##// END OF EJS Templates
jro_apps » redmine
RSS
Accept key auth for ProjectsController#destroy (#6841)....
Jean-Philippe Lang -
r4329:3d6cb1435cdf
parent child
Show More
Side by Side Unified
Context file:
r4329:3d6cb1435cdf Loading diff...:
Show file before | Show file after | Hide comments
@@ -1,271 +1,271
1 1 # Redmine - project management software
2 2 # Copyright (C) 2006-2009 Jean-Philippe Lang
3 3 #
4 4 # This program is free software; you can redistribute it and/or
5 5 # modify it under the terms of the GNU General Public License
6 6 # as published by the Free Software Foundation; either version 2
7 7 # of the License, or (at your option) any later version.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU General Public License
15 15 # along with this program; if not, write to the Free Software
16 16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17 17
18 18 class ProjectsController < ApplicationController
19 19 menu_item :overview
20 20 menu_item :roadmap, :only => :roadmap
21 21 menu_item :settings, :only => :settings
22 22
23 23 before_filter :find_project, :except => [ :index, :list, :new, :create, :copy ]
24 24 before_filter :authorize, :except => [ :index, :list, :new, :create, :copy, :archive, :unarchive, :destroy]
25 25 before_filter :authorize_global, :only => [:new, :create]
26 26 before_filter :require_admin, :only => [ :copy, :archive, :unarchive, :destroy ]
27 accept_key_auth :index, :create, :update
27 accept_key_auth :index, :create, :update, :destroy
28 28
29 29 after_filter :only => [:create, :edit, :update, :archive, :unarchive, :destroy] do |controller|
30 30 if controller.request.post?
31 31 controller.send :expire_action, :controller => 'welcome', :action => 'robots.txt'
32 32 end
33 33 end
34 34
35 35 # TODO: convert to PUT only
36 36 verify :method => [:post, :put], :only => :update, :render => {:nothing => true, :status => :method_not_allowed }
37 37
38 38 helper :sort
39 39 include SortHelper
40 40 helper :custom_fields
41 41 include CustomFieldsHelper
42 42 helper :issues
43 43 helper :queries
44 44 include QueriesHelper
45 45 helper :repositories
46 46 include RepositoriesHelper
47 47 include ProjectsHelper
48 48
49 49 # Lists visible projects
50 50 def index
51 51 respond_to do |format|
52 52 format.html {
53 53 @projects = Project.visible.find(:all, :order => 'lft')
54 54 }
55 55 format.xml {
56 56 @projects = Project.visible.find(:all, :order => 'lft')
57 57 }
58 58 format.atom {
59 59 projects = Project.visible.find(:all, :order => 'created_on DESC',
60 60 :limit => Setting.feeds_limit.to_i)
61 61 render_feed(projects, :title => "#{Setting.app_title}: #{l(:label_project_latest)}")
62 62 }
63 63 end
64 64 end
65 65
66 66 def new
67 67 @issue_custom_fields = IssueCustomField.find(:all, :order => "#{CustomField.table_name}.position")
68 68 @trackers = Tracker.all
69 69 @project = Project.new(params[:project])
70 70
71 71 @project.identifier = Project.next_identifier if Setting.sequential_project_identifiers?
72 72 @project.trackers = Tracker.all
73 73 @project.is_public = Setting.default_projects_public?
74 74 @project.enabled_module_names = Setting.default_projects_modules
75 75 end
76 76
77 77 def create
78 78 @issue_custom_fields = IssueCustomField.find(:all, :order => "#{CustomField.table_name}.position")
79 79 @trackers = Tracker.all
80 80 @project = Project.new(params[:project])
81 81
82 82 @project.enabled_module_names = params[:enabled_modules]
83 83 if validate_parent_id && @project.save
84 84 @project.set_allowed_parent!(params[:project]['parent_id']) if params[:project].has_key?('parent_id')
85 85 # Add current user as a project member if he is not admin
86 86 unless User.current.admin?
