##// END OF EJS Templates
Undo unwanted change....
Jean-Philippe Lang -
r2125:740ec7656f65
parent child
Show More
@@ -1,233 +1,230
1 # redMine - project management software
1 # redMine - project management software
2 # Copyright (C) 2006-2007 Jean-Philippe Lang
2 # Copyright (C) 2006-2007 Jean-Philippe Lang
3 #
3 #
4 # This program is free software; you can redistribute it and/or
4 # This program is free software; you can redistribute it and/or
5 # modify it under the terms of the GNU General Public License
5 # modify it under the terms of the GNU General Public License
6 # as published by the Free Software Foundation; either version 2
6 # as published by the Free Software Foundation; either version 2
7 # of the License, or (at your option) any later version.
7 # of the License, or (at your option) any later version.
8 #
8 #
9 # This program is distributed in the hope that it will be useful,
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
12 # GNU General Public License for more details.
13 #
13 #
14 # You should have received a copy of the GNU General Public License
14 # You should have received a copy of the GNU General Public License
15 # along with this program; if not, write to the Free Software
15 # along with this program; if not, write to the Free Software
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17
17
18 require 'uri'
18 require 'uri'
19 require 'cgi'
19 require 'cgi'
20
20
21 class ApplicationController < ActionController::Base
21 class ApplicationController < ActionController::Base
22 layout 'base'
22 layout 'base'
23
23
24 before_filter :user_setup, :check_if_login_required, :set_localization
24 before_filter :user_setup, :check_if_login_required, :set_localization
25 filter_parameter_logging :password
25 filter_parameter_logging :password
26
26
27 include Redmine::MenuManager::MenuController
27 include Redmine::MenuManager::MenuController
28 helper Redmine::MenuManager::MenuHelper
28 helper Redmine::MenuManager::MenuHelper
29
29
30 REDMINE_SUPPORTED_SCM.each do |scm|
30 REDMINE_SUPPORTED_SCM.each do |scm|
31 require_dependency "repository/#{scm.underscore}"
31 require_dependency "repository/#{scm.underscore}"
32 end
32 end
33
33
34 def current_role
34 def current_role
35 @current_role ||= User.current.role_for_project(@project)
35 @current_role ||= User.current.role_for_project(@project)
36 end
36 end
37
37
38 def user_setup
38 def user_setup
39 # Check the settings cache for each request
39 # Check the settings cache for each request
40 Setting.check_cache
40 Setting.check_cache
41 # Find the current user
41 # Find the current user
42 User.current = find_current_user
42 User.current = find_current_user
43 end
43 end
44
44
45 # Returns the current user or nil if no user is logged in
45 # Returns the current user or nil if no user is logged in
46 def find_current_user
46 def find_current_user
47 if session[:user_id]
47 if session[:user_id]
48 # existing session
48 # existing session
49 (User.active.find(session[:user_id]) rescue nil)
49 (User.active.find(session[:user_id]) rescue nil)
50 elsif cookies[:autologin] && Setting.autologin?
50 elsif cookies[:autologin] && Setting.autologin?
51 # auto-login feature
51 # auto-login feature
52 User.find_by_autologin_key(cookies[:autologin])
52 User.find_by_autologin_key(cookies[:autologin])
53 elsif params[:key] && accept_key_auth_actions.include?(params[:action])
53 elsif params[:key] && accept_key_auth_actions.include?(params[:action])
54 # RSS key authentication
54 # RSS key authentication
55 User.find_by_rss_key(params[:key])
55 User.find_by_rss_key(params[:key])
56 end
56 end
57 end
57 end
58
58
59 # check if login is globally required to access the application
59 # check if login is globally required to access the application
60 def check_if_login_required
60 def check_if_login_required
61 # no check needed if user is already logged in
61 # no check needed if user is already logged in
62 return true if User.current.logged?
62 return true if User.current.logged?
63 require_login if Setting.login_required?
63 require_login if Setting.login_required?
64 end
64 end
65
65
66 def set_localization
66 def set_localization
67 User.current.language = nil unless User.current.logged?
67 User.current.language = nil unless User.current.logged?
68 lang = begin
68 lang = begin
69 if !User.current.language.blank? && GLoc.valid_language?(User.current.language)
69 if !User.current.language.blank? && GLoc.valid_language?(User.current.language)
70 User.current.language
70 User.current.language
71 elsif request.env['HTTP_ACCEPT_LANGUAGE']
71 elsif request.env['HTTP_ACCEPT_LANGUAGE']
72 accept_lang = parse_qvalues(request.env['HTTP_ACCEPT_LANGUAGE']).first.downcase
72 accept_lang = parse_qvalues(request.env['HTTP_ACCEPT_LANGUAGE']).first.downcase
73 if !accept_lang.blank? && (GLoc.valid_language?(accept_lang) || GLoc.valid_language?(accept_lang = accept_lang.split('-').first))
73 if !accept_lang.blank? && (GLoc.valid_language?(accept_lang) || GLoc.valid_language?(accept_lang = accept_lang.split('-').first))
74 User.current.language = accept_lang
74 User.current.language = accept_lang
75 end
75 end
76 end
76 end
77 rescue
77 rescue
78 nil
78 nil
79 end || Setting.default_language
79 end || Setting.default_language
80 set_language_if_valid(lang)
80 set_language_if_valid(lang)
81 end
81 end
82
82
83 def require_login
83 def require_login
84 if !User.current.logged?
