Commit 310a0f92 authored by Jean-Philippe Lang's avatar Jean-Philippe Lang

0.3 unstable

git-svn-id: http://redmine.rubyforge.org/svn/trunk@12 e93f8b46-1217-0410-a6f0-8f06a7374b81
parent 7e57db1e
......@@ -17,11 +17,14 @@
class AccountController < ApplicationController
layout 'base'
helper :custom_fields
include CustomFieldsHelper
# prevents login action to be filtered by check_if_login_required application scope filter
skip_before_filter :check_if_login_required, :only => :login
before_filter :require_login, :except => [:show, :login]
skip_before_filter :check_if_login_required, :only => [:login, :lost_password, :register]
before_filter :require_login, :except => [:show, :login, :lost_password, :register]
# Show user's account
def show
@user = User.find(params[:id])
end
......@@ -29,49 +32,123 @@ class AccountController < ApplicationController
# Login request and validation
def login
if request.get?
session[:user] = nil
# Logout user
self.logged_in_user = nil
else
logged_in_user = User.try_to_login(params[:login], params[:password])
if logged_in_user
session[:user] = logged_in_user
# Authenticate user
user = User.try_to_login(params[:login], params[:password])
if user
self.logged_in_user = user
redirect_back_or_default :controller => 'account', :action => 'my_page'
else
flash[:notice] = _('Invalid user/password')
flash[:notice] = l(:notice_account_invalid_creditentials)
end
end
end
# Log out current user and redirect to welcome page
def logout
session[:user] = nil
redirect_to(:controller => '')
end
def my_page
@user = session[:user]
@reported_issues = Issue.find(:all, :conditions => ["author_id=?", @user.id], :limit => 10, :include => [ :status, :project, :tracker ], :order => 'issues.updated_on DESC')
@assigned_issues = Issue.find(:all, :conditions => ["assigned_to_id=?", @user.id], :limit => 10, :include => [ :status, :project, :tracker ], :order => 'issues.updated_on DESC')
end
# Edit current user's account
def my_account
@user = User.find(session[:user].id)
if request.post? and @user.update_attributes(@params[:user])
flash[:notice] = 'Account was successfully updated.'
session[:user] = @user
# Log out current user and redirect to welcome page
def logout
self.logged_in_user = nil
redirect_to :controller => ''
end
# Show logged in user's page
def my_page
@user = self.logged_in_user
@reported_issues = Issue.find(:all, :conditions => ["author_id=?", @user.id], :limit => 10, :include => [ :status, :project, :tracker ], :order => 'issues.updated_on DESC')
@assigned_issues = Issue.find(:all, :conditions => ["assigned_to_id=?", @user.id], :limit => 10, :include => [ :status, :project, :tracker ], :order => 'issues.updated_on DESC')
end
# Edit logged in user's account
def my_account
@user = self.logged_in_user
if request.post? and @user.update_attributes(@params[:user])
set_localization
end
end
flash[:notice] = l(:notice_account_updated)
self.logged_in_user.reload
end
end
# Change current user's password
# Change logged in user's password
def change_password
@user = User.find(session[:user].id)
@user = self.logged_in_user
if @user.check_password?(@params[:password])
@user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation]
flash[:notice] = 'Password was successfully updated.' if @user.save
flash[:notice] = l(:notice_account_password_updated) if @user.save
else
flash[:notice] = 'Wrong password'
flash[:notice] = l(:notice_account_wrong_password)
end
render :action => 'my_account'
end
end
# Enable user to choose a new password
def lost_password
if params[:token]
@token = Token.find_by_action_and_value("recovery", params[:token])
redirect_to :controller => '' and return unless @token and !@token.expired?
@user = @token.user
if request.post?
@user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation]
if @user.save
@token.destroy
flash[:notice] = l(:notice_account_password_updated)
redirect_to :action => 'login'
return
end
end
render :template => "account/password_recovery"
return
else
if request.post?
user = User.find_by_mail(params[:mail])
flash[:notice] = l(:notice_account_unknown_email) and return unless user
token = Token.new(:user => user, :action => "recovery")
if token.save
Mailer.set_language_if_valid(Localization.lang)
Mailer.deliver_lost_password(token)
flash[:notice] = l(:notice_account_lost_email_sent)
redirect_to :action => 'login'
return
end
end
end
end
# User self-registration
def register
redirect_to :controller => '' and return if $RDM_SELF_REGISTRATION == false
if params[:token]
token = Token.find_by_action_and_value("register", params[:token])
redirect_to :controller => '' and return unless token and !token.expired?
user = token.user
redirect_to :controller => '' and return unless user.status == User::STATUS_REGISTERED
user.status = User::STATUS_ACTIVE
if user.save
token.destroy
flash[:notice] = l(:notice_account_activated)
redirect_to :action => 'login'
return
end
else
if request.get?
