diff options
| author | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2007-08-29 16:52:35 +0000 |
|---|---|---|
| committer | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2007-08-29 16:52:35 +0000 |
| commit | 603e11d7a5aa62f923e7b013cac6c66462131232 (patch) | |
| tree | fbbb204d2b92b5a87b787d56fe3f9c62cc3f259b /app/controllers | |
| parent | 8da5bad29516be6cbe1bc52e78837ac1ec292026 (diff) | |
| download | redmine-603e11d7a5aa62f923e7b013cac6c66462131232.tar.gz redmine-603e11d7a5aa62f923e7b013cac6c66462131232.zip | |
Merged 0.6 branch into trunk.
Permissions management was rewritten. Some permissions can now be specifically defined for non member and anonymous users.
This migration:
* is irreversible (please, don't forget to *backup* your database before upgrading)
* resets role's permissions (go to "Admin -> Roles & Permissions" to set them after upgrading)
git-svn-id: http://redmine.rubyforge.org/svn/trunk@674 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat (limited to 'app/controllers')
| -rw-r--r-- | app/controllers/account_controller.rb | 22 | ||||
| -rw-r--r-- | app/controllers/admin_controller.rb | 12 | ||||
| -rw-r--r-- | app/controllers/application.rb | 92 | ||||
| -rw-r--r-- | app/controllers/boards_controller.rb | 4 | ||||
| -rw-r--r-- | app/controllers/documents_controller.rb | 2 | ||||
| -rw-r--r-- | app/controllers/issues_controller.rb | 30 | ||||
| -rw-r--r-- | app/controllers/messages_controller.rb | 3 | ||||
| -rw-r--r-- | app/controllers/projects_controller.rb | 115 | ||||
| -rw-r--r-- | app/controllers/queries_controller.rb | 9 | ||||
| -rw-r--r-- | app/controllers/repositories_controller.rb | 9 | ||||
| -rw-r--r-- | app/controllers/roles_controller.rb | 35 | ||||
| -rw-r--r-- | app/controllers/timelog_controller.rb | 7 | ||||
| -rw-r--r-- | app/controllers/users_controller.rb | 2 | ||||
| -rw-r--r-- | app/controllers/watchers_controller.rb | 4 | ||||
| -rw-r--r-- | app/controllers/welcome_controller.rb | 2 | ||||
| -rw-r--r-- | app/controllers/wiki_controller.rb | 3 |
16 files changed, 158 insertions, 193 deletions
diff --git a/app/controllers/account_controller.rb b/app/controllers/account_controller.rb index 8ee046a0c..44e4cc221 100644 --- a/app/controllers/account_controller.rb +++ b/app/controllers/account_controller.rb @@ -22,7 +22,6 @@ class AccountController < ApplicationController # prevents login action to be filtered by check_if_login_required application scope filter skip_before_filter :check_if_login_required, :only => [:login, :lost_password, :register] - before_filter :require_login, :only => :logout # Show user's account def show @@ -31,7 +30,7 @@ class AccountController < ApplicationController # show only public projects and private projects that the logged in user is also a member of @memberships = @user.memberships.select do |membership| - membership.project.is_public? || (logged_in_user && logged_in_user.role_for_project(membership.project)) + membership.project.is_public? || (User.current.role_for_project(membership.project)) end rescue ActiveRecord::RecordNotFound render_404 @@ -41,12 +40,12 @@ class AccountController < ApplicationController def login if request.get? # Logout user - self.logged_in_user = nil + self.logged_user = nil else # Authenticate user user = User.try_to_login(params[:login], params[:password]) if user - self.logged_in_user = user + self.logged_user = user # generate a key and set cookie if autologin if params[:autologin] && Setting.autologin? token = Token.create(:user => user, :action => 'autologin') @@ -62,8 +61,8 @@ class AccountController < ApplicationController # Log out current user and redirect to welcome page def logout cookies.delete :autologin - Token.delete_all(["user_id = ? AND action = ?", logged_in_user.id, "autologin"]) if logged_in_user - self.logged_in_user = nil + Token.delete_all(["user_id = ? AND action = ?", User.current.id, 'autologin']) if User.current.logged? + self.logged_user = nil redirect_to :controller => 'welcome' end @@ -140,4 +139,15 @@ class AccountController < ApplicationController end end end + +private + def logged_user=(user) + if user && user.is_a?