jro_apps/redmine Commit - r10723:7222e4012db5

Rewrites named scopes with ARel queries....

Jean-Philippe Lang -

r10723:7222e4012db5

parent child

Context file:

r10723:7222e4012db5

Collapse all files

app/models/board.rb +3 -2

             # Redmine - project management software
             # Copyright (C) 2006-2012  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             class Board < ActiveRecord::Base
               include Redmine::SafeAttributes
               belongs_to :project
               has_many :topics, :class_name => 'Message', :conditions => "#{Message.table_name}.parent_id IS NULL", :order => "#{Message.table_name}.created_on DESC"
               has_many :messages, :dependent => :destroy, :order => "#{Message.table_name}.created_on DESC"
               belongs_to :last_message, :class_name => 'Message', :foreign_key => :last_message_id
               acts_as_tree :dependent => :nullify
               acts_as_list :scope => '(project_id = #{project_id} AND parent_id #{parent_id ? "= #{parent_id}" : "IS NULL"})'
               acts_as_watchable
               validates_presence_of :name, :description
               validates_length_of :name, :maximum => 30
               validates_length_of :description, :maximum => 255
               validate :validate_board
-              scope :visible, lambda {|*args| { :include => :project,
+              scope :visible, lambda {|*args|
-                                                      :conditions => Project.allowed_to_condition(args.shift || User.current, :view_messages, *args) } }
+                includes(:project).where(Project.allowed_to_condition(args.shift || User.current, :view_messages, *args))
+              }
               safe_attributes 'name', 'description', 'parent_id', 'move_to'
               def visible?(user=User.current)
                 !user.nil? && user.allowed_to?(:view_messages, project)
               end
               def reload(*args)
                 @valid_parents = nil
                 super
               end
               def to_s
                 name
               end
               def valid_parents
                 @valid_parents ||= project.boards - self_and_descendants
               end
               def reset_counters!
                 self.class.reset_counters!(id)
               end
               # Updates topics_count, messages_count and last_message_id attributes for +board_id+
               def self.reset_counters!(board_id)
                 board_id = board_id.to_i
                 update_all("topics_count = (SELECT COUNT(*) FROM #{Message.table_name} WHERE board_id=#{board_id} AND parent_id IS NULL)," +
                            " messages_count = (SELECT COUNT(*) FROM #{Message.table_name} WHERE board_id=#{board_id})," +
                            " last_message_id = (SELECT MAX(id) FROM #{Message.table_name} WHERE board_id=#{board_id})",
                            ["id = ?", board_id])
               end
               def self.board_tree(boards, parent_id=nil, level=0)
                 tree = []
                 boards.select {|board| board.parent_id == parent_id}.sort_by(&:position).each do |board|
                   tree << [board, level]
                   tree += board_tree(boards, board.id, level+1)
                 end
                 if block_given?
                   tree.each do |board, level|
                     yield board, level
                   end
                 end
                 tree
               end
               protected
               def validate_board
                 if parent_id && parent_id_changed?
                   errors.add(:parent_id, :invalid) unless valid_parents.include?(parent)
                 end
               end
             end

app/models/changeset.rb +3 -3

             # Redmine - project management software
             # Copyright (C) 2006-2012  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             require 'iconv'
             class Changeset < ActiveRecord::Base
               belongs_to :repository
               belongs_to :user
               has_many :filechanges, :class_name => 'Change', :dependent => :delete_all
               has_and_belongs_to_many :issues
               has_and_belongs_to_many :parents,
                                       :class_name => "Changeset",
                                       :join_table => "#{table_name_prefix}changeset_parents#{table_name_suffix}",
                                       :association_foreign_key => 'parent_id', :foreign_key => 'changeset_id'
               has_and_belongs_to_many :children,
                                       :class_name => "Changeset",
                                       :join_table => "#{table_name_prefix}changeset_parents#{table_name_suffix}",
                                       :association_foreign_key => 'changeset_id', :foreign_key => 'parent_id'
               acts_as_event :title => Proc.new {|o| o.title},
                             :description => :long_comments,
                             :datetime => :committed_on,
                             :url => Proc.new {|o| {:controller => 'repositories', :action => 'revision', :id => o.repository.project, :repository_id => o.repository.identifier_param, :rev => o.identifier}}
               acts_as_searchable :columns => 'comments',
                                  :include => {:repository => :project},
                                  :project_key => "#{Repository.table_name}.project_id",
                                  :date_column => 'committed_on'
               acts_as_activity_provider :timestamp => "#{table_name}.committed_on",
                                         :author_key => :user_id,
                                         :find_options => {:include => [:user, {:repository => :project}]}
               validates_presence_of :repository_id, :revision, :committed_on, :commit_date
               validates_uniqueness_of :revision, :scope => :repository_id
               validates_uniqueness_of :scmid, :scope => :repository_id, :allow_nil => true
-              scope :visible,
+              scope :visible, lambda {|*args|
-                 lambda {|*args| { :include => {:repository => :project},
+                includes(:repository => :project).where(Project.allowed_to_condition(args.shift || User.current, :view_changesets, *args))
-                                                      :conditions => Project.allowed_to_condition(args.shift || User.current, :view_changesets, *args) } }
               after_create :scan_for_issues
               before_create :before_create_cs
               def revision=(r)
                 write_attribute :revision, (r.nil? ? nil : r.to_s)
               end
               # Returns the identifier of this changeset; depending on repository backends
               def identifier
                 if repository.class.respond_to? :changeset_identifier
                   repository.class.changeset_identifier self
                 else
                   revision.to_s
                 end
               end
               def committed_on=(date)
                 self.commit_date = date
                 super
               end
               # Returns the readable identifier
               def format_identifier
                 if repository.class.respond_to? :format_changeset_identifier
                   repository.class.format_changeset_identifier self
                 else
                   identifier
                 end
               end
               def project
                 repository.project
               end
               def author
                 user || committer.to_s.split('<').first
               end
               def before_create_cs
                 self.committer = self.class.to_utf8(self.committer, repository.repo_log_encoding)
                 self.comments  = self.class.normalize_comments(
                                    self.comments, repository.repo_log_encoding)
                 self.user = repository.find_committer_user(self.committer)
               end
               def scan_for_issues
                 scan_comment_for_issue_ids
               end
               TIMELOG_RE = /
                 (
                 ((\d+)(h|hours?))((\d+)(m|min)?)?
                 |
                 ((\d+)(h|hours?|m|min))
                 |
                 (\d+):(\d+)
                 |
                 (\d+([\.,]\d+)?)h?
                 )
                 /x
               def scan_comment_for_issue_ids
                 return if comments.blank?
                 # keywords used to reference issues
                 ref_keywords = Setting.commit_ref_keywords.downcase.split(",").collect(&:strip)
                 ref_keywords_any = ref_keywords.delete('*')
                 # keywords used to fix issues
                 fix_keywords = Setting.commit_fix_keywords.downcase.split(",").collect(&:strip)
                 kw_regexp = (ref_keywords + fix_keywords).collect{|kw| Regexp.escape(kw)}.join("|")
                 referenced_issues = []
                 comments.scan(/([\s\(\[,-]|^)((#{kw_regexp})[\s:]+)?(#\d+(\s+@#{TIMELOG_RE})?([\s,;&]+#\d+(\s+@#{TIMELOG_RE})?)*)(?=[[:punct:]]|\s|<|$)/i) do |match|
                   action, refs = match[2], match[3]
                   next unless action.present? || ref_keywords_any
                   refs.scan(/#(\d+)(\s+@#{TIMELOG_RE})?/).each do |m|
                     issue, hours = find_referenced_issue_by_id(m[0].to_i), m[2]
                     if issue
                       referenced_issues << issue
                       fix_issue(issue) if fix_keywords.include?(action.to_s.downcase)
                       log_time(issue, hours) if hours && Setting.commit_logtime_enabled?
                     end
                   end
                 end
                 referenced_issues.uniq!
                 self.issues = referenced_issues unless referenced_issues.empty?
               end
               def short_comments
                 @short_comments || split_comments.first
               end
               def long_comments
                 @long_comments || split_comments.last
               end
               def text_tag(ref_project=nil)
                 tag = if scmid?
                   "commit:#{scmid}"
                 else
                   "r#{revision}"
                 end
                 if repository && repository.identifier.present?
                   tag = "#{repository.identifier}|#{tag}"
                 end
                 if ref_project && project && ref_project != project
                   tag = "#{project.identifier}:#{tag}"
                 end
                 tag
               end
               # Returns the title used for the changeset in the activity/search results
               def title
                 repo = (repository && repository.identifier.present?) ? " (#{repository.identifier})" : ''
                 comm = short_comments.blank? ? '' : (': ' + short_comments)
                 "#{l(:label_revision)} #{format_identifier}#{repo}#{comm}"
               end
               # Returns the previous changeset
               def previous
                 @previous ||= Changeset.where(["id < ? AND repository_id = ?", id, repository_id]).order('id DESC').first
               end
               # Returns the next changeset
               def next
                 @next ||= Changeset.where(["id > ? AND repository_id = ?", id, repository_id]).order('id ASC').first
               end
               # Creates a new Change from it's common parameters
               def create_change(change)
                 Change.create(:changeset     => self,
                               :action        => change[:action],
                               :path          => change[:path],
                               :from_path     => change[:from_path],
                               :from_revision => change[:from_revision])
               end
               # Finds an issue that can be referenced by the commit message
               def find_referenced_issue_by_id(id)
                 return nil if id.blank?
                 issue = Issue.find_by_id(id.to_i, :include => :project)
                 if Setting.commit_cross_project_ref?
                   # all issues can be referenced/fixed
                 elsif issue
                   # issue that belong to the repository project, a subproject or a parent project only
                   unless issue.project &&
                             (project == issue.project || project.is_ancestor_of?(issue.project) ||
                              project.is_descendant_of?(issue.project))
                     issue = nil
                   end
                 end
                 issue
               end
               private
               def fix_issue(issue)
                 status = IssueStatus.find_by_id(Setting.commit_fix_status_id.to_i)
                 if status.nil?
                   logger.warn("No status matches commit_fix_status_id setting (#{Setting.commit_fix_status_id})") if logger
                   return issue
                 end
                 # the issue may have been updated by the closure of another one (eg. duplicate)
                 issue.reload
                 # don't change the status is the issue is closed
                 return if issue.status && issue.status.is_closed?
                 journal = issue.init_journal(user || User.anonymous, ll(Setting.default_language, :text_status_changed_by_changeset, text_tag(issue.project)))
                 issue.status = status
                 unless Setting.commit_fix_done_ratio.blank?
                   issue.done_ratio = Setting.commit_fix_done_ratio.to_i
                 end
                 Redmine::Hook.call_hook(:model_changeset_scan_commit_for_issue_ids_pre_issue_update,
                                         { :changeset => self, :issue => issue })
                 unless issue.save
                   logger.warn("Issue ##{issue.id} could not be saved by changeset #{id}: #{issue.errors.full_messages}") if logger
                 end
                 issue
               end
               def log_time(issue, hours)
                 time_entry = TimeEntry.new(
                   :user => user,
                   :hours => hours,
                   :issue => issue,
                   :spent_on => commit_date,
                   :comments => l(:text_time_logged_by_changeset, :value => text_tag(issue.project),
                                  :locale => Setting.default_language)
                   )
                 time_entry.activity = log_time_activity unless log_time_activity.nil?
                 unless time_entry.save
                   logger.warn("TimeEntry could not be created by changeset #{id}: #{time_entry.errors.full_messages}") if logger
                 end
                 time_entry
               end
               def log_time_activity
                 if Setting.commit_logtime_activity_id.to_i > 0
                   TimeEntryActivity.find_by_id(Setting.commit_logtime_activity_id.to_i)
                 end
               end
               def split_comments
                 comments =~ /\A(.+?)\r?\n(.*)$/m
                 @short_comments = $1 || comments
                 @long_comments = $2.to_s.strip
                 return @short_comments, @long_comments
               end
               public
               # Strips and reencodes a commit log before insertion into the database
               def self.normalize_comments(str, encoding)
                 Changeset.to_utf8(str.to_s.strip, encoding)
               end
               def self.to_utf8(str, encoding)
                 Redmine::CodesetUtil.to_utf8(str, encoding)
               end
             end

app/models/document.rb +3 -2

             # Redmine - project management software
             # Copyright (C) 2006-2012  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             class Document < ActiveRecord::Base
               include Redmine::SafeAttributes
               belongs_to :project
               belongs_to :category, :class_name => "DocumentCategory", :foreign_key => "category_id"
               acts_as_attachable :delete_permission => :manage_documents
               acts_as_searchable :columns => ['title', "#{table_name}.description"], :include => :project
               acts_as_event :title => Proc.new {|o| "#{l(:label_document)}: #{o.title}"},
                             :author => Proc.new {|o| o.attachments.reorder("#{Attachment.table_name}.created_on ASC").first.try(:author) },
                             :url => Proc.new {|o| {:controller => 'documents', :action => 'show', :id => o.id}}
               acts_as_activity_provider :find_options => {:include => :project}
               validates_presence_of :project, :title, :category
               validates_length_of :title, :maximum => 60
-              scope :visible, lambda {|*args| { :include => :project,
+              scope :visible, lambda {|*args|
-                                                      :conditions => Project.allowed_to_condition(args.shift || User.current, :view_documents, *args) } }
+                includes(:project).where(Project.allowed_to_condition(args.shift || User.current, :view_documents, *args))
+              }
               safe_attributes 'category_id', 'title', 'description'
               def visible?(user=User.current)
                 !user.nil? && user.allowed_to?(:view_documents, project)
               end
               def initialize(attributes=nil, *args)
                 super
                 if new_record?
                   self.category ||= DocumentCategory.default
                 end
               end
               def updated_on
                 unless @updated_on
                   a = attachments.last
                   @updated_on = (a && a.created_on) || created_on
                 end
                 @updated_on
               end
             end

