diff options
author | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2007-08-29 16:52:35 +0000 |
---|---|---|
committer | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2007-08-29 16:52:35 +0000 |
commit | 603e11d7a5aa62f923e7b013cac6c66462131232 (patch) | |
tree | fbbb204d2b92b5a87b787d56fe3f9c62cc3f259b /app | |
parent | 8da5bad29516be6cbe1bc52e78837ac1ec292026 (diff) | |
download | redmine-603e11d7a5aa62f923e7b013cac6c66462131232.tar.gz redmine-603e11d7a5aa62f923e7b013cac6c66462131232.zip |
Merged 0.6 branch into trunk.
Permissions management was rewritten. Some permissions can now be specifically defined for non member and anonymous users.
This migration:
* is irreversible (please, don't forget to *backup* your database before upgrading)
* resets role's permissions (go to "Admin -> Roles & Permissions" to set them after upgrading)
git-svn-id: http://redmine.rubyforge.org/svn/trunk@674 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat (limited to 'app')
53 files changed, 474 insertions, 476 deletions
diff --git a/app/controllers/account_controller.rb b/app/controllers/account_controller.rb index 8ee046a0c..44e4cc221 100644 --- a/app/controllers/account_controller.rb +++ b/app/controllers/account_controller.rb @@ -22,7 +22,6 @@ class AccountController < ApplicationController # prevents login action to be filtered by check_if_login_required application scope filter skip_before_filter :check_if_login_required, :only => [:login, :lost_password, :register] - before_filter :require_login, :only => :logout # Show user's account def show @@ -31,7 +30,7 @@ class AccountController < ApplicationController # show only public projects and private projects that the logged in user is also a member of @memberships = @user.memberships.select do |membership| - membership.project.is_public? || (logged_in_user && logged_in_user.role_for_project(membership.project)) + membership.project.is_public? || (User.current.role_for_project(membership.project)) end rescue ActiveRecord::RecordNotFound render_404 @@ -41,12 +40,12 @@ class AccountController < ApplicationController def login if request.get? # Logout user - self.logged_in_user = nil + self.logged_user = nil else # Authenticate user user = User.try_to_login(params[:login], params[:password]) if user - self.logged_in_user = user + self.logged_user = user # generate a key and set cookie if autologin if params[:autologin] && Setting.autologin? token = Token.create(:user => user, :action => 'autologin') @@ -62,8 +61,8 @@ class AccountController < ApplicationController # Log out current user and redirect to welcome page def logout cookies.delete :autologin - Token.delete_all(["user_id = ? AND action = ?", logged_in_user.id, "autologin"]) if logged_in_user - self.logged_in_user = nil + Token.delete_all(["user_id = ? AND action = ?", User.current.id, 'autologin']) if User.current.logged? + self.logged_user = nil redirect_to :controller => 'welcome' end @@ -140,4 +139,15 @@ class AccountController < ApplicationController end end end + +private + def logged_user=(user) + if user && user.is_a?(User) + User.current = user + session[:user_id] = user.id + else + User.current = User.anonymous + session[:user_id] = nil + end + end end diff --git a/app/controllers/admin_controller.rb b/app/controllers/admin_controller.rb index 95d3505c7..78fd1aa15 100644 --- a/app/controllers/admin_controller.rb +++ b/app/controllers/admin_controller.rb @@ -46,14 +46,6 @@ class AdminController < ApplicationController end def mail_options - @actions = Permission.find(:all, :conditions => ["mail_option=?", true]) || [] - if request.post? - @actions.each { |a| - a.mail_enabled = (params[:action_ids] || []).include? a.id.to_s - a.save - } - flash.now[:notice] = l(:notice_successful_update) - end end def test_email @@ -61,8 +53,8 @@ class AdminController < ApplicationController # Force ActionMailer to raise delivery errors so we can catch it ActionMailer::Base.raise_delivery_errors = true begin - @test = Mailer.deliver_test(logged_in_user) - flash[:notice] = l(:notice_email_sent, logged_in_user.mail) + @test = Mailer.deliver_test(User.current) + flash[:notice] = l(:notice_email_sent, User.current.mail) rescue Exception => e flash[:error] = l(:notice_email_error, e.message) end diff --git a/app/controllers/application.rb b/app/controllers/application.rb index 3f5a2c76f..cac2d6464 100644 --- a/app/controllers/application.rb +++ b/app/controllers/application.rb @@ -16,48 +16,47 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. class ApplicationController < ActionController::Base - before_filter :check_if_login_required, :set_localization + before_filter :user_setup, :check_if_login_required, :set_localization filter_parameter_logging :password REDMINE_SUPPORTED_SCM.each do |scm| require_dependency "repository/#{scm.underscore}" end - def logged_in_user=(user) - @logged_in_user = user - session[:user_id] = (user ? user.id : nil) + def logged_in_user + User.current.logged? ? User.current : nil end - def logged_in_user + def current_role + @current_role ||= User.current.role_for_project(@project) + end + + def user_setup if session[:user_id] - @logged_in_user ||= User.find(session[:user_id]) + # existing session + User.current = User.find(session[:user_id]) + elsif cookies[:autologin] && Setting.autologin? + # auto-login feature + User.current = User.find_by_autologin_key(autologin_key) + elsif params[:key] && accept_key_auth_actions.include?(params[:action]) + # RSS key authentication + User.current = User.find_by_rss_key(params[:key]) else - nil + User.current = User.anonymous end end - # Returns the role that the logged in user has on the current project - # or nil if current user is not a member of the project - def logged_in_user_membership - @user_membership ||= logged_in_user.role_for_project(@project) - end - # check if login is globally required to access the application def check_if_login_required # no check needed if user is already logged in - return true if logged_in_user - # auto-login feature - autologin_key = cookies[:autologin] - if autologin_key && Setting.autologin? - self.logged_in_user = User.find_by_autologin_key(autologin_key) - end + return true if User.current.logged? require_login if Setting.login_required? end def set_localization lang = begin - if self.logged_in_user and self.logged_in_user.language and !self.logged_in_user.language.empty? and GLoc.valid_languages.include? self.logged_in_user.language.to_sym - self.logged_in_user.language + if !User.current.language.blank? and GLoc.valid_languages.include? User.current.language.to_sym + User.current.language elsif request.env['HTTP_ACCEPT_LANGUAGE'] accept_lang = parse_qvalues(request.env['HTTP_ACCEPT_LANGUAGE']).first.split('-').first if accept_lang and !accept_lang.empty? and GLoc.valid_languages.include? accept_lang.to_sym @@ -71,7 +70,7 @@ class ApplicationController < ActionController::Base end def require_login - unless self.logged_in_user + if !User.current.logged? store_location redirect_to :controller => "account", :action => "login" return false @@ -81,34 +80,17 @@ class ApplicationController < ActionController::Base def require_admin return unless require_login - unless self.logged_in_user.admin? + if !User.current.admin? render_403 return false end true end - # authorizes the user for the requested action. + # Authorize the user for the requested action def authorize(ctrl = params[:controller], action = params[:action]) - unless @project.active? - @project = nil - render_404 - return false - end - # check if action is allowed on public projects - if @project.is_public? and Permission.allowed_to_public "%s/%s" % [ ctrl, action ] - return true - end - # if action is not public, force login - return unless require_login - # admin is always authorized - return true if self.logged_in_user.admin? - # if not admin, check membership permission - if logged_in_user_membership and Permission.allowed_to_role( "%s/%s" % [ ctrl, action ], logged_in_user_membership ) - return true - end - render_403 - false + allowed = User.current.allowed_to?({:controller => ctrl, :action => action}, @project) + allowed ? true : (User.current.logged? ? render_403 : require_login) end # make sure that the user is a member of the project (or admin) if project is private @@ -119,11 +101,8 @@ class ApplicationController < ActionController::Base render_404 return false end - return true if @project.is_public? - return false unless logged_in_user - return true if logged_in_user.admin? || logged_in_user_membership - render_403 - false + return true if @project.is_public? || User.current.member_of?(@project) || User.current.admin? + User.current.logged? ? render_403 : require_login end # store current uri in session. @@ -154,6 +133,21 @@ class ApplicationController < ActionController::Base render :template => "common/404", :layout => true, :status => 404 return false end + + def render_feed(items, options={}) + @items = items.sort {|x,y| y.event_datetime <=> x.event_datetime } + @title = options[:title] || Setting.app_title + render :template => "common/feed.atom.rxml", :layout => false, :content_type => 'application/atom+xml' + end + + def self.accept_key_auth(*actions) + actions = actions.flatten.map(&:to_s) + write_inheritable_attribute('accept_key_auth_actions', actions) + end + + def accept_key_auth_actions + self.class.read_inheritable_attribute('accept_key_auth_actions') || [] + end # qvalues http header parser # code taken from webrick @@ -173,4 +167,4 @@ class ApplicationController < ActionController::Base end return tmp end -end
