Mercurial > hg > soundsoftware-site

comparison app/controllers/application_controller.rb @ 909:cbb26bc654de redmine-1.3

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Update to Redmine 1.3-stable branch (Redmine SVN rev 8964)
author Chris Cannam
date Fri, 24 Feb 2012 19:09:32 +0000
parents 0c939c159af4
children 5e80956cc792 433d4f72a19b
comparison
equal deleted inserted replaced
908:c6c2cbd0afee 909:cbb26bc654de
24 include Redmine::I18n 24 include Redmine::I18n
25 25
26 layout 'base' 26 layout 'base'
27 exempt_from_layout 'builder', 'rsb' 27 exempt_from_layout 'builder', 'rsb'
28 28
29 protect_from_forgery
30 def handle_unverified_request
31 super
32 cookies.delete(:autologin)
33 end
29 # Remove broken cookie after upgrade from 0.8.x (#4292) 34 # Remove broken cookie after upgrade from 0.8.x (#4292)
30 # See https://rails.lighthouseapp.com/projects/8994/tickets/3360 35 # See https://rails.lighthouseapp.com/projects/8994/tickets/3360
31 # TODO: remove it when Rails is fixed 36 # TODO: remove it when Rails is fixed
32 before_filter :delete_broken_cookies 37 before_filter :delete_broken_cookies
33 def delete_broken_cookies 38 def delete_broken_cookies
38 end 43 end
39 end 44 end
40 45
41 before_filter :user_setup, :check_if_login_required, :set_localization 46 before_filter :user_setup, :check_if_login_required, :set_localization
42 filter_parameter_logging :password 47 filter_parameter_logging :password
43 protect_from_forgery
44 48
45 rescue_from ActionController::InvalidAuthenticityToken, :with => :invalid_authenticity_token 49 rescue_from ActionController::InvalidAuthenticityToken, :with => :invalid_authenticity_token
46 rescue_from ::Unauthorized, :with => :deny_access 50 rescue_from ::Unauthorized, :with => :deny_access
47 51
48 include Redmine::Search::Controller 52 include Redmine::Search::Controller
200 # Finds and sets @project based on @object.project 204 # Finds and sets @project based on @object.project
201 def find_project_from_association 205 def find_project_from_association
202 render_404 unless @object.present? 206 render_404 unless @object.present?
203 207
204 @project = @object.project 208 @project = @object.project
205 rescue ActiveRecord::RecordNotFound
206 render_404
207 end 209 end
208 210
209 def find_model_object 211 def find_model_object
210 model = self.class.read_inheritable_attribute('model_object') 212 model = self.class.read_inheritable_attribute('model_object')
211 if model 213 if model
248 def check_project_privacy 250 def check_project_privacy
249 if @project && @project.active? 251 if @project && @project.active?
250 if @project.is_public? || User.current.member_of?(@project) || User.current.admin? 252 if @project.is_public? || User.current.member_of?(@project) || User.current.admin?
251 true 253 true
252 else 254 else
253 User.current.logged? ? render_403 : require_login 255 deny_access
254 end 256 end
255 else 257 else
256 @project = nil 258 @project = nil
257 render_404 259 render_404
258 false 260 false
308 format.xml { head @status } 310 format.xml { head @status }
309 format.js { head @status } 311 format.js { head @status }
310 format.json { head @status } 312 format.json { head @status }
311 end 313 end
312 end 314 end
315
316 # Filter for actions that provide an API response
317 # but have no HTML representation for non admin users
318 def require_admin_or_api_request
319 return true if api_request?
320 if User.current.admin?
321 true
322 elsif User.current.logged?
