##// END OF EJS Templates
jro_apps » redmine
RSS
Splitted #find_issues filter in ApplicationController to #find_issues and #check_project_uniqueness (#5332)...
Jean-Baptiste Barth -
r4114:4853dd97fd5a
parent child
Show More
Side by Side Unified
Context file:
r4114:4853dd97fd5a Loading diff...:
Show file before | Show file after | Hide comments
@@ -1,412 +1,415
1 1 # redMine - project management software
2 2 # Copyright (C) 2006-2007 Jean-Philippe Lang
3 3 #
4 4 # This program is free software; you can redistribute it and/or
5 5 # modify it under the terms of the GNU General Public License
6 6 # as published by the Free Software Foundation; either version 2
7 7 # of the License, or (at your option) any later version.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU General Public License
15 15 # along with this program; if not, write to the Free Software
16 16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17 17
18 18 require 'uri'
19 19 require 'cgi'
20 20
21 21 class ApplicationController < ActionController::Base
22 22 include Redmine::I18n
23 23
24 24 layout 'base'
25 25 exempt_from_layout 'builder'
26 26
27 27 # Remove broken cookie after upgrade from 0.8.x (#4292)
28 28 # See https://rails.lighthouseapp.com/projects/8994/tickets/3360
29 29 # TODO: remove it when Rails is fixed
30 30 before_filter :delete_broken_cookies
31 31 def delete_broken_cookies
32 32 if cookies['_redmine_session'] && cookies['_redmine_session'] !~ /--/
33 33 cookies.delete '_redmine_session'
34 34 redirect_to home_path
35 35 return false
36 36 end
37 37 end
38 38
39 39 before_filter :user_setup, :check_if_login_required, :set_localization
40 40 filter_parameter_logging :password
41 41 protect_from_forgery
42 42
43 43 rescue_from ActionController::InvalidAuthenticityToken, :with => :invalid_authenticity_token
44 44
45 45 include Redmine::Search::Controller
46 46 include Redmine::MenuManager::MenuController
47 47 helper Redmine::MenuManager::MenuHelper
48 48
49 49 Redmine::Scm::Base.all.each do |scm|
50 50 require_dependency "repository/#{scm.underscore}"
51 51 end
52 52
53 53 def user_setup
54 54 # Check the settings cache for each request
55 55 Setting.check_cache
56 56 # Find the current user
57 57 User.current = find_current_user
58 58 end
59 59
60 60 # Returns the current user or nil if no user is logged in
61 61 # and starts a session if needed
62 62 def find_current_user
63 63 if session[:user_id]
64 64 # existing session
65 65 (User.active.find(session[:user_id]) rescue nil)
66 66 elsif cookies[:autologin] && Setting.autologin?
67 67 # auto-login feature starts a new session
68 68 user = User.try_to_autologin(cookies[:autologin])
69 69 session[:user_id] = user.id if user
70 70 user
71 71 elsif params[:format] == 'atom' && params[:key] && accept_key_auth_actions.include?(params[:action])
72 72 # RSS key authentication does not start a session
73 73 User.find_by_rss_key(params[:key])
74 74 elsif Setting.rest_api_enabled? && ['xml', 'json'].include?(params[:format])
75 75 if params[:key].present? && accept_key_auth_actions.include?(params[:action])
76 76 # Use API key
77 77 User.find_by_api_key(params[:key])
78 78 else
79 79 # HTTP Basic, either username/password or API key/random
80 80 authenticate_with_http_basic do |username, password|
81 81 User.try_to_login(username, password) || User.find_by_api_key(username)
82 82 end
83 83 end
84 84 end
85 85 end
86 86
87 87 # Sets the logged in user
88 88 def logged_user=(user)
89 89 reset_session
90 90 if user && user.is_a?(User)
91 91 User.current = user
92 92 session[:user_id] = user.id
93 93 else
94 94 User.current = User.anonymous
95 95 end
96 96 end
97 97
98 98 # check if login is globally required to access the application
99 99 def check_if_login_required
100 100 # no check needed if user is already logged in
101 101 return true if User.current.logged?
102 102 require_login if Setting.login_required?
103 103 end
104 104
105 105 def set_localization
106 106 lang = nil
107 107 if User.current.logged?
