SoundSoftware Code Site

# Redmine - project management software

# Copyright (C) 2006-2012  Jean-Philippe Lang

#

# This program is free software; you can redistribute it and/or

# modify it under the terms of the GNU General Public License

# as published by the Free Software Foundation; either version 2

# of the License, or (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program; if not, write to the Free Software

# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

require File.expand_path('../test_case', __FILE__)

require 'tmpdir'

class RedminePmTest::RepositorySubversionTest < RedminePmTest::TestCase

  fixtures :projects, :users, :members, :roles, :member_roles, :auth_sources

  SVN_BIN = Redmine::Configuration['scm_subversion_command'] || "svn"

  def test_anonymous_read_on_public_repo_with_permission_should_succeed

    assert_success "ls", svn_url

  end

  def test_anonymous_read_on_public_repo_without_permission_should_fail

    Role.anonymous.remove_permission! :browse_repository

    assert_failure "ls", svn_url

  end

  def test_anonymous_read_on_private_repo_should_fail

    Project.find(1).update_attribute :is_public, false

    assert_failure "ls", svn_url

  end

  def test_anonymous_commit_on_public_repo_should_fail

    Role.anonymous.add_permission! :commit_access

    assert_failure "mkdir --message Creating_a_directory", svn_url(random_filename)

  end

  def test_anonymous_commit_on_private_repo_should_fail

    Role.anonymous.add_permission! :commit_access

    Project.find(1).update_attribute :is_public, false

    assert_failure "mkdir --message Creating_a_directory", svn_url(random_filename)

  end

  def test_non_member_read_on_public_repo_with_permission_should_succeed

    Role.anonymous.remove_permission! :browse_repository

    with_credentials "miscuser8", "foo" do

      assert_success "ls", svn_url

    end

  end

  def test_non_member_read_on_public_repo_without_permission_should_fail

    Role.anonymous.remove_permission! :browse_repository

    Role.non_member.remove_permission! :browse_repository

    with_credentials "miscuser8", "foo" do

      assert_failure "ls", svn_url

    end

  end

  def test_non_member_read_on_private_repo_should_fail

    Project.find(1).update_attribute :is_public, false

    with_credentials "miscuser8", "foo" do

      assert_failure "ls", svn_url

    end

  end

  def test_non_member_commit_on_public_repo_should_fail

    Role.non_member.add_permission! :commit_access

    assert_failure "mkdir --message Creating_a_directory", svn_url(random_filename)

  end

  def test_non_member_commit_on_private_repo_should_fail

    Role.non_member.add_permission! :commit_access

    Project.find(1).update_attribute :is_public, false

    assert_failure "mkdir --message Creating_a_directory", svn_url(random_filename)

  end

  def test_member_read_on_public_repo_with_permission_should_succeed

    Role.anonymous.remove_permission! :browse_repository

    Role.non_member.remove_permission! :browse_repository

    with_credentials "dlopper", "foo" do

      assert_success "ls", svn_url

    end

  end

  def test_member_read_on_public_repo_without_permission_should_fail

    Role.anonymous.remove_permission! :browse_repository

    Role.non_member.remove_permission! :browse_repository

    Role.find(2).remove_permission! :browse_repository

    with_credentials "dlopper", "foo" do

      assert_failure "ls", svn_url

    end

  end

  def test_member_read_on_private_repo_with_permission_should_succeed

    Project.find(1).update_attribute :is_public, false

    with_credentials "dlopper", "foo" do

      assert_success "ls", svn_url

    end

  end

  def test_member_read_on_private_repo_without_permission_should_fail

    Role.find(2).remove_permission! :browse_repository

    Project.find(1).update_attribute :is_public, false

    with_credentials "dlopper", "foo" do

      assert_failure "ls", svn_url

    end

  end

  def test_member_commit_on_public_repo_with_permission_should_succeed

    Role.find(2).add_permission! :commit_access

    with_credentials "dlopper", "foo" do

      assert_success "mkdir --message Creating_a_directory", svn_url(random_filename)

    end

  end

  def test_member_commit_on_public_repo_without_permission_should_fail

    Role.find(2).remove_permission! :commit_access

    with_credentials "dlopper", "foo" do

      assert_failure "mkdir --message Creating_a_directory", svn_url(random_filename)

