| @@ -1,233 +1,230 | |||||
| 1 | # redMine - project management software |
|
1 | # redMine - project management software | |
| 2 | # Copyright (C) 2006-2007 Jean-Philippe Lang |
|
2 | # Copyright (C) 2006-2007 Jean-Philippe Lang | |
| 3 | # |
|
3 | # | |
| 4 | # This program is free software; you can redistribute it and/or |
|
4 | # This program is free software; you can redistribute it and/or | |
| 5 | # modify it under the terms of the GNU General Public License |
|
5 | # modify it under the terms of the GNU General Public License | |
| 6 | # as published by the Free Software Foundation; either version 2 |
|
6 | # as published by the Free Software Foundation; either version 2 | |
| 7 | # of the License, or (at your option) any later version. |
|
7 | # of the License, or (at your option) any later version. | |
| 8 | # |
|
8 | # | |
| 9 | # This program is distributed in the hope that it will be useful, |
|
9 | # This program is distributed in the hope that it will be useful, | |
| 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
| 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
| 12 | # GNU General Public License for more details. |
|
12 | # GNU General Public License for more details. | |
| 13 | # |
|
13 | # | |
| 14 | # You should have received a copy of the GNU General Public License |
|
14 | # You should have received a copy of the GNU General Public License | |
| 15 | # along with this program; if not, write to the Free Software |
|
15 | # along with this program; if not, write to the Free Software | |
| 16 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
|
16 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. | |
| 17 |
|
17 | |||
| 18 | require 'uri' |
|
18 | require 'uri' | |
| 19 | require 'cgi' |
|
19 | require 'cgi' | |
| 20 |
|
20 | |||
| 21 | class ApplicationController < ActionController::Base |
|
21 | class ApplicationController < ActionController::Base | |
| 22 | layout 'base' |
|
22 | layout 'base' | |
| 23 |
|
23 | |||
| 24 | before_filter :user_setup, :check_if_login_required, :set_localization |
|
24 | before_filter :user_setup, :check_if_login_required, :set_localization | |
| 25 | filter_parameter_logging :password |
|
25 | filter_parameter_logging :password | |
| 26 |
|
26 | |||
| 27 | include Redmine::MenuManager::MenuController |
|
27 | include Redmine::MenuManager::MenuController | |
| 28 | helper Redmine::MenuManager::MenuHelper |
|
28 | helper Redmine::MenuManager::MenuHelper | |
| 29 |
|
29 | |||
| 30 | REDMINE_SUPPORTED_SCM.each do |scm| |
|
30 | REDMINE_SUPPORTED_SCM.each do |scm| | |
| 31 | require_dependency "repository/#{scm.underscore}" |
|
31 | require_dependency "repository/#{scm.underscore}" | |
| 32 | end |
|
32 | end | |
| 33 |
|
33 | |||
| 34 | def current_role |
|
34 | def current_role | |
| 35 | @current_role ||= User.current.role_for_project(@project) |
|
35 | @current_role ||= User.current.role_for_project(@project) | |
| 36 | end |
|
36 | end | |
| 37 |
|
37 | |||
| 38 | def user_setup |
|
38 | def user_setup | |
| 39 | # Check the settings cache for each request |
|
39 | # Check the settings cache for each request | |
| 40 | Setting.check_cache |
|
40 | Setting.check_cache | |
| 41 | # Find the current user |
|
41 | # Find the current user | |
| 42 | User.current = find_current_user |
|
42 | User.current = find_current_user | |
| 43 | end |
|
43 | end | |
| 44 |
|
44 | |||
| 45 | # Returns the current user or nil if no user is logged in |
