Mercurial > hg > soundsoftware-site

comparison app/controllers/application_controller.rb @ 508:851510f1b535 cannam

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Merge from branch "redmine-1.2"
author Chris Cannam
date Thu, 14 Jul 2011 10:37:36 +0100
parents 32dd9e02950a 0c939c159af4
children 7ded87cc4b80
comparison
equal deleted inserted replaced
506:1551c61843d2 508:851510f1b535
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17 17
18 require 'uri' 18 require 'uri'
19 require 'cgi' 19 require 'cgi'
20 20
21 class Unauthorized < Exception; end
22
21 class ApplicationController < ActionController::Base 23 class ApplicationController < ActionController::Base
22 include Redmine::I18n 24 include Redmine::I18n
23 25
24 layout 'base' 26 layout 'base'
25 exempt_from_layout 'builder', 'rsb' 27 exempt_from_layout 'builder', 'rsb'
39 before_filter :user_setup, :check_if_login_required, :set_localization 41 before_filter :user_setup, :check_if_login_required, :set_localization
40 filter_parameter_logging :password 42 filter_parameter_logging :password
41 protect_from_forgery 43 protect_from_forgery
42 44
43 rescue_from ActionController::InvalidAuthenticityToken, :with => :invalid_authenticity_token 45 rescue_from ActionController::InvalidAuthenticityToken, :with => :invalid_authenticity_token
46 rescue_from ::Unauthorized, :with => :deny_access
44 47
45 include Redmine::Search::Controller 48 include Redmine::Search::Controller
46 include Redmine::MenuManager::MenuController 49 include Redmine::MenuManager::MenuController
47 helper Redmine::MenuManager::MenuHelper 50 helper Redmine::MenuManager::MenuHelper
48 51
66 elsif cookies[:autologin] && Setting.autologin? 69 elsif cookies[:autologin] && Setting.autologin?
67 # auto-login feature starts a new session 70 # auto-login feature starts a new session
68 user = User.try_to_autologin(cookies[:autologin]) 71 user = User.try_to_autologin(cookies[:autologin])
69 session[:user_id] = user.id if user 72 session[:user_id] = user.id if user
70 user 73 user
71 elsif params[:format] == 'atom' && params[:key] && accept_key_auth_actions.include?(params[:action]) 74 elsif params[:format] == 'atom' && params[:key] && request.get? && accept_rss_auth?
72 # RSS key authentication does not start a session 75 # RSS key authentication does not start a session
73 User.find_by_rss_key(params[:key]) 76 User.find_by_rss_key(params[:key])
74 elsif Setting.rest_api_enabled? && api_request? 77 elsif Setting.rest_api_enabled? && accept_api_auth?
75 if (key = api_key_from_request) && accept_key_auth_actions.include?(params[:action]) 78 if (key = api_key_from_request)
76 # Use API key 79 # Use API key
77 User.find_by_api_key(key) 80 User.find_by_api_key(key)
78 else 81 else
79 # HTTP Basic, either username/password or API key/random 82 # HTTP Basic, either username/password or API key/random
80 authenticate_with_http_basic do |username, password| 83 authenticate_with_http_basic do |username, password|
342 @items.sort! {|x,y| y.event_datetime <=> x.event_datetime } 345 @items.sort! {|x,y| y.event_datetime <=> x.event_datetime }
343 @items = @items.slice(0, Setting.feeds_limit.to_i) 346 @items = @items.slice(0, Setting.feeds_limit.to_i)
344 @title = options[:title] || Setting.app_title 347 @title = options[:title] || Setting.app_title
345 render :template => "common/feed.atom.rxml", :layout => false, :content_type => 'application/atom+xml' 348 render :template => "common/feed.atom.rxml", :layout => false, :content_type => 'application/atom+xml'
346 end 349 end
347 350
351 # TODO: remove in Redmine 1.4
348 def self.accept_key_auth(*actions) 352 def self.accept_key_auth(*actions)
349 actions = actions.flatten.map(&:to_s) 353 ActiveSupport::Deprecation.warn "ApplicationController.accept_key_auth is deprecated and will be removed in Redmine 1.4. Use accept_rss_auth (or accept_api_auth) instead."
350 write_inheritable_attribute('accept_key_auth_actions', actions) 354 accept_rss_auth(*actions)
351 end 355 end
352 356
357 # TODO: remove in Redmine 1.4
353 def accept_key_auth_actions 358 def accept_key_auth_actions
354 self.class.read_inheritable_attribute('accept_key_auth_actions') || [] 359 ActiveSupport::Deprecation.warn "ApplicationController.accept_key_auth_actions is deprecated and will be removed in Redmine 1.4. Use accept_rss_auth (or accept_api_auth) instead."
360 self.class.accept_rss_auth
361 end
362
363 def self.accept_rss_auth(*actions)
364 if actions.any?
365 write_inheritable_attribute('accept_rss_auth_actions', actions)
366 else
367 read_inheritable_attribute('accept_rss_auth_actions') || []
368 end
369 end
370
371 def accept_rss_auth?(action=action_name)
372 self.class.accept_rss_auth.include?(action.to_sym)
373 end
374
375 def self.accept_api_auth(*actions)
376 if actions.any?
377 write_inheritable_attribute('accept_api_auth_actions', actions)
378 else
379 read_inheritable_attribute('accept_api_auth_actions') || []
380 end
381 end
382
383 def accept_api_auth?(action=action_name)
384 self.class.accept_api_auth.include?(action.to_sym)
355 end 385 end
356 386
357 # Returns the number of objects that should be displayed 387 # Returns the number of objects that should be displayed
358 # on the paginated list 388 # on the paginated list
359 def per_page_option 389 def per_page_option