(User) + User.current = user + session[:user_id] = user.id + else + User.current = User.anonymous + session[:user_id] = nil + end + end end diff --git a/app/controllers/admin_controller.rb b/app/controllers/admin_controller.rb index 95d3505c7..78fd1aa15 100644 --- a/app/controllers/admin_controller.rb +++ b/app/controllers/admin_controller.rb @@ -46,14 +46,6 @@ class AdminController < ApplicationController end def mail_options - @actions = Permission.find(:all, :conditions => ["mail_option=?", true]) || [] - if request.post? - @actions.each { |a| - a.mail_enabled = (params[:action_ids] || []).include? a.id.to_s - a.save - } - flash.now[:notice] = l(:notice_successful_update) - end end def test_email @@ -61,8 +53,8 @@ class AdminController < ApplicationController # Force ActionMailer to raise delivery errors so we can catch it ActionMailer::Base.raise_delivery_errors = true begin - @test = Mailer.deliver_test(logged_in_user) - flash[:notice] = l(:notice_email_sent, logged_in_user.mail) + @test = Mailer.deliver_test(User.current) + flash[:notice] = l(:notice_email_sent, User.current.mail) rescue Exception => e flash[:error] = l(:notice_email_error, e.message) end diff --git a/app/controllers/application.rb b/app/controllers/application.rb index 3f5a2c76f..cac2d6464 100644 --- a/app/controllers/application.rb +++ b/app/controllers/application.rb @@ -16,48 +16,47 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. class ApplicationController < ActionController::Base - before_filter :check_if_login_required, :set_localization + before_filter :user_setup, :check_if_login_required, :set_localization filter_parameter_logging :password REDMINE_SUPPORTED_SCM.each do |scm| require_dependency "repository/#{scm.underscore}" end - def logged_in_user=(user) - @logged_in_user = user - session[:user_id] = (user ? user.id : nil) + def logged_in_user + User.current.logged? ? User.current : nil end - def logged_in_user + def current_role + @current_role ||= User.current.role_for_project(@project) + end + + def user_setup if session[:user_id] - @logged_in_user ||= User.find(session[:user_id]) + # existing session + User.current = User.find(session[:user_id]) + elsif cookies[:autologin] && Setting.autologin? + # auto-login feature + User.current = User.find_by_autologin_key(autologin_key) + elsif params[:key] && accept_key_auth_actions.include?(params[:action]) + # RSS key authentication + User.current = User.find_by_rss_key(params[:key]) else - nil + User.current = User.anonymous end end - # Returns the role that the logged in user has on the current project - # or nil if current user is not a member of the project - def logged_in_user_membership - @user_membership ||= logged_in_user.role_for_project(@project) - end - # check if login is globally required to access the application def check_if_login_required # no check needed if user is already logged in - return true if logged_in_user - # auto-login feature - autologin_key = cookies[:autologin] - if autologin_key && Setting.autologin? - self.logged_in_user = User.find_by_autologin_key(autologin_key) - end + return true if User.current.logged? require_login if Setting.login_required? end def set_localization lang = begin - if self.logged_in_user and self.logged_in_user.language and !self.logged_in_user.language.empty? and GLoc.valid_languages.include? self.logged_in_user.language.to_sym - self.logged_in_user.language + if !User.current.language.blank? and GLoc.valid_languages.include? User.current.language.to_sym + User.current.language elsif request.env['HTTP_ACCEPT_LANGUAGE'] accept_lang = parse_qvalues(request.env['HTTP_ACCEPT_LANGUAGE']).first.split('-').first if accept_lang and !accept_lang.empty? and GLoc.valid_languages.include? accept_lang.to_sym @@ -71,7 +70,7 @@ class ApplicationController < ActionController::Base end def require_login - unless self.logged_in_user + if !User.current.logged? store_location redirect_to :controller => "account", :action => "login" return false @@ -81,34 +80,17 @@ class ApplicationController < ActionController::Base def require_admin return unless require_login - unless self.logged_in_user.admin? + if !User.current.admin? render_403 return false end true end - # authorizes the user for the requested action. + # Authorize the user for the requested action def authorize(ctrl = params[:controller], action = params[:action]) - unless @project.active? - @project = nil - render_404 - return false - end - # check if action is allowed on public projects - if @project.is_public? and Permission.allowed_to_public "%s/%s" % [ ctrl, action ] - return true - end - # if action is not public, force login - return unless require_login - # admin is always authorized - return true if self.logged_in_user.admin? - # if not admin, check membership permission - if logged_in_user_membership and Permission.allowed_to_role( "%s/%s" % [ ctrl, action ], logged_in_user_membership ) - return true - end - render_403 - false + allowed = User.current.allowed_to?