108 108 lang = find_language(User.current.language)
109 109 end
110 110 if lang.nil? && request.env['HTTP_ACCEPT_LANGUAGE']
111 111 accept_lang = parse_qvalues(request.env['HTTP_ACCEPT_LANGUAGE']).first
112 112 if !accept_lang.blank?
113 113 accept_lang = accept_lang.downcase
114 114 lang = find_language(accept_lang) || find_language(accept_lang.split('-').first)
115 115 end
116 116 end
117 117 lang ||= Setting.default_language
118 118 set_language_if_valid(lang)
119 119 end
120 120
121 121 def require_login
122 122 if !User.current.logged?
123 123 # Extract only the basic url parameters on non-GET requests
124 124 if request.get?
125 125 url = url_for(params)
126 126 else
127 127 url = url_for(:controller => params[:controller], :action => params[:action], :id => params[:id], :project_id => params[:project_id])
128 128 end
129 129 respond_to do |format|
130 130 format.html { redirect_to :controller => "account", :action => "login", :back_url => url }
131 131 format.atom { redirect_to :controller => "account", :action => "login", :back_url => url }
132 132 format.xml { head :unauthorized, 'WWW-Authenticate' => 'Basic realm="Redmine API"' }
133 133 format.js { head :unauthorized, 'WWW-Authenticate' => 'Basic realm="Redmine API"' }
134 134 format.json { head :unauthorized, 'WWW-Authenticate' => 'Basic realm="Redmine API"' }
135 135 end
136 136 return false
137 137 end
138 138 true
139 139 end
140 140
141 141 def require_admin
142 142 return unless require_login
143 143 if !User.current.admin?
144 144 render_403
145 145 return false
146 146 end
147 147 true
148 148 end
149 149
150 150 def deny_access
151 151 User.current.logged? ? render_403 : require_login
152 152 end
153 153
154 154 # Authorize the user for the requested action
155 155 def authorize(ctrl = params[:controller], action = params[:action], global = false)
156 156 allowed = User.current.allowed_to?({:controller => ctrl, :action => action}, @project, :global => global)
157 157 allowed ? true : deny_access
158 158 end
159 159
160 160 # Authorize the user for the requested action outside a project
161 161 def authorize_global(ctrl = params[:controller], action = params[:action], global = true)
162 162 authorize(ctrl, action, global)
163 163 end
164 164
165 165 # Find project of id params[:id]
166 166 def find_project
167 167 @project = Project.find(params[:id])
168 168 rescue ActiveRecord::RecordNotFound
169 169 render_404
170 170 end
171 171
172 172 # Find project of id params[:project_id]
173 173 def find_project_by_project_id
174 174 @project = Project.find(params[:project_id])
175 175 rescue ActiveRecord::RecordNotFound
176 176 render_404
177 177 end
178 178
179 179 # Find a project based on params[:project_id]
180 180 # TODO: some subclasses override this, see about merging their logic
181 181 def find_optional_project
182 182 @project = Project.find(params[:project_id]) unless params[:project_id].blank?
183 183 allowed = User.current.allowed_to?({:controller => params[:controller], :action => params[:action]}, @project, :global => true)
184 184 allowed ? true : deny_access
185 185 rescue ActiveRecord::RecordNotFound
186 186 render_404
187 187 end
188 188
189 189 # Finds and sets @project based on @object.project
190 190 def find_project_from_association
191 191 render_404 unless @object.present?
192 192
193 193 @project = @object.project
194 194 rescue ActiveRecord::RecordNotFound
195 195 render_404
196 196 end
197 197
198 198 def find_model_object
199 199 model = self.class.read_inheritable_attribute('model_object')
200 200 if model
201 201 @object = model.find(params[:id])
202 202 self.instance_variable_set('@' + controller_name.singularize, @object) if @object
203 203 end
204 204 rescue ActiveRecord::RecordNotFound
205 205 render_404
206 206 end
207 207
208 208 def self.model_object(model)
209 209 write_inheritable_attribute('model_object', model)
210 210 end
211 211
212 212 # Filter for bulk issue operations
213 213 def find_issues
214 214 @issues = Issue.find_all_by_id(params[:id] || params[:ids])
215 215 raise ActiveRecord::RecordNotFound if @issues.empty?
