##// END OF EJS Templates
jro_apps » redmine
RSS
Do not authorize project identifier with numbers only (would be interpreted as the project id in urls)....
Jean-Philippe Lang -
r1094:0123dc36515d
parent child
Show More
Side by Side Unified
Context file:
r1094:0123dc36515d Loading diff...:
Show file before | Show file after | Hide comments
@@ -1,233 +1,234
1 1 # redMine - project management software
2 2 # Copyright (C) 2006 Jean-Philippe Lang
3 3 #
4 4 # This program is free software; you can redistribute it and/or
5 5 # modify it under the terms of the GNU General Public License
6 6 # as published by the Free Software Foundation; either version 2
7 7 # of the License, or (at your option) any later version.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU General Public License
15 15 # along with this program; if not, write to the Free Software
16 16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17 17
18 18 class Project < ActiveRecord::Base
19 19 # Project statuses
20 20 STATUS_ACTIVE = 1
21 21 STATUS_ARCHIVED = 9
22 22
23 23 has_many :members, :include => :user, :conditions => "#{User.table_name}.status=#{User::STATUS_ACTIVE}"
24 24 has_many :users, :through => :members
25 25 has_many :custom_values, :dependent => :delete_all, :as => :customized
26 26 has_many :enabled_modules, :dependent => :delete_all
27 27 has_and_belongs_to_many :trackers, :order => "#{Tracker.table_name}.position"
28 28 has_many :issues, :dependent => :destroy, :order => "#{Issue.table_name}.created_on DESC", :include => [:status, :tracker]
29 29 has_many :issue_changes, :through => :issues, :source => :journals
30 30 has_many :versions, :dependent => :destroy, :order => "#{Version.table_name}.effective_date DESC, #{Version.table_name}.name DESC"
31 31 has_many :time_entries, :dependent => :delete_all
32 32 has_many :queries, :dependent => :delete_all
33 33 has_many :documents, :dependent => :destroy
34 34 has_many :news, :dependent => :delete_all, :include => :author
35 35 has_many :issue_categories, :dependent => :delete_all, :order => "#{IssueCategory.table_name}.name"
36 36 has_many :boards, :order => "position ASC"
37 37 has_one :repository, :dependent => :destroy
38 38 has_many :changesets, :through => :repository
39 39 has_one :wiki, :dependent => :destroy
40 40 # Custom field for the project issues
41 41 has_and_belongs_to_many :custom_fields,
42 42 :class_name => 'IssueCustomField',
43 43 :order => "#{CustomField.table_name}.position",
44 44 :join_table => "#{table_name_prefix}custom_fields_projects#{table_name_suffix}",
45 45 :association_foreign_key => 'custom_field_id'
46 46
47 47 acts_as_tree :order => "name", :counter_cache => true
48 48
49 49 acts_as_searchable :columns => ['name', 'description'], :project_key => 'id'
50 50 acts_as_event :title => Proc.new {|o| "#{l(:label_project)}: #{o.name}"},
51 51 :url => Proc.new {|o| {:controller => 'projects', :action => 'show', :id => o.id}}
52 52
53 53 attr_protected :status, :enabled_module_names
54 54
55 55 validates_presence_of :name, :identifier
56 56 validates_uniqueness_of :name, :identifier
57 57 validates_associated :custom_values, :on => :update
58 58 validates_associated :repository, :wiki
59 59 validates_length_of :name, :maximum => 30
60 60 validates_length_of :homepage, :maximum => 60
61 61 validates_length_of :identifier, :in => 3..20
62 62 validates_format_of :identifier, :with => /^[a-z0-9\-]*$/
63 63
64 64 before_destroy :delete_all_members
65 65
66 66 def identifier=(identifier)
67 67 super unless identifier_frozen?
68 68 end
69 69
70 70 def identifier_frozen?
71 71 errors[:identifier].nil? && !(new_record? || identifier.blank?)
72 72 end
73 73
74 74 def issues_with_subprojects(include_subprojects=false)
75 75 conditions = nil
76 76 if include_subprojects && !active_children.empty?
77 77 ids = [id] + active_children.collect {|c| c.id}
78 78 conditions = ["#{Issue.table_name}.project_id IN (#{ids.join(',')})"]
79 79 end
80 80 conditions ||= ["#{Issue.table_name}.project_id = ?", id]
81 81 # Quick and dirty fix for Rails 2 compatibility
82 82 Issue.send(:with_scope, :find => { :conditions => conditions }) do
83 83 yield
84 84 end
85 85 end
86 86
87 87 # Return all issues status changes for the project between the 2 given dates
88 88 def issues_status_changes(from, to)
89 89 Journal.find(:all, :include => [:issue, :details, :user],
90 90 :conditions => ["#{Journal.table_name}.journalized_type = 'Issue'" +
91 91 " AND #{Issue.table_name}.project_id = ?" +
92 92 " AND #{JournalDetail.table_name}.prop_key = 'status_id'" +
93 93 " AND #{Journal.table_name}.created_on BETWEEN ? AND ?",
94 94 id, from, to+1])
95 95 end
96 96
97 97 # returns latest created projects
98 98 # non public projects will be returned only if user is a member of those
99 99 def self.latest(user=nil, count=5)
100 100 find(:all, :limit => count, :conditions => visible_by(user), :order => "created_on DESC")
101 101 end
102 102
103 103 def self.visible_by(user=nil)
104 104 if user && user.admin?