({:controller => ctrl, :action => action}, @project) + allowed ? true : (User.current.logged? ? render_403 : require_login) end # make sure that the user is a member of the project (or admin) if project is private @@ -119,11 +101,8 @@ class ApplicationController < ActionController::Base render_404 return false end - return true if @project.is_public? - return false unless logged_in_user - return true if logged_in_user.admin? || logged_in_user_membership - render_403 - false + return true if @project.is_public? || User.current.member_of?(@project) || User.current.admin? + User.current.logged? ? render_403 : require_login end # store current uri in session. @@ -154,6 +133,21 @@ class ApplicationController < ActionController::Base render :template => "common/404", :layout => true, :status => 404 return false end + + def render_feed(items, options={}) + @items = items.sort {|x,y| y.event_datetime <=> x.event_datetime } + @title = options[:title] || Setting.app_title + render :template => "common/feed.atom.rxml", :layout => false, :content_type => 'application/atom+xml' + end + + def self.accept_key_auth(*actions) + actions = actions.flatten.map(&:to_s) + write_inheritable_attribute('accept_key_auth_actions', actions) + end + + def accept_key_auth_actions + self.class.read_inheritable_attribute('accept_key_auth_actions') || [] + end # qvalues http header parser # code taken from webrick @@ -173,4 +167,4 @@ class ApplicationController < ActionController::Base end return tmp end -end
\ No newline at end of file +end diff --git a/app/controllers/boards_controller.rb b/app/controllers/boards_controller.rb index 0ad2645f8..2a90e9857 100644 --- a/app/controllers/boards_controller.rb +++ b/app/controllers/boards_controller.rb @@ -17,9 +17,7 @@ class BoardsController < ApplicationController layout 'base' - before_filter :find_project - before_filter :authorize, :except => [:index, :show] - before_filter :check_project_privacy, :only => [:index, :show] + before_filter :find_project, :authorize helper :messages include MessagesHelper diff --git a/app/controllers/documents_controller.rb b/app/controllers/documents_controller.rb index 3c7e56b43..5659e9ced 100644 --- a/app/controllers/documents_controller.rb +++ b/app/controllers/documents_controller.rb @@ -52,7 +52,7 @@ class DocumentsController < ApplicationController a = Attachment.create(:container => @document, :file => file, :author => logged_in_user) @attachments << a unless a.new_record? } if params[:attachments] and params[:attachments].is_a? Array - Mailer.deliver_attachments_add(@attachments) if !@attachments.empty? and Permission.find_by_controller_and_action(params[:controller], params[:action]).mail_enabled? + Mailer.deliver_attachments_add(@attachments) if !@attachments.empty? #and Permission.find_by_controller_and_action(params[:controller], params[:action]).mail_enabled? redirect_to :action => 'show', :id => @document end diff --git a/app/controllers/issues_controller.rb b/app/controllers/issues_controller.rb index 31cc6ae7d..56a9b11ca 100644 --- a/app/controllers/issues_controller.rb +++ b/app/controllers/issues_controller.rb @@ -72,8 +72,15 @@ class IssuesController < ApplicationController unless params[:notes].empty? journal = @issue.init_journal(self.logged_in_user, params[:notes]) if @issue.save + params[:attachments].each { |file| + next unless file.size > 0 + a = Attachment.create(:container => @issue, :file => file, :author => logged_in_user) + journal.details << JournalDetail.new(:property => 'attachment', + :prop_key => a.id, + :value => a.filename) unless a.new_record? + } if params[:attachments] and params[:attachments].is_a? Array flash[:notice] = l(:notice_successful_update) - Mailer.deliver_issue_edit(journal) if Permission.find_by_controller_and_action(params[:controller], params[:action]).mail_enabled? + Mailer.deliver_issue_edit(journal) #if Permission.find_by_controller_and_action(params[:controller], params[:action]).mail_enabled? redirect_to :action => 'show', :id => @issue return end @@ -100,14 +107,14 @@ class IssuesController < ApplicationController } if params[:attachments] and params[:attachments].is_a? Array # Log time - if logged_in_user.authorized_to(@project, "timelog/edit") + if current_role.allowed_to?