216 projects = @issues.collect(&:project).compact.uniq
217 if projects.size == 1
218 @project = projects.first
219 else
216 @projects = @issues.collect(&:project).compact.uniq
217 @project = @projects.first if @projects.size == 1
218 rescue ActiveRecord::RecordNotFound
219 render_404
220 end
221
222 # Check if project is unique before bulk operations
223 def check_project_uniqueness
224 unless @project
220 225 # TODO: let users bulk edit/move/destroy issues from different projects
221 226 render_error 'Can not bulk edit/move/destroy issues from different projects'
222 227 return false
223 228 end
224 rescue ActiveRecord::RecordNotFound
225 render_404
226 229 end
227 230
228 231 # make sure that the user is a member of the project (or admin) if project is private
229 232 # used as a before_filter for actions that do not require any particular permission on the project
230 233 def check_project_privacy
231 234 if @project && @project.active?
232 235 if @project.is_public? || User.current.member_of?(@project) || User.current.admin?
233 236 true
234 237 else
235 238 User.current.logged? ? render_403 : require_login
236 239 end
237 240 else
238 241 @project = nil
239 242 render_404
240 243 false
241 244 end
242 245 end
243 246
244 247 def back_url
245 248 params[:back_url] || request.env['HTTP_REFERER']
246 249 end
247 250
248 251 def redirect_back_or_default(default)
249 252 back_url = CGI.unescape(params[:back_url].to_s)
250 253 if !back_url.blank?
251 254 begin
252 255 uri = URI.parse(back_url)
253 256 # do not redirect user to another host or to the login or register page
254 257 if (uri.relative? || (uri.host == request.host)) && !uri.path.match(%r{/(login|account/register)})
255 258 redirect_to(back_url)
256 259 return
257 260 end
258 261 rescue URI::InvalidURIError
259 262 # redirect to default
260 263 end
261 264 end
262 265 redirect_to default
263 266 end
264 267
265 268 def render_403
266 269 @project = nil
267 270 respond_to do |format|
268 271 format.html { render :template => "common/403", :layout => use_layout, :status => 403 }
269 272 format.atom { head 403 }
270 273 format.xml { head 403 }
271 274 format.js { head 403 }
272 275 format.json { head 403 }
273 276 end
274 277 return false
275 278 end
276 279
277 280 def render_404
278 281 respond_to do |format|
279 282 format.html { render :template => "common/404", :layout => use_layout, :status => 404 }
280 283 format.atom { head 404 }
281 284 format.xml { head 404 }
282 285 format.js { head 404 }
283 286 format.json { head 404 }
284 287 end
285 288 return false
286 289 end
287 290
288 291 def render_error(msg)
289 292 respond_to do |format|
290 293 format.html {
291 294 flash.now[:error] = msg
292 295 render :text => '', :layout => use_layout, :status => 500
293 296 }
294 297 format.atom { head 500 }
295 298 format.xml { head 500 }
296 299 format.js { head 500 }
297 300 format.json { head 500 }
298 301 end
299 302 end
300 303
301 304 # Picks which layout to use based on the request
302 305 #
303 306 # @return [boolean, string] name of the layout to use or false for no layout
304 307 def use_layout
305 308 request.xhr? ? false : 'base'
306 309 end
307 310
308 311 def invalid_authenticity_token
309 312 if api_request?
310 313 logger.error "Form authenticity token is missing or is invalid. API calls must include a proper Content-type header (text/xml or text/json)."
311 314 end
312 315 render_error "Invalid form authenticity token."
