/app/controllers/.svn/text-base/application_controller.rb.svn-base - Annotate - SoundSoftware Code Site

To check out this repository please hg clone the following URL, or open the URL using EasyMercurial or your preferred Mercurial client.

Mercurial

Statistics Download as Zip

root / app / controllers / .svn / text-base / application_controller.rb.svn-base @ 441:cbce1fd3b1b7

History | View | Annotate | Download (15.2 KB)

-:cbce1fd3b1b7
+# Redmine - project management software
 # Copyright (C) 2006-2011  Jean-Philippe Lang
-:513646585e45
+            Chris
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-:cbce1fd3b1b7
+            Chris
-:513646585e45
+# This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-:cbce1fd3b1b7
+            Chris
-:513646585e45
+# You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
 require 'uri'
 require 'cgi'
 class ApplicationController < ActionController::Base
   include Redmine::I18n
   layout 'base'
-:8661b858af72
+  exempt_from_layout 'builder', 'rsb'
-:cbce1fd3b1b7
+            Chris
-:513646585e45
+  # Remove broken cookie after upgrade from 0.8.x (#4292)
   # See https://rails.lighthouseapp.com/projects/8994/tickets/3360
   # TODO: remove it when Rails is fixed
   before_filter :delete_broken_cookies
   def delete_broken_cookies
     if cookies['_redmine_session'] && cookies['_redmine_session'] !~ /--/
-:cbce1fd3b1b7
+      cookies.delete '_redmine_session'
-:513646585e45
+      redirect_to home_path
       return false
     end
   end
-:cbce1fd3b1b7
+            Chris
-:513646585e45
+  before_filter :user_setup, :check_if_login_required, :set_localization
   filter_parameter_logging :password
   protect_from_forgery
-:cbce1fd3b1b7
+            Chris
-:513646585e45
+  rescue_from ActionController::InvalidAuthenticityToken, :with => :invalid_authenticity_token
-:cbce1fd3b1b7
+            Chris
-:513646585e45
+  include Redmine::Search::Controller
   include Redmine::MenuManager::MenuController
   helper Redmine::MenuManager::MenuHelper
-:cbce1fd3b1b7
+            Chris
-:513646585e45
+  Redmine::Scm::Base.all.each do |scm|
     require_dependency "repository/#{scm.underscore}"
   end
   def user_setup
     # Check the settings cache for each request
     Setting.check_cache
     # Find the current user
     User.current = find_current_user
   end
-:cbce1fd3b1b7
+            Chris
-:513646585e45
+  # Returns the current user or nil if no user is logged in
   # and starts a session if needed
   def find_current_user
     if session[:user_id]
       # existing session
       (User.active.find(session[:user_id]) rescue nil)
     elsif cookies[:autologin] && Setting.autologin?
       # auto-login feature starts a new session
       user = User.try_to_autologin(cookies[:autologin])
       session[:user_id] = user.id if user
       user
     elsif params[:format] == 'atom' && params[:key] && accept_key_auth_actions.include?(params[:action])
       # RSS key authentication does not start a session
       User.find_by_rss_key(params[:key])
-:8661b858af72
+    elsif Setting.rest_api_enabled? && api_request?
       if (key = api_key_from_request) && accept_key_auth_actions.include?(params[:action])
-:513646585e45
+        # Use API key
-:8661b858af72
+        User.find_by_api_key(key)
-:513646585e45
+      else
         # HTTP Basic, either username/password or API key/random
         authenticate_with_http_basic do |username, password|
           User.try_to_login(username, password) || User.find_by_api_key(username)
         end
       end
     end
   end
   # Sets the logged in user
   def logged_user=(user)
     reset_session
     if user && user.is_a?(User)
       User.current = user
       session[:user_id] = user.id
     else
       User.current = User.anonymous
     end
   end
-:cbce1fd3b1b7
+            Chris
-:513646585e45
+  # check if login is globally required to access the application
   def check_if_login_required
     # no check needed if user is already logged in
     return true if User.current.logged?
     require_login if Setting.login_required?
-:cbce1fd3b1b7
+  end
-:513646585e45
+  def set_localization
     lang = nil
     if User.current.logged?
       lang = find_language(User.current.language)
     end
     if lang.nil? && request.env['HTTP_ACCEPT_LANGUAGE']
       accept_lang = parse_qvalues(request.env['HTTP_ACCEPT_LANGUAGE']).first
       if !accept_lang.blank?
         accept_lang = accept_lang.downcase
         lang = find_language(accept_lang) || find_language(accept_lang.split('-').first)
