##// END OF EJS Templates
jro_apps » redmine
RSS
Unescape back_url param before calling redirect_to....
Jean-Philippe Lang -
r1891:8a356baf3e32
parent child
Show More
Side by Side Unified
Context file:
r1891:8a356baf3e32 Loading diff...:
Show file before | Show file after | Hide comments
@@ -1,225 +1,226
1 # redMine - project management software
1 # redMine - project management software
2 # Copyright (C) 2006-2007 Jean-Philippe Lang
2 # Copyright (C) 2006-2007 Jean-Philippe Lang
3 #
3 #
4 # This program is free software; you can redistribute it and/or
4 # This program is free software; you can redistribute it and/or
5 # modify it under the terms of the GNU General Public License
5 # modify it under the terms of the GNU General Public License
6 # as published by the Free Software Foundation; either version 2
6 # as published by the Free Software Foundation; either version 2
7 # of the License, or (at your option) any later version.
7 # of the License, or (at your option) any later version.
8 #
8 #
9 # This program is distributed in the hope that it will be useful,
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
12 # GNU General Public License for more details.
13 #
13 #
14 # You should have received a copy of the GNU General Public License
14 # You should have received a copy of the GNU General Public License
15 # along with this program; if not, write to the Free Software
15 # along with this program; if not, write to the Free Software
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17
17
18 require 'uri'
18 require 'uri'
19 require 'cgi'
19
20
20 class ApplicationController < ActionController::Base
21 class ApplicationController < ActionController::Base
21 layout 'base'
22 layout 'base'
22
23
23 before_filter :user_setup, :check_if_login_required, :set_localization
24 before_filter :user_setup, :check_if_login_required, :set_localization
24 filter_parameter_logging :password
25 filter_parameter_logging :password
25
26
26 include Redmine::MenuManager::MenuController
27 include Redmine::MenuManager::MenuController
27 helper Redmine::MenuManager::MenuHelper
28 helper Redmine::MenuManager::MenuHelper
28
29
29 REDMINE_SUPPORTED_SCM.each do |scm|
30 REDMINE_SUPPORTED_SCM.each do |scm|
30 require_dependency "repository/#{scm.underscore}"
31 require_dependency "repository/#{scm.underscore}"
31 end
32 end
32
33
33 def current_role
34 def current_role
34 @current_role ||= User.current.role_for_project(@project)
35 @current_role ||= User.current.role_for_project(@project)
35 end
36 end
36
37
37 def user_setup
38 def user_setup
38 # Check the settings cache for each request
39 # Check the settings cache for each request
39 Setting.check_cache
40 Setting.check_cache
40 # Find the current user
41 # Find the current user
41 User.current = find_current_user
42 User.current = find_current_user
42 end
43 end
43
44
44 # Returns the current user or nil if no user is logged in
45 # Returns the current user or nil if no user is logged in
45 def find_current_user
46 def find_current_user
46 if session[:user_id]
47 if session[:user_id]
47 # existing session
48 # existing session
48 (User.find_active(session[:user_id]) rescue nil)
49 (User.find_active(session[:user_id]) rescue nil)
49 elsif cookies[:autologin] && Setting.autologin?
50 elsif cookies[:autologin] && Setting.autologin?
50 # auto-login feature
51 # auto-login feature
51 User.find_by_autologin_key(cookies[:autologin])
52 User.find_by_autologin_key(cookies[:autologin])
52 elsif params[:key] && accept_key_auth_actions.include?(params[:action])
53 elsif params[:key] && accept_key_auth_actions.include?(params[:action])
53 # RSS key authentication
54 # RSS key authentication
54 User.find_by_rss_key(params[:key])
55 User.find_by_rss_key(params[:key])
55 end
56 end
56 end
57 end
57
58
58 # check if login is globally required to access the application
59 # check if login is globally required to access the application
59 def check_if_login_required
60 def check_if_login_required
60 # no check needed if user is already logged in
61 # no check needed if user is already logged in
61 return true if User.current.logged?
62 return true if User.current.logged?
62 require_login if Setting.login_required?
63 require_login if Setting.login_required?
63 end
64 end
64
65
65 def set_localization
66 def set_localization
66 User.current.language = nil unless User.current.logged?
67 User.current.language = nil unless User.current.logged?
67 lang = begin
68 lang = begin
68 if !User.current.language.blank? && GLoc.valid_language?(User.current.language)
69 if !User.current.language.blank? && GLoc.valid_language?(User.current.language)
69 User.current.language
70 User.current.language
70 elsif request.env['HTTP_ACCEPT_LANGUAGE']
71 elsif request.env['HTTP_ACCEPT_LANGUAGE']
71 accept_lang = parse_qvalues(request.env['HTTP_ACCEPT_LANGUAGE']).first.downcase
72 accept_lang = parse_qvalues(request.env['HTTP_ACCEPT_LANGUAGE']).first.downcase
72 if !accept_lang.blank? && (GLoc.valid_language?(accept_lang) || GLoc.valid_language?(accept_lang = accept_lang.split('-').first))
73 if !accept_lang.blank? && (GLoc.valid_language?(accept_lang) || GLoc.valid_language?(accept_lang = accept_lang.split('-').first))
73 User.current.language = accept_lang
74 User.current.language = accept_lang
74 end
75 end
75 end
76 end
76 rescue
77 rescue
77 nil
78 nil
78 end || Setting.default_language
79 end || Setting.default_language
79 set_language_if_valid(lang)
80 set_language_if_valid(lang)
80 end
81 end
81
82
82 def require_login
83 def require_login
83 if !User.current.logged?