(:log_time) @time_entry ||= TimeEntry.new(:project => @project, :issue => @issue, :user => logged_in_user, :spent_on => Date.today) @time_entry.attributes = params[:time_entry] @time_entry.save end flash[:notice] = l(:notice_successful_update) - Mailer.deliver_issue_edit(journal) if Permission.find_by_controller_and_action(params[:controller], params[:action]).mail_enabled? + Mailer.deliver_issue_edit(journal) #if Permission.find_by_controller_and_action(params[:controller], params[:action]).mail_enabled? redirect_to :action => 'show', :id => @issue end rescue ActiveRecord::StaleObjectError @@ -124,23 +131,6 @@ class IssuesController < ApplicationController redirect_to :controller => 'projects', :action => 'list_issues', :id => @project end - def add_attachment - # Save the attachments - @attachments = [] - journal = @issue.init_journal(self.logged_in_user) - params[:attachments].each { |file| - next unless file.size > 0 - a = Attachment.create(:container => @issue, :file => file, :author => logged_in_user) - @attachments << a unless a.new_record? - journal.details << JournalDetail.new(:property => 'attachment', - :prop_key => a.id, - :value => a.filename) unless a.new_record? - } if params[:attachments] and params[:attachments].is_a? Array - journal.save if journal.details.any? - Mailer.deliver_attachments_add(@attachments) if !@attachments.empty? and Permission.find_by_controller_and_action(params[:controller], params[:action]).mail_enabled? - redirect_to :action => 'show', :id => @issue - end - def destroy_attachment a = @issue.attachments.find(params[:attachment_id]) a.destroy diff --git a/app/controllers/messages_controller.rb b/app/controllers/messages_controller.rb index 1b0d2a680..74a957d6c 100644 --- a/app/controllers/messages_controller.rb +++ b/app/controllers/messages_controller.rb @@ -17,8 +17,7 @@ class MessagesController < ApplicationController layout 'base' - before_filter :find_project, :check_project_privacy - before_filter :require_login, :only => [:new, :reply] + before_filter :find_project, :authorize verify :method => :post, :only => [ :reply, :destroy ], :redirect_to => { :action => :show } diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb index 0613f9e40..2f5e24e28 100644 --- a/app/controllers/projects_controller.rb +++ b/app/controllers/projects_controller.rb @@ -22,6 +22,7 @@ class ProjectsController < ApplicationController before_filter :find_project, :except => [ :index, :list, :add ] before_filter :authorize, :except => [ :index, :list, :add, :archive, :unarchive, :destroy ] before_filter :require_admin, :only => [ :add, :archive, :unarchive, :destroy ] + accept_key_auth :activity, :calendar cache_sweeper :project_sweeper, :only => [ :add, :edit, :archive, :unarchive, :destroy ] cache_sweeper :issue_sweeper, :only => [ :add_issue ] @@ -97,8 +98,7 @@ class ProjectsController < ApplicationController @trackers = Tracker.find(:all, :order => 'position') @open_issues_by_tracker = Issue.count(:group => :tracker, :joins => "INNER JOIN #{IssueStatus.table_name} ON #{IssueStatus.table_name}.id = #{Issue.table_name}.status_id", :conditions => ["project_id=? and #{IssueStatus.table_name}.is_closed=?", @project.id, false]) @total_issues_by_tracker = Issue.count(:group => :tracker, :conditions => ["project_id=?", @project.id]) - - @key = logged_in_user.get_or_create_rss_key.value if logged_in_user + @key = User.current.rss_key end def settings @@ -224,7 +224,7 @@ class ProjectsController < ApplicationController Attachment.create(:container => @document, :file => a, :author => logged_in_user) unless a.size == 0 } if params[:attachments] and params[:attachments].is_a? Array flash[:notice] = l(:notice_successful_create) - Mailer.deliver_document_add(@document) if Permission.find_by_controller_and_action(params[:controller], params[:action]).mail_enabled? + Mailer.deliver_document_add(@document) #if Permission.find_by_controller_and_action(params[:controller], params[:action]).mail_enabled? redirect_to :action => 'list_documents', :id => @project