       end
     end
     lang ||= Setting.default_language
     set_language_if_valid(lang)
   end
-:cbce1fd3b1b7
+            Chris
-:513646585e45
+  def require_login
     if !User.current.logged?
       # Extract only the basic url parameters on non-GET requests
       if request.get?
         url = url_for(params)
       else
         url = url_for(:controller => params[:controller], :action => params[:action], :id => params[:id], :project_id => params[:project_id])
       end
       respond_to do |format|
         format.html { redirect_to :controller => "account", :action => "login", :back_url => url }
         format.atom { redirect_to :controller => "account", :action => "login", :back_url => url }
         format.xml  { head :unauthorized, 'WWW-Authenticate' => 'Basic realm="Redmine API"' }
         format.js   { head :unauthorized, 'WWW-Authenticate' => 'Basic realm="Redmine API"' }
         format.json { head :unauthorized, 'WWW-Authenticate' => 'Basic realm="Redmine API"' }
       end
       return false
     end
     true
   end
   def require_admin
     return unless require_login
     if !User.current.admin?
       render_403
       return false
     end
     true
   end
-:cbce1fd3b1b7
+            Chris
-:513646585e45
+  def deny_access
     User.current.logged? ? render_403 : require_login
   end
   # Authorize the user for the requested action
   def authorize(ctrl = params[:controller], action = params[:action], global = false)
-:94944d00e43c
+    allowed = User.current.allowed_to?({:controller => ctrl, :action => action}, @project || @projects, :global => global)
     if allowed
       true
     else
       if @project && @project.archived?
         render_403 :message => :notice_not_authorized_archived_project
       else
         deny_access
       end
     end
-:513646585e45
+  end
   # Authorize the user for the requested action outside a project
   def authorize_global(ctrl = params[:controller], action = params[:action], global = true)
     authorize(ctrl, action, global)
   end
   # Find project of id params[:id]
   def find_project
     @project = Project.find(params[:id])
   rescue ActiveRecord::RecordNotFound
     render_404
   end
-:40f7cfd4df19
+  # Find project of id params[:project_id]
   def find_project_by_project_id
     @project = Project.find(params[:project_id])
   rescue ActiveRecord::RecordNotFound
     render_404
   end
-:513646585e45
+  # Find a project based on params[:project_id]
   # TODO: some subclasses override this, see about merging their logic
   def find_optional_project
     @project = Project.find(params[:project_id]) unless params[:project_id].blank?
     allowed = User.current.allowed_to?({:controller => params[:controller], :action => params[:action]}, @project, :global => true)
     allowed ? true : deny_access
   rescue ActiveRecord::RecordNotFound
     render_404
   end
   # Finds and sets @project based on @object.project
   def find_project_from_association
     render_404 unless @object.present?
-:cbce1fd3b1b7
+            Chris
-:513646585e45
+    @project = @object.project
   rescue ActiveRecord::RecordNotFound
     render_404
   end
   def find_model_object
     model = self.class.read_inheritable_attribute('model_object')
     if model
       @object = model.find(params[:id])
       self.instance_variable_set('@' + controller_name.singularize, @object) if @object
     end
   rescue ActiveRecord::RecordNotFound
     render_404
   end
   def self.model_object(model)
     write_inheritable_attribute('model_object', model)
   end
-:1d32c0a0efbf
+            Chris
   # Filter for bulk issue operations
   def find_issues
     @issues = Issue.find_all_by_id(params[:id] || params[:ids])
     raise ActiveRecord::RecordNotFound if @issues.empty?
-:cbce1fd3b1b7
+    if @issues.detect {|issue| !issue.visible?}
       deny_access
       return
     end
-:94944d00e43c
+    @projects = @issues.collect(&:project).compact.uniq
     @project = @projects.first if @projects.size == 1
   rescue ActiveRecord::RecordNotFound
     render_404
   end
-:cbce1fd3b1b7
+            Chris
-:94944d00e43c
+  # Check if project is unique before bulk operations
   def check_project_uniqueness
     unless @project
-:1d32c0a0efbf
+      # TODO: let users bulk edit/move/destroy issues from different projects
       render_error 'Can not bulk edit/move/destroy issues from different projects'
       return false
     end
   end
-:cbce1fd3b1b7
+            Chris
-:513646585e45
+  # make sure that the user is a member of the project (or admin) if project is private
