Mercurial > hg > soundsoftware-site
diff app/controllers/application_controller.rb @ 909:cbb26bc654de redmine-1.3
Update to Redmine 1.3-stable branch (Redmine SVN rev 8964)
| author | Chris Cannam |
|---|---|
| date | Fri, 24 Feb 2012 19:09:32 +0000 |
| parents | 0c939c159af4 |
| children | 5e80956cc792 433d4f72a19b |
line wrap: on
line diff
--- a/app/controllers/application_controller.rb Fri Feb 24 18:36:29 2012 +0000 +++ b/app/controllers/application_controller.rb Fri Feb 24 19:09:32 2012 +0000 @@ -26,6 +26,11 @@ layout 'base' exempt_from_layout 'builder', 'rsb' + protect_from_forgery + def handle_unverified_request + super + cookies.delete(:autologin) + end # Remove broken cookie after upgrade from 0.8.x (#4292) # See https://rails.lighthouseapp.com/projects/8994/tickets/3360 # TODO: remove it when Rails is fixed @@ -40,7 +45,6 @@ before_filter :user_setup, :check_if_login_required, :set_localization filter_parameter_logging :password - protect_from_forgery rescue_from ActionController::InvalidAuthenticityToken, :with => :invalid_authenticity_token rescue_from ::Unauthorized, :with => :deny_access @@ -202,8 +206,6 @@ render_404 unless @object.present? @project = @object.project - rescue ActiveRecord::RecordNotFound - render_404 end def find_model_object @@ -250,7 +252,7 @@ if @project.is_public? || User.current.member_of?(@project) || User.current.admin? true else - User.current.logged? ? render_403 : require_login + deny_access end else @project = nil @@ -310,6 +312,19 @@ format.json { head @status } end end + + # Filter for actions that provide an API response + # but have no HTML representation for non admin users + def require_admin_or_api_request + return true if api_request? + if User.current.admin? + true + elsif User.current.logged? + render_error(:status => 406) + else + deny_access + end + end # Picks which layout to use based on the request # @@ -330,9 +345,10 @@ @items.sort! {|x,y| y.event_datetime <=> x.event_datetime } @items = @items.slice(0, Setting.feeds_limit.to_i) @title = options[:title] || Setting.app_title - render :template => "common/feed.atom.rxml", :layout => false, :content_type => 'application/atom+xml' + render :template => "common/feed.atom", :layout => false, + :content_type => 'application/atom+xml' end - + # TODO: remove in Redmine 1.4 def self.accept_key_auth(*actions) ActiveSupport::Deprecation.warn "ApplicationController.accept_key_auth is deprecated and will be removed in Redmine 1.4. Use accept_rss_auth (or accept_api_auth) instead." @@ -344,7 +360,7 @@ ActiveSupport::Deprecation.warn "ApplicationController.accept_key_auth_actions is deprecated and will be removed in Redmine 1.4. Use accept_rss_auth (or accept_api_auth) instead." self.class.accept_rss_auth end - + def self.accept_rss_auth(*actions) if actions.any? write_inheritable_attribute('accept_rss_auth_actions', actions) @@ -352,11 +368,11 @@ read_inheritable_attribute('accept_rss_auth_actions') || [] end end - + def accept_rss_auth?(action=action_name) self.class.accept_rss_auth.include?(action.to_sym) end - + def self.accept_api_auth(*actions) if actions.any? write_inheritable_attribute('accept_api_auth_actions', actions) @@ -364,7 +380,7 @@ read_inheritable_attribute('accept_api_auth_actions') || [] end end - + def accept_api_auth?(action=action_name) self.class.accept_api_auth.include?(action.to_sym) end @@ -475,13 +491,6 @@ render_error "An error occurred while executing the query and has been logged. Please report this error to your Redmine administrator." end - # Converts the errors on an ActiveRecord object into a common JSON format - def object_errors_to_json(object) - object.errors.collect do |attribute, error| - { attribute => error } - end.to_json - end - # Renders API response on validation failure def render_validation_errors(object) options = { :status => :unprocessable_entity, :layout => false }