Send a notification when security settings are changed (#21421).

git-svn-id: http://svn.redmine.org/redmine/trunk@15148 e93f8b46-1217-0410-a6f0-8f06a7374b81

5 files changed, 60 insertions, 4 deletions

diff --git a/app/controllers/settings_controller.rb b/app/controllers/settings_controller.rb
index 5ca5d1dab..c7741c053 100644
--- a/app/controllers/settings_controller.rb
+++ b/app/controllers/settings_controller.rb
@@ -33,10 +33,7 @@ class SettingsController < ApplicationController
   def edit
     @notifiables = Redmine::Notifiable.all
     if request.post? && params[:settings] && params[:settings].is_a?(Hash)
-      settings = (params[:settings] || {}).dup.symbolize_keys
-      settings.each do |name, value|
-        Setting.set_from_params name, value
-      end
+      Setting.set_all_from_params(params[:settings])
       flash[:notice] = l(:notice_successful_update)
       redirect_to settings_path(:tab => params[:tab])
     else
diff --git a/app/models/mailer.rb b/app/models/mailer.rb
index a803a35c2..4891ff5bf 100644
--- a/app/models/mailer.rb
+++ b/app/models/mailer.rb
@@ -332,6 +332,22 @@ class Mailer < ActionMailer::Base
       :subject => l(:mail_subject_security_notification)
   end
 
+  def settings_updated(recipients, changes)
+    redmine_headers 'Sender' => User.current.login
+    @changes = changes
+    @url = url_for(controller: 'settings', action: 'index')
+    mail :to => recipients,
+      :subject => l(:mail_subject_security_notification)
+  end
+
+	# Notifies admins about settings changes
+  def self.security_settings_updated(changes)
+    return unless changes.present?
+
+    users = User.active.where(admin: true).to_a
+    Mailer.settings_updated(users, changes).deliver
+  end
+
   def test_email(user)
     set_language_if_valid(user.language)
     @url = url_for(:controller => 'welcome')
diff --git a/app/models/setting.rb b/app/models/setting.rb
index 2574649f3..bbcdfc72a 100644
--- a/app/models/setting.rb
+++ b/app/models/setting.rb
@@ -118,6 +118,23 @@ class Setting < ActiveRecord::Base
     setting.value
   end
 
+	# Updates multiple settings from params and sends a security notification if needed
+  def self.set_all_from_params(settings)
+    settings = (settings || {}).dup.symbolize_keys
+    changes = []
+    settings.each do |name, value|
+      previous_value = Setting[name]
+      set_from_params name, value
+      if available_settings[name.to_s]['security_notifications'] && Setting[name] != previous_value
+        changes << name
+      end
+    end
+    if changes.any?
+      Mailer.security_settings_updated(changes)
+    end
+    true
+  end
+
   # Sets a setting value from params
   def self.set_from_params(name, params)
     params = params.dup
diff --git a/app/views/mailer/settings_updated.html.erb b/app/views/mailer/settings_updated.html.erb
new file mode 100644
index 000000000..8596089a2
--- /dev/null
+++ b/app/views/mailer/settings_updated.html.erb
@@ -0,0 +1,14 @@
+<p><%= l(:mail_body_settings_updated) %></p>
+
+<ul>
+<% @changes.each do |name| %>
+  <li><%= l("setting_#{name}") %></li>
+<% end %>
+</ul>
+
+<%= link_to @url, @url %>
+
+<p><%= l(:field_user) %>: <strong><%= User.current.login %></strong><br/>
+<%= l(:field_remote_ip) %>: <strong><%= User.current.remote_ip %></strong><br/>
+<%= l(:label_date) %>: <strong><%= format_time Time.now, true %></strong></p>
+
diff --git a/app/views/mailer/settings_updated.text.erb b/app/views/mailer/settings_updated.text.erb
new file mode 100644
index 000000000..51a2a8f6a
--- /dev/null
+++ b/app/views/mailer/settings_updated.text.erb
@@ -0,0 +1,12 @@
+<%= l(:mail_body_settings_updated) %>
+
+<% @changes.each do |name| %>
+  * <%= l("setting_#{name}") %>
+<% end %>
+
+<%= @url %>
+
+<%= l(:field_user) %>: <%= User.current.login %>
+<%= l(:field_remote_ip) %>: <%= User.current.remote_ip %>
+<%= l(:label_date) %>: <%= format_time Time.now, true %>
+