|
45 | # Returns the current user or nil if no user is logged in | |
| 46 | def find_current_user |
|
46 | def find_current_user | |
| 47 | if session[:user_id] |
|
47 | if session[:user_id] | |
| 48 | # existing session |
|
48 | # existing session | |
| 49 | (User.active.find(session[:user_id]) rescue nil) |
|
49 | (User.active.find(session[:user_id]) rescue nil) | |
| 50 | elsif cookies[:autologin] && Setting.autologin? |
|
50 | elsif cookies[:autologin] && Setting.autologin? | |
| 51 | # auto-login feature |
|
51 | # auto-login feature | |
| 52 | User.find_by_autologin_key(cookies[:autologin]) |
|
52 | User.find_by_autologin_key(cookies[:autologin]) | |
| 53 | elsif params[:key] && accept_key_auth_actions.include?(params[:action]) |
|
53 | elsif params[:key] && accept_key_auth_actions.include?(params[:action]) | |
| 54 | # RSS key authentication |
|
54 | # RSS key authentication | |
| 55 | User.find_by_rss_key(params[:key]) |
|
55 | User.find_by_rss_key(params[:key]) | |
| 56 | end |
|
56 | end | |
| 57 | end |
|
57 | end | |
| 58 |
|
58 | |||
| 59 | # check if login is globally required to access the application |
|
59 | # check if login is globally required to access the application | |
| 60 | def check_if_login_required |
|
60 | def check_if_login_required | |
| 61 | # no check needed if user is already logged in |
|
61 | # no check needed if user is already logged in | |
| 62 | return true if User.current.logged? |
|
62 | return true if User.current.logged? | |
| 63 | require_login if Setting.login_required? |
|
63 | require_login if Setting.login_required? | |
| 64 | end |
|
64 | end | |
| 65 |
|
65 | |||
| 66 | def set_localization |
|
66 | def set_localization | |
| 67 | User.current.language = nil unless User.current.logged? |
|
67 | User.current.language = nil unless User.current.logged? | |
| 68 | lang = begin |
|
68 | lang = begin | |
| 69 | if !User.current.language.blank? && GLoc.valid_language?(User.current.language) |
|
69 | if !User.current.language.blank? && GLoc.valid_language?(User.current.language) | |
| 70 | User.current.language |
|
70 | User.current.language | |
| 71 | elsif request.env['HTTP_ACCEPT_LANGUAGE'] |
|
71 | elsif request.env['HTTP_ACCEPT_LANGUAGE'] | |
| 72 | accept_lang = parse_qvalues(request.env['HTTP_ACCEPT_LANGUAGE']).first.downcase |
|
72 | accept_lang = parse_qvalues(request.env['HTTP_ACCEPT_LANGUAGE']).first.downcase | |
| 73 | if !accept_lang.blank? && (GLoc.valid_language?(accept_lang) || GLoc.valid_language?(accept_lang = accept_lang.split('-').first)) |
|
73 | if !accept_lang.blank? && (GLoc.valid_language?(accept_lang) || GLoc.valid_language?(accept_lang = accept_lang.split('-').first)) | |
| 74 | User.current.language = accept_lang |
|
74 | User.current.language = accept_lang | |
| 75 | end |
|
75 | end | |
| 76 | end |
|
76 | end | |
| 77 | rescue |
|
77 | rescue | |
| 78 | nil |
|
78 | nil | |
| 79 | end || Setting.default_language |
|
79 | end || Setting.default_language | |
| 80 | set_language_if_valid(lang) |
|
80 | set_language_if_valid(lang) | |
| 81 | end |
|
81 | end | |
| 82 |
|
82 | |||
| 83 | def require_login |
|
83 | def require_login | |
| 84 | if !User.current.logged? |
|
84 | if !User.current.logged? | |
| 85 | redirect_to :controller => "account", :action => "login", :back_url => url_for(params) |
|
85 | redirect_to :controller => "account", :action => "login", :back_url => url_for(params) | |
| 86 | return false |
|