313 316 end
314 317
315 318 def render_feed(items, options={})
316 319 @items = items || []
317 320 @items.sort! {|x,y| y.event_datetime <=> x.event_datetime }
318 321 @items = @items.slice(0, Setting.feeds_limit.to_i)
319 322 @title = options[:title] || Setting.app_title
320 323 render :template => "common/feed.atom.rxml", :layout => false, :content_type => 'application/atom+xml'
321 324 end
322 325
323 326 def self.accept_key_auth(*actions)
324 327 actions = actions.flatten.map(&:to_s)
325 328 write_inheritable_attribute('accept_key_auth_actions', actions)
326 329 end
327 330
328 331 def accept_key_auth_actions
329 332 self.class.read_inheritable_attribute('accept_key_auth_actions') || []
330 333 end
331 334
332 335 # Returns the number of objects that should be displayed
333 336 # on the paginated list
334 337 def per_page_option
335 338 per_page = nil
336 339 if params[:per_page] && Setting.per_page_options_array.include?(params[:per_page].to_s.to_i)
337 340 per_page = params[:per_page].to_s.to_i
338 341 session[:per_page] = per_page
339 342 elsif session[:per_page]
340 343 per_page = session[:per_page]
341 344 else
342 345 per_page = Setting.per_page_options_array.first || 25
343 346 end
344 347 per_page
345 348 end
346 349
347 350 # qvalues http header parser
348 351 # code taken from webrick
349 352 def parse_qvalues(value)
350 353 tmp = []
351 354 if value
352 355 parts = value.split(/,\s*/)
353 356 parts.each {|part|
354 357 if m = %r{^([^\s,]+?)(?:;\s*q=(\d+(?:\.\d+)?))?$}.match(part)
355 358 val = m[1]
356 359 q = (m[2] or 1).to_f
357 360 tmp.push([val, q])
358 361 end
359 362 }
360 363 tmp = tmp.sort_by{|val, q| -q}
361 364 tmp.collect!{|val, q| val}
362 365 end
363 366 return tmp
364 367 rescue
365 368 nil
366 369 end
367 370
368 371 # Returns a string that can be used as filename value in Content-Disposition header
369 372 def filename_for_content_disposition(name)
370 373 request.env['HTTP_USER_AGENT'] =~ %r{MSIE} ? ERB::Util.url_encode(name) : name
371 374 end
372 375
373 376 def api_request?
374 377 %w(xml json).include? params[:format]
375 378 end
376 379
377 380 # Renders a warning flash if obj has unsaved attachments
378 381 def render_attachment_warning_if_needed(obj)
379 382 flash[:warning] = l(:warning_attachments_not_saved, obj.unsaved_attachments.size) if obj.unsaved_attachments.present?
380 383 end
381 384
382 385 # Sets the `flash` notice or error based the number of issues that did not save
383 386 #
384 387 # @param [Array, Issue] issues all of the saved and unsaved Issues
385 388 # @param [Array, Integer] unsaved_issue_ids the issue ids that were not saved
386 389 def set_flash_from_bulk_issue_save(issues, unsaved_issue_ids)
387 390 if unsaved_issue_ids.empty?
388 391 flash[:notice] = l(:notice_successful_update) unless issues.empty?
389 392 else
390 393 flash[:error] = l(:notice_failed_to_save_issues,
391 394 :count => unsaved_issue_ids.size,
392 395 :total => issues.size,
393 396 :ids => '#' + unsaved_issue_ids.join(', #'))
394 397 end
395 398 end
396 399
397 400 # Rescues an invalid query statement. Just in case...
398 401 def query_statement_invalid(exception)
399 402 logger.error "Query::StatementInvalid: #{exception.message}" if logger
400 403 session.delete(:query)
401 404 sort_clear if respond_to?(:sort_clear)
402 405 render_error "An error occurred while executing the query and has been logged. Please report this error to your Redmine administrator."
403 406 end
404 407
405 408 # Converts the errors on an ActiveRecord object into a common JSON format
406 409 def object_errors_to_json(object)
407 410 object.errors.collect do |attribute, error|
408 411 { attribute => error }
409 412 end.to_json
410 413 end
411 414
412 415 end
Show file before | Show file after | Hide comments
@@ -1,65 +1,65
1 1 class IssueMovesController < ApplicationController
2 2 default_search_scope :issues
3 before_filter :find_issues
3 before_filter :find_issues, :check_project_uniqueness
4 4 before_filter :authorize
5 5
6 6 def new
7 7 prepare_for_issue_move
8 8 render :layout => false if request.xhr?
9 9 end
10 10
11 11 def create
12 12 prepare_for_issue_move
13 13
14 14 if request.post?
