jro_apps/redmine Commit - r672:1187ad96ac49

1

# redMine - project management software

1

# redMine - project management software

2

3

#

3

#

4

# This program is free software; you can redistribute it and/or

4

# This program is free software; you can redistribute it and/or

5

# modify it under the terms of the GNU General Public License

5

# modify it under the terms of the GNU General Public License

6

# as published by the Free Software Foundation; either version 2

6

# as published by the Free Software Foundation; either version 2

7

# of the License, or (at your option) any later version.

7

# of the License, or (at your option) any later version.

8

#

8

#

9

# This program is distributed in the hope that it will be useful,

9

# This program is distributed in the hope that it will be useful,

10

# but WITHOUT ANY WARRANTY; without even the implied warranty of

10

# but WITHOUT ANY WARRANTY; without even the implied warranty of

11

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

11

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

12

# GNU General Public License for more details.

12

# GNU General Public License for more details.

13

#

13

#

14

# You should have received a copy of the GNU General Public License

14

# You should have received a copy of the GNU General Public License

15

# along with this program; if not, write to the Free Software

15

# along with this program; if not, write to the Free Software

16

# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.

16

# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.

17

18

class ApplicationController < ActionController::Base

18

class ApplicationController < ActionController::Base

19

before_filter :user_setup, :check_if_login_required, :set_localization

19

before_filter :user_setup, :check_if_login_required, :set_localization

20

filter_parameter_logging :password

20

filter_parameter_logging :password

21

22

REDMINE_SUPPORTED_SCM.each do |scm|

22

REDMINE_SUPPORTED_SCM.each do |scm|

23

require_dependency "repository/#{scm.underscore}"

23

require_dependency "repository/#{scm.underscore}"

24

end

24

end

25

26

def logged_in_user

26

def logged_in_user

27

User.current.logged? ? User.current : nil

27

User.current.logged? ? User.current : nil

28

end

28

end

29

30

def current_role

30

def current_role

31

@current_role ||= User.current.role_for_project(@project)

31

@current_role ||= User.current.role_for_project(@project)

32

end

32

end

33

34

def user_setup

34

def user_setup

35

if session[:user_id]

35

if session[:user_id]

36

# existing session

36

# existing session

37

User.current = User.find(session[:user_id])

37

User.current = User.find(session[:user_id])

38

elsif cookies[:autologin] && Setting.autologin?

38

elsif cookies[:autologin] && Setting.autologin?

39

# auto-login feature

39

# auto-login feature

40

User.current = User.find_by_autologin_key(autologin~~_key~~)

40

User.current = User.find_by_autologin_key(cookies[:autologin])

41

elsif params[:key] && accept_key_auth_actions.include?(params[:action])

41

elsif params[:key] && accept_key_auth_actions.include?(params[:action])

42

# RSS key authentication

42

# RSS key authentication

43

User.current = User.find_by_rss_key(params[:key])

43

User.current = User.find_by_rss_key(params[:key])

44

else

44

else

45

User.current = User.anonymous

45

User.current = User.anonymous

46

end

46

end

47

end

47

end

48

49

# check if login is globally required to access the application

49

# check if login is globally required to access the application

50

def check_if_login_required

50

def check_if_login_required

51

# no check needed if user is already logged in

51

# no check needed if user is already logged in

52

return true if User.current.logged?

52

return true if User.current.logged?

53

require_login if Setting.login_required?

53

require_login if Setting.login_required?

54

end

54

end

55

56

def set_localization

56

def set_localization

57

lang = begin

57

lang = begin

58

if !User.current.language.blank? and GLoc.valid_languages.include? User.current.language.to_sym

58

if !User.current.language.blank? and GLoc.valid_languages.include? User.current.language.to_sym

59

User.current.language

59

User.current.language

60

elsif request.env['HTTP_ACCEPT_LANGUAGE']

60

elsif request.env['HTTP_ACCEPT_LANGUAGE']

61

accept_lang = parse_qvalues(request.env['HTTP_ACCEPT_LANGUAGE']).first.split('-').first

61

accept_lang = parse_qvalues(request.env['HTTP_ACCEPT_LANGUAGE']).first.split('-').first

62

if accept_lang and !accept_lang.empty? and GLoc.valid_languages.include? accept_lang.to_sym

62

if accept_lang and !accept_lang.empty? and GLoc.valid_languages.include? accept_lang.to_sym

63

accept_lang

63

accept_lang

64

end

64

end

65

end

65

end

66

rescue

66

rescue

67

nil

67

nil

68

end || Setting.default_language

68

end || Setting.default_language

69

set_language_if_valid(lang)

69

set_language_if_valid(lang)

70

end

70

end

71

72

def require_login

72

def require_login

73

if !User.current.logged?

73

if !User.current.logged?

74

store_location

74

store_location

75

redirect_to :controller => "account", :action => "login"

75

redirect_to :controller => "account", :action => "login"

76

return false

76

return false

77

end

77

end

78

true

78

true

79

end

79

end

80

81

def require_admin

81

def require_admin

82

return unless require_login

82

return unless require_login

83

if !User.current.admin?