   # used as a before_filter for actions that do not require any particular permission on the project
   def check_project_privacy
     if @project && @project.active?
       if @project.is_public? || User.current.member_of?(@project) || User.current.admin?
         true
       else
         User.current.logged? ? render_403 : require_login
       end
     else
       @project = nil
       render_404
       false
     end
   end
-:1d32c0a0efbf
+  def back_url
     params[:back_url] || request.env['HTTP_REFERER']
   end
-:513646585e45
+  def redirect_back_or_default(default)
     back_url = CGI.unescape(params[:back_url].to_s)
     if !back_url.blank?
       begin
         uri = URI.parse(back_url)
         # do not redirect user to another host or to the login or register page
         if (uri.relative? || (uri.host == request.host)) && !uri.path.match(%r{/(login|account/register)})
           redirect_to(back_url)
           return
         end
       rescue URI::InvalidURIError
         # redirect to default
       end
     end
     redirect_to default
-:cbce1fd3b1b7
+    false
-:513646585e45
+  end
-:cbce1fd3b1b7
+            Chris
-:94944d00e43c
+  def render_403(options={})
-:513646585e45
+    @project = nil
-:94944d00e43c
+    render_error({:message => :notice_not_authorized, :status => 403}.merge(options))
-:513646585e45
+    return false
   end
-:cbce1fd3b1b7
+            Chris
-:94944d00e43c
+  def render_404(options={})
     render_error({:message => :notice_file_not_found, :status => 404}.merge(options))
-:513646585e45
+    return false
   end
-:cbce1fd3b1b7
+            Chris
-:94944d00e43c
+  # Renders an error response
   def render_error(arg)
     arg = {:message => arg} unless arg.is_a?(Hash)
-:cbce1fd3b1b7
+            Chris
-:94944d00e43c
+    @message = arg[:message]
     @message = l(@message) if @message.is_a?(Symbol)
     @status = arg[:status] || 500
-:cbce1fd3b1b7
+            Chris
-:513646585e45
+    respond_to do |format|
-:94944d00e43c
+      format.html {
         render :template => 'common/error', :layout => use_layout, :status => @status
-:513646585e45
+            Chris
-:94944d00e43c
+      format.atom { head @status }
       format.xml { head @status }
       format.js { head @status }
       format.json { head @status }
-:513646585e45
+    end
   end
-:1d32c0a0efbf
+            Chris
   # Picks which layout to use based on the request
+  #
   # @return [boolean, string] name of the layout to use or false for no layout
   def use_layout
     request.xhr? ? false : 'base'
   end
-:cbce1fd3b1b7
+            Chris
-:513646585e45
+  def invalid_authenticity_token
     if api_request?
       logger.error "Form authenticity token is missing or is invalid. API calls must include a proper Content-type header (text/xml or text/json)."
     end
     render_error "Invalid form authenticity token."
   end
-:cbce1fd3b1b7
+            Chris
   def render_feed(items, options={})
-:513646585e45
+    @items = items || []
     @items.sort! {|x,y| y.event_datetime <=> x.event_datetime }
     @items = @items.slice(0, Setting.feeds_limit.to_i)
     @title = options[:title] || Setting.app_title
     render :template => "common/feed.atom.rxml", :layout => false, :content_type => 'application/atom+xml'
   end
-:cbce1fd3b1b7
+            Chris
-:513646585e45
+  def self.accept_key_auth(*actions)
     actions = actions.flatten.map(&:to_s)
     write_inheritable_attribute('accept_key_auth_actions', actions)
   end
-:cbce1fd3b1b7
+            Chris
-:513646585e45
+  def accept_key_auth_actions
     self.class.read_inheritable_attribute('accept_key_auth_actions') || []
   end
-:cbce1fd3b1b7
+            Chris
-:513646585e45
+  # Returns the number of objects that should be displayed
   # on the paginated list
   def per_page_option
     per_page = nil
     if params[:per_page] && Setting.per_page_options_array.include?(params[:per_page].to_s.to_i)
       per_page = params[:per_page].to_s.to_i
       session[:per_page] = per_page
     elsif session[:per_page]
       per_page = session[:per_page]
     else
       per_page = Setting.per_page_options_array.first || 25
     end
     per_page
   end
-:8661b858af72
+  # Returns offset and limit used to retrieve objects
   # for an API response based on offset, limit and page parameters
   def api_offset_and_limit(options=params)
     if options[:offset].present?
       offset = options[:offset].to_i
       if offset < 0
         offset = 0
       end
     end