@user = User.new(:language => $RDM_DEFAULT_LANG)
@custom_values = UserCustomField.find(:all).collect { |x| CustomValue.new(:custom_field => x, :customized => @user) }
else
@user = User.new(params[:user])
@user.admin = false
@user.login = params[:user][:login]
@user.status = User::STATUS_REGISTERED
@user.password, @user.password_confirmation = params[:password], params[:password_confirmation]
@custom_values = UserCustomField.find(:all).collect { |x| CustomValue.new(:custom_field => x, :customized => @user, :value => params["custom_fields"][x.id.to_s]) }
@user.custom_values = @custom_values
token = Token.new(:user => @user, :action => "register")
if @user.save and token.save
Mailer.set_language_if_valid(Localization.lang)
Mailer.deliver_register(token)
flash[:notice] = l(:notice_account_register_done)
redirect_to :controller => ''
end
end
end
end
end
......@@ -18,43 +18,59 @@
class ApplicationController < ActionController::Base
before_filter :check_if_login_required, :set_localization
def logged_in_user=(user)
@logged_in_user = user
session[:user_id] = (user ? user.id : nil)
end
def logged_in_user
if session[:user_id]
@logged_in_user ||= User.find(session[:user_id], :include => :memberships)
else
nil
end
end
# check if login is globally required to access the application
def check_if_login_required
require_login if RDM_LOGIN_REQUIRED
require_login if $RDM_LOGIN_REQUIRED
end
def set_localization
Localization.lang = begin
if session[:user]
session[:user].language
if self.logged_in_user and Localization.langs.keys.include? self.logged_in_user.language
self.logged_in_user.language
elsif request.env['HTTP_ACCEPT_LANGUAGE']
accept_lang = HTTPUtils.parse_qvalues(request.env['HTTP_ACCEPT_LANGUAGE']).first.split('-').first
if Localization.langs.collect{ |l| l[1] }.include? accept_lang
if Localization.langs.keys.include? accept_lang
accept_lang
end
end
rescue
nil
end || RDM_DEFAULT_LANG
end || $RDM_DEFAULT_LANG
set_language_if_valid(Localization.lang)
end
def require_login
unless session[:user]
unless self.logged_in_user
store_location
redirect_to(:controller => "account", :action => "login")
return false
end
true
end
def require_admin
if session[:user].nil?
store_location
redirect_to(:controller => "account", :action => "login")
else
unless session[:user].admin?
flash[:notice] = "Acces not allowed"
redirect_to(:controller => "projects", :action => "list")
end
return unless require_login
unless self.logged_in_user.admin?
flash[:notice] = "Acces denied"
redirect_to:controller => ''
return false
end
true
end
# authorizes the user for the requested action.
......@@ -62,19 +78,18 @@ class ApplicationController < ActionController::Base
# check if action is allowed on public projects
if @project.is_public? and Permission.allowed_to_public "%s/%s" % [ @params[:controller], @params[:action] ]
return true
end
# if user not logged in, redirect to login form
unless session[:user]
store_location
redirect_to(:controller => "account", :action => "login")
return false
end
# if logged in, check if authorized
if session[:user].admin? or Permission.allowed_to_role( "%s/%s" % [ @params[:controller], @params[:action] ], session[:user].role_for_project(@project.id) )
end
# if action is not public, force login
return unless require_login
# admin is always authorized
return true if self.logged_in_user.admin?
# if not admin, check membership permission
@user_membership ||= Member.find(:first, :conditions => ["user_id=? and project_id=?", self.logged_in_user.id, @project.id])
if @user_membership and Permission.allowed_to_role( "%s/%s" % [ @params[:controller], @params[:action] ], @user_membership.role_id )
return true
end
flash[:notice] = "Acces denied"
redirect_to(:controller => "")
redirect_to :controller => ''
false
end
......
