summaryrefslogtreecommitdiffstats
path: root/app
diff options
context:
space:
mode:
authorJean-Philippe Lang <jp_lang@yahoo.fr>2011-07-09 08:56:07 +0000
committerJean-Philippe Lang <jp_lang@yahoo.fr>2011-07-09 08:56:07 +0000
commit93c2b92a4b5b7003be3113b5d9baf2a0448402a8 (patch)
treea6374caf6bcb9aebf9850003a7fc202055c1c390 /app
parent01d34d65d9fe6df113f2145f5d5881a1e84c22e7 (diff)
downloadredmine-93c2b92a4b5b7003be3113b5d9baf2a0448402a8.tar.gz
redmine-93c2b92a4b5b7003be3113b5d9baf2a0448402a8.zip
Separation of RSS/API auth actions.
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@6197 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat (limited to 'app')
-rw-r--r--app/controllers/activities_controller.rb19
-rw-r--r--app/controllers/application_controller.rb41
-rw-r--r--app/controllers/boards_controller.rb6
-rw-r--r--app/controllers/issue_relations_controller.rb2
-rw-r--r--app/controllers/issues_controller.rb3
-rw-r--r--app/controllers/journals_controller.rb2
-rw-r--r--app/controllers/news_controller.rb3
-rw-r--r--app/controllers/projects_controller.rb3
-rw-r--r--app/controllers/queries_controller.rb2
-rw-r--r--app/controllers/repositories_controller.rb2
-rw-r--r--app/controllers/timelog_controller.rb5
-rw-r--r--app/controllers/users_controller.rb2
-rw-r--r--app/controllers/versions_controller.rb2
13 files changed, 70 insertions, 22 deletions
diff --git a/app/controllers/activities_controller.rb b/app/controllers/activities_controller.rb
index cd03432b2..bdf0b24ed 100644
--- a/app/controllers/activities_controller.rb
+++ b/app/controllers/activities_controller.rb
@@ -1,7 +1,24 @@
+# Redmine - project management software
+# Copyright (C) 2006-2011 Jean-Philippe Lang
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
class ActivitiesController < ApplicationController
menu_item :activity
before_filter :find_optional_project
- accept_key_auth :index
+ accept_rss_auth :index
def index
@days = Setting.activity_days_default.to_i
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index e23f8b108..b3f00815d 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -71,11 +71,11 @@ class ApplicationController < ActionController::Base
user = User.try_to_autologin(cookies[:autologin])
session[:user_id] = user.id if user
user
- elsif params[:format] == 'atom' && request.get? && params[:key] && accept_key_auth_actions.include?(params[:action])
+ elsif params[:format] == 'atom' && params[:key] && request.get? && accept_rss_auth?
# RSS key authentication does not start a session
User.find_by_rss_key(params[:key])
- elsif Setting.rest_api_enabled? && api_request?
- if (key = api_key_from_request) && accept_key_auth_actions.include?(params[:action])
+ elsif Setting.rest_api_enabled? && accept_api_auth?
+ if (key = api_key_from_request)
# Use API key
User.find_by_api_key(key)
else
@@ -332,14 +332,41 @@ class ApplicationController < ActionController::Base
@title = options[:title] || Setting.app_title
render :template => "common/feed.atom.rxml", :layout => false, :content_type => 'application/atom+xml'
end
-
+
+ # TODO: remove in Redmine 1.4
def self.accept_key_auth(*actions)
- actions = actions.flatten.map(&:to_s)
- write_inheritable_attribute('accept_key_auth_actions', actions)
+ ActiveSupport::Deprecaction.warn "ApplicationController.accept_key_auth is deprecated and will be removed in Redmine 1.4. Use accept_rss_auth (or accept_api_auth) instead."
+ accept_rss_auth(*actions)
end
+ # TODO: remove in Redmine 1.4
def accept_key_auth_actions
- self.class.read_inheritable_attribute('accept_key_auth_actions') || []
+ ActiveSupport::Deprecaction.warn "ApplicationController.accept_key_auth_actions is deprecated and will be removed in Redmine 1.4. Use accept_rss_auth (or accept_api_auth) instead."