86 | return false | |
| 87 | end |
|
87 | end | |
| 88 | true |
|
88 | true | |
| 89 | end |
|
89 | end | |
| 90 |
|
90 | |||
| 91 | def require_admin |
|
91 | def require_admin | |
| 92 | return unless require_login |
|
92 | return unless require_login | |
| 93 | if !User.current.admin? |
|
93 | if !User.current.admin? | |
| 94 | render_403 |
|
94 | render_403 | |
| 95 | return false |
|
95 | return false | |
| 96 | end |
|
96 | end | |
| 97 | true |
|
97 | true | |
| 98 | end |
|
98 | end | |
| 99 |
|
99 | |||
| 100 | def deny_access |
|
100 | def deny_access | |
| 101 | User.current.logged? ? render_403 : require_login |
|
101 | User.current.logged? ? render_403 : require_login | |
| 102 | end |
|
102 | end | |
| 103 |
|
103 | |||
| 104 | # Authorize the user for the requested action |
|
104 | # Authorize the user for the requested action | |
| 105 | def authorize(ctrl = params[:controller], action = params[:action]) |
|
105 | def authorize(ctrl = params[:controller], action = params[:action]) | |
| 106 | allowed = User.current.allowed_to?({:controller => ctrl, :action => action}, @project) |
|
106 | allowed = User.current.allowed_to?({:controller => ctrl, :action => action}, @project) | |
| 107 | allowed ? true : deny_access |
|
107 | allowed ? true : deny_access | |
| 108 | end |
|
108 | end | |
| 109 |
|
109 | |||
| 110 | # make sure that the user is a member of the project (or admin) if project is private |
|
110 | # make sure that the user is a member of the project (or admin) if project is private | |
| 111 | # used as a before_filter for actions that do not require any particular permission on the project |
|
111 | # used as a before_filter for actions that do not require any particular permission on the project | |
| 112 | def check_project_privacy |
|
112 | def check_project_privacy | |
| 113 | if @project && @project.active? |
|
113 | if @project && @project.active? | |
| 114 | if @project.is_public? || User.current.member_of?(@project) || User.current.admin? |
|
114 | if @project.is_public? || User.current.member_of?(@project) || User.current.admin? | |
| 115 | true |
|
115 | true | |
| 116 | else |
|
116 | else | |
| 117 | User.current.logged? ? render_403 : require_login |
|
117 | User.current.logged? ? render_403 : require_login | |
| 118 | end |
|
118 | end | |
| 119 | else |
|
119 | else | |
| 120 | @project = nil |
|
120 | @project = nil | |
| 121 | render_404 |
|
121 | render_404 | |
| 122 | false |
|
122 | false | |
| 123 | end |
|
123 | end | |
| 124 | end |
|
124 | end | |
| 125 |
|
125 | |||
| 126 | def redirect_back_or_default(default) |
|
126 | def redirect_back_or_default(default) | |
| 127 | back_url = CGI.unescape(params[:back_url].to_s) |
|
127 | back_url = CGI.unescape(params[:back_url].to_s) | |
| 128 | if !back_url.blank? |
|
128 | if !back_url.blank? | |
| 129 | begin |
|
129 | begin | |
| 130 | uri = URI.parse(back_url) |
|
130 | uri = URI.parse(back_url) | |
| 131 | # do not redirect user to another host or to the login or register page |
|
131 | # do not redirect user to another host or to the login or register page | |
| 132 | if (uri.relative? || (uri.host == request.host)) && !uri.path.match(%r{/(login|account/register)}) |
|
132 | if (uri.relative? || (uri.host == request.host)) && !uri.path.match(%r{/(login|account/register)}) | |
| 133 | redirect_to(back_url) and return |
|
133 | redirect_to(back_url) and return | |
| 134 | end |
|
134 | end | |