84 if !User.current.logged?
85 redirect_to :controller => "account", :action => "login", :back_url => url_for(params)
85 redirect_to :controller => "account", :action => "login", :back_url => url_for(params)
86 return false
86 return false
87 end
87 end
88 true
88 true
89 end
89 end
90
90
91 def require_admin
91 def require_admin
92 return unless require_login
92 return unless require_login
93 if !User.current.admin?
93 if !User.current.admin?
94 render_403
94 render_403
95 return false
95 return false
96 end
96 end
97 true
97 true
98 end
98 end
99
99
100 def deny_access
100 def deny_access
101 User.current.logged? ? render_403 : require_login
101 User.current.logged? ? render_403 : require_login
102 end
102 end
103
103
104 # Authorize the user for the requested action
104 # Authorize the user for the requested action
105 def authorize(ctrl = params[:controller], action = params[:action])
105 def authorize(ctrl = params[:controller], action = params[:action])
106 allowed = User.current.allowed_to?({:controller => ctrl, :action => action}, @project)
106 allowed = User.current.allowed_to?({:controller => ctrl, :action => action}, @project)
107 allowed ? true : deny_access
107 allowed ? true : deny_access
108 end
108 end
109
109
110 # make sure that the user is a member of the project (or admin) if project is private
110 # make sure that the user is a member of the project (or admin) if project is private
111 # used as a before_filter for actions that do not require any particular permission on the project
111 # used as a before_filter for actions that do not require any particular permission on the project
112 def check_project_privacy
112 def check_project_privacy
113 if @project && @project.active?
113 if @project && @project.active?
114 if @project.is_public? || User.current.member_of?(@project) || User.current.admin?
114 if @project.is_public? || User.current.member_of?(@project) || User.current.admin?
115 true
115 true
116 else
116 else
117 User.current.logged? ? render_403 : require_login
117 User.current.logged? ? render_403 : require_login
118 end
118 end
119 else
119 else
120 @project = nil
120 @project = nil
121 render_404
121 render_404
122 false
122 false
123 end
123 end
124 end
124 end
125
125
126 def redirect_back_or_default(default)
126 def redirect_back_or_default(default)
127 back_url = CGI.unescape(params[:back_url].to_s)
127 back_url = CGI.unescape(params[:back_url].to_s)
128 if !back_url.blank?
128 if !back_url.blank?
129 begin
129 begin
130 uri = URI.parse(back_url)
130 uri = URI.parse(back_url)
131 # do not redirect user to another host or to the login or register page
131 # do not redirect user to another host or to the login or register page
132 if (uri.relative? || (uri.host == request.host)) && !uri.path.match(%r{/(login|account/register)})
132 if (uri.relative? || (uri.host == request.host)) && !uri.path.match(%r{/(login|account/register)})
133 redirect_to(back_url) and return
133 redirect_to(back_url) and return
134 end
134 end
135 rescue URI::InvalidURIError
135 rescue URI::InvalidURIError
136 # redirect to default
136 # redirect to default
137 end
137 end
138 end
138 end
139 redirect_to default
139 redirect_to default
140 rescue
141
142
143 end
140 end
144
141
145 def render_403
142 def render_403
146 @project = nil
143 @project = nil
147 render :template => "common/403", :layout => !request.xhr?, :status => 403
144 render :template => "common/403", :layout => !request.xhr?, :status => 403
148 return false
145 return false
149 end
146 end
150
147
151 def render_404
148 def render_404
152 render :template => "common/404", :layout => !request.xhr?, :status => 404
149 render :template => "common/404", :layout => !request.xhr?, :status => 404
153 return false
150 return false
154 end
151 end
155
152
156 def render_error(msg)
153 def render_error(msg)
157 flash.now[:error] = msg
154 flash.now[:error] = msg
158 render :nothing => true, :layout => !request.xhr?, :status => 500
155 render :nothing => true, :layout => !request.xhr?, :status => 500
159 end
156 end
160
157
161 def render_feed(items, options={})
158 def render_feed(items, options={})
162 @items = items || []
159 @items = items || []
163 @items.sort! {|x,y| y.event_datetime <=> x.event_datetime }
160 @items.sort! {|x,y| y.event_datetime <=> x.event_datetime }