\ No newline at end of file +end diff --git a/app/controllers/boards_controller.rb b/app/controllers/boards_controller.rb index 0ad2645f8..2a90e9857 100644 --- a/app/controllers/boards_controller.rb +++ b/app/controllers/boards_controller.rb @@ -17,9 +17,7 @@ class BoardsController < ApplicationController layout 'base' - before_filter :find_project - before_filter :authorize, :except => [:index, :show] - before_filter :check_project_privacy, :only => [:index, :show] + before_filter :find_project, :authorize helper :messages include MessagesHelper diff --git a/app/controllers/documents_controller.rb b/app/controllers/documents_controller.rb index 3c7e56b43..5659e9ced 100644 --- a/app/controllers/documents_controller.rb +++ b/app/controllers/documents_controller.rb @@ -52,7 +52,7 @@ class DocumentsController < ApplicationController a = Attachment.create(:container => @document, :file => file, :author => logged_in_user) @attachments << a unless a.new_record? } if params[:attachments] and params[:attachments].is_a? Array - Mailer.deliver_attachments_add(@attachments) if !@attachments.empty? and Permission.find_by_controller_and_action(params[:controller], params[:action]).mail_enabled? + Mailer.deliver_attachments_add(@attachments) if !@attachments.empty? #and Permission.find_by_controller_and_action(params[:controller], params[:action]).mail_enabled? redirect_to :action => 'show', :id => @document end diff --git a/app/controllers/issues_controller.rb b/app/controllers/issues_controller.rb index 31cc6ae7d..56a9b11ca 100644 --- a/app/controllers/issues_controller.rb +++ b/app/controllers/issues_controller.rb @@ -72,8 +72,15 @@ class IssuesController < ApplicationController unless params[:notes].empty? journal = @issue.init_journal(self.logged_in_user, params[:notes]) if @issue.save + params[:attachments].each { |file| + next unless file.size > 0 + a = Attachment.create(:container => @issue, :file => file, :author => logged_in_user) + journal.details << JournalDetail.new(:property => 'attachment', + :prop_key => a.id, + :value => a.filename) unless a.new_record? + } if params[:attachments] and params[:attachments].is_a? Array flash[:notice] = l(:notice_successful_update) - Mailer.deliver_issue_edit(journal) if Permission.find_by_controller_and_action(params[:controller], params[:action]).mail_enabled? + Mailer.deliver_issue_edit(journal) #if Permission.find_by_controller_and_action(params[:controller], params[:action]).mail_enabled? redirect_to :action => 'show', :id => @issue return end @@ -100,14 +107,14 @@ class IssuesController < ApplicationController } if params[:attachments] and params[:attachments].is_a? Array # Log time - if logged_in_user.authorized_to(@project, "timelog/edit") + if current_role.allowed_to?(:log_time) @time_entry ||= TimeEntry.new(:project => @project, :issue => @issue, :user => logged_in_user, :spent_on => Date.today) @time_entry.attributes = params[:time_entry] @time_entry.save end flash[:notice] = l(:notice_successful_update) - Mailer.deliver_issue_edit(journal) if Permission.find_by_controller_and_action(params[:controller], params[:action]).mail_enabled? + Mailer.deliver_issue_edit(journal) #if Permission.find_by_controller_and_action(params[:controller], params[:action]).mail_enabled? redirect_to :action => 'show', :id => @issue end rescue ActiveRecord::StaleObjectError @@ -124,23 +131,6 @@ class IssuesController < ApplicationController redirect_to :controller => 'projects', :action => 'list_issues', :id => @project end - def add_attachment - # Save the attachments - @attachments = [] - journal = @issue.init_journal(self.logged_in_user) - params[:attachments].each { |file| - next unless file.size > 0 - a = Attachment.create(:container => @issue, :file => file, :author => logged_in_user) - @attachments << a unless a.new_record? - journal.details << JournalDetail.new(:property => 'attachment', - :prop_key => a.id, - :value => a.filename) unless a.new_record? - } if params[:attachments] and params[:attachments].is_a? Array - journal.save if journal.details.any? - Mailer.deliver_attachments_add(@attachments) if !@attachments.empty? and Permission.find_by_controller_and_action(params[:controller], params[:action]).mail_enabled? - redirect_to :action => 'show', :id => @issue - end - def destroy_attachment a = @issue.attachments.find(params[:attachment_id]) a.destroy diff --git a/app/controllers/messages_controller.rb b/app/controllers/messages_controller.rb index 1b0d2a680..74a957d6c 100644 --- a/app/controllers/messages_controller.rb +++ b/app/controllers/messages_controller.rb @@ -17,8 +17,7 @@ class MessagesController < ApplicationController layout 'base' - before_filter :find_project, :check_project_privacy - before_filter :require_login, :only => [:new, :reply] + before_filter :find_project, :authorize verify :method => :post, :only => [ :reply, :destroy ], :redirect_to => { :action => :show } diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb index 0613f9e40..2f5e24e28 100644 --- a/app/controllers/projects_controller.rb +++ b/app/controllers/projects_controller.rb @@ -22,6 +22,7 @@ class ProjectsController < ApplicationController before_filter :find_project, :except => [ :index, :list, :add ] before_filter :authorize, :except => [ :index, :list, :add, :archive, :unarchive, :destroy ] before_filter :require_admin, :only => [ :add, :archive, :unarchive, :destroy ] + accept_key_auth :activity, :calendar cache_sweeper :project_sweeper, :only => [ :add, :edit, :archive, :unarchive, :destroy ] cache_sweeper :issue_sweeper, :only => [ :add_issue ] @@ -97,8 +98,7 @@ class ProjectsController < ApplicationController @trackers = Tracker.find(:all, :order => 'position') @open_issues_by_tracker = Issue.count(:group => :tracker, :joins => "INNER JOIN #{IssueStatus.table_name} ON #{IssueStatus.table_name}.id = #{Issue.table_name}.status_id", :conditions => ["project_id=? and #{IssueStatus.table_name}.is_closed=?", @project.id, false]) @total_issues_by_tracker = Issue.count(:group => :tracker, :conditions => ["project_id=?", @project.id]) - - @key = logged_in_user.get_or_create_rss_key.value if logged_in_user + @key = User.current.rss_key end def settings @@ -224,7 +224,7 @@ class ProjectsController < ApplicationController Attachment.create(:container => @document, :file => a, :author => logged_in_user) unless a.size == 0 } if params[:attachments] and params[:attachments].is_a? Array flash[:notice] = l(:notice_successful_create) - Mailer.deliver_document_add(@document) if Permission.find_by_controller_and_action(params[:controller], params[:action]).mail_enabled? + Mailer.deliver_document_add(@document) #if Permission.find_by_controller_and_action(params[:controller], params[:action]).mail_enabled? redirect_to :action => 'list_documents', :id => @project end end @@ -268,7 +268,7 @@ class ProjectsController < ApplicationController if @issue.save @attachments.each(&:save) flash[:notice] = l(:notice_successful_create) - Mailer.deliver_issue_add(@issue) if Permission.find_by_controller_and_action(params[:controller], params[:action]).mail_enabled? + Mailer.deliver_issue_add(@issue) #if Permission.find_by_controller_and_action(params[:controller], params[:action]).mail_enabled? redirect_to :action => 'list_issues', :id => @project end end @@ -383,7 +383,7 @@ class ProjectsController < ApplicationController redirect_to :action => 'list_issues', :id => @project and return unless @issues @projects = [] # find projects to which the user is allowed to move the issue - @logged_in_user.memberships.each {|m| @projects << m.project if Permission.allowed_to_role("projects/move_issues", m.role)} + User.current.memberships.each {|m| @projects << m.project if m.role.allowed_to?(:controller => 'projects', :action => 'move_issues')} # issue can be moved to any tracker @trackers = Tracker.find(:all) if request.post? and params[:new_project_id] and params[:new_tracker_id] @@ -424,7 +424,11 @@ class ProjectsController < ApplicationController # Show news list of @project def list_news @news_pages, @news = paginate :news, :per_page => 10, :conditions => ["project_id=?", @project.id], :include => :author, :order => "#{News.table_name}.created_on DESC" - render :action => "list_news", :layout => false if request.xhr? + + respond_to do |format| + format.html { render :layout => false if request.xhr? } + format.atom { render_feed(@news, :title => "#{@project.name}: #{l(:label_news_plural)}") } + end end def add_file @@ -437,7 +441,7 @@ class ProjectsController < ApplicationController a = Attachment.create(:container => @version, :file => file, :author => logged_in_user) @attachments << a unless a.new_record? } if params[:attachments] and params[:attachments].is_a? Array - Mailer.deliver_attachments_add(@attachments) if !@attachments.empty? and Permission.find_by_controller_and_action(params[:controller], params[:action]).mail_enabled? + Mailer.deliver_attachments_add(@attachments) if !@attachments.empty? #and Permission.find_by_controller_and_action(params[:controller], params[:action]).mail_enabled? redirect_to :controller => 'projects', :action => 'list_files', :id => @project end @versions = @project.versions.sort @@ -471,80 +475,67 @@ class ProjectsController < ApplicationController @year ||= Date.today.year @month ||= Date.today.month - @date_from = Date.civil(@year, @month, 1) - @date_to = @date_from >> 1 + case params[:format] + when 'rss' + # 30 last days + @date_from = Date.today - 30 + @date_to = Date.today + 1 + else + # current month + @date_from = Date.civil(@year, @month, 1) + @date_to = @date_from >> 1 + end - @events_by_day = Hash.new { |h,k| h[k] = [] } + @event_types = %w(issues news attachments documents wiki_edits revisions) + @event_types.delete('wiki_edits') unless @project.wiki + @event_types.delete('changesets') unless @project.repository - unless params[:show_issues] == "0" - @project.issues.find(:all, :include => [:author], :conditions => ["#{Issue.table_name}.created_on BETWEEN ? AND ?", @date_from, @date_to] ).each { |i| - @events_by_day[i.created_on.to_date] << i - } - @project.issue_changes.find(:all, :include => :details, :conditions => ["(#{Journal.table_name}.created_on BETWEEN ? AND ?) AND (#{JournalDetail.table_name}.prop_key = 'status_id')", @date_from, @date_to] ).each { |i| - @events_by_day[i.created_on.to_date] << i - } - @show_issues = 1 + @scope = @event_types.select {|t| params["show_#{t}"]} + # default events if none is specified in parameters + @scope = (@event_types - %w(wiki_edits))if @scope.empty? + + @events = [] + + if @scope.include?('issues') + @events += @project.issues.find(:all, :include => [:author, :tracker], :conditions => ["#{Issue.table_name}.created_on>=? and #{Issue.table_name}.created_on<=?", @date_from, @date_to] ) end - unless params[:show_news] == "0" - @project.news.find(:all, :conditions => ["#{News.table_name}.created_on BETWEEN ? AND ?", @date_from, @date_to], :include => :author ).each { |i| - @events_by_day[i.created_on.to_date] << i - } - @show_news = 1 + if @scope.include?('news') + @events += @project.news.find(:all, :conditions => ["#{News.table_name}.created_on>=? and #{News.table_name}.created_on<=?", @date_from, @date_to], :include => :author ) end - unless params[:show_files] == "0" - Attachment.find(:all, :select => "#{Attachment.table_name}.*", - :joins => "LEFT JOIN #{Version.table_name} ON #{Version.table_name}.id = #{Attachment.table_name}.container_id", - :conditions => ["#{Attachment.table_name}.container_type='Version' and #{Version.table_name}.project_id=? and #{Attachment.table_name}.created_on BETWEEN ? AND ? ", @project.id, @date_from, @date_to], - :include => :author ).each { |i| - @events_by_day[i.created_on.to_date] << i - } - @show_files = 1 + if @scope.include?