| 135 | rescue URI::InvalidURIError |
|
135 | rescue URI::InvalidURIError | |
| 136 | # redirect to default |
|
136 | # redirect to default | |
| 137 | end |
|
137 | end | |
| 138 | end |
|
138 | end | |
| 139 | redirect_to default |
|
139 | redirect_to default | |
| 140 | rescue |
|
|||
| 141 |
|
||||
| 142 |
|
||||
| 143 | end |
|
140 | end | |
| 144 |
|
141 | |||
| 145 | def render_403 |
|
142 | def render_403 | |
| 146 | @project = nil |
|
143 | @project = nil | |
| 147 | render :template => "common/403", :layout => !request.xhr?, :status => 403 |
|
144 | render :template => "common/403", :layout => !request.xhr?, :status => 403 | |
| 148 | return false |
|
145 | return false | |
| 149 | end |
|
146 | end | |
| 150 |
|
147 | |||
| 151 | def render_404 |
|
148 | def render_404 | |
| 152 | render :template => "common/404", :layout => !request.xhr?, :status => 404 |
|
149 | render :template => "common/404", :layout => !request.xhr?, :status => 404 | |
| 153 | return false |
|
150 | return false | |
| 154 | end |
|
151 | end | |
| 155 |
|
152 | |||
| 156 | def render_error(msg) |
|
153 | def render_error(msg) | |
| 157 | flash.now[:error] = msg |
|
154 | flash.now[:error] = msg | |
| 158 | render :nothing => true, :layout => !request.xhr?, :status => 500 |
|
155 | render :nothing => true, :layout => !request.xhr?, :status => 500 | |
| 159 | end |
|
156 | end | |
| 160 |
|
157 | |||
| 161 | def render_feed(items, options={}) |
|
158 | def render_feed(items, options={}) | |
| 162 | @items = items || [] |
|
159 | @items = items || [] | |
| 163 | @items.sort! {|x,y| y.event_datetime <=> x.event_datetime } |
|
160 | @items.sort! {|x,y| y.event_datetime <=> x.event_datetime } | |
| 164 | @items = @items.slice(0, Setting.feeds_limit.to_i) |
|
161 | @items = @items.slice(0, Setting.feeds_limit.to_i) | |
| 165 | @title = options[:title] || Setting.app_title |
|
162 | @title = options[:title] || Setting.app_title | |
| 166 | render :template => "common/feed.atom.rxml", :layout => false, :content_type => 'application/atom+xml' |
|
163 | render :template => "common/feed.atom.rxml", :layout => false, :content_type => 'application/atom+xml' | |
| 167 | end |
|
164 | end | |
| 168 |
|
165 | |||
| 169 | def self.accept_key_auth(*actions) |
|
166 | def self.accept_key_auth(*actions) | |
| 170 | actions = actions.flatten.map(&:to_s) |
|
167 | actions = actions.flatten.map(&:to_s) | |
| 171 | write_inheritable_attribute('accept_key_auth_actions', actions) |
|
168 | write_inheritable_attribute('accept_key_auth_actions', actions) | |
| 172 | end |
|
169 | end | |
| 173 |
|
170 | |||
| 174 | def accept_key_auth_actions |
|
171 | def accept_key_auth_actions | |
| 175 | self.class.read_inheritable_attribute('accept_key_auth_actions') || [] |
|
172 | self.class.read_inheritable_attribute('accept_key_auth_actions') || [] | |
| 176 | end |
|
173 | end | |
| 177 |
|
174 | |||
| 178 | # TODO: move to model |
|
175 | # TODO: move to model | |
| 179 | def attach_files(obj, attachments) |
|
176 | def attach_files(obj, attachments) | |
| 180 | attached = [] |
|
177 | attached = [] | |
| 181 | if attachments && attachments.is_a?(Hash) |
|
178 | if attachments && attachments.is_a?(Hash) | |
| 182 | attachments.each_value do |attachment| |
|
179 | attachments.each_value do |attachment| | |
| 183 | file = attachment['file'] |
|
180 | file = attachment['file'] | |
| 184 | next unless file && file.size > 0 |
|
181 | next unless file && file.size > 0 | |
