7 files changed, 61 insertions, 30 deletions

diff --git a/app/controllers/issues_controller.rb b/app/controllers/issues_controller.rb
index dbc3161d7..7d4212095 100644
--- a/app/controllers/issues_controller.rb
+++ b/app/controllers/issues_controller.rb
@@ -73,6 +73,8 @@ class IssuesController < ApplicationController
       # Send html if the query is not valid
       render(:template => 'issues/index.rhtml', :layout => !request.xhr?)
     end
+  rescue ActiveRecord::RecordNotFound
+    render_404
   end
   
   def changes
@@ -87,6 +89,8 @@ class IssuesController < ApplicationController
     end
     @title = (@project ? @project.name : Setting.app_title) + ": " + (@query.new_record? ? l(:label_changes_details) : @query.name)
     render :layout => false, :content_type => 'application/atom+xml'
+  rescue ActiveRecord::RecordNotFound
+    render_404
   end
   
   def show
@@ -384,7 +388,10 @@ private
   # Retrieve query from session or build a new query
   def retrieve_query
     if !params[:query_id].blank?
-      @query = Query.find(params[:query_id], :conditions => {:project_id => (@project ? @project.id : nil)})
+      cond = "project_id IS NULL"
+      cond << " OR project_id = #{@project.id}" if @project
+      @query = Query.find(params[:query_id], :conditions => cond)
+      @query.project = @project
       session[:query] = {:id => @query.id, :project_id => @query.project_id}
     else
       if params[:set_filter] || session[:query].nil? || session[:query][:project_id] != (@project ? @project.id : nil)
diff --git a/app/controllers/queries_controller.rb b/app/controllers/queries_controller.rb
index 0a762eee0..194b1df57 100644
--- a/app/controllers/queries_controller.rb
+++ b/app/controllers/queries_controller.rb
@@ -18,19 +18,14 @@
 class QueriesController < ApplicationController
   layout 'base'
   menu_item :issues
-  before_filter :find_project, :authorize
-
-  def index
-    @queries = @project.queries.find(:all, 
-                                     :order => "name ASC",
-                                     :conditions => ["is_public = ? or user_id = ?", true, (User.current.logged? ? User.current.id : 0)])
-  end
+  before_filter :find_query, :except => :new
+  before_filter :find_project, :authorize, :only => :new
   
   def new
     @query = Query.new(params[:query])
-    @query.project = @project
+    @query.project = params[:query_is_for_all] ? nil : @project
     @query.user = User.current
-    @query.is_public = false unless current_role.allowed_to?(:manage_public_queries)
+    @query.is_public = false unless (@query.project && current_role.allowed_to?(:manage_public_queries)) || User.current.admin?
     @query.column_names = nil if params[:default_columns]
     
     params[:fields].each do |field|
@@ -52,7 +47,8 @@ class QueriesController < ApplicationController
         @query.add_filter(field, params[:operators][field], params[:values][field])
       end if params[:fields]
       @query.attributes = params[:query]
-      @query.is_public = false unless current_role.allowed_to?(:manage_public_queries)
+      @query.project = nil if params[:query_is_for_all]
+      @query.is_public = false unless (@query.project && current_role.allowed_to?(:manage_public_queries)) || User.current.admin?
       @query.column_names = nil if params[:default_columns]
       
       if @query.save
@@ -64,18 +60,20 @@ class QueriesController < ApplicationController
 
   def destroy
     @query.destroy if request.post?
-    redirect_to :controller => 'queries', :project_id => @project
+    redirect_to :controller => 'issues', :action => 'index', :project_id => @project, :set_filter => 1
   end
   
 private
+  def find_query
+    @query = Query.find(params[:id])
+    @project = @query.project
+    render_403 unless @query.editable_by?(User.current)
+  rescue ActiveRecord::RecordNotFound
+    render_404
+  end
+  
   def find_project
-    if params[:id]
-      @query = Query.find(params[:id])
-      @project = @query.project
-      render_403 unless @query.editable_by?(User.current)
-    else
-      @project = Project.find(params[:project_id])
-    end
+    @project = Project.find(params[:project_id])
   rescue ActiveRecord::RecordNotFound
     render_404
   end
diff --git a/app/helpers/issues_helper.rb b/app/helpers/issues_helper.rb
index 17889fadd..6013f1ec8 100644
--- a/app/helpers/issues_helper.rb
+++ b/app/helpers/issues_helper.rb
@@ -32,6 +32,19 @@ module IssuesHelper
       "<strong>#{@cached_label_assigned_to}</strong>: #{issue.assigned_to}<br />" +
       "<strong>#{@cached_label_priority}</strong>: #{issue.priority.name}"
   end
+  
+  def sidebar_queries
+    unless @sidebar_queries
+      # User can see public queries and his own queries
+      visible = ARCondition.new(["is_public = ? OR user_id = ?", true, (User.current.logged? ? User.current.id : 0)])
+      # Project specific queries and global queries
+      visible << (@project.nil? ? ["project_id IS NULL"] : ["project_id IS NULL OR project_id = ?", @project.id])
+      @sidebar_queries = Query.find(:all, 
+                                    :order => "name ASC",
+                                    :conditions => visible.conditions)
+    end
+    @sidebar_queries
+  end
 
   def show_detail(detail, no_html=false)
     case detail.property
diff --git a/app/models/query.rb b/app/models/query.rb
index dfdfa909b..c54c143e2 100644
--- a/app/models/query.rb
+++ b/app/models/query.rb
@@ -116,6 +116,11 @@ class Query < ActiveRecord::Base
     set_language_if_valid(User.current.language)
   end
   