15 15 new_tracker = params[:new_tracker_id].blank? ? nil : @target_project.trackers.find_by_id(params[:new_tracker_id])
16 16 unsaved_issue_ids = []
17 17 moved_issues = []
18 18 @issues.each do |issue|
19 19 issue.reload
20 20 issue.init_journal(User.current)
21 21 call_hook(:controller_issues_move_before_save, { :params => params, :issue => issue, :target_project => @target_project, :copy => !!@copy })
22 22 if r = issue.move_to_project(@target_project, new_tracker, {:copy => @copy, :attributes => extract_changed_attributes_for_move(params)})
23 23 moved_issues << r
24 24 else
25 25 unsaved_issue_ids << issue.id
26 26 end
27 27 end
28 28 set_flash_from_bulk_issue_save(@issues, unsaved_issue_ids)
29 29
30 30 if params[:follow]
31 31 if @issues.size == 1 && moved_issues.size == 1
32 32 redirect_to :controller => 'issues', :action => 'show', :id => moved_issues.first
33 33 else
34 34 redirect_to :controller => 'issues', :action => 'index', :project_id => (@target_project || @project)
35 35 end
36 36 else
37 37 redirect_to :controller => 'issues', :action => 'index', :project_id => @project
38 38 end
39 39 return
40 40 end
41 41 end
42 42
43 43 private
44 44
45 45 def prepare_for_issue_move
46 46 @issues.sort!
47 47 @copy = params[:copy_options] && params[:copy_options][:copy]
48 48 @allowed_projects = Issue.allowed_target_projects_on_move
49 49 @target_project = @allowed_projects.detect {|p| p.id.to_s == params[:new_project_id]} if params[:new_project_id]
50 50 @target_project ||= @project
51 51 @trackers = @target_project.trackers
52 52 @available_statuses = Workflow.available_statuses(@project)
53 53 end
54 54
55 55 def extract_changed_attributes_for_move(params)
56 56 changed_attributes = {}
57 57 [:assigned_to_id, :status_id, :start_date, :due_date].each do |valid_attribute|
58 58 unless params[valid_attribute].blank?
59 59 changed_attributes[valid_attribute] = (params[valid_attribute] == 'none' ? nil : params[valid_attribute])
60 60 end
61 61 end
62 62 changed_attributes
63 63 end
64 64
65 65 end
Show file before | Show file after | Hide comments
@@ -1,329 +1,330
1 1 # Redmine - project management software
2 2 # Copyright (C) 2006-2008 Jean-Philippe Lang
3 3 #
4 4 # This program is free software; you can redistribute it and/or
5 5 # modify it under the terms of the GNU General Public License
6 6 # as published by the Free Software Foundation; either version 2
7 7 # of the License, or (at your option) any later version.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU General Public License
15 15 # along with this program; if not, write to the Free Software
16 16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17 17
18 18 class IssuesController < ApplicationController
19 19 menu_item :new_issue, :only => [:new, :create]
20 20 default_search_scope :issues
21 21
22 22 before_filter :find_issue, :only => [:show, :edit, :update]
23 23 before_filter :find_issues, :only => [:bulk_edit, :bulk_update, :move, :perform_move, :destroy]
24 before_filter :check_project_uniqueness, :only => [:bulk_edit, :bulk_update, :move, :perform_move, :destroy]
24 25 before_filter :find_project, :only => [:new, :create]
25 26 before_filter :authorize, :except => [:index]
26 27 before_filter :find_optional_project, :only => [:index]
27 28 before_filter :check_for_default_issue_status, :only => [:new, :create]
28 29 before_filter :build_new_issue_from_params, :only => [:new, :create]
29 30 accept_key_auth :index, :show
30 31
31 32 rescue_from Query::StatementInvalid, :with => :query_statement_invalid
32 33
33 34 helper :journals
34 35 helper :projects
35 36 include ProjectsHelper
36 37 helper :custom_fields
37 38 include CustomFieldsHelper
38 39 helper :issue_relations
39 40 include IssueRelationsHelper
40 41 helper :watchers
41 42 include WatchersHelper
42 43 helper :attachments
43 44 include AttachmentsHelper
44 45 helper :queries
45 46 include QueriesHelper
46 47 helper :sort
47 48 include SortHelper
48 49 include IssuesHelper
49 50 helper :timelog
50 51 helper :gantt
51 52 include Redmine::Export::PDF
52 53
53 54 verify :method => [:post, :delete],
54 55 :only => :destroy,
55 56 :render => { :nothing => true, :status => :method_not_allowed }
56 57
57 58 verify :method => :post, :only => :create, :render => {:nothing => true, :status => :method_not_allowed }
58 59 verify :method => :post, :only => :bulk_update, :render => {:nothing => true, :status => :method_not_allowed }
59 60 verify :method => :put, :only => :update, :render => {:nothing => true, :status => :method_not_allowed }
60 61
61 62 def index
62 63 retrieve_query
63 64 sort_init(@query.sort_criteria.empty? ? [['id', 'desc']] : @query.sort_criteria)
64 65 sort_update(@query.sortable_columns)
65 66
66 67 if @query.valid?