164 @items = @items.slice(0, Setting.feeds_limit.to_i)
161 @items = @items.slice(0, Setting.feeds_limit.to_i)
165 @title = options[:title] || Setting.app_title
162 @title = options[:title] || Setting.app_title
166 render :template => "common/feed.atom.rxml", :layout => false, :content_type => 'application/atom+xml'
163 render :template => "common/feed.atom.rxml", :layout => false, :content_type => 'application/atom+xml'
167 end
164 end
168
165
169 def self.accept_key_auth(*actions)
166 def self.accept_key_auth(*actions)
170 actions = actions.flatten.map(&:to_s)
167 actions = actions.flatten.map(&:to_s)
171 write_inheritable_attribute('accept_key_auth_actions', actions)
168 write_inheritable_attribute('accept_key_auth_actions', actions)
172 end
169 end
173
170
174 def accept_key_auth_actions
171 def accept_key_auth_actions
175 self.class.read_inheritable_attribute('accept_key_auth_actions') || []
172 self.class.read_inheritable_attribute('accept_key_auth_actions') || []
176 end
173 end
177
174
178 # TODO: move to model
175 # TODO: move to model
179 def attach_files(obj, attachments)
176 def attach_files(obj, attachments)
180 attached = []
177 attached = []
181 if attachments && attachments.is_a?(Hash)
178 if attachments && attachments.is_a?(Hash)
182 attachments.each_value do |attachment|
179 attachments.each_value do |attachment|
183 file = attachment['file']
180 file = attachment['file']
184 next unless file && file.size > 0
181 next unless file && file.size > 0
185 a = Attachment.create(:container => obj,
182 a = Attachment.create(:container => obj,
186 :file => file,
183 :file => file,
187 :description => attachment['description'].to_s.strip,
184 :description => attachment['description'].to_s.strip,
188 :author => User.current)
185 :author => User.current)
189 attached << a unless a.new_record?
186 attached << a unless a.new_record?
190 end
187 end
191 end
188 end
192 attached
189 attached
193 end
190 end
194
191
195 # Returns the number of objects that should be displayed
192 # Returns the number of objects that should be displayed
196 # on the paginated list
193 # on the paginated list
197 def per_page_option
194 def per_page_option
198 per_page = nil
195 per_page = nil
199 if params[:per_page] && Setting.per_page_options_array.include?(params[:per_page].to_s.to_i)
196 if params[:per_page] && Setting.per_page_options_array.include?(params[:per_page].to_s.to_i)
200 per_page = params[:per_page].to_s.to_i
197 per_page = params[:per_page].to_s.to_i
201 session[:per_page] = per_page
198 session[:per_page] = per_page
202 elsif session[:per_page]
199 elsif session[:per_page]
203 per_page = session[:per_page]
200 per_page = session[:per_page]
204 else
201 else
205 per_page = Setting.per_page_options_array.first || 25
202 per_page = Setting.per_page_options_array.first || 25
206 end
203 end
207 per_page
204 per_page
208 end
205 end
209
206
210 # qvalues http header parser
207 # qvalues http header parser
211 # code taken from webrick
208 # code taken from webrick
212 def parse_qvalues(value)
209 def parse_qvalues(value)
213 tmp = []
210 tmp = []
214 if value
211 if value
215 parts = value.split(/,\s*/)
212 parts = value.split(/,\s*/)
216 parts.each {|part|
213 parts.each {|part|
217 if m = %r{^([^\s,]+?)(?:;\s*q=(\d+(?:\.\d+)?))?$}.match(part)
214 if m = %r{^([^\s,]+?)(?:;\s*q=(\d+(?:\.\d+)?))?$}.match(part)
218 val = m[1]
215 val = m[1]
219 q = (m[2] or 1).to_f
216 q = (m[2] or 1).to_f
220 tmp.push([val, q])
217 tmp.push([val, q])
221 end
218 end
222 }
219 }
223 tmp = tmp.sort_by{|val, q| -q}
220 tmp = tmp.sort_by{|val, q| -q}
224 tmp.collect!{|val, q| val}
221 tmp.collect!{|val, q| val}
225 end
222 end
226 return tmp
223 return tmp
227 end
224 end
228
225
229 # Returns a string that can be used as filename value in Content-Disposition header
226 # Returns a string that can be used as filename value in Content-Disposition header
230 def filename_for_content_disposition(name)
227 def filename_for_content_disposition(name)
231 request.env['HTTP_USER_AGENT'] =~ %r{MSIE} ? ERB::Util.url_encode(name) : name
228 request.env['HTTP_USER_AGENT'] =~ %r{MSIE} ? ERB::Util.url_encode(name) : name
232 end
229 end
233 end
230 end
General Comments 0
You need to be logged in to leave comments. Login now