app/models/issue.rb +8 -7

             # Redmine - project management software
             # Copyright (C) 2006-2012  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             class Issue < ActiveRecord::Base
               include Redmine::SafeAttributes
               include Redmine::Utils::DateCalculation
               belongs_to :project
               belongs_to :tracker
               belongs_to :status, :class_name => 'IssueStatus', :foreign_key => 'status_id'
               belongs_to :author, :class_name => 'User', :foreign_key => 'author_id'
               belongs_to :assigned_to, :class_name => 'Principal', :foreign_key => 'assigned_to_id'
               belongs_to :fixed_version, :class_name => 'Version', :foreign_key => 'fixed_version_id'
               belongs_to :priority, :class_name => 'IssuePriority', :foreign_key => 'priority_id'
               belongs_to :category, :class_name => 'IssueCategory', :foreign_key => 'category_id'
               has_many :journals, :as => :journalized, :dependent => :destroy
               has_many :visible_journals,
                 :class_name => 'Journal',
                 :as => :journalized,
                 :conditions => Proc.new {
                   ["(#{Journal.table_name}.private_notes = ? OR (#{Project.allowed_to_condition(User.current, :view_private_notes)}))", false]
                 },
                 :readonly => true
               has_many :time_entries, :dependent => :delete_all
               has_and_belongs_to_many :changesets, :order => "#{Changeset.table_name}.committed_on ASC, #{Changeset.table_name}.id ASC"
               has_many :relations_from, :class_name => 'IssueRelation', :foreign_key => 'issue_from_id', :dependent => :delete_all
               has_many :relations_to, :class_name => 'IssueRelation', :foreign_key => 'issue_to_id', :dependent => :delete_all
               acts_as_nested_set :scope => 'root_id', :dependent => :destroy
               acts_as_attachable :after_add => :attachment_added, :after_remove => :attachment_removed
               acts_as_customizable
               acts_as_watchable
               acts_as_searchable :columns => ['subject', "#{table_name}.description", "#{Journal.table_name}.notes"],
                                  :include => [:project, :visible_journals],
                                  # sort by id so that limited eager loading doesn't break with postgresql
                                  :order_column => "#{table_name}.id"
               acts_as_event :title => Proc.new {|o| "#{o.tracker.name} ##{o.id} (#{o.status}): #{o.subject}"},
                             :url => Proc.new {|o| {:controller => 'issues', :action => 'show', :id => o.id}},
                             :type => Proc.new {|o| 'issue' + (o.closed? ? ' closed' : '') }
               acts_as_activity_provider :find_options => {:include => [:project, :author, :tracker]},
                                         :author_key => :author_id
               DONE_RATIO_OPTIONS = %w(issue_field issue_status)
               attr_reader :current_journal
               delegate :notes, :notes=, :private_notes, :private_notes=, :to => :current_journal, :allow_nil => true
               validates_presence_of :subject, :priority, :project, :tracker, :author, :status
               validates_length_of :subject, :maximum => 255
               validates_inclusion_of :done_ratio, :in => 0..100
               validates_numericality_of :estimated_hours, :allow_nil => true
               validate :validate_issue, :validate_required_fields
-              scope :visible,
+              scope :visible, lambda {|*args|
-                    lambda {|*args| { :include => :project,
+                includes(:project).where(Issue.visible_condition(args.shift || User.current, *args))
-                                      :conditions => Issue.visible_condition(args.shift || User.current, *args) } }
               scope :open, lambda {|*args|
                 is_closed = args.size > 0 ? !args.first : false
-                {:conditions => ["#{IssueStatus.table_name}.is_closed = ?", is_closed], :include => :status}
+                includes(:status).where("#{IssueStatus.table_name}.is_closed = ?", is_closed)
               }
-              scope :recently_updated, lambda { { :order => "#{Issue.table_name}.updated_on DESC" } }
+              scope :recently_updated, lambda { order("#{Issue.table_name}.updated_on DESC") }
-              scope :on_active_project, lambda { { :include => [:status, :project, :tracker],
+              scope :on_active_project, lambda {
-                                                   :conditions => ["#{Project.table_name}.status=#{Project::STATUS_ACTIVE}"] } }
+                includes(:status, :project, :tracker).where("#{Project.table_name}.status = ?", Project::STATUS_ACTIVE)
+              }
               before_create :default_assign
               before_save :close_duplicates, :update_done_ratio_from_issue_status, :force_updated_on_change
               after_save {|issue| issue.send :after_project_change if !issue.id_changed? && issue.project_id_changed?}
               after_save :reschedule_following_issues, :update_nested_set_attributes, :update_parent_attributes, :create_journal
               # Should be after_create but would be called before previous after_save callbacks
               after_save :after_create_from_copy
               after_destroy :update_parent_attributes
               # Returns a SQL conditions string used to find all issues visible by the specified user
               def self.visible_condition(user, options={})
                 Project.allowed_to_condition(user, :view_issues, options) do |role, user|
                   if user.logged?
                     case role.issues_visibility
                     when 'all'
                       nil
                     when 'default'
                       user_ids = [user.id] + user.groups.map(&:id)
                       "(#{table_name}.is_private = #{connection.quoted_false} OR #{table_name}.author_id = #{user.id} OR #{table_name}.assigned_to_id IN (#{user_ids.join(',')}))"
                     when 'own'
                       user_ids = [user.id] + user.groups.map(&:id)
                       "(#{table_name}.author_id = #{user.id} OR #{table_name}.assigned_to_id IN (#{user_ids.join(',')}))"
                     else
                       '1=0'
                     end
                   else
                     "(#{table_name}.is_private = #{connection.quoted_false})"
                   end
                 end
               end
               # Returns true if usr or current user is allowed to view the issue
               def visible?(usr=nil)
                 (usr || User.current).allowed_to?(:view_issues, self.project) do |role, user|
                   if user.logged?
                     case role.issues_visibility
                     when 'all'
                       true
                     when 'default'
                       !self.is_private? || (self.author == user || user.is_or_belongs_to?(assigned_to))
                     when 'own'
                       self.author == user || user.is_or_belongs_to?(assigned_to)
                     else
                       false
                     end
                   else
                     !self.is_private?
                   end
                 end
               end
               def initialize(attributes=nil, *args)
                 super
                 if new_record?
                   # set default values for new records only
                   self.status ||= IssueStatus.default
                   self.priority ||= IssuePriority.default
                   self.watcher_user_ids = []
                 end
               end
               # AR#Persistence#destroy would raise and RecordNotFound exception
               # if the issue was already deleted or updated (non matching lock_version).
               # This is a problem when bulk deleting issues or deleting a project
               # (because an issue may already be deleted if its parent was deleted
               # first).
               # The issue is reloaded by the nested_set before being deleted so
               # the lock_version condition should not be an issue but we handle it.
               def destroy
                 super
               rescue ActiveRecord::RecordNotFound
                 # Stale or already deleted
                 begin
                   reload
                 rescue ActiveRecord::RecordNotFound
                   # The issue was actually already deleted
                   @destroyed = true
                   return freeze
                 end
                 # The issue was stale, retry to destroy
                 super
               end
               def reload(*args)
                 @workflow_rule_by_attribute = nil
                 @assignable_versions = nil
                 super
               end
               # Overrides Redmine::Acts::Customizable::InstanceMethods#available_custom_fields
               def available_custom_fields
                 (project && tracker) ? (project.all_issue_custom_fields & tracker.custom_fields.all) : []
               end
               # Copies attributes from another issue, arg can be an id or an Issue
               def copy_from(arg, options={})
                 issue = arg.is_a?(Issue) ? arg : Issue.visible.find(arg)
                 self.attributes = issue.attributes.dup.except("id", "root_id", "parent_id", "lft", "rgt", "created_on", "updated_on")
                 self.custom_field_values = issue.custom_field_values.inject({}) {|h,v| h[v.custom_field_id] = v.value; h}
                 self.status = issue.status
                 self.author = User.current
                 unless options[:attachments] == false
                   self.attachments = issue.attachments.map do |attachement|
                     attachement.copy(:container => self)
                   end
                 end
                 @copied_from = issue
                 @copy_options = options
                 self
               end
               # Returns an unsaved copy of the issue
               def copy(attributes=nil, copy_options={})
                 copy = self.class.new.copy_from(self, copy_options)
                 copy.attributes = attributes if attributes
                 copy
               end
               # Returns true if the issue is a copy
               def copy?
                 @copied_from.present?
               end
               # Moves/copies an issue to a new project and tracker
               # Returns the moved/copied issue on success, false on failure
               def move_to_project(new_project, new_tracker=nil, options={})
                 ActiveSupport::Deprecation.warn "Issue#move_to_project is deprecated, use #project= instead."
                 if options[:copy]
                   issue = self.copy
                 else
                   issue = self
                 end
                 issue.init_journal(User.current, options[:notes])
                 # Preserve previous behaviour
                 # #move_to_project doesn't change tracker automatically
                 issue.send :project=, new_project, true
                 if new_tracker
                   issue.tracker = new_tracker
                 end
                 # Allow bulk setting of attributes on the issue
                 if options[:attributes]
                   issue.attributes = options[:attributes]
                 end
                 issue.save ? issue : false
               end
               def status_id=(sid)
                 self.status = nil
                 result = write_attribute(:status_id, sid)
                 @workflow_rule_by_attribute = nil
                 result
               end
               def priority_id=(pid)
                 self.priority = nil
                 write_attribute(:priority_id, pid)
               end
               def category_id=(cid)
                 self.category = nil
                 write_attribute(:category_id, cid)
               end
               def fixed_version_id=(vid)
                 self.fixed_version = nil
                 write_attribute(:fixed_version_id, vid)
               end
               def tracker_id=(tid)
                 self.tracker = nil
                 result = write_attribute(:tracker_id, tid)
                 @custom_field_values = nil
                 @workflow_rule_by_attribute = nil
                 result
               end
               def project_id=(project_id)
                 if project_id.to_s != self.project_id.to_s
                   self.project = (project_id.present? ? Project.find_by_id(project_id) : nil)
                 end
               end
               def project=(project, keep_tracker=false)
                 project_was = self.project
                 write_attribute(:project_id, project ? project.id : nil)
                 association_instance_set('project', project)
                 if project_was && project && project_was != project
                   @assignable_versions = nil
                   unless keep_tracker || project.trackers.include?(tracker)
                     self.tracker = project.trackers.first
                   end
                   # Reassign to the category with same name if any
                   if category
                     self.category = project.issue_categories.find_by_name(category.name)
                   end
                   # Keep the fixed_version if it's still valid in the new_project
                   if fixed_version && fixed_version.project != project && !project.shared_versions.include?(fixed_version)
                     self.fixed_version = nil
                   end
                   # Clear the parent task if it's no longer valid
                   unless valid_parent_project?
                     self.parent_issue_id = nil
                   end
                   @custom_field_values = nil
                 end
               end
               def description=(arg)
                 if arg.is_a?(String)
                   arg = arg.gsub(/(\r\n|\n|\r)/, "\r\n")
                 end
                 write_attribute(:description, arg)
               end
               # Overrides assign_attributes so that project and tracker get assigned first
               def assign_attributes_with_project_and_tracker_first(new_attributes, *args)
                 return if new_attributes.nil?
                 attrs = new_attributes.dup
                 attrs.stringify_keys!
                 %w(project project_id tracker tracker_id).each do |attr|
                   if attrs.has_key?(attr)
                     send "#{attr}=", attrs.delete(attr)
                   end
                 end
                 send :assign_attributes_without_project_and_tracker_first, attrs, *args
               end
               # Do not redefine alias chain on reload (see #4838)
               alias_method_chain(:assign_attributes, :project_and_tracker_first) unless method_defined?(:assign_attributes_without_project_and_tracker_first)
               def estimated_hours=(h)
                 write_attribute :estimated_hours, (h.is_a?(String) ? h.to_hours : h)
               end
               safe_attributes 'project_id',
                 :if => lambda {|issue, user|
                   if issue.new_record?
                     issue.copy?
                   elsif user.allowed_to?(:move_issues, issue.project)
                     projects = Issue.allowed_target_projects_on_move(user)
                     projects.include?(issue.project) && projects.size > 1
                   end
                 }
               safe_attributes 'tracker_id',
                 'status_id',
                 'category_id',
                 'assigned_to_id',
                 'priority_id',
                 'fixed_version_id',
                 'subject',
                 'description',
                 'start_date',
                 'due_date',
                 'done_ratio',
                 'estimated_hours',
                 'custom_field_values',
                 'custom_fields',
                 'lock_version',
                 'notes',
                 :if => lambda {|issue, user| issue.new_record? || user.allowed_to?(:edit_issues, issue.project) }
               safe_attributes 'status_id',
                 'assigned_to_id',
                 'fixed_version_id',
                 'done_ratio',
                 'lock_version',
                 'notes',
                 :if => lambda {|issue, user| issue.new_statuses_allowed_to(user).any? }
               safe_attributes 'notes',
                 :if => lambda {|issue, user| user.allowed_to?(:add_issue_notes, issue.project)}
               safe_attributes 'private_notes',
                 :if => lambda {|issue, user| !issue.new_record? && user.allowed_to?(:set_notes_private, issue.project)}
               safe_attributes 'watcher_user_ids',
                 :if => lambda {|issue, user| issue.new_record? && user.allowed_to?(:add_issue_watchers, issue.project)}
               safe_attributes 'is_private',
                 :if => lambda {|issue, user|
                   user.allowed_to?(:set_issues_private, issue.project) ||
                     (issue.author == user && user.allowed_to?(:set_own_issues_private, issue.project))
                 }
               safe_attributes 'parent_issue_id',
                 :if => lambda {|issue, user| (issue.new_record? || user.allowed_to?(:edit_issues, issue.project)) &&
                   user.allowed_to?(:manage_subtasks, issue.project)}
               def safe_attribute_names(user=nil)
                 names = super
                 names -= disabled_core_fields
                 names -= read_only_attribute_names(user)
                 names
               end
               # Safely sets attributes
               # Should be called from controllers instead of #attributes=
               # attr_accessible is too rough because we still want things like
               # Issue.new(:project => foo) to work
               def safe_attributes=(attrs, user=User.current)
                 return unless attrs.is_a?(Hash)
                 attrs = attrs.dup
                 # Project and Tracker must be set before since new_statuses_allowed_to depends on it.
                 if (p = attrs.delete('project_id')) && safe_attribute?('project_id')
                   if allowed_target_projects(user).collect(&:id).include?(p.to_i)
                     self.project_id = p
                   end
                 end
                 if (t = attrs.delete('tracker_id')) && safe_attribute?('tracker_id')
                   self.tracker_id = t
                 end
                 if (s = attrs.delete('status_id')) && safe_attribute?('status_id')
                   if new_statuses_allowed_to(user).collect(&:id).include?(s.to_i)
                     self.status_id = s
                   end
                 end
                 attrs = delete_unsafe_attributes(attrs, user)
                 return if attrs.empty?
                 unless leaf?
                   attrs.reject! {|k,v| %w(priority_id done_ratio start_date due_date estimated_hours).include?(k)}
                 end
                 if attrs['parent_issue_id'].present?
                   s = attrs['parent_issue_id'].to_s
                   unless (m = s.match(%r{\A#?(\d+)\z})) && Issue.visible(user).exists?(m[1])
                     @invalid_parent_issue_id = attrs.delete('parent_issue_id')
                   end
                 end
                 if attrs['custom_field_values'].present?
                   attrs['custom_field_values'] = attrs['custom_field_values'].reject {|k, v| read_only_attribute_names(user).include? k.to_s}
                 end
                 if attrs['custom_fields'].present?
                   attrs['custom_fields'] = attrs['custom_fields'].reject {|c| read_only_attribute_names(user).include? c['id'].to_s}
                 end
                 # mass-assignment security bypass
                 assign_attributes attrs, :without_protection => true
               end
               def disabled_core_fields
                 tracker ? tracker.disabled_core_fields : []
               end
               # Returns the custom_field_values that can be edited by the given user
               def editable_custom_field_values(user=nil)
                 custom_field_values.reject do |value|
                   read_only_attribute_names(user).include?(value.custom_field_id.to_s)
                 end
               end
               # Returns the names of attributes that are read-only for user or the current user
               # For users with multiple roles, the read-only fields are the intersection of
               # read-only fields of each role
               # The result is an array of strings where sustom fields are represented with their ids
               #
               # Examples:
               #   issue.read_only_attribute_names # => ['due_date', '2']
               #   issue.read_only_attribute_names(user) # => []
               def read_only_attribute_names(user=nil)
                 workflow_rule_by_attribute(user).reject {|attr, rule| rule != 'readonly'}.keys
               end
               # Returns the names of required attributes for user or the current user
               # For users with multiple roles, the required fields are the intersection of
               # required fields of each role
               # The result is an array of strings where sustom fields are represented with their ids
               #
               # Examples:
               #   issue.required_attribute_names # => ['due_date', '2']
               #   issue.required_attribute_names(user) # => []
               def required_attribute_names(user=nil)
                 workflow_rule_by_attribute(user).reject {|attr, rule| rule != 'required'}.keys
               end
               # Returns true if the attribute is required for user
               def required_attribute?(name, user=nil)
                 required_attribute_names(user).include?(name.to_s)
               end
               # Returns a hash of the workflow rule by attribute for the given user
               #
               # Examples:
               #   issue.workflow_rule_by_attribute # => {'due_date' => 'required', 'start_date' => 'readonly'}
               def workflow_rule_by_attribute(user=nil)
                 return @workflow_rule_by_attribute if @workflow_rule_by_attribute && user.nil?
                 user_real = user || User.current
                 roles = user_real.admin ? Role.all : user_real.roles_for_project(project)
                 return {} if roles.empty?
                 result = {}
                 workflow_permissions = WorkflowPermission.where(:tracker_id => tracker_id, :old_status_id => status_id, :role_id => roles.map(&:id)).all
                 if workflow_permissions.any?
                   workflow_rules = workflow_permissions.inject({}) do |h, wp|
                     h[wp.field_name] ||= []
                     h[wp.field_name] << wp.rule
                     h
                   end
                   workflow_rules.each do |attr, rules|
                     next if rules.size < roles.size
                     uniq_rules = rules.uniq
                     if uniq_rules.size == 1
                       result[attr] = uniq_rules.first
                     else
                       result[attr] = 'required'
                     end
                   end
                 end
                 @workflow_rule_by_attribute = result if user.nil?
                 result
               end
               private :workflow_rule_by_attribute
               def done_ratio
                 if Issue.use_status_for_done_ratio? && status && status.default_done_ratio
                   status.default_done_ratio
                 else
                   read_attribute(:done_ratio)
                 end
               end
               def self.use_status_for_done_ratio?
                 Setting.issue_done_ratio == 'issue_status'
               end
               def self.use_field_for_done_ratio?
                 Setting.issue_done_ratio == 'issue_field'
               end
               def validate_issue
                 if due_date.nil? && @attributes['due_date'].present?
                   errors.add :due_date, :not_a_date
                 end
                 if start_date.nil? && @attributes['start_date'].present?
                   errors.add :start_date, :not_a_date
                 end
                 if due_date && start_date && due_date < start_date
                   errors.add :due_date, :greater_than_start_date
                 end
                 if start_date && soonest_start && start_date < soonest_start
                   errors.add :start_date, :invalid
                 end
                 if fixed_version
                   if !assignable_versions.include?(fixed_version)
                     errors.add :fixed_version_id, :inclusion
                   elsif reopened? && fixed_version.closed?
                     errors.add :base, I18n.t(:error_can_not_reopen_issue_on_closed_version)
                   end
                 end
                 # Checks that the issue can not be added/moved to a disabled tracker
                 if project && (tracker_id_changed? || project_id_changed?)
                   unless project.trackers.include?(tracker)
                     errors.add :tracker_id, :inclusion
                   end
                 end
                 # Checks parent issue assignment
                 if @invalid_parent_issue_id.present?
                   errors.add :parent_issue_id, :invalid
                 elsif @parent_issue
                   if !valid_parent_project?(@parent_issue)
                     errors.add :parent_issue_id, :invalid
                   elsif !new_record?
                     # moving an existing issue
                     if @parent_issue.root_id != root_id
                       # we can always move to another tree
                     elsif move_possible?(@parent_issue)
                       # move accepted inside tree
                     else
                       errors.add :parent_issue_id, :invalid
                     end
                   end
                 end
               end
               # Validates the issue against additional workflow requirements
               def validate_required_fields
                 user = new_record? ? author : current_journal.try(:user)
                 required_attribute_names(user).each do |attribute|
                   if attribute =~ /^\d+$/
                     attribute = attribute.to_i
                     v = custom_field_values.detect {|v| v.custom_field_id == attribute }
                     if v && v.value.blank?
                       errors.add :base, v.custom_field.name + ' ' + l('activerecord.errors.messages.blank')
                     end
                   else
                     if respond_to?(attribute) && send(attribute).blank?
                       errors.add attribute, :blank
                     end
                   end
                 end
               end
               # Set the done_ratio using the status if that setting is set.  This will keep the done_ratios
               # even if the user turns off the setting later
               def update_done_ratio_from_issue_status
                 if Issue.use_status_for_done_ratio? && status && status.default_done_ratio
                   self.done_ratio = status.default_done_ratio
                 end
               end
               def init_journal(user, notes = "")
                 @current_journal ||= Journal.new(:journalized => self, :user => user, :notes => notes)
                 if new_record?
                   @current_journal.notify = false
                 else
                   @attributes_before_change = attributes.dup
                   @custom_values_before_change = {}
                   self.custom_field_values.each {|c| @custom_values_before_change.store c.custom_field_id, c.value }
                 end
                 @current_journal
               end
               # Returns the id of the last journal or nil
               def last_journal_id
                 if new_record?
                   nil
                 else
                   journals.maximum(:id)
                 end
               end
               # Returns a scope for journals that have an id greater than journal_id
               def journals_after(journal_id)
                 scope = journals.reorder("#{Journal.table_name}.id ASC")
                 if journal_id.present?
                   scope = scope.where("#{Journal.table_name}.id > ?", journal_id.to_i)
                 end
                 scope
               end
               # Return true if the issue is closed, otherwise false
               def closed?
                 self.status.is_closed?
               end
               # Return true if the issue is being reopened
               def reopened?
                 if !new_record? && status_id_changed?
                   status_was = IssueStatus.find_by_id(status_id_was)
                   status_new = IssueStatus.find_by_id(status_id)
                   if status_was && status_new && status_was.is_closed? && !status_new.is_closed?
                     return true
                   end
                 end
                 false
               end
               # Return true if the issue is being closed
               def closing?
                 if !new_record? && status_id_changed?
                   status_was = IssueStatus.find_by_id(status_id_was)
                   status_new = IssueStatus.find_by_id(status_id)
                   if status_was && status_new && !status_was.is_closed? && status_new.is_closed?
                     return true
                   end
                 end
                 false
               end
               # Returns true if the issue is overdue
               def overdue?
                 !due_date.nil? && (due_date < Date.today) && !status.is_closed?
               end
               # Is the amount of work done less than it should for the due date
               def behind_schedule?
                 return false if start_date.nil? || due_date.nil?
                 done_date = start_date + ((due_date - start_date+1)* done_ratio/100).floor
                 return done_date <= Date.today
               end
               # Does this issue have children?
               def children?
                 !leaf?
               end
               # Users the issue can be assigned to
               def assignable_users
                 users = project.assignable_users
                 users << author if author
                 users << assigned_to if assigned_to
                 users.uniq.sort
               end
               # Versions that the issue can be assigned to
               def assignable_versions
                 return @assignable_versions if @assignable_versions
                 versions = project.shared_versions.open.all
                 if fixed_version
                   if fixed_version_id_changed?
                     # nothing to do
                   elsif project_id_changed?
                     if project.shared_versions.include?(fixed_version)
                       versions << fixed_version
                     end
                   else
                     versions << fixed_version
                   end
                 end
                 @assignable_versions = versions.uniq.sort
               end
               # Returns true if this issue is blocked by another issue that is still open
               def blocked?
                 !relations_to.detect {|ir| ir.relation_type == 'blocks' && !ir.issue_from.closed?}.nil?
               end
               # Returns an array of statuses that user is able to apply
               def new_statuses_allowed_to(user=User.current, include_default=false)
                 if new_record? && @copied_from
                   [IssueStatus.default, @copied_from.status].compact.uniq.sort
                 else
                   initial_status = nil
                   if new_record?
                     initial_status = IssueStatus.default
                   elsif status_id_was
                     initial_status = IssueStatus.find_by_id(status_id_was)
                   end
                   initial_status ||= status
                   statuses = initial_status.find_new_statuses_allowed_to(
                     user.admin ? Role.all : user.roles_for_project(project),