67 68 limit = case params[:format]
68 69 when 'csv', 'pdf'
69 70 Setting.issues_export_limit.to_i
70 71 when 'atom'
71 72 Setting.feeds_limit.to_i
72 73 else
73 74 per_page_option
74 75 end
75 76
76 77 @issue_count = @query.issue_count
77 78 @issue_pages = Paginator.new self, @issue_count, limit, params['page']
78 79 @issues = @query.issues(:include => [:assigned_to, :tracker, :priority, :category, :fixed_version],
79 80 :order => sort_clause,
80 81 :offset => @issue_pages.current.offset,
81 82 :limit => limit)
82 83 @issue_count_by_group = @query.issue_count_by_group
83 84
84 85 respond_to do |format|
85 86 format.html { render :template => 'issues/index.rhtml', :layout => !request.xhr? }
86 87 format.xml { render :layout => false }
87 88 format.json { render :text => @issues.to_json, :layout => false }
88 89 format.atom { render_feed(@issues, :title => "#{@project || Setting.app_title}: #{l(:label_issue_plural)}") }
89 90 format.csv { send_data(issues_to_csv(@issues, @project), :type => 'text/csv; header=present', :filename => 'export.csv') }
90 91 format.pdf { send_data(issues_to_pdf(@issues, @project, @query), :type => 'application/pdf', :filename => 'export.pdf') }
91 92 end
92 93 else
93 94 # Send html if the query is not valid
94 95 render(:template => 'issues/index.rhtml', :layout => !request.xhr?)
95 96 end
96 97 rescue ActiveRecord::RecordNotFound
97 98 render_404
98 99 end
99 100
100 101 def show
101 102 @journals = @issue.journals.find(:all, :include => [:user, :details], :order => "#{Journal.table_name}.created_on ASC")
102 103 @journals.each_with_index {|j,i| j.indice = i+1}
103 104 @journals.reverse! if User.current.wants_comments_in_reverse_order?
104 105 @changesets = @issue.changesets.visible.all
105 106 @changesets.reverse! if User.current.wants_comments_in_reverse_order?
106 107 @allowed_statuses = @issue.new_statuses_allowed_to(User.current)
107 108 @edit_allowed = User.current.allowed_to?(:edit_issues, @project)
108 109 @priorities = IssuePriority.all
109 110 @time_entry = TimeEntry.new
110 111 respond_to do |format|
111 112 format.html { render :template => 'issues/show.rhtml' }
112 113 format.xml { render :layout => false }
113 114 format.json { render :text => @issue.to_json, :layout => false }
114 115 format.atom { render :template => 'journals/index', :layout => false, :content_type => 'application/atom+xml' }
115 116 format.pdf { send_data(issue_to_pdf(@issue), :type => 'application/pdf', :filename => "#{@project.identifier}-#{@issue.id}.pdf") }
116 117 end
117 118 end
118 119
119 120 # Add a new issue
120 121 # The new issue will be created from an existing one if copy_from parameter is given
121 122 def new
122 123 respond_to do |format|
123 124 format.html { render :action => 'new', :layout => !request.xhr? }
124 125 format.js { render :partial => 'attributes' }
125 126 end
126 127 end
127 128
128 129 def create
129 130 call_hook(:controller_issues_new_before_save, { :params => params, :issue => @issue })
130 131 if @issue.save
131 132 attachments = Attachment.attach_files(@issue, params[:attachments])
132 133 render_attachment_warning_if_needed(@issue)
133 134 flash[:notice] = l(:notice_successful_create)
134 135 call_hook(:controller_issues_new_after_save, { :params => params, :issue => @issue})
135 136 respond_to do |format|
136 137 format.html {
137 138 redirect_to(params[:continue] ? { :action => 'new', :project_id => @project, :issue => {:tracker_id => @issue.tracker, :parent_issue_id => @issue.parent_issue_id}.reject {|k,v| v.nil?} } :
138 139 { :action => 'show', :id => @issue })
139 140 }