# redMine - project management software
# Copyright (C) 2006 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class AuthSourcesController < ApplicationController
layout 'base'
before_filter :require_admin
def index
list
render :action => 'list'
end
# GETs should be safe (see http://www.w3.org/2001/tag/doc/whenToUseGet.html)
verify :method => :post, :only => [ :destroy, :create, :update ],
:redirect_to => { :action => :list }
def list
@auth_source_pages, @auth_sources = paginate :auth_sources, :per_page => 10
end
def new
@auth_source = AuthSourceLdap.new
end
def create
@auth_source = AuthSourceLdap.new(params[:auth_source])
if @auth_source.save
flash[:notice] = l(:notice_successful_create)
redirect_to :action => 'list'
else
render :action => 'new'
end
end
def edit
@auth_source = AuthSource.find(params[:id])
end
def update
@auth_source = AuthSource.find(params[:id])
if @auth_source.update_attributes(params[:auth_source])
flash[:notice] = l(:notice_successful_update)
redirect_to :action => 'list'
else
render :action => 'edit'
end
end
def test_connection
@auth_method = AuthSource.find(params[:id])
begin
@auth_method.test_connection
rescue => text
flash[:notice] = text
end
flash[:notice] ||= l(:notice_successful_connection)
redirect_to :action => 'list'
end
def destroy
@auth_source = AuthSource.find(params[:id])
unless @auth_source.users.find(:first)
@auth_source.destroy
flash[:notice] = l(:notice_successful_delete)
end
redirect_to :action => 'list'
end
end
......@@ -16,37 +16,48 @@
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class CustomFieldsController < ApplicationController
layout 'base'
before_filter :require_admin
layout 'base'
before_filter :require_admin
def index
list
render :action => 'list'
end
def list
@custom_field_pages, @custom_fields = paginate :custom_fields, :per_page => 10
@custom_field_pages, @custom_fields = paginate :custom_fields, :per_page => 15
end
def new
if request.get?
@custom_field = CustomField.new
else
@custom_field = CustomField.new(params[:custom_field])
if @custom_field.save
flash[:notice] = 'CustomField was successfully created.'
redirect_to :action => 'list'
case params[:type]
when "IssueCustomField"
@custom_field = IssueCustomField.new(params[:custom_field])
@custom_field.trackers = Tracker.find(params[:tracker_ids]) if params[:tracker_ids]
when "UserCustomField"
@custom_field = UserCustomField.new(params[:custom_field])
when "ProjectCustomField"
@custom_field = ProjectCustomField.new(params[:custom_field])
else
redirect_to :action => 'list'
return
end
if request.post? and @custom_field.save
redirect_to :action => 'list'
end
@trackers = Tracker.find(:all)
end
def edit
@custom_field = CustomField.find(params[:id])
if request.post? and @custom_field.update_attributes(params[:custom_field])
if @custom_field.is_a? IssueCustomField
@custom_field.trackers = params[:tracker_ids] ? Tracker.find(params[:tracker_ids]) : []
end
end
end
def edit
@custom_field = CustomField.find(params[:id])
if request.post? and @custom_field.update_attributes(params[:custom_field])
flash[:notice] = 'CustomField was successfully updated.'
redirect_to :action => 'list'
end
end
flash[:notice] = 'Custom field was successfully updated.'
redirect_to :action => 'list'
end
@trackers = Tracker.find(:all)
end
def destroy
CustomField.find(params[:id]).destroy
......@@ -54,5 +65,5 @@ class CustomFieldsController < ApplicationController
rescue
flash[:notice] = "Unable to delete custom field"
redirect_to :action => 'list'
end
end
end
......@@ -45,7 +45,7 @@ class DocumentsController < ApplicationController
# Save the attachment
if params[:attachment][:file].size > 0
@attachment = @document.attachments.build(params[:attachment])
@attachment.author_id = session[:user].id unless session[:user].nil?
@attachment.author_id = self.logged_in_user.id if self.logged_in_user
@attachment.save
end
render :action => 'show'
......
......@@ -23,21 +23,21 @@ class IssuesController < ApplicationController
include CustomFieldsHelper
def show
@status_options = @issue.status.workflows.find(:all, :conditions => ["role_id=? and tracker_id=?", session[:user].role_for_project(@project.id), @issue.tracker.id]).collect{ |w| w.new_status } if session[:user]
@status_options = @issue.status.workflows.find(:all, :conditions => ["role_id=? and tracker_id=?", self.logged_in_user.role_for_project(@project.id), @issue.tracker.id]).collect{ |w| w.new_status } if self.logged_in_user
@custom_values = @issue.custom_values.find(:all, :include => :custom_field)
end
def edit
@trackers = Tracker.find(:all)
def edit
@priorities = Enumeration::get_values('IPRI')
if request.get?
@custom_values = @project.custom_fields_for_issues.collect { |x| @issue.custom_values.find_by_custom_field_id(x.id) || CustomValue.new(:custom_field => x) }
@custom_values = @project.custom_fields_for_issues(@issue.tracker).collect { |x| @issue.custom_values.find_by_custom_field_id(x.id) || CustomValue.new(:custom_field => x, :customized => @issue) }
else
# Retrieve custom fields and values
@custom_values = @project.custom_fields_for_issues.collect { |x| CustomValue.new(:custom_field => x, :value => params["custom_fields"][x.id.to_s]) }
@custom_values = @project.custom_fields_for_issues(@issue.tracker).collect { |x| CustomValue.new(:custom_field => x, :customized => @issue, :value => params["custom_fields"][x.id.to_s]) }
@issue.custom_values = @custom_values
if @issue.update_attributes(params[:issue])
@issue.attributes = params[:issue]
if @issue.save
flash[:notice] = 'Issue was successfully updated.'
