Mercurial > hg > soundsoftware-site

diff app/controllers/.svn/text-base/issues_controller.rb.svn-base @ 441:cbce1fd3b1b7 redmine-1.2

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Update to Redmine 1.2-stable branch (Redmine SVN rev 6000)
author Chris Cannam
date Mon, 06 Jun 2011 14:24:13 +0100
parents 0579821a129a
children 0c939c159af4
line wrap: on
line diff
--- a/app/controllers/.svn/text-base/issues_controller.rb.svn-base	Thu Mar 03 11:42:28 2011 +0000
+++ b/app/controllers/.svn/text-base/issues_controller.rb.svn-base	Mon Jun 06 14:24:13 2011 +0100
@@ -1,16 +1,16 @@
 # Redmine - project management software
-# Copyright (C) 2006-2008  Jean-Philippe Lang
+# Copyright (C) 2006-2011  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-# 
+#
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-# 
+#
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
@@ -18,7 +18,7 @@
 class IssuesController < ApplicationController
   menu_item :new_issue, :only => [:new, :create]
   default_search_scope :issues
-  
+
   before_filter :find_issue, :only => [:show, :edit, :update]
   before_filter :find_issues, :only => [:bulk_edit, :bulk_update, :move, :perform_move, :destroy]
   before_filter :check_project_uniqueness, :only => [:move, :perform_move]
@@ -30,10 +30,10 @@
   accept_key_auth :index, :show, :create, :update, :destroy
 
   rescue_from Query::StatementInvalid, :with => :query_statement_invalid
-  
+
   helper :journals
   helper :projects
-  include ProjectsHelper   
+  include ProjectsHelper
   helper :custom_fields
   include CustomFieldsHelper
   helper :issue_relations
@@ -60,12 +60,12 @@
   verify :method => :post, :only => :create, :render => {:nothing => true, :status => :method_not_allowed }
   verify :method => :post, :only => :bulk_update, :render => {:nothing => true, :status => :method_not_allowed }
   verify :method => :put, :only => :update, :render => {:nothing => true, :status => :method_not_allowed }
-  
+
   def index
     retrieve_query
     sort_init(@query.sort_criteria.empty? ? [['id', 'desc']] : @query.sort_criteria)
     sort_update(@query.sortable_columns)
-    
+
     if @query.valid?
       case params[:format]
       when 'csv', 'pdf'
@@ -77,16 +77,16 @@
       else
         @limit = per_page_option
       end
-      
+
       @issue_count = @query.issue_count
       @issue_pages = Paginator.new self, @issue_count, @limit, params['page']
       @offset ||= @issue_pages.current.offset
       @issues = @query.issues(:include => [:assigned_to, :tracker, :priority, :category, :fixed_version],
-                              :order => sort_clause, 
-                              :offset => @offset, 
+                              :order => sort_clause,
+                              :offset => @offset,
                               :limit => @limit)
       @issue_count_by_group = @query.issue_count_by_group
-      
+
       respond_to do |format|
         format.html { render :template => 'issues/index.rhtml', :layout => !request.xhr? }
         format.api
@@ -101,18 +101,22 @@
   rescue ActiveRecord::RecordNotFound
     render_404
   end
-  
+
   def show
     @journals = @issue.journals.find(:all, :include => [:user, :details], :order => "#{Journal.table_name}.created_on ASC")
     @journals.each_with_index {|j,i| j.indice = i+1}
     @journals.reverse! if User.current.wants_comments_in_reverse_order?
-    @changesets = @issue.changesets.visible.all
-    @changesets.reverse! if User.current.wants_comments_in_reverse_order?
+
+    if User.current.allowed_to?(:view_changesets, @project)
+      @changesets = @issue.changesets.visible.all
+      @changesets.reverse! if User.current.wants_comments_in_reverse_order?
+    end
+
     @relations = @issue.relations.select {|r| r.other_issue(@issue) && r.other_issue(@issue).visible? }
     @allowed_statuses = @issue.new_statuses_allowed_to(User.current)
     @edit_allowed = User.current.allowed_to?(:edit_issues, @project)
     @priorities = IssuePriority.all
-    @time_entry = TimeEntry.new
+    @time_entry = TimeEntry.new(:issue => @issue, :project => @issue.project)
     respond_to do |format|
       format.html { render :template => 'issues/show.rhtml' }
       format.api
@@ -152,7 +156,7 @@
       end
     end
   end
-    
+
   def edit
     update_issue_from_params
 
@@ -214,7 +218,7 @@
     set_flash_from_bulk_issue_save(@issues, unsaved_issue_ids)
     redirect_back_or_default({:controller => 'issues', :action => 'index', :project_id => @project})
   end
-  
+
   def destroy
     @hours = TimeEntry.sum(:hours, :conditions => ['issue_id IN (?)', @issues]).to_f
     if @hours > 0
@@ -236,7 +240,13 @@
         return unless api_request?
       end
     end
-    @issues.each(&:destroy)
+    @issues.each do |issue|
+      begin
+        issue.reload.destroy
+      rescue ::ActiveRecord::RecordNotFound # raised by #reload if issue no longer exists
+        # nothing to do, issue was already deleted (eg. by a parent)
+      end
+    end
     respond_to do |format|
       format.html { redirect_back_or_default(:action => 'index', :project_id => @project) }
       format.api  { head :ok }
@@ -245,19 +255,25 @@
 
 private
   def find_issue
+    # Issue.visible.find(...) can not be used to redirect user to the login form
+    # if the issue actually exists but requires authentication
     @issue = Issue.find(params[:id], :include => [:project, :tracker, :status, :author, :priority, :category])
+    unless @issue.visible?
+      deny_access
+      return
+    end
     @project = @issue.project
   rescue ActiveRecord::RecordNotFound
     render_404
   end
-  
+
   def find_project
     project_id = (params[:issue] && params[:issue][:project_id]) || params[:project_id]
     @project = Project.find(project_id)
   rescue ActiveRecord::RecordNotFound
     render_404
   end
-  
+
   # Used by #edit and #update to set some common instance variables
   # from the params
   # TODO: Refactor, not everything in here is needed by #edit
@@ -265,9 +281,9 @@
     @allowed_statuses = @issue.new_statuses_allowed_to(User.current)
     @priorities = IssuePriority.all
     @edit_allowed = User.current.allowed_to?(:edit_issues, @project)
-    @time_entry = TimeEntry.new
+    @time_entry = TimeEntry.new(:issue => @issue, :project => @issue.project)
     @time_entry.attributes = params[:time_entry]
-    
+
     @notes = params[:notes] || (params[:issue].present? ? params[:issue][:notes] : nil)
     @issue.init_journal(User.current, @notes)
     @issue.safe_attributes = params[:issue]
@@ -283,7 +299,7 @@
     else
       @issue = @project.issues.visible.find(params[:id])
     end
-    
+
     @issue.project = @project
     # Tracker must be set before custom field values
     @issue.tracker ||= @project.trackers.find((params[:issue] && params[:issue][:tracker_id]) || params[:tracker_id] || :first)