+ self.class.accept_rss_auth
+ end
+
+ def self.accept_rss_auth(*actions)
+ if actions.any?
+ write_inheritable_attribute('accept_rss_auth_actions', actions)
+ else
+ read_inheritable_attribute('accept_rss_auth_actions') || []
+ end
+ end
+
+ def accept_rss_auth?(action=action_name)
+ self.class.accept_rss_auth.include?(action.to_sym)
+ end
+
+ def self.accept_api_auth(*actions)
+ if actions.any?
+ write_inheritable_attribute('accept_api_auth_actions', actions)
+ else
+ read_inheritable_attribute('accept_api_auth_actions') || []
+ end
+ end
+
+ def accept_api_auth?(action=action_name)
+ self.class.accept_api_auth.include?(action.to_sym)
end
# Returns the number of objects that should be displayed
diff --git a/app/controllers/boards_controller.rb b/app/controllers/boards_controller.rb
index fa82218de..6ad41e562 100644
--- a/app/controllers/boards_controller.rb
+++ b/app/controllers/boards_controller.rb
@@ -1,5 +1,5 @@
-# redMine - project management software
-# Copyright (C) 2006-2007 Jean-Philippe Lang
+# Redmine - project management software
+# Copyright (C) 2006-2011 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
@@ -18,7 +18,7 @@
class BoardsController < ApplicationController
default_search_scope :messages
before_filter :find_project, :find_board_if_available, :authorize
- accept_key_auth :index, :show
+ accept_rss_auth :index, :show
helper :messages
include MessagesHelper
diff --git a/app/controllers/issue_relations_controller.rb b/app/controllers/issue_relations_controller.rb
index 9a1754674..383e748af 100644
--- a/app/controllers/issue_relations_controller.rb
+++ b/app/controllers/issue_relations_controller.rb
@@ -19,7 +19,7 @@ class IssueRelationsController < ApplicationController
before_filter :find_issue, :find_project_from_association, :authorize, :only => [:index, :create]
before_filter :find_relation, :except => [:index, :create]
- accept_key_auth :index, :show, :create, :destroy
+ accept_api_auth :index, :show, :create, :destroy
def index
@relations = @issue.relations
diff --git a/app/controllers/issues_controller.rb b/app/controllers/issues_controller.rb
index 648848e9b..00a999dce 100644
--- a/app/controllers/issues_controller.rb
+++ b/app/controllers/issues_controller.rb
@@ -27,7 +27,8 @@ class IssuesController < ApplicationController
before_filter :find_optional_project, :only => [:index]
before_filter :check_for_default_issue_status, :only => [:new, :create]
before_filter :build_new_issue_from_params, :only => [:new, :create]
- accept_key_auth :index, :show, :create, :update, :destroy
+ accept_rss_auth :index, :show
+ accept_api_auth :index, :show, :create, :update, :destroy
rescue_from Query::StatementInvalid, :with => :query_statement_invalid
diff --git a/app/controllers/journals_controller.rb b/app/controllers/journals_controller.rb
index 9eed2eaca..461598e26 100644
--- a/app/controllers/journals_controller.rb
+++ b/app/controllers/journals_controller.rb
@@ -20,7 +20,7 @@ class JournalsController < ApplicationController
before_filter :find_issue, :only => [:new]
before_filter :find_optional_project, :only => [:index]
before_filter :authorize, :only => [:new, :edit, :diff]
- accept_key_auth :index
+ accept_rss_auth :index
menu_item :issues
helper :issues
diff --git a/app/controllers/news_controller.rb b/app/controllers/news_controller.rb
index bc7eabb58..7dbd80a57 100644
--- a/app/controllers/news_controller.rb
+++ b/app/controllers/news_controller.rb
@@ -23,7 +23,8 @@ class NewsController < ApplicationController
before_filter :find_project, :only => [:new, :create]
before_filter :authorize, :except => [:index]
before_filter :find_optional_project, :only => :index
- accept_key_auth :index
+ accept_rss_auth :index
+ accept_api_auth :index
helper :watchers
diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb
index 8579d0a80..4b750dc0e 100644
--- a/app/controllers/projects_controller.rb
+++ b/app/controllers/projects_controller.rb
@@ -24,7 +24,8 @@ class ProjectsController < ApplicationController
before_filter :authorize, :except => [ :index, :list, :new, :create, :copy, :archive, :unarchive, :destroy]
before_filter :authorize_global, :only => [:new, :create]
before_filter :require_admin, :only => [ :copy, :archive, :unarchive, :destroy ]
- accept_key_auth :index, :show, :create, :update, :destroy
+ accept_rss_auth :index
+ accept_api_auth :index, :show, :create, :update, :destroy
after_filter :only => [:create, :edit, :update, :archive, :unarchive, :destroy] do |controller|
if controller.request.post?