84 if !User.current.logged?
84 redirect_to :controller => "account", :action => "login", :back_url => (request.relative_url_root + request.request_uri)
85 redirect_to :controller => "account", :action => "login", :back_url => (request.relative_url_root + request.request_uri)
85 return false
86 return false
86 end
87 end
87 true
88 true
88 end
89 end
89
90
90 def require_admin
91 def require_admin
91 return unless require_login
92 return unless require_login
92 if !User.current.admin?
93 if !User.current.admin?
93 render_403
94 render_403
94 return false
95 return false
95 end
96 end
96 true
97 true
97 end
98 end
98
99
99 def deny_access
100 def deny_access
100 User.current.logged? ? render_403 : require_login
101 User.current.logged? ? render_403 : require_login
101 end
102 end
102
103
103 # Authorize the user for the requested action
104 # Authorize the user for the requested action
104 def authorize(ctrl = params[:controller], action = params[:action])
105 def authorize(ctrl = params[:controller], action = params[:action])
105 allowed = User.current.allowed_to?({:controller => ctrl, :action => action}, @project)
106 allowed = User.current.allowed_to?({:controller => ctrl, :action => action}, @project)
106 allowed ? true : deny_access
107 allowed ? true : deny_access
107 end
108 end
108
109
109 # make sure that the user is a member of the project (or admin) if project is private
110 # make sure that the user is a member of the project (or admin) if project is private
110 # used as a before_filter for actions that do not require any particular permission on the project
111 # used as a before_filter for actions that do not require any particular permission on the project
111 def check_project_privacy
112 def check_project_privacy
112 if @project && @project.active?
113 if @project && @project.active?
113 if @project.is_public? || User.current.member_of?(@project) || User.current.admin?
114 if @project.is_public? || User.current.member_of?(@project) || User.current.admin?
114 true
115 true
115 else
116 else
116 User.current.logged? ? render_403 : require_login
117 User.current.logged? ? render_403 : require_login
117 end
118 end
118 else
119 else
119 @project = nil
120 @project = nil
120 render_404
121 render_404
121 false
122 false
122 end
123 end
123 end
124 end
124
125
125 def redirect_back_or_default(default)
126 def redirect_back_or_default(default)
126 back_url = params[:back_url]
127 back_url = CGI.unescape(params[:back_url].to_s)
127 if !back_url.blank?
128 if !back_url.blank?
128 uri = URI.parse(back_url)
129 uri = URI.parse(back_url)
129 # do not redirect user to another host
130 # do not redirect user to another host
130 if uri.relative? || (uri.host == request.host)
131 if uri.relative? || (uri.host == request.host)
131 redirect_to(back_url) and return
132 redirect_to(back_url) and return
132 end
133 end
133 end
134 end
134 redirect_to default
135 redirect_to default
135 end
136 end
136
137
137 def render_403
138 def render_403
138 @project = nil
139 @project = nil
139 render :template => "common/403", :layout => !request.xhr?, :status => 403
140 render :template => "common/403", :layout => !request.xhr?, :status => 403
140 return false
141 return false
141 end
142 end
142
143
143 def render_404
144 def render_404
144 render :template => "common/404", :layout => !request.xhr?, :status => 404
145 render :template => "common/404", :layout => !request.xhr?, :status => 404
145 return false
146 return false
146 end
147 end
147
148
148 def render_error(msg)
149 def render_error(msg)
149 flash.now[:error] = msg
150 flash.now[:error] = msg
150 render :nothing => true, :layout => !request.xhr?, :status => 500
151 render :nothing => true, :layout => !request.xhr?, :status => 500
151 end
152 end
152
153
153 def render_feed(items, options={})
154 def render_feed(items, options={})
154 @items = items || []
155 @items = items || []
155 @items.sort! {|x,y| y.event_datetime <=> x.event_datetime }
156 @items.sort! {|x,y| y.event_datetime <=> x.event_datetime }
156 @items = @items.slice(0, Setting.feeds_limit.to_i)
157 @items = @items.slice(0, Setting.feeds_limit.to_i)
157 @title = options[:title] || Setting.app_title
158 @title = options[:title] || Setting.app_title
158 render :template => "common/feed.atom.rxml", :layout => false, :content_type => 'application/atom+xml'
159 render :template => "common/feed.atom.rxml", :layout => false, :content_type => 'application/atom+xml'
159 end
160 end
160
161
161 def self.accept_key_auth(*actions)
162 def self.accept_key_auth(*actions)
162 actions = actions.flatten.map(&:to_s)
163 actions = actions.flatten.map(&:to_s)
163 write_inheritable_attribute('accept_key_auth_actions', actions)
164 write_inheritable_attribute('accept_key_auth_actions', actions)
164 end
165 end
165
166
166 def accept_key_auth_actions
167 def accept_key_auth_actions
167 self.class.read_inheritable_attribute('accept_key_auth_actions') || []
168 self.class.read_inheritable_attribute('accept_key_auth_actions') || []
168 end
169 end
169
170
170 # TODO: move to model
171 # TODO: move to model
171 def attach_files(obj, attachments)
172 def attach_files(obj, attachments)
172 attached = []
173 attached = []
173 if attachments && attachments.is_a?(Hash)
174 if attachments && attachments.is_a?(Hash)
174 attachments.each_value do |attachment|
175 attachments.each_value do |attachment|
175 file = attachment['file']
176 file = attachment['file']
176 next unless file && file.size > 0
177 next unless file && file.size > 0
177 a = Attachment.create(:container => obj,
178 a = Attachment.create(:container => obj,
178 :file => file,
179 :file => file,
179 :description => attachment['description'].to_s.strip,
180 :description => attachment['description'].to_s.strip,
180 :author => User.current)
181 :author => User.current)
181 attached << a unless a.new_record?