     limit = options[:limit].to_i
     if limit < 1
       limit = 25
     elsif limit > 100
       limit = 100
     end
     if offset.nil? && options[:page].present?
       offset = (options[:page].to_i - 1) * limit
       offset = 0 if offset < 0
     end
     offset ||= 0
-:cbce1fd3b1b7
+            Chris
-:8661b858af72
+    [offset, limit]
   end
-:cbce1fd3b1b7
+            Chris
-:513646585e45
+  # qvalues http header parser
   # code taken from webrick
   def parse_qvalues(value)
     tmp = []
     if value
       parts = value.split(/,\s*/)
       parts.each {|part|
         if m = %r{^([^\s,]+?)(?:;\s*q=(\d+(?:\.\d+)?))?$}.match(part)
           val = m[1]
           q = (m[2] or 1).to_f
           tmp.push([val, q])
         end
+      }
       tmp = tmp.sort_by{|val, q| -q}
       tmp.collect!{|val, q| val}
     end
     return tmp
   rescue
     nil
   end
-:cbce1fd3b1b7
+            Chris
-:513646585e45
+  # Returns a string that can be used as filename value in Content-Disposition header
   def filename_for_content_disposition(name)
     request.env['HTTP_USER_AGENT'] =~ %r{MSIE} ? ERB::Util.url_encode(name) : name
   end
-:cbce1fd3b1b7
+            Chris
-:513646585e45
+  def api_request?
     %w(xml json).include? params[:format]
   end
-:cbce1fd3b1b7
+            Chris
-:8661b858af72
+  # Returns the API key present in the request
   def api_key_from_request
     if params[:key].present?
       params[:key]
     elsif request.headers["X-Redmine-API-Key"].present?
       request.headers["X-Redmine-API-Key"]
     end
   end
-:513646585e45
+            Chris
   # Renders a warning flash if obj has unsaved attachments
   def render_attachment_warning_if_needed(obj)
     flash[:warning] = l(:warning_attachments_not_saved, obj.unsaved_attachments.size) if obj.unsaved_attachments.present?
   end
-:1d32c0a0efbf
+  # Sets the `flash` notice or error based the number of issues that did not save
+  #
   # @param [Array, Issue] issues all of the saved and unsaved Issues
   # @param [Array, Integer] unsaved_issue_ids the issue ids that were not saved
   def set_flash_from_bulk_issue_save(issues, unsaved_issue_ids)
     if unsaved_issue_ids.empty?
       flash[:notice] = l(:notice_successful_update) unless issues.empty?
     else
       flash[:error] = l(:notice_failed_to_save_issues,
                         :count => unsaved_issue_ids.size,
                         :total => issues.size,
                         :ids => '#' + unsaved_issue_ids.join(', #'))
     end
   end
-:513646585e45
+  # Rescues an invalid query statement. Just in case...
   def query_statement_invalid(exception)
     logger.error "Query::StatementInvalid: #{exception.message}" if logger
     session.delete(:query)
     sort_clear if respond_to?(:sort_clear)
     render_error "An error occurred while executing the query and has been logged. Please report this error to your Redmine administrator."
   end
   # Converts the errors on an ActiveRecord object into a common JSON format
   def object_errors_to_json(object)
     object.errors.collect do |attribute, error|
       { attribute => error }
     end.to_json
   end
-:8661b858af72
+            Chris
   # Renders API response on validation failure
   def render_validation_errors(object)
     options = { :status => :unprocessable_entity, :layout => false }
     options.merge!(case params[:format]
       when 'xml';  { :xml =>  object.errors }
       when 'json'; { :json => {'errors' => object.errors} } # ActiveResource client compliance
       else
         raise "Unknown format #{params[:format]} in #render_validation_errors"
       end
+    )
     render options
   end
-:cbce1fd3b1b7
+            Chris
-:8661b858af72
+  # Overrides #default_template so that the api template
   # is used automatically if it exists
   def default_template(action_name = self.action_name)
     if api_request?
       begin
         return self.view_paths.find_template(default_template_name(action_name), 'api')
       rescue ::ActionView::MissingTemplate
         # the api template was not found
         # fallback to the default behaviour
       end
     end
     super
   end
-:cbce1fd3b1b7
+            Chris
-:8661b858af72
+  # Overrides #pick_layout so that #render with no arguments
   # doesn't use the layout for api requests
   def pick_layout(*args)
     api_request? ? nil : super
   end
-:513646585e45
+end

SoundSoftware Project »

SoundSoftware Code Site

root / app / controllers / .svn / text-base / application_controller.rb.svn-base @ 441:cbce1fd3b1b7