comparison app/controllers/.svn/text-base/application_controller.rb.svn-base @ 507:0c939c159af4 redmine-1.2

Update to Redmine 1.2.1 on 1.2-stable branch (Redmine SVN rev 6270)
author Chris Cannam
date Thu, 14 Jul 2011 10:32:19 +0100
parents cbce1fd3b1b7
children
comparison
equal deleted inserted replaced
441:cbce1fd3b1b7 507:0c939c159af4
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17 17
18 require 'uri' 18 require 'uri'
19 require 'cgi' 19 require 'cgi'
20 20
21 class Unauthorized < Exception; end
22
21 class ApplicationController < ActionController::Base 23 class ApplicationController < ActionController::Base
22 include Redmine::I18n 24 include Redmine::I18n
23 25
24 layout 'base' 26 layout 'base'
25 exempt_from_layout 'builder', 'rsb' 27 exempt_from_layout 'builder', 'rsb'
39 before_filter :user_setup, :check_if_login_required, :set_localization 41 before_filter :user_setup, :check_if_login_required, :set_localization
40 filter_parameter_logging :password 42 filter_parameter_logging :password
41 protect_from_forgery 43 protect_from_forgery
42 44
43 rescue_from ActionController::InvalidAuthenticityToken, :with => :invalid_authenticity_token 45 rescue_from ActionController::InvalidAuthenticityToken, :with => :invalid_authenticity_token
46 rescue_from ::Unauthorized, :with => :deny_access
44 47
45 include Redmine::Search::Controller 48 include Redmine::Search::Controller
46 include Redmine::MenuManager::MenuController 49 include Redmine::MenuManager::MenuController
47 helper Redmine::MenuManager::MenuHelper 50 helper Redmine::MenuManager::MenuHelper
48 51
66 elsif cookies[:autologin] && Setting.autologin? 69 elsif cookies[:autologin] && Setting.autologin?
67 # auto-login feature starts a new session 70 # auto-login feature starts a new session
68 user = User.try_to_autologin(cookies[:autologin]) 71 user = User.try_to_autologin(cookies[:autologin])
69 session[:user_id] = user.id if user 72 session[:user_id] = user.id if user
70 user 73 user
71 elsif params[:format] == 'atom' && params[:key] && accept_key_auth_actions.include?(params[:action]) 74 elsif params[:format] == 'atom' && params[:key] && request.get? && accept_rss_auth?
72 # RSS key authentication does not start a session 75 # RSS key authentication does not start a session
73 User.find_by_rss_key(params[:key]) 76 User.find_by_rss_key(params[:key])
74 elsif Setting.rest_api_enabled? && api_request? 77 elsif Setting.rest_api_enabled? && accept_api_auth?
75 if (key = api_key_from_request) && accept_key_auth_actions.include?(params[:action]) 78 if (key = api_key_from_request)
76 # Use API key 79 # Use API key
77 User.find_by_api_key(key) 80 User.find_by_api_key(key)
78 else 81 else
79 # HTTP Basic, either username/password or API key/random 82 # HTTP Basic, either username/password or API key/random
80 authenticate_with_http_basic do |username, password| 83 authenticate_with_http_basic do |username, password|
327 @items.sort! {|x,y| y.event_datetime <=> x.event_datetime } 330 @items.sort! {|x,y| y.event_datetime <=> x.event_datetime }
328 @items = @items.slice(0, Setting.feeds_limit.to_i) 331 @items = @items.slice(0, Setting.feeds_limit.to_i)
329 @title = options[:title] || Setting.app_title 332 @title = options[:title] || Setting.app_title
330 render :template => "common/feed.atom.rxml", :layout => false, :content_type => 'application/atom+xml' 333 render :template => "common/feed.atom.rxml", :layout => false, :content_type => 'application/atom+xml'
331 end 334 end
332 335
336 # TODO: remove in Redmine 1.4
333 def self.accept_key_auth(*actions) 337 def self.accept_key_auth(*actions)
334 actions = actions.flatten.map(&:to_s) 338 ActiveSupport::Deprecation.warn "ApplicationController.accept_key_auth is deprecated and will be removed in Redmine 1.4. Use accept_rss_auth (or accept_api_auth) instead."
335 write_inheritable_attribute('accept_key_auth_actions', actions) 339 accept_rss_auth(*actions)
336 end 340 end
337 341
342 # TODO: remove in Redmine 1.4
338 def accept_key_auth_actions 343 def accept_key_auth_actions
339 self.class.read_inheritable_attribute('accept_key_auth_actions') || [] 344 ActiveSupport::Deprecation.warn "ApplicationController.accept_key_auth_actions is deprecated and will be removed in Redmine 1.4. Use accept_rss_auth (or accept_api_auth) instead."
345 self.class.accept_rss_auth
346 end
347
348 def self.accept_rss_auth(*actions)
349 if actions.any?
350 write_inheritable_attribute('accept_rss_auth_actions', actions)
351 else
352 read_inheritable_attribute('accept_rss_auth_actions') || []
353 end
354 end
355
356 def accept_rss_auth?(action=action_name)
357 self.class.accept_rss_auth.include?(action.to_sym)
358 end
359
360 def self.accept_api_auth(*actions)
361 if actions.any?
362 write_inheritable_attribute('accept_api_auth_actions', actions)
363 else
364 read_inheritable_attribute('accept_api_auth_actions') || []
365 end
366 end
367
368 def accept_api_auth?(action=action_name)
369 self.class.accept_api_auth.include?(action.to_sym)
340 end 370 end
341 371
342 # Returns the number of objects that should be displayed 372 # Returns the number of objects that should be displayed
343 # on the paginated list 373 # on the paginated list
344 def per_page_option 374 def per_page_option