182 attached << a unless a.new_record?
182 end
183 end
183 end
184 end
184 attached
185 attached
185 end
186 end
186
187
187 # Returns the number of objects that should be displayed
188 # Returns the number of objects that should be displayed
188 # on the paginated list
189 # on the paginated list
189 def per_page_option
190 def per_page_option
190 per_page = nil
191 per_page = nil
191 if params[:per_page] && Setting.per_page_options_array.include?(params[:per_page].to_s.to_i)
192 if params[:per_page] && Setting.per_page_options_array.include?(params[:per_page].to_s.to_i)
192 per_page = params[:per_page].to_s.to_i
193 per_page = params[:per_page].to_s.to_i
193 session[:per_page] = per_page
194 session[:per_page] = per_page
194 elsif session[:per_page]
195 elsif session[:per_page]
195 per_page = session[:per_page]
196 per_page = session[:per_page]
196 else
197 else
197 per_page = Setting.per_page_options_array.first || 25
198 per_page = Setting.per_page_options_array.first || 25
198 end
199 end
199 per_page
200 per_page
200 end
201 end
201
202
202 # qvalues http header parser
203 # qvalues http header parser
203 # code taken from webrick
204 # code taken from webrick
204 def parse_qvalues(value)
205 def parse_qvalues(value)
205 tmp = []
206 tmp = []
206 if value
207 if value
207 parts = value.split(/,\s*/)
208 parts = value.split(/,\s*/)
208 parts.each {|part|
209 parts.each {|part|
209 if m = %r{^([^\s,]+?)(?:;\s*q=(\d+(?:\.\d+)?))?$}.match(part)
210 if m = %r{^([^\s,]+?)(?:;\s*q=(\d+(?:\.\d+)?))?$}.match(part)
210 val = m[1]
211 val = m[1]
211 q = (m[2] or 1).to_f
212 q = (m[2] or 1).to_f
212 tmp.push([val, q])
213 tmp.push([val, q])
213 end
214 end
214 }
215 }
215 tmp = tmp.sort_by{|val, q| -q}
216 tmp = tmp.sort_by{|val, q| -q}
216 tmp.collect!{|val, q| val}
217 tmp.collect!{|val, q| val}
217 end
218 end
218 return tmp
219 return tmp
219 end
220 end
220
221
221 # Returns a string that can be used as filename value in Content-Disposition header
222 # Returns a string that can be used as filename value in Content-Disposition header
222 def filename_for_content_disposition(name)
223 def filename_for_content_disposition(name)
223 request.env['HTTP_USER_AGENT'] =~ %r{MSIE} ? ERB::Util.url_encode(name) : name
224 request.env['HTTP_USER_AGENT'] =~ %r{MSIE} ? ERB::Util.url_encode(name) : name
224 end
225 end
225 end
226 end
Show file before | Show file after | Hide comments
@@ -1,285 +1,285
1 # redMine - project management software
1 # redMine - project management software
2 # Copyright (C) 2006-2007 Jean-Philippe Lang
2 # Copyright (C) 2006-2007 Jean-Philippe Lang
3 #
3 #
4 # This program is free software; you can redistribute it and/or
4 # This program is free software; you can redistribute it and/or
5 # modify it under the terms of the GNU General Public License
5 # modify it under the terms of the GNU General Public License
6 # as published by the Free Software Foundation; either version 2
6 # as published by the Free Software Foundation; either version 2
7 # of the License, or (at your option) any later version.
7 # of the License, or (at your option) any later version.
8 #
8 #
9 # This program is distributed in the hope that it will be useful,
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
12 # GNU General Public License for more details.