('attachments') + @events += Attachment.find(:all, :select => "#{Attachment.table_name}.*", :joins => "LEFT JOIN #{Version.table_name} ON #{Version.table_name}.id = #{Attachment.table_name}.container_id", :conditions => ["#{Attachment.table_name}.container_type='Version' and #{Version.table_name}.project_id=? and #{Attachment.table_name}.created_on>=? and #{Attachment.table_name}.created_on<=?", @project.id, @date_from, @date_to], :include => :author ) end - unless params[:show_documents] == "0" - @project.documents.find(:all, :conditions => ["#{Document.table_name}.created_on BETWEEN ? AND ?", @date_from, @date_to] ).each { |i| - @events_by_day[i.created_on.to_date] << i - } - Attachment.find(:all, :select => "attachments.*", - :joins => "LEFT JOIN #{Document.table_name} ON #{Document.table_name}.id = #{Attachment.table_name}.container_id", - :conditions => ["#{Attachment.table_name}.container_type='Document' and #{Document.table_name}.project_id=? and #{Attachment.table_name}.created_on BETWEEN ? AND ? ", @project.id, @date_from, @date_to], - :include => :author ).each { |i| - @events_by_day[i.created_on.to_date] << i - } - @show_documents = 1 + if @scope.include?('documents') + @events += @project.documents.find(:all, :conditions => ["#{Document.table_name}.created_on>=? and #{Document.table_name}.created_on<=?", @date_from, @date_to] ) + @events += Attachment.find(:all, :select => "attachments.*", :joins => "LEFT JOIN #{Document.table_name} ON #{Document.table_name}.id = #{Attachment.table_name}.container_id", :conditions => ["#{Attachment.table_name}.container_type='Document' and #{Document.table_name}.project_id=? and #{Attachment.table_name}.created_on>=? and #{Attachment.table_name}.created_on<=?", @project.id, @date_from, @date_to], :include => :author ) end - unless @project.wiki.nil? || params[:show_wiki_edits] == "0" + if @scope.include?('wiki_edits') && @project.wiki select = "#{WikiContent.versioned_table_name}.updated_on, #{WikiContent.versioned_table_name}.comments, " + - "#{WikiContent.versioned_table_name}.#{WikiContent.version_column}, #{WikiPage.table_name}.title" + "#{WikiContent.versioned_table_name}.#{WikiContent.version_column}, #{WikiPage.table_name}.title, " + + "#{WikiContent.versioned_table_name}.page_id, #{WikiContent.versioned_table_name}.author_id, " + + "#{WikiContent.versioned_table_name}.id" joins = "LEFT JOIN #{WikiPage.table_name} ON #{WikiPage.table_name}.id = #{WikiContent.versioned_table_name}.page_id " + "LEFT JOIN #{Wiki.table_name} ON #{Wiki.table_name}.id = #{WikiPage.table_name}.wiki_id " conditions = ["#{Wiki.table_name}.project_id = ? AND #{WikiContent.versioned_table_name}.updated_on BETWEEN ? AND ?", @project.id, @date_from, @date_to] - WikiContent.versioned_class.find(:all, :select => select, :joins => joins, :conditions => conditions).each { |i| - # We provide this alias so all events can be treated in the same manner - def i.created_on - self.updated_on - end - @events_by_day[i.created_on.to_date] << i - } - @show_wiki_edits = 1 + @events += WikiContent.versioned_class.find(:all, :select => select, :joins => joins, :conditions => conditions) end - unless @project.repository.nil? || params[:show_changesets] == "0" - @project.repository.changesets.find(:all, :conditions => ["#{Changeset.table_name}.committed_on BETWEEN ? AND ?", @date_from, @date_to]).each { |i| - def i.created_on - self.committed_on - end - @events_by_day[i.created_on.to_date] << i - } - @show_changesets = 1 + if @scope.include?('revisions') && @project.repository + @events += @project.repository.changesets.find(:all, :conditions => ["#{Changeset.table_name}.committed_on BETWEEN ? AND ?", @date_from, @date_to]) end - render :layout => false if request.xhr? + @events_by_day = @events.group_by(&:event_date) + + respond_to do |format| + format.html { render :layout => false if request.xhr? } + format.atom { render_feed(@events, :title => "#{@project.name}: #{l(:label_activity)}") } + end end def calendar @@ -630,7 +621,7 @@ class ProjectsController < ApplicationController def feeds @queries = @project.queries.find :all, :conditions => ["is_public=? or user_id=?", true, (logged_in_user ? logged_in_user.id : 0)] - @key = logged_in_user.get_or_create_rss_key.value if logged_in_user + @key = User.current.rss_key end private diff --git a/app/controllers/queries_controller.rb b/app/controllers/queries_controller.rb index 631895284..bcc233699 100644 --- a/app/controllers/queries_controller.rb +++ b/app/controllers/queries_controller.rb @@ -16,9 +16,8 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. class QueriesController < ApplicationController - layout 'base' - before_filter :require_login, :except => :index - before_filter :find_project, :check_project_privacy + layout 'base' + before_filter :find_project, :authorize def index @queries = @project.queries.find(:all, @@ -31,7 +30,7 @@ class QueriesController < ApplicationController @query.project = @project @query.user = logged_in_user @query.executed_by = logged_in_user - @query.is_public = false unless logged_in_user.authorized_to(@project, 'projects/add_query') + @query.is_public = false unless current_role.allowed_to?(:manage_pulic_queries) params[:fields].each do |field| @query.add_filter(field, params[:operators][field], params[:values][field]) @@ -52,7 +51,7 @@ class QueriesController < ApplicationController @query.add_filter(field, params[:operators][field], params[:values][field]) end if params[:fields] @query.attributes = params[:query] - @query.is_public = false unless logged_in_user.authorized_to(@project, 'projects/add_query') + @query.is_public = false unless current_role.allowed_to?(:manage_pulic_queries) if @query.save flash[:notice] = l(:notice_successful_update) diff --git a/app/controllers/repositories_controller.rb b/app/controllers/repositories_controller.rb index 5bcba8e3a..f99ea0b35 100644 --- a/app/controllers/repositories_controller.rb +++ b/app/controllers/repositories_controller.rb @@ -22,8 +22,8 @@ require 'digest/sha1' class RepositoriesController < ApplicationController layout 'base' before_filter :find_project, :except => [:update_form] - before_filter :authorize, :except => [:update_form, :stats, :graph] - before_filter :check_project_privacy, :only => [:stats, :graph] + before_filter :authorize, :except => [:update_form] + accept_key_auth :revisions def show # check if new revisions have been committed in the repository @@ -57,7 +57,10 @@ class RepositoriesController < ApplicationController :limit => @changeset_pages.items_per_page, :offset => @changeset_pages.current.offset) - render :action => "revisions", :layout => false if request.xhr? + respond_to do |format| + format.html { render :layout => false if request.xhr? } + format.atom { render_feed(@changesets, :title => "#{@project.name}: #{l(:label_revision_plural)}") } + end end def entry diff --git a/app/controllers/roles_controller.rb b/app/controllers/roles_controller.rb index 6f1657675..24c7a3ffe 100644 --- a/app/controllers/roles_controller.rb +++ b/app/controllers/roles_controller.rb @@ -28,40 +28,35 @@ class RolesController < ApplicationController end def list - @role_pages, @roles = paginate :roles, :per_page => 25, :order => "position" + @role_pages, @roles = paginate :roles, :per_page => 25, :order => 'builtin, position' render :action => "list", :layout => false if request.xhr? end def new @role = Role.new(params[:role]) - if request.post? - @role.permissions = Permission.find(params[:permission_ids]) if params[:permission_ids] - if @role.save - flash[:notice] = l(:notice_successful_create) - redirect_to :action => 'list' - end + if request.post? && @role.save + flash[:notice] = l(:notice_successful_create) + redirect_to :action => 'list' end - @permissions = Permission.find(:all, :conditions => ["is_public=?", false], :order => 'sort ASC') + @permissions = @role.setable_permissions end def edit @role = Role.find(params[:id]) if request.post? and @role.update_attributes(params[:role]) - @role.permissions = Permission.find(params[:permission_ids] || []) - Permission.allowed_to_role_expired flash[:notice] = l(:notice_successful_update) redirect_to :action => 'list' end - @permissions = Permission.find(:all, :conditions => ["is_public=?", false], :order => 'sort ASC') + @permissions = @role.setable_permissions end def destroy @role = Role.find(params[:id]) - unless @role.members.empty? - flash[:error] = 'Some members have this role. Can\'t delete it.' - else + #unless @role.members.empty? + # flash[:error] = 'Some members have this role. Can\'t delete it.' + #else @role.destroy - end + #end redirect_to :action => 'list' end @@ -95,19 +90,19 @@ class RolesController < ApplicationController flash[:notice] = l(:notice_successful_update) end end - @roles = Role.find(:all, :order => 'position') + @roles = Role.find(:all, :order => 'builtin, position') @trackers = Tracker.find(:all, :order => 'position') @statuses = IssueStatus.find(:all, :include => :workflows, :order => 'position') end def report - @roles = Role.find(:all, :order => 'position') - @permissions = Permission.find :all, :conditions => ["is_public=?", false], :order => 'sort' + @roles = Role.find(:all, :order => 'builtin, position') + @permissions = Redmine::AccessControl.permissions.select { |p| !p.public? } if request.post? @roles.each do |role| - role.permissions = Permission.find(params[:permission_ids] ? (params[:permission_ids][role.id.to_s] || []) : [] ) + role.permissions = params[:permissions][role.id.to_s] + role.save end - Permission.allowed_to_role_expired flash[:notice] = l(:notice_successful_update) redirect_to :action => 'list' end diff --git a/app/controllers/timelog_controller.rb b/app/controllers/timelog_controller.rb index 01c4ddca9..1c15fa564 100644 --- a/app/controllers/timelog_controller.rb +++ b/app/controllers/timelog_controller.rb @@ -16,11 +16,8 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. class TimelogController < ApplicationController - layout 'base' - - before_filter :find_project - before_filter :authorize, :only => :edit - before_filter :check_project_privacy, :except => :edit + layout 'base' + before_filter :find_project, :authorize helper :sort include SortHelper diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 3e107287b..7e3abc75c 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -87,7 +87,7 @@ class UsersController < ApplicationController end end @auth_sources = AuthSource.find(:all) - @roles = Role.find(:all, :order => 'position') + @roles = Role.find_all_givable @projects = Project.find(:all, :order => 'name', :conditions => "status=#{Project::STATUS_ACTIVE}") - @user.projects @membership ||= Member.new end diff --git a/app/controllers/watchers_controller.rb b/app/controllers/watchers_controller.rb index f617a5b5a..206dc0843 100644 --- a/app/controllers/watchers_controller.rb +++ b/app/controllers/watchers_controller.rb @@ -20,7 +20,7 @@ class WatchersController < ApplicationController before_filter :require_login, :find_project, :check_project_privacy def add - user = logged_in_user + user = User.current @watched.add_watcher(user) respond_to do |format| format.html { render :text => 'Watcher added.', :layout => true } @@ -29,7 +29,7 @@ class WatchersController < ApplicationController end def remove - user = logged_in_user + user = User.current @watched.remove_watcher(user) respond_to do |format| format.html { render :text => 'Watcher removed.', :layout => true } diff --git a/app/controllers/welcome_controller.rb b/app/controllers/welcome_controller.rb index 7b1c398d1..2eac2268f 100644 --- a/app/controllers/welcome_controller.rb +++ b/app/controllers/welcome_controller.rb @@ -21,7 +21,5 @@ class WelcomeController < ApplicationController def index @news = News.latest logged_in_user @projects = Project.latest logged_in_user - - @key = logged_in_user.get_or_create_rss_key.value if logged_in_user end end diff --git a/app/controllers/wiki_controller.rb b/app/controllers/wiki_controller.rb index 748821d72..e9212a1c7 100644 --- a/app/controllers/wiki_controller.rb +++ b/app/controllers/wiki_controller.rb @@ -19,8 +19,7 @@ require 'diff' class WikiController < ApplicationController layout 'base' - before_filter :find_wiki, :check_project_privacy - before_filter :authorize, :only => [:destroy, :add_attachment, :destroy_attachment] + before_filter :find_wiki, :authorize verify :method => :post, :only => [:destroy, :destroy_attachment], :redirect_to => { :action => :index } diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb index 41becd0f2..550ce3c59 100644 --- a/app/helpers/application_helper.rb +++ b/app/helpers/application_helper.rb @@ -25,32 +25,18 @@ end module ApplicationHelper - # Return current logged in user or nil - def loggedin? - @logged_in_user + def current_role + @current_role ||= User.current.role_for_project(@project) end - # Return true if user is logged in and is admin, otherwise false - def admin_loggedin? - @logged_in_user and @logged_in_user.admin? - end - # Return true if user is authorized for controller/action, otherwise false - def authorize_for(controller, action) - # check if action is allowed on public projects - if @project.is_public? and Permission.allowed_to_public "%s/%s" % [ controller, action ] - return true - end - # check if user is authorized - if @logged_in_user and (@logged_in_user.admin? or Permission.allowed_to_role( "%s/%s" % [ controller, action ], @logged_in_user.role_for_project(@project) ) ) - return true - end - return false + def authorize_for(controller, action) + User.current.allowed_to?({:controller => controller, :action => action}, @project) end # Display a link if user is authorized def link_to_if_authorized(name, options = {}, html_options = nil, *parameters_for_method_reference) - link_to(name, options, html_options, *parameters_for_method_reference) if authorize_for(options[:controller], options[:action]) + link_to(name, options, html_options, *parameters_for_method_reference) if authorize_for(options[:controller] || params[:controller], options[:action]) end # Display a link to user's account page diff --git a/app/helpers/projects_helper.rb b/app/helpers/projects_helper.rb index abf2bcf86..da674985b 100644 --- a/app/helpers/projects_helper.rb +++ b/app/helpers/projects_helper.rb @@ -175,4 +175,12 @@ module ProjectsHelper gc.draw(imgl) imgl end if Object.const_defined?(:Magick) + + def new_issue_selector + trackers = Tracker.find(:all, :order => 'position') + form_tag({:controller => 'projects', :action => 'add_issue', :id => @project}, :method => :get) + + select_tag('tracker_id', '<option></option' + options_from_collection_for_select(trackers, 'id', 'name'), + :onchange => "if (this.value != '') {this.form.submit()}") + + end_form_tag + end end diff --git a/app/helpers/watchers_helper.rb b/app/helpers/watchers_helper.rb index 87b381055..c83c785fc 100644 --- a/app/helpers/watchers_helper.rb +++ b/app/helpers/watchers_helper.rb @@ -21,7 +21,7 @@ module WatchersHelper end def watcher_link(object, user) - return '' unless user && object.respond_to?('watched_by?') + return '' unless user && user.logged? && object.respond_to?('watched_by?') watched = object.watched_by?(user) url = {:controller => 'watchers', :action => (watched ? 'remove' : 'add'), diff --git a/app/models/attachment.rb b/app/models/attachment.rb index 443a75bab..f57038b96 100644 --- a/app/models/attachment.rb +++ b/app/models/attachment.rb @@ -24,7 +24,11 @@ class Attachment < ActiveRecord::Base validates_presence_of :container, :filename validates_length_of :filename, :maximum => 255 validates_length_of :disk_filename, :maximum => 255 - + + acts_as_event :title => :filename, + :description => :filename, + :url => Proc.new {|o| {:controller => 'attachment', :action => 'download', :id => o.id}} + cattr_accessor :storage_path @@storage_path = "#{RAILS_ROOT}/files" diff --git a/app/models/changeset.rb b/app/models/changeset.rb index 57e2d74a4..9400df869 100644 --- a/app/models/changeset.rb +++ b/app/models/changeset.rb @@ -19,6 +19,12 @@ class Changeset < ActiveRecord::Base belongs_to :repository has_many :changes, :dependent => :delete_all has_and_belongs_to_many :issues + + acts_as_event :title => Proc.new {|o| "#{l(:label_revision)} #{o.revision}" + (o.comments.blank? ? '' : (': ' + o.comments))}, + :description => :comments, + :datetime => :committed_on, + :author => :committer, + :url => Proc.new {|o| {:controller => 'repositories', :action => 'revision', :id => o.repository.project_id, :rev => o.revision}} validates_presence_of :repository_id, :revision, :committed_on, :commit_date validates_numericality_of :revision, :only_integer => true diff --git a/app/models/document.rb b/app/models/document.rb index 8b5d68e87..6989191ce 100644 --- a/app/models/document.rb +++ b/app/models/document.rb @@ -20,6 +20,8 @@ class Document < ActiveRecord::Base belongs_to :category, :class_name => "Enumeration", :foreign_key => "category_id" has_many :attachments, :as => :container, :dependent => :destroy + acts_as_event :url => Proc.new {|o| {:controller => 'documents', :action => 'show', :id => o.id}} + validates_presence_of :project, :title, :category validates_length_of :title, :maximum => 60 end diff --git a/app/models/issue.rb b/app/models/issue.rb index 65b34cb92..b6eda1767 100644 --- a/app/models/issue.rb +++ b/app/models/issue.rb @@ -36,6 +36,8 @@ class Issue < ActiveRecord::Base has_many :relations_to, :class_name => 'IssueRelation', :foreign_key => 'issue_to_id', :dependent => :delete_all acts_as_watchable + acts_as_event :title => Proc.new {|o| "#{o.tracker.name} ##{o.id}: #{o.subject}"}, + :url => Proc.new {|o| {:controller => 'issues', :action => 'show', :id => o.id}} validates_presence_of :subject, :description, :priority, :tracker, :author, :status validates_length_of :subject, :maximum => 255 diff --git a/app/models/mail_handler.rb b/app/models/mail_handler.rb index 39b088bf4..7a1d73244 100644 --- a/app/models/mail_handler.rb +++ b/app/models/mail_handler.rb @@ -31,7 +31,7 @@ class MailHandler < ActionMailer::Base user = User.find_active(:first, :conditions => {:mail => email.from.first}) return unless user # check permission - return unless Permission.allowed_to_role("issues/add_note", user.role_for_project(issue.project)) + return unless user.allowed_to?(:add_issue_notes, issue.project) # add the note issue.init_journal(user, email.body.chomp) diff --git a/app/models/member.rb b/app/models/member.rb index 2aa26d42f..39703147d 100644 --- a/app/models/member.rb +++ b/app/models/member.rb @@ -23,6 +23,10 @@ class Member < ActiveRecord::Base validates_presence_of :role, :user, :project validates_uniqueness_of :user_id, :scope => :project_id + def validate + errors.add :role_id, :activerecord_error_invalid if role && !role.member? + end + def name self.user.name end diff --git a/app/models/news.rb b/app/models/news.rb index e9a48846a..4352363d9 100644 --- a/app/models/news.rb +++ b/app/models/news.rb @@ -23,7 +23,9 @@ class News < ActiveRecord::Base validates_presence_of :title, :description validates_length_of :title, :maximum => 60 validates_length_of :summary, :maximum => 255 - + + acts_as_event :url => Proc.new {|o| {:controller => 'news', :action => 'show', :id => o.id}} + # returns latest news for projects visible by user def self.latest(user=nil, count=5) find(:all, :limit => count, :conditions => Project.visible_by(user), :include => [ :author, :project ], :order => "#{News.table_name}.created_on DESC") diff --git a/app/models/permission.rb b/app/models/permission.rb deleted file mode 100644 index bea670c4c..000000000 --- a/app/models/permission.rb +++ /dev/null @@ -1,68 +0,0 @@ -# redMine - project management software -# Copyright (C) 2006 Jean-Philippe Lang -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License -# as published by the Free Software Foundation; either version 2 -# of the License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - -class Permission < ActiveRecord::Base - has_and_belongs_to_many :roles - - validates_presence_of :controller, :action, :description - - GROUPS = { - 100 => :label_project, - 200 => :label_member_plural, - 300 => :label_version_plural, - 400 => :label_issue_category_plural, - 600 => :label_query_plural, - 1000 => :label_issue_plural, - 1100 => :label_news_plural, - 1200 => :label_document_plural, - 1300 => :label_attachment_plural, - 1400 => :label_repository, - 1500 => :label_time_tracking, - 1700 => :label_wiki_page_plural, - 2000 => :label_board_plural - }.freeze - - @@cached_perms_for_public = nil - @@cached_perms_for_roles = nil - - def name - self.controller + "/" + self.action - end - - def group_id - (self.sort / 100)*100 - end - - def self.allowed_to_public(action) - @@cached_perms_for_public ||= find(:all, :conditions => ["is_public=?", true]).collect {|p| "#{p.controller}/#{p.action}"} - @@cached_perms_for_public.include? action - end - - def self.allowed_to_role(action, role) - @@cached_perms_for_roles ||= - begin - perms = {} - find(:all, :include => :roles).each {|p| perms.store "#{p.controller}/#{p.action}", p.roles.collect {|r| r.id } } - perms - end - allowed_to_public(action) or (role && @@cached_perms_for_roles[action] && @@cached_perms_for_roles[action].include?