83

if !User.current.admin?

84

render_403

84

render_403

85

return false

85

return false

86

end

86

end

87

true

87

true

88

end

88

end

89

90

# Authorize the user for the requested action

90

# Authorize the user for the requested action

91

def authorize(ctrl = params[:controller], action = params[:action])

91

def authorize(ctrl = params[:controller], action = params[:action])

92

allowed = User.current.allowed_to?({:controller => ctrl, :action => action}, @project)

92

allowed = User.current.allowed_to?({:controller => ctrl, :action => action}, @project)

93

allowed ? true : (User.current.logged? ? render_403 : require_login)

93

allowed ? true : (User.current.logged? ? render_403 : require_login)

94

end

94

end

95

96

# make sure that the user is a member of the project (or admin) if project is private

96

# make sure that the user is a member of the project (or admin) if project is private

97

# used as a before_filter for actions that do not require any particular permission on the project

97

# used as a before_filter for actions that do not require any particular permission on the project

98

def check_project_privacy

98

def check_project_privacy

99

unless @project.active?

99

unless @project.active?

100

@project = nil

100

@project = nil

101

render_404

101

render_404

102

return false

102

return false

103

end

103

end

104

return true if @project.is_public? || User.current.member_of?(@project) || User.current.admin?

104

return true if @project.is_public? || User.current.member_of?(@project) || User.current.admin?

105

User.current.logged? ? render_403 : require_login

105

User.current.logged? ? render_403 : require_login

106

end

106

end

107

108

# store current uri in session.

108

# store current uri in session.

109

# return to this location by calling redirect_back_or_default

109

# return to this location by calling redirect_back_or_default

110

def store_location

110

def store_location

111

session[:return_to_params] = params

111

session[:return_to_params] = params

112

end

112

end

113

114

# move to the last store_location call or to the passed default one

114

# move to the last store_location call or to the passed default one

115

def redirect_back_or_default(default)

115

def redirect_back_or_default(default)

116

if session[:return_to_params].nil?

116

if session[:return_to_params].nil?

117

redirect_to default

117

redirect_to default

118

else

118

else

119

redirect_to session[:return_to_params]

119

redirect_to session[:return_to_params]

120

session[:return_to_params] = nil

120

session[:return_to_params] = nil

121

end

121

end

122

end

122

end

123

124

def render_403

124

def render_403

125

@html_title = "403"

125

@html_title = "403"

126

@project = nil

126

@project = nil

127

render :template => "common/403", :layout => true, :status => 403

127

render :template => "common/403", :layout => true, :status => 403

128

return false

128

return false

129

end

129

end

130

131

def render_404

131

def render_404

132

@html_title = "404"

132

@html_title = "404"

133

render :template => "common/404", :layout => true, :status => 404

133

render :template => "common/404", :layout => true, :status => 404

134

return false

134

return false

135

end

135

end

136

137

def render_feed(items, options={})

137

def render_feed(items, options={})

138

@items = items.sort {|x,y| y.event_datetime <=> x.event_datetime }

138

@items = items.sort {|x,y| y.event_datetime <=> x.event_datetime }

139

@title = options[:title] || Setting.app_title

139

@title = options[:title] || Setting.app_title

140

render :template => "common/feed.atom.rxml", :layout => false, :content_type => 'application/atom+xml'

140

render :template => "common/feed.atom.rxml", :layout => false, :content_type => 'application/atom+xml'

141

end

141

end

142

143

def self.accept_key_auth(*actions)

143

def self.accept_key_auth(*actions)

144

actions = actions.flatten.map(&:to_s)

144

actions = actions.flatten.map(&:to_s)

145

write_inheritable_attribute('accept_key_auth_actions', actions)

145

write_inheritable_attribute('accept_key_auth_actions', actions)

146

end

146

end

147

148

def accept_key_auth_actions

148

def accept_key_auth_actions

149

self.class.read_inheritable_attribute('accept_key_auth_actions') || []

149

self.class.read_inheritable_attribute('accept_key_auth_actions') || []

150

end

150

end

151

152

# qvalues http header parser

152

# qvalues http header parser

153

# code taken from webrick

153

# code taken from webrick

154

def parse_qvalues(value)

154

def parse_qvalues(value)

155

tmp = []

155

tmp = []

156

if value

156

if value

157

parts = value.split(/,\s*/)

157

parts = value.split(/,\s*/)

158

parts.each {|part|

158

parts.each {|part|

159

if m = %r{^([^\s,]+?)(?:;\s*q=(\d+(?:\.\d+)?))?$}.match(part)

159

if m = %r{^([^\s,]+?)(?:;\s*q=(\d+(?:\.\d+)?))?$}.match(part)

160

val = m[1]

160

val = m[1]

161

q = (m[2] or 1).to_f

161

q = (m[2] or 1).to_f

162

tmp.push([val, q])

