Validates sort_key and sort_order params (#2378).

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@2171 e93f8b46-1217-0410-a6f0-8f06a7374b81

Validates sort_key and sort_order params (#2378).
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@2171 e93f8b46-1217-0410-a6f0-8f06a7374b81
5c97a83a · Jean-Philippe Lang · 7776b5b6 · 5c97a83a · 5c97a83a · 5c97a83a
Commit 5c97a83a authored Dec 24, 2008 by Jean-Philippe Lang
14 changed files
--- a/app/controllers/admin_controller.rb
+++ b/app/controllers/admin_controller.rb
@@ -27,7 +27,7 @@ class AdminController < ApplicationController
  def projects
    sort_init 'name', 'asc'
-    sort_update
+    sort_update %w(name is_public created_on)
    @status = params[:status] ? params[:status].to_i : 1
    c = ARCondition.new(@status == 0 ? "status <> 0" : ["status = ?", @status])

--- a/app/controllers/boards_controller.rb
+++ b/app/controllers/boards_controller.rb
@@ -35,8 +35,10 @@ class BoardsController < ApplicationController
  end
  def show
-    sort_init "#{Message.table_name}.updated_on", "desc"
+    sort_init 'updated_on', 'desc'
-    sort_update	
+    sort_update	'created_on' => "#{Message.table_name}.created_on",
+                'replies' => "#{Message.table_name}.replies_count",
+                'updated_on' => "#{Message.table_name}.updated_on"
    @topic_count = @board.topics.count
    @topic_pages = Paginator.new self, @topic_count, per_page_option, params['page']

--- a/app/controllers/issues_controller.rb
+++ b/app/controllers/issues_controller.rb
@@ -45,9 +45,10 @@ class IssuesController < ApplicationController
  helper :timelog
  def index
-    sort_init "#{Issue.table_name}.id", "desc"
-    sort_update
    retrieve_query
+    sort_init 'id', 'desc'
+    sort_update({'id' => "#{Issue.table_name}.id"}.merge(@query.columns.inject({}) {|h, c| h[c.name.to_s] = c.sortable; h}))
    if @query.valid?
      limit = per_page_option
      respond_to do |format|
@@ -78,9 +79,10 @@ class IssuesController < ApplicationController
  end
  def changes
-    sort_init "#{Issue.table_name}.id", "desc"
-    sort_update
    retrieve_query
+    sort_init 'id', 'desc'
+    sort_update({'id' => "#{Issue.table_name}.id"}.merge(@query.columns.inject({}) {|h, c| h[c.name.to_s] = c.sortable; h}))
    if @query.valid?
      @journals = Journal.find :all, :include => [ :details, :user, {:issue => [:project, :author, :tracker, :status]} ],
                                     :conditions => @query.statement,

--- a/app/controllers/projects_controller.rb
+++ b/app/controllers/projects_controller.rb
@@ -200,8 +200,12 @@ class ProjectsController < ApplicationController
  end
  def list_files
-    sort_init "#{Attachment.table_name}.filename", "asc"
+    sort_init 'filename', 'asc'
-    sort_update
+    sort_update 'filename' => "#{Attachment.table_name}.filename",
+                'created_on' => "#{Attachment.table_name}.created_on",
+                'size' => "#{Attachment.table_name}.filesize",
+                'downloads' => "#{Attachment.table_name}.downloads"
    @containers = [ Project.find(@project.id, :include => :attachments, :order => sort_clause)]
    @containers += @project.versions.find(:all, :include => :attachments, :order => sort_clause).sort.reverse
    render :layout => !request.xhr?

--- a/app/controllers/timelog_controller.rb
+++ b/app/controllers/timelog_controller.rb
@@ -138,7 +138,12 @@ class TimelogController < ApplicationController
  def details
    sort_init 'spent_on', 'desc'
-    sort_update
+    sort_update 'spent_on' => 'spent_on',
+                'user' => 'user_id',
+                'activity' => 'activity_id',
+                'project' => "#{Project.table_name}.name",
+                'issue' => 'issue_id',
+                'hours' => 'hours'
    cond = ARCondition.new
    if @project.nil?

