summaryrefslogtreecommitdiffstats
path: root/app
diff options
context:
space:
mode:
Diffstat (limited to 'app')
-rw-r--r--app/controllers/application_controller.rb2
-rw-r--r--app/controllers/auth_sources_controller.rb1
-rw-r--r--app/controllers/email_addresses_controller.rb1
-rw-r--r--app/controllers/groups_controller.rb2
-rw-r--r--app/controllers/members_controller.rb2
-rw-r--r--app/controllers/my_controller.rb7
-rw-r--r--app/controllers/projects_controller.rb1
-rw-r--r--app/controllers/roles_controller.rb2
-rw-r--r--app/controllers/settings_controller.rb2
-rw-r--r--app/controllers/users_controller.rb2
-rw-r--r--app/helpers/application_helper.rb1
-rw-r--r--app/views/my/_sidebar.html.erb4
-rw-r--r--app/views/my/show_api_key.html.erb10
-rw-r--r--app/views/my/show_api_key.js.erb1
-rw-r--r--app/views/sudo_mode/_new_modal.html.erb19
-rw-r--r--app/views/sudo_mode/new.html.erb17
-rw-r--r--app/views/sudo_mode/new.js.erb4
17 files changed, 76 insertions, 2 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index e1bc6a97f..5949f47b6 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -59,6 +59,8 @@ class ApplicationController < ActionController::Base
include Redmine::MenuManager::MenuController
helper Redmine::MenuManager::MenuHelper
+ include Redmine::SudoMode::Controller
+
def session_expiration
if session[:user_id]
if session_expired? && !try_to_autologin
diff --git a/app/controllers/auth_sources_controller.rb b/app/controllers/auth_sources_controller.rb
index d50a097cc..c8af474a8 100644
--- a/app/controllers/auth_sources_controller.rb
+++ b/app/controllers/auth_sources_controller.rb
@@ -21,6 +21,7 @@ class AuthSourcesController < ApplicationController
before_filter :require_admin
before_filter :find_auth_source, :only => [:edit, :update, :test_connection, :destroy]
+ require_sudo_mode :update, :destroy
def index
@auth_source_pages, @auth_sources = paginate AuthSource, :per_page => 25
diff --git a/app/controllers/email_addresses_controller.rb b/app/controllers/email_addresses_controller.rb
index 373be00a0..1c1b39d3a 100644
--- a/app/controllers/email_addresses_controller.rb
+++ b/app/controllers/email_addresses_controller.rb
@@ -18,6 +18,7 @@
class EmailAddressesController < ApplicationController
before_filter :find_user, :require_admin_or_current_user
before_filter :find_email_address, :only => [:update, :destroy]
+ require_sudo_mode :create, :update, :destroy
def index
@addresses = @user.email_addresses.order(:id).where(:is_default => false).to_a
diff --git a/app/controllers/groups_controller.rb b/app/controllers/groups_controller.rb
index a85b88b3b..825e8b857 100644
--- a/app/controllers/groups_controller.rb
+++ b/app/controllers/groups_controller.rb
@@ -22,6 +22,8 @@ class GroupsController < ApplicationController
before_filter :find_group, :except => [:index, :new, :create]
accept_api_auth :index, :show, :create, :update, :destroy, :add_users, :remove_user
+ require_sudo_mode :add_users, :remove_user, :create, :update, :destroy, :edit_membership, :destroy_membership
+
helper :custom_fields
helper :principal_memberships
diff --git a/app/controllers/members_controller.rb b/app/controllers/members_controller.rb
index 0f1f53f8e..dbf7a5bec 100644
--- a/app/controllers/members_controller.rb
+++ b/app/controllers/members_controller.rb
@@ -23,6 +23,8 @@ class MembersController < ApplicationController
before_filter :authorize
accept_api_auth :index, :show, :create, :update, :destroy
+ require_sudo_mode :create, :update, :destroy
+
def index
scope = @project.memberships.active
@offset, @limit = api_offset_and_limit
diff --git a/app/controllers/my_controller.rb b/app/controllers/my_controller.rb
index 982541db1..1f744a936 100644
--- a/app/controllers/my_controller.rb
+++ b/app/controllers/my_controller.rb
@@ -20,6 +20,9 @@ class MyController < ApplicationController
# let user change user's password when user has to
skip_before_filter :check_password_change, :only => :password
+ require_sudo_mode :account, only: :post
+ require_sudo_mode :reset_rss_key, :reset_api_key, :show_api_key, :destroy
+
helper :issues
helper :users
helper :custom_fields
@@ -123,6 +126,10 @@ class MyController < ApplicationController
redirect_to my_account_path
end
+ def show_api_key
+ @user = User.current
+ end
+
# Create a new API key
def reset_api_key
if request.post?
diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb
index 71007f383..60af3719d 100644
--- a/app/controllers/projects_controller.rb
+++ b/app/controllers/projects_controller.rb
@@ -25,6 +25,7 @@ class ProjectsController < ApplicationController
before_filter :require_admin, :only => [ :copy, :archive, :unarchive, :destroy ]
accept_rss_auth :index
accept_api_auth :index, :show, :create, :update, :destroy
+ require_sudo_mode :destroy
after_filter :only => [:create, :edit, :update, :archive, :unarchive, :destroy] do |controller|
if controller.request.post?