162

tmp.push([val, q])

163

end

163

end

164

}

164

}

165

tmp = tmp.sort_by{|val, q| -q}

165

tmp = tmp.sort_by{|val, q| -q}

166

tmp.collect!{|val, q| val}

166

tmp.collect!{|val, q| val}

167

end

167

end

168

return tmp

168

return tmp

169

end

169

end

170

end

170

end

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

             # redMine - project management software
             # Copyright (C) 2006-2007  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             class ApplicationController < ActionController::Base
               before_filter :user_setup, :check_if_login_required, :set_localization
               filter_parameter_logging :password
               REDMINE_SUPPORTED_SCM.each do |scm|
                 require_dependency "repository/#{scm.underscore}"
               end
               def logged_in_user
                 User.current.logged? ? User.current : nil
               end
               def current_role
                 @current_role ||= User.current.role_for_project(@project)
               end
               def user_setup
                 if session[:user_id]
                   # existing session
                   User.current = User.find(session[:user_id])
                 elsif cookies[:autologin] && Setting.autologin?
                   # auto-login feature
-                  User.current = User.find_by_autologin_key(autologin_key)
+                  User.current = User.find_by_autologin_key(cookies[:autologin])
                 elsif params[:key] && accept_key_auth_actions.include?(params[:action])
                   # RSS key authentication
                   User.current = User.find_by_rss_key(params[:key])
                 else
                   User.current = User.anonymous
                 end
               end
               # check if login is globally required to access the application
               def check_if_login_required
                 # no check needed if user is already logged in
                 return true if User.current.logged?
                 require_login if Setting.login_required?
               end
               def set_localization
                 lang = begin
                   if !User.current.language.blank? and GLoc.valid_languages.include? User.current.language.to_sym
                     User.current.language
                   elsif request.env['HTTP_ACCEPT_LANGUAGE']
                     accept_lang = parse_qvalues(request.env['HTTP_ACCEPT_LANGUAGE']).first.split('-').first
                     if accept_lang and !accept_lang.empty? and GLoc.valid_languages.include? accept_lang.to_sym
                       accept_lang
                     end
                   end
                 rescue
                   nil
                 end || Setting.default_language
                 set_language_if_valid(lang)
               end
               def require_login
                 if !User.current.logged?
                   store_location
                   redirect_to :controller => "account", :action => "login"
                   return false
                 end
                 true
               end
               def require_admin
                 return unless require_login
                 if !User.current.admin?
                   render_403
                   return false
                 end
                 true
               end
               # Authorize the user for the requested action
               def authorize(ctrl = params[:controller], action = params[:action])
                 allowed = User.current.allowed_to?({:controller => ctrl, :action => action}, @project)
                 allowed ? true : (User.current.logged? ? render_403 : require_login)
               end
               # make sure that the user is a member of the project (or admin) if project is private
               # used as a before_filter for actions that do not require any particular permission on the project
               def check_project_privacy
                 unless @project.active?
                   @project = nil
                   render_404
                   return false
                 end
                 return true if @project.is_public? || User.current.member_of?(@project) || User.current.admin?
                 User.current.logged? ? render_403 : require_login
               end
               # store current uri in session.
               # return to this location by calling redirect_back_or_default
               def store_location
                 session[:return_to_params] = params
               end
               # move to the last store_location call or to the passed default one
               def redirect_back_or_default(default)
                 if session[:return_to_params].nil?
                   redirect_to default
                 else
                   redirect_to session[:return_to_params]
                   session[:return_to_params] = nil
                 end
               end
               def render_403
                 @html_title = "403"
                 @project = nil
                 render :template => "common/403", :layout => true, :status => 403
                 return false
               end
               def render_404
                 @html_title = "404"
                 render :template => "common/404", :layout => true, :status => 404
                 return false
               end
               def render_feed(items, options={})
                 @items = items.sort {|x,y| y.event_datetime <=> x.event_datetime }
                 @title = options[:title] || Setting.app_title
                 render :template => "common/feed.atom.rxml", :layout => false, :content_type => 'application/atom+xml'
               end
               def self.accept_key_auth(*actions)
                 actions = actions.flatten.map(&:to_s)
                 write_inheritable_attribute('accept_key_auth_actions', actions)
               end
               def accept_key_auth_actions
                 self.class.read_inheritable_attribute('accept_key_auth_actions') || []
               end
               # qvalues http header parser
               # code taken from webrick
               def parse_qvalues(value)
                 tmp = []
                 if value
                   parts = value.split(/,\s*/)
                   parts.each {|part|
                     if m = %r{^([^\s,]+?)(?:;\s*q=(\d+(?:\.\d+)?))?$}.match(part)
                       val = m[1]
                       q = (m[2] or 1).to_f
                       tmp.push([val, q])
                     end
                   }
                   tmp = tmp.sort_by{|val, q| -q}
                   tmp.collect!{|val, q| val}
                 end
                 return tmp
               end
             end