--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -30,7 +30,7 @@ class UsersController < ApplicationController
  def list
    sort_init 'login', 'asc'
-    sort_update
+    sort_update %w(login firstname lastname mail admin created_on last_login_on)
    @status = params[:status] ? params[:status].to_i : 1
    c = ARCondition.new(@status == 0 ? "status <> 0" : ["status = ?", @status])

--- a/app/helpers/queries_helper.rb
+++ b/app/helpers/queries_helper.rb
@@ -22,8 +22,8 @@ module QueriesHelper
  end
  def column_header(column)
-    column.sortable ? sort_header_tag(column.sortable, :caption => column.caption,
+    column.sortable ? sort_header_tag(column.name.to_s, :caption => column.caption,
-                                                       :default_order => column.default_order) : 
+                                                        :default_order => column.default_order) : 
                      content_tag('th', column.caption)
  end

--- a/app/helpers/sort_helper.rb
+++ b/app/helpers/sort_helper.rb
@@ -67,23 +67,31 @@ module SortHelper
  # Updates the sort state. Call this in the controller prior to calling
  # sort_clause.
-  #
+  # sort_keys can be either an array or a hash of allowed keys
-  def sort_update()
+  def sort_update(sort_keys)
-    if params[:sort_key]
+    sort_key = params[:sort_key]
-      sort = {:key => params[:sort_key], :order => params[:sort_order]}
+    sort_key = nil unless (sort_keys.is_a?(Array) ? sort_keys.include?(sort_key) : sort_keys[sort_key])
+    sort_order = (params[:sort_order] == 'desc' ? 'DESC' : 'ASC')
+    if sort_key
+      sort = {:key => sort_key, :order => sort_order}
    elsif session[@sort_name]
      sort = session[@sort_name]   # Previous sort.
    else
      sort = @sort_default
    end
    session[@sort_name] = sort
+    sort_column = (sort_keys.is_a?(Hash) ? sort_keys[sort[:key]] : sort[:key])
+    @sort_clause = (sort_column.blank? ? '' : "#{sort_column} #{sort[:order]}")
  end
  # Returns an SQL sort clause corresponding to the current sort state.
  # Use this to sort the controller's table items collection.
  #
  def sort_clause()
-    session[@sort_name][:key] + ' ' + (session[@sort_name][:order] || 'ASC')
+    @sort_clause || '' #session[@sort_name][:key] + ' ' + (session[@sort_name][:order] || 'ASC')
  end
  # Returns a link which sorts by the named column.

--- a/app/models/mailer.rb
+++ b/app/models/mailer.rb
@@ -58,7 +58,7 @@ class Mailer < ActionMailer::Base
    subject l(:mail_subject_reminder, issues.size)
    body :issues => issues,
         :days => days,
-         :issues_url => url_for(:controller => 'issues', :action => 'index', :set_filter => 1, :assigned_to_id => user.id, :sort_key => 'issues.due_date', :sort_order => 'asc')
+         :issues_url => url_for(:controller => 'issues', :action => 'index', :set_filter => 1, :assigned_to_id => user.id, :sort_key => 'due_date', :sort_order => 'asc')
  end
  def document_added(document)

--- a/app/views/boards/show.rhtml
+++ b/app/views/boards/show.rhtml
@@ -33,9 +33,9 @@
  <thead><tr>
    <th><%= l(:field_subject) %></th>
    <th><%= l(:field_author) %></th>
-    <%= sort_header_tag("#{Message.table_name}.created_on", :caption => l(:field_created_on)) %>
+    <%= sort_header_tag('created_on', :caption => l(:field_created_on)) %>
-    <%= sort_header_tag("#{Message.table_name}.replies_count", :caption => l(:label_reply_plural)) %>
+    <%= sort_header_tag('replies', :caption => l(:label_reply_plural)) %>
-    <%= sort_header_tag("#{Message.table_name}.updated_on", :caption => l(:label_message_last)) %>
+    <%= sort_header_tag('updated_on', :caption => l(:label_message_last)) %>
  </tr></thead>  
  <tbody>
  <% @topics.each do |topic| %>