end end @@ -268,7 +268,7 @@ class ProjectsController < ApplicationController if @issue.save @attachments.each(&:save) flash[:notice] = l(:notice_successful_create) - Mailer.deliver_issue_add(@issue) if Permission.find_by_controller_and_action(params[:controller], params[:action]).mail_enabled? + Mailer.deliver_issue_add(@issue) #if Permission.find_by_controller_and_action(params[:controller], params[:action]).mail_enabled? redirect_to :action => 'list_issues', :id => @project end end @@ -383,7 +383,7 @@ class ProjectsController < ApplicationController redirect_to :action => 'list_issues', :id => @project and return unless @issues @projects = [] # find projects to which the user is allowed to move the issue - @logged_in_user.memberships.each {|m| @projects << m.project if Permission.allowed_to_role("projects/move_issues", m.role)} + User.current.memberships.each {|m| @projects << m.project if m.role.allowed_to?(:controller => 'projects', :action => 'move_issues')} # issue can be moved to any tracker @trackers = Tracker.find(:all) if request.post? and params[:new_project_id] and params[:new_tracker_id] @@ -424,7 +424,11 @@ class ProjectsController < ApplicationController # Show news list of @project def list_news @news_pages, @news = paginate :news, :per_page => 10, :conditions => ["project_id=?", @project.id], :include => :author, :order => "#{News.table_name}.created_on DESC" - render :action => "list_news", :layout => false if request.xhr? + + respond_to do |format| + format.html { render :layout => false if request.xhr? } + format.atom { render_feed(@news, :title => "#{@project.name}: #{l(:label_news_plural)}") } + end end def add_file @@ -437,7 +441,7 @@ class ProjectsController < ApplicationController a = Attachment.create(:container => @version, :file => file, :author => logged_in_user) @attachments << a unless a.new_record? } if params[:attachments] and params[:attachments].is_a? Array - Mailer.deliver_attachments_add(@attachments) if !@attachments.empty? and Permission.find_by_controller_and_action(params[:controller], params[:action]).mail_enabled? + Mailer.deliver_attachments_add(@attachments) if !@attachments.empty? #and Permission.find_by_controller_and_action(params[:controller], params[:action]).mail_enabled? redirect_to :controller => 'projects', :action => 'list_files', :id => @project end @versions = @project.versions.sort @@ -471,80 +475,67 @@ class ProjectsController < ApplicationController @year ||= Date.today.year @month ||= Date.today.month - @date_from = Date.civil(@year, @month, 1) - @date_to = @date_from >> 1 + case params[:format] + when 'rss' + # 30 last days + @date_from = Date.today - 30 + @date_to = Date.today + 1 + else + # current month + @date_from = Date.civil(@year, @month, 1) + @date_to = @date_from >> 1 + end - @events_by_day = Hash.new { |h,k| h[k] = [] } + @event_types = %w(issues news attachments documents wiki_edits revisions) + @event_types.delete('wiki_edits') unless @project.wiki + @event_types.delete('changesets') unless @project.repository - unless params[:show_issues] == "0" - @project.issues.find(:all, :include => [:author], :conditions => ["#{Issue.table_name}.created_on BETWEEN ? AND ?", @date_from, @date_to] ).each { |i| - @events_by_day[i.created_on.to_date] << i - } - @project.issue_changes.find(:all, :include => :details, :conditions => ["(#{Journal.table_name}.created_on BETWEEN ? AND ?) AND (#{JournalDetail.table_name}.prop_key = 'status_id')", @date_from, @date_to] ).each { |i| - @events_by_day[i.created_on.to_date] << i - } - @show_issues = 1 + @scope = @event_types.select {|t| params["show_#{t}"]} + # default events if none is specified in parameters + @scope = (@event_types - %w(wiki_edits))if @scope.empty? + + @events = [] + + if @scope.include?('issues') + @events += @project.issues.find(:all, :include => [:author, :tracker], :conditions => ["#{Issue.table_name}.created_on>=? and #{Issue.table_name}.created_on<=?", @date_from, @date_to] ) end - unless params[:show_news] == "0" - @project.news.find(:all, :conditions => ["#{News.table_name}.created_on BETWEEN ? AND ?", @date_from, @date_to], :include => :author ).each { |i| - @events_by_day[i.created_on.to_date] << i - } - @show_news = 1 + if @scope.include?