(role.id)) - end - - def self.allowed_to_role_expired - @@cached_perms_for_roles = nil - end -end diff --git a/app/models/query.rb b/app/models/query.rb index 28f65ddf6..ff519d71c 100644 --- a/app/models/query.rb +++ b/app/models/query.rb @@ -78,7 +78,7 @@ class Query < ActiveRecord::Base def editable_by?(user) return false unless user return true if !is_public && self.user_id == user.id - is_public && user.authorized_to(project, "projects/add_query") + is_public && user.allowed_to?(:manage_pulic_queries, project) end def available_filters diff --git a/app/models/role.rb b/app/models/role.rb index 98d735e8e..015146dc4 100644 --- a/app/models/role.rb +++ b/app/models/role.rb @@ -16,23 +16,93 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. class Role < ActiveRecord::Base - before_destroy :check_integrity - has_and_belongs_to_many :permissions + # Built-in roles + BUILTIN_NON_MEMBER = 1 + BUILTIN_ANONYMOUS = 2 + + before_destroy :check_deletable has_many :workflows, :dependent => :delete_all has_many :members acts_as_list + + serialize :permissions + attr_protected :builtin validates_presence_of :name validates_uniqueness_of :name validates_length_of :name, :maximum => 30 validates_format_of :name, :with => /^[\w\s\'\-]*$/i + def permissions + read_attribute(:permissions) || [] + end + + def permissions=(perms) + perms = perms.collect {|p| p.to_sym unless p.blank? }.compact if perms + write_attribute(:permissions, perms) + end + def <=>(role) position <=> role.position end + # Return true if the role is a builtin role + def builtin? + self.builtin != 0 + end + + # Return true if the role is a project member role + def member? + !self.builtin? + end + + # Return true if role is allowed to do the specified action + # action can be: + # * a parameter-like Hash (eg. :controller => 'projects', :action => 'edit') + # * a permission Symbol (eg. :edit_project) + def allowed_to?(action) + if action.is_a? Hash + allowed_actions.include? "#{action[:controller]}/#{action[:action]}" + else + allowed_permissions.include? action + end + end + + # Return all the permissions that can be given to the role + def setable_permissions + setable_permissions = Redmine::AccessControl.permissions - Redmine::AccessControl.public_permissions + setable_permissions -= Redmine::AccessControl.members_only_permissions if self.builtin == BUILTIN_NON_MEMBER + setable_permissions -= Redmine::AccessControl.loggedin_only_permissions if self.builtin == BUILTIN_ANONYMOUS + setable_permissions + end + + # Find all the roles that can be given to a project member + def self.find_all_givable + find(:all, :conditions => {:builtin => 0}, :order => 'position') + end + + # Return the builtin 'non member' role + def self.non_member + find(:first, :conditions => {:builtin => BUILTIN_NON_MEMBER}) || raise('Missing non-member builtin role.') + end + + # Return the builtin 'anonymous' role + def self.anonymous + find(:first, :conditions => {:builtin => BUILTIN_ANONYMOUS}) || raise('Missing anonymous builtin role.') + end + + private - def check_integrity - raise "Can't delete role" if Member.find(:first, :conditions =>["role_id=?", self.id]) + def allowed_permissions + @allowed_permissions ||= permissions + Redmine::AccessControl.public_permissions.collect {|p| p.name} + end + + def allowed_actions + @actions_allowed ||= allowed_permissions.inject([]) { |actions, permission| actions += Redmine::AccessControl.allowed_actions(permission) }.flatten + end + + def check_deletable + raise "Can't delete role" if members.any? + raise "Can't delete builtin role" if builtin? end end diff --git a/app/models/user.rb b/app/models/user.rb index a017b4289..4cb8da1f9 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -28,7 +28,7 @@ class User < ActiveRecord::Base has_many :custom_values, :dependent => :delete_all, :as => :customized has_many :issue_categories, :foreign_key => 'assigned_to_id', :dependent => :nullify has_one :preference, :dependent => :destroy, :class_name => 'UserPreference' - has_one :rss_key, :dependent => :destroy, :class_name => 'Token', :conditions => "action='feeds'" + has_one :rss_token, :dependent => :destroy, :class_name => 'Token', :conditions => "action='feeds'" belongs_to :auth_source attr_accessor :password, :password_confirmation @@ -121,24 +121,14 @@ class User < ActiveRecord::Base User.hash_password(clear_password) == self.hashed_password end - def role_for_project(project) - return nil unless project - member = memberships.detect {|m| m.project_id == project.id} - member ? member.role : nil - end - - def authorized_to(project, action) - return true if self.admin? - role = role_for_project(project) - role && Permission.allowed_to_role(action, role) - end - def pref self.preference ||= UserPreference.new(:user => self) end - def get_or_create_rss_key - self.rss_key || Token.create(:user => self, :action => 'feeds') + # Return user's RSS key (a 40 chars long string), used to access feeds + def rss_key + token = self.rss_token || Token.create(:user => self, :action => 'feeds') + token.value end def self.find_by_rss_key(key) @@ -155,9 +145,72 @@ class User < ActiveRecord::Base lastname == user.lastname ? firstname <=> user.firstname : lastname <=> user.lastname end + def to_s + name + end + + def logged? + true + end + + # Return user's role for project + def role_for_project(project) + # No role on archived projects + return nil unless project && project.active? + # Find project membership + membership = memberships.detect {|m| m.project_id == project.id} + if membership + membership.role + elsif logged? + Role.non_member + else + Role.anonymous + end + end + + # Return true if the user is a member of project + def member_of?(project) + role_for_project(project).member? + end + + # Return true if the user is allowed to do the specified action on project + # action can be: + # * a parameter-like Hash (eg. :controller => 'projects', :action => 'edit') + # * a permission Symbol (eg. :edit_project) + def allowed_to?(action, project) + return false unless project.active? + return true if admin? + role = role_for_project(project) + return false unless role + role.allowed_to?(action) && (project.is_public? || role.member?) + end + + def self.current=(user) + @current_user = user + end + + def self.current + @current_user ||= AnonymousUser.new + end + + def self.anonymous + AnonymousUser.new + end + private # Return password digest def self.hash_password(clear_password) Digest::SHA1.hexdigest(clear_password || "") end end + +class AnonymousUser < User + def logged? + false + end + + # Anonymous user has no RSS key + def rss_key + nil + end +end diff --git a/app/models/wiki_content.rb b/app/models/wiki_content.rb index 2d0be8225..4b60a4373 100644 --- a/app/models/wiki_content.rb +++ b/app/models/wiki_content.rb @@ -28,7 +28,12 @@ class WikiContent < ActiveRecord::Base belongs_to :page, :class_name => 'WikiPage', :foreign_key => 'page_id' belongs_to :author, :class_name => 'User', :foreign_key => 'author_id' attr_protected :data - + + acts_as_event :title => Proc.new {|o| "#{l(:label_wiki_edit)}: #{o.page.title} (##{o.version})"}, + :description => :comments, + :datetime => :updated_on, + :url => Proc.new {|o| {:controller => 'wiki', :id => o.page.wiki.project_id, :page => o.page.title, :version => o.version}} + def text=(plain) case Setting.wiki_compression when 'gzip' diff --git a/app/views/admin/mail_options.rhtml b/app/views/admin/mail_options.rhtml index c70965776..cab94294f 100644 --- a/app/views/admin/mail_options.rhtml +++ b/app/views/admin/mail_options.rhtml @@ -1,26 +1,3 @@ <h2><%=l(:field_mail_notification)%></h2> -<% form_tag({:action => 'mail_options'}, :id => 'mail_options_form') do %> - -<div class="box"> -<p><%=l(:text_select_mail_notifications)%></p> - -<% actions = @actions.group_by {|p| p.group_id } %> -<% actions.keys.sort.each do |group_id| %> -<fieldset style="margin-top: 6px;"><legend><strong><%= l(Permission::GROUPS[group_id]) %></strong></legend> -<% actions[group_id].each do |p| %> - <div style="width:170px;float:left;"><%= check_box_tag "action_ids[]", p.id, p.mail_enabled? %> - <%= l(p.description.to_sym) %> - </div> -<% end %> -<div class="clear"></div> -</fieldset> -<% end %> -<br /> -<%= check_all_links('mail_options_form') %> -</div> - -<p><%= submit_tag l(:button_save) %></p> -<% end %> - <%= link_to l(:label_send_test_email), :action => 'test_email' %> diff --git a/app/views/boards/show.rhtml b/app/views/boards/show.rhtml index cb38cdb53..c31ec67e9 100644 --- a/app/views/boards/show.rhtml +++ b/app/views/boards/show.rhtml @@ -1,6 +1,6 @@ <div class="contextual"> -<%= link_to l(:label_message_new), {:controller => 'messages', :action => 'new', :board_id => @board}, :class => "icon icon-add" %> -<%= watcher_tag(@board, @logged_in_user) %> +<%= link_to_if_authorized l(:label_message_new), {:controller => 'messages', :action => 'new', :board_id => @board}, :class => "icon icon-add" %> +<%= watcher_tag(@board, User.current) %> </div> <h2><%=h @board.name %></h2> diff --git a/app/views/common/feed.atom.rxml b/app/views/common/feed.atom.rxml new file mode 100644 index 000000000..fa00d754a --- /dev/null +++ b/app/views/common/feed.atom.rxml @@ -0,0 +1,26 @@ +xml.instruct! +xml.feed "xmlns" => "http://www.w3.org/2005/Atom" do + xml.title @title + xml.link "rel" => "self", "href" => url_for(params.merge({:format => nil, :only_path => false})) + xml.link "rel" => "alternate", "href" => url_for(:controller => 'welcome', :only_path => false) + xml.id url_for(:controller => 'welcome', :only_path => false) + xml.updated((@items.first ? @items.first.event_datetime : Time.now).xmlschema) + xml.author { xml.name "#{Setting.app_title}" } + xml.generator(:uri => Redmine::Info.url, :version => Redmine::VERSION) { xml.text! "#{Redmine::Info.name} #{Redmine::VERSION}" } + @items.each do |item| + xml.entry do + xml.title truncate(item.event_title, 100) + xml.link "rel" => "alternate", "href" => url_for(item.event_url(:only_path => false)) + xml.id url_for(item.event_url(:only_path => false)) + xml.updated item.event_datetime.xmlschema + author = item.event_author + xml.author do + xml.name(author.is_a?(User) ? author.name : author) + xml.email(author.mail) if author.is_a?