--- a/app/views/issues/_list.rhtml
+++ b/app/views/issues/_list.rhtml
@@ -4,7 +4,7 @@
        <th><%= link_to image_tag('toggle_check.png'), {}, :onclick => 'toggleIssuesSelection(Element.up(this, "form")); return false;',
                                                           :title => "#{l(:button_check_all)}/#{l(:button_uncheck_all)}" %>
        </th>
-		<%= sort_header_tag("#{Issue.table_name}.id", :caption => '#', :default_order => 'desc') %>
+		<%= sort_header_tag('id', :caption => '#', :default_order => 'desc') %>
        <% query.columns.each do |column| %>
          <%= column_header(column) %>
        <% end %>

--- a/app/views/projects/list_files.rhtml
+++ b/app/views/projects/list_files.rhtml
@@ -8,10 +8,10 @@
 <table class="list">
  <thead><tr>
-    <%= sort_header_tag("#{Attachment.table_name}.filename", :caption => l(:field_filename)) %>
+    <%= sort_header_tag('filename', :caption => l(:field_filename)) %>
-    <%= sort_header_tag("#{Attachment.table_name}.created_on", :caption => l(:label_date), :default_order => 'desc') %>
+    <%= sort_header_tag('created_on', :caption => l(:label_date), :default_order => 'desc') %>
-    <%= sort_header_tag("#{Attachment.table_name}.filesize", :caption => l(:field_filesize), :default_order => 'desc') %>
+    <%= sort_header_tag('size', :caption => l(:field_filesize), :default_order => 'desc') %>
-    <%= sort_header_tag("#{Attachment.table_name}.downloads", :caption => l(:label_downloads_abbr), :default_order => 'desc') %>
+    <%= sort_header_tag('downloads', :caption => l(:label_downloads_abbr), :default_order => 'desc') %>
    <th>MD5</th>
    <th></th>
  </tr></thead>

--- a/app/views/timelog/_list.rhtml
+++ b/app/views/timelog/_list.rhtml
@@ -2,10 +2,10 @@
 <thead>
 <tr>
 <%= sort_header_tag('spent_on', :caption => l(:label_date), :default_order => 'desc') %>
-<%= sort_header_tag('user_id', :caption => l(:label_member)) %>
+<%= sort_header_tag('user', :caption => l(:label_member)) %>
-<%= sort_header_tag('activity_id', :caption => l(:label_activity)) %>
+<%= sort_header_tag('activity', :caption => l(:label_activity)) %>
-<%= sort_header_tag("#{Project.table_name}.name", :caption => l(:label_project)) %>
+<%= sort_header_tag('project', :caption => l(:label_project)) %>
-<%= sort_header_tag('issue_id', :caption => l(:label_issue), :default_order => 'desc') %>
+<%= sort_header_tag('issue', :caption => l(:label_issue), :default_order => 'desc') %>
 <th><%= l(:field_comments) %></th>
 <%= sort_header_tag('hours', :caption => l(:field_hours)) %>
 <th></th>

--- a/test/functional/issues_controller_test.rb
+++ b/test/functional/issues_controller_test.rb
@@ -137,6 +137,16 @@ class IssuesControllerTest < Test::Unit::TestCase
    assert_not_nil assigns(:issues)
    assert_equal 'application/pdf', @response.content_type
  end
+  def test_index_sort
+    get :index, :sort_key => 'tracker'
+    assert_response :success
+    sort_params = @request.session['issuesindex_sort']
+    assert sort_params.is_a?(Hash)
+    assert_equal 'tracker', sort_params[:key]
+    assert_equal 'ASC', sort_params[:order]
+  end
  def test_gantt
    get :gantt, :project_id => 1