diff --git a/app/controllers/queries_controller.rb b/app/controllers/queries_controller.rb
index 601ad85d1..f8bc05f84 100644
--- a/app/controllers/queries_controller.rb
+++ b/app/controllers/queries_controller.rb
@@ -20,7 +20,7 @@ class QueriesController < ApplicationController
before_filter :find_query, :except => [:new, :index]
before_filter :find_optional_project, :only => :new
- accept_key_auth :index
+ accept_api_auth :index
def index
case params[:format]
diff --git a/app/controllers/repositories_controller.rb b/app/controllers/repositories_controller.rb
index a30353eb9..eef856032 100644
--- a/app/controllers/repositories_controller.rb
+++ b/app/controllers/repositories_controller.rb
@@ -30,7 +30,7 @@ class RepositoriesController < ApplicationController
before_filter :find_repository, :except => :edit
before_filter :find_project, :only => :edit
before_filter :authorize
- accept_key_auth :revisions
+ accept_rss_auth :revisions
rescue_from Redmine::Scm::Adapters::CommandFailed, :with => :show_error_command_failed
diff --git a/app/controllers/timelog_controller.rb b/app/controllers/timelog_controller.rb
index 16e6e2457..ccd170158 100644
--- a/app/controllers/timelog_controller.rb
+++ b/app/controllers/timelog_controller.rb
@@ -1,5 +1,5 @@
# Redmine - project management software
-# Copyright (C) 2006-2010 Jean-Philippe Lang
+# Copyright (C) 2006-2011 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
@@ -22,7 +22,8 @@ class TimelogController < ApplicationController
before_filter :find_time_entries, :only => [:bulk_edit, :bulk_update, :destroy]
before_filter :authorize, :except => [:index]
before_filter :find_optional_project, :only => [:index]
- accept_key_auth :index, :show, :create, :update, :destroy
+ accept_rss_auth :index
+ accept_api_auth :index, :show, :create, :update, :destroy
helper :sort
include SortHelper
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index dc991c59d..40a9ee427 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -20,7 +20,7 @@ class UsersController < ApplicationController
before_filter :require_admin, :except => :show
before_filter :find_user, :only => [:show, :edit, :update, :destroy, :edit_membership, :destroy_membership]
- accept_key_auth :index, :show, :create, :update, :destroy
+ accept_api_auth :index, :show, :create, :update, :destroy
helper :sort
include SortHelper
diff --git a/app/controllers/versions_controller.rb b/app/controllers/versions_controller.rb
index 030f03c78..0c4135581 100644
--- a/app/controllers/versions_controller.rb
+++ b/app/controllers/versions_controller.rb
@@ -23,7 +23,7 @@ class VersionsController < ApplicationController
before_filter :find_project, :only => [:index, :new, :create, :close_completed]
before_filter :authorize
- accept_key_auth :index, :create, :update, :destroy
+ accept_api_auth :index, :create, :update, :destroy
helper :custom_fields
helper :projects