3 files changed, 44 insertions, 4 deletions
diff --git a/app/controllers/queries_controller.rb b/app/controllers/queries_controller.rb
index 60f3b445f..601ad85d1 100644
--- a/app/controllers/queries_controller.rb
+++ b/app/controllers/queries_controller.rb
@@ -1,5 +1,5 @@
-# redMine - project management software
-# Copyright (C) 2006-2007  Jean-Philippe Lang
+# Redmine - project management software
+# Copyright (C) 2006-2011  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -17,9 +17,29 @@
 
 class QueriesController < ApplicationController
   menu_item :issues
-  before_filter :find_query, :except => :new
+  before_filter :find_query, :except => [:new, :index]
   before_filter :find_optional_project, :only => :new
   
+  accept_key_auth :index
+  
+  def index
+    case params[:format]
+    when 'xml', 'json'
+      @offset, @limit = api_offset_and_limit
+    else
+      @limit = per_page_option
+    end
+    
+    @query_count = Query.visible.count
+    @query_pages = Paginator.new self, @query_count, @limit, params['page']
+    @queries = Query.visible.all(:limit => @limit, :offset => @offset, :order => "#{Query.table_name}.name")
+    
+    respond_to do |format|
+      format.html { render :nothing => true }
+      format.api
+    end
+  end
+  
   def new
     @query = Query.new(params[:query])
     @query.project = params[:query_is_for_all] ? nil : @project
diff --git a/app/models/query.rb b/app/models/query.rb
index 786751c8c..a6fbe9b94 100644
--- a/app/models/query.rb
+++ b/app/models/query.rb
@@ -146,6 +146,16 @@ class Query < ActiveRecord::Base
   ]
   cattr_reader :available_columns
 
+  named_scope :visible, lambda {|*args|
+    user = args.shift || User.current
+    base = Project.allowed_to_condition(user, :view_issues, *args)
+    user_id = user.logged? ? user.id : 0
+    {
+      :conditions => ["(#{table_name}.project_id IS NULL OR (#{base})) AND (#{table_name}.is_public = ? OR #{table_name}.user_id = ?)", true, user_id],
+      :include => :project
+    }
+  }
+  
   def initialize(attributes = nil)
     super attributes
     self.filters ||= { 'status_id' => {:operator => "o", :values => [""]} }
@@ -168,7 +178,7 @@ class Query < ActiveRecord::Base
   
   # Returns true if the query is visible to +user+ or the current user.
   def visible?(user=User.current)
-    self.is_public? || self.user_id == user.id
+    (project.nil? || user.allowed_to?(:view_issues, project)) && (self.is_public? || self.user_id == user.id)
   end
 
   def editable_by?(user)
diff --git a/app/views/queries/index.api.rsb b/app/views/queries/index.api.rsb
new file mode 100644
index 000000000..800b4964e
--- /dev/null
+++ b/app/views/queries/index.api.rsb
@@ -0,0 +1,10 @@
+api.array :queries, api_meta(:total_count => @query_count, :offset => @offset, :limit => @limit) do
+  @queries.each do |query|
+    api.query do
+      api.id          query.id
+      api.name        query.name
+      api.is_public   query.is_public
+      api.project_id  query.project_id
+    end
+  end
+end