13 #
13 #
14 # You should have received a copy of the GNU General Public License
14 # You should have received a copy of the GNU General Public License
15 # along with this program; if not, write to the Free Software
15 # along with this program; if not, write to the Free Software
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17
17
18 class TimelogController < ApplicationController
18 class TimelogController < ApplicationController
19 menu_item :issues
19 menu_item :issues
20 before_filter :find_project, :authorize, :only => [:edit, :destroy]
20 before_filter :find_project, :authorize, :only => [:edit, :destroy]
21 before_filter :find_optional_project, :only => [:report, :details]
21 before_filter :find_optional_project, :only => [:report, :details]
22
22
23 verify :method => :post, :only => :destroy, :redirect_to => { :action => :details }
23 verify :method => :post, :only => :destroy, :redirect_to => { :action => :details }
24
24
25 helper :sort
25 helper :sort
26 include SortHelper
26 include SortHelper
27 helper :issues
27 helper :issues
28 include TimelogHelper
28 include TimelogHelper
29 helper :custom_fields
29 helper :custom_fields
30 include CustomFieldsHelper
30 include CustomFieldsHelper
31
31
32 def report
32 def report
33 @available_criterias = { 'project' => {:sql => "#{TimeEntry.table_name}.project_id",
33 @available_criterias = { 'project' => {:sql => "#{TimeEntry.table_name}.project_id",
34 :klass => Project,
34 :klass => Project,
35 :label => :label_project},
35 :label => :label_project},
36 'version' => {:sql => "#{Issue.table_name}.fixed_version_id",
36 'version' => {:sql => "#{Issue.table_name}.fixed_version_id",
37 :klass => Version,
37 :klass => Version,
38 :label => :label_version},
38 :label => :label_version},
39 'category' => {:sql => "#{Issue.table_name}.category_id",
39 'category' => {:sql => "#{Issue.table_name}.category_id",
40 :klass => IssueCategory,
40 :klass => IssueCategory,
41 :label => :field_category},
41 :label => :field_category},
42 'member' => {:sql => "#{TimeEntry.table_name}.user_id",
42 'member' => {:sql => "#{TimeEntry.table_name}.user_id",
43 :klass => User,
43 :klass => User,
44 :label => :label_member},
44 :label => :label_member},
45 'tracker' => {:sql => "#{Issue.table_name}.tracker_id",
45 'tracker' => {:sql => "#{Issue.table_name}.tracker_id",
46 :klass => Tracker,
46 :klass => Tracker,
47 :label => :label_tracker},
47 :label => :label_tracker},
48 'activity' => {:sql => "#{TimeEntry.table_name}.activity_id",
48 'activity' => {:sql => "#{TimeEntry.table_name}.activity_id",
49 :klass => Enumeration,
49 :klass => Enumeration,
50 :label => :label_activity},
50 :label => :label_activity},
51 'issue' => {:sql => "#{TimeEntry.table_name}.issue_id",
51 'issue' => {:sql => "#{TimeEntry.table_name}.issue_id",
52 :klass => Issue,
52 :klass => Issue,
53 :label => :label_issue}
53 :label => :label_issue}
54 }
54 }
55
55
56 # Add list and boolean custom fields as available criterias
56 # Add list and boolean custom fields as available criterias
57 custom_fields = (@project.nil? ? IssueCustomField.for_all : @project.all_issue_custom_fields)
57 custom_fields = (@project.nil? ? IssueCustomField.for_all : @project.all_issue_custom_fields)
58 custom_fields.select {|cf| %w(list bool).include? cf.field_format }.each do |cf|
58 custom_fields.select {|cf| %w(list bool).include? cf.field_format }.each do |cf|
59 @available_criterias["cf_#{cf.id}"] = {:sql => "(SELECT c.value FROM #{CustomValue.table_name} c WHERE c.custom_field_id = #{cf.id} AND c.customized_type = 'Issue' AND c.customized_id = #{Issue.table_name}.id)",
59 @available_criterias["cf_#{cf.id}"] = {:sql => "(SELECT c.value FROM #{CustomValue.table_name} c WHERE c.custom_field_id = #{cf.id} AND c.customized_type = 'Issue' AND c.customized_id = #{Issue.table_name}.id)",
60 :format => cf.field_format,
60 :format => cf.field_format,
61 :label => cf.name}
61 :label => cf.name}
62 end if @project
62 end if @project
63
63
64 # Add list and boolean time entry custom fields
64 # Add list and boolean time entry custom fields
65 TimeEntryCustomField.find(:all).select {|cf| %w(list bool).include? cf.field_format }.each do |cf|
65 TimeEntryCustomField.find(:all).select {|cf| %w(list bool).include? cf.field_format }.each do |cf|
66 @available_criterias["cf_#{cf.id}"] = {:sql => "(SELECT c.value FROM #{CustomValue.table_name} c WHERE c.custom_field_id = #{cf.id} AND c.customized_type = 'TimeEntry' AND c.customized_id = #{TimeEntry.table_name}.id)",
66 @available_criterias["cf_#{cf.id}"] = {:sql => "(SELECT c.value FROM #{CustomValue.table_name} c WHERE c.custom_field_id = #{cf.id} AND c.customized_type = 'TimeEntry' AND c.customized_id = #{TimeEntry.table_name}.id)",
67 :format => cf.field_format,
67 :format => cf.field_format,
68 :label => cf.name}
68 :label => cf.name}
69 end
69 end
70
70
71 @criterias = params[:criterias] || []
71 @criterias = params[:criterias] || []
72 @criterias = @criterias.select{|criteria| @available_criterias.has_key? criteria}
72 @criterias = @criterias.select{|criteria| @available_criterias.has_key? criteria}
73 @criterias.uniq!
73 @criterias.uniq!
74 @criterias = @criterias[0,3]
74 @criterias = @criterias[0,3]
75
75
76 @columns = (params[:columns] && %w(year month week day).include?(params[:columns])) ? params[:columns] : 'month'
76 @columns = (params[:columns] && %w(year month week day).include?(params[:columns])) ? params[:columns] : 'month'
77
77
78 retrieve_date_range
78 retrieve_date_range
79
79
80 unless @criterias.empty?
80 unless @criterias.empty?