87 87 r = Role.givable.find_by_id(Setting.new_project_user_role_id.to_i) || Role.givable.first
88 88 m = Member.new(:user => User.current, :roles => [r])
89 89 @project.members << m
90 90 end
91 91 respond_to do |format|
92 92 format.html {
93 93 flash[:notice] = l(:notice_successful_create)
94 94 redirect_to :controller => 'projects', :action => 'settings', :id => @project
95 95 }
96 96 format.xml { render :action => 'show', :status => :created, :location => url_for(:controller => 'projects', :action => 'show', :id => @project.id) }
97 97 end
98 98 else
99 99 respond_to do |format|
100 100 format.html { render :action => 'new' }
101 101 format.xml { render :xml => @project.errors, :status => :unprocessable_entity }
102 102 end
103 103 end
104 104
105 105 end
106 106
107 107 def copy
108 108 @issue_custom_fields = IssueCustomField.find(:all, :order => "#{CustomField.table_name}.position")
109 109 @trackers = Tracker.all
110 110 @root_projects = Project.find(:all,
111 111 :conditions => "parent_id IS NULL AND status = #{Project::STATUS_ACTIVE}",
112 112 :order => 'name')
113 113 @source_project = Project.find(params[:id])
114 114 if request.get?
115 115 @project = Project.copy_from(@source_project)
116 116 if @project
117 117 @project.identifier = Project.next_identifier if Setting.sequential_project_identifiers?
118 118 else
119 119 redirect_to :controller => 'admin', :action => 'projects'
120 120 end
121 121 else
122 122 Mailer.with_deliveries(params[:notifications] == '1') do
123 123 @project = Project.new(params[:project])
124 124 @project.enabled_module_names = params[:enabled_modules]
125 125 if validate_parent_id && @project.copy(@source_project, :only => params[:only])
126 126 @project.set_allowed_parent!(params[:project]['parent_id']) if params[:project].has_key?('parent_id')
127 127 flash[:notice] = l(:notice_successful_create)
128 128 redirect_to :controller => 'projects', :action => 'settings'
129 129 elsif !@project.new_record?
130 130 # Project was created
131 131 # But some objects were not copied due to validation failures
132 132 # (eg. issues from disabled trackers)
133 133 # TODO: inform about that
134 134 redirect_to :controller => 'projects', :action => 'settings'
135 135 end
136 136 end
137 137 end
138 138 rescue ActiveRecord::RecordNotFound
139 139 redirect_to :controller => 'admin', :action => 'projects'
140 140 end
141 141
142 142 # Show @project
143 143 def show
144 144 if params[:jump]
145 145 # try to redirect to the requested menu item
146 146 redirect_to_project_menu_item(@project, params[:jump]) && return
147 147 end
148 148
149 149 @users_by_role = @project.users_by_role
150 150 @subprojects = @project.children.visible
151 151 @news = @project.news.find(:all, :limit => 5, :include => [ :author, :project ], :order => "#{News.table_name}.created_on DESC")
152 152 @trackers = @project.rolled_up_trackers
153 153
154 154 cond = @project.project_condition(Setting.display_subprojects_issues?)
155 155
156 156 @open_issues_by_tracker = Issue.visible.count(:group => :tracker,
157 157 :include => [:project, :status, :tracker],
158 158 :conditions => ["(#{cond}) AND #{IssueStatus.table_name}.is_closed=?", false])
159 159 @total_issues_by_tracker = Issue.visible.count(:group => :tracker,
160 160 :include => [:project, :status, :tracker],
161 161 :conditions => cond)
162 162
163 163 TimeEntry.visible_by(User.current) do
164 164 @total_hours = TimeEntry.sum(:hours,
165 165 :include => :project,
166 166 :conditions => cond).to_f
167 167 end
168 168 @key = User.current.rss_key
169 169
170 170 respond_to do |format|
171 171 format.html
172 172 format.xml
173 173 end
174 174 end
175 175
176 176 def settings
177 177 @issue_custom_fields = IssueCustomField.find(:all, :order => "#{CustomField.table_name}.position")
178 178 @issue_category ||= IssueCategory.new
179 179 @member ||= @project.members.new
180 180 @trackers = Tracker.all
181 181 @repository ||= @project.repository
182 182 @wiki ||= @project.wiki
183 183 end
184 184
185 185 def edit
186 186 end
187 187
188 188 def update
189 189 @project.attributes = params[:project]
190 190 if validate_parent_id && @project.save
191 191 @project.set_allowed_parent!(params[:project]['parent_id']) if params[:project].has_key?('parent_id')
192 192 respond_to do |format|
193 193 format.html {
194 194 flash[:notice] = l(:notice_successful_update)
195 195 redirect_to :action => 'settings', :id => @project
196 196 }
197 197 format.xml { head :ok }
198 198 end
199 199 else
200 200 respond_to do |format|
201 201 format.html {
202 202 settings
203 203 render :action => 'settings'
204 204 }
205 205 format.xml { render :xml => @project.errors, :status => :unprocessable_entity }
206 206 end
207 207 end
208 208 end
209 209
210 210 def modules
211 211 @project.enabled_module_names = params[:enabled_modules]
212 212 flash[:notice] = l(:notice_successful_update)
213 213 redirect_to :action => 'settings', :id => @project, :tab => 'modules'
214 214 end
215 215
216 216 def archive
217 217 if request.post?