('news') + @events += @project.news.find(:all, :conditions => ["#{News.table_name}.created_on>=? and #{News.table_name}.created_on<=?", @date_from, @date_to], :include => :author ) end - unless params[:show_files] == "0" - Attachment.find(:all, :select => "#{Attachment.table_name}.*", - :joins => "LEFT JOIN #{Version.table_name} ON #{Version.table_name}.id = #{Attachment.table_name}.container_id", - :conditions => ["#{Attachment.table_name}.container_type='Version' and #{Version.table_name}.project_id=? and #{Attachment.table_name}.created_on BETWEEN ? AND ? ", @project.id, @date_from, @date_to], - :include => :author ).each { |i| - @events_by_day[i.created_on.to_date] << i - } - @show_files = 1 + if @scope.include?('attachments') + @events += Attachment.find(:all, :select => "#{Attachment.table_name}.*", :joins => "LEFT JOIN #{Version.table_name} ON #{Version.table_name}.id = #{Attachment.table_name}.container_id", :conditions => ["#{Attachment.table_name}.container_type='Version' and #{Version.table_name}.project_id=? and #{Attachment.table_name}.created_on>=? and #{Attachment.table_name}.created_on<=?", @project.id, @date_from, @date_to], :include => :author ) end - unless params[:show_documents] == "0" - @project.documents.find(:all, :conditions => ["#{Document.table_name}.created_on BETWEEN ? AND ?", @date_from, @date_to] ).each { |i| - @events_by_day[i.created_on.to_date] << i - } - Attachment.find(:all, :select => "attachments.*", - :joins => "LEFT JOIN #{Document.table_name} ON #{Document.table_name}.id = #{Attachment.table_name}.container_id", - :conditions => ["#{Attachment.table_name}.container_type='Document' and #{Document.table_name}.project_id=? and #{Attachment.table_name}.created_on BETWEEN ? AND ? ", @project.id, @date_from, @date_to], - :include => :author ).each { |i| - @events_by_day[i.created_on.to_date] << i - } - @show_documents = 1 + if @scope.include?('documents') + @events += @project.documents.find(:all, :conditions => ["#{Document.table_name}.created_on>=? and #{Document.table_name}.created_on<=?", @date_from, @date_to] ) + @events += Attachment.find(:all, :select => "attachments.*", :joins => "LEFT JOIN #{Document.table_name} ON #{Document.table_name}.id = #{Attachment.table_name}.container_id", :conditions => ["#{Attachment.table_name}.container_type='Document' and #{Document.table_name}.project_id=? and #{Attachment.table_name}.created_on>=? and #{Attachment.table_name}.created_on<=?", @project.id, @date_from, @date_to], :include => :author ) end - unless @project.wiki.nil? || params[:show_wiki_edits] == "0" + if @scope.include?('wiki_edits') && @project.wiki select = "#{WikiContent.versioned_table_name}.updated_on, #{WikiContent.versioned_table_name}.comments, " + - "#{WikiContent.versioned_table_name}.#{WikiContent.version_column}, #{WikiPage.table_name}.title" + "#{WikiContent.versioned_table_name}.#{WikiContent.version_column}, #{WikiPage.table_name}.title, " + + "#{WikiContent.versioned_table_name}.page_id, #{WikiContent.versioned_table_name}.author_id, " + + "#{WikiContent.versioned_table_name}.id" joins = "LEFT JOIN #{WikiPage.table_name} ON #{WikiPage.table_name}.id = #{WikiContent.versioned_table_name}.page_id " + "LEFT JOIN #{Wiki.table_name} ON #{Wiki.table_name}.id = #{WikiPage.table_name}.wiki_id " conditions = ["#{Wiki.table_name}.project_id = ? AND #{WikiContent.versioned_table_name}.updated_on BETWEEN ? AND ?", @project.id, @date_from, @date_to] - WikiContent.versioned_class.find(:all, :select => select, :joins => joins, :conditions => conditions).each { |i| - # We provide this alias so all events can be treated in the same manner - def i.created_on - self.updated_on - end - @events_by_day[i.created_on.to_date] << i - } - @show_wiki_edits = 1 + @events += WikiContent.versioned_class.find(:all, :select => select, :joins => joins, :conditions => conditions) end - unless @project.repository.nil? || params[:show_changesets] == "0" - @project.repository.changesets.find(:all, :conditions => ["#{Changeset.table_name}.committed_on BETWEEN ? AND ?", @date_from, @date_to]).each { |i| - def i.created_on - self.committed_on - end - @events_by_day[i.created_on.to_date] << i - } - @show_changesets = 1 + if @scope.include?