81 sql_select = @criterias.collect{|criteria| @available_criterias[criteria][:sql] + " AS " + criteria}.join(', ')
81 sql_select = @criterias.collect{|criteria| @available_criterias[criteria][:sql] + " AS " + criteria}.join(', ')
82 sql_group_by = @criterias.collect{|criteria| @available_criterias[criteria][:sql]}.join(', ')
82 sql_group_by = @criterias.collect{|criteria| @available_criterias[criteria][:sql]}.join(', ')
83
83
84 sql = "SELECT #{sql_select}, tyear, tmonth, tweek, spent_on, SUM(hours) AS hours"
84 sql = "SELECT #{sql_select}, tyear, tmonth, tweek, spent_on, SUM(hours) AS hours"
85 sql << " FROM #{TimeEntry.table_name}"
85 sql << " FROM #{TimeEntry.table_name}"
86 sql << " LEFT JOIN #{Issue.table_name} ON #{TimeEntry.table_name}.issue_id = #{Issue.table_name}.id"
86 sql << " LEFT JOIN #{Issue.table_name} ON #{TimeEntry.table_name}.issue_id = #{Issue.table_name}.id"
87 sql << " LEFT JOIN #{Project.table_name} ON #{TimeEntry.table_name}.project_id = #{Project.table_name}.id"
87 sql << " LEFT JOIN #{Project.table_name} ON #{TimeEntry.table_name}.project_id = #{Project.table_name}.id"
88 sql << " WHERE"
88 sql << " WHERE"
89 sql << " (%s) AND" % @project.project_condition(Setting.display_subprojects_issues?) if @project
89 sql << " (%s) AND" % @project.project_condition(Setting.display_subprojects_issues?) if @project
90 sql << " (%s) AND" % Project.allowed_to_condition(User.current, :view_time_entries)
90 sql << " (%s) AND" % Project.allowed_to_condition(User.current, :view_time_entries)
91 sql << " (spent_on BETWEEN '%s' AND '%s')" % [ActiveRecord::Base.connection.quoted_date(@from.to_time), ActiveRecord::Base.connection.quoted_date(@to.to_time)]
91 sql << " (spent_on BETWEEN '%s' AND '%s')" % [ActiveRecord::Base.connection.quoted_date(@from.to_time), ActiveRecord::Base.connection.quoted_date(@to.to_time)]
92 sql << " GROUP BY #{sql_group_by}, tyear, tmonth, tweek, spent_on"
92 sql << " GROUP BY #{sql_group_by}, tyear, tmonth, tweek, spent_on"
93
93
94 @hours = ActiveRecord::Base.connection.select_all(sql)
94 @hours = ActiveRecord::Base.connection.select_all(sql)
95
95
96 @hours.each do |row|
96 @hours.each do |row|
97 case @columns
97 case @columns
98 when 'year'
98 when 'year'
99 row['year'] = row['tyear']
99 row['year'] = row['tyear']
100 when 'month'
100 when 'month'
101 row['month'] = "#{row['tyear']}-#{row['tmonth']}"
101 row['month'] = "#{row['tyear']}-#{row['tmonth']}"
102 when 'week'
102 when 'week'
103 row['week'] = "#{row['tyear']}-#{row['tweek']}"
103 row['week'] = "#{row['tyear']}-#{row['tweek']}"
104 when 'day'
104 when 'day'
105 row['day'] = "#{row['spent_on']}"
105 row['day'] = "#{row['spent_on']}"
106 end
106 end
107 end
107 end
108
108
109 @total_hours = @hours.inject(0) {|s,k| s = s + k['hours'].to_f}
109 @total_hours = @hours.inject(0) {|s,k| s = s + k['hours'].to_f}
110
110
111 @periods = []
111 @periods = []
112 # Date#at_beginning_of_ not supported in Rails 1.2.x
112 # Date#at_beginning_of_ not supported in Rails 1.2.x
113 date_from = @from.to_time
113 date_from = @from.to_time
114 # 100 columns max
114 # 100 columns max
115 while date_from <= @to.to_time && @periods.length < 100
115 while date_from <= @to.to_time && @periods.length < 100
116 case @columns
116 case @columns
117 when 'year'
117 when 'year'
118 @periods << "#{date_from.year}"
118 @periods << "#{date_from.year}"
119 date_from = (date_from + 1.year).at_beginning_of_year
119 date_from = (date_from + 1.year).at_beginning_of_year
120 when 'month'
120 when 'month'
121 @periods << "#{date_from.year}-#{date_from.month}"
121 @periods << "#{date_from.year}-#{date_from.month}"
122 date_from = (date_from + 1.month).at_beginning_of_month
122 date_from = (date_from + 1.month).at_beginning_of_month
123 when 'week'
123 when 'week'
124 @periods << "#{date_from.year}-#{date_from.to_date.cweek}"
124 @periods << "#{date_from.year}-#{date_from.to_date.cweek}"
125 date_from = (date_from + 7.day).at_beginning_of_week
125 date_from = (date_from + 7.day).at_beginning_of_week
126 when 'day'
126 when 'day'
127 @periods << "#{date_from.to_date}"
127 @periods << "#{date_from.to_date}"
128 date_from = date_from + 1.day
128 date_from = date_from + 1.day
129 end
129 end
130 end
130 end
131 end
131 end
132
132
133 respond_to do |format|
133 respond_to do |format|
134 format.html { render :layout => !request.xhr? }
134 format.html { render :layout => !request.xhr? }
135 format.csv { send_data(report_to_csv(@criterias, @periods, @hours).read, :type => 'text/csv; header=present', :filename => 'timelog.csv') }
135 format.csv { send_data(report_to_csv(@criterias, @periods, @hours).read, :type => 'text/csv; header=present', :filename => 'timelog.csv') }
136 end
136 end
137 end
137 end
138
138
139 def details
139 def details
140 sort_init 'spent_on', 'desc'
140 sort_init 'spent_on', 'desc'
141 sort_update
141 sort_update
142
142
143 cond = ARCondition.new
143 cond = ARCondition.new
144 if @project.nil?
144 if @project.nil?
145 cond << Project.allowed_to_condition(User.current, :view_time_entries)
145 cond << Project.allowed_to_condition(User.current, :view_time_entries)
146 elsif @issue.nil?