(User) + end if author + xml.content "type" => "html" do + xml.text! textilizable(item.event_description) + end + end + end +end diff --git a/app/views/issues/show.rhtml b/app/views/issues/show.rhtml index 078ecd1f5..70b19d1fc 100644 --- a/app/views/issues/show.rhtml +++ b/app/views/issues/show.rhtml @@ -58,7 +58,7 @@ end %> <div class="contextual"> <%= link_to_if_authorized l(:button_edit), {:controller => 'issues', :action => 'edit', :id => @issue}, :class => 'icon icon-edit' %> <%= link_to_if_authorized l(:button_log_time), {:controller => 'timelog', :action => 'edit', :issue_id => @issue}, :class => 'icon icon-time' %> -<%= watcher_tag(@issue, @logged_in_user) %> +<%= watcher_tag(@issue, User.current) %> <%= link_to_if_authorized l(:button_move), {:controller => 'projects', :action => 'move_issues', :id => @project, "issue_ids[]" => @issue.id }, :class => 'icon icon-move' %> <%= link_to_if_authorized l(:button_delete), {:controller => 'issues', :action => 'destroy', :id => @issue}, :confirm => l(:text_are_you_sure), :method => :post, :class => 'icon icon-del' %> </div> @@ -81,6 +81,13 @@ end %> </div> <% end %> +<% if @issue.attachments.any? %> +<div class="box"> +<h3><%=l(:label_attachment_plural)%></h3> +<%= link_to_attachments @issue.attachments, :delete_url => (authorize_for('issues', 'destroy_attachment') ? {:controller => 'issues', :action => 'destroy_attachment', :id => @issue} : nil) %> +</div> +<% end %> + <% if @journals.any? %> <div id="history" class="box"> <h3><%=l(:label_history)%></h3> @@ -88,26 +95,14 @@ end %> </div> <% end %> -<div class="box"> -<h3><%=l(:label_attachment_plural)%></h3> -<%= link_to_attachments @issue.attachments, :delete_url => (authorize_for('issues', 'destroy_attachment') ? {:controller => 'issues', :action => 'destroy_attachment', :id => @issue} : nil) %> - -<% if authorize_for('issues', 'add_attachment') %> -<p><%= toggle_link l(:label_attachment_new), "add_attachment_form" %></p> -<% form_tag({ :controller => 'issues', :action => 'add_attachment', :id => @issue }, :multipart => true, :class => "tabular", :id => "add_attachment_form", :style => "display:none;") do %> - <%= render :partial => 'attachments/form' %> -<%= submit_tag l(:button_add) %> -<% end %> -<% end %> -</div> - <% if authorize_for('issues', 'add_note') %> <div class="box"> <h3><%= l(:label_add_note) %></h3> - <% form_tag({:controller => 'issues', :action => 'add_note', :id => @issue}, :class => "tabular" ) do %> + <% form_tag({:controller => 'issues', :action => 'add_note', :id => @issue}, :class => "tabular", :multipart => true) do %> <p><label for="notes"><%=l(:field_notes)%></label> <%= text_area_tag 'notes', '', :cols => 60, :rows => 10, :class => 'wiki-edit' %></p> <%= wikitoolbar_for 'notes' %> + <%= render :partial => 'attachments/form' %> <%= submit_tag l(:button_add) %> <% end %> </div> diff --git a/app/views/layouts/base.rhtml b/app/views/layouts/base.rhtml index 38a2dbeb6..9c81a313b 100644 --- a/app/views/layouts/base.rhtml +++ b/app/views/layouts/base.rhtml @@ -27,7 +27,7 @@ <h2><%= Setting.app_subtitle %></h2> </div> <div style="float: right; padding-right: 1em; padding-top: 0.2em;"> - <% if loggedin? %><small><%=l(:label_logged_as)%> <strong><%= @logged_in_user.login %></strong> -</small><% end %> + <% if User.current.logged? %><small><%=l(:label_logged_as)%> <strong><%= User.current.login %></strong> -</small><% end %> <small><%= toggle_link l(:label_search), 'quick-search-form', :focus => 'quick-search-input' %></small> <% form_tag({:controller => 'search', :action => 'index', :id => @project}, :method => :get, :id => 'quick-search-form', :style => "display:none;" ) do %> <%= text_field_tag 'q', @question, :size => 15, :class => 'small', :id => 'quick-search-input' %> @@ -40,27 +40,23 @@ <li><%= link_to l(:label_home), { :controller => 'welcome' }, :class => "icon icon-home" %></li> <li><%= link_to l(:label_my_page), { :controller => 'my', :action => 'page'}, :class => "icon icon-mypage" %></li> - <% if loggedin? and @logged_in_user.memberships.any? %> + <% if User.current.memberships.any? %> <li class="submenu"><%= link_to l(:label_project_plural), { :controller => 'projects' }, :class => "icon icon-projects", :onmouseover => "buttonMouseover(event, 'menuAllProjects');" %></li> <% else %> <li><%= link_to l(:label_project_plural), { :controller => 'projects' }, :class => "icon icon-projects" %></li> <% end %> - - <% unless @project.nil? || @project.id.nil? %> - <li class="submenu"><%= link_to @project.name, { :controller => 'projects', :action => 'show', :id => @project }, :class => "icon icon-projects", :onmouseover => "buttonMouseover(event, 'menuProject');" %></li> - <% end %> - <% if loggedin? %> + <% if User.current.logged? %> <li><%= link_to l(:label_my_account), { :controller => 'my', :action => 'account' }, :class => "icon icon-user" %></li> <% end %> - <% if admin_loggedin? %> + <% if User.current.admin? %> <li class="submenu"><%= link_to l(:label_administration), { :controller => 'admin' }, :class => "icon icon-admin", :onmouseover => "buttonMouseover(event, 'menuAdmin');" %></li> <% end %> <li class="right"><%= link_to l(:label_help), { :controller => 'help', :ctrl => params[:controller], :page => params[:action] }, :onclick => "window.open(this.href); return false;", :class => "icon icon-help" %></li> - <% if loggedin? %> + <% if User.current.logged? %> <li class="right"><%= link_to l(:label_logout), { :controller => 'account', :action => 'logout' }, :class => "icon icon-user" %></li> <% else %> <li class="right"><%= link_to l(:label_login), { :controller => 'account', :action => 'login' }, :class => "icon icon-user" %></li> @@ -68,71 +64,28 @@ </ul> </div> - <% if admin_loggedin? %> + <% if User.current.admin? %> <%= render :partial => 'admin/menu' %> <% end %> - - <% unless @project.nil? || @project.id.nil? %> - <div id="menuProject" class="menu" onmouseover="menuMouseover(event)"> - <%= link_to l(:label_calendar), {:controller => 'projects', :action => 'calendar', :id => @project }, :class => "menuItem" %> - <%= link_to l(:label_gantt), {:controller => 'projects', :action => 'gantt', :id => @project }, :class => "menuItem" %> - <%= link_to l(:label_issue_plural), {:controller => 'projects', :action => 'list_issues', :id => @project }, :class => "menuItem" %> - <% if @project && authorize_for('projects', 'add_issue') %> - <a class="menuItem" href="#" onmouseover="menuItemMouseover(event,'menuNewIssue');" onclick="this.blur(); return false;"><span class="menuItemText"><%= l(:label_issue_new) %></span><span class="menuItemArrow">▶</span></a> - <% end %> - <%= link_to l(:label_report_plural), {:controller => 'reports', :action => 'issue_report', :id => @project }, :class => "menuItem" %> - <%= link_to l(:label_activity), {:controller => 'projects', :action => 'activity', :id => @project }, :class => "menuItem" %> - <%= link_to l(:label_news_plural), {:controller => 'projects', :action => 'list_news', :id => @project }, :class => "menuItem" %> - <%= link_to l(:label_change_log), {:controller => 'projects', :action => 'changelog', :id => @project }, :class => "menuItem" %> - <%= link_to l(:label_roadmap), {:controller => 'projects', :action => 'roadmap', :id => @project }, :class => "menuItem" %> - <%= link_to l(:label_document_plural), {:controller => 'projects', :action => 'list_documents', :id => @project }, :class => "menuItem" %> - <%= link_to l(:label_wiki), {:controller => 'wiki', :id => @project, :page => nil }, :class => "menuItem" if @project.wiki and !@project.wiki.new_record? %> - <%= link_to l(:label_board_plural), {:controller => 'boards', :action => 'index', :project_id => @project, :id => nil }, :class => "menuItem" unless @project.boards.empty? %> - <%= link_to l(:label_attachment_plural), {:controller => 'projects', :action => 'list_files', :id => @project }, :class => "menuItem" %> - <%= link_to l(:label_search), {:controller => 'search', :action => 'index', :id => @project }, :class => "menuItem" %> - <%= link_to l(:label_repository), {:controller => 'repositories', :action => 'show', :id => @project}, :class => "menuItem" if @project.repository and !@project.repository.new_record? %> - <%= link_to_if_authorized l(:label_settings), {:controller => 'projects', :action => 'settings', :id => @project }, :class => "menuItem" %> - </div> - <% end %> - - <% if @project && authorize_for('projects', 'add_issue') %> - <div id="menuNewIssue" class="menu" onmouseover="menuMouseover(event)"> - <% Tracker.find(:all, :order => 'position').each do |tracker| %> - <%= link_to tracker.name, {:controller => 'projects', :action => 'add_issue', :id => @project, :tracker_id => tracker}, :class => "menuItem" %> - <% end %> - </div> - <% end %> - <% if loggedin? and @logged_in_user.memberships.any? %> + <% if User.current.memberships.any? %> <div id="menuAllProjects" class="menu" onmouseover="menuMouseover(event)"> <%= link_to l(:label_project_all), {:controller => 'projects' }, :class => "menuItem" %> - <% @logged_in_user.memberships.find(:all, :limit => 20).each do |membership| %> + <% User.current.memberships.find(:all, :limit => 20).each do |membership| %> <%= link_to membership.project.name, {:controller => 'projects',:action => 'show', :id => membership.project }, :class => "menuItem" %> <% end %> </div> <% end %> - <div id="subcontent"> - - <% unless @project.nil? || @project.id.nil? %> + <div id="subcontent"> + <% if @project && !@project.new_record? %> <h2><%= @project.name %></h2> <ul class="menublock"> - <li><%= link_to l(:label_overview), :controller => 'projects', :action => 'show', :id => @project %></li> - <li><%= link_to l(:label_calendar), :controller => 'projects', :action => 'calendar', :id => @project %></li> - <li><%= link_to l(:label_gantt), :controller => 'projects', :action => 'gantt', :id => @project %></li> - <li><%= link_to l(:label_issue_plural), :controller => 'projects', :action => 'list_issues', :id => @project %></li> - <li><%= link_to l(:label_report_plural), :controller => 'reports', :action => 'issue_report', :id => @project %></li> - <li><%= link_to l(:label_activity), :controller => 'projects', :action => 'activity', :id => @project %></li> - <li><%= link_to l(:label_news_plural), :controller => 'projects', :action => 'list_news', :id => @project %></li> - <li><%= link_to l(:label_change_log), :controller => 'projects', :action => 'changelog', :id => @project %></li> - <li><%= link_to l(:label_roadmap), :controller => 'projects', :action => 'roadmap', :id => @project %></li> - <li><%= link_to l(:label_document_plural), :controller => 'projects', :action => 'list_documents', :id => @project %></li> - <%= content_tag("li", link_to(l(:label_wiki), :controller => 'wiki', :id => @project, :page => nil)) if @project.wiki and !