                     tracker,
                     author == user,
                     assigned_to_id_changed? ? assigned_to_id_was == user.id : assigned_to_id == user.id
                     )
                   statuses << initial_status unless statuses.empty?
                   statuses << IssueStatus.default if include_default
                   statuses = statuses.compact.uniq.sort
                   blocked? ? statuses.reject {|s| s.is_closed?} : statuses
                 end
               end
               def assigned_to_was
                 if assigned_to_id_changed? && assigned_to_id_was.present?
                   @assigned_to_was ||= User.find_by_id(assigned_to_id_was)
                 end
               end
               # Returns the users that should be notified
               def notified_users
                 notified = []
                 # Author and assignee are always notified unless they have been
                 # locked or don't want to be notified
                 notified << author if author
                 if assigned_to
                   notified += (assigned_to.is_a?(Group) ? assigned_to.users : [assigned_to])
                 end
                 if assigned_to_was
                   notified += (assigned_to_was.is_a?(Group) ? assigned_to_was.users : [assigned_to_was])
                 end
                 notified = notified.select {|u| u.active? && u.notify_about?(self)}
                 notified += project.notified_users
                 notified.uniq!
                 # Remove users that can not view the issue
                 notified.reject! {|user| !visible?(user)}
                 notified
               end
               # Returns the email addresses that should be notified
               def recipients
                 notified_users.collect(&:mail)
               end
               # Returns the number of hours spent on this issue
               def spent_hours
                 @spent_hours ||= time_entries.sum(:hours) || 0
               end
               # Returns the total number of hours spent on this issue and its descendants
               #
               # Example:
               #   spent_hours => 0.0
               #   spent_hours => 50.2
               def total_spent_hours
                 @total_spent_hours ||= self_and_descendants.sum("#{TimeEntry.table_name}.hours",
                   :joins => "LEFT JOIN #{TimeEntry.table_name} ON #{TimeEntry.table_name}.issue_id = #{Issue.table_name}.id").to_f || 0.0
               end
               def relations
                 @relations ||= IssueRelations.new(self, (relations_from + relations_to).sort)
               end
               # Preloads relations for a collection of issues
               def self.load_relations(issues)
                 if issues.any?
                   relations = IssueRelation.all(:conditions => ["issue_from_id IN (:ids) OR issue_to_id IN (:ids)", {:ids => issues.map(&:id)}])
                   issues.each do |issue|
                     issue.instance_variable_set "@relations", relations.select {|r| r.issue_from_id == issue.id || r.issue_to_id == issue.id}
                   end
                 end
               end
               # Preloads visible spent time for a collection of issues
               def self.load_visible_spent_hours(issues, user=User.current)
                 if issues.any?
                   hours_by_issue_id = TimeEntry.visible(user).sum(:hours, :group => :issue_id)
                   issues.each do |issue|
                     issue.instance_variable_set "@spent_hours", (hours_by_issue_id[issue.id] || 0)
                   end
                 end
               end
               # Preloads visible relations for a collection of issues
               def self.load_visible_relations(issues, user=User.current)
                 if issues.any?
                   issue_ids = issues.map(&:id)
                   # Relations with issue_from in given issues and visible issue_to
                   relations_from = IssueRelation.includes(:issue_to => [:status, :project]).where(visible_condition(user)).where(:issue_from_id => issue_ids).all
                   # Relations with issue_to in given issues and visible issue_from
                   relations_to = IssueRelation.includes(:issue_from => [:status, :project]).where(visible_condition(user)).where(:issue_to_id => issue_ids).all
                   issues.each do |issue|
                     relations =
                       relations_from.select {|relation| relation.issue_from_id == issue.id} +
                       relations_to.select {|relation| relation.issue_to_id == issue.id}
                     issue.instance_variable_set "@relations", IssueRelations.new(issue, relations.sort)
                   end
                 end
               end
               # Finds an issue relation given its id.
               def find_relation(relation_id)
                 IssueRelation.find(relation_id, :conditions => ["issue_to_id = ? OR issue_from_id = ?", id, id])
               end
               def all_dependent_issues(except=[])
                 except << self
                 dependencies = []
                 relations_from.each do |relation|
                   if relation.issue_to && !except.include?(relation.issue_to)
                     dependencies << relation.issue_to
                     dependencies += relation.issue_to.all_dependent_issues(except)
                   end
                 end
                 dependencies
               end
               # Returns an array of issues that duplicate this one
               def duplicates
                 relations_to.select {|r| r.relation_type == IssueRelation::TYPE_DUPLICATES}.collect {|r| r.issue_from}
               end
               # Returns the due date or the target due date if any
               # Used on gantt chart
               def due_before
                 due_date || (fixed_version ? fixed_version.effective_date : nil)
               end
               # Returns the time scheduled for this issue.
               #
               # Example:
               #   Start Date: 2/26/09, End Date: 3/04/09
               #   duration => 6
               def duration
                 (start_date && due_date) ? due_date - start_date : 0
               end
               # Returns the duration in working days
               def working_duration
                 (start_date && due_date) ? working_days(start_date, due_date) : 0
               end
               def soonest_start(reload=false)
                 @soonest_start = nil if reload
                 @soonest_start ||= (
                     relations_to(reload).collect{|relation| relation.successor_soonest_start} +
                     ancestors.collect(&:soonest_start)
                   ).compact.max
               end
               # Sets start_date on the given date or the next working day
               # and changes due_date to keep the same working duration.
               def reschedule_on(date)
                 wd = working_duration
                 date = next_working_date(date)
                 self.start_date = date
                 self.due_date = add_working_days(date, wd)
               end
               # Reschedules the issue on the given date or the next working day and saves the record.
               # If the issue is a parent task, this is done by rescheduling its subtasks.
               def reschedule_on!(date)
                 return if date.nil?
                 if leaf?
                   if start_date.nil? || start_date != date
                     if start_date && start_date > date
                       # Issue can not be moved earlier than its soonest start date
                       date = [soonest_start(true), date].compact.max
                     end
                     reschedule_on(date)
                     begin
                       save
                     rescue ActiveRecord::StaleObjectError
                       reload
                       reschedule_on(date)
                       save
                     end
                   end
                 else
                   leaves.each do |leaf|
                     if leaf.start_date
                       # Only move subtask if it starts at the same date as the parent
                       # or if it starts before the given date
                       if start_date == leaf.start_date || date > leaf.start_date
                         leaf.reschedule_on!(date)
                       end
                     else
                       leaf.reschedule_on!(date)
                     end
                   end
                 end
               end
               def <=>(issue)
                 if issue.nil?
                   -1
                 elsif root_id != issue.root_id
                   (root_id || 0) <=> (issue.root_id || 0)
                 else
                   (lft || 0) <=> (issue.lft || 0)
                 end
               end
               def to_s
                 "#{tracker} ##{id}: #{subject}"
               end
               # Returns a string of css classes that apply to the issue
               def css_classes
                 s = "issue status-#{status_id} #{priority.try(:css_classes)}"
                 s << ' closed' if closed?
                 s << ' overdue' if overdue?
                 s << ' child' if child?
                 s << ' parent' unless leaf?
                 s << ' private' if is_private?
                 s << ' created-by-me' if User.current.logged? && author_id == User.current.id
                 s << ' assigned-to-me' if User.current.logged? && assigned_to_id == User.current.id
                 s
               end
               # Saves an issue and a time_entry from the parameters
               def save_issue_with_child_records(params, existing_time_entry=nil)
                 Issue.transaction do
                   if params[:time_entry] && (params[:time_entry][:hours].present? || params[:time_entry][:comments].present?) && User.current.allowed_to?(:log_time, project)
                     @time_entry = existing_time_entry || TimeEntry.new
                     @time_entry.project = project
                     @time_entry.issue = self
                     @time_entry.user = User.current
                     @time_entry.spent_on = User.current.today
                     @time_entry.attributes = params[:time_entry]
                     self.time_entries << @time_entry
                   end
                   # TODO: Rename hook
                   Redmine::Hook.call_hook(:controller_issues_edit_before_save, { :params => params, :issue => self, :time_entry => @time_entry, :journal => @current_journal})
                   if save
                     # TODO: Rename hook
                     Redmine::Hook.call_hook(:controller_issues_edit_after_save, { :params => params, :issue => self, :time_entry => @time_entry, :journal => @current_journal})
                   else
                     raise ActiveRecord::Rollback
                   end
                 end
               end
               # Unassigns issues from +version+ if it's no longer shared with issue's project
               def self.update_versions_from_sharing_change(version)
                 # Update issues assigned to the version
                 update_versions(["#{Issue.table_name}.fixed_version_id = ?", version.id])
               end
               # Unassigns issues from versions that are no longer shared
               # after +project+ was moved
               def self.update_versions_from_hierarchy_change(project)
                 moved_project_ids = project.self_and_descendants.reload.collect(&:id)
                 # Update issues of the moved projects and issues assigned to a version of a moved project
                 Issue.update_versions(["#{Version.table_name}.project_id IN (?) OR #{Issue.table_name}.project_id IN (?)", moved_project_ids, moved_project_ids])
               end
               def parent_issue_id=(arg)
                 s = arg.to_s.strip.presence
                 if s && (m = s.match(%r{\A#?(\d+)\z})) && (@parent_issue = Issue.find_by_id(m[1]))
                   @parent_issue.id
                 else
                   @parent_issue = nil
                   @invalid_parent_issue_id = arg
                 end
               end
               def parent_issue_id
                 if @invalid_parent_issue_id
                   @invalid_parent_issue_id
                 elsif instance_variable_defined? :@parent_issue
                   @parent_issue.nil? ? nil : @parent_issue.id
                 else
                   parent_id
                 end
               end
             	# Returns true if issue's project is a valid
             	# parent issue project
               def valid_parent_project?(issue=parent)
                 return true if issue.nil? || issue.project_id == project_id
                 case Setting.cross_project_subtasks
                 when 'system'
                   true
                 when 'tree'
                   issue.project.root == project.root
                 when 'hierarchy'
                   issue.project.is_or_is_ancestor_of?(project) || issue.project.is_descendant_of?(project)
                 when 'descendants'
                   issue.project.is_or_is_ancestor_of?(project)
                 else
                   false
                 end
               end
               # Extracted from the ReportsController.
               def self.by_tracker(project)
                 count_and_group_by(:project => project,
                                    :field => 'tracker_id',
                                    :joins => Tracker.table_name)
               end
               def self.by_version(project)
                 count_and_group_by(:project => project,
                                    :field => 'fixed_version_id',
                                    :joins => Version.table_name)
               end
               def self.by_priority(project)
                 count_and_group_by(:project => project,
                                    :field => 'priority_id',
                                    :joins => IssuePriority.table_name)
               end
               def self.by_category(project)
                 count_and_group_by(:project => project,
                                    :field => 'category_id',
                                    :joins => IssueCategory.table_name)
               end
               def self.by_assigned_to(project)
                 count_and_group_by(:project => project,
                                    :field => 'assigned_to_id',
                                    :joins => User.table_name)
               end
               def self.by_author(project)
                 count_and_group_by(:project => project,
                                    :field => 'author_id',
                                    :joins => User.table_name)
               end
               def self.by_subproject(project)
                 ActiveRecord::Base.connection.select_all("select    s.id as status_id,
                                                             s.is_closed as closed,
                                                             #{Issue.table_name}.project_id as project_id,
                                                             count(#{Issue.table_name}.id) as total
                                                           from
                                                             #{Issue.table_name}, #{Project.table_name}, #{IssueStatus.table_name} s
                                                           where
                                                             #{Issue.table_name}.status_id=s.id
                                                             and #{Issue.table_name}.project_id = #{Project.table_name}.id
                                                             and #{visible_condition(User.current, :project => project, :with_subprojects => true)}
                                                             and #{Issue.table_name}.project_id <> #{project.id}
                                                           group by s.id, s.is_closed, #{Issue.table_name}.project_id") if project.descendants.active.any?
               end
               # End ReportsController extraction
               # Returns an array of projects that user can assign the issue to
               def allowed_target_projects(user=User.current)
                 if new_record?
                   Project.all(:conditions => Project.allowed_to_condition(user, :add_issues))
                 else
                   self.class.allowed_target_projects_on_move(user)
                 end
               end
               # Returns an array of projects that user can move issues to
               def self.allowed_target_projects_on_move(user=User.current)
                 Project.all(:conditions => Project.allowed_to_condition(user, :move_issues))
               end
               private
               def after_project_change
                 # Update project_id on related time entries
                 TimeEntry.update_all(["project_id = ?", project_id], {:issue_id => id})
                 # Delete issue relations
                 unless Setting.cross_project_issue_relations?
                   relations_from.clear
                   relations_to.clear
                 end
                 # Move subtasks that were in the same project
                 children.each do |child|
                   next unless child.project_id == project_id_was
                   # Change project and keep project
                   child.send :project=, project, true
                   unless child.save
                     raise ActiveRecord::Rollback
                   end
                 end
               end
               # Callback for after the creation of an issue by copy
               # * adds a "copied to" relation with the copied issue
               # * copies subtasks from the copied issue
               def after_create_from_copy
                 return unless copy? && !@after_create_from_copy_handled
                 if (@copied_from.project_id == project_id || Setting.cross_project_issue_relations?) && @copy_options[:link] != false
                   relation = IssueRelation.new(:issue_from => @copied_from, :issue_to => self, :relation_type => IssueRelation::TYPE_COPIED_TO)
                   unless relation.save
                     logger.error "Could not create relation while copying ##{@copied_from.id} to ##{id} due to validation errors: #{relation.errors.full_messages.join(', ')}" if logger
                   end
                 end
                 unless @copied_from.leaf? || @copy_options[:subtasks] == false
                   @copied_from.children.each do |child|
                     unless child.visible?
                       # Do not copy subtasks that are not visible to avoid potential disclosure of private data
                       logger.error "Subtask ##{child.id} was not copied during ##{@copied_from.id} copy because it is not visible to the current user" if logger
                       next
                     end
                     copy = Issue.new.copy_from(child, @copy_options)
                     copy.author = author
                     copy.project = project
                     copy.parent_issue_id = id
                     # Children subtasks are copied recursively
                     unless copy.save
                       logger.error "Could not copy subtask ##{child.id} while copying ##{@copied_from.id} to ##{id} due to validation errors: #{copy.errors.full_messages.join(', ')}" if logger
                     end
                   end
                 end
                 @after_create_from_copy_handled = true
               end
               def update_nested_set_attributes
                 if root_id.nil?
                   # issue was just created
                   self.root_id = (@parent_issue.nil? ? id : @parent_issue.root_id)
                   set_default_left_and_right
                   Issue.update_all("root_id = #{root_id}, lft = #{lft}, rgt = #{rgt}", ["id = ?", id])
                   if @parent_issue
                     move_to_child_of(@parent_issue)
                   end
                   reload
                 elsif parent_issue_id != parent_id
                   former_parent_id = parent_id
                   # moving an existing issue
                   if @parent_issue && @parent_issue.root_id == root_id
                     # inside the same tree
                     move_to_child_of(@parent_issue)
                   else
                     # to another tree
                     unless root?
                       move_to_right_of(root)
                       reload
                     end
                     old_root_id = root_id
                     self.root_id = (@parent_issue.nil? ? id : @parent_issue.root_id )
                     target_maxright = nested_set_scope.maximum(right_column_name) || 0
                     offset = target_maxright + 1 - lft
                     Issue.update_all("root_id = #{root_id}, lft = lft + #{offset}, rgt = rgt + #{offset}",
                                       ["root_id = ? AND lft >= ? AND rgt <= ? ", old_root_id, lft, rgt])
                     self[left_column_name] = lft + offset
                     self[right_column_name] = rgt + offset
                     if @parent_issue
                       move_to_child_of(@parent_issue)
                     end
                   end
                   reload
                   # delete invalid relations of all descendants
                   self_and_descendants.each do |issue|
                     issue.relations.each do |relation|
                       relation.destroy unless relation.valid?
                     end
                   end
                   # update former parent
                   recalculate_attributes_for(former_parent_id) if former_parent_id
                 end
                 remove_instance_variable(:@parent_issue) if instance_variable_defined?(:@parent_issue)
               end
               def update_parent_attributes
                 recalculate_attributes_for(parent_id) if parent_id
               end
               def recalculate_attributes_for(issue_id)
                 if issue_id && p = Issue.find_by_id(issue_id)
                   # priority = highest priority of children
                   if priority_position = p.children.maximum("#{IssuePriority.table_name}.position", :joins => :priority)
                     p.priority = IssuePriority.find_by_position(priority_position)
                   end
                   # start/due dates = lowest/highest dates of children
                   p.start_date = p.children.minimum(:start_date)
                   p.due_date = p.children.maximum(:due_date)
                   if p.start_date && p.due_date && p.due_date < p.start_date
                     p.start_date, p.due_date = p.due_date, p.start_date
                   end
                   # done ratio = weighted average ratio of leaves
                   unless Issue.use_status_for_done_ratio? && p.status && p.status.default_done_ratio
                     leaves_count = p.leaves.count
                     if leaves_count > 0
                       average = p.leaves.average(:estimated_hours).to_f
                       if average == 0
                         average = 1
                       end
                       done = p.leaves.sum("COALESCE(estimated_hours, #{average}) * (CASE WHEN is_closed = #{connection.quoted_true} THEN 100 ELSE COALESCE(done_ratio, 0) END)", :joins => :status).to_f
                       progress = done / (average * leaves_count)
                       p.done_ratio = progress.round
                     end
                   end
                   # estimate = sum of leaves estimates
                   p.estimated_hours = p.leaves.sum(:estimated_hours).to_f
                   p.estimated_hours = nil if p.estimated_hours == 0.0
                   # ancestors will be recursively updated
                   p.save(:validate => false)
                 end
               end
               # Update issues so their versions are not pointing to a
               # fixed_version that is not shared with the issue's project
               def self.update_versions(conditions=nil)
                 # Only need to update issues with a fixed_version from
                 # a different project and that is not systemwide shared
                 Issue.scoped(:conditions => conditions).all(
                   :conditions => "#{Issue.table_name}.fixed_version_id IS NOT NULL" +
                     " AND #{Issue.table_name}.project_id <> #{Version.table_name}.project_id" +
                     " AND #{Version.table_name}.sharing <> 'system'",
                   :include => [:project, :fixed_version]
                 ).each do |issue|
                   next if issue.project.nil? || issue.fixed_version.nil?
                   unless issue.project.shared_versions.include?(issue.fixed_version)
                     issue.init_journal(User.current)
                     issue.fixed_version = nil
                     issue.save
                   end
                 end
               end
               # Callback on file attachment
               def attachment_added(obj)
                 if @current_journal && !obj.new_record?
                   @current_journal.details << JournalDetail.new(:property => 'attachment', :prop_key => obj.id, :value => obj.filename)
                 end
               end
               # Callback on attachment deletion
               def attachment_removed(obj)
                 if @current_journal && !obj.new_record?
                   @current_journal.details << JournalDetail.new(:property => 'attachment', :prop_key => obj.id, :old_value => obj.filename)
                   @current_journal.save
                 end
               end
               # Default assignment based on category
               def default_assign
                 if assigned_to.nil? && category && category.assigned_to
                   self.assigned_to = category.assigned_to
                 end
               end
               # Updates start/due dates of following issues
               def reschedule_following_issues
                 if start_date_changed? || due_date_changed?
                   relations_from.each do |relation|
                     relation.set_issue_to_dates
                   end
                 end
               end
               # Closes duplicates if the issue is being closed
               def close_duplicates
                 if closing?
                   duplicates.each do |duplicate|
                     # Reload is need in case the duplicate was updated by a previous duplicate
                     duplicate.reload
                     # Don't re-close it if it's already closed
                     next if duplicate.closed?
                     # Same user and notes
                     if @current_journal
                       duplicate.init_journal(@current_journal.user, @current_journal.notes)
                     end
                     duplicate.update_attribute :status, self.status
                   end
                 end
               end
               # Make sure updated_on is updated when adding a note
               def force_updated_on_change
                 if @current_journal
                   self.updated_on = current_time_from_proper_timezone
                 end
               end
               # Saves the changes in a Journal
               # Called after_save
               def create_journal
                 if @current_journal
                   # attributes changes
                   if @attributes_before_change
                     (Issue.column_names - %w(id root_id lft rgt lock_version created_on updated_on)).each {|c|
                       before = @attributes_before_change[c]
                       after = send(c)
                       next if before == after || (before.blank? && after.blank?)
                       @current_journal.details << JournalDetail.new(:property => 'attr',
                                                                     :prop_key => c,
                                                                     :old_value => before,
                                                                     :value => after)
                     }
                   end
                   if @custom_values_before_change
                     # custom fields changes
                     custom_field_values.each {|c|
                       before = @custom_values_before_change[c.custom_field_id]
                       after = c.value
                       next if before == after || (before.blank? && after.blank?)
                       if before.is_a?(Array) || after.is_a?(Array)
                         before = [before] unless before.is_a?(Array)
                         after = [after] unless after.is_a?(Array)
                         # values removed
                         (before - after).reject(&:blank?).each do |value|
                           @current_journal.details << JournalDetail.new(:property => 'cf',
                                                                         :prop_key => c.custom_field_id,
                                                                         :old_value => value,
                                                                         :value => nil)
                         end
                         # values added
                         (after - before).reject(&:blank?).each do |value|
                           @current_journal.details << JournalDetail.new(:property => 'cf',
                                                                         :prop_key => c.custom_field_id,
                                                                         :old_value => nil,
                                                                         :value => value)
                         end
                       else
                         @current_journal.details << JournalDetail.new(:property => 'cf',
                                                                       :prop_key => c.custom_field_id,
                                                                       :old_value => before,
                                                                       :value => after)
                       end
                     }
                   end
                   @current_journal.save
                   # reset current journal
                   init_journal @current_journal.user, @current_journal.notes
                 end
               end
               # Query generator for selecting groups of issue counts for a project
               # based on specific criteria
               #
               # Options
               # * project - Project to search in.
               # * field - String. Issue field to key off of in the grouping.
               # * joins - String. The table name to join against.
               def self.count_and_group_by(options)
                 project = options.delete(:project)
                 select_field = options.delete(:field)
                 joins = options.delete(:joins)
                 where = "#{Issue.table_name}.#{select_field}=j.id"
                 ActiveRecord::Base.connection.select_all("select    s.id as status_id,
                                                             s.is_closed as closed,
                                                             j.id as #{select_field},
                                                             count(#{Issue.table_name}.id) as total
                                                           from
                                                               #{Issue.table_name}, #{Project.table_name}, #{IssueStatus.table_name} s, #{joins} j
                                                           where
                                                             #{Issue.table_name}.status_id=s.id
                                                             and #{where}
                                                             and #{Issue.table_name}.project_id=#{Project.table_name}.id
                                                             and #{visible_condition(User.current, :project => project)}
                                                           group by s.id, s.is_closed, j.id")
               end
             end