146 elsif @issue.nil?
147 cond << @project.project_condition(Setting.display_subprojects_issues?)
147 cond << @project.project_condition(Setting.display_subprojects_issues?)
148 else
148 else
149 cond << ["#{TimeEntry.table_name}.issue_id = ?", @issue.id]
149 cond << ["#{TimeEntry.table_name}.issue_id = ?", @issue.id]
150 end
150 end
151
151
152 retrieve_date_range
152 retrieve_date_range
153 cond << ['spent_on BETWEEN ? AND ?', @from, @to]
153 cond << ['spent_on BETWEEN ? AND ?', @from, @to]
154
154
155 TimeEntry.visible_by(User.current) do
155 TimeEntry.visible_by(User.current) do
156 respond_to do |format|
156 respond_to do |format|
157 format.html {
157 format.html {
158 # Paginate results
158 # Paginate results
159 @entry_count = TimeEntry.count(:include => :project, :conditions => cond.conditions)
159 @entry_count = TimeEntry.count(:include => :project, :conditions => cond.conditions)
160 @entry_pages = Paginator.new self, @entry_count, per_page_option, params['page']
160 @entry_pages = Paginator.new self, @entry_count, per_page_option, params['page']
161 @entries = TimeEntry.find(:all,
161 @entries = TimeEntry.find(:all,
162 :include => [:project, :activity, :user, {:issue => :tracker}],
162 :include => [:project, :activity, :user, {:issue => :tracker}],
163 :conditions => cond.conditions,
163 :conditions => cond.conditions,
164 :order => sort_clause,
164 :order => sort_clause,
165 :limit => @entry_pages.items_per_page,
165 :limit => @entry_pages.items_per_page,
166 :offset => @entry_pages.current.offset)
166 :offset => @entry_pages.current.offset)
167 @total_hours = TimeEntry.sum(:hours, :include => :project, :conditions => cond.conditions).to_f
167 @total_hours = TimeEntry.sum(:hours, :include => :project, :conditions => cond.conditions).to_f
168
168
169 render :layout => !request.xhr?
169 render :layout => !request.xhr?
170 }
170 }
171 format.atom {
171 format.atom {
172 entries = TimeEntry.find(:all,
172 entries = TimeEntry.find(:all,
173 :include => [:project, :activity, :user, {:issue => :tracker}],
173 :include => [:project, :activity, :user, {:issue => :tracker}],
174 :conditions => cond.conditions,
174 :conditions => cond.conditions,
175 :order => "#{TimeEntry.table_name}.created_on DESC",
175 :order => "#{TimeEntry.table_name}.created_on DESC",
176 :limit => Setting.feeds_limit.to_i)
176 :limit => Setting.feeds_limit.to_i)
177 render_feed(entries, :title => l(:label_spent_time))
177 render_feed(entries, :title => l(:label_spent_time))
178 }
178 }
179 format.csv {
179 format.csv {
180 # Export all entries
180 # Export all entries
181 @entries = TimeEntry.find(:all,
181 @entries = TimeEntry.find(:all,
182 :include => [:project, :activity, :user, {:issue => [:tracker, :assigned_to, :priority]}],
182 :include => [:project, :activity, :user, {:issue => [:tracker, :assigned_to, :priority]}],
183 :conditions => cond.conditions,
183 :conditions => cond.conditions,
184 :order => sort_clause)
184 :order => sort_clause)
185 send_data(entries_to_csv(@entries).read, :type => 'text/csv; header=present', :filename => 'timelog.csv')
185 send_data(entries_to_csv(@entries).read, :type => 'text/csv; header=present', :filename => 'timelog.csv')
186 }
186 }
187 end
187 end
188 end
188 end
189 end
189 end
190
190
191 def edit
191 def edit
192 render_403 and return if @time_entry && !@time_entry.editable_by?(User.current)
192 render_403 and return if @time_entry && !@time_entry.editable_by?(User.current)
193 @time_entry ||= TimeEntry.new(:project => @project, :issue => @issue, :user => User.current, :spent_on => Date.today)
193 @time_entry ||= TimeEntry.new(:project => @project, :issue => @issue, :user => User.current, :spent_on => Date.today)
194 @time_entry.attributes = params[:time_entry]
194 @time_entry.attributes = params[:time_entry]
195 if request.post? and @time_entry.save
195 if request.post? and @time_entry.save
196 flash[:notice] = l(:notice_successful_update)
196 flash[:notice] = l(:notice_successful_update)
197 redirect_to(params[:back_url].blank? ? {:action => 'details', :project_id => @time_entry.project} : params[:back_url])
197 redirect_back_or_default :action => 'details', :project_id => @time_entry.project
198 return
198 return
199 end
199 end
200 end
200 end
201
201
202 def destroy
202 def destroy
203 render_404 and return unless @time_entry
203 render_404 and return unless @time_entry
204 render_403 and return unless @time_entry.editable_by?(User.current)
204 render_403 and return unless @time_entry.editable_by?(User.current)
205 @time_entry.destroy
205 @time_entry.destroy
206 flash[:notice] = l(:notice_successful_delete)
206 flash[:notice] = l(:notice_successful_delete)
207 redirect_to :back
207 redirect_to :back
208 rescue ::ActionController::RedirectBackError
208 rescue ::ActionController::RedirectBackError
209 redirect_to :action => 'details', :project_id => @time_entry.project
209 redirect_to :action => 'details', :project_id => @time_entry.project
210 end
210 end
211
211
212 private
212 private
213 def find_project
213 def find_project
214 if params[:id]
214 if params[:id]
215 @time_entry = TimeEntry.find(params[:id])
215 @time_entry = TimeEntry.find(params[:id])
216 @project = @time_entry.project
216 @project = @time_entry.project
217 elsif params[:issue_id]
217 elsif params[:issue_id]
218 @issue = Issue.find(params[:issue_id])
218 @issue = Issue.find(params[:issue_id])
219 @project = @issue.project
219 @project = @issue.project
220 elsif params[:project_id]
220 elsif params[:project_id]
221 @project = Project.find(params[:project_id])
221 @project = Project.find(params[:project_id])
222 else
222 else
223 render_404
223 render_404
224 return false
224 return false
225 end
225 end
226 rescue ActiveRecord::RecordNotFound
226 rescue ActiveRecord::RecordNotFound
227 render_404
227 render_404
228 end
228 end
229
229
230 def find_optional_project
230 def find_optional_project
231 if !params[:issue_id].blank?