('revisions') && @project.repository + @events += @project.repository.changesets.find(:all, :conditions => ["#{Changeset.table_name}.committed_on BETWEEN ? AND ?", @date_from, @date_to]) end - render :layout => false if request.xhr? + @events_by_day = @events.group_by(&:event_date) + + respond_to do |format| + format.html { render :layout => false if request.xhr? } + format.atom { render_feed(@events, :title => "#{@project.name}: #{l(:label_activity)}") } + end end def calendar @@ -630,7 +621,7 @@ class ProjectsController < ApplicationController def feeds @queries = @project.queries.find :all, :conditions => ["is_public=? or user_id=?", true, (logged_in_user ? logged_in_user.id : 0)] - @key = logged_in_user.get_or_create_rss_key.value if logged_in_user + @key = User.current.rss_key end private diff --git a/app/controllers/queries_controller.rb b/app/controllers/queries_controller.rb index 631895284..bcc233699 100644 --- a/app/controllers/queries_controller.rb +++ b/app/controllers/queries_controller.rb @@ -16,9 +16,8 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. class QueriesController < ApplicationController - layout 'base' - before_filter :require_login, :except => :index - before_filter :find_project, :check_project_privacy + layout 'base' + before_filter :find_project, :authorize def index @queries = @project.queries.find(:all, @@ -31,7 +30,7 @@ class QueriesController < ApplicationController @query.project = @project @query.user = logged_in_user @query.executed_by = logged_in_user - @query.is_public = false unless logged_in_user.authorized_to(@project, 'projects/add_query') + @query.is_public = false unless current_role.allowed_to?(:manage_pulic_queries) params[:fields].each do |field| @query.add_filter(field, params[:operators][field], params[:values][field]) @@ -52,7 +51,7 @@ class QueriesController < ApplicationController @query.add_filter(field, params[:operators][field], params[:values][field]) end if params[:fields] @query.attributes = params[:query] - @query.is_public = false unless logged_in_user.authorized_to(@project, 'projects/add_query') + @query.is_public = false unless current_role.allowed_to?(:manage_pulic_queries) if @query.save flash[:notice] = l(:notice_successful_update) diff --git a/app/controllers/repositories_controller.rb b/app/controllers/repositories_controller.rb index 5bcba8e3a..f99ea0b35 100644 --- a/app/controllers/repositories_controller.rb +++ b/app/controllers/repositories_controller.rb @@ -22,8 +22,8 @@ require 'digest/sha1' class RepositoriesController < ApplicationController layout 'base' before_filter :find_project, :except => [:update_form] - before_filter :authorize, :except => [:update_form, :stats, :graph] - before_filter :check_project_privacy, :only => [:stats, :graph] + before_filter :authorize, :except => [:update_form] + accept_key_auth :revisions def show # check if new revisions have been committed in the repository @@ -57,7 +57,10 @@ class RepositoriesController < ApplicationController :limit => @changeset_pages.items_per_page, :offset => @changeset_pages.current.offset) - render :action => "revisions", :layout => false if request.xhr? + respond_to do |format| + format.html { render :layout => false if request.xhr? } + format.atom { render_feed(@changesets, :title => "#{@project.name}: #{l(:label_revision_plural)}") } + end end def entry diff --git a/app/controllers/roles_controller.rb b/app/controllers/roles_controller.rb index 6f1657675..24c7a3ffe 100644 --- a/app/controllers/roles_controller.rb +++ b/app/controllers/roles_controller.rb @@ -28,40 +28,35 @@ class RolesController < ApplicationController end def list - @role_pages, @roles = paginate :roles, :per_page => 25, :order => "position" + @role_pages, @roles = paginate :roles, :per_page => 25, :order => 'builtin, position' render :action => "list", :layout => false if request.xhr? end def new @role = Role.new(params[:role]) - if request.post? - @role.permissions = Permission.find(params[:permission_ids]) if params[:permission_ids] - if @role.save - flash[:notice] = l(:notice_successful_create) - redirect_to :action => 'list' - end + if request.post? && @role.save + flash[:notice] = l(:notice_successful_create) + redirect_to :action => 'list' end - @permissions = Permission.find(:all, :conditions => ["is_public=?", false], :order => 'sort ASC') + @permissions = @role.setable_permissions end def edit @role = Role.find(params[:id]) if request.post? and @role.update_attributes(params[:role]) - @role.permissions = Permission.find(params[:permission_ids] || []) - Permission.allowed_to_role_expired