@project.wiki.new_record? %> - <%= content_tag("li", link_to(l(:label_board_plural), :controller => 'boards', :action => 'index', :project_id => @project, :id => nil)) unless @project.boards.empty? %> - <li><%= link_to l(:label_attachment_plural), :controller => 'projects', :action => 'list_files', :id => @project %></li> - <li><%= link_to l(:label_search), :controller => 'search', :action => 'index', :id => @project %></li> - <%= content_tag("li", link_to(l(:label_repository), :controller => 'repositories', :action => 'show', :id => @project)) if @project.repository and !@project.repository.new_record? %> - <li><%= link_to_if_authorized l(:label_settings), :controller => 'projects', :action => 'settings', :id => @project %></li> + <% Redmine::MenuManager.allowed_items(:project_menu, current_role).each do |item| %> + <% unless item.condition && !item.condition.call(@project) %> + <li><%= link_to l(item.name), {item.param => @project}.merge(item.url) %></li> + <% end %> + <% end %> </ul> <% end %> </div> diff --git a/app/views/messages/show.rhtml b/app/views/messages/show.rhtml index c18eb524e..3e546ceea 100644 --- a/app/views/messages/show.rhtml +++ b/app/views/messages/show.rhtml @@ -13,7 +13,7 @@ <div class="wiki"><p><%= textilizable message.content %></p></div> <% end %> -<% if @logged_in_user %> +<% if authorize_for('messages', 'reply') %> <p><%= toggle_link l(:button_reply), "reply", :focus => "reply_content" %></p> <div id="reply" style="display:none;"> <%= error_messages_for 'message' %> diff --git a/app/views/projects/_form.rhtml b/app/views/projects/_form.rhtml index 585217e16..55527e080 100644 --- a/app/views/projects/_form.rhtml +++ b/app/views/projects/_form.rhtml @@ -4,7 +4,7 @@ <!--[form:project]--> <p><%= f.text_field :name, :required => true %><br /><em><%= l(:text_caracters_maximum, 30) %></em></p> -<% if admin_loggedin? and !@root_projects.empty? %> +<% if User.current.admin? and !@root_projects.empty? %> <p><%= f.select :parent_id, (@root_projects.collect {|p| [p.name, p.id]}), { :include_blank => true } %></p> <% end %> diff --git a/app/views/projects/_members.rhtml b/app/views/projects/_members.rhtml index 1924e430a..affaf7854 100644 --- a/app/views/projects/_members.rhtml +++ b/app/views/projects/_members.rhtml @@ -1,5 +1,5 @@ <%= error_messages_for 'member' %> -<% roles = Role.find(:all, :order => 'position') %> +<% roles = Role.find_all_givable %> <% users = User.find_active(:all) - @project.users %> <table class="list"> diff --git a/app/views/projects/activity.rhtml b/app/views/projects/activity.rhtml index d510ce08b..fd731cd8f 100644 --- a/app/views/projects/activity.rhtml +++ b/app/views/projects/activity.rhtml @@ -5,14 +5,11 @@ <% form_tag do %> <p><%= select_month(@month, :prefix => "month", :discard_type => true) %> <%= select_year(@year, :prefix => "year", :discard_type => true) %></p> -<p> - <%= check_box_tag 'show_issues', 1, @show_issues %><%= hidden_field_tag 'show_issues', 0, :id => nil %> <%=l(:label_issue_plural)%><br /> - <% if @project.repository %><%= check_box_tag 'show_changesets', 1, @show_changesets %><%= hidden_field_tag 'show_changesets', 0, :id => nil %> <%=l(:label_revision_plural)%><br /><% end %> - <%= check_box_tag 'show_news', 1, @show_news %><%= hidden_field_tag 'show_news', 0, :id => nil %> <%=l(:label_news_plural)%><br /> - <%= check_box_tag 'show_files', 1, @show_files %><%= hidden_field_tag 'show_files', 0, :id => nil %> <%=l(:label_attachment_plural)%><br /> - <%= check_box_tag 'show_documents', 1, @show_documents %><%= hidden_field_tag 'show_documents', 0, :id => nil %> <%=l(:label_document_plural)%><br /> - <% if @project.wiki %><%= check_box_tag 'show_wiki_edits', 1, @show_wiki_edits %><%= hidden_field_tag 'show_wiki_edits', 0, :id => nil %> <%=l(:label_wiki_edit_plural)%><% end %> -</p> + +<p><% @event_types.each do |t| %> +<%= check_box_tag "show_#{t}", 1, @scope.include?(t) %> <%= l("label_#{t.singularize}_plural")%><br /> +<% end %></p> + <p class="textcenter"><%= submit_tag l(:button_apply), :class => 'button-small' %></p> <% end %> </div> @@ -20,33 +17,33 @@ <% @events_by_day.keys.sort {|x,y| y <=> x }.each do |day| %> <h3><%= day_name(day.cwday) %> <%= day.day %></h3> <ul> - <% @events_by_day[day].sort {|x,y| y.created_on <=> x.created_on }.each do |e| %> + <% @events_by_day[day].sort {|x,y| y.event_datetime <=> x.event_datetime }.each do |e| %> <li><p> <% if e.is_a? Issue %> - <%= e.created_on.strftime("%H:%M") %> <%= link_to_issue e %>: <%=h e.subject %><br /> + <%= e.event_datetime.strftime("%H:%M") %> <%= link_to_issue e %>: <%=h e.subject %><br /> <i><%= e.author.name %></i> <% elsif e.is_a? Journal %> <%= e.created_on.strftime("%H:%M") %> <%= link_to_issue e.journalized %> (<%=h (status = IssueStatus.find_by_id(e.details.first.value)) ? status.name : '?' %>): <%=h e.journalized.subject %><br /> <em><%=h e.user.name %><%=h ": #{truncate(e.notes, 500)}" unless e.notes.blank? %></em> <% elsif e.is_a? News %> - <%= e.created_on.strftime("%H:%M") %> <%=l(:label_news)%>: <%= link_to h(e.title), :controller => 'news', :action => 'show', :id => e %><br /> + <%= e.event_datetime.strftime("%H:%M") %> <%=l(:label_news)%>: <%= link_to h(e.title), :controller => 'news', :action => 'show', :id => e %><br /> <% unless e.summary.empty? %><%=h e.summary %><br /><% end %> <i><%= e.author.name %></i> <% elsif (e.is_a? Attachment) and (e.container.is_a? Version) %> - <%= e.created_on.strftime("%H:%M") %> <%=l(:label_attachment)%> (<%=h e.container.name %>): <%= link_to e.filename, :controller => 'projects', :action => 'list_files', :id => @project %><br /> + <%= e.event_datetime.strftime("%H:%M") %> <%=l(:label_attachment)%> (<%=h e.container.name %>): <%= link_to e.filename, :controller => 'projects', :action => 'list_files', :id => @project %><br /> <i><%= e.author.name %></i> <% elsif (e.is_a? Attachment) and (e.container.is_a? Document) %> - <%= e.created_on.strftime("%H:%M") %> <%=l(:label_attachment)%>: <%= e.filename %> (<%= link_to h(e.container.title), :controller => 'documents', :action => 'show', :id => e.container %>)<br /> + <%= e.event_datetime.strftime("%H:%M") %> <%=l(:label_attachment)%>: <%= e.filename %> (<%= link_to h(e.container.title), :controller => 'documents', :action => 'show', :id => e.container %>)<br /> <i><%= e.author.name %></i> <% elsif e.is_a? Document %> - <%= e.created_on.strftime("%H:%M") %> <%=l(:label_document)%>: <%= link_to h(e.title), :controller => 'documents', :action => 'show', :id => e %><br /> + <%= e.event_datetime.strftime("%H:%M") %> <%=l(:label_document)%>: <%= link_to h(e.title), :controller => 'documents', :action => 'show', :id => e %><br /> <% elsif e.is_a? WikiContent.versioned_class %> - <%= e.created_on.strftime("%H:%M") %> <%=l(:label_wiki_edit)%>: <%= link_to h(WikiPage.pretty_title(e.title)), :controller => 'wiki', :page => e.title %> + <%= e.event_datetime.strftime("%H:%M") %> <%=l(:label_wiki_edit)%>: <%= link_to h(WikiPage.pretty_title(e.title)), :controller => 'wiki', :page => e.title %> (<%= link_to '#' + e.version.to_s, :controller => 'wiki', :page => e.title, :version => e.version %><%= ', ' + link_to('diff', :controller => 'wiki', :action => 'diff', :page => e.title, :version => e.version) if e.version > 1 %>)<br /> <% unless e.comments.blank? %><em><%=h e.comments %></em><% end %> <% elsif e.is_a? Changeset %> - <%= e.created_on.strftime("%H:%M") %> <%=l(:label_revision)%> <%= link_to h(e.revision), :controller => 'repositories', :action => 'revision', :id => @project, :rev => e.revision %><br /> + <%= e.event_datetime.strftime("%H:%M") %> <%=l(:label_revision)%> <%= link_to h(e.revision), :controller => 'repositories', :action => 'revision', :id => @project, :rev => e.revision %><br /> <em><%=h e.committer.blank? ? "anonymous" : e.committer %><%= h(": #{truncate(e.comments, 500)}") unless e.comments.blank? %></em> <% end %> </p></li> @@ -69,3 +66,7 @@ </div> <br /> </div> + +<% content_for :header_tags do %> +<%= auto_discovery_link_tag(:atom, params.merge({:format => 'atom', :year => nil, :month => nil, :key => User.current.rss_key})) %> +<% end %> diff --git a/app/views/projects/list.rhtml b/app/views/projects/list.rhtml index 24448be48..1fc3aab56 100644 --- a/app/views/projects/list.rhtml +++ b/app/views/projects/list.rhtml @@ -10,7 +10,7 @@ <% for project in @projects %> <tr class="<%= cycle("odd", "even") %>"> <td> - <%= link_to project.name, {:action => 'show', :id => project}, :class => (@logged_in_user && @logged_in_user.role_for_project(project) ? "icon icon-fav" : "") %><br /> + <%= link_to project.name, {:action => 'show', :id => project}, :class => (User.current.member_of?(project) ? "icon icon-fav" : "") %><br /> <%= textilizable project.description, :project => project %> </td> <td><%= link_to(project.parent.name, :action => 'show', :id => project.parent) unless project.parent.nil? %></td> @@ -20,7 +20,7 @@ </tbody> </table> -<% if @logged_in_user %> +<% if User.current.logged? %> <div class="contextual"> <span class="icon icon-fav"><%= l(:label_my_projects) %></span> </div> diff --git a/app/views/projects/list_issues.rhtml b/app/views/projects/list_issues.rhtml index 1cacf0055..5ebc4107e 100644 --- a/app/views/projects/list_issues.rhtml +++ b/app/views/projects/list_issues.rhtml @@ -1,6 +1,7 @@ <% if @query.new_record? %> <div class="contextual"> <%= link_to l(:label_query_plural), :controller => 'queries', :project_id => @project %> + <% if authorize_for('projects', 'add_issues') %>| <%= l(:label_issue_new) %>: <%= new_issue_selector %><% end %> </div> <h2><%=l(:label_issue_plural)%></h2> @@ -19,7 +20,7 @@ :update => "content", }, :class => 'icon icon-reload' %> - <% if loggedin? %> + <% if current_role.allowed_to?(:save_queries) %> <%= link_to_remote l(:button_save), { :url => { :controller => 'queries', :action => 'new', :project_id => @project }, :method => 'get', @@ -33,6 +34,7 @@ <div class="contextual"> <%= link_to l(:label_query_plural), {:controller => 'queries', :project_id => @project} %> | <%= link_to l(:label_issue_view_all), {:controller => 'projects', :action => 'list_issues', :id => @project, :set_filter => 1} %> + <% if authorize_for('projects', 'add_issues') %>| <%= l(:label_issue_new) %>: <%= new_issue_selector %><% end %> </div> <h2><%= @query.name %></h2> <% end %> @@ -81,4 +83,4 @@ </p> <% end %> <% end %> -<% end %>
