application.rb
170 lines
| 5.2 KiB
| text/x-ruby
|
RubyLexer
Jean-Philippe Lang
|
r330 | # redMine - project management software | ||
| # Copyright (C) 2006-2007 Jean-Philippe Lang | ||||
| # | ||||
| # This program is free software; you can redistribute it and/or | ||||
| # modify it under the terms of the GNU General Public License | ||||
| # as published by the Free Software Foundation; either version 2 | ||||
| # of the License, or (at your option) any later version. | ||||
| # | ||||
| # This program is distributed in the hope that it will be useful, | ||||
| # but WITHOUT ANY WARRANTY; without even the implied warranty of | ||||
| # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||||
| # GNU General Public License for more details. | ||||
| # | ||||
| # You should have received a copy of the GNU General Public License | ||||
| # along with this program; if not, write to the Free Software | ||||
| # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. | ||||
| class ApplicationController < ActionController::Base | ||||
|
Jean-Philippe Lang
|
r663 | before_filter :user_setup, :check_if_login_required, :set_localization | ||
|
Jean-Philippe Lang
|
r330 | filter_parameter_logging :password | ||
|
Jean-Philippe Lang
|
r558 | REDMINE_SUPPORTED_SCM.each do |scm| | ||
| require_dependency "repository/#{scm.underscore}" | ||||
| end | ||||
|
Jean-Philippe Lang
|
r663 | def logged_in_user | ||
| User.current.logged? ? User.current : nil | ||||
|
Jean-Philippe Lang
|
r330 | end | ||
|
Jean-Philippe Lang
|
r663 | def current_role | ||
| @current_role ||= User.current.role_for_project(@project) | ||||
| end | ||||
| def user_setup | ||||
|
Jean-Philippe Lang
|
r674 | Setting.check_cache | ||
|
Jean-Philippe Lang
|
r330 | if session[:user_id] | ||
|
Jean-Philippe Lang
|
r663 | # existing session | ||
| User.current = User.find(session[:user_id]) | ||||
| elsif cookies[:autologin] && Setting.autologin? | ||||
| # auto-login feature | ||||
|
Jean-Philippe Lang
|
r672 | User.current = User.find_by_autologin_key(cookies[:autologin]) | ||
|
Jean-Philippe Lang
|
r663 | elsif params[:key] && accept_key_auth_actions.include?(params[:action]) | ||
| # RSS key authentication | ||||
| User.current = User.find_by_rss_key(params[:key]) | ||||
|
Jean-Philippe Lang
|
r330 | else | ||
|
Jean-Philippe Lang
|
r663 | User.current = User.anonymous | ||
|
Jean-Philippe Lang
|
r330 | end | ||
| end | ||||
| # check if login is globally required to access the application | ||||
| def check_if_login_required | ||||
|
Jean-Philippe Lang
|
r511 | # no check needed if user is already logged in | ||
|
Jean-Philippe Lang
|
r663 | return true if User.current.logged? | ||
|
Jean-Philippe Lang
|
r330 | require_login if Setting.login_required? | ||
| end | ||||
| def set_localization | ||||
| lang = begin | ||||
|
Jean-Philippe Lang
|
r663 | if !User.current.language.blank? and GLoc.valid_languages.include? User.current.language.to_sym | ||
| User.current.language | ||||
|
Jean-Philippe Lang
|
r330 | elsif request.env['HTTP_ACCEPT_LANGUAGE'] | ||
| accept_lang = parse_qvalues(request.env['HTTP_ACCEPT_LANGUAGE']).first.split('-').first | ||||
| if accept_lang and !accept_lang.empty? and GLoc.valid_languages.include? accept_lang.to_sym | ||||
| accept_lang | ||||
| end | ||||
| end | ||||
| rescue | ||||
| nil | ||||
| end || Setting.default_language | ||||
| set_language_if_valid(lang) | ||||
| end | ||||
| def require_login | ||||
|
Jean-Philippe Lang
|
r663 | if !User.current.logged? | ||
|
Jean-Philippe Lang
|
r330 | store_location | ||
| redirect_to :controller => "account", :action => "login" | ||||
| return false | ||||
| end | ||||