app/models/message.rb +3 -2

             # Redmine - project management software
             # Copyright (C) 2006-2012  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             class Message < ActiveRecord::Base
               include Redmine::SafeAttributes
               belongs_to :board
               belongs_to :author, :class_name => 'User', :foreign_key => 'author_id'
               acts_as_tree :counter_cache => :replies_count, :order => "#{Message.table_name}.created_on ASC"
               acts_as_attachable
               belongs_to :last_reply, :class_name => 'Message', :foreign_key => 'last_reply_id'
               acts_as_searchable :columns => ['subject', 'content'],
                                  :include => {:board => :project},
                                  :project_key => "#{Board.table_name}.project_id",
                                  :date_column => "#{table_name}.created_on"
               acts_as_event :title => Proc.new {|o| "#{o.board.name}: #{o.subject}"},
                             :description => :content,
                             :type => Proc.new {|o| o.parent_id.nil? ? 'message' : 'reply'},
                             :url => Proc.new {|o| {:controller => 'messages', :action => 'show', :board_id => o.board_id}.merge(o.parent_id.nil? ? {:id => o.id} :
                                                                                                                                                    {:id => o.parent_id, :r => o.id, :anchor => "message-#{o.id}"})}
               acts_as_activity_provider :find_options => {:include => [{:board => :project}, :author]},
                                         :author_key => :author_id
               acts_as_watchable
               validates_presence_of :board, :subject, :content
               validates_length_of :subject, :maximum => 255
               validate :cannot_reply_to_locked_topic, :on => :create
               after_create :add_author_as_watcher, :reset_counters!
               after_update :update_messages_board
               after_destroy :reset_counters!
-              scope :visible, lambda {|*args| { :include => {:board => :project},
+              scope :visible, lambda {|*args|
-                                                      :conditions => Project.allowed_to_condition(args.shift || User.current, :view_messages, *args) } }
+                includes(:board => :project).where(Project.allowed_to_condition(args.shift || User.current, :view_messages, *args))
+              }
               safe_attributes 'subject', 'content'
               safe_attributes 'locked', 'sticky', 'board_id',
                 :if => lambda {|message, user|
                   user.allowed_to?(:edit_messages, message.project)
                 }
               def visible?(user=User.current)
                 !user.nil? && user.allowed_to?(:view_messages, project)
               end
               def cannot_reply_to_locked_topic
                 # Can not reply to a locked topic
                 errors.add :base, 'Topic is locked' if root.locked? && self != root
               end
               def update_messages_board
                 if board_id_changed?
                   Message.update_all("board_id = #{board_id}", ["id = ? OR parent_id = ?", root.id, root.id])
                   Board.reset_counters!(board_id_was)
                   Board.reset_counters!(board_id)
                 end
               end
               def reset_counters!
                 if parent && parent.id
                   Message.update_all({:last_reply_id => parent.children.maximum(:id)}, {:id => parent.id})
                 end
                 board.reset_counters!
               end
               def sticky=(arg)
                 write_attribute :sticky, (arg == true || arg.to_s == '1' ? 1 : 0)
               end
               def sticky?
                 sticky == 1
               end
               def project
                 board.project
               end
               def editable_by?(usr)
                 usr && usr.logged? && (usr.allowed_to?(:edit_messages, project) || (self.author == usr && usr.allowed_to?(:edit_own_messages, project)))
               end
               def destroyable_by?(usr)
                 usr && usr.logged? && (usr.allowed_to?(:delete_messages, project) || (self.author == usr && usr.allowed_to?(:delete_own_messages, project)))
               end
               private
               def add_author_as_watcher
                 Watcher.create(:watchable => self.root, :user => author)
               end
             end

app/models/news.rb +3 -4

             # Redmine - project management software
             # Copyright (C) 2006-2012  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             class News < ActiveRecord::Base
               include Redmine::SafeAttributes
               belongs_to :project
               belongs_to :author, :class_name => 'User', :foreign_key => 'author_id'
               has_many :comments, :as => :commented, :dependent => :delete_all, :order => "created_on"
               validates_presence_of :title, :description
               validates_length_of :title, :maximum => 60
               validates_length_of :summary, :maximum => 255
               acts_as_attachable :delete_permission => :manage_news
               acts_as_searchable :columns => ['title', 'summary', "#{table_name}.description"], :include => :project
               acts_as_event :url => Proc.new {|o| {:controller => 'news', :action => 'show', :id => o.id}}
               acts_as_activity_provider :find_options => {:include => [:project, :author]},
                                         :author_key => :author_id
               acts_as_watchable
               after_create :add_author_as_watcher
-              scope :visible, lambda {|*args| {
+              scope :visible, lambda {|*args|
-                :include => :project,
+                includes(:project).where(Project.allowed_to_condition(args.shift || User.current, :view_news, *args))
-                :conditions => Project.allowed_to_condition(args.shift || User.current, :view_news, *args)
-              }}
               safe_attributes 'title', 'summary', 'description'
               def visible?(user=User.current)
                 !user.nil? && user.allowed_to?(:view_news, project)
               end
               # Returns true if the news can be commented by user
               def commentable?(user=User.current)
                 user.allowed_to?(:comment_news, project)
               end
               # returns latest news for projects visible by user
               def self.latest(user = User.current, count = 5)
                 visible(user).includes([:author, :project]).order("#{News.table_name}.created_on DESC").limit(count).all
               end
               private
               def add_author_as_watcher
                 Watcher.create(:watchable => self, :user => author)
               end
             end

app/models/principal.rb +1 -1

             # Redmine - project management software
             # Copyright (C) 2006-2012  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             class Principal < ActiveRecord::Base
               self.table_name = "#{table_name_prefix}users#{table_name_suffix}"
               has_many :members, :foreign_key => 'user_id', :dependent => :destroy
               has_many :memberships, :class_name => 'Member', :foreign_key => 'user_id', :include => [ :project, :roles ], :conditions => "#{Project.table_name}.status<>#{Project::STATUS_ARCHIVED}", :order => "#{Project.table_name}.name"
               has_many :projects, :through => :memberships
               has_many :issue_categories, :foreign_key => 'assigned_to_id', :dependent => :nullify
               # Groups and active users
-              scope :active, lambda { { :conditions => "#{Principal.table_name}.status = 1" } }
+              scope :active, lambda { where("#{Principal.table_name}.status = 1") }
               scope :like, lambda {|q|
                 q = q.to_s
                 if q.blank?
                   where({})
                 else
                   pattern = "%#{q}%"
                   sql = %w(login firstname lastname mail).map {|column| "LOWER(#{table_name}.#{column}) LIKE LOWER(:p)"}.join(" OR ")
                   params = {:p => pattern}
                   if q =~ /^(.+)\s+(.+)$/
                     a, b = "#{$1}%", "#{$2}%"
                     sql << " OR (LOWER(#{table_name}.firstname) LIKE LOWER(:a) AND LOWER(#{table_name}.lastname) LIKE LOWER(:b))"
                     sql << " OR (LOWER(#{table_name}.firstname) LIKE LOWER(:b) AND LOWER(#{table_name}.lastname) LIKE LOWER(:a))"
                     params.merge!(:a => a, :b => b)
                   end
                   where(sql, params)
                 end
               }
               # Principals that are members of a collection of projects
               scope :member_of, lambda {|projects|
                 projects = [projects] unless projects.is_a?(Array)
                 if projects.empty?
                   where("1=0")
                 else
                   ids = projects.map(&:id)
                   where("#{Principal.table_name}.status = 1 AND #{Principal.table_name}.id IN (SELECT DISTINCT user_id FROM #{Member.table_name} WHERE project_id IN (?))", ids)
                 end
               }
               # Principals that are not members of projects
               scope :not_member_of, lambda {|projects|
                 projects = [projects] unless projects.is_a?(Array)
                 if projects.empty?
                   where("1=0")
                 else
                   ids = projects.map(&:id)
                   where("#{Principal.table_name}.id NOT IN (SELECT DISTINCT user_id FROM #{Member.table_name} WHERE project_id IN (?))", ids)
                 end
               }
               before_create :set_default_empty_values
               def name(formatter = nil)
                 to_s
               end
               def <=>(principal)
                 if principal.nil?
                   -1
                 elsif self.class.name == principal.class.name
                   self.to_s.downcase <=> principal.to_s.downcase
                 else
                   # groups after users
                   principal.class.name <=> self.class.name
                 end
               end
               protected
               # Make sure we don't try to insert NULL values (see #4632)
               def set_default_empty_values
                 self.login ||= ''
                 self.hashed_password ||= ''
                 self.firstname ||= ''
                 self.lastname ||= ''
                 self.mail ||= ''
                 true
               end
             end

