From 1c44600c62dc1063583d9e2015ab815d9dd22fa5 Mon Sep 17 00:00:00 2001 From: Jean-Philippe Lang Date: Sat, 23 Jun 2007 13:49:29 +0000 Subject: Added per user custom queries. Any logged in user can now save queries (they are not visible to the other users). Only users with explicit permission can manage queries that are visible to anyone. The queries list is removed from the "Reports" view. It can now be accessed from the issues list. git-svn-id: http://redmine.rubyforge.org/svn/trunk@566 e93f8b46-1217-0410-a6f0-8f06a7374b81 --- app/controllers/projects_controller.rb | 19 +------------ app/controllers/queries_controller.rb | 50 ++++++++++++++++++++++++++------- app/controllers/reports_controller.rb | 1 - app/models/query.rb | 7 ++++- app/models/user.rb | 7 +++++ app/views/issues/_add_shortcut.rhtml | 5 ---- app/views/layouts/base.rhtml | 11 ++++++++ app/views/projects/add_query.rhtml | 6 ---- app/views/projects/list_issues.rhtml | 14 ++++----- app/views/projects/show.rhtml | 3 -- app/views/queries/_filters.rhtml | 2 +- app/views/queries/_form.rhtml | 7 +++-- app/views/queries/edit.rhtml | 2 +- app/views/queries/index.rhtml | 29 +++++++++++++++++++ app/views/queries/new.rhtml | 6 ++++ app/views/reports/issue_report.rhtml | 17 ----------- public/images/save.png | Bin 591 -> 498 bytes 17 files changed, 112 insertions(+), 74 deletions(-) delete mode 100644 app/views/issues/_add_shortcut.rhtml delete mode 100644 app/views/projects/add_query.rhtml create mode 100644 app/views/queries/index.rhtml create mode 100644 app/views/queries/new.rhtml diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb index 233d012d2..0f9b0f52c 100644 --- a/app/controllers/projects_controller.rb +++ b/app/controllers/projects_controller.rb @@ -288,8 +288,7 @@ class ProjectsController < ApplicationController :conditions => @query.statement, :limit => @issue_pages.items_per_page, :offset => @issue_pages.current.offset - end - @trackers = Tracker.find :all, :order => 'position' + end render :layout => false if request.xhr? end @@ -400,22 +399,6 @@ class ProjectsController < ApplicationController end end - def add_query - @query = Query.new(params[:query]) - @query.project = @project - @query.user = logged_in_user - - params[:fields].each do |field| - @query.add_filter(field, params[:operators][field], params[:values][field]) - end if params[:fields] - - if request.post? and @query.save - flash[:notice] = l(:notice_successful_create) - redirect_to :controller => 'reports', :action => 'issue_report', :id => @project - end - render :layout => false if request.xhr? - end - # Add a news to @project def add_news @news = News.new(:project => @project) diff --git a/app/controllers/queries_controller.rb b/app/controllers/queries_controller.rb index abafd19d4..631895284 100644 --- a/app/controllers/queries_controller.rb +++ b/app/controllers/queries_controller.rb @@ -1,5 +1,5 @@ # redMine - project management software -# Copyright (C) 2006 Jean-Philippe Lang +# Copyright (C) 2006-2007 Jean-Philippe Lang # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License @@ -16,9 +16,35 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. class QueriesController < ApplicationController - layout 'base' - before_filter :require_login, :find_query + layout 'base' + before_filter :require_login, :except => :index + before_filter :find_project, :check_project_privacy + def index + @queries = @project.queries.find(:all, + :order => "name ASC", + :conditions => ["is_public = ? or user_id = ?", true, (logged_in_user ? logged_in_user.id : 0)]) + end + + def new + @query = Query.new(params[:query]) + @query.project = @project + @query.user = logged_in_user + @query.executed_by = logged_in_user + @query.is_public = false unless logged_in_user.authorized_to(@project, 'projects/add_query') + + params[:fields].each do |field| + @query.add_filter(field, params[:operators][field], params[:values][field]) + end if params[:fields] + + if request.post? and @query.save + flash[:notice] = l(:notice_successful_create) + redirect_to :controller => 'projects', :action => 'list_issues', :id => @project, :query_id => @query + return + end + render :layout => false if request.xhr? + end + def edit if request.post? @query.filters = {} @@ -26,6 +52,7 @@ class QueriesController < ApplicationController @query.add_filter(field, params[:operators][field], params[:values][field]) end if params[:fields] @query.attributes = params[:query] + @query.is_public = false unless logged_in_user.authorized_to(@project, 'projects/add_query') if @query.save flash[:notice] = l(:notice_successful_update) @@ -36,16 +63,19 @@ class QueriesController < ApplicationController def destroy @query.destroy if request.post? - redirect_to :controller => 'reports', :action => 'issue_report', :id => @project + redirect_to :controller => 'queries', :project_id => @project end private - def find_query - @query = Query.find(params[:id]) - @query.executed_by = logged_in_user - @project = @query.project - # check if user is allowed to manage queries (same permission as add_query) - authorize('projects', 'add_query') + def find_project + if params[:id] + @query = Query.find(params[:id]) + @query.executed_by = logged_in_user + @project = @query.project + render_403 unless @query.editable_by?