| true | ||||
| end | ||||
| def require_admin | ||||
| return unless require_login | ||||
|
Jean-Philippe Lang
|
r663 | if !User.current.admin? | ||
|
Jean-Philippe Lang
|
r492 | render_403 | ||
|
Jean-Philippe Lang
|
r330 | return false | ||
| end | ||||
| true | ||||
| end | ||||
|
Jean-Philippe Lang
|
r663 | # Authorize the user for the requested action | ||
|
Jean-Philippe Lang
|
r330 | def authorize(ctrl = params[:controller], action = params[:action]) | ||
|
Jean-Philippe Lang
|
r663 | allowed = User.current.allowed_to?({:controller => ctrl, :action => action}, @project) | ||
| allowed ? true : (User.current.logged? ? render_403 : require_login) | ||||
|
Jean-Philippe Lang
|
r330 | end | ||
| # make sure that the user is a member of the project (or admin) if project is private | ||||
| # used as a before_filter for actions that do not require any particular permission on the project | ||||
| def check_project_privacy | ||||
|
Jean-Philippe Lang
|
r546 | unless @project.active? | ||
| @project = nil | ||||
| render_404 | ||||
| return false | ||||
| end | ||||
|
Jean-Philippe Lang
|
r663 | return true if @project.is_public? || User.current.member_of?(@project) || User.current.admin? | ||
| User.current.logged? ? render_403 : require_login | ||||
|
Jean-Philippe Lang
|
r330 | end | ||
|
Jean-Philippe Lang
|
r5 | # store current uri in session. | ||
| # return to this location by calling redirect_back_or_default | ||||
| def store_location | ||||
|
Jean-Philippe Lang
|
r172 | session[:return_to_params] = params | ||
|
Jean-Philippe Lang
|
r5 | end | ||
| # move to the last store_location call or to the passed default one | ||||
| def redirect_back_or_default(default) | ||||
|
Jean-Philippe Lang
|
r172 | if session[:return_to_params].nil? | ||
|
Jean-Philippe Lang
|
r5 | redirect_to default | ||
| else | ||||
|
Jean-Philippe Lang
|
r172 | redirect_to session[:return_to_params] | ||
| session[:return_to_params] = nil | ||||
|
Jean-Philippe Lang
|
r5 | end | ||
| end | ||||
|
Jean-Philippe Lang
|
r330 | |||
|
Jean-Philippe Lang
|
r492 | def render_403 | ||
| @project = nil | ||||
| render :template => "common/403", :layout => true, :status => 403 | ||||
| return false | ||||
| end | ||||
|
Jean-Philippe Lang
|
r330 | def render_404 | ||
| render :template => "common/404", :layout => true, :status => 404 | ||||
| return false | ||||
| end | ||||
|
Jean-Philippe Lang
|
r663 | |||
|
Jean-Philippe Lang
|
r675 | def render_feed(items, options={}) | ||
| @items = items || [] | ||||
| @items.sort! {|x,y| y.event_datetime <=> x.event_datetime } | ||||
|
Jean-Philippe Lang
|
r663 | @title = options[:title] || Setting.app_title | ||
| render :template => "common/feed.atom.rxml", :layout => false, :content_type => 'application/atom+xml' | ||||
| end | ||||
| def self.accept_key_auth(*actions) | ||||
| actions = actions.flatten.map(&:to_s) | ||||
| write_inheritable_attribute('accept_key_auth_actions', actions) | ||||
| end | ||||
| def accept_key_auth_actions | ||||
| self.class.read_inheritable_attribute('accept_key_auth_actions') || [] | ||||
| end | ||||
|
Jean-Philippe Lang
|
r330 | |||
| # qvalues http header parser | ||||
| # code taken from webrick | ||||
| def parse_qvalues(value) | ||||
| tmp = [] | ||||
| if value | ||||
| parts = value.split(/,\s*/) | ||||
| parts.each {|part| | ||||
| if m = %r{^([^\s,]+?)(?:;\s*q=(\d+(?:\.\d+)?))?$}.match(part) | ||||
| val = m[1] | ||||
| q = (m[2] or 1).to_f | ||||
| tmp.push([val, q]) | ||||
| end | ||||
| } | ||||
| tmp = tmp.sort_by{|val, q| -q} | ||||
| tmp.collect!{|val, q| val} | ||||
| end | ||||
| return tmp | ||||
| end | ||||
|
Jean-Philippe Lang
|
r663 | end | ||