218 218 unless @project.archive
219 219 flash[:error] = l(:error_can_not_archive_project)
220 220 end
221 221 end
222 222 redirect_to(url_for(:controller => 'admin', :action => 'projects', :status => params[:status]))
223 223 end
224 224
225 225 def unarchive
226 226 @project.unarchive if request.post? && !@project.active?
227 227 redirect_to(url_for(:controller => 'admin', :action => 'projects', :status => params[:status]))
228 228 end
229 229
230 230 # Delete @project
231 231 def destroy
232 232 @project_to_destroy = @project
233 233 if request.get?
234 234 # display confirmation view
235 235 else
236 236 if params[:format] == 'xml' || params[:confirm]
237 237 @project_to_destroy.destroy
238 238 respond_to do |format|
239 239 format.html { redirect_to :controller => 'admin', :action => 'projects' }
240 240 format.xml { head :ok }
241 241 end
242 242 end
243 243 end
244 244 # hide project in layout
245 245 @project = nil
246 246 end
247 247
248 248 private
249 249 def find_optional_project
250 250 return true unless params[:id]
251 251 @project = Project.find(params[:id])
252 252 authorize
253 253 rescue ActiveRecord::RecordNotFound
254 254 render_404
255 255 end
256 256
257 257 # Validates parent_id param according to user's permissions
258 258 # TODO: move it to Project model in a validation that depends on User.current
259 259 def validate_parent_id
260 260 return true if User.current.admin?
261 261 parent_id = params[:project] && params[:project][:parent_id]
262 262 if parent_id || @project.new_record?
263 263 parent = parent_id.blank? ? nil : Project.find_by_id(parent_id.to_i)
264 264 unless @project.allowed_parents.include?(parent)
265 265 @project.errors.add :parent_id, :invalid
266 266 return false
267 267 end
268 268 end
269 269 true
270 270 end
271 271 end
Show file before | Show file after | Hide comments
@@ -1,120 +1,126
1 1 # Redmine - project management software
2 2 # Copyright (C) 2006-2010 Jean-Philippe Lang
3 3 #
4 4 # This program is free software; you can redistribute it and/or
5 5 # modify it under the terms of the GNU General Public License
6 6 # as published by the Free Software Foundation; either version 2
7 7 # of the License, or (at your option) any later version.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU General Public License
15 15 # along with this program; if not, write to the Free Software
16 16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17 17
18 18 require "#{File.dirname(__FILE__)}/../../test_helper"
19 19
20 20 class ApiTest::ProjectsTest < ActionController::IntegrationTest
21 21 fixtures :projects, :versions, :users, :roles, :members, :member_roles, :issues, :journals, :journal_details,
22 22 :trackers, :projects_trackers, :issue_statuses, :enabled_modules, :enumerations, :boards, :messages,
23 23 :attachments, :custom_fields, :custom_values, :time_entries
24 24
25 25 def setup
26 26 Setting.rest_api_enabled = '1'
27 27 end
28 28
29 29 def test_index
30 30 get '/projects.xml'
31 31 assert_response :success
32 32 assert_equal 'application/xml', @response.content_type
33 33 end
34
34
35 35 def test_show
36 36 get '/projects/1.xml'
37 37 assert_response :success
38 38 assert_equal 'application/xml', @response.content_type
39 39 assert_tag 'custom_field', :attributes => {:name => 'Development status'}, :content => 'Stable'
40 40 end
41 41
42 42 def test_show_should_not_display_hidden_custom_fields