231 if !params[:issue_id].blank?
232 @issue = Issue.find(params[:issue_id])
232 @issue = Issue.find(params[:issue_id])
233 @project = @issue.project
233 @project = @issue.project
234 elsif !params[:project_id].blank?
234 elsif !params[:project_id].blank?
235 @project = Project.find(params[:project_id])
235 @project = Project.find(params[:project_id])
236 end
236 end
237 deny_access unless User.current.allowed_to?(:view_time_entries, @project, :global => true)
237 deny_access unless User.current.allowed_to?(:view_time_entries, @project, :global => true)
238 end
238 end
239
239
240 # Retrieves the date range based on predefined ranges or specific from/to param dates
240 # Retrieves the date range based on predefined ranges or specific from/to param dates
241 def retrieve_date_range
241 def retrieve_date_range
242 @free_period = false
242 @free_period = false
243 @from, @to = nil, nil
243 @from, @to = nil, nil
244
244
245 if params[:period_type] == '1' || (params[:period_type].nil? && !params[:period].nil?)
245 if params[:period_type] == '1' || (params[:period_type].nil? && !params[:period].nil?)
246 case params[:period].to_s
246 case params[:period].to_s
247 when 'today'
247 when 'today'
248 @from = @to = Date.today
248 @from = @to = Date.today
249 when 'yesterday'
249 when 'yesterday'
250 @from = @to = Date.today - 1
250 @from = @to = Date.today - 1
251 when 'current_week'
251 when 'current_week'
252 @from = Date.today - (Date.today.cwday - 1)%7
252 @from = Date.today - (Date.today.cwday - 1)%7
253 @to = @from + 6
253 @to = @from + 6
254 when 'last_week'
254 when 'last_week'
255 @from = Date.today - 7 - (Date.today.cwday - 1)%7
255 @from = Date.today - 7 - (Date.today.cwday - 1)%7
256 @to = @from + 6
256 @to = @from + 6
257 when '7_days'
257 when '7_days'
258 @from = Date.today - 7
258 @from = Date.today - 7
259 @to = Date.today
259 @to = Date.today
260 when 'current_month'
260 when 'current_month'
261 @from = Date.civil(Date.today.year, Date.today.month, 1)
261 @from = Date.civil(Date.today.year, Date.today.month, 1)
262 @to = (@from >> 1) - 1
262 @to = (@from >> 1) - 1
263 when 'last_month'
263 when 'last_month'
264 @from = Date.civil(Date.today.year, Date.today.month, 1) << 1
264 @from = Date.civil(Date.today.year, Date.today.month, 1) << 1
265 @to = (@from >> 1) - 1
265 @to = (@from >> 1) - 1
266 when '30_days'
266 when '30_days'
267 @from = Date.today - 30
267 @from = Date.today - 30
268 @to = Date.today
268 @to = Date.today
269 when 'current_year'
269 when 'current_year'
270 @from = Date.civil(Date.today.year, 1, 1)
270 @from = Date.civil(Date.today.year, 1, 1)
271 @to = Date.civil(Date.today.year, 12, 31)
271 @to = Date.civil(Date.today.year, 12, 31)
272 end
272 end
273 elsif params[:period_type] == '2' || (params[:period_type].nil? && (!params[:from].nil? || !params[:to].nil?))
273 elsif params[:period_type] == '2' || (params[:period_type].nil? && (!params[:from].nil? || !params[:to].nil?))