140 141 format.xml { render :action => 'show', :status => :created, :location => url_for(:controller => 'issues', :action => 'show', :id => @issue) }
141 142 format.json { render :text => @issue.to_json, :status => :created, :location => url_for(:controller => 'issues', :action => 'show'), :layout => false }
142 143 end
143 144 return
144 145 else
145 146 respond_to do |format|
146 147 format.html { render :action => 'new' }
147 148 format.xml { render(:xml => @issue.errors, :status => :unprocessable_entity); return }
148 149 format.json { render :text => object_errors_to_json(@issue), :status => :unprocessable_entity, :layout => false }
149 150 end
150 151 end
151 152 end
152 153
153 154 # Attributes that can be updated on workflow transition (without :edit permission)
154 155 # TODO: make it configurable (at least per role)
155 156 UPDATABLE_ATTRS_ON_TRANSITION = %w(status_id assigned_to_id fixed_version_id done_ratio) unless const_defined?(:UPDATABLE_ATTRS_ON_TRANSITION)
156 157
157 158 def edit
158 159 update_issue_from_params
159 160
160 161 @journal = @issue.current_journal
161 162
162 163 respond_to do |format|
163 164 format.html { }
164 165 format.xml { }
165 166 end
166 167 end
167 168
168 169 def update
169 170 update_issue_from_params
170 171
171 172 if @issue.save_issue_with_child_records(params, @time_entry)
172 173 render_attachment_warning_if_needed(@issue)
173 174 flash[:notice] = l(:notice_successful_update) unless @issue.current_journal.new_record?
174 175
175 176 respond_to do |format|
176 177 format.html { redirect_back_or_default({:action => 'show', :id => @issue}) }
177 178 format.xml { head :ok }
178 179 format.json { head :ok }
179 180 end
180 181 else
181 182 render_attachment_warning_if_needed(@issue)
182 183 flash[:notice] = l(:notice_successful_update) unless @issue.current_journal.new_record?
183 184 @journal = @issue.current_journal
184 185
185 186 respond_to do |format|
186 187 format.html { render :action => 'edit' }
187 188 format.xml { render :xml => @issue.errors, :status => :unprocessable_entity }
188 189 format.json { render :text => object_errors_to_json(@issue), :status => :unprocessable_entity, :layout => false }
189 190 end
190 191 end
191 192 end
192 193
193 194 # Bulk edit a set of issues
194 195 def bulk_edit
195 196 @issues.sort!
196 197 @available_statuses = Workflow.available_statuses(@project)
197 198 @custom_fields = @project.all_issue_custom_fields
198 199 end
199 200
200 201 def bulk_update
201 202 @issues.sort!
202 203 attributes = parse_params_for_bulk_issue_attributes(params)
203 204
204 205 unsaved_issue_ids = []
205 206 @issues.each do |issue|
206 207 issue.reload
207 208 journal = issue.init_journal(User.current, params[:notes])
208 209 issue.safe_attributes = attributes
209 210 call_hook(:controller_issues_bulk_edit_before_save, { :params => params, :issue => issue })
210 211 unless issue.save
211 212 # Keep unsaved issue ids to display them in flash error
212 213 unsaved_issue_ids << issue.id
213 214 end
214 215 end
215 216 set_flash_from_bulk_issue_save(@issues, unsaved_issue_ids)
216 217 redirect_back_or_default({:controller => 'issues', :action => 'index', :project_id => @project})
217 218 end
218 219
219 220 def destroy
220 221 @hours = TimeEntry.sum(:hours, :conditions => ['issue_id IN (?)', @issues]).to_f
221 222 if @hours > 0
222 223 case params[:todo]
223 224 when 'destroy'
224 225 # nothing to do
225 226 when 'nullify'
226 227 TimeEntry.update_all('issue_id = NULL', ['issue_id IN (?)', @issues])
227 228 when 'reassign'
228 229 reassign_to = @project.issues.find_by_id(params[:reassign_to_id])
229 230 if reassign_to.nil?