105 105 return "#{Project.table_name}.status=#{Project::STATUS_ACTIVE}"
106 106 elsif user && user.memberships.any?
107 107 return "#{Project.table_name}.status=#{Project::STATUS_ACTIVE} AND (#{Project.table_name}.is_public = #{connection.quoted_true} or #{Project.table_name}.id IN (#{user.memberships.collect{|m| m.project_id}.join(',')}))"
108 108 else
109 109 return "#{Project.table_name}.status=#{Project::STATUS_ACTIVE} AND #{Project.table_name}.is_public = #{connection.quoted_true}"
110 110 end
111 111 end
112 112
113 113 def self.find(*args)
114 114 if args.first && args.first.is_a?(String) && !args.first.match(/^\d*$/)
115 115 project = find_by_identifier(*args)
116 116 raise ActiveRecord::RecordNotFound, "Couldn't find Project with identifier=#{args.first}" if project.nil?
117 117 project
118 118 else
119 119 super
120 120 end
121 121 end
122 122
123 123 def to_param
124 124 identifier
125 125 end
126 126
127 127 def active?
128 128 self.status == STATUS_ACTIVE
129 129 end
130 130
131 131 def archive
132 132 # Archive subprojects if any
133 133 children.each do |subproject|
134 134 subproject.archive
135 135 end
136 136 update_attribute :status, STATUS_ARCHIVED
137 137 end
138 138
139 139 def unarchive
140 140 return false if parent && !parent.active?
141 141 update_attribute :status, STATUS_ACTIVE
142 142 end
143 143
144 144 def active_children
145 145 children.select {|child| child.active?}
146 146 end
147 147
148 148 # Returns an array of the trackers used by the project and its sub projects
149 149 def rolled_up_trackers
150 150 @rolled_up_trackers ||=
151 151 Tracker.find(:all, :include => :projects,
152 152 :select => "DISTINCT #{Tracker.table_name}.*",
153 153 :conditions => ["#{Project.table_name}.id = ? OR #{Project.table_name}.parent_id = ?", id, id],
154 154 :order => "#{Tracker.table_name}.position")
155 155 end
156 156
157 157 # Deletes all project's members
158 158 def delete_all_members
159 159 Member.delete_all(['project_id = ?', id])
160 160 end
161 161
162 162 # Users issues can be assigned to
163 163 def assignable_users
164 164 members.select {|m| m.role.assignable?}.collect {|m| m.user}.sort
165 165 end
166 166
167 167 # Returns the mail adresses of users that should be always notified on project events
168 168 def recipients
169 169 members.select {|m| m.mail_notification? || m.user.mail_notification?}.collect {|m| m.user.mail}
170 170 end
171 171
172 172 # Returns an array of all custom fields enabled for project issues
173 173 # (explictly associated custom fields and custom fields enabled for all projects)
174 174 def custom_fields_for_issues(tracker)
175 175 all_custom_fields.select {|c| tracker.custom_fields.include? c }
176 176 end
177 177
178 178 def all_custom_fields
179 179 @all_custom_fields ||= (IssueCustomField.for_all + custom_fields).uniq
180 180 end
181 181
182 182 def <=>(project)
183 183 name.downcase <=> project.name.downcase
184 184 end
185 185
186 186 def to_s
187 187 name
188 188 end
189 189
190 190 # Returns a short description of the projects (first lines)
191 191 def short_description(length = 255)
192 192 description.gsub(/^(.{#{length}}[^\n]*).*$/m, '\1').strip if description
193 193 end
194 194
195 195 def allows_to?(action)
196 196 if action.is_a? Hash
197 197 allowed_actions.include? "#{action[:controller]}/#{action[:action]}"
198 198 else
199 199 allowed_permissions.include? action
200 200 end
201 201 end
202 202
203 203 def module_enabled?(module_name)
204 204 module_name = module_name.to_s
205 205 enabled_modules.detect {|m| m.name == module_name}
206 206 end
207 207
208 208 def enabled_module_names=(module_names)
209 209 enabled_modules.clear
210 210 module_names = [] unless module_names && module_names.is_a?(Array)
211 211 module_names.each do |name|
212 212 enabled_modules << EnabledModule.new(:name => name.to_s)
213 213 end
214 214 end
215 215
216 216 protected
217 217 def validate
218 218 errors.add(parent_id, " must be a root project") if parent and parent.parent
219 219 errors.add_to_base("A project with subprojects can't be a subproject") if parent and children.size > 0
220 errors.add(:identifier, :activerecord_error_invalid) if !identifier.blank? && identifier.match(/^\d*$/)
220 221 end
221 222
222 223 private
223 224 def allowed_permissions
224 225 @allowed_permissions ||= begin
225 226 module_names = enabled_modules.collect {|m| m.name}
226 227 Redmine::AccessControl.modules_permissions(module_names).collect {|p| p.name}
227 228 end
228 229 end
229 230
230 231 def allowed_actions
231 232 @actions_allowed ||= allowed_permissions.inject([]) { |actions, permission| actions += Redmine::AccessControl.allowed_actions(permission) }.flatten
232 233 end
233 234 end
General Comments 0
You need to be logged in to leave comments. Login now