323 render_error(:status => 406)
324 else
325 deny_access
326 end
327 end
313 328
314 # Picks which layout to use based on the request 329 # Picks which layout to use based on the request
315 # 330 #
316 # @return [boolean, string] name of the layout to use or false for no layout 331 # @return [boolean, string] name of the layout to use or false for no layout
317 def use_layout 332 def use_layout
328 def render_feed(items, options={}) 343 def render_feed(items, options={})
329 @items = items || [] 344 @items = items || []
330 @items.sort! {|x,y| y.event_datetime <=> x.event_datetime } 345 @items.sort! {|x,y| y.event_datetime <=> x.event_datetime }
331 @items = @items.slice(0, Setting.feeds_limit.to_i) 346 @items = @items.slice(0, Setting.feeds_limit.to_i)
332 @title = options[:title] || Setting.app_title 347 @title = options[:title] || Setting.app_title
333 render :template => "common/feed.atom.rxml", :layout => false, :content_type => 'application/atom+xml' 348 render :template => "common/feed.atom", :layout => false,
334 end 349 :content_type => 'application/atom+xml'
335 350 end
351
336 # TODO: remove in Redmine 1.4 352 # TODO: remove in Redmine 1.4
337 def self.accept_key_auth(*actions) 353 def self.accept_key_auth(*actions)
338 ActiveSupport::Deprecation.warn "ApplicationController.accept_key_auth is deprecated and will be removed in Redmine 1.4. Use accept_rss_auth (or accept_api_auth) instead." 354 ActiveSupport::Deprecation.warn "ApplicationController.accept_key_auth is deprecated and will be removed in Redmine 1.4. Use accept_rss_auth (or accept_api_auth) instead."
339 accept_rss_auth(*actions) 355 accept_rss_auth(*actions)
340 end 356 end
342 # TODO: remove in Redmine 1.4 358 # TODO: remove in Redmine 1.4
343 def accept_key_auth_actions 359 def accept_key_auth_actions
344 ActiveSupport::Deprecation.warn "ApplicationController.accept_key_auth_actions is deprecated and will be removed in Redmine 1.4. Use accept_rss_auth (or accept_api_auth) instead." 360 ActiveSupport::Deprecation.warn "ApplicationController.accept_key_auth_actions is deprecated and will be removed in Redmine 1.4. Use accept_rss_auth (or accept_api_auth) instead."
345 self.class.accept_rss_auth 361 self.class.accept_rss_auth
346 end 362 end
347 363
348 def self.accept_rss_auth(*actions) 364 def self.accept_rss_auth(*actions)
349 if actions.any? 365 if actions.any?
350 write_inheritable_attribute('accept_rss_auth_actions', actions) 366 write_inheritable_attribute('accept_rss_auth_actions', actions)
351 else 367 else
352 read_inheritable_attribute('accept_rss_auth_actions') || [] 368 read_inheritable_attribute('accept_rss_auth_actions') || []
353 end 369 end
354 end 370 end
355 371
356 def accept_rss_auth?(action=action_name) 372 def accept_rss_auth?(action=action_name)
357 self.class.accept_rss_auth.include?(action.to_sym) 373 self.class.accept_rss_auth.include?(action.to_sym)
358 end 374 end
359 375
360 def self.accept_api_auth(*actions) 376 def self.accept_api_auth(*actions)
361 if actions.any? 377 if actions.any?
362 write_inheritable_attribute('accept_api_auth_actions', actions) 378 write_inheritable_attribute('accept_api_auth_actions', actions)
363 else 379 else
364 read_inheritable_attribute('accept_api_auth_actions') || [] 380 read_inheritable_attribute('accept_api_auth_actions') || []
365 end 381 end
366 end 382 end
367 383
368 def accept_api_auth?(action=action_name) 384 def accept_api_auth?(action=action_name)
369 self.class.accept_api_auth.include?(action.to_sym) 385 self.class.accept_api_auth.include?(action.to_sym)
370 end 386 end
371 387
372 # Returns the number of objects that should be displayed 388 # Returns the number of objects that should be displayed
473 session.delete(:query) 489 session.delete(:query)
474 sort_clear if respond_to?(:sort_clear) 490 sort_clear if respond_to?(:sort_clear)
475 render_error "An error occurred while executing the query and has been logged. Please report this error to your Redmine administrator." 491 render_error "An error occurred while executing the query and has been logged. Please report this error to your Redmine administrator."
476 end 492 end
477 493
478 # Converts the errors on an ActiveRecord object into a common JSON format
479 def object_errors_to_json(object)
480 object.errors.collect do |attribute, error|
481 { attribute => error }
482 end.to_json
483 end
484
485 # Renders API response on validation failure 494 # Renders API response on validation failure
486 def render_validation_errors(object) 495 def render_validation_errors(object)
487 options = { :status => :unprocessable_entity, :layout => false } 496 options = { :status => :unprocessable_entity, :layout => false }
488 options.merge!(case params[:format] 497 options.merge!(case params[:format]
489 when 'xml'; { :xml => object.errors } 498 when 'xml'; { :xml => object.errors }