230 231 flash.now[:error] = l(:error_issue_not_found_in_project)
231 232 return
232 233 else
233 234 TimeEntry.update_all("issue_id = #{reassign_to.id}", ['issue_id IN (?)', @issues])
234 235 end
235 236 else
236 237 unless params[:format] == 'xml' || params[:format] == 'json'
237 238 # display the destroy form if it's a user request
238 239 return
239 240 end
240 241 end
241 242 end
242 243 @issues.each(&:destroy)
243 244 respond_to do |format|
244 245 format.html { redirect_to :action => 'index', :project_id => @project }
245 246 format.xml { head :ok }
246 247 format.json { head :ok }
247 248 end
248 249 end
249 250
250 251 private
251 252 def find_issue
252 253 @issue = Issue.find(params[:id], :include => [:project, :tracker, :status, :author, :priority, :category])
253 254 @project = @issue.project
254 255 rescue ActiveRecord::RecordNotFound
255 256 render_404
256 257 end
257 258
258 259 def find_project
259 260 project_id = (params[:issue] && params[:issue][:project_id]) || params[:project_id]
260 261 @project = Project.find(project_id)
261 262 rescue ActiveRecord::RecordNotFound
262 263 render_404
263 264 end
264 265
265 266 # Used by #edit and #update to set some common instance variables
266 267 # from the params
267 268 # TODO: Refactor, not everything in here is needed by #edit
268 269 def update_issue_from_params
269 270 @allowed_statuses = @issue.new_statuses_allowed_to(User.current)
270 271 @priorities = IssuePriority.all
271 272 @edit_allowed = User.current.allowed_to?(:edit_issues, @project)
272 273 @time_entry = TimeEntry.new
273 274
274 275 @notes = params[:notes] || (params[:issue].present? ? params[:issue][:notes] : nil)
275 276 @issue.init_journal(User.current, @notes)
276 277 # User can change issue attributes only if he has :edit permission or if a workflow transition is allowed
277 278 if (@edit_allowed || !@allowed_statuses.empty?) && params[:issue]
278 279 attrs = params[:issue].dup
279 280 attrs.delete_if {|k,v| !UPDATABLE_ATTRS_ON_TRANSITION.include?(k) } unless @edit_allowed
280 281 attrs.delete(:status_id) unless @allowed_statuses.detect {|s| s.id.to_s == attrs[:status_id].to_s}
281 282 @issue.safe_attributes = attrs
282 283 end
283 284
284 285 end
285 286
286 287 # TODO: Refactor, lots of extra code in here
287 288 # TODO: Changing tracker on an existing issue should not trigger this
288 289 def build_new_issue_from_params
289 290 if params[:id].blank?
290 291 @issue = Issue.new
291 292 @issue.copy_from(params[:copy_from]) if params[:copy_from]
292 293 @issue.project = @project
293 294 else
294 295 @issue = @project.issues.visible.find(params[:id])
295 296 end
296 297
297 298 @issue.project = @project
298 299 # Tracker must be set before custom field values
299 300 @issue.tracker ||= @project.trackers.find((params[:issue] && params[:issue][:tracker_id]) || params[:tracker_id] || :first)
300 301 if @issue.tracker.nil?
301 302 render_error l(:error_no_tracker_in_project)
302 303 return false
303 304 end
304 305 if params[:issue].is_a?(Hash)
305 306 @issue.safe_attributes = params[:issue]
306 307 if User.current.allowed_to?(:add_issue_watchers, @project) && @issue.new_record?
307 308 @issue.watcher_user_ids = params[:issue]['watcher_user_ids']
308 309 end
309 310 end
310 311 @issue.author = User.current
311 312 @issue.start_date ||= Date.today
312 313 @priorities = IssuePriority.all
313 314 @allowed_statuses = @issue.new_statuses_allowed_to(User.current, true)
314 315 end
315 316
316 317 def check_for_default_issue_status
317 318 if IssueStatus.default.nil?
318 319 render_error l(:error_no_default_issue_status)
319 320 return false
320 321 end
321 322 end
322 323
323 324 def parse_params_for_bulk_issue_attributes(params)
324 325 attributes = (params[:issue] || {}).reject {|k,v| v.blank?}
325 326 attributes.keys.each {|k| attributes[k] = '' if attributes[k] == 'none'}
326 327 attributes[:custom_field_values].reject! {|k,v| v.blank?} if attributes[:custom_field_values]
327 328 attributes
328 329 end
329 330 end
General Comments 0
You need to be logged in to leave comments. Login now