(logged_in_user) + else + @project = Project.find(params[:project_id]) + end rescue ActiveRecord::RecordNotFound render_404 end diff --git a/app/controllers/reports_controller.rb b/app/controllers/reports_controller.rb index 59f13d7a5..fdbcc5a53 100644 --- a/app/controllers/reports_controller.rb +++ b/app/controllers/reports_controller.rb @@ -60,7 +60,6 @@ class ReportsController < ApplicationController @report_title = l(:field_subproject) render :template => "reports/issue_report_details" else - @queries = @project.queries.find :all, :conditions => ["is_public=? or user_id=?", true, (logged_in_user ? logged_in_user.id : 0)] @trackers = Tracker.find(:all, :order => 'position') @versions = @project.versions.sort @priorities = Enumeration::get_values('IPRI') diff --git a/app/models/query.rb b/app/models/query.rb index 081721ca2..b64143674 100644 --- a/app/models/query.rb +++ b/app/models/query.rb @@ -57,7 +57,6 @@ class Query < ActiveRecord::Base def initialize(attributes = nil) super attributes self.filters ||= { 'status_id' => {:operator => "o", :values => [""]} } - self.is_public = true end def executed_by=(user) @@ -75,6 +74,12 @@ class Query < ActiveRecord::Base end if filters end + def editable_by?(user) + return false unless user + return true if !is_public && self.user_id == user.id + is_public && user.authorized_to(project, "projects/add_query") + end + def available_filters return @available_filters if @available_filters @available_filters = { "status_id" => { :type => :list_status, :order => 1, :values => IssueStatus.find(:all, :order => 'position').collect{|s| [s.name, s.id.to_s] } }, diff --git a/app/models/user.rb b/app/models/user.rb index 917745b22..bc5d4ecf8 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -125,10 +125,17 @@ class User < ActiveRecord::Base end def role_for_project(project) + return nil unless project member = memberships.detect {|m| m.project_id == project.id} member ? member.role : nil end + def authorized_to(project, action) + return true if self.admin? + role = role_for_project(project) + role && Permission.allowed_to_role(action, role) + end + def pref self.preference ||= UserPreference.new(:user => self) end diff --git a/app/views/issues/_add_shortcut.rhtml b/app/views/issues/_add_shortcut.rhtml deleted file mode 100644 index c6a5a4667..000000000 --- a/app/views/issues/_add_shortcut.rhtml +++ /dev/null @@ -1,5 +0,0 @@ -<% if authorize_for('projects', 'add_issue') %> -<% form_tag({ :controller => 'projects', :action => 'add_issue', :id => @project }, :method => 'get') do %> -<%= l(:label_issue_new) %>: <%= select_tag 'tracker_id', ("" + options_from_collection_for_select(trackers, 'id', 'name')), :onchange => "if (this.value!='') {this.form.submit();}" %> -<% end %> -<% end %> diff --git a/app/views/layouts/base.rhtml b/app/views/layouts/base.rhtml index 62dd48af2..bcc4026a0 100644 --- a/app/views/layouts/base.rhtml +++ b/app/views/layouts/base.rhtml @@ -77,6 +77,9 @@ <%= link_to l(:label_calendar), {:controller => 'projects', :action => 'calendar', :id => @project }, :class => "menuItem" %> <%= link_to l(:label_gantt), {:controller => 'projects', :action => 'gantt', :id => @project }, :class => "menuItem" %> <%= link_to l(:label_issue_plural), {:controller => 'projects', :action => 'list_issues', :id => @project }, :class => "menuItem" %> + <% if @project && authorize_for('projects', 'add_issue') %> + <%= l(:label_issue_new) %> + <% end %> <%= link_to l(:label_report_plural), {:controller => 'reports', :action => 'issue_report', :id => @project }, :class => "menuItem" %> <%= link_to l(:label_activity), {:controller => 'projects', :action => 'activity', :id => @project }, :class => "menuItem" %> <%= link_to l(:label_news_plural), {:controller => 'projects', :action => 'list_news', :id => @project }, :class => "menuItem" %> @@ -91,6 +94,14 @@ <%= link_to_if_authorized l(:label_settings), {:controller => 'projects', :action => 'settings', :id => @project }, :class => "menuItem" %> <% end %> + + <% if @project && authorize_for('projects', 'add_issue') %> + + <% end %> <% if loggedin? and @logged_in_user.memberships.any? %>