##// END OF EJS Templates
jro_apps » redmine
RSS
Use safe_attributes= just like in #create....
Jean-Philippe Lang -
r9015:0ee1de568697
parent child
Show More
Side by Side Unified
Context file:
r9015:0ee1de568697 Loading diff...:
Show file before | Show file after | Hide comments
@@ -1,256 +1,257
1 1 # Redmine - project management software
2 2 # Copyright (C) 2006-2011 Jean-Philippe Lang
3 3 #
4 4 # This program is free software; you can redistribute it and/or
5 5 # modify it under the terms of the GNU General Public License
6 6 # as published by the Free Software Foundation; either version 2
7 7 # of the License, or (at your option) any later version.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU General Public License
15 15 # along with this program; if not, write to the Free Software
16 16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17 17
18 18 class ProjectsController < ApplicationController
19 19 menu_item :overview
20 20 menu_item :roadmap, :only => :roadmap
21 21 menu_item :settings, :only => :settings
22 22
23 23 before_filter :find_project, :except => [ :index, :list, :new, :create, :copy ]
24 24 before_filter :authorize, :except => [ :index, :list, :new, :create, :copy, :archive, :unarchive, :destroy]
25 25 before_filter :authorize_global, :only => [:new, :create]
26 26 before_filter :require_admin, :only => [ :copy, :archive, :unarchive, :destroy ]
27 27 accept_rss_auth :index
28 28 accept_api_auth :index, :show, :create, :update, :destroy
29 29
30 30 after_filter :only => [:create, :edit, :update, :archive, :unarchive, :destroy] do |controller|
31 31 if controller.request.post?
32 32 controller.send :expire_action, :controller => 'welcome', :action => 'robots'
33 33 end
34 34 end
35 35
36 36 helper :sort
37 37 include SortHelper
38 38 helper :custom_fields
39 39 include CustomFieldsHelper
40 40 helper :issues
41 41 helper :queries
42 42 include QueriesHelper
43 43 helper :repositories
44 44 include RepositoriesHelper
45 45 include ProjectsHelper
46 46
47 47 # Lists visible projects
48 48 def index
49 49 respond_to do |format|
50 50 format.html {
51 51 @projects = Project.visible.find(:all, :order => 'lft')
52 52 }
53 53 format.api {
54 54 @offset, @limit = api_offset_and_limit
55 55 @project_count = Project.visible.count
56 56 @projects = Project.visible.all(:offset => @offset, :limit => @limit, :order => 'lft')
57 57 }
58 58 format.atom {
59 59 projects = Project.visible.find(:all, :order => 'created_on DESC',
60 60 :limit => Setting.feeds_limit.to_i)
61 61 render_feed(projects, :title => "#{Setting.app_title}: #{l(:label_project_latest)}")
62 62 }
63 63 end
64 64 end
65 65
66 66 def new
67 67 @issue_custom_fields = IssueCustomField.find(:all, :order => "#{CustomField.table_name}.position")
68 68 @trackers = Tracker.all
69 @project = Project.new(params[:project])
69 @project = Project.new
70 @project.safe_attributes = params[:project]
70 71 end
71 72
72 73 def create
73 74 @issue_custom_fields = IssueCustomField.find(:all, :order => "#{CustomField.table_name}.position")
74 75 @trackers = Tracker.all
75 76 @project = Project.new
76 77 @project.safe_attributes = params[:project]
77 78
78 79 if validate_parent_id && @project.save
79 80 @project.set_allowed_parent!(params[:project]['parent_id']) if params[:project].has_key?('parent_id')
80 81 # Add current user as a project member if he is not admin
81 82 unless User.current.admin?
82 83 r = Role.givable.find_by_id(Setting.new_project_user_role_id.to_i) || Role.givable.first
83 84 m = Member.new(:user => User.current, :roles => [r])
84 85 @project.members << m
85 86 end
86 87 respond_to do |format|
87 88 format.html {
88 89 flash[:notice] = l(:notice_successful_create)
89 90 redirect_to(params[:continue] ?
90 91 {:controller => 'projects', :action => 'new', :project => {:parent_id => @project.parent_id}.reject {|k,v| v.nil?}} :
91 92 {:controller => 'projects', :action => 'settings', :id => @project}
92 93 )
93 94 }
94 95 format.api { render :action => 'show', :status => :created, :location => url_for(:controller => 'projects', :action => 'show', :id => @project.id) }
95 96 end
96 97 else
97 98 respond_to do |format|
98 99 format.html { render :action => 'new' }
99 100 format.api { render_validation_errors(@project) }
100 101 end
101 102 end
102 103
103 104 end
104 105
105 106 def copy
106 107 @issue_custom_fields = IssueCustomField.find(:all, :order => "#{CustomField.table_name}.position")
107 108 @trackers = Tracker.all
108 109 @root_projects = Project.find(:all,
109 110 :conditions => "parent_id IS NULL AND status = #{Project::STATUS_ACTIVE}",
110 111 :order => 'name')
111 112 @source_project = Project.find(params[:id])
112 113 if request.get?
113 114 @project = Project.copy_from(@source_project)
114 115 if @project
115 116 @project.identifier = Project.next_identifier if Setting.sequential_project_identifiers?