app/models/project.rb +10 -8

             # Redmine - project management software
             # Copyright (C) 2006-2012  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             class Project < ActiveRecord::Base
               include Redmine::SafeAttributes
               # Project statuses
               STATUS_ACTIVE     = 1
               STATUS_CLOSED     = 5
               STATUS_ARCHIVED   = 9
               # Maximum length for project identifiers
               IDENTIFIER_MAX_LENGTH = 100
               # Specific overidden Activities
               has_many :time_entry_activities
               has_many :members, :include => [:principal, :roles], :conditions => "#{User.table_name}.type='User' AND #{User.table_name}.status=#{User::STATUS_ACTIVE}"
               has_many :memberships, :class_name => 'Member'
               has_many :member_principals, :class_name => 'Member',
                                            :include => :principal,
                                            :conditions => "#{Principal.table_name}.type='Group' OR (#{Principal.table_name}.type='User' AND #{Principal.table_name}.status=#{User::STATUS_ACTIVE})"
               has_many :users, :through => :members
               has_many :principals, :through => :member_principals, :source => :principal
               has_many :enabled_modules, :dependent => :delete_all
               has_and_belongs_to_many :trackers, :order => "#{Tracker.table_name}.position"
               has_many :issues, :dependent => :destroy, :include => [:status, :tracker]
               has_many :issue_changes, :through => :issues, :source => :journals
               has_many :versions, :dependent => :destroy, :order => "#{Version.table_name}.effective_date DESC, #{Version.table_name}.name DESC"
               has_many :time_entries, :dependent => :delete_all
               has_many :queries, :dependent => :delete_all
               has_many :documents, :dependent => :destroy
               has_many :news, :dependent => :destroy, :include => :author
               has_many :issue_categories, :dependent => :delete_all, :order => "#{IssueCategory.table_name}.name"
               has_many :boards, :dependent => :destroy, :order => "position ASC"
               has_one :repository, :conditions => ["is_default = ?", true]
               has_many :repositories, :dependent => :destroy
               has_many :changesets, :through => :repository
               has_one :wiki, :dependent => :destroy
               # Custom field for the project issues
               has_and_belongs_to_many :issue_custom_fields,
                                       :class_name => 'IssueCustomField',
                                       :order => "#{CustomField.table_name}.position",
                                       :join_table => "#{table_name_prefix}custom_fields_projects#{table_name_suffix}",
                                       :association_foreign_key => 'custom_field_id'
               acts_as_nested_set :order => 'name', :dependent => :destroy
               acts_as_attachable :view_permission => :view_files,
                                  :delete_permission => :manage_files
               acts_as_customizable
               acts_as_searchable :columns => ['name', 'identifier', 'description'], :project_key => 'id', :permission => nil
               acts_as_event :title => Proc.new {|o| "#{l(:label_project)}: #{o.name}"},
                             :url => Proc.new {|o| {:controller => 'projects', :action => 'show', :id => o}},
                             :author => nil
               attr_protected :status
               validates_presence_of :name, :identifier
               validates_uniqueness_of :identifier
               validates_associated :repository, :wiki
               validates_length_of :name, :maximum => 255
               validates_length_of :homepage, :maximum => 255
               validates_length_of :identifier, :in => 1..IDENTIFIER_MAX_LENGTH
               # donwcase letters, digits, dashes but not digits only
               validates_format_of :identifier, :with => /^(?!\d+$)[a-z0-9\-_]*$/, :if => Proc.new { |p| p.identifier_changed? }
               # reserved words
               validates_exclusion_of :identifier, :in => %w( new )
               after_save :update_position_under_parent, :if => Proc.new {|project| project.name_changed?}
               before_destroy :delete_all_members
-              scope :has_module, lambda { |mod| { :conditions => ["#{Project.table_name}.id IN (SELECT em.project_id FROM #{EnabledModule.table_name} em WHERE em.name=?)", mod.to_s] } }
+              scope :has_module, lambda {|mod|
-              scope :active, lambda { { :conditions => "#{Project.table_name}.status = #{STATUS_ACTIVE}" } }
+                where("#{Project.table_name}.id IN (SELECT em.project_id FROM #{EnabledModule.table_name} em WHERE em.name=?)", mod.to_s)
-              scope :status, lambda {|arg| arg.blank? ? {} : {:conditions => {:status => arg.to_i}} }
-              scope :all_public, lambda { { :conditions => { :is_public => true } } }
+              scope :active, lambda { where(:status => STATUS_ACTIVE) }
-              scope :visible, lambda {|*args| {:conditions => Project.visible_condition(args.shift || User.current, *args) }}
+              scope :status, lambda {|arg| where(arg.blank? ? nil : {:status => arg.to_i}) }
+              scope :all_public, lambda { where(:is_public => true) }
+              scope :visible, lambda {|*args| where(Project.visible_condition(args.shift || User.current, *args)) }
               scope :allowed_to, lambda {|*args|
                 user = User.current
                 permission = nil
                 if args.first.is_a?(Symbol)
                   permission = args.shift
                 else
                   user = args.shift
                   permission = args.shift
                 end
-                { :conditions => Project.allowed_to_condition(user, permission, *args) }
+                where(Project.allowed_to_condition(user, permission, *args))
               }
               scope :like, lambda {|arg|
                 if arg.blank?
-                  {}
+                  where(nil)
                 else
                   pattern = "%#{arg.to_s.strip.downcase}%"
-                  {:conditions => ["LOWER(identifier) LIKE :p OR LOWER(name) LIKE :p", {:p => pattern}]}
+                  where("LOWER(identifier) LIKE :p OR LOWER(name) LIKE :p", :p => pattern)
                 end
               }
               def initialize(attributes=nil, *args)
                 super
                 initialized = (attributes || {}).stringify_keys
                 if !initialized.key?('identifier') && Setting.sequential_project_identifiers?
                   self.identifier = Project.next_identifier
                 end
                 if !initialized.key?('is_public')
                   self.is_public = Setting.default_projects_public?
                 end
                 if !initialized.key?('enabled_module_names')
                   self.enabled_module_names = Setting.default_projects_modules
                 end
                 if !initialized.key?('trackers') && !initialized.key?('tracker_ids')
                   self.trackers = Tracker.sorted.all
                 end
               end
               def identifier=(identifier)
                 super unless identifier_frozen?
               end
               def identifier_frozen?
                 errors[:identifier].blank? && !(new_record? || identifier.blank?)
               end
               # returns latest created projects
               # non public projects will be returned only if user is a member of those
               def self.latest(user=nil, count=5)
                 visible(user).limit(count).order("created_on DESC").all
               end
               # Returns true if the project is visible to +user+ or to the current user.
               def visible?(user=User.current)
                 user.allowed_to?(:view_project, self)
               end
               # Returns a SQL conditions string used to find all projects visible by the specified user.
               #
               # Examples:
               #   Project.visible_condition(admin)        => "projects.status = 1"
               #   Project.visible_condition(normal_user)  => "((projects.status = 1) AND (projects.is_public = 1 OR projects.id IN (1,3,4)))"
               #   Project.visible_condition(anonymous)    => "((projects.status = 1) AND (projects.is_public = 1))"
               def self.visible_condition(user, options={})
                 allowed_to_condition(user, :view_project, options)
               end
               # Returns a SQL conditions string used to find all projects for which +user+ has the given +permission+
               #
               # Valid options:
               # * :project => limit the condition to project
               # * :with_subprojects => limit the condition to project and its subprojects
               # * :member => limit the condition to the user projects
               def self.allowed_to_condition(user, permission, options={})
                 perm = Redmine::AccessControl.permission(permission)
                 base_statement = (perm && perm.read? ? "#{Project.table_name}.status <> #{Project::STATUS_ARCHIVED}" : "#{Project.table_name}.status = #{Project::STATUS_ACTIVE}")
                 if perm && perm.project_module
                   # If the permission belongs to a project module, make sure the module is enabled
                   base_statement << " AND #{Project.table_name}.id IN (SELECT em.project_id FROM #{EnabledModule.table_name} em WHERE em.name='#{perm.project_module}')"
                 end
                 if options[:project]
                   project_statement = "#{Project.table_name}.id = #{options[:project].id}"
                   project_statement << " OR (#{Project.table_name}.lft > #{options[:project].lft} AND #{Project.table_name}.rgt < #{options[:project].rgt})" if options[:with_subprojects]
                   base_statement = "(#{project_statement}) AND (#{base_statement})"
                 end
                 if user.admin?
                   base_statement
                 else
                   statement_by_role = {}
                   unless options[:member]
                     role = user.logged? ? Role.non_member : Role.anonymous
                     if role.allowed_to?(permission)
                       statement_by_role[role] = "#{Project.table_name}.is_public = #{connection.quoted_true}"
                     end
                   end
                   if user.logged?
                     user.projects_by_role.each do |role, projects|
                       if role.allowed_to?(permission) && projects.any?
                         statement_by_role[role] = "#{Project.table_name}.id IN (#{projects.collect(&:id).join(',')})"
                       end
                     end
                   end
                   if statement_by_role.empty?
                     "1=0"
                   else
                     if block_given?
                       statement_by_role.each do |role, statement|
                         if s = yield(role, user)
                           statement_by_role[role] = "(#{statement} AND (#{s}))"
                         end
                       end
                     end
                     "((#{base_statement}) AND (#{statement_by_role.values.join(' OR ')}))"
                   end
                 end
               end
               # Returns the Systemwide and project specific activities
               def activities(include_inactive=false)
                 if include_inactive
                   return all_activities
                 else
                   return active_activities
                 end
               end
               # Will create a new Project specific Activity or update an existing one
               #
               # This will raise a ActiveRecord::Rollback if the TimeEntryActivity
               # does not successfully save.
               def update_or_create_time_entry_activity(id, activity_hash)
                 if activity_hash.respond_to?(:has_key?) && activity_hash.has_key?('parent_id')
                   self.create_time_entry_activity_if_needed(activity_hash)
                 else
                   activity = project.time_entry_activities.find_by_id(id.to_i)
                   activity.update_attributes(activity_hash) if activity
                 end
               end
               # Create a new TimeEntryActivity if it overrides a system TimeEntryActivity
               #
               # This will raise a ActiveRecord::Rollback if the TimeEntryActivity
               # does not successfully save.
               def create_time_entry_activity_if_needed(activity)
                 if activity['parent_id']
                   parent_activity = TimeEntryActivity.find(activity['parent_id'])
                   activity['name'] = parent_activity.name
                   activity['position'] = parent_activity.position
                   if Enumeration.overridding_change?(activity, parent_activity)
                     project_activity = self.time_entry_activities.create(activity)
                     if project_activity.new_record?
                       raise ActiveRecord::Rollback, "Overridding TimeEntryActivity was not successfully saved"
                     else
                       self.time_entries.update_all("activity_id = #{project_activity.id}", ["activity_id = ?", parent_activity.id])
                     end
                   end
                 end
               end
               # Returns a :conditions SQL string that can be used to find the issues associated with this project.
               #
               # Examples:
               #   project.project_condition(true)  => "(projects.id = 1 OR (projects.lft > 1 AND projects.rgt < 10))"
               #   project.project_condition(false) => "projects.id = 1"
               def project_condition(with_subprojects)
                 cond = "#{Project.table_name}.id = #{id}"
                 cond = "(#{cond} OR (#{Project.table_name}.lft > #{lft} AND #{Project.table_name}.rgt < #{rgt}))" if with_subprojects
                 cond
               end
               def self.find(*args)
                 if args.first && args.first.is_a?(String) && !args.first.match(/^\d*$/)
                   project = find_by_identifier(*args)
                   raise ActiveRecord::RecordNotFound, "Couldn't find Project with identifier=#{args.first}" if project.nil?
                   project
                 else
                   super
                 end
               end
               def self.find_by_param(*args)
                 self.find(*args)
               end
               def reload(*args)
                 @shared_versions = nil
                 @rolled_up_versions = nil
                 @rolled_up_trackers = nil
                 @all_issue_custom_fields = nil
                 @all_time_entry_custom_fields = nil
                 @to_param = nil
                 @allowed_parents = nil
                 @allowed_permissions = nil
                 @actions_allowed = nil
                 super
               end
               def to_param
                 # id is used for projects with a numeric identifier (compatibility)
                 @to_param ||= (identifier.to_s =~ %r{^\d*$} ? id.to_s : identifier)
               end
               def active?
                 self.status == STATUS_ACTIVE
               end
               def archived?
                 self.status == STATUS_ARCHIVED
               end
               # Archives the project and its descendants
               def archive
                 # Check that there is no issue of a non descendant project that is assigned
                 # to one of the project or descendant versions
                 v_ids = self_and_descendants.collect {|p| p.version_ids}.flatten
                 if v_ids.any? &&
                   Issue.
                     includes(:project).
                     where("#{Project.table_name}.lft < ? OR #{Project.table_name}.rgt > ?", lft, rgt).
                     where("#{Issue.table_name}.fixed_version_id IN (?)", v_ids).
                     exists?
                   return false
                 end
                 Project.transaction do
                   archive!
                 end
                 true
               end
               # Unarchives the project
               # All its ancestors must be active
               def unarchive
                 return false if ancestors.detect {|a| !a.active?}
                 update_attribute :status, STATUS_ACTIVE
               end
               def close
                 self_and_descendants.status(STATUS_ACTIVE).update_all :status => STATUS_CLOSED
               end
               def reopen
                 self_and_descendants.status(STATUS_CLOSED).update_all :status => STATUS_ACTIVE
               end
               # Returns an array of projects the project can be moved to
               # by the current user
               def allowed_parents
                 return @allowed_parents if @allowed_parents
                 @allowed_parents = Project.where(Project.allowed_to_condition(User.current, :add_subprojects)).all
                 @allowed_parents = @allowed_parents - self_and_descendants
                 if User.current.allowed_to?(:add_project, nil, :global => true) || (!new_record? && parent.nil?)
                   @allowed_parents << nil
                 end
                 unless parent.nil? || @allowed_parents.empty? || @allowed_parents.include?(parent)
                   @allowed_parents << parent
                 end
                 @allowed_parents
               end
               # Sets the parent of the project with authorization check
               def set_allowed_parent!(p)
                 unless p.nil? || p.is_a?(Project)
                   if p.to_s.blank?
                     p = nil
                   else
                     p = Project.find_by_id(p)
                     return false unless p
                   end
                 end
                 if p.nil?
                   if !new_record? && allowed_parents.empty?
                     return false
                   end
                 elsif !allowed_parents.include?(p)
                   return false
                 end
                 set_parent!(p)
               end
               # Sets the parent of the project
               # Argument can be either a Project, a String, a Fixnum or nil
               def set_parent!(p)
                 unless p.nil? || p.is_a?(Project)
                   if p.to_s.blank?
                     p = nil
                   else
                     p = Project.find_by_id(p)
                     return false unless p
                   end
                 end
                 if p == parent && !p.nil?
                   # Nothing to do
                   true
                 elsif p.nil? || (p.active? && move_possible?(p))
                   set_or_update_position_under(p)
                   Issue.update_versions_from_hierarchy_change(self)
                   true
                 else
                   # Can not move to the given target
                   false
                 end
               end
               # Recalculates all lft and rgt values based on project names
               # Unlike Project.rebuild!, these values are recalculated even if the tree "looks" valid
               # Used in BuildProjectsTree migration
               def self.rebuild_tree!
                 transaction do
                   update_all "lft = NULL, rgt = NULL"
                   rebuild!(false)
                 end
               end
               # Returns an array of the trackers used by the project and its active sub projects
               def rolled_up_trackers
                 @rolled_up_trackers ||=
                   Tracker.
                     joins(:projects).
                     select("DISTINCT #{Tracker.table_name}.*").
                     where("#{Project.table_name}.lft >= ? AND #{Project.table_name}.rgt <= ? AND #{Project.table_name}.status <> #{STATUS_ARCHIVED}", lft, rgt).
                     sorted.
                     all
               end
               # Closes open and locked project versions that are completed
               def close_completed_versions
                 Version.transaction do
                   versions.where(:status => %w(open locked)).all.each do |version|
                     if version.completed?
                       version.update_attribute(:status, 'closed')
                     end
                   end
                 end
               end
               # Returns a scope of the Versions on subprojects
               def rolled_up_versions
                 @rolled_up_versions ||=
                   Version.scoped(:include => :project,
                                  :conditions => ["#{Project.table_name}.lft >= ? AND #{Project.table_name}.rgt <= ? AND #{Project.table_name}.status <> #{STATUS_ARCHIVED}", lft, rgt])
               end
               # Returns a scope of the Versions used by the project
               def shared_versions
                 if new_record?
                   Version.scoped(:include => :project,
                                  :conditions => "#{Project.table_name}.status <> #{Project::STATUS_ARCHIVED} AND #{Version.table_name}.sharing = 'system'")
                 else
                   @shared_versions ||= begin
                     r = root? ? self : root
                     Version.scoped(:include => :project,
                                    :conditions => "#{Project.table_name}.id = #{id}" +
                                                   " OR (#{Project.table_name}.status <> #{Project::STATUS_ARCHIVED} AND (" +
                                                       " #{Version.table_name}.sharing = 'system'" +
                                                       " OR (#{Project.table_name}.lft >= #{r.lft} AND #{Project.table_name}.rgt <= #{r.rgt} AND #{Version.table_name}.sharing = 'tree')" +
                                                       " OR (#{Project.table_name}.lft < #{lft} AND #{Project.table_name}.rgt > #{rgt} AND #{Version.table_name}.sharing IN ('hierarchy', 'descendants'))" +
                                                       " OR (#{Project.table_name}.lft > #{lft} AND #{Project.table_name}.rgt < #{rgt} AND #{Version.table_name}.sharing = 'hierarchy')" +
                                                       "))")
                   end
                 end
               end
               # Returns a hash of project users grouped by role
               def users_by_role
                 members.includes(:user, :roles).all.inject({}) do |h, m|
                   m.roles.each do |r|
                     h[r] ||= []
                     h[r] << m.user
                   end
                   h
                 end
               end
               # Deletes all project's members
               def delete_all_members
                 me, mr = Member.table_name, MemberRole.table_name
                 connection.delete("DELETE FROM #{mr} WHERE #{mr}.member_id IN (SELECT #{me}.id FROM #{me} WHERE #{me}.project_id = #{id})")
                 Member.delete_all(['project_id = ?', id])
               end
               # Users/groups issues can be assigned to
               def assignable_users
                 assignable = Setting.issue_group_assignment? ? member_principals : members
                 assignable.select {|m| m.roles.detect {|role| role.assignable?}}.collect {|m| m.principal}.sort
               end
               # Returns the mail adresses of users that should be always notified on project events
               def recipients
                 notified_users.collect {|user| user.mail}
               end
               # Returns the users that should be notified on project events
               def notified_users
                 # TODO: User part should be extracted to User#notify_about?
                 members.select {|m| m.principal.present? && (m.mail_notification? || m.principal.mail_notification == 'all')}.collect {|m| m.principal}
               end
               # Returns an array of all custom fields enabled for project issues
               # (explictly associated custom fields and custom fields enabled for all projects)
               def all_issue_custom_fields
                 @all_issue_custom_fields ||= (IssueCustomField.for_all + issue_custom_fields).uniq.sort
               end
               # Returns an array of all custom fields enabled for project time entries
               # (explictly associated custom fields and custom fields enabled for all projects)
               def all_time_entry_custom_fields
                 @all_time_entry_custom_fields ||= (TimeEntryCustomField.for_all + time_entry_custom_fields).uniq.sort
               end
               def project
                 self
               end
               def <=>(project)
                 name.downcase <=> project.name.downcase
               end
               def to_s
                 name
               end
               # Returns a short description of the projects (first lines)
               def short_description(length = 255)
                 description.gsub(/^(.{#{length}}[^\n\r]*).*$/m, '\1...').strip if description
               end
               def css_classes
                 s = 'project'
                 s << ' root' if root?
                 s << ' child' if child?
                 s << (leaf? ? ' leaf' : ' parent')
                 unless active?
                   if archived?
                     s << ' archived'
                   else
                     s << ' closed'
                   end
                 end
                 s
               end
               # The earliest start date of a project, based on it's issues and versions
               def start_date
                 [
                  issues.minimum('start_date'),
                  shared_versions.collect(&:effective_date),
                  shared_versions.collect(&:start_date)
                 ].flatten.compact.min
               end
               # The latest due date of an issue or version
               def due_date
                 [
                  issues.maximum('due_date'),
                  shared_versions.collect(&:effective_date),
                  shared_versions.collect {|v| v.fixed_issues.maximum('due_date')}
                 ].flatten.compact.max
               end
               def overdue?
                 active? && !due_date.nil? && (due_date < Date.today)
               end
               # Returns the percent completed for this project, based on the
               # progress on it's versions.
               def completed_percent(options={:include_subprojects => false})
                 if options.delete(:include_subprojects)
                   total = self_and_descendants.collect(&:completed_percent).sum
                   total / self_and_descendants.count
                 else
                   if versions.count > 0
                     total = versions.collect(&:completed_pourcent).sum
                     total / versions.count
                   else
                   end
                 end
               end
               # Return true if this project allows to do the specified action.
               # action can be:
               # * a parameter-like Hash (eg. :controller => 'projects', :action => 'edit')
               # * a permission Symbol (eg. :edit_project)
               def allows_to?(action)
                 if archived?
                   # No action allowed on archived projects
                   return false
                 end
                 unless active? || Redmine::AccessControl.read_action?(action)
                   # No write action allowed on closed projects
                   return false
                 end
                 # No action allowed on disabled modules
                 if action.is_a? Hash
                   allowed_actions.include? "#{action[:controller]}/#{action[:action]}"
                 else
                   allowed_permissions.include? action
                 end
               end
               def module_enabled?(module_name)
                 module_name = module_name.to_s
                 enabled_modules.detect {|m| m.name == module_name}
               end
               def enabled_module_names=(module_names)
                 if module_names && module_names.is_a?(Array)
                   module_names = module_names.collect(&:to_s).reject(&:blank?)
                   self.enabled_modules = module_names.collect {|name| enabled_modules.detect {|mod| mod.name == name} || EnabledModule.new(:name => name)}
                 else
                   enabled_modules.clear
                 end
               end
               # Returns an array of the enabled modules names
               def enabled_module_names
                 enabled_modules.collect(&:name)
               end
               # Enable a specific module
               #
               # Examples:
               #   project.enable_module!(:issue_tracking)
               #   project.enable_module!("issue_tracking")
               def enable_module!(name)
                 enabled_modules << EnabledModule.new(:name => name.to_s) unless module_enabled?(name)
               end
               # Disable a module if it exists
               #
               # Examples:
               #   project.disable_module!(:issue_tracking)
               #   project.disable_module!("issue_tracking")
               #   project.disable_module!(project.enabled_modules.first)
               def disable_module!(target)
                 target = enabled_modules.detect{|mod| target.to_s == mod.name} unless enabled_modules.include?(target)
                 target.destroy unless target.blank?
               end
               safe_attributes 'name',
                 'description',
                 'homepage',
                 'is_public',
                 'identifier',
                 'custom_field_values',
                 'custom_fields',
                 'tracker_ids',
                 'issue_custom_field_ids'
               safe_attributes 'enabled_module_names',
                 :if => lambda {|project, user| project.new_record? || user.allowed_to?(:select_project_modules, project) }
               # Returns an array of projects that are in this project's hierarchy
               #
               # Example: parents, children, siblings
               def hierarchy
                 parents = project.self_and_ancestors || []
                 descendants = project.descendants || []
                 project_hierarchy = parents | descendants # Set union
               end
               # Returns an auto-generated project identifier based on the last identifier used
               def self.next_identifier
                 p = Project.order('created_on DESC').first
                 p.nil? ? nil : p.identifier.to_s.succ
               end
               # Copies and saves the Project instance based on the +project+.
               # Duplicates the source project's:
               # * Wiki
               # * Versions
               # * Categories
               # * Issues
               # * Members
               # * Queries
               #
               # Accepts an +options+ argument to specify what to copy
               #
               # Examples:
               #   project.copy(1)                                    # => copies everything
               #   project.copy(1, :only => 'members')                # => copies members only
               #   project.copy(1, :only => ['members', 'versions'])  # => copies members and versions
               def copy(project, options={})
                 project = project.is_a?(Project) ? project : Project.find(project)
                 to_be_copied = %w(wiki versions issue_categories issues members queries boards)
                 to_be_copied = to_be_copied & options[:only].to_a unless options[:only].nil?
                 Project.transaction do
                   if save
                     reload
                     to_be_copied.each do |name|
                       send "copy_#{name}", project
                     end
                     Redmine::Hook.call_hook(:model_project_copy_before_save, :source_project => project, :destination_project => self)
                     save
                   end
                 end
               end
               # Returns a new unsaved Project instance with attributes copied from +project+
               def self.copy_from(project)
                 project = project.is_a?(Project) ? project : Project.find(project)
                 # clear unique attributes
                 attributes = project.attributes.dup.except('id', 'name', 'identifier', 'status', 'parent_id', 'lft', 'rgt')
                 copy = Project.new(attributes)
                 copy.enabled_modules = project.enabled_modules
                 copy.trackers = project.trackers
                 copy.custom_values = project.custom_values.collect {|v| v.clone}
                 copy.issue_custom_fields = project.issue_custom_fields
                 copy
               end
               # Yields the given block for each project with its level in the tree
               def self.project_tree(projects, &block)
                 ancestors = []
                 projects.sort_by(&:lft).each do |project|
                   while (ancestors.any? && !project.is_descendant_of?(ancestors.last))
                     ancestors.pop
                   end
                   yield project, ancestors.size
                   ancestors << project
                 end
               end
               private
               # Copies wiki from +project+
               def copy_wiki(project)
                 # Check that the source project has a wiki first
                 unless project.wiki.nil?
                   self.wiki ||= Wiki.new
                   wiki.attributes = project.wiki.attributes.dup.except("id", "project_id")
                   wiki_pages_map = {}
                   project.wiki.pages.each do |page|
                     # Skip pages without content
                     next if page.content.nil?
                     new_wiki_content = WikiContent.new(page.content.attributes.dup.except("id", "page_id", "updated_on"))
                     new_wiki_page = WikiPage.new(page.attributes.dup.except("id", "wiki_id", "created_on", "parent_id"))
                     new_wiki_page.content = new_wiki_content
                     wiki.pages << new_wiki_page
                     wiki_pages_map[page.id] = new_wiki_page
                   end
                   wiki.save
                   # Reproduce page hierarchy
                   project.wiki.pages.each do |page|
                     if page.parent_id && wiki_pages_map[page.id]
                       wiki_pages_map[page.id].parent = wiki_pages_map[page.parent_id]
                       wiki_pages_map[page.id].save
                     end
                   end
                 end
               end
               # Copies versions from +project+
               def copy_versions(project)
                 project.versions.each do |version|
                   new_version = Version.new
                   new_version.attributes = version.attributes.dup.except("id", "project_id", "created_on", "updated_on")
                   self.versions << new_version
                 end
               end
               # Copies issue categories from +project+
               def copy_issue_categories(project)
                 project.issue_categories.each do |issue_category|
                   new_issue_category = IssueCategory.new
                   new_issue_category.attributes = issue_category.attributes.dup.except("id", "project_id")
                   self.issue_categories << new_issue_category
                 end
               end
               # Copies issues from +project+
               def copy_issues(project)
                 # Stores the source issue id as a key and the copied issues as the
                 # value.  Used to map the two togeather for issue relations.
                 issues_map = {}
                 # Store status and reopen locked/closed versions
                 version_statuses = versions.reject(&:open?).map {|version| [version, version.status]}
                 version_statuses.each do |version, status|
                   version.update_attribute :status, 'open'
                 end
                 # Get issues sorted by root_id, lft so that parent issues
                 # get copied before their children
                 project.issues.reorder('root_id, lft').all.each do |issue|
                   new_issue = Issue.new
                   new_issue.copy_from(issue, :subtasks => false, :link => false)
                   new_issue.project = self
                   # Reassign fixed_versions by name, since names are unique per project
                   if issue.fixed_version && issue.fixed_version.project == project
                     new_issue.fixed_version = self.versions.detect {|v| v.name == issue.fixed_version.name}
                   end
                   # Reassign the category by name, since names are unique per project
                   if issue.category
                     new_issue.category = self.issue_categories.detect {|c| c.name == issue.category.name}
                   end
                   # Parent issue
                   if issue.parent_id
                     if copied_parent = issues_map[issue.parent_id]
                       new_issue.parent_issue_id = copied_parent.id
                     end
                   end
                   self.issues << new_issue
                   if new_issue.new_record?
                     logger.info "Project#copy_issues: issue ##{issue.id} could not be copied: #{new_issue.errors.full_messages}" if logger && logger.info
                   else
                     issues_map[issue.id] = new_issue unless new_issue.new_record?
                   end
                 end
                 # Restore locked/closed version statuses
                 version_statuses.each do |version, status|
                   version.update_attribute :status, status
                 end
                 # Relations after in case issues related each other
                 project.issues.each do |issue|
                   new_issue = issues_map[issue.id]
                   unless new_issue
                     # Issue was not copied
                     next
                   end
                   # Relations
                   issue.relations_from.each do |source_relation|
                     new_issue_relation = IssueRelation.new
                     new_issue_relation.attributes = source_relation.attributes.dup.except("id", "issue_from_id", "issue_to_id")
                     new_issue_relation.issue_to = issues_map[source_relation.issue_to_id]
                     if new_issue_relation.issue_to.nil? && Setting.cross_project_issue_relations?
                       new_issue_relation.issue_to = source_relation.issue_to
                     end
                     new_issue.relations_from << new_issue_relation
                   end
                   issue.relations_to.each do |source_relation|
                     new_issue_relation = IssueRelation.new
                     new_issue_relation.attributes = source_relation.attributes.dup.except("id", "issue_from_id", "issue_to_id")
                     new_issue_relation.issue_from = issues_map[source_relation.issue_from_id]
                     if new_issue_relation.issue_from.nil? && Setting.cross_project_issue_relations?
                       new_issue_relation.issue_from = source_relation.issue_from
                     end
                     new_issue.relations_to << new_issue_relation
                   end
                 end
               end
               # Copies members from +project+
               def copy_members(project)
                 # Copy users first, then groups to handle members with inherited and given roles
                 members_to_copy = []
                 members_to_copy += project.memberships.select {|m| m.principal.is_a?(User)}
                 members_to_copy += project.memberships.select {|m| !m.principal.is_a?(User)}
                 members_to_copy.each do |member|
                   new_member = Member.new
                   new_member.attributes = member.attributes.dup.except("id", "project_id", "created_on")
                   # only copy non inherited roles
                   # inherited roles will be added when copying the group membership
                   role_ids = member.member_roles.reject(&:inherited?).collect(&:role_id)
                   next if role_ids.empty?
                   new_member.role_ids = role_ids
                   new_member.project = self
                   self.members << new_member
                 end
               end
               # Copies queries from +project+
               def copy_queries(project)
                 project.queries.each do |query|
                   new_query = ::Query.new
                   new_query.attributes = query.attributes.dup.except("id", "project_id", "sort_criteria")
                   new_query.sort_criteria = query.sort_criteria if query.sort_criteria
                   new_query.project = self
                   new_query.user_id = query.user_id
                   self.queries << new_query
                 end
               end
               # Copies boards from +project+
               def copy_boards(project)
                 project.boards.each do |board|
                   new_board = Board.new
                   new_board.attributes = board.attributes.dup.except("id", "project_id", "topics_count", "messages_count", "last_message_id")
                   new_board.project = self
                   self.boards << new_board
                 end
               end
               def allowed_permissions
                 @allowed_permissions ||= begin
                   module_names = enabled_modules.all(:select => :name).collect {|m| m.name}
                   Redmine::AccessControl.modules_permissions(module_names).collect {|p| p.name}
                 end
               end
               def allowed_actions
                 @actions_allowed ||= allowed_permissions.inject([]) { |actions, permission| actions += Redmine::AccessControl.allowed_actions(permission) }.flatten
               end
               # Returns all the active Systemwide and project specific activities
               def active_activities
                 overridden_activity_ids = self.time_entry_activities.collect(&:parent_id)
                 if overridden_activity_ids.empty?
                   return TimeEntryActivity.shared.active
                 else
                   return system_activities_and_project_overrides
                 end
               end
               # Returns all the Systemwide and project specific activities
               # (inactive and active)
               def all_activities
                 overridden_activity_ids = self.time_entry_activities.collect(&:parent_id)
                 if overridden_activity_ids.empty?
                   return TimeEntryActivity.shared
                 else
                   return system_activities_and_project_overrides(true)
                 end
               end
               # Returns the systemwide active activities merged with the project specific overrides
               def system_activities_and_project_overrides(include_inactive=false)
                 if include_inactive
                   return TimeEntryActivity.shared.
                     where("id NOT IN (?)", self.time_entry_activities.collect(&:parent_id)).all +
                     self.time_entry_activities
                 else
                   return TimeEntryActivity.shared.active.
                     where("id NOT IN (?)", self.time_entry_activities.collect(&:parent_id)).all +
                     self.time_entry_activities.active
                 end
               end
               # Archives subprojects recursively
               def archive!
                 children.each do |subproject|
                   subproject.send :archive!
                 end
                 update_attribute :status, STATUS_ARCHIVED
               end
               def update_position_under_parent
                 set_or_update_position_under(parent)
               end
               # Inserts/moves the project so that target's children or root projects stay alphabetically sorted
               def set_or_update_position_under(target_parent)
                 sibs = (target_parent.nil? ? self.class.roots : target_parent.children)
                 to_be_inserted_before = sibs.sort_by {|c| c.name.to_s.downcase}.detect {|c| c.name.to_s.downcase > name.to_s.downcase }
                 if to_be_inserted_before
                   move_to_left_of(to_be_inserted_before)
                 elsif target_parent.nil?
                   if sibs.empty?
                     # move_to_root adds the project in first (ie. left) position
                     move_to_root
                   else
                     move_to_right_of(sibs.last) unless self == sibs.last
                   end
                 else
                   # move_to_child_of adds the project in last (ie.right) position
                   move_to_child_of(target_parent)
                 end
               end
             end