| 185 | a = Attachment.create(:container => obj, |
|
182 | a = Attachment.create(:container => obj, | |
| 186 | :file => file, |
|
183 | :file => file, | |
| 187 | :description => attachment['description'].to_s.strip, |
|
184 | :description => attachment['description'].to_s.strip, | |
| 188 | :author => User.current) |
|
185 | :author => User.current) | |
| 189 | attached << a unless a.new_record? |
|
186 | attached << a unless a.new_record? | |
| 190 | end |
|
187 | end | |
| 191 | end |
|
188 | end | |
| 192 | attached |
|
189 | attached | |
| 193 | end |
|
190 | end | |
| 194 |
|
191 | |||
| 195 | # Returns the number of objects that should be displayed |
|
192 | # Returns the number of objects that should be displayed | |
| 196 | # on the paginated list |
|
193 | # on the paginated list | |
| 197 | def per_page_option |
|
194 | def per_page_option | |
| 198 | per_page = nil |
|
195 | per_page = nil | |
| 199 | if params[:per_page] && Setting.per_page_options_array.include?(params[:per_page].to_s.to_i) |
|
196 | if params[:per_page] && Setting.per_page_options_array.include?(params[:per_page].to_s.to_i) | |
| 200 | per_page = params[:per_page].to_s.to_i |
|
197 | per_page = params[:per_page].to_s.to_i | |
| 201 | session[:per_page] = per_page |
|
198 | session[:per_page] = per_page | |
| 202 | elsif session[:per_page] |
|
199 | elsif session[:per_page] | |
| 203 | per_page = session[:per_page] |
|
200 | per_page = session[:per_page] | |
| 204 | else |
|
201 | else | |
| 205 | per_page = Setting.per_page_options_array.first || 25 |
|
202 | per_page = Setting.per_page_options_array.first || 25 | |
| 206 | end |
|
203 | end | |
| 207 | per_page |
|
204 | per_page | |
| 208 | end |
|
205 | end | |
| 209 |
|
206 | |||
| 210 | # qvalues http header parser |
|
207 | # qvalues http header parser | |
| 211 | # code taken from webrick |
|
208 | # code taken from webrick | |
| 212 | def parse_qvalues(value) |
|
209 | def parse_qvalues(value) | |
| 213 | tmp = [] |
|
210 | tmp = [] | |
| 214 | if value |
|
211 | if value | |
| 215 | parts = value.split(/,\s*/) |
|
212 | parts = value.split(/,\s*/) | |
| 216 | parts.each {|part| |
|
213 | parts.each {|part| | |
| 217 | if m = %r{^([^\s,]+?)(?:;\s*q=(\d+(?:\.\d+)?))?$}.match(part) |
|
214 | if m = %r{^([^\s,]+?)(?:;\s*q=(\d+(?:\.\d+)?))?$}.match(part) | |
| 218 | val = m[1] |
|
215 | val = m[1] | |
| 219 | q = (m[2] or 1).to_f |
|
216 | q = (m[2] or 1).to_f | |
| 220 | tmp.push([val, q]) |
|
217 | tmp.push([val, q]) | |
| 221 | end |
|
218 | end | |
| 222 | } |
|
219 | } | |
| 223 | tmp = tmp.sort_by{|val, q| -q} |
|
220 | tmp = tmp.sort_by{|val, q| -q} | |
| 224 | tmp.collect!{|val, q| val} |
|
221 | tmp.collect!{|val, q| val} | |
| 225 | end |
|
222 | end | |
| 226 | return tmp |
|
223 | return tmp | |
| 227 | end |
|
224 | end | |
| 228 |
|
225 | |||
| 229 | # Returns a string that can be used as filename value in Content-Disposition header |
|
226 | # Returns a string that can be used as filename value in Content-Disposition header | |
| 230 | def filename_for_content_disposition(name) |
|
227 | def filename_for_content_disposition(name) | |
| 231 | request.env['HTTP_USER_AGENT'] =~ %r{MSIE} ? ERB::Util.url_encode(name) : name |
|
228 | request.env['HTTP_USER_AGENT'] =~ %r{MSIE} ? ERB::Util.url_encode(name) : name | |
| 232 | end |
|
229 | end | |
| 233 | end |
|
230 | end | |
General Comments 0
You need to be logged in to leave comments.
Login now