Mercurial > hg > soundsoftware-site
comparison app/controllers/application_controller.rb @ 37:94944d00e43c
* Update to SVN trunk rev 4411
| author | Chris Cannam <chris.cannam@soundsoftware.ac.uk> |
|---|---|
| date | Fri, 19 Nov 2010 13:24:41 +0000 |
| parents | 40f7cfd4df19 |
| children | aea1779e6f18 af80e5618e9b |
comparison
equal
deleted
inserted
replaced
| 22:40f7cfd4df19 | 37:94944d00e43c |
|---|---|
| 151 User.current.logged? ? render_403 : require_login | 151 User.current.logged? ? render_403 : require_login |
| 152 end | 152 end |
| 153 | 153 |
| 154 # Authorize the user for the requested action | 154 # Authorize the user for the requested action |
| 155 def authorize(ctrl = params[:controller], action = params[:action], global = false) | 155 def authorize(ctrl = params[:controller], action = params[:action], global = false) |
| 156 allowed = User.current.allowed_to?({:controller => ctrl, :action => action}, @project, :global => global) | 156 allowed = User.current.allowed_to?({:controller => ctrl, :action => action}, @project || @projects, :global => global) |
| 157 allowed ? true : deny_access | 157 if allowed |
| 158 true | |
| 159 else | |
| 160 if @project && @project.archived? | |
| 161 render_403 :message => :notice_not_authorized_archived_project | |
| 162 else | |
| 163 deny_access | |
| 164 end | |
| 165 end | |
| 158 end | 166 end |
| 159 | 167 |
| 160 # Authorize the user for the requested action outside a project | 168 # Authorize the user for the requested action outside a project |
| 161 def authorize_global(ctrl = params[:controller], action = params[:action], global = true) | 169 def authorize_global(ctrl = params[:controller], action = params[:action], global = true) |
| 162 authorize(ctrl, action, global) | 170 authorize(ctrl, action, global) |
| 211 | 219 |
| 212 # Filter for bulk issue operations | 220 # Filter for bulk issue operations |
| 213 def find_issues | 221 def find_issues |
| 214 @issues = Issue.find_all_by_id(params[:id] || params[:ids]) | 222 @issues = Issue.find_all_by_id(params[:id] || params[:ids]) |
| 215 raise ActiveRecord::RecordNotFound if @issues.empty? | 223 raise ActiveRecord::RecordNotFound if @issues.empty? |
| 216 projects = @issues.collect(&:project).compact.uniq | 224 @projects = @issues.collect(&:project).compact.uniq |
| 217 if projects.size == 1 | 225 @project = @projects.first if @projects.size == 1 |
| 218 @project = projects.first | 226 rescue ActiveRecord::RecordNotFound |
| 219 else | 227 render_404 |
| 228 end | |
| 229 | |
| 230 # Check if project is unique before bulk operations | |
| 231 def check_project_uniqueness | |
| 232 unless @project | |
| 220 # TODO: let users bulk edit/move/destroy issues from different projects | 233 # TODO: let users bulk edit/move/destroy issues from different projects |
| 221 render_error 'Can not bulk edit/move/destroy issues from different projects' | 234 render_error 'Can not bulk edit/move/destroy issues from different projects' |
| 222 return false | 235 return false |
| 223 end | 236 end |
| 224 rescue ActiveRecord::RecordNotFound | |
| 225 render_404 | |
| 226 end | 237 end |
| 227 | 238 |
| 228 # make sure that the user is a member of the project (or admin) if project is private | 239 # make sure that the user is a member of the project (or admin) if project is private |
| 229 # used as a before_filter for actions that do not require any particular permission on the project | 240 # used as a before_filter for actions that do not require any particular permission on the project |
| 230 def check_project_privacy | 241 def check_project_privacy |
| 260 end | 271 end |
| 261 end | 272 end |
| 262 redirect_to default | 273 redirect_to default |
| 263 end | 274 end |
| 264 | 275 |
| 265 def render_403 | 276 def render_403(options={}) |
| 266 @project = nil | 277 @project = nil |
| 278 render_error({:message => :notice_not_authorized, :status => 403}.merge(options)) | |
| 279 return false | |
| 280 end | |
| 281 | |
| 282 def render_404(options={}) | |
| 283 render_error({:message => :notice_file_not_found, :status => 404}.merge(options)) | |
| 284 return false | |
| 285 end | |
| 286 | |
| 287 # Renders an error response | |
| 288 def render_error(arg) | |
| 289 arg = {:message => arg} unless arg.is_a?(Hash) | |
| 290 | |
| 291 @message = arg[:message] | |
| 292 @message = l(@message) if @message.is_a?(Symbol) | |
| 293 @status = arg[:status] || 500 | |
| 294 | |
| 267 respond_to do |format| | 295 respond_to do |format| |
| 268 format.html { render :template => "common/403", :layout => use_layout, :status => 403 } | 296 format.html { |
| 269 format.atom { head 403 } | 297 render :template => 'common/error', :layout => use_layout, :status => @status |
| 270 format.xml { head 403 } | |
| 271 format.js { head 403 } | |
| 272 format.json { head 403 } | |
| 273 end | |
| 274 return false | |
| 275 end | |
| 276 | |
| 277 def render_404 | |
| 278 respond_to do |format| | |
| 279 format.html { render :template => "common/404", :layout => use_layout, :status => 404 } | |
| 280 format.atom { head 404 } | |
| 281 format.xml { head 404 } | |
| 282 format.js { head 404 } | |
| 283 format.json { head 404 } | |
| 284 end | |
| 285 return false | |
| 286 end | |
| 287 | |
| 288 def render_error(msg) | |
| 289 respond_to do |format| | |
| 290 format.html { | |
| 291 flash.now[:error] = msg | |
| 292 render :text => '', :layout => use_layout, :status => 500 | |
| 293 } | 298 } |
| 294 format.atom { head 500 } | 299 format.atom { head @status } |
| 295 format.xml { head 500 } | 300 format.xml { head @status } |
| 296 format.js { head 500 } | 301 format.js { head @status } |
| 297 format.json { head 500 } | 302 format.json { head @status } |
| 298 end | 303 end |
| 299 end | 304 end |
| 300 | 305 |
| 301 # Picks which layout to use based on the request | 306 # Picks which layout to use based on the request |
| 302 # | 307 # |