app/models/query.rb +2 -4

             # Redmine - project management software
             # Copyright (C) 2006-2012  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             class QueryColumn
               attr_accessor :name, :sortable, :groupable, :default_order
               include Redmine::I18n
               def initialize(name, options={})
                 self.name = name
                 self.sortable = options[:sortable]
                 self.groupable = options[:groupable] || false
                 if groupable == true
                   self.groupable = name.to_s
                 end
                 self.default_order = options[:default_order]
                 @inline = options.key?(:inline) ? options[:inline] : true
                 @caption_key = options[:caption] || "field_#{name}"
               end
               def caption
                 l(@caption_key)
               end
               # Returns true if the column is sortable, otherwise false
               def sortable?
                 !@sortable.nil?
               end
               def sortable
                 @sortable.is_a?(Proc) ? @sortable.call : @sortable
               end
               def inline?
                 @inline
               end
               def value(issue)
                 issue.send name
               end
               def css_classes
                 name
               end
             end
             class QueryCustomFieldColumn < QueryColumn
               def initialize(custom_field)
                 self.name = "cf_#{custom_field.id}".to_sym
                 self.sortable = custom_field.order_statement || false
                 self.groupable = custom_field.group_statement || false
                 @inline = true
                 @cf = custom_field
               end
               def caption
                 @cf.name
               end
               def custom_field
                 @cf
               end
               def value(issue)
                 cv = issue.custom_values.select {|v| v.custom_field_id == @cf.id}.collect {|v| @cf.cast_value(v.value)}
                 cv.size > 1 ? cv.sort {|a,b| a.to_s <=> b.to_s} : cv.first
               end
               def css_classes
                 @css_classes ||= "#{name} #{@cf.field_format}"
               end
             end
             class Query < ActiveRecord::Base
               class StatementInvalid < ::ActiveRecord::StatementInvalid
               end
               belongs_to :project
               belongs_to :user
               serialize :filters
               serialize :column_names
               serialize :sort_criteria, Array
               attr_protected :project_id, :user_id
               validates_presence_of :name
               validates_length_of :name, :maximum => 255
               validate :validate_query_filters
               @@operators = { "="   => :label_equals,
                               "!"   => :label_not_equals,
                               "o"   => :label_open_issues,
                               "c"   => :label_closed_issues,
                               "!*"  => :label_none,
                               "*"   => :label_any,
                               ">="  => :label_greater_or_equal,
                               "<="  => :label_less_or_equal,
                               "><"  => :label_between,
                               "<t+" => :label_in_less_than,
                               ">t+" => :label_in_more_than,
                               "><t+"=> :label_in_the_next_days,
                               "t+"  => :label_in,
                               "t"   => :label_today,
                               "w"   => :label_this_week,
                               ">t-" => :label_less_than_ago,
                               "<t-" => :label_more_than_ago,
                               "><t-"=> :label_in_the_past_days,
                               "t-"  => :label_ago,
                               "~"   => :label_contains,
                               "!~"  => :label_not_contains,
                               "=p"  => :label_any_issues_in_project,
                               "=!p" => :label_any_issues_not_in_project,
                               "!p"  => :label_no_issues_in_project}
               cattr_reader :operators
               @@operators_by_filter_type = { :list => [ "=", "!" ],
                                              :list_status => [ "o", "=", "!", "c", "*" ],
                                              :list_optional => [ "=", "!", "!*", "*" ],
                                              :list_subprojects => [ "*", "!*", "=" ],
                                              :date => [ "=", ">=", "<=", "><", "<t+", ">t+", "><t+", "t+", "t", "w", ">t-", "<t-", "><t-", "t-", "!*", "*" ],
                                              :date_past => [ "=", ">=", "<=", "><", ">t-", "<t-", "><t-", "t-", "t", "w", "!*", "*" ],
                                              :string => [ "=", "~", "!", "!~", "!*", "*" ],
                                              :text => [  "~", "!~", "!*", "*" ],
                                              :integer => [ "=", ">=", "<=", "><", "!*", "*" ],
                                              :float => [ "=", ">=", "<=", "><", "!*", "*" ],
                                              :relation => ["=", "=p", "=!p", "!p", "!*", "*"]}
               cattr_reader :operators_by_filter_type
               @@available_columns = [
                 QueryColumn.new(:project, :sortable => "#{Project.table_name}.name", :groupable => true),
                 QueryColumn.new(:tracker, :sortable => "#{Tracker.table_name}.position", :groupable => true),
                 QueryColumn.new(:parent, :sortable => ["#{Issue.table_name}.root_id", "#{Issue.table_name}.lft ASC"], :default_order => 'desc', :caption => :field_parent_issue),
                 QueryColumn.new(:status, :sortable => "#{IssueStatus.table_name}.position", :groupable => true),
                 QueryColumn.new(:priority, :sortable => "#{IssuePriority.table_name}.position", :default_order => 'desc', :groupable => true),
                 QueryColumn.new(:subject, :sortable => "#{Issue.table_name}.subject"),
                 QueryColumn.new(:author, :sortable => lambda {User.fields_for_order_statement("authors")}, :groupable => true),
                 QueryColumn.new(:assigned_to, :sortable => lambda {User.fields_for_order_statement}, :groupable => true),
                 QueryColumn.new(:updated_on, :sortable => "#{Issue.table_name}.updated_on", :default_order => 'desc'),
                 QueryColumn.new(:category, :sortable => "#{IssueCategory.table_name}.name", :groupable => true),
                 QueryColumn.new(:fixed_version, :sortable => lambda {Version.fields_for_order_statement}, :groupable => true),
                 QueryColumn.new(:start_date, :sortable => "#{Issue.table_name}.start_date"),
                 QueryColumn.new(:due_date, :sortable => "#{Issue.table_name}.due_date"),
                 QueryColumn.new(:estimated_hours, :sortable => "#{Issue.table_name}.estimated_hours"),
                 QueryColumn.new(:done_ratio, :sortable => "#{Issue.table_name}.done_ratio", :groupable => true),
                 QueryColumn.new(:created_on, :sortable => "#{Issue.table_name}.created_on", :default_order => 'desc'),
                 QueryColumn.new(:relations, :caption => :label_related_issues),
                 QueryColumn.new(:description, :inline => false)
               ]
               cattr_reader :available_columns
               scope :visible, lambda {|*args|
                 user = args.shift || User.current
                 base = Project.allowed_to_condition(user, :view_issues, *args)
                 user_id = user.logged? ? user.id : 0
-                  :conditions => ["(#{table_name}.project_id IS NULL OR (#{base})) AND (#{table_name}.is_public = ? OR #{table_name}.user_id = ?)", true, user_id],
+                includes(:project).where("(#{table_name}.project_id IS NULL OR (#{base})) AND (#{table_name}.is_public = ? OR #{table_name}.user_id = ?)", true, user_id)
-                  :include => :project
               }
               def initialize(attributes=nil, *args)
                 super attributes
                 self.filters ||= { 'status_id' => {:operator => "o", :values => [""]} }
                 @is_for_all = project.nil?
               end
               def validate_query_filters
                 filters.each_key do |field|
                   if values_for(field)
                     case type_for(field)
                     when :integer
                       add_filter_error(field, :invalid) if values_for(field).detect {|v| v.present? && !v.match(/^[+-]?\d+$/) }
                     when :float
                       add_filter_error(field, :invalid) if values_for(field).detect {|v| v.present? && !v.match(/^[+-]?\d+(\.\d*)?$/) }
                     when :date, :date_past
                       case operator_for(field)
                       when "=", ">=", "<=", "><"
                         add_filter_error(field, :invalid) if values_for(field).detect {|v| v.present? && (!v.match(/^\d{4}-\d{2}-\d{2}$/) || (Date.parse(v) rescue nil).nil?) }
                       when ">t-", "<t-", "t-", ">t+", "<t+", "t+", "><t+", "><t-"
                         add_filter_error(field, :invalid) if values_for(field).detect {|v| v.present? && !v.match(/^\d+$/) }
                       end
                     end
                   end
                   add_filter_error(field, :blank) unless
                       # filter requires one or more values
                       (values_for(field) and !values_for(field).first.blank?) or
                       # filter doesn't require any value
                       ["o", "c", "!*", "*", "t", "w"].include? operator_for(field)
                 end if filters
               end
               def add_filter_error(field, message)
                 m = label_for(field) + " " + l(message, :scope => 'activerecord.errors.messages')
                 errors.add(:base, m)
               end
               # Returns true if the query is visible to +user+ or the current user.
               def visible?(user=User.current)
                 (project.nil? || user.allowed_to?(:view_issues, project)) && (self.is_public? || self.user_id == user.id)
               end
               def editable_by?(user)
                 return false unless user
                 # Admin can edit them all and regular users can edit their private queries
                 return true if user.admin? || (!is_public && self.user_id == user.id)
                 # Members can not edit public queries that are for all project (only admin is allowed to)
                 is_public && !@is_for_all && user.allowed_to?(:manage_public_queries, project)
               end
               def trackers
                 @trackers ||= project.nil? ? Tracker.sorted.all : project.rolled_up_trackers
               end
               # Returns a hash of localized labels for all filter operators
               def self.operators_labels
                 operators.inject({}) {|h, operator| h[operator.first] = l(operator.last); h}
               end
               def available_filters
                 return @available_filters if @available_filters
                 @available_filters = {
                   "status_id" => {
                     :type => :list_status, :order => 0,
                     :values => IssueStatus.sorted.all.collect{|s| [s.name, s.id.to_s] }
                    },
                   "tracker_id" => {
                     :type => :list, :order => 2, :values => trackers.collect{|s| [s.name, s.id.to_s] }
                    },
                   "priority_id" => {
                     :type => :list, :order => 3, :values => IssuePriority.all.collect{|s| [s.name, s.id.to_s] }
                    },
                   "subject" => { :type => :text, :order => 8 },
                   "created_on" => { :type => :date_past, :order => 9 },
                   "updated_on" => { :type => :date_past, :order => 10 },
                   "start_date" => { :type => :date, :order => 11 },
                   "due_date" => { :type => :date, :order => 12 },
                   "estimated_hours" => { :type => :float, :order => 13 },
                   "done_ratio" =>  { :type => :integer, :order => 14 }
                 }
                 IssueRelation::TYPES.each do |relation_type, options|
                   @available_filters[relation_type] = {
                     :type => :relation, :order => @available_filters.size + 100,
                     :label => options[:name]
                   }
                 end
                 principals = []
                 if project
                   principals += project.principals.sort
                   unless project.leaf?
                     subprojects = project.descendants.visible.all
                     if subprojects.any?
                       @available_filters["subproject_id"] = {
                         :type => :list_subprojects, :order => 13,
                         :values => subprojects.collect{|s| [s.name, s.id.to_s] }
                       }
                       principals += Principal.member_of(subprojects)
                     end
                   end
                 else
                   if all_projects.any?
                     # members of visible projects
                     principals += Principal.member_of(all_projects)
                     # project filter
                     project_values = []
                     if User.current.logged? && User.current.memberships.any?
                       project_values << ["<< #{l(:label_my_projects).downcase} >>", "mine"]
                     end
                     project_values += all_projects_values
                     @available_filters["project_id"] = {
                       :type => :list, :order => 1, :values => project_values
                     } unless project_values.empty?
                   end
                 end
                 principals.uniq!
                 principals.sort!
                 users = principals.select {|p| p.is_a?(User)}
                 assigned_to_values = []
                 assigned_to_values << ["<< #{l(:label_me)} >>", "me"] if User.current.logged?
                 assigned_to_values += (Setting.issue_group_assignment? ?
                                           principals : users).collect{|s| [s.name, s.id.to_s] }
                 @available_filters["assigned_to_id"] = {
                   :type => :list_optional, :order => 4, :values => assigned_to_values
                 } unless assigned_to_values.empty?
                 author_values = []
                 author_values << ["<< #{l(:label_me)} >>", "me"] if User.current.logged?
                 author_values += users.collect{|s| [s.name, s.id.to_s] }
                 @available_filters["author_id"] = {
                   :type => :list, :order => 5, :values => author_values
                 } unless author_values.empty?
                 group_values = Group.all.collect {|g| [g.name, g.id.to_s] }
                 @available_filters["member_of_group"] = {
                   :type => :list_optional, :order => 6, :values => group_values
                 } unless group_values.empty?
                 role_values = Role.givable.collect {|r| [r.name, r.id.to_s] }
                 @available_filters["assigned_to_role"] = {
                   :type => :list_optional, :order => 7, :values => role_values
                 } unless role_values.empty?
                 if User.current.logged?
                   @available_filters["watcher_id"] = {
                     :type => :list, :order => 15, :values => [["<< #{l(:label_me)} >>", "me"]]
                   }
                 end
                 if project
                   # project specific filters
                   categories = project.issue_categories.all
                   unless categories.empty?
                     @available_filters["category_id"] = {
                       :type => :list_optional, :order => 6,
                       :values => categories.collect{|s| [s.name, s.id.to_s] }
                     }
                   end
                   versions = project.shared_versions.all
                   unless versions.empty?
                     @available_filters["fixed_version_id"] = {
                       :type => :list_optional, :order => 7,
                       :values => versions.sort.collect{|s| ["#{s.project.name} - #{s.name}", s.id.to_s] }
                     }
                   end
                   add_custom_fields_filters(project.all_issue_custom_fields)
                 else
                   # global filters for cross project issue list
                   system_shared_versions = Version.visible.find_all_by_sharing('system')
                   unless system_shared_versions.empty?
                     @available_filters["fixed_version_id"] = {
                       :type => :list_optional, :order => 7,
                       :values => system_shared_versions.sort.collect{|s|
                                                    ["#{s.project.name} - #{s.name}", s.id.to_s]
                                                  }
                     }
                   end
                   add_custom_fields_filters(IssueCustomField.where(:is_filter => true, :is_for_all => true).all)
                 end
                 add_associations_custom_fields_filters :project, :author, :assigned_to, :fixed_version
                 if User.current.allowed_to?(:set_issues_private, nil, :global => true) ||
                   User.current.allowed_to?(:set_own_issues_private, nil, :global => true)
                   @available_filters["is_private"] = {
                     :type => :list, :order => 16,
                     :values => [[l(:general_text_yes), "1"], [l(:general_text_no), "0"]]
                   }
                 end
                 Tracker.disabled_core_fields(trackers).each {|field|
                   @available_filters.delete field
                 }
                 @available_filters.each do |field, options|
                   options[:name] ||= l(options[:label] || "field_#{field}".gsub(/_id$/, ''))
                 end
                 @available_filters
               end
               # Returns a representation of the available filters for JSON serialization
               def available_filters_as_json
                 json = {}
                 available_filters.each do |field, options|
                   json[field] = options.slice(:type, :name, :values).stringify_keys
                 end
                 json
               end
               def all_projects
                 @all_projects ||= Project.visible.all
               end
               def all_projects_values
                 return @all_projects_values if @all_projects_values
                 values = []
                 Project.project_tree(all_projects) do |p, level|
                   prefix = (level > 0 ? ('--' * level + ' ') : '')
                   values << ["#{prefix}#{p.name}", p.id.to_s]
                 end
                 @all_projects_values = values
               end
               def add_filter(field, operator, values)
                 # values must be an array
                 return unless values.nil? || values.is_a?(Array)
                 # check if field is defined as an available filter
                 if available_filters.has_key? field
                   filter_options = available_filters[field]
                   # check if operator is allowed for that filter
                   #if @@operators_by_filter_type[filter_options[:type]].include? operator
                   #  allowed_values = values & ([""] + (filter_options[:values] || []).collect {|val| val[1]})
                   #  filters[field] = {:operator => operator, :values => allowed_values } if (allowed_values.first and !allowed_values.first.empty?) or ["o", "c", "!*", "*", "t"].include? operator
                   #end
                   filters[field] = {:operator => operator, :values => (values || [''])}
                 end
               end
               def add_short_filter(field, expression)
                 return unless expression && available_filters.has_key?(field)
                 field_type = available_filters[field][:type]
                 @@operators_by_filter_type[field_type].sort.reverse.detect do |operator|
                   next unless expression =~ /^#{Regexp.escape(operator)}(.*)$/
                   add_filter field, operator, $1.present? ? $1.split('|') : ['']
                 end || add_filter(field, '=', expression.split('|'))
               end
               # Add multiple filters using +add_filter+
               def add_filters(fields, operators, values)
                 if fields.is_a?(Array) && operators.is_a?(Hash) && (values.nil? || values.is_a?(Hash))
                   fields.each do |field|
                     add_filter(field, operators[field], values && values[field])
                   end
                 end
               end
               def has_filter?(field)
                 filters and filters[field]
               end
               def type_for(field)
                 available_filters[field][:type] if available_filters.has_key?(field)
               end
               def operator_for(field)
                 has_filter?(field) ? filters[field][:operator] : nil
               end
               def values_for(field)
                 has_filter?(field) ? filters[field][:values] : nil
               end
               def value_for(field, index=0)
                 (values_for(field) || [])[index]
               end
               def label_for(field)
                 label = available_filters[field][:name] if available_filters.has_key?(field)
                 label ||= l("field_#{field.to_s.gsub(/_id$/, '')}", :default => field)
               end
               def available_columns
                 return @available_columns if @available_columns
                 @available_columns = ::Query.available_columns.dup
                 @available_columns += (project ?
                                         project.all_issue_custom_fields :
                                         IssueCustomField.all
                                        ).collect {|cf| QueryCustomFieldColumn.new(cf) }
                 if User.current.allowed_to?(:view_time_entries, project, :global => true)
                   index = nil
                   @available_columns.each_with_index {|column, i| index = i if column.name == :estimated_hours}
                   index = (index ? index + 1 : -1)
                   # insert the column after estimated_hours or at the end
                   @available_columns.insert index, QueryColumn.new(:spent_hours,
                     :sortable => "(SELECT COALESCE(SUM(hours), 0) FROM #{TimeEntry.table_name} WHERE #{TimeEntry.table_name}.issue_id = #{Issue.table_name}.id)",
                     :default_order => 'desc',
                     :caption => :label_spent_time
                   )
                 end
                 if User.current.allowed_to?(:set_issues_private, nil, :global => true) ||
                   User.current.allowed_to?(:set_own_issues_private, nil, :global => true)
                   @available_columns << QueryColumn.new(:is_private, :sortable => "#{Issue.table_name}.is_private")
                 end
                 disabled_fields = Tracker.disabled_core_fields(trackers).map {|field| field.sub(/_id$/, '')}
                 @available_columns.reject! {|column|
                   disabled_fields.include?(column.name.to_s)
                 }
                 @available_columns
               end
               def self.available_columns=(v)
                 self.available_columns = (v)
               end
               def self.add_available_column(column)
                 self.available_columns << (column) if column.is_a?(QueryColumn)
               end
               # Returns an array of columns that can be used to group the results
               def groupable_columns
                 available_columns.select {|c| c.groupable}
               end
               # Returns a Hash of columns and the key for sorting
               def sortable_columns
                 {'id' => "#{Issue.table_name}.id"}.merge(available_columns.inject({}) {|h, column|
                                                            h[column.name.to_s] = column.sortable
                                                            h
                                                          })
               end
               def columns
                 # preserve the column_names order
                 (has_default_columns? ? default_columns_names : column_names).collect do |name|
                    available_columns.find { |col| col.name == name }
                 end.compact
               end
               def inline_columns
                 columns.select(&:inline?)
               end
               def block_columns
                 columns.reject(&:inline?)
               end
               def available_inline_columns
                 available_columns.select(&:inline?)
               end
               def available_block_columns
                 available_columns.reject(&:inline?)
               end
               def default_columns_names
                 @default_columns_names ||= begin
                   default_columns = Setting.issue_list_default_columns.map(&:to_sym)
                   project.present? ? default_columns : [:project] | default_columns
                 end
               end
               def column_names=(names)
                 if names
                   names = names.select {|n| n.is_a?(Symbol) || !n.blank? }
                   names = names.collect {|n| n.is_a?(Symbol) ? n : n.to_sym }
                   # Set column_names to nil if default columns
                   if names == default_columns_names
                     names = nil
                   end
                 end
                 write_attribute(:column_names, names)
               end
               def has_column?(column)
                 column_names && column_names.include?(column.is_a?(QueryColumn) ? column.name : column)
               end
               def has_default_columns?
                 column_names.nil? || column_names.empty?
               end
               def sort_criteria=(arg)
                 c = []
                 if arg.is_a?(Hash)
                   arg = arg.keys.sort.collect {|k| arg[k]}
                 end
                 c = arg.select {|k,o| !k.to_s.blank?}.slice(0,3).collect {|k,o| [k.to_s, (o == 'desc' || o == false) ? 'desc' : 'asc']}
                 write_attribute(:sort_criteria, c)
               end
               def sort_criteria
                 read_attribute(:sort_criteria) || []
               end
               def sort_criteria_key(arg)
                 sort_criteria && sort_criteria[arg] && sort_criteria[arg].first
               end
               def sort_criteria_order(arg)
                 sort_criteria && sort_criteria[arg] && sort_criteria[arg].last
               end
               def sort_criteria_order_for(key)
                 sort_criteria.detect {|k, order| key.to_s == k}.try(:last)
               end
               # Returns the SQL sort order that should be prepended for grouping
               def group_by_sort_order
                 if grouped? && (column = group_by_column)
                   order = sort_criteria_order_for(column.name) || column.default_order
                   column.sortable.is_a?(Array) ?
                     column.sortable.collect {|s| "#{s} #{order}"}.join(',') :
                     "#{column.sortable} #{order}"
                 end
               end
               # Returns true if the query is a grouped query
               def grouped?
                 !group_by_column.nil?
               end
               def group_by_column
                 groupable_columns.detect {|c| c.groupable && c.name.to_s == group_by}
               end
               def group_by_statement
                 group_by_column.try(:groupable)
               end
               def project_statement
                 project_clauses = []
                 if project && !project.descendants.active.empty?
                   ids = [project.id]
                   if has_filter?("subproject_id")
                     case operator_for("subproject_id")
                     when '='
                       # include the selected subprojects
                       ids += values_for("subproject_id").each(&:to_i)
                     when '!*'
                       # main project only
                     else
                       # all subprojects
                       ids += project.descendants.collect(&:id)
                     end
                   elsif Setting.display_subprojects_issues?
                     ids += project.descendants.collect(&:id)
                   end
                   project_clauses << "#{Project.table_name}.id IN (%s)" % ids.join(',')
                 elsif project
                   project_clauses << "#{Project.table_name}.id = %d" % project.id
                 end
                 project_clauses.any? ? project_clauses.join(' AND ') : nil
               end
               def statement
                 # filters clauses
                 filters_clauses = []
                 filters.each_key do |field|
                   next if field == "subproject_id"
                   v = values_for(field).clone
                   next unless v and !v.empty?
                   operator = operator_for(field)
                   # "me" value subsitution
                   if %w(assigned_to_id author_id watcher_id).include?(field)
                     if v.delete("me")
                       if User.current.logged?
                         v.push(User.current.id.to_s)
                         v += User.current.group_ids.map(&:to_s) if field == 'assigned_to_id'
                       else
                         v.push("0")
                       end
                     end
                   end
                   if field == 'project_id'
                     if v.delete('mine')
                       v += User.current.memberships.map(&:project_id).map(&:to_s)
                     end
                   end
                   if field =~ /cf_(\d+)$/
                     # custom field
                     filters_clauses << sql_for_custom_field(field, operator, v, $1)
                   elsif respond_to?("sql_for_#{field}_field")
                     # specific statement
                     filters_clauses << send("sql_for_#{field}_field", field, operator, v)
                   else
                     # regular field
                     filters_clauses << '(' + sql_for_field(field, operator, v, Issue.table_name, field) + ')'
                   end
                 end if filters and valid?
                 filters_clauses << project_statement
                 filters_clauses.reject!(&:blank?)
                 filters_clauses.any? ? filters_clauses.join(' AND ') : nil
               end
               # Returns the issue count
               def issue_count
                 Issue.visible.count(:include => [:status, :project], :conditions => statement)
               rescue ::ActiveRecord::StatementInvalid => e
                 raise StatementInvalid.new(e.message)
               end
               # Returns the issue count by group or nil if query is not grouped
               def issue_count_by_group
                 r = nil
                 if grouped?
                   begin
                     # Rails3 will raise an (unexpected) RecordNotFound if there's only a nil group value
                     r = Issue.visible.count(:group => group_by_statement, :include => [:status, :project], :conditions => statement)
                   rescue ActiveRecord::RecordNotFound
                     r = {nil => issue_count}
                   end
                   c = group_by_column
                   if c.is_a?(QueryCustomFieldColumn)
                     r = r.keys.inject({}) {|h, k| h[c.custom_field.cast_value(k)] = r[k]; h}
                   end
                 end
                 r
               rescue ::ActiveRecord::StatementInvalid => e
                 raise StatementInvalid.new(e.message)
               end
               # Returns the issues
               # Valid options are :order, :offset, :limit, :include, :conditions
               def issues(options={})
                 order_option = [group_by_sort_order, options[:order]].reject {|s| s.blank?}.join(',')
                 order_option = nil if order_option.blank?
                 issues = Issue.visible.where(options[:conditions]).all(
                   :include => ([:status, :project] + (options[:include] || [])).uniq,
                   :conditions => statement,
                   :order => order_option,
                   :joins => joins_for_order_statement(order_option),
                   :limit  => options[:limit],
                   :offset => options[:offset]
                 )
                 if has_column?(:spent_hours)
                   Issue.load_visible_spent_hours(issues)
                 end
                 if has_column?(:relations)
                   Issue.load_visible_relations(issues)
                 end
                 issues
               rescue ::ActiveRecord::StatementInvalid => e
                 raise StatementInvalid.new(e.message)
               end
               # Returns the issues ids
               def issue_ids(options={})
                 order_option = [group_by_sort_order, options[:order]].reject {|s| s.blank?}.join(',')
                 order_option = nil if order_option.blank?
                 Issue.visible.scoped(:conditions => options[:conditions]).scoped(:include => ([:status, :project] + (options[:include] || [])).uniq,
                                  :conditions => statement,
                                  :order => order_option,
                                  :joins => joins_for_order_statement(order_option),
                                  :limit  => options[:limit],
                                  :offset => options[:offset]).find_ids
               rescue ::ActiveRecord::StatementInvalid => e
                 raise StatementInvalid.new(e.message)
               end
               # Returns the journals
               # Valid options are :order, :offset, :limit
               def journals(options={})
                 Journal.visible.all(
                   :include => [:details, :user, {:issue => [:project, :author, :tracker, :status]}],
                   :conditions => statement,
                   :order => options[:order],
                   :limit => options[:limit],
                   :offset => options[:offset]
                 )
               rescue ::ActiveRecord::StatementInvalid => e
                 raise StatementInvalid.new(e.message)
               end
               # Returns the versions
               # Valid options are :conditions
               def versions(options={})
                 Version.visible.where(options[:conditions]).all(
                   :include => :project,
                   :conditions => project_statement
                 )
               rescue ::ActiveRecord::StatementInvalid => e
                 raise StatementInvalid.new(e.message)
               end
               def sql_for_watcher_id_field(field, operator, value)
                 db_table = Watcher.table_name
                 "#{Issue.table_name}.id #{ operator == '=' ? 'IN' : 'NOT IN' } (SELECT #{db_table}.watchable_id FROM #{db_table} WHERE #{db_table}.watchable_type='Issue' AND " +
                   sql_for_field(field, '=', value, db_table, 'user_id') + ')'
               end
               def sql_for_member_of_group_field(field, operator, value)
                 if operator == '*' # Any group
                   groups = Group.all
                   operator = '=' # Override the operator since we want to find by assigned_to
                 elsif operator == "!*"
                   groups = Group.all
                   operator = '!' # Override the operator since we want to find by assigned_to
                 else
                   groups = Group.find_all_by_id(value)
                 end
                 groups ||= []
                 members_of_groups = groups.inject([]) {|user_ids, group|
                   if group && group.user_ids.present?
                     user_ids << group.user_ids
                   end
                   user_ids.flatten.uniq.compact
                 }.sort.collect(&:to_s)
                 '(' + sql_for_field("assigned_to_id", operator, members_of_groups, Issue.table_name, "assigned_to_id", false) + ')'
               end
               def sql_for_assigned_to_role_field(field, operator, value)
                 case operator
                 when "*", "!*" # Member / Not member
                   sw = operator == "!*" ? 'NOT' : ''
                   nl = operator == "!*" ? "#{Issue.table_name}.assigned_to_id IS NULL OR" : ''
                   "(#{nl} #{Issue.table_name}.assigned_to_id #{sw} IN (SELECT DISTINCT #{Member.table_name}.user_id FROM #{Member.table_name}" +
                     " WHERE #{Member.table_name}.project_id = #{Issue.table_name}.project_id))"
                 when "=", "!"
                   role_cond = value.any? ?
                     "#{MemberRole.table_name}.role_id IN (" + value.collect{|val| "'#{connection.quote_string(val)}'"}.join(",") + ")" :
                     "1=0"
                   sw = operator == "!" ? 'NOT' : ''
                   nl = operator == "!" ? "#{Issue.table_name}.assigned_to_id IS NULL OR" : ''
                   "(#{nl} #{Issue.table_name}.assigned_to_id #{sw} IN (SELECT DISTINCT #{Member.table_name}.user_id FROM #{Member.table_name}, #{MemberRole.table_name}" +
                     " WHERE #{Member.table_name}.project_id = #{Issue.table_name}.project_id AND #{Member.table_name}.id = #{MemberRole.table_name}.member_id AND #{role_cond}))"
                 end
               end
               def sql_for_is_private_field(field, operator, value)
                 op = (operator == "=" ? 'IN' : 'NOT IN')
                 va = value.map {|v| v == '0' ? connection.quoted_false : connection.quoted_true}.uniq.join(',')
                 "#{Issue.table_name}.is_private #{op} (#{va})"
               end
               def sql_for_relations(field, operator, value, options={})
                 relation_options = IssueRelation::TYPES[field]
                 return relation_options unless relation_options
                 relation_type = field
                 join_column, target_join_column = "issue_from_id", "issue_to_id"
                 if relation_options[:reverse] || options[:reverse]
                   relation_type = relation_options[:reverse] || relation_type
                   join_column, target_join_column = target_join_column, join_column
                 end
                 sql = case operator
                   when "*", "!*"
                     op = (operator == "*" ? 'IN' : 'NOT IN')
                     "#{Issue.table_name}.id #{op} (SELECT DISTINCT #{IssueRelation.table_name}.#{join_column} FROM #{IssueRelation.table_name} WHERE #{IssueRelation.table_name}.relation_type = '#{connection.quote_string(relation_type)}')"
                   when "=", "!"
                     op = (operator == "=" ? 'IN' : 'NOT IN')
                     "#{Issue.table_name}.id #{op} (SELECT DISTINCT #{IssueRelation.table_name}.#{join_column} FROM #{IssueRelation.table_name} WHERE #{IssueRelation.table_name}.relation_type = '#{connection.quote_string(relation_type)}' AND #{IssueRelation.table_name}.#{target_join_column} = #{value.first.to_i})"
                   when "=p", "=!p", "!p"
                     op = (operator == "!p" ? 'NOT IN' : 'IN')
                     comp = (operator == "=!p" ? '<>' : '=')
                     "#{Issue.table_name}.id #{op} (SELECT DISTINCT #{IssueRelation.table_name}.#{join_column} FROM #{IssueRelation.table_name}, #{Issue.table_name} relissues WHERE #{IssueRelation.table_name}.relation_type = '#{connection.quote_string(relation_type)}' AND #{IssueRelation.table_name}.#{target_join_column} = relissues.id AND relissues.project_id #{comp} #{value.first.to_i})"
                   end
                 if relation_options[:sym] == field && !options[:reverse]
                   sqls = [sql, sql_for_relations(field, operator, value, :reverse => true)]
                   sqls.join(["!", "!*", "!p"].include?(operator) ? " AND " : " OR ")
                 else
                   sql
                 end
               end
               IssueRelation::TYPES.keys.each do |relation_type|
                 alias_method "sql_for_#{relation_type}_field".to_sym, :sql_for_relations
               end
               private
               def sql_for_custom_field(field, operator, value, custom_field_id)
                 db_table = CustomValue.table_name
                 db_field = 'value'
                 filter = @available_filters[field]
                 return nil unless filter
                 if filter[:format] == 'user'
                   if value.delete('me')
                     value.push User.current.id.to_s
                   end
                 end
                 not_in = nil
                 if operator == '!'
                   # Makes ! operator work for custom fields with multiple values
                   operator = '='
                   not_in = 'NOT'
                 end
                 customized_key = "id"
                 customized_class = Issue
                 if field =~ /^(.+)\.cf_/
                   assoc = $1
                   customized_key = "#{assoc}_id"
                   customized_class = Issue.reflect_on_association(assoc.to_sym).klass.base_class rescue nil
                   raise "Unknown Issue association #{assoc}" unless customized_class
                 end
                 "#{Issue.table_name}.#{customized_key} #{not_in} IN (SELECT #{customized_class.table_name}.id FROM #{customized_class.table_name} LEFT OUTER JOIN #{db_table} ON #{db_table}.customized_type='#{customized_class}' AND #{db_table}.customized_id=#{customized_class.table_name}.id AND #{db_table}.custom_field_id=#{custom_field_id} WHERE " +
                   sql_for_field(field, operator, value, db_table, db_field, true) + ')'
               end
               # Helper method to generate the WHERE sql for a +field+, +operator+ and a +value+
               def sql_for_field(field, operator, value, db_table, db_field, is_custom_filter=false)
                 sql = ''
                 case operator
                 when "="
                   if value.any?
                     case type_for(field)
                     when :date, :date_past
                       sql = date_clause(db_table, db_field, (Date.parse(value.first) rescue nil), (Date.parse(value.first) rescue nil))
                     when :integer
                       if is_custom_filter
                         sql = "(#{db_table}.#{db_field} <> '' AND CAST(#{db_table}.#{db_field} AS decimal(60,3)) = #{value.first.to_i})"
                       else
                         sql = "#{db_table}.#{db_field} = #{value.first.to_i}"
                       end
                     when :float
                       if is_custom_filter
                         sql = "(#{db_table}.#{db_field} <> '' AND CAST(#{db_table}.#{db_field} AS decimal(60,3)) BETWEEN #{value.first.to_f - 1e-5} AND #{value.first.to_f + 1e-5})"
                       else
                         sql = "#{db_table}.#{db_field} BETWEEN #{value.first.to_f - 1e-5} AND #{value.first.to_f + 1e-5}"
                       end
                     else
                       sql = "#{db_table}.#{db_field} IN (" + value.collect{|val| "'#{connection.quote_string(val)}'"}.join(",") + ")"
                     end
                   else
                     # IN an empty set
                     sql = "1=0"
                   end
                 when "!"
                   if value.any?
                     sql = "(#{db_table}.#{db_field} IS NULL OR #{db_table}.#{db_field} NOT IN (" + value.collect{|val| "'#{connection.quote_string(val)}'"}.join(",") + "))"
                   else
                     # NOT IN an empty set
                     sql = "1=1"
                   end
                 when "!*"
                   sql = "#{db_table}.#{db_field} IS NULL"
                   sql << " OR #{db_table}.#{db_field} = ''" if is_custom_filter
                 when "*"
                   sql = "#{db_table}.#{db_field} IS NOT NULL"
                   sql << " AND #{db_table}.#{db_field} <> ''" if is_custom_filter
                 when ">="
                   if [:date, :date_past].include?(type_for(field))
                     sql = date_clause(db_table, db_field, (Date.parse(value.first) rescue nil), nil)
                   else
                     if is_custom_filter
                       sql = "(#{db_table}.#{db_field} <> '' AND CAST(#{db_table}.#{db_field} AS decimal(60,3)) >= #{value.first.to_f})"
                     else
                       sql = "#{db_table}.#{db_field} >= #{value.first.to_f}"
                     end
                   end
                 when "<="
                   if [:date, :date_past].include?(type_for(field))
                     sql = date_clause(db_table, db_field, nil, (Date.parse(value.first) rescue nil))
                   else
                     if is_custom_filter
                       sql = "(#{db_table}.#{db_field} <> '' AND CAST(#{db_table}.#{db_field} AS decimal(60,3)) <= #{value.first.to_f})"
                     else
                       sql = "#{db_table}.#{db_field} <= #{value.first.to_f}"
                     end
                   end
                 when "><"
                   if [:date, :date_past].include?(type_for(field))
                     sql = date_clause(db_table, db_field, (Date.parse(value[0]) rescue nil), (Date.parse(value[1]) rescue nil))
                   else
                     if is_custom_filter
                       sql = "(#{db_table}.#{db_field} <> '' AND CAST(#{db_table}.#{db_field} AS decimal(60,3)) BETWEEN #{value[0].to_f} AND #{value[1].to_f})"
                     else
                       sql = "#{db_table}.#{db_field} BETWEEN #{value[0].to_f} AND #{value[1].to_f}"
                     end
                   end
                 when "o"
                   sql = "#{Issue.table_name}.status_id IN (SELECT id FROM #{IssueStatus.table_name} WHERE is_closed=#{connection.quoted_false})" if field == "status_id"
                 when "c"
                   sql = "#{Issue.table_name}.status_id IN (SELECT id FROM #{IssueStatus.table_name} WHERE is_closed=#{connection.quoted_true})" if field == "status_id"
                 when "><t-"
                   # between today - n days and today
                   sql = relative_date_clause(db_table, db_field, - value.first.to_i, 0)
                 when ">t-"
                   # >= today - n days
                   sql = relative_date_clause(db_table, db_field, - value.first.to_i, nil)
                 when "<t-"
                   # <= today - n days
                   sql = relative_date_clause(db_table, db_field, nil, - value.first.to_i)
                 when "t-"
                   # = n days in past
                   sql = relative_date_clause(db_table, db_field, - value.first.to_i, - value.first.to_i)
                 when "><t+"
                   # between today and today + n days
                   sql = relative_date_clause(db_table, db_field, 0, value.first.to_i)
                 when ">t+"
                   # >= today + n days
                   sql = relative_date_clause(db_table, db_field, value.first.to_i, nil)
                 when "<t+"
                   # <= today + n days
                   sql = relative_date_clause(db_table, db_field, nil, value.first.to_i)
                 when "t+"
                   # = today + n days
                   sql = relative_date_clause(db_table, db_field, value.first.to_i, value.first.to_i)
                 when "t"
                   # = today
                   sql = relative_date_clause(db_table, db_field, 0, 0)
                 when "w"
                   # = this week
                   first_day_of_week = l(:general_first_day_of_week).to_i
                   day_of_week = Date.today.cwday
                   days_ago = (day_of_week >= first_day_of_week ? day_of_week - first_day_of_week : day_of_week + 7 - first_day_of_week)
                   sql = relative_date_clause(db_table, db_field, - days_ago, - days_ago + 6)
                 when "~"
                   sql = "LOWER(#{db_table}.#{db_field}) LIKE '%#{connection.quote_string(value.first.to_s.downcase)}%'"
                 when "!~"
                   sql = "LOWER(#{db_table}.#{db_field}) NOT LIKE '%#{connection.quote_string(value.first.to_s.downcase)}%'"
                 else
                   raise "Unknown query operator #{operator}"
                 end
                 return sql
               end
               def add_custom_fields_filters(custom_fields, assoc=nil)
                 return unless custom_fields.present?
                 @available_filters ||= {}
                 custom_fields.select(&:is_filter?).each do |field|
                   case field.field_format
                   when "text"
                     options = { :type => :text, :order => 20 }
                   when "list"
                     options = { :type => :list_optional, :values => field.possible_values, :order => 20}
                   when "date"
                     options = { :type => :date, :order => 20 }
                   when "bool"
                     options = { :type => :list, :values => [[l(:general_text_yes), "1"], [l(:general_text_no), "0"]], :order => 20 }
                   when "int"
                     options = { :type => :integer, :order => 20 }
                   when "float"
                     options = { :type => :float, :order => 20 }
                   when "user", "version"
                     next unless project
                     values = field.possible_values_options(project)
                     if User.current.logged? && field.field_format == 'user'
                       values.unshift ["<< #{l(:label_me)} >>", "me"]
                     end
                     options = { :type => :list_optional, :values => values, :order => 20}
                   else
                     options = { :type => :string, :order => 20 }
                   end
                   filter_id = "cf_#{field.id}"
                   filter_name = field.name
                   if assoc.present?
                     filter_id = "#{assoc}.#{filter_id}"
                     filter_name = l("label_attribute_of_#{assoc}", :name => filter_name)
                   end
                   @available_filters[filter_id] = options.merge({
                            :name => filter_name,
                            :format => field.field_format,
                            :field => field
                          })
                 end
               end
               def add_associations_custom_fields_filters(*associations)
                 fields_by_class = CustomField.where(:is_filter => true).group_by(&:class)
                 associations.each do |assoc|
                   association_klass = Issue.reflect_on_association(assoc).klass
                   fields_by_class.each do |field_class, fields|
                     if field_class.customized_class <= association_klass
                       add_custom_fields_filters(fields, assoc)
                     end
                   end
                 end
               end
               # Returns a SQL clause for a date or datetime field.
               def date_clause(table, field, from, to)
                 s = []
                 if from
                   from_yesterday = from - 1
                   from_yesterday_time = Time.local(from_yesterday.year, from_yesterday.month, from_yesterday.day)
                   if self.class.default_timezone == :utc
                     from_yesterday_time = from_yesterday_time.utc
                   end
                   s << ("#{table}.#{field} > '%s'" % [connection.quoted_date(from_yesterday_time.end_of_day)])
                 end
                 if to
                   to_time = Time.local(to.year, to.month, to.day)
                   if self.class.default_timezone == :utc
                     to_time = to_time.utc
                   end
                   s << ("#{table}.#{field} <= '%s'" % [connection.quoted_date(to_time.end_of_day)])
                 end
                 s.join(' AND ')
               end
               # Returns a SQL clause for a date or datetime field using relative dates.
               def relative_date_clause(table, field, days_from, days_to)
                 date_clause(table, field, (days_from ? Date.today + days_from : nil), (days_to ? Date.today + days_to : nil))
               end
               # Additional joins required for the given sort options
               def joins_for_order_statement(order_options)
                 joins = []
                 if order_options
                   if order_options.include?('authors')
                     joins << "LEFT OUTER JOIN #{User.table_name} authors ON authors.id = #{Issue.table_name}.author_id"
                   end
                   order_options.scan(/cf_\d+/).uniq.each do |name|
                     column = available_columns.detect {|c| c.name.to_s == name}
                     join = column && column.custom_field.join_for_order_statement
                     if join
                       joins << join
                     end
                   end
                 end
                 joins.any? ? joins.join(' ') : nil
               end
             end

