Mercurial > hg > soundsoftware-site

diff app/controllers/.svn/text-base/application_controller.rb.svn-base @ 441:cbce1fd3b1b7 redmine-1.2

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Update to Redmine 1.2-stable branch (Redmine SVN rev 6000)
author Chris Cannam
date Mon, 06 Jun 2011 14:24:13 +0100
parents 8661b858af72
children 0c939c159af4
line wrap: on
line diff
--- a/app/controllers/.svn/text-base/application_controller.rb.svn-base	Thu Mar 03 11:42:28 2011 +0000
+++ b/app/controllers/.svn/text-base/application_controller.rb.svn-base	Mon Jun 06 14:24:13 2011 +0100
@@ -1,16 +1,16 @@
-# redMine - project management software
-# Copyright (C) 2006-2007  Jean-Philippe Lang
+# Redmine - project management software
+# Copyright (C) 2006-2011  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-# 
+#
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-# 
+#
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
@@ -23,29 +23,29 @@
 
   layout 'base'
   exempt_from_layout 'builder', 'rsb'
-  
+
   # Remove broken cookie after upgrade from 0.8.x (#4292)
   # See https://rails.lighthouseapp.com/projects/8994/tickets/3360
   # TODO: remove it when Rails is fixed
   before_filter :delete_broken_cookies
   def delete_broken_cookies
     if cookies['_redmine_session'] && cookies['_redmine_session'] !~ /--/
-      cookies.delete '_redmine_session'    
+      cookies.delete '_redmine_session'
       redirect_to home_path
       return false
     end
   end
-  
+
   before_filter :user_setup, :check_if_login_required, :set_localization
   filter_parameter_logging :password
   protect_from_forgery
-  
+
   rescue_from ActionController::InvalidAuthenticityToken, :with => :invalid_authenticity_token
-  
+
   include Redmine::Search::Controller
   include Redmine::MenuManager::MenuController
   helper Redmine::MenuManager::MenuHelper
-  
+
   Redmine::Scm::Base.all.each do |scm|
     require_dependency "repository/#{scm.underscore}"
   end
@@ -56,7 +56,7 @@
     # Find the current user
     User.current = find_current_user
   end
-  
+
   # Returns the current user or nil if no user is logged in
   # and starts a session if needed
   def find_current_user
@@ -94,14 +94,14 @@
       User.current = User.anonymous
     end
   end
-  
+
   # check if login is globally required to access the application
   def check_if_login_required
     # no check needed if user is already logged in
     return true if User.current.logged?
     require_login if Setting.login_required?
-  end 
-  
+  end
+
   def set_localization
     lang = nil
     if User.current.logged?
@@ -117,7 +117,7 @@
     lang ||= Setting.default_language
     set_language_if_valid(lang)
   end
-  
+
   def require_login
     if !User.current.logged?
       # Extract only the basic url parameters on non-GET requests
@@ -146,7 +146,7 @@
     end
     true
   end
-  
+
   def deny_access
     User.current.logged? ? render_403 : require_login
   end
@@ -197,7 +197,7 @@
   # Finds and sets @project based on @object.project
   def find_project_from_association
     render_404 unless @object.present?
-    
+
     @project = @object.project
   rescue ActiveRecord::RecordNotFound
     render_404
@@ -221,12 +221,16 @@
   def find_issues
     @issues = Issue.find_all_by_id(params[:id] || params[:ids])
     raise ActiveRecord::RecordNotFound if @issues.empty?
+    if @issues.detect {|issue| !issue.visible?}
+      deny_access
+      return
+    end
     @projects = @issues.collect(&:project).compact.uniq
     @project = @projects.first if @projects.size == 1
   rescue ActiveRecord::RecordNotFound
     render_404
   end
-  
+
   # Check if project is unique before bulk operations
   def check_project_uniqueness
     unless @project
@@ -235,7 +239,7 @@
       return false
     end
   end
-  
+
   # make sure that the user is a member of the project (or admin) if project is private
   # used as a before_filter for actions that do not require any particular permission on the project
   def check_project_privacy
@@ -271,27 +275,28 @@
       end
     end
     redirect_to default
+    false
   end
-  
+
   def render_403(options={})
     @project = nil
     render_error({:message => :notice_not_authorized, :status => 403}.merge(options))
     return false
   end
-    
+
   def render_404(options={})
     render_error({:message => :notice_file_not_found, :status => 404}.merge(options))
     return false
   end
-  
+
   # Renders an error response
   def render_error(arg)
     arg = {:message => arg} unless arg.is_a?(Hash)
-    
+
     @message = arg[:message]
     @message = l(@message) if @message.is_a?(Symbol)
     @status = arg[:status] || 500
-    
+
     respond_to do |format|
       format.html {
         render :template => 'common/error', :layout => use_layout, :status => @status
@@ -309,31 +314,31 @@
   def use_layout
     request.xhr? ? false : 'base'
   end
-  
+
   def invalid_authenticity_token
     if api_request?
       logger.error "Form authenticity token is missing or is invalid. API calls must include a proper Content-type header (text/xml or text/json)."
     end
     render_error "Invalid form authenticity token."
   end
-  
-  def render_feed(items, options={})    
+
+  def render_feed(items, options={})
     @items = items || []
     @items.sort! {|x,y| y.event_datetime <=> x.event_datetime }
     @items = @items.slice(0, Setting.feeds_limit.to_i)
     @title = options[:title] || Setting.app_title
     render :template => "common/feed.atom.rxml", :layout => false, :content_type => 'application/atom+xml'
   end
-  
+
   def self.accept_key_auth(*actions)
     actions = actions.flatten.map(&:to_s)
     write_inheritable_attribute('accept_key_auth_actions', actions)
   end
-  
+
   def accept_key_auth_actions
     self.class.read_inheritable_attribute('accept_key_auth_actions') || []
   end
-  
+
   # Returns the number of objects that should be displayed
   # on the paginated list
   def per_page_option
@@ -369,10 +374,10 @@
       offset = 0 if offset < 0
     end
     offset ||= 0
-    
+
     [offset, limit]
   end
-  
+
   # qvalues http header parser
   # code taken from webrick
   def parse_qvalues(value)
@@ -393,16 +398,16 @@
   rescue
     nil
   end
-  
+
   # Returns a string that can be used as filename value in Content-Disposition header
   def filename_for_content_disposition(name)
     request.env['HTTP_USER_AGENT'] =~ %r{MSIE} ? ERB::Util.url_encode(name) : name
   end
-  
+
   def api_request?
     %w(xml json).include? params[:format]
   end
-  
+
   # Returns the API key present in the request
   def api_key_from_request
     if params[:key].present?
@@ -459,7 +464,7 @@
     )
     render options
   end
-  
+
   # Overrides #default_template so that the api template
   # is used automatically if it exists
   def default_template(action_name = self.action_name)
@@ -473,7 +478,7 @@
     end
     super
   end
-  
+
   # Overrides #pick_layout so that #render with no arguments
   # doesn't use the layout for api requests
   def pick_layout(*args)