flash[:notice] = l(:notice_successful_update) redirect_to :action => 'list' end - @permissions = Permission.find(:all, :conditions => ["is_public=?", false], :order => 'sort ASC') + @permissions = @role.setable_permissions end def destroy @role = Role.find(params[:id]) - unless @role.members.empty? - flash[:error] = 'Some members have this role. Can\'t delete it.' - else + #unless @role.members.empty? + # flash[:error] = 'Some members have this role. Can\'t delete it.' + #else @role.destroy - end + #end redirect_to :action => 'list' end @@ -95,19 +90,19 @@ class RolesController < ApplicationController flash[:notice] = l(:notice_successful_update) end end - @roles = Role.find(:all, :order => 'position') + @roles = Role.find(:all, :order => 'builtin, position') @trackers = Tracker.find(:all, :order => 'position') @statuses = IssueStatus.find(:all, :include => :workflows, :order => 'position') end def report - @roles = Role.find(:all, :order => 'position') - @permissions = Permission.find :all, :conditions => ["is_public=?", false], :order => 'sort' + @roles = Role.find(:all, :order => 'builtin, position') + @permissions = Redmine::AccessControl.permissions.select { |p| !p.public? } if request.post? @roles.each do |role| - role.permissions = Permission.find(params[:permission_ids] ? (params[:permission_ids][role.id.to_s] || []) : [] ) + role.permissions = params[:permissions][role.id.to_s] + role.save end - Permission.allowed_to_role_expired flash[:notice] = l(:notice_successful_update) redirect_to :action => 'list' end diff --git a/app/controllers/timelog_controller.rb b/app/controllers/timelog_controller.rb index 01c4ddca9..1c15fa564 100644 --- a/app/controllers/timelog_controller.rb +++ b/app/controllers/timelog_controller.rb @@ -16,11 +16,8 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. class TimelogController < ApplicationController - layout 'base' - - before_filter :find_project - before_filter :authorize, :only => :edit - before_filter :check_project_privacy, :except => :edit + layout 'base' + before_filter :find_project, :authorize helper :sort include SortHelper diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 3e107287b..7e3abc75c 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -87,7 +87,7 @@ class UsersController < ApplicationController end end @auth_sources = AuthSource.find(:all) - @roles = Role.find(:all, :order => 'position') + @roles = Role.find_all_givable @projects = Project.find(:all, :order => 'name', :conditions => "status=#{Project::STATUS_ACTIVE}") - @user.projects @membership ||= Member.new end diff --git a/app/controllers/watchers_controller.rb b/app/controllers/watchers_controller.rb index f617a5b5a..206dc0843 100644 --- a/app/controllers/watchers_controller.rb +++ b/app/controllers/watchers_controller.rb @@ -20,7 +20,7 @@ class WatchersController < ApplicationController before_filter :require_login, :find_project, :check_project_privacy def add - user = logged_in_user + user = User.current @watched.add_watcher(user) respond_to do |format| format.html { render :text => 'Watcher added.', :layout => true } @@ -29,7 +29,7 @@ class WatchersController < ApplicationController end def remove - user = logged_in_user + user = User.current @watched.remove_watcher(user) respond_to do |format| format.html { render :text => 'Watcher removed.', :layout => true } diff --git a/app/controllers/welcome_controller.rb b/app/controllers/welcome_controller.rb index 7b1c398d1..2eac2268f 100644 --- a/app/controllers/welcome_controller.rb +++ b/app/controllers/welcome_controller.rb @@ -21,7 +21,5 @@ class WelcomeController < ApplicationController def index @news = News.latest logged_in_user @projects = Project.latest logged_in_user - - @key = logged_in_user.get_or_create_rss_key.value if logged_in_user end end diff --git a/app/controllers/wiki_controller.rb b/app/controllers/wiki_controller.rb index 748821d72..e9212a1c7 100644 --- a/app/controllers/wiki_controller.rb +++ b/app/controllers/wiki_controller.rb @@ -19,8 +19,7 @@ require 'diff' class WikiController < ApplicationController layout 'base' - before_filter :find_wiki, :check_project_privacy - before_filter :authorize, :only => [:destroy, :add_attachment, :destroy_attachment] + before_filter :find_wiki, :authorize verify :method => :post, :only => [:destroy, :destroy_attachment], :redirect_to => { :action => :index } |