
   end
@@ -203,7 +206,8 @@ class ProjectsController < ApplicationController
                 'size' => "#{Attachment.table_name}.filesize",
                 'downloads' => "#{Attachment.table_name}.downloads"
                 
-    @versions = @project.versions.find(:all, :include => :attachments, :order => sort_clause).sort.reverse
+    @containers = [ Project.find(@project.id, :include => :attachments, :order => sort_clause)]
+    @containers += @project.versions.find(:all, :include => :attachments, :order => sort_clause).sort.reverse
     render :layout => !request.xhr?
   end
   
diff --git a/app/controllers/versions_controller.rb b/app/controllers/versions_controller.rb
index 3a2221761..c269432f3 100644
--- a/app/controllers/versions_controller.rb
+++ b/app/controllers/versions_controller.rb
@@ -37,12 +37,6 @@ class VersionsController < ApplicationController
     redirect_to :controller => 'projects', :action => 'settings', :tab => 'versions', :id => @project
   end
   
-  def destroy_file
-    @version.attachments.find(params[:attachment_id]).destroy
-    flash[:notice] = l(:notice_successful_delete)
-    redirect_to :controller => 'projects', :action => 'list_files', :id => @project
-  end
-  
   def status_by
     respond_to do |format|
       format.html { render :action => 'show' }
diff --git a/app/controllers/wiki_controller.rb b/app/controllers/wiki_controller.rb
index 7e3fc92f0..2dcc6f971 100644
--- a/app/controllers/wiki_controller.rb
+++ b/app/controllers/wiki_controller.rb
@@ -21,7 +21,7 @@ class WikiController < ApplicationController
   before_filter :find_wiki, :authorize
   before_filter :find_existing_page, :only => [:rename, :protect, :history, :diff, :annotate, :add_attachment, :destroy]
   
-  verify :method => :post, :only => [:destroy, :destroy_attachment, :protect], :redirect_to => { :action => :index }
+  verify :method => :post, :only => [:destroy, :protect], :redirect_to => { :action => :index }
 
   helper :attachments
   include AttachmentsHelper   
@@ -181,13 +181,6 @@ class WikiController < ApplicationController
     redirect_to :action => 'index', :page => @page.title
   end
 
-  def destroy_attachment
-    @page = @wiki.find_page(params[:page])
-    return render_403 unless editable?
-    @page.attachments.find(params[:attachment_id]).destroy
-    redirect_to :action => 'index', :page => @page.title
-  end
-
 private
   
   def find_wiki