app/models/time_entry.rb +13 -16

             # Redmine - project management software
             # Copyright (C) 2006-2012  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             class TimeEntry < ActiveRecord::Base
               include Redmine::SafeAttributes
               # could have used polymorphic association
               # project association here allows easy loading of time entries at project level with one database trip
               belongs_to :project
               belongs_to :issue
               belongs_to :user
               belongs_to :activity, :class_name => 'TimeEntryActivity', :foreign_key => 'activity_id'
               attr_protected :project_id, :user_id, :tyear, :tmonth, :tweek
               acts_as_customizable
               acts_as_event :title => Proc.new {|o| "#{l_hours(o.hours)} (#{(o.issue || o.project).event_title})"},
                             :url => Proc.new {|o| {:controller => 'timelog', :action => 'index', :project_id => o.project, :issue_id => o.issue}},
                             :author => :user,
                             :description => :comments
               acts_as_activity_provider :timestamp => "#{table_name}.created_on",
                                         :author_key => :user_id,
                                         :find_options => {:include => :project}
               validates_presence_of :user_id, :activity_id, :project_id, :hours, :spent_on
               validates_numericality_of :hours, :allow_nil => true, :message => :invalid
               validates_length_of :comments, :maximum => 255, :allow_nil => true
               before_validation :set_project_if_nil
               validate :validate_time_entry
-              scope :visible, lambda {|*args| {
+              scope :visible, lambda {|*args|
-                :include => :project,
+                includes(:project).where(Project.allowed_to_condition(args.shift || User.current, :view_time_entries, *args))
-                :conditions => Project.allowed_to_condition(args.shift || User.current, :view_time_entries, *args)
-              }}
+              scope :on_issue, lambda {|issue|
-              scope :on_issue, lambda {|issue| {
+                includes(:issue).where("#{Issue.table_name}.root_id = #{issue.root_id} AND #{Issue.table_name}.lft >= #{issue.lft} AND #{Issue.table_name}.rgt <= #{issue.rgt}")
-                :include => :issue,
-                :conditions => "#{Issue.table_name}.root_id = #{issue.root_id} AND #{Issue.table_name}.lft >= #{issue.lft} AND #{Issue.table_name}.rgt <= #{issue.rgt}"
+              scope :on_project, lambda {|project, include_subprojects|
-              }}
+                includes(:project).where(project.project_condition(include_subprojects))
-              scope :on_project, lambda {|project, include_subprojects| {
-                :include => :project,
-                :conditions => project.project_condition(include_subprojects)
-              }}
               scope :spent_between, lambda {|from, to|
                 if from && to
-                 {:conditions => ["#{TimeEntry.table_name}.spent_on BETWEEN ? AND ?", from, to]}
+                 where("#{TimeEntry.table_name}.spent_on BETWEEN ? AND ?", from, to)
                 elsif from
-                 {:conditions => ["#{TimeEntry.table_name}.spent_on >= ?", from]}
+                 where("#{TimeEntry.table_name}.spent_on >= ?", from)
                 elsif to
-                 {:conditions => ["#{TimeEntry.table_name}.spent_on <= ?", to]}
+                 where("#{TimeEntry.table_name}.spent_on <= ?", to)
                 else
-                 {}
+                 where(nil)
                 end
               }
               safe_attributes 'hours', 'comments', 'issue_id', 'activity_id', 'spent_on', 'custom_field_values', 'custom_fields'
               def initialize(attributes=nil, *args)
                 super
                 if new_record? && self.activity.nil?
                   if default_activity = TimeEntryActivity.default
                     self.activity_id = default_activity.id
                   end
                   self.hours = nil if hours == 0
                 end
               end
               def set_project_if_nil
                 self.project = issue.project if issue && project.nil?
               end
               def validate_time_entry
                 errors.add :hours, :invalid if hours && (hours < 0 || hours >= 1000)
                 errors.add :project_id, :invalid if project.nil?
                 errors.add :issue_id, :invalid if (issue_id && !issue) || (issue && project!=issue.project)
               end
               def hours=(h)
                 write_attribute :hours, (h.is_a?(String) ? (h.to_hours || h) : h)
               end
               def hours
                 h = read_attribute(:hours)
                 if h.is_a?(Float)
                   h.round(2)
                 else
                   h
                 end
               end
               # tyear, tmonth, tweek assigned where setting spent_on attributes
               # these attributes make time aggregations easier
               def spent_on=(date)
                 super
                 if spent_on.is_a?(Time)
                   self.spent_on = spent_on.to_date
                 end
                 self.tyear = spent_on ? spent_on.year : nil
                 self.tmonth = spent_on ? spent_on.month : nil
                 self.tweek = spent_on ? Date.civil(spent_on.year, spent_on.month, spent_on.day).cweek : nil
               end
               # Returns true if the time entry can be edited by usr, otherwise false
               def editable_by?(usr)
                 (usr == user && usr.allowed_to?(:edit_own_time_entries, project)) || usr.allowed_to?(:edit_time_entries, project)
               end
             end