    end

  end

  def test_member_commit_on_private_repo_with_permission_should_succeed

    Role.find(2).add_permission! :commit_access

    Project.find(1).update_attribute :is_public, false

    with_credentials "dlopper", "foo" do

      assert_success "mkdir --message Creating_a_directory", svn_url(random_filename)

    end

  end

  def test_member_commit_on_private_repo_without_permission_should_fail

    Role.find(2).remove_permission! :commit_access

    Project.find(1).update_attribute :is_public, false

    with_credentials "dlopper", "foo" do

      assert_failure "mkdir --message Creating_a_directory", svn_url(random_filename)

    end

  end

  def test_invalid_credentials_should_fail

    Project.find(1).update_attribute :is_public, false

    with_credentials "dlopper", "foo" do

      assert_success "ls", svn_url

    end

    with_credentials "dlopper", "wrong" do

      assert_failure "ls", svn_url

    end

  end

  def test_anonymous_read_should_fail_with_login_required

    assert_success "ls", svn_url

    with_settings :login_required => '1' do

      assert_failure "ls", svn_url

    end

  end

  def test_authenticated_read_should_succeed_with_login_required

    with_settings :login_required => '1' do

      with_credentials "miscuser8", "foo" do

        assert_success "ls", svn_url

      end

    end

  end

  def test_read_on_archived_projects_should_fail

    Project.find(1).update_attribute :status, Project::STATUS_ARCHIVED

    assert_failure "ls", svn_url

  end

  def test_read_on_archived_private_projects_should_fail

    Project.find(1).update_attribute :status, Project::STATUS_ARCHIVED

    Project.find(1).update_attribute :is_public, false

    with_credentials "dlopper", "foo" do

      assert_failure "ls", svn_url

    end

  end

  def test_read_on_closed_projects_should_succeed

    Project.find(1).update_attribute :status, Project::STATUS_CLOSED

    assert_success "ls", svn_url

  end

  def test_read_on_closed_private_projects_should_succeed

    Project.find(1).update_attribute :status, Project::STATUS_CLOSED

    Project.find(1).update_attribute :is_public, false

    with_credentials "dlopper", "foo" do

      assert_success "ls", svn_url

    end

  end

  def test_commit_on_closed_projects_should_fail

    Project.find(1).update_attribute :status, Project::STATUS_CLOSED

    Role.find(2).add_permission! :commit_access

    with_credentials "dlopper", "foo" do

      assert_failure "mkdir --message Creating_a_directory", svn_url(random_filename)

    end

  end

  def test_commit_on_closed_private_projects_should_fail

    Project.find(1).update_attribute :status, Project::STATUS_CLOSED

    Project.find(1).update_attribute :is_public, false

    Role.find(2).add_permission! :commit_access

    with_credentials "dlopper", "foo" do

      assert_failure "mkdir --message Creating_a_directory", svn_url(random_filename)

    end

  end

  if ldap_configured?

    def test_user_with_ldap_auth_source_should_authenticate_with_ldap_credentials

      ldap_user = User.new(:mail => 'example1@redmine.org', :firstname => 'LDAP', :lastname => 'user', :auth_source_id => 1)

      ldap_user.login = 'example1'

      ldap_user.save!

      with_settings :login_required => '1' do

        with_credentials "example1", "123456" do

          assert_success "ls", svn_url

        end

      end

      with_settings :login_required => '1' do

        with_credentials "example1", "wrong" do

          assert_failure "ls", svn_url

        end

      end

    end

  end

  def test_checkout

    Dir.mktmpdir do |dir|

      assert_success "checkout", svn_url, dir

    end

  end

  def test_read_commands

    assert_success "info", svn_url

    assert_success "ls", svn_url

    assert_success "log", svn_url

  end

  def test_write_commands

    Role.find(2).add_permission! :commit_access

    filename = random_filename

    Dir.mktmpdir do |dir|

      assert_success "checkout", svn_url, dir

      Dir.chdir(dir) do

        # creates a file in the working copy

        f = File.new(File.join(dir, filename), "w")

        f.write "test file content"

        f.close

        assert_success "add", filename

        with_credentials "dlopper", "foo" do

          assert_success "commit --message Committing_a_file"

          assert_success "copy   --message Copying_a_file", svn_url(filename), svn_url("#{filename}_copy")

          assert_success "delete --message Deleting_a_file", svn_url(filename)

          assert_success "mkdir  --message Creating_a_directory", svn_url("#{filename}_dir")

        end

        assert_success "update"