43 43 ProjectCustomField.find_by_name('Development status').update_attribute :visible, false
44 44 get '/projects/1.xml'
45 45 assert_response :success
46 46 assert_equal 'application/xml', @response.content_type
47 47 assert_no_tag 'custom_field', :attributes => {:name => 'Development status'}
48 48 end
49 49
50 50 context "POST /projects.xml" do
51 51 should_allow_api_authentication(:post,
52 52 '/projects.xml',
53 53 {:project => {:name => 'API test', :identifier => 'api-test'}},
54 54 {:success_code => :created})
55 55
56 56 should "create a project with the attributes" do
57 57 assert_difference('Project.count') do
58 58 post '/projects.xml', {:project => {:name => 'API test', :identifier => 'api-test'}}, :authorization => credentials('admin')
59 59 end
60 60
61 61 project = Project.first(:order => 'id DESC')
62 62 assert_equal 'API test', project.name
63 63 assert_equal 'api-test', project.identifier
64 64
65 65 assert_response :created
66 66 assert_equal 'application/xml', @response.content_type
67 67 assert_tag 'project', :child => {:tag => 'id', :content => project.id.to_s}
68 68 end
69 69 end
70 70
71 71 def test_create_failure
72 72 attributes = {:name => 'API test'}
73 73 assert_no_difference 'Project.count' do
74 74 post '/projects.xml', {:project => attributes}, :authorization => credentials('admin')
75 75 end
76 76 assert_response :unprocessable_entity
77 77 assert_equal 'application/xml', @response.content_type
78 78 assert_tag :errors, :child => {:tag => 'error', :content => "Identifier can't be blank"}
79 79 end
80 80
81 81 context "PUT /projects/2.xml" do
82 82 should_allow_api_authentication(:put,
83 83 '/projects/2.xml',
84 84 {:project => {:name => 'API test'}},
85 85 {:success_code => :ok})
86 86
87 87 should "update the project" do
88 88 assert_no_difference 'Project.count' do
89 89 put '/projects/2.xml', {:project => {:name => 'API update'}}, :authorization => credentials('jsmith')
90 90 end
91 91 assert_response :ok
92 92 assert_equal 'application/xml', @response.content_type
93 93 project = Project.find(2)
94 94 assert_equal 'API update', project.name
95 95 end
96 96 end
97 97
98 98 def test_update_failure
99 99 attributes = {:name => ''}
100 100 assert_no_difference 'Project.count' do
101 101 put '/projects/1.xml', {:project => attributes}, :authorization => credentials('jsmith')
102 102 end
103 103 assert_response :unprocessable_entity
104 104 assert_equal 'application/xml', @response.content_type
105 105 assert_tag :errors, :child => {:tag => 'error', :content => "Name can't be blank"}
106 106 end
107
108 def test_destroy
109 assert_difference 'Project.count', -1 do
110 delete '/projects/2.xml', {}, :authorization => credentials('admin')
107
108 context "DELETE /projects/2.xml" do
109 should_allow_api_authentication(:delete,
110 '/projects/2.xml',
111 {},
112 {:success_code => :ok})
113
114 should "delete the project" do
115 assert_difference('Project.count',-1) do
116 delete '/projects/2.xml', {}, :authorization => credentials('admin')
117 end
118 assert_response :ok
119 assert_nil Project.find_by_id(2)
111 120 end
112 assert_response :ok
113 assert_equal 'application/xml', @response.content_type
114 assert_nil Project.find_by_id(2)
115 121 end
116 122
117 123 def credentials(user, password=nil)
118 124 ActionController::HttpAuthentication::Basic.encode_credentials(user, password || user)
119 125 end
120 126 end
General Comments 0
You need to be logged in to leave comments. Login now