app/models/user.rb +2 -2

             # Redmine - project management software
             # Copyright (C) 2006-2012  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             require "digest/sha1"
             class User < Principal
               include Redmine::SafeAttributes
               # Account statuses
               STATUS_ANONYMOUS  = 0
               STATUS_ACTIVE     = 1
               STATUS_REGISTERED = 2
               STATUS_LOCKED     = 3
               # Different ways of displaying/sorting users
               USER_FORMATS = {
                 :firstname_lastname => {
                     :string => '#{firstname} #{lastname}',
                     :order => %w(firstname lastname id),
                     :setting_order => 1
                   },
                 :firstname_lastinitial => {
                     :string => '#{firstname} #{lastname.to_s.chars.first}.',
                     :order => %w(firstname lastname id),
                     :setting_order => 2
                   },
                 :firstname => {
                     :string => '#{firstname}',
                     :order => %w(firstname id),
                     :setting_order => 3
                   },
                 :lastname_firstname => {
                     :string => '#{lastname} #{firstname}',
                     :order => %w(lastname firstname id),
                     :setting_order => 4
                   },
                 :lastname_coma_firstname => {
                     :string => '#{lastname}, #{firstname}',
                     :order => %w(lastname firstname id),
                     :setting_order => 5
                   },
                 :lastname => {
                     :string => '#{lastname}',
                     :order => %w(lastname id),
                     :setting_order => 6
                   },
                 :username => {
                     :string => '#{login}',
                     :order => %w(login id),
                     :setting_order => 7
                   },
               }
               MAIL_NOTIFICATION_OPTIONS = [
                 ['all', :label_user_mail_option_all],
                 ['selected', :label_user_mail_option_selected],
                 ['only_my_events', :label_user_mail_option_only_my_events],
                 ['only_assigned', :label_user_mail_option_only_assigned],
                 ['only_owner', :label_user_mail_option_only_owner],
                 ['none', :label_user_mail_option_none]
               ]
               has_and_belongs_to_many :groups, :after_add => Proc.new {|user, group| group.user_added(user)},
                                                :after_remove => Proc.new {|user, group| group.user_removed(user)}
               has_many :changesets, :dependent => :nullify
               has_one :preference, :dependent => :destroy, :class_name => 'UserPreference'
               has_one :rss_token, :class_name => 'Token', :conditions => "action='feeds'"
               has_one :api_token, :class_name => 'Token', :conditions => "action='api'"
               belongs_to :auth_source
-              scope :logged, lambda { { :conditions => "#{User.table_name}.status <> #{STATUS_ANONYMOUS}" } }
+              scope :logged, lambda { where("#{User.table_name}.status <> #{STATUS_ANONYMOUS}") }
-              scope :status, lambda {|arg| arg.blank? ? {} : {:conditions => {:status => arg.to_i}} }
+              scope :status, lambda {|arg| where(arg.blank? ? nil : {:status => arg.to_i}) }
               acts_as_customizable
               attr_accessor :password, :password_confirmation
               attr_accessor :last_before_login_on
               # Prevents unauthorized assignments
               attr_protected :login, :admin, :password, :password_confirmation, :hashed_password
               LOGIN_LENGTH_LIMIT = 60
               MAIL_LENGTH_LIMIT = 60
               validates_presence_of :login, :firstname, :lastname, :mail, :if => Proc.new { |user| !user.is_a?(AnonymousUser) }
               validates_uniqueness_of :login, :if => Proc.new { |user| user.login_changed? && user.login.present? }, :case_sensitive => false
               validates_uniqueness_of :mail, :if => Proc.new { |user| user.mail_changed? && user.mail.present? }, :case_sensitive => false
               # Login must contain lettres, numbers, underscores only
               validates_format_of :login, :with => /^[a-z0-9_\-@\.]*$/i
               validates_length_of :login, :maximum => LOGIN_LENGTH_LIMIT
               validates_length_of :firstname, :lastname, :maximum => 30
               validates_format_of :mail, :with => /^([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})$/i, :allow_blank => true
               validates_length_of :mail, :maximum => MAIL_LENGTH_LIMIT, :allow_nil => true
               validates_confirmation_of :password, :allow_nil => true
               validates_inclusion_of :mail_notification, :in => MAIL_NOTIFICATION_OPTIONS.collect(&:first), :allow_blank => true
               validate :validate_password_length
               before_create :set_mail_notification
               before_save   :update_hashed_password
               before_destroy :remove_references_before_destroy
               scope :in_group, lambda {|group|
                 group_id = group.is_a?(Group) ? group.id : group.to_i
                 where("#{User.table_name}.id IN (SELECT gu.user_id FROM #{table_name_prefix}groups_users#{table_name_suffix} gu WHERE gu.group_id = ?)", group_id)
               }
               scope :not_in_group, lambda {|group|
                 group_id = group.is_a?(Group) ? group.id : group.to_i
                 where("#{User.table_name}.id NOT IN (SELECT gu.user_id FROM #{table_name_prefix}groups_users#{table_name_suffix} gu WHERE gu.group_id = ?)", group_id)
               }
               def set_mail_notification
                 self.mail_notification = Setting.default_notification_option if self.mail_notification.blank?
                 true
               end
               def update_hashed_password
                 # update hashed_password if password was set
                 if self.password && self.auth_source_id.blank?
                   salt_password(password)
                 end
               end
               def reload(*args)
                 @name = nil
                 @projects_by_role = nil
                 super
               end
               def mail=(arg)
                 write_attribute(:mail, arg.to_s.strip)
               end
               def identity_url=(url)
                 if url.blank?
                   write_attribute(:identity_url, '')
                 else
                   begin
                     write_attribute(:identity_url, OpenIdAuthentication.normalize_identifier(url))
                   rescue OpenIdAuthentication::InvalidOpenId
                     # Invlaid url, don't save
                   end
                 end
                 self.read_attribute(:identity_url)
               end
               # Returns the user that matches provided login and password, or nil
               def self.try_to_login(login, password)
                 login = login.to_s
                 password = password.to_s
                 # Make sure no one can sign in with an empty password
                 return nil if password.empty?
                 user = find_by_login(login)
                 if user
                   # user is already in local database
                   return nil if !user.active?
                   if user.auth_source
                     # user has an external authentication method
                     return nil unless user.auth_source.authenticate(login, password)
                   else
                     # authentication with local password
                     return nil unless user.check_password?(password)
                   end
                 else
                   # user is not yet registered, try to authenticate with available sources
                   attrs = AuthSource.authenticate(login, password)
                   if attrs
                     user = new(attrs)
                     user.login = login
                     user.language = Setting.default_language
                     if user.save
                       user.reload
                       logger.info("User '#{user.login}' created from external auth source: #{user.auth_source.type} - #{user.auth_source.name}") if logger && user.auth_source
                     end
                   end
                 end
                 user.update_attribute(:last_login_on, Time.now) if user && !user.new_record?
                 user
               rescue => text
                 raise text
               end
               # Returns the user who matches the given autologin +key+ or nil
               def self.try_to_autologin(key)
                 tokens = Token.find_all_by_action_and_value('autologin', key.to_s)
                 # Make sure there's only 1 token that matches the key
                 if tokens.size == 1
                   token = tokens.first
                   if (token.created_on > Setting.autologin.to_i.day.ago) && token.user && token.user.active?
                     token.user.update_attribute(:last_login_on, Time.now)
                     token.user
                   end
                 end
               end
               def self.name_formatter(formatter = nil)
                 USER_FORMATS[formatter || Setting.user_format] || USER_FORMATS[:firstname_lastname]
               end
               # Returns an array of fields names than can be used to make an order statement for users
               # according to how user names are displayed
               # Examples:
               #
               #   User.fields_for_order_statement              => ['users.login', 'users.id']
               #   User.fields_for_order_statement('authors')   => ['authors.login', 'authors.id']
               def self.fields_for_order_statement(table=nil)
                 table ||= table_name
                 name_formatter[:order].map {|field| "#{table}.#{field}"}
               end
               # Return user's full name for display
               def name(formatter = nil)
                 f = self.class.name_formatter(formatter)
                 if formatter
                   eval('"' + f[:string] + '"')
                 else
                   @name ||= eval('"' + f[:string] + '"')
                 end
               end
               def active?
                 self.status == STATUS_ACTIVE
               end
               def registered?
                 self.status == STATUS_REGISTERED
               end
               def locked?
                 self.status == STATUS_LOCKED
               end
               def activate
                 self.status = STATUS_ACTIVE
               end
               def register
                 self.status = STATUS_REGISTERED
               end
               def lock
                 self.status = STATUS_LOCKED
               end
               def activate!
                 update_attribute(:status, STATUS_ACTIVE)
               end
               def register!
                 update_attribute(:status, STATUS_REGISTERED)
               end
               def lock!
                 update_attribute(:status, STATUS_LOCKED)
               end
               # Returns true if +clear_password+ is the correct user's password, otherwise false
               def check_password?(clear_password)
                 if auth_source_id.present?
                   auth_source.authenticate(self.login, clear_password)
                 else
                   User.hash_password("#{salt}#{User.hash_password clear_password}") == hashed_password
                 end
               end
               # Generates a random salt and computes hashed_password for +clear_password+
               # The hashed password is stored in the following form: SHA1(salt + SHA1(password))
               def salt_password(clear_password)
                 self.salt = User.generate_salt
                 self.hashed_password = User.hash_password("#{salt}#{User.hash_password clear_password}")
               end
               # Does the backend storage allow this user to change their password?
               def change_password_allowed?
                 return true if auth_source.nil?
                 return auth_source.allow_password_changes?
               end
               # Generate and set a random password.  Useful for automated user creation
               # Based on Token#generate_token_value
               #
               def random_password
                 chars = ("a".."z").to_a + ("A".."Z").to_a + ("0".."9").to_a
                 password = ''
 .times { |i| password << chars[rand(chars.size-1)] }
                 self.password = password
                 self.password_confirmation = password
                 self
               end
               def pref
                 self.preference ||= UserPreference.new(:user => self)
               end
               def time_zone
                 @time_zone ||= (self.pref.time_zone.blank? ? nil : ActiveSupport::TimeZone[self.pref.time_zone])
               end
               def wants_comments_in_reverse_order?
                 self.pref[:comments_sorting] == 'desc'
               end
               # Return user's RSS key (a 40 chars long string), used to access feeds
               def rss_key
                 if rss_token.nil?
                   create_rss_token(:action => 'feeds')
                 end
                 rss_token.value
               end
               # Return user's API key (a 40 chars long string), used to access the API
               def api_key
                 if api_token.nil?
                   create_api_token(:action => 'api')
                 end
                 api_token.value
               end
               # Return an array of project ids for which the user has explicitly turned mail notifications on
               def notified_projects_ids
                 @notified_projects_ids ||= memberships.select {|m| m.mail_notification?}.collect(&:project_id)
               end
               def notified_project_ids=(ids)
                 Member.update_all("mail_notification = #{connection.quoted_false}", ['user_id = ?', id])
                 Member.update_all("mail_notification = #{connection.quoted_true}", ['user_id = ? AND project_id IN (?)', id, ids]) if ids && !ids.empty?
                 @notified_projects_ids = nil
                 notified_projects_ids
               end
               def valid_notification_options
                 self.class.valid_notification_options(self)
               end
               # Only users that belong to more than 1 project can select projects for which they are notified
               def self.valid_notification_options(user=nil)
                 # Note that @user.membership.size would fail since AR ignores
                 # :include association option when doing a count
                 if user.nil? || user.memberships.length < 1
                   MAIL_NOTIFICATION_OPTIONS.reject {|option| option.first == 'selected'}
                 else
                   MAIL_NOTIFICATION_OPTIONS
                 end
               end
               # Find a user account by matching the exact login and then a case-insensitive
               # version.  Exact matches will be given priority.
               def self.find_by_login(login)
                 # First look for an exact match
                 user = where(:login => login).all.detect {|u| u.login == login}
                 unless user
                   # Fail over to case-insensitive if none was found
                   user = where("LOWER(login) = ?", login.to_s.downcase).first
                 end
                 user
               end
               def self.find_by_rss_key(key)
                 token = Token.find_by_action_and_value('feeds', key.to_s)
                 token && token.user.active? ? token.user : nil
               end
               def self.find_by_api_key(key)
                 token = Token.find_by_action_and_value('api', key.to_s)
                 token && token.user.active? ? token.user : nil
               end
               # Makes find_by_mail case-insensitive
               def self.find_by_mail(mail)
                 where("LOWER(mail) = ?", mail.to_s.downcase).first
               end
               # Returns true if the default admin account can no longer be used
               def self.default_admin_account_changed?
                 !User.active.find_by_login("admin").try(:check_password?, "admin")
               end
               def to_s
                 name
               end
               CSS_CLASS_BY_STATUS = {
                 STATUS_ANONYMOUS  => 'anon',
                 STATUS_ACTIVE     => 'active',
                 STATUS_REGISTERED => 'registered',
                 STATUS_LOCKED     => 'locked'
               }
               def css_classes
                 "user #{CSS_CLASS_BY_STATUS[status]}"
               end
               # Returns the current day according to user's time zone
               def today
                 if time_zone.nil?
                   Date.today
                 else
                   Time.now.in_time_zone(time_zone).to_date
                 end
               end
               # Returns the day of +time+ according to user's time zone
               def time_to_date(time)
                 if time_zone.nil?
                   time.to_date
                 else
                   time.in_time_zone(time_zone).to_date
                 end
               end
               def logged?
                 true
               end
               def anonymous?
                 !logged?
               end
               # Return user's roles for project
               def roles_for_project(project)
                 roles = []
                 # No role on archived projects
                 return roles if project.nil? || project.archived?
                 if logged?
                   # Find project membership
                   membership = memberships.detect {|m| m.project_id == project.id}
                   if membership
                     roles = membership.roles
                   else
                     @role_non_member ||= Role.non_member
                     roles << @role_non_member
                   end
                 else
                   @role_anonymous ||= Role.anonymous
                   roles << @role_anonymous
                 end
                 roles
               end
               # Return true if the user is a member of project
               def member_of?(project)
                 !roles_for_project(project).detect {|role| role.member?}.nil?
               end
               # Returns a hash of user's projects grouped by roles
               def projects_by_role
                 return @projects_by_role if @projects_by_role
                 @projects_by_role = Hash.new([])
                 memberships.each do |membership|
                   if membership.project
                     membership.roles.each do |role|
                       @projects_by_role[role] = [] unless @projects_by_role.key?(role)
                       @projects_by_role[role] << membership.project
                     end
                   end
                 end
                 @projects_by_role.each do |role, projects|
                   projects.uniq!
                 end
                 @projects_by_role
               end
               # Returns true if user is arg or belongs to arg
               def is_or_belongs_to?(arg)
                 if arg.is_a?(User)
                   self == arg
                 elsif arg.is_a?(Group)
                   arg.users.include?(self)
                 else
                   false
                 end
               end
               # Return true if the user is allowed to do the specified action on a specific context
               # Action can be:
               # * a parameter-like Hash (eg. :controller => 'projects', :action => 'edit')
               # * a permission Symbol (eg. :edit_project)
               # Context can be:
               # * a project : returns true if user is allowed to do the specified action on this project
               # * an array of projects : returns true if user is allowed on every project
               # * nil with options[:global] set : check if user has at least one role allowed for this action,
               #   or falls back to Non Member / Anonymous permissions depending if the user is logged
               def allowed_to?(action, context, options={}, &block)
                 if context && context.is_a?(Project)
                   return false unless context.allows_to?(action)
                   # Admin users are authorized for anything else
                   return true if admin?
                   roles = roles_for_project(context)
                   return false unless roles
                   roles.any? {|role|
                     (context.is_public? || role.member?) &&
                     role.allowed_to?(action) &&
                     (block_given? ? yield(role, self) : true)
                   }
                 elsif context && context.is_a?(Array)
                   if context.empty?
                     false
                   else
                     # Authorize if user is authorized on every element of the array
                     context.map {|project| allowed_to?(action, project, options, &block)}.reduce(:&)
                   end
                 elsif options[:global]
                   # Admin users are always authorized
                   return true if admin?
                   # authorize if user has at least one role that has this permission
                   roles = memberships.collect {|m| m.roles}.flatten.uniq
                   roles << (self.logged? ? Role.non_member : Role.anonymous)
                   roles.any? {|role|
                     role.allowed_to?(action) &&
                     (block_given? ? yield(role, self) : true)
                   }
                 else
                   false
                 end
               end
               # Is the user allowed to do the specified action on any project?
               # See allowed_to? for the actions and valid options.
               def allowed_to_globally?(action, options, &block)
                 allowed_to?(action, nil, options.reverse_merge(:global => true), &block)
               end
               # Returns true if the user is allowed to delete his own account
               def own_account_deletable?
                 Setting.unsubscribe? &&
                   (!admin? || User.active.where("admin = ? AND id <> ?", true, id).exists?)
               end
               safe_attributes 'login',
                 'firstname',
                 'lastname',
                 'mail',
                 'mail_notification',
                 'language',
                 'custom_field_values',
                 'custom_fields',
                 'identity_url'
               safe_attributes 'status',
                 'auth_source_id',
                 :if => lambda {|user, current_user| current_user.admin?}
               safe_attributes 'group_ids',
                 :if => lambda {|user, current_user| current_user.admin? && !user.new_record?}
               # Utility method to help check if a user should be notified about an
               # event.
               #
               # TODO: only supports Issue events currently
               def notify_about?(object)
                 case mail_notification
                 when 'all'
                   true
                 when 'selected'
                   # user receives notifications for created/assigned issues on unselected projects
                   if object.is_a?(Issue) && (object.author == self || is_or_belongs_to?(object.assigned_to) || is_or_belongs_to?(object.assigned_to_was))
                     true
                   else
                     false
                   end
                 when 'none'
                   false
                 when 'only_my_events'
                   if object.is_a?(Issue) && (object.author == self || is_or_belongs_to?(object.assigned_to) || is_or_belongs_to?(object.assigned_to_was))
                     true
                   else
                     false
                   end
                 when 'only_assigned'
                   if object.is_a?(Issue) && (is_or_belongs_to?(object.assigned_to) || is_or_belongs_to?(object.assigned_to_was))
                     true
                   else
                     false
                   end
                 when 'only_owner'
                   if object.is_a?(Issue) && object.author == self
                     true
                   else
                     false
                   end
                 else
                   false
                 end
               end
               def self.current=(user)
                 Thread.current[:current_user] = user
               end
               def self.current
                 Thread.current[:current_user] ||= User.anonymous
               end
               # Returns the anonymous user.  If the anonymous user does not exist, it is created.  There can be only
               # one anonymous user per database.
               def self.anonymous
                 anonymous_user = AnonymousUser.first
                 if anonymous_user.nil?
                   anonymous_user = AnonymousUser.create(:lastname => 'Anonymous', :firstname => '', :mail => '', :login => '', :status => 0)
                   raise 'Unable to create the anonymous user.' if anonymous_user.new_record?
                 end
                 anonymous_user
               end
               # Salts all existing unsalted passwords
               # It changes password storage scheme from SHA1(password) to SHA1(salt + SHA1(password))
               # This method is used in the SaltPasswords migration and is to be kept as is
               def self.salt_unsalted_passwords!
                 transaction do
                   User.where("salt IS NULL OR salt = ''").find_each do |user|
                     next if user.hashed_password.blank?
                     salt = User.generate_salt
                     hashed_password = User.hash_password("#{salt}#{user.hashed_password}")
                     User.where(:id => user.id).update_all(:salt => salt, :hashed_password => hashed_password)
                   end
                 end
               end
               protected
               def validate_password_length
                 # Password length validation based on setting
                 if !password.nil? && password.size < Setting.password_min_length.to_i
                   errors.add(:password, :too_short, :count => Setting.password_min_length.to_i)
                 end
               end
               private
               # Removes references that are not handled by associations
               # Things that are not deleted are reassociated with the anonymous user
               def remove_references_before_destroy
                 return if self.id.nil?
                 substitute = User.anonymous
                 Attachment.update_all ['author_id = ?', substitute.id], ['author_id = ?', id]
                 Comment.update_all ['author_id = ?', substitute.id], ['author_id = ?', id]
                 Issue.update_all ['author_id = ?', substitute.id], ['author_id = ?', id]
                 Issue.update_all 'assigned_to_id = NULL', ['assigned_to_id = ?', id]
                 Journal.update_all ['user_id = ?', substitute.id], ['user_id = ?', id]
                 JournalDetail.update_all ['old_value = ?', substitute.id.to_s], ["property = 'attr' AND prop_key = 'assigned_to_id' AND old_value = ?", id.to_s]
                 JournalDetail.update_all ['value = ?', substitute.id.to_s], ["property = 'attr' AND prop_key = 'assigned_to_id' AND value = ?", id.to_s]
                 Message.update_all ['author_id = ?', substitute.id], ['author_id = ?', id]
                 News.update_all ['author_id = ?', substitute.id], ['author_id = ?', id]
                 # Remove private queries and keep public ones
                 ::Query.delete_all ['user_id = ? AND is_public = ?', id, false]
                 ::Query.update_all ['user_id = ?', substitute.id], ['user_id = ?', id]
                 TimeEntry.update_all ['user_id = ?', substitute.id], ['user_id = ?', id]
                 Token.delete_all ['user_id = ?', id]
                 Watcher.delete_all ['user_id = ?', id]
                 WikiContent.update_all ['author_id = ?', substitute.id], ['author_id = ?', id]
                 WikiContent::Version.update_all ['author_id = ?', substitute.id], ['author_id = ?', id]
               end
               # Return password digest
               def self.hash_password(clear_password)
                 Digest::SHA1.hexdigest(clear_password || "")
               end
               # Returns a 128bits random salt as a hex string (32 chars long)
               def self.generate_salt
                 Redmine::Utils.random_hex(16)
               end
             end
             class AnonymousUser < User
               validate :validate_anonymous_uniqueness, :on => :create
               def validate_anonymous_uniqueness
                 # There should be only one AnonymousUser in the database
                 errors.add :base, 'An anonymous user already exists.' if AnonymousUser.exists?
               end
               def available_custom_fields
                 []
               end
               # Overrides a few properties
               def logged?; false end
               def admin; false end
               def name(*args); I18n.t(:label_user_anonymous) end
               def mail; nil end
               def time_zone; nil end
               def rss_key; nil end
               def pref
                 UserPreference.new(:user => self)
               end
               # Anonymous user can not be destroyed
               def destroy
                 false
               end
             end

app/models/wiki_page.rb +4 -4

             # Redmine - project management software
             # Copyright (C) 2006-2012  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             require 'diff'
             require 'enumerator'
             class WikiPage < ActiveRecord::Base
               include Redmine::SafeAttributes
               belongs_to :wiki
               has_one :content, :class_name => 'WikiContent', :foreign_key => 'page_id', :dependent => :destroy
               acts_as_attachable :delete_permission => :delete_wiki_pages_attachments
               acts_as_tree :dependent => :nullify, :order => 'title'
               acts_as_watchable
               acts_as_event :title => Proc.new {|o| "#{l(:label_wiki)}: #{o.title}"},
                             :description => :text,
                             :datetime => :created_on,
                             :url => Proc.new {|o| {:controller => 'wiki', :action => 'show', :project_id => o.wiki.project, :id => o.title}}
               acts_as_searchable :columns => ['title', "#{WikiContent.table_name}.text"],
                                  :include => [{:wiki => :project}, :content],
                                  :permission => :view_wiki_pages,
                                  :project_key => "#{Wiki.table_name}.project_id"
               attr_accessor :redirect_existing_links
               validates_presence_of :title
               validates_format_of :title, :with => /^[^,\.\/\?\;\|\s]*$/
               validates_uniqueness_of :title, :scope => :wiki_id, :case_sensitive => false
               validates_associated :content
               validate :validate_parent_title
               before_destroy :remove_redirects
               before_save    :handle_redirects
               # eager load information about last updates, without loading text
-              scope :with_updated_on, lambda { {
+              scope :with_updated_on, lambda {
-                :select => "#{WikiPage.table_name}.*, #{WikiContent.table_name}.updated_on, #{WikiContent.table_name}.version",
+                select("#{WikiPage.table_name}.*, #{WikiContent.table_name}.updated_on, #{WikiContent.table_name}.version").
-                :joins => "LEFT JOIN #{WikiContent.table_name} ON #{WikiContent.table_name}.page_id = #{WikiPage.table_name}.id"
+                  joins("LEFT JOIN #{WikiContent.table_name} ON #{WikiContent.table_name}.page_id = #{WikiPage.table_name}.id")
-              } }
               # Wiki pages that are protected by default
               DEFAULT_PROTECTED_PAGES = %w(sidebar)
               safe_attributes 'parent_id', 'parent_title',
                 :if => lambda {|page, user| page.new_record? || user.allowed_to?(:rename_wiki_pages, page.project)}
               def initialize(attributes=nil, *args)
                 super
                 if new_record? && DEFAULT_PROTECTED_PAGES.include?(title.to_s.downcase)
                   self.protected = true
                 end
               end
               def visible?(user=User.current)
                 !user.nil? && user.allowed_to?(:view_wiki_pages, project)
               end
               def title=(value)
                 value = Wiki.titleize(value)
                 @previous_title = read_attribute(:title) if @previous_title.blank?
                 write_attribute(:title, value)
               end
               def handle_redirects
                 self.title = Wiki.titleize(title)
                 # Manage redirects if the title has changed
                 if !@previous_title.blank? && (@previous_title != title) && !new_record?
                   # Update redirects that point to the old title
                   wiki.redirects.find_all_by_redirects_to(@previous_title).each do |r|
                     r.redirects_to = title
                     r.title == r.redirects_to ? r.destroy : r.save
                   end
                   # Remove redirects for the new title
                   wiki.redirects.find_all_by_title(title).each(&:destroy)
                   # Create a redirect to the new title
                   wiki.redirects << WikiRedirect.new(:title => @previous_title, :redirects_to => title) unless redirect_existing_links == "0"
                   @previous_title = nil
                 end
               end
               def remove_redirects
                 # Remove redirects to this page
                 wiki.redirects.find_all_by_redirects_to(title).each(&:destroy)
               end
               def pretty_title
                 WikiPage.pretty_title(title)
               end
               def content_for_version(version=nil)
                 result = content.versions.find_by_version(version.to_i) if version
                 result ||= content
                 result
               end
               def diff(version_to=nil, version_from=nil)
                 version_to = version_to ? version_to.to_i : self.content.version
                 content_to = content.versions.find_by_version(version_to)
                 content_from = version_from ? content.versions.find_by_version(version_from.to_i) : content_to.try(:previous)
                 return nil unless content_to && content_from
                 if content_from.version > content_to.version
                   content_to, content_from = content_from, content_to
                 end
                 (content_to && content_from) ? WikiDiff.new(content_to, content_from) : nil
               end
               def annotate(version=nil)
                 version = version ? version.to_i : self.content.version
                 c = content.versions.find_by_version(version)
                 c ? WikiAnnotate.new(c) : nil
               end
               def self.pretty_title(str)
                 (str && str.is_a?(String)) ? str.tr('_', ' ') : str
               end
               def project
                 wiki.project
               end
               def text
                 content.text if content
               end
               def updated_on
                 unless @updated_on
                   if time = read_attribute(:updated_on)
                     # content updated_on was eager loaded with the page
                     begin
                       @updated_on = (self.class.default_timezone == :utc ? Time.parse(time.to_s).utc : Time.parse(time.to_s).localtime)
                     rescue
                     end
                   else
                     @updated_on = content && content.updated_on
                   end
                 end
                 @updated_on
               end
               # Returns true if usr is allowed to edit the page, otherwise false
               def editable_by?(usr)
                 !protected? || usr.allowed_to?(:protect_wiki_pages, wiki.project)
               end
               def attachments_deletable?(usr=User.current)
                 editable_by?(usr) && super(usr)
               end
               def parent_title
                 @parent_title || (self.parent && self.parent.pretty_title)
               end
               def parent_title=(t)
                 @parent_title = t
                 parent_page = t.blank? ? nil : self.wiki.find_page(t)
                 self.parent = parent_page
               end
               # Saves the page and its content if text was changed
               def save_with_content
                 ret = nil
                 transaction do
                   if new_record?
                     # Rails automatically saves associated content
                     ret = save
                   else
                     ret = save && (content.text_changed? ? content.save : true)
                   end
                   raise ActiveRecord::Rollback unless ret
                 end
                 ret
               end
               protected
               def validate_parent_title
                 errors.add(:parent_title, :invalid) if !@parent_title.blank? && parent.nil?
                 errors.add(:parent_title, :circular_dependency) if parent && (parent == self || parent.ancestors.include?(self))
                 errors.add(:parent_title, :not_same_project) if parent && (parent.wiki_id != wiki_id)
               end
             end
             class WikiDiff < Redmine::Helpers::Diff
               attr_reader :content_to, :content_from
               def initialize(content_to, content_from)
                 @content_to = content_to
                 @content_from = content_from
                 super(content_to.text, content_from.text)
               end
             end
             class WikiAnnotate
               attr_reader :lines, :content
               def initialize(content)
                 @content = content
                 current = content
                 current_lines = current.text.split(/\r?\n/)
                 @lines = current_lines.collect {|t| [nil, nil, t]}
                 positions = []
                 current_lines.size.times {|i| positions << i}
                 while (current.previous)
                   d = current.previous.text.split(/\r?\n/).diff(current.text.split(/\r?\n/)).diffs.flatten
                   d.each_slice(3) do |s|
                     sign, line = s[0], s[1]
                     if sign == '+' && positions[line] && positions[line] != -1
                       if @lines[positions[line]][0].nil?
                         @lines[positions[line]][0] = current.version
                         @lines[positions[line]][1] = current.author
                       end
                     end
                   end
                   d.each_slice(3) do |s|
                     sign, line = s[0], s[1]
                     if sign == '-'
                       positions.insert(line, -1)
                     else
                       positions[line] = nil
                     end
                   end
                   positions.compact!
                   # Stop if every line is annotated
                   break unless @lines.detect { |line| line[0].nil? }
                   current = current.previous
                 end
                 @lines.each { |line|
                   line[0] ||= current.version
                   # if the last known version is > 1 (eg. history was cleared), we don't know the author
                   line[1] ||= current.author if current.version == 1
                 }
               end
             end

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages