Mercurial > hg > soundsoftware-site

diff app/controllers/application_controller.rb @ 37:94944d00e43c

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
* Update to SVN trunk rev 4411
author Chris Cannam <chris.cannam@soundsoftware.ac.uk>
date Fri, 19 Nov 2010 13:24:41 +0000
parents 40f7cfd4df19
children aea1779e6f18 af80e5618e9b
line wrap: on
line diff
--- a/app/controllers/application_controller.rb	Fri Sep 24 14:06:04 2010 +0100
+++ b/app/controllers/application_controller.rb	Fri Nov 19 13:24:41 2010 +0000
@@ -153,8 +153,16 @@
 
   # Authorize the user for the requested action
   def authorize(ctrl = params[:controller], action = params[:action], global = false)
-    allowed = User.current.allowed_to?({:controller => ctrl, :action => action}, @project, :global => global)
-    allowed ? true : deny_access
+    allowed = User.current.allowed_to?({:controller => ctrl, :action => action}, @project || @projects, :global => global)
+    if allowed
+      true
+    else
+      if @project && @project.archived?
+        render_403 :message => :notice_not_authorized_archived_project
+      else
+        deny_access
+      end
+    end
   end
 
   # Authorize the user for the requested action outside a project
@@ -213,16 +221,19 @@
   def find_issues
     @issues = Issue.find_all_by_id(params[:id] || params[:ids])
     raise ActiveRecord::RecordNotFound if @issues.empty?
-    projects = @issues.collect(&:project).compact.uniq
-    if projects.size == 1
-      @project = projects.first
-    else
+    @projects = @issues.collect(&:project).compact.uniq
+    @project = @projects.first if @projects.size == 1
+  rescue ActiveRecord::RecordNotFound
+    render_404
+  end
+  
+  # Check if project is unique before bulk operations
+  def check_project_uniqueness
+    unless @project
       # TODO: let users bulk edit/move/destroy issues from different projects
       render_error 'Can not bulk edit/move/destroy issues from different projects'
       return false
     end
-  rescue ActiveRecord::RecordNotFound
-    render_404
   end
   
   # make sure that the user is a member of the project (or admin) if project is private
@@ -262,39 +273,33 @@
     redirect_to default
   end
   
-  def render_403
+  def render_403(options={})
     @project = nil
-    respond_to do |format|
-      format.html { render :template => "common/403", :layout => use_layout, :status => 403 }
-      format.atom { head 403 }
-      format.xml { head 403 }
-      format.js { head 403 }
-      format.json { head 403 }
-    end
+    render_error({:message => :notice_not_authorized, :status => 403}.merge(options))
     return false
   end
     
-  def render_404
-    respond_to do |format|
-      format.html { render :template => "common/404", :layout => use_layout, :status => 404 }
-      format.atom { head 404 }
-      format.xml { head 404 }
-      format.js { head 404 }
-      format.json { head 404 }
-    end
+  def render_404(options={})
+    render_error({:message => :notice_file_not_found, :status => 404}.merge(options))
     return false
   end
   
-  def render_error(msg)
+  # Renders an error response
+  def render_error(arg)
+    arg = {:message => arg} unless arg.is_a?(Hash)
+    
+    @message = arg[:message]
+    @message = l(@message) if @message.is_a?(Symbol)
+    @status = arg[:status] || 500
+    
     respond_to do |format|
-      format.html { 
-        flash.now[:error] = msg
-        render :text => '', :layout => use_layout, :status => 500
+      format.html {
+        render :template => 'common/error', :layout => use_layout, :status => @status
       }
-      format.atom { head 500 }
-      format.xml { head 500 }
-      format.js { head 500 }
-      format.json { head 500 }
+      format.atom { head @status }
+      format.xml { head @status }
+      format.js { head @status }
+      format.json { head @status }
     end
   end