        # checks that the working copy was updated

        assert File.exists?(File.join(dir, "#{filename}_copy"))

        assert File.directory?(File.join(dir, "#{filename}_dir"))

      end

    end

  end

  def test_read_invalid_repo_should_fail

    assert_failure "ls", svn_url("invalid")

  end

  protected

  def execute(*args)

    a = [SVN_BIN, "--no-auth-cache --non-interactive"]

    a << "--username #{username}" if username

    a << "--password #{password}" if password

    super a, *args

  end

  def svn_url(path=nil)

    host = ENV['REDMINE_TEST_DAV_SERVER'] || '127.0.0.1'

    url = "http://#{host}/svn/ecookbook"

    url << "/#{path}" if path

    url

  end

end

<p><label>Example setting</label><%= text_field_tag 'settings[sample_setting]', @settings['sample_setting'] %></p>

$:.unshift(File.dirname(__FILE__) + '/../lib')

plugin_test_dir = File.dirname(__FILE__)

require 'rubygems'

require 'bundler/setup'

require 'rspec'

require 'logger'

require 'active_support'

require 'active_model'

require 'active_record'

require 'action_controller'

require 'awesome_nested_set'

ActiveRecord::Base.logger = Logger.new(plugin_test_dir + "/debug.log")

require 'yaml'

require 'erb'

ActiveRecord::Base.configurations = YAML::load(ERB.new(IO.read(plugin_test_dir + "/db/database.yml")).result)

ActiveRecord::Base.establish_connection(ENV["DB"] || "sqlite3mem")

ActiveRecord::Migration.verbose = false

load(File.join(plugin_test_dir, "db", "schema.rb"))

require 'support/models'

require 'rspec/rails'

RSpec.configure do |config|

  config.fixture_path = "#{plugin_test_dir}/fixtures"

  config.use_transactional_fixtures = true

end

# Redmine - project management software

# Copyright (C) 2006-2012  Jean-Philippe Lang

#

# This program is free software; you can redistribute it and/or

# modify it under the terms of the GNU General Public License

# as published by the Free Software Foundation; either version 2

# of the License, or (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program; if not, write to the Free Software

# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

require File.expand_path('../../test_helper', __FILE__)

class ProjectsTest < ActionController::IntegrationTest

  fixtures :projects, :users, :members, :enabled_modules

  def test_archive_project

    subproject = Project.find(1).children.first

    log_user("admin", "admin")

    get "admin/projects"

    assert_response :success

    assert_template "admin/projects"

    post "projects/1/archive"

    assert_redirected_to "/admin/projects"

    assert !Project.find(1).active?

    get 'projects/1'

    assert_response 403

    get "projects/#{subproject.id}"

    assert_response 403

    post "projects/1/unarchive"

    assert_redirected_to "/admin/projects"

    assert Project.find(1).active?

    get "projects/1"

    assert_response :success

  end

  def test_modules_should_not_allow_get

    assert_no_difference 'EnabledModule.count' do

      get '/projects/1/modules', {:enabled_module_names => ['']}, credentials('jsmith')

      assert_response 404

    end

  end

end

# Redmine - project management software

# Copyright (C) 2006-2012  Jean-Philippe Lang

#

# This program is free software; you can redistribute it and/or

# modify it under the terms of the GNU General Public License

# as published by the Free Software Foundation; either version 2

# of the License, or (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program; if not, write to the Free Software

# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

class UsersController < ApplicationController

  layout 'admin'

  before_filter :require_admin, :except => :show

  before_filter :find_user, :only => [:show, :edit, :update, :destroy, :edit_membership, :destroy_membership]

  accept_api_auth :index, :show, :create, :update, :destroy

  helper :sort

  include SortHelper

  helper :custom_fields

  include CustomFieldsHelper

  def index

    sort_init 'login', 'asc'

    sort_update %w(login firstname lastname mail admin created_on last_login_on)

    case params[:format]

    when 'xml', 'json'

      @offset, @limit = api_offset_and_limit

    else

      @limit = per_page_option

    end

    @status = params[:status] || 1

    scope = User.logged.status(@status)

    scope = scope.like(params[:name]) if params[:name].present?

    scope = scope.in_group(params[:group_id]) if params[:group_id].present?