+  def after_initialize
+    # Store the fact that project is nil (used in #editable_by?)
+    @is_for_all = project.nil?
+  end
+  
   def validate
     filters.each_key do |field|
       errors.add label_for(field), :activerecord_error_blank unless 
@@ -128,8 +133,10 @@ class Query < ActiveRecord::Base
   
   def editable_by?(user)
     return false unless user
-    return true if !is_public && self.user_id == user.id
-    is_public && user.allowed_to?(:manage_public_queries, project)
+    # Admin can edit them all and regular users can edit their private queries
+    return true if user.admin? || (!is_public && self.user_id == user.id)
+    # Members can not edit public queries that are for all project (only admin is allowed to)
+    is_public && !@is_for_all && user.allowed_to?(:manage_public_queries, project)
   end
   
   def available_filters
diff --git a/app/views/issues/_sidebar.rhtml b/app/views/issues/_sidebar.rhtml
index 4a1b7e9bc..c269eee06 100644
--- a/app/views/issues/_sidebar.rhtml
+++ b/app/views/issues/_sidebar.rhtml
@@ -1,13 +1,14 @@
+<% if @project %>
 <h3><%= l(:label_issue_plural) %></h3>
 <%= link_to l(:label_issue_view_all), { :controller => 'issues', :action => 'index', :project_id => @project, :set_filter => 1 } %><br />
 <%= link_to l(:field_summary), :controller => 'reports', :action => 'issue_report', :id => @project %><br />
 <%= link_to l(:label_change_log), :controller => 'projects', :action => 'changelog', :id => @project %>
+<% end %>
 
+<% unless sidebar_queries.empty? -%>
 <h3><%= l(:label_query_plural) %></h3>
 
-<% queries = @project.queries.find(:all, 
-                                   :order => "name ASC",
-                                   :conditions => ["is_public = ? or user_id = ?", true, (User.current.logged? ? User.current.id : 0)])
-   queries.each do |query| %>
+<% sidebar_queries.each do |query| -%>
 <%= link_to query.name, :controller => 'issues', :action => 'index', :project_id => @project, :query_id => query %><br />
-<% end %>
+<% end -%>
+<% end -%>
diff --git a/app/views/issues/index.rhtml b/app/views/issues/index.rhtml
index 094c49ff2..0123099f2 100644
--- a/app/views/issues/index.rhtml
+++ b/app/views/issues/index.rhtml
@@ -54,7 +54,7 @@
 
 <% content_for :sidebar do %>
     <%= render :partial => 'issues/sidebar' %>
-<% end if @project%>
+<% end %>
 
 <% content_for :header_tags do %>
     <%= auto_discovery_link_tag(:atom, {:query_id => @query, :format => 'atom', :page => nil, :key => User.current.rss_key}, :title => l(:label_issue_plural)) %>
diff --git a/app/views/queries/_form.rhtml b/app/views/queries/_form.rhtml
index 2d4b96fd1..8da264032 100644
--- a/app/views/queries/_form.rhtml
+++ b/app/views/queries/_form.rhtml
@@ -6,11 +6,16 @@
 <p><label for="query_name"><%=l(:field_name)%></label>
 <%= text_field 'query', 'name', :size => 80 %></p>
 
-<% if current_role.allowed_to?(:manage_public_queries) %>
-  <p><label for="query_is_public"><%=l(:field_is_public)%></label>
-  <%= check_box 'query', 'is_public' %></p>
+<% if User.current.admin? || (@project && current_role.allowed_to?(:manage_public_queries)) %>
+<p><label for="query_is_public"><%=l(:field_is_public)%></label>
+<%= check_box 'query', 'is_public',
+      :onchange => (User.current.admin? ? nil : 'if (this.checked) {$("query_is_for_all").checked = false; $("query_is_for_all").disabled = true;} else {$("query_is_for_all").disabled = false;}') %></p>
 <% end %>
 
+<p><label for="query_is_for_all"><%=l(:field_is_for_all)%></label>
+<%= check_box_tag 'query_is_for_all', 1, @query.project.nil?,
+      :disabled => (!@query.new_record? && (@query.project.nil? || (@query.is_public? && !User.current.admin?))) %></p>
+
 <p><label for="query_default_columns"><%=l(:label_default_columns)%></label>
 <%= check_box_tag 'default_columns', 1, @query.has_default_columns?, :id => 'query_default_columns',
       :onclick => 'if (this.checked) {Element.hide("columns")} else {Element.show("columns")}' %></p>