\ No newline at end of file +<% end %> diff --git a/app/views/projects/list_news.rhtml b/app/views/projects/list_news.rhtml index 17a786260..4ab086d55 100644 --- a/app/views/projects/list_news.rhtml +++ b/app/views/projects/list_news.rhtml @@ -7,3 +7,7 @@ <% if @news.empty? %><p><i><%= l(:label_no_data) %></i></p><% end %> <%= render :partial => 'news/news', :collection => @news %> <%= pagination_links_full @news_pages %> + +<% content_for :header_tags do %> + <%= auto_discovery_link_tag(:atom, params.merge({:format => 'atom', :page => nil, :key => User.current.rss_key})) %> +<% end %> diff --git a/app/views/projects/show.rhtml b/app/views/projects/show.rhtml index 9419fb2a1..5f641f6a4 100644 --- a/app/views/projects/show.rhtml +++ b/app/views/projects/show.rhtml @@ -20,6 +20,7 @@ </ul> <div class="box"> + <div class="contextual"><% if authorize_for('projects', 'add_issues') %><%= l(:label_issue_new) %>: <%= new_issue_selector %><% end %></div> <h3 class="icon22 icon22-tracker"><%=l(:label_issue_tracking)%></h3> <ul> <% for tracker in @trackers %> @@ -49,7 +50,7 @@ </div> <% end %> - <% if @news.any? %> + <% if @news.any? && authorize_for('projects', 'list_news') %> <div class="box"> <h3><%=l(:label_news_latest)%></h3> <%= render :partial => 'news/news', :collection => @news %> diff --git a/app/views/queries/_form.rhtml b/app/views/queries/_form.rhtml index 9482bd33a..d641fa0b5 100644 --- a/app/views/queries/_form.rhtml +++ b/app/views/queries/_form.rhtml @@ -5,7 +5,7 @@ <p><label for="query_name"><%=l(:field_name)%></label> <%= text_field 'query', 'name', :size => 80 %></p> -<% if authorize_for('projects', 'add_query') %> +<% if current_role.allowed_to?(:manage_pulic_queries) %> <p><label for="query_is_public"><%=l(:field_is_public)%></label> <%= check_box 'query', 'is_public' %></p> <% end %> diff --git a/app/views/queries/index.rhtml b/app/views/queries/index.rhtml index 69cfb8f98..71aa37497 100644 --- a/app/views/queries/index.rhtml +++ b/app/views/queries/index.rhtml @@ -1,7 +1,5 @@ <div class="contextual"> -<% if loggedin? %> -<%= link_to l(:label_query_new), {:controller => 'queries', :action => 'new', :project_id => @project}, :class => 'icon icon-add' %> -<% end %> +<%= link_to_if_authorized l(:label_query_new), {:controller => 'queries', :action => 'new', :project_id => @project}, :class => 'icon icon-add' %> </div> <h2><%= l(:label_query_plural) %></h2> @@ -17,7 +15,7 @@ </td> <td align="right"> <small> - <% if query.editable_by?(@logged_in_user) %> + <% if query.editable_by?(User.current) %> <%= link_to l(:button_edit), {:controller => 'queries', :action => 'edit', :id => query}, :class => 'icon icon-edit' %> <%= link_to l(:button_delete), {:controller => 'queries', :action => 'destroy', :id => query}, :confirm => l(:text_are_you_sure), :method => :post, :class => 'icon icon-del' %> </small> diff --git a/app/views/reports/issue_report.rhtml b/app/views/reports/issue_report.rhtml index bf40e79ae..1d865acbc 100644 --- a/app/views/reports/issue_report.rhtml +++ b/app/views/reports/issue_report.rhtml @@ -1,4 +1,4 @@ -<% if @total_hours %> +<% if @total_hours && authorize_for('timelog', 'reports') %> <div style="float:right;text-align:right;"> <strong><%= l(:label_spent_time) %></strong>: <span class="icon icon-time"><%= lwr(:label_f_hour, @total_hours) %></span><br /> <%= link_to(l(:label_details), {:controller => 'timelog', :action => 'details', :project_id => @project}) %> | diff --git a/app/views/repositories/revisions.rhtml b/app/views/repositories/revisions.rhtml index 0c2655d5f..882d5ea4f 100644 --- a/app/views/repositories/revisions.rhtml +++ b/app/views/repositories/revisions.rhtml @@ -14,4 +14,5 @@ <% content_for :header_tags do %> <%= stylesheet_link_tag "scm" %> +<%= auto_discovery_link_tag(:atom, params.merge({:format => 'atom', :page => nil, :key => User.current.rss_key})) %> <% end %> diff --git a/app/views/repositories/show.rhtml b/app/views/repositories/show.rhtml index fcf954473..c9f44d575 100644 --- a/app/views/repositories/show.rhtml +++ b/app/views/repositories/show.rhtml @@ -4,15 +4,18 @@ <h2><%= l(:label_repository) %> (<%= @repository.scm_name %>)</h2> -<% unless @entries.nil? %> +<% if !@entries.nil? && authorize_for('repositories', 'browse') %> <h3><%= l(:label_browse) %></h3> <%= render :partial => 'dir_list' %> <% end %> -<% unless @changesets.empty? %> +<% if !@changesets.empty? && authorize_for('repositories', 'revisions') %> <h3><%= l(:label_latest_revision_plural) %></h3> <%= render :partial => 'revisions', :locals => {:project => @project, :path => '', :revisions => @changesets, :entry => nil }%> <p><%= link_to l(:label_view_revisions), :action => 'revisions', :id => @project %></p> +<% content_for :header_tags do %> + <%= auto_discovery_link_tag(:atom, params.merge({:format => 'atom', :action => 'revisions', :id => @project, :page => nil, :key => User.current.rss_key})) %> +<% end %> <% end %> <% content_for :header_tags do %> diff --git a/app/views/roles/_form.rhtml b/app/views/roles/_form.rhtml index d69fff132..62e25e337 100644 --- a/app/views/roles/_form.rhtml +++ b/app/views/roles/_form.rhtml @@ -1,23 +1,20 @@ <%= error_messages_for 'role' %> + <div class="box"> -<!--[form:role]--> -<p><%= f.text_field :name, :required => true %></p> +<p><%= f.text_field :name, :required => true, :disabled => @role.builtin? %></p> +</div> <p><%= f.check_box :assignable %></p> <div class="clear"></div> -<h3><%=l(:label_permissions)%></h3> -<% permissions = @permissions.group_by {|p| p.group_id } %> -<% permissions.keys.sort.each do |group_id| %> -<fieldset style="margin-top: 6px;"><legend><strong><%= l(Permission::GROUPS[group_id]) %></strong></legend> -<% permissions[group_id].each do |p| %> - <div style="width:170px;float:left;"><%= check_box_tag "permission_ids[]", p.id, (@role.permissions.include? p) %> - <%= l(p.description.to_sym) %> - </div> +<fieldset class="box"><legend><%=l(:label_permissions)%></legend> +<% @permissions.each do |permission| %> + <div style="width:220px;float:left;"> + <%= check_box_tag 'role[permissions][]', permission.name, (@role.permissions.include? permission.name) %> + <%= permission.name.to_s.humanize %> + </div> <% end %> +<%= hidden_field_tag 'role[permissions][]', '' %> <div class="clear"></div> -</fieldset> -<% end %> <br /> <%= check_all_links 'role_form' %> -<!--[eoform:role]--> -</div> +</fieldset> diff --git a/app/views/roles/list.rhtml b/app/views/roles/list.rhtml index e3e576ed1..14ae260aa 100644 --- a/app/views/roles/list.rhtml +++ b/app/views/roles/list.rhtml @@ -13,15 +13,17 @@ <tbody> <% for role in @roles %> <tr class="<%= cycle("odd", "even") %>"> - <td><%= link_to role.name, :action => 'edit', :id => role %></td> + <td><%= content_tag(role.builtin? ? 'em' : 'span', link_to(role.name, :action => 'edit', :id => role)) %></td> <td align="center" style="width:15%;"> + <% unless role.builtin? %> <%= link_to image_tag('2uparrow.png', :alt => l(:label_sort_highest)), {:action => 'move', :id => role, :position => 'highest'}, :method => :post, :title => l(:label_sort_highest) %> <%= link_to image_tag('1uparrow.png', :alt => l(:label_sort_higher)), {:action => 'move', :id => role, :position => 'higher'}, :method => :post, :title => l(:label_sort_higher) %> - <%= link_to image_tag('1downarrow.png', :alt => l(:label_sort_lower)), {:action => 'move', :id => role, :position => 'lower'}, :method => :post, :title => l(:label_sort_lower) %> <%= link_to image_tag('2downarrow.png', :alt => l(:label_sort_lowest)), {:action => 'move', :id => role, :position => 'lowest'}, :method => :post, :title => l(:label_sort_lowest) %> + <% end %> </td> <td align="center" style="width:10%;"> - <%= button_to l(:button_delete), { :action => 'destroy', :id => role }, :confirm => l(:text_are_you_sure), :class => "button-small" %> + <%= button_to(l(:button_delete), { :action => 'destroy', :id => role }, :confirm => l(:text_are_you_sure), :class => "button-small") unless role.builtin? %> </tr> <% end %> </tbody> diff --git a/app/views/roles/report.rhtml b/app/views/roles/report.rhtml index 61e1e18e4..676e25f39 100644 --- a/app/views/roles/report.rhtml +++ b/app/views/roles/report.rhtml @@ -1,32 +1,31 @@ <h2><%=l(:label_permissions_report)%></h2> <%= start_form_tag({:action => 'report'}, :id => 'permissions_form') %> - +<%= hidden_field_tag 'permissions[0]', '' %> <table class="list"> -<thead><tr> - <th><%=l(:label_permissions)%></th> - <th colspan="<%= @roles.length %>"><%= l(:label_role_plural) %></th> -</tr> -</thead> -<tbody> -<% permissions = @permissions.group_by {|p| p.group_id } %> -<% permissions.keys.sort.each do |group_id| %> +<thead> <tr> - <th><%= l(Permission::GROUPS[group_id]) %></th> - <% @roles.each do |role| %><th align="center"><small><%= role.name %></small></th><% end %> - </tr> - <% permissions[group_id].each do |p| %> - <tr class="<%= cycle("odd", "even") %>"> - <td><%= l(p.description.to_sym) %></td> + <th><%=l(:label_permissions)%></th> <% @roles.each do |role| %> - <td align="center"><%= check_box_tag "permission_ids[#{role.id}][]", p.id, (role.permissions.include? p) %></td> + <th><%= content_tag(role.builtin? ? 'em' : 'span', h(role.name)) %></th> <% end %> </tr> +</thead> +<tbody> +<% @permissions.each do |permission| %> + <tr class="<%= cycle('odd', 'even') %>"> + <td><%= permission.name.to_s.humanize %></td> + <% @roles.each do |role| %> + <td align="center"> + <% if role.setable_permissions.include? permission %> + <%= check_box_tag "permissions[#{role.id}][]", permission.name, (role.permissions.include? permission.name) %> <% end %> -<% reset_cycle -end %> + </td> + <% end %> + </tr> +<% end %> </tbody> </table> <p><%= check_all_links 'permissions_form' %></p> <p><%= submit_tag l(:button_save) %></p> -<%= end_form_tag %>
\ No newline at end of file +<%= end_form_tag %> diff --git a/app/views/wiki/show.rhtml b/app/views/wiki/show.rhtml index c7a2985be..06eca76ee 100644 --- a/app/views/wiki/show.rhtml +++ b/app/views/wiki/show.rhtml @@ -1,7 +1,7 @@ <div class="contextual"> -<%= link_to(l(:button_edit), {:action => 'edit', :page => @page.title}, :class => 'icon icon-edit') if @content.version == @page.content.version %> +<%= link_to_if_authorized(l(:button_edit), {:action => 'edit', :page => @page.title}, :class => 'icon icon-edit') if @content.version == @page.content.version %> <%= link_to_if_authorized(l(:button_delete), {:action => 'destroy', :page => @page.title}, :method => :post, :confirm => l(:text_are_you_sure), :class => 'icon icon-del') %> -<%= link_to(l(:button_rollback), {:action => 'edit', :page => @page.title, :version => @content.version }, :class => 'icon icon-cancel') if @content.version < @page.content.version %> +<%= link_to_if_authorized(l(:button_rollback), {:action => 'edit', :page => @page.title, :version => @content.version }, :class => 'icon icon-cancel') if @content.version < @page.content.version %> <%= link_to(l(:label_history), {:action => 'history', :page => @page.title}, :class => 'icon icon-history') %> <%= link_to(l(:label_page_index), {:action => 'special', :page => 'Page_index'}, :class => 'icon icon-index') %> </div> |