    @user_count = scope.count

    @user_pages = Paginator.new self, @user_count, @limit, params['page']

    @offset ||= @user_pages.current.offset

    @users =  scope.find :all,

                        :order => sort_clause,

                        :limit  =>  @limit,

                        :offset =>  @offset

    respond_to do |format|

      format.html {

        @groups = Group.all.sort

        render :layout => !request.xhr?

      }

      format.api

    end	

  end

  def show

    # show projects based on current user visibility

    @memberships = @user.memberships.all(:conditions => Project.visible_condition(User.current))

    events = Redmine::Activity::Fetcher.new(User.current, :author => @user).events(nil, nil, :limit => 10)

    @events_by_day = events.group_by(&:event_date)

    unless User.current.admin?

      if !@user.active? || (@user != User.current  && @memberships.empty? && events.empty?)

        render_404

        return

      end

    end

    respond_to do |format|

      format.html { render :layout => 'base' }

      format.api

    end

  end

  def new

    @user = User.new(:language => Setting.default_language, :mail_notification => Setting.default_notification_option)

    @auth_sources = AuthSource.find(:all)

  end

  def create

    @user = User.new(:language => Setting.default_language, :mail_notification => Setting.default_notification_option)

    @user.safe_attributes = params[:user]

    @user.admin = params[:user][:admin] || false

    @user.login = params[:user][:login]

    @user.password, @user.password_confirmation = params[:user][:password], params[:user][:password_confirmation] unless @user.auth_source_id

    if @user.save

      @user.pref.attributes = params[:pref]

      @user.pref[:no_self_notified] = (params[:no_self_notified] == '1')

      @user.pref.save

      @user.notified_project_ids = (@user.mail_notification == 'selected' ? params[:notified_project_ids] : [])

      Mailer.account_information(@user, params[:user][:password]).deliver if params[:send_information]

      respond_to do |format|

        format.html {

          flash[:notice] = l(:notice_user_successful_create, :id => view_context.link_to(@user.login, user_path(@user)))

          redirect_to(params[:continue] ?

            {:controller => 'users', :action => 'new'} :

            {:controller => 'users', :action => 'edit', :id => @user}

          )

        }

        format.api  { render :action => 'show', :status => :created, :location => user_url(@user) }

      end

    else

      @auth_sources = AuthSource.find(:all)

      # Clear password input

      @user.password = @user.password_confirmation = nil

      respond_to do |format|

        format.html { render :action => 'new' }

        format.api  { render_validation_errors(@user) }

      end

    end

  end

  def edit

    @auth_sources = AuthSource.find(:all)

    @membership ||= Member.new

  end

  def update

    @user.admin = params[:user][:admin] if params[:user][:admin]

    @user.login = params[:user][:login] if params[:user][:login]

    if params[:user][:password].present? && (@user.auth_source_id.nil? || params[:user][:auth_source_id].blank?)

      @user.password, @user.password_confirmation = params[:user][:password], params[:user][:password_confirmation]

    end

    @user.safe_attributes = params[:user]

    # Was the account actived ? (do it before User#save clears the change)

    was_activated = (@user.status_change == [User::STATUS_REGISTERED, User::STATUS_ACTIVE])

    # TODO: Similar to My#account

    @user.pref.attributes = params[:pref]

    @user.pref[:no_self_notified] = (params[:no_self_notified] == '1')

    if @user.save

      @user.pref.save

      @user.notified_project_ids = (@user.mail_notification == 'selected' ? params[:notified_project_ids] : [])

      if was_activated

        Mailer.account_activated(@user).deliver

      elsif @user.active? && params[:send_information] && !params[:user][:password].blank? && @user.auth_source_id.nil?