diff --git a/app/controllers/roles_controller.rb b/app/controllers/roles_controller.rb
index bef24829b..33229cbe0 100644
--- a/app/controllers/roles_controller.rb
+++ b/app/controllers/roles_controller.rb
@@ -23,6 +23,8 @@ class RolesController < ApplicationController
before_filter :find_role, :only => [:show, :edit, :update, :destroy]
accept_api_auth :index, :show
+ require_sudo_mode :create, :update, :destroy
+
def index
respond_to do |format|
format.html {
diff --git a/app/controllers/settings_controller.rb b/app/controllers/settings_controller.rb
index 9b36d7bf7..5ca5d1dab 100644
--- a/app/controllers/settings_controller.rb
+++ b/app/controllers/settings_controller.rb
@@ -23,6 +23,8 @@ class SettingsController < ApplicationController
before_filter :require_admin
+ require_sudo_mode :index, :edit, :plugin
+
def index
edit
render :action => 'edit'
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index f52c44a97..9ce80111a 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -28,6 +28,8 @@ class UsersController < ApplicationController
include CustomFieldsHelper
helper :principal_memberships
+ require_sudo_mode :create, :update, :destroy
+
def index
sort_init 'login', 'asc'
sort_update %w(login firstname lastname admin created_on last_login_on)
diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb
index 8b66e9f82..6e59f63ed 100644
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@@ -25,6 +25,7 @@ module ApplicationHelper
include Redmine::I18n
include GravatarHelper::PublicMethods
include Redmine::Pagination::Helper
+ include Redmine::SudoMode::Helper
extend Forwardable
def_delegators :wiki_helper, :wikitoolbar_for, :heads_for_wiki_formatter
diff --git a/app/views/my/_sidebar.html.erb b/app/views/my/_sidebar.html.erb
index a35bcaf77..7f0aefa16 100644
--- a/app/views/my/_sidebar.html.erb
+++ b/app/views/my/_sidebar.html.erb
@@ -21,8 +21,8 @@
<% if Setting.rest_api_enabled? %>
<h4><%= l(:label_api_access_key) %></h4>
<div>
- <%= link_to_function(l(:button_show), "$('#api-access-key').toggle();")%>
- <pre id='api-access-key' class='autoscroll'><%= @user.api_key %></pre>
+ <%= link_to l(:button_show), {:action => 'show_api_key'}, :remote => true %>
+ <pre id='api-access-key' class='autoscroll'></pre>
</div>
<%= javascript_tag("$('#api-access-key').hide();") %>
<p>
diff --git a/app/views/my/show_api_key.html.erb b/app/views/my/show_api_key.html.erb
new file mode 100644
index 000000000..97665faff
--- /dev/null
+++ b/app/views/my/show_api_key.html.erb
@@ -0,0 +1,10 @@
+<h2><%= l :label_api_access_key %></h2>
+
+<div class="box">
+ <pre><%= @user.api_key %></pre>
+</div>
+
+<p><%= link_to l(:button_back), action: 'account' %></p>
+
+
+
diff --git a/app/views/my/show_api_key.js.erb b/app/views/my/show_api_key.js.erb
new file mode 100644
index 000000000..73b0ee029
--- /dev/null
+++ b/app/views/my/show_api_key.js.erb
@@ -0,0 +1 @@
+$('#api-access-key').html('<%= escape_javascript @user.api_key %>').toggle();
diff --git a/app/views/sudo_mode/_new_modal.html.erb b/app/views/sudo_mode/_new_modal.html.erb
new file mode 100644
index 000000000..f63c1a427
--- /dev/null
+++ b/app/views/sudo_mode/_new_modal.html.erb
@@ -0,0 +1,19 @@
+<h3 class="title"><%= l(:label_password_required) %></h3>
+<%= form_tag({}, remote: true) do %>
+
+ <%= hidden_field_tag '_method', request.request_method %>
+ <%= hash_to_hidden_fields @sudo_form.original_fields %>
+ <%= render_flash_messages %>
+ <div class="box tabular">
+ <p>
+ <label for="sudo_password"><%= l :field_password %><span class="required">*</span></label>
+ <%= password_field_tag :sudo_password, nil, size: 25 %>
+ </p>
+ </div>
+
+ <p class="buttons">
+ <%= submit_tag l(:button_confirm_password), onclick: "hideModal(this);" %>
+ <%= submit_tag l(:button_cancel), name: nil, onclick: "hideModal(this);", type: 'button' %>
+ </p>
+<% end %>
+
diff --git a/app/views/sudo_mode/new.html.erb b/app/views/sudo_mode/new.html.erb
new file mode 100644
index 000000000..d92e47d47
--- /dev/null
+++ b/app/views/sudo_mode/new.html.erb
@@ -0,0 +1,17 @@
+<h2><%= l :label_password_required %></h2>
+<%= form_tag({}, class: 'tabular') do %>
+
+ <%= hidden_field_tag '_method', request.request_method %>
+ <%= hash_to_hidden_fields @sudo_form.original_fields %>
+
+ <div class="box">
+ <p>
+ <label for="sudo_password"><%= l :field_password %><span class="required">*</span></label>
+ <%= password_field_tag :sudo_password, nil, size: 25 %>
+ </p>
+ </div>
+ <%= submit_tag l(:button_confirm_password) %>
+<% end %>
+<%= javascript_tag "$('#sudo_password').focus();" %>
+
+
diff --git a/app/views/sudo_mode/new.js.erb b/app/views/sudo_mode/new.js.erb
new file mode 100644
index 000000000..34510fa54
--- /dev/null
+++ b/app/views/sudo_mode/new.js.erb
@@ -0,0 +1,4 @@
+$('#ajax-modal').html('<%= escape_javascript render partial: 'sudo_mode/new_modal' %>');
+showModal('ajax-modal', '400px');
+$('#sudo_password').focus();
+
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-01 22:04:57 +0000