redirect_to :action => 'show', :id => @issue
end
......@@ -46,12 +46,11 @@ class IssuesController < ApplicationController
def change_status
@history = @issue.histories.build(params[:history])
@status_options = @issue.status.workflows.find(:all, :conditions => ["role_id=? and tracker_id=?", session[:user].role_for_project(@project.id), @issue.tracker.id]).collect{ |w| w.new_status } if session[:user]
@status_options = @issue.status.workflows.find(:all, :conditions => ["role_id=? and tracker_id=?", self.logged_in_user.role_for_project(@project.id), @issue.tracker.id]).collect{ |w| w.new_status } if self.logged_in_user
if params[:confirm]
unless session[:user].nil?
@history.author = session[:user]
end
@history.author_id = self.logged_in_user.id if self.logged_in_user
if @history.save
@issue.status = @history.status
@issue.fixed_version_id = (params[:issue][:fixed_version_id])
......@@ -76,7 +75,7 @@ class IssuesController < ApplicationController
# Save the attachment
if params[:attachment][:file].size > 0
@attachment = @issue.attachments.build(params[:attachment])
@attachment.author_id = session[:user].id unless session[:user].nil?
@attachment.author_id = self.logged_in_user.id if self.logged_in_user
@attachment.save
end
redirect_to :action => 'show', :id => @issue
......@@ -86,17 +85,16 @@ class IssuesController < ApplicationController
@issue.attachments.find(params[:attachment_id]).destroy
redirect_to :action => 'show', :id => @issue
end
# Send the file in stream mode
def download
@attachment = @issue.attachments.find(params[:attachment_id])
send_file @attachment.diskfile, :filename => @attachment.filename
end
# Send the file in stream mode
def download
@attachment = @issue.attachments.find(params[:attachment_id])
send_file @attachment.diskfile, :filename => @attachment.filename
end
private
def find_project
def find_project
@issue = Issue.find(params[:id])
@project = @issue.project
end
@project = @issue.project
end
end
......@@ -21,6 +21,8 @@ class UsersController < ApplicationController
helper :sort
include SortHelper
helper :custom_fields
include CustomFieldsHelper
def index
list
......@@ -41,12 +43,15 @@ class UsersController < ApplicationController
def add
if request.get?
@user = User.new
@user = User.new(:language => $RDM_DEFAULT_LANG)
@custom_values = UserCustomField.find(:all).collect { |x| CustomValue.new(:custom_field => x, :customized => @user) }
else
@user = User.new(params[:user])
@user.admin = params[:user][:admin] || false
@user.login = params[:user][:login]
@user.password, @user.password_confirmation = params[:password], params[:password_confirmation]
@custom_values = UserCustomField.find(:all).collect { |x| CustomValue.new(:custom_field => x, :customized => @user, :value => params["custom_fields"][x.id.to_s]) }
@user.custom_values = @custom_values
if @user.save
flash[:notice] = 'User was successfully created.'
redirect_to :action => 'list'
......@@ -56,10 +61,16 @@ class UsersController < ApplicationController
def edit
@user = User.find(params[:id])
if request.post?
if request.get?
@custom_values = UserCustomField.find(:all).collect { |x| @user.custom_values.find_by_custom_field_id(x.id) || CustomValue.new(:custom_field => x) }
else
@user.admin = params[:user][:admin] if params[:user][:admin]
@user.login = params[:user][:login] if params[:user][:login]
@user.password, @user.password_confirmation = params[:password], params[:password_confirmation] unless params[:password].nil? or params[:password].empty?
if params[:custom_fields]
@custom_values = UserCustomField.find(:all).collect { |x| CustomValue.new(:custom_field => x, :customized => @user, :value => params["custom_fields"][x.id.to_s]) }
@user.custom_values = @custom_values
end
if @user.update_attributes(params[:user])
flash[:notice] = 'User was successfully updated.'
redirect_to :action => 'list'
......
......@@ -16,11 +16,10 @@
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class WelcomeController < ApplicationController
layout 'base'
def index
layout 'base'
def index
@news = News.latest
@projects = Project.latest
end
end
end
......@@ -17,35 +17,38 @@
module ApplicationHelper
def loggedin?
session[:user]
end
# return current logged in user or nil
def loggedin?
@logged_in_user
end
# return true if user is loggend in and is admin, otherwise false
def admin_loggedin?
@logged_in_user and @logged_in_user.admin?
end
def admin_loggedin?
session[:user] && session[:user].admin
end
def authorize_for(controller, action)
def authorize_for(controller, action)