        Mailer.account_information(@user, params[:user][:password]).deliver

      end

      respond_to do |format|

        format.html {

          flash[:notice] = l(:notice_successful_update)

          redirect_to_referer_or edit_user_path(@user)

        }

        format.api  { render_api_ok }

      end

    else

      @auth_sources = AuthSource.find(:all)

      @membership ||= Member.new

      # Clear password input

      @user.password = @user.password_confirmation = nil

      respond_to do |format|

        format.html { render :action => :edit }

        format.api  { render_validation_errors(@user) }

      end

    end

  end

  def destroy

    @user.destroy

    respond_to do |format|

      format.html { redirect_back_or_default(users_url) }

      format.api  { render_api_ok }

    end

  end

  def edit_membership

    @membership = Member.edit_membership(params[:membership_id], params[:membership], @user)

    @membership.save

    respond_to do |format|

      format.html { redirect_to :controller => 'users', :action => 'edit', :id => @user, :tab => 'memberships' }

      format.js

    end

  end

  def destroy_membership

    @membership = Member.find(params[:membership_id])

    if @membership.deletable?

      @membership.destroy

    end

    respond_to do |format|

      format.html { redirect_to :controller => 'users', :action => 'edit', :id => @user, :tab => 'memberships' }

      format.js

    end

  end

  private

  def find_user

    if params[:id] == 'current'

      require_login || return

      @user = User.current

    else

      @user = User.find(params[:id])

    end

  rescue ActiveRecord::RecordNotFound

    render_404

  end

end

<div class="contextual">

<%= link_to l(:label_user_new), new_user_path, :class => 'icon icon-add' %>

</div>

<h2><%=l(:label_user_plural)%></h2>

<%= form_tag({}, :method => :get) do %>

<fieldset><legend><%= l(:label_filter_plural) %></legend>

<label for='status'><%= l(:field_status) %>:</label>

<%= select_tag 'status', users_status_options_for_select(@status), :class => "small", :onchange => "this.form.submit(); return false;"  %>

<% if @groups.present? %>

<label for='group_id'><%= l(:label_group) %>:</label>

<%= select_tag 'group_id', content_tag('option') + options_from_collection_for_select(@groups, :id, :name, params[:group_id].to_i), :onchange => "this.form.submit(); return false;"  %>

<% end %>

<label for='name'><%= l(:label_user) %>:</label>

<%= text_field_tag 'name', params[:name], :size => 30 %>

<%= submit_tag l(:button_apply), :class => "small", :name => nil %>

<%= link_to l(:button_clear), users_path, :class => 'icon icon-reload' %>

</fieldset>

<% end %>

 

<div class="autoscroll">

<table class="list">

  <thead><tr>

  <%= sort_header_tag('login', :caption => l(:field_login)) %>

  <%= sort_header_tag('firstname', :caption => l(:field_firstname)) %>

  <%= sort_header_tag('lastname', :caption => l(:field_lastname)) %>

  <%= sort_header_tag('mail', :caption => l(:field_mail)) %>

  <%= sort_header_tag('admin', :caption => l(:field_admin), :default_order => 'desc') %>

  <%= sort_header_tag('created_on', :caption => l(:field_created_on), :default_order => 'desc') %>

  <%= sort_header_tag('last_login_on', :caption => l(:field_last_login_on), :default_order => 'desc') %>

    <th></th>

  </tr></thead>

  <tbody>

<% for user in @users -%>

  <tr class="<%= user.css_classes %> <%= cycle("odd", "even") %>">

  <td class="username"><%= avatar(user, :size => "14") %><%= link_to h(user.login), edit_user_path(user) %></td>

  <td class="firstname"><%= h(user.firstname) %></td>

  <td class="lastname"><%= h(user.lastname) %></td>

  <td class="email"><%= mail_to(h(user.mail)) %></td>

  <td align="center"><%= checked_image user.admin? %></td>

  <td class="created_on" align="center"><%= format_time(user.created_on) %></td>

  <td class="last_login_on" align="center"><%= format_time(user.last_login_on) unless user.last_login_on.nil? %></td>

    <td class="buttons">

      <%= change_status_link(user) %>

      <%= delete_link user_path(user, :back_url => users_path(params)) unless User.current == user %>

    </td>

  </tr>

<% end -%>

  </tbody>

</table>

</div>

<p class="pagination"><%= pagination_links_full @user_pages, @user_count %></p>

<% html_title(l(:label_user_plural)) -%>