116 117 else
117 118 redirect_to :controller => 'admin', :action => 'projects'
118 119 end
119 120 else
120 121 Mailer.with_deliveries(params[:notifications] == '1') do
121 122 @project = Project.new
122 123 @project.safe_attributes = params[:project]
123 124 if validate_parent_id && @project.copy(@source_project, :only => params[:only])
124 125 @project.set_allowed_parent!(params[:project]['parent_id']) if params[:project].has_key?('parent_id')
125 126 flash[:notice] = l(:notice_successful_create)
126 127 redirect_to :controller => 'projects', :action => 'settings', :id => @project
127 128 elsif !@project.new_record?
128 129 # Project was created
129 130 # But some objects were not copied due to validation failures
130 131 # (eg. issues from disabled trackers)
131 132 # TODO: inform about that
132 133 redirect_to :controller => 'projects', :action => 'settings', :id => @project
133 134 end
134 135 end
135 136 end
136 137 rescue ActiveRecord::RecordNotFound
137 138 redirect_to :controller => 'admin', :action => 'projects'
138 139 end
139 140
140 141 # Show @project
141 142 def show
142 143 if params[:jump]
143 144 # try to redirect to the requested menu item
144 145 redirect_to_project_menu_item(@project, params[:jump]) && return
145 146 end
146 147
147 148 @users_by_role = @project.users_by_role
148 149 @subprojects = @project.children.visible.all
149 150 @news = @project.news.find(:all, :limit => 5, :include => [ :author, :project ], :order => "#{News.table_name}.created_on DESC")
150 151 @trackers = @project.rolled_up_trackers
151 152
152 153 cond = @project.project_condition(Setting.display_subprojects_issues?)
153 154
154 155 @open_issues_by_tracker = Issue.visible.count(:group => :tracker,
155 156 :include => [:project, :status, :tracker],
156 157 :conditions => ["(#{cond}) AND #{IssueStatus.table_name}.is_closed=?", false])
157 158 @total_issues_by_tracker = Issue.visible.count(:group => :tracker,
158 159 :include => [:project, :status, :tracker],
159 160 :conditions => cond)
160 161
161 162 if User.current.allowed_to?(:view_time_entries, @project)
162 163 @total_hours = TimeEntry.visible.sum(:hours, :include => :project, :conditions => cond).to_f
163 164 end
164 165
165 166 @key = User.current.rss_key
166 167
167 168 respond_to do |format|
168 169 format.html
169 170 format.api
170 171 end
171 172 end
172 173
173 174 def settings
174 175 @issue_custom_fields = IssueCustomField.find(:all, :order => "#{CustomField.table_name}.position")
175 176 @issue_category ||= IssueCategory.new
176 177 @member ||= @project.members.new
177 178 @trackers = Tracker.all
178 179 @wiki ||= @project.wiki
179 180 end
180 181
181 182 def edit
182 183 end
183 184
184 185 def update
185 186 @project.safe_attributes = params[:project]
186 187 if validate_parent_id && @project.save
187 188 @project.set_allowed_parent!(params[:project]['parent_id']) if params[:project].has_key?('parent_id')
188 189 respond_to do |format|
189 190 format.html {
190 191 flash[:notice] = l(:notice_successful_update)
191 192 redirect_to :action => 'settings', :id => @project
192 193 }
193 194 format.api { head :ok }
194 195 end
195 196 else
196 197 respond_to do |format|
197 198 format.html {
198 199 settings
199 200 render :action => 'settings'
200 201 }
201 202 format.api { render_validation_errors(@project) }
202 203 end
203 204 end
204 205 end
205 206
206 207 def modules
207 208 @project.enabled_module_names = params[:enabled_module_names]
208 209 flash[:notice] = l(:notice_successful_update)
209 210 redirect_to :action => 'settings', :id => @project, :tab => 'modules'
210 211 end
211 212
212 213 def archive
213 214 if request.post?
214 215 unless @project.archive
215 216 flash[:error] = l(:error_can_not_archive_project)
216 217 end
217 218 end
218 219 redirect_to(url_for(:controller => 'admin', :action => 'projects', :status => params[:status]))
219 220 end
220 221
221 222 def unarchive
222 223 @project.unarchive if request.post? && !@project.active?
223 224 redirect_to(url_for(:controller => 'admin', :action => 'projects', :status => params[:status]))
224 225 end
225 226
226 227 # Delete @project
227 228 def destroy
228 229 @project_to_destroy = @project
229 230 if api_request? || params[:confirm]
230 231 @project_to_destroy.destroy
231 232 respond_to do |format|
232 233 format.html { redirect_to :controller => 'admin', :action => 'projects' }
233 234 format.api { head :ok }
234 235 end
235 236 end
236 237 # hide project in layout
237 238 @project = nil
238 239 end
239 240
240 241 private
241 242
242 243 # Validates parent_id param according to user's permissions
243 244 # TODO: move it to Project model in a validation that depends on User.current
244 245 def validate_parent_id
245 246 return true if User.current.admin?
246 247 parent_id = params[:project] && params[:project][:parent_id]
247 248 if parent_id || @project.new_record?
248 249 parent = parent_id.blank? ? nil : Project.find_by_id(parent_id.to_i)
249 250 unless @project.allowed_parents.include?(parent)
250 251 @project.errors.add :parent_id, :invalid
251 252 return false
252 253 end
253 254 end
254 255 true
255 256 end
256 257 end
General Comments 0
You need to be logged in to leave comments. Login now