274 begin; @from = params[:from].to_s.to_date unless params[:from].blank?; rescue; end
274 begin; @from = params[:from].to_s.to_date unless params[:from].blank?; rescue; end
275 begin; @to = params[:to].to_s.to_date unless params[:to].blank?; rescue; end
275 begin; @to = params[:to].to_s.to_date unless params[:to].blank?; rescue; end
276 @free_period = true
276 @free_period = true
277 else
277 else
278 # default
278 # default
279 end
279 end
280
280
281 @from, @to = @to, @from if @from && @to && @from > @to
281 @from, @to = @to, @from if @from && @to && @from > @to
282 @from ||= (TimeEntry.minimum(:spent_on, :include => :project, :conditions => Project.allowed_to_condition(User.current, :view_time_entries)) || Date.today) - 1
282 @from ||= (TimeEntry.minimum(:spent_on, :include => :project, :conditions => Project.allowed_to_condition(User.current, :view_time_entries)) || Date.today) - 1
283 @to ||= (TimeEntry.maximum(:spent_on, :include => :project, :conditions => Project.allowed_to_condition(User.current, :view_time_entries)) || Date.today)
283 @to ||= (TimeEntry.maximum(:spent_on, :include => :project, :conditions => Project.allowed_to_condition(User.current, :view_time_entries)) || Date.today)
284 end
284 end
285 end
285 end
Show file before | Show file after | Hide comments
@@ -1,84 +1,84
1 # redMine - project management software
1 # redMine - project management software
2 # Copyright (C) 2006-2007 Jean-Philippe Lang
2 # Copyright (C) 2006-2007 Jean-Philippe Lang
3 #
3 #
4 # This program is free software; you can redistribute it and/or
4 # This program is free software; you can redistribute it and/or
5 # modify it under the terms of the GNU General Public License
5 # modify it under the terms of the GNU General Public License
6 # as published by the Free Software Foundation; either version 2
6 # as published by the Free Software Foundation; either version 2
7 # of the License, or (at your option) any later version.
7 # of the License, or (at your option) any later version.
8 #
8 #
9 # This program is distributed in the hope that it will be useful,
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
12 # GNU General Public License for more details.
13 #
13 #
14 # You should have received a copy of the GNU General Public License
14 # You should have received a copy of the GNU General Public License
15 # along with this program; if not, write to the Free Software
15 # along with this program; if not, write to the Free Software
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17
17
18 require File.dirname(__FILE__) + '/../test_helper'
18 require File.dirname(__FILE__) + '/../test_helper'
19 require 'account_controller'
19 require 'account_controller'
20
20
21 # Re-raise errors caught by the controller.
21 # Re-raise errors caught by the controller.
22 class AccountController; def rescue_action(e) raise e end; end
22 class AccountController; def rescue_action(e) raise e end; end
23
23
24 class AccountControllerTest < Test::Unit::TestCase
24 class AccountControllerTest < Test::Unit::TestCase
25 fixtures :users
25 fixtures :users
26
26
27 def setup
27 def setup
28 @controller = AccountController.new
28 @controller = AccountController.new
29 @request = ActionController::TestRequest.new
29 @request = ActionController::TestRequest.new
30 @response = ActionController::TestResponse.new
30 @response = ActionController::TestResponse.new
31 User.current = nil
31 User.current = nil
32 end
32 end
33
33
34 def test_show
34 def test_show
35 get :show, :id => 2
35 get :show, :id => 2
36 assert_response :success
36 assert_response :success
37 assert_template 'show'
37 assert_template 'show'
38 assert_not_nil assigns(:user)
38 assert_not_nil assigns(:user)
39 end
39 end
40
40
41 def test_show_inactive
41 def test_show_inactive
42 get :show, :id => 5
42 get :show, :id => 5
43 assert_response 404
43 assert_response 404
44 assert_nil assigns(:user)
44 assert_nil assigns(:user)
45 end
45 end
46
46
47 def test_login_should_redirect_to_back_url_param
47 def test_login_should_redirect_to_back_url_param
48 # request.uri is "test.host" in test environment
48 # request.uri is "test.host" in test environment
49 post :login, :username => 'jsmith', :password => 'jsmith', :back_url => 'http://test.host/issues/show/1'
49 post :login, :username => 'jsmith', :password => 'jsmith', :back_url => 'http%3A%2F%2Ftest.host%2Fissues%2Fshow%2F1'
50 assert_redirected_to '/issues/show/1'
50 assert_redirected_to '/issues/show/1'
51 end
51 end
52
52
53 def test_login_should_not_redirect_to_another_host
53 def test_login_should_not_redirect_to_another_host
54 post :login, :username => 'jsmith', :password => 'jsmith', :back_url => 'http://test.foo/fake'
54 post :login, :username => 'jsmith', :password => 'jsmith', :back_url => 'http%3A%2F%2Ftest.foo%2Ffake'
55 assert_redirected_to '/my/page'
55 assert_redirected_to '/my/page'
56 end
56 end
57
57
58 def test_login_with_wrong_password
58 def test_login_with_wrong_password
59 post :login, :username => 'admin', :password => 'bad'
59 post :login, :username => 'admin', :password => 'bad'
60 assert_response :success
60 assert_response :success
61 assert_template 'login'
61 assert_template 'login'
62 assert_tag 'div',
62 assert_tag 'div',
63 :attributes => { :class => "flash error" },
63 :attributes => { :class => "flash error" },
64 :content => /Invalid user or password/
64 :content => /Invalid user or password/
65 end
65 end
66
66
67 def test_autologin
67 def test_autologin
68 Setting.autologin = "7"
68 Setting.autologin = "7"
69 Token.delete_all
69 Token.delete_all
70 post :login, :username => 'admin', :password => 'admin', :autologin => 1
70 post :login, :username => 'admin', :password => 'admin', :autologin => 1
71 assert_redirected_to 'my/page'
71 assert_redirected_to 'my/page'
72 token = Token.find :first
72 token = Token.find :first
73 assert_not_nil token
73 assert_not_nil token
74 assert_equal User.find_by_login('admin'), token.user
74 assert_equal User.find_by_login('admin'), token.user
75 assert_equal 'autologin', token.action
75 assert_equal 'autologin', token.action
76 end
76 end
77
77
78 def test_logout
78 def test_logout
79 @request.session[:user_id] = 2
79 @request.session[:user_id] = 2
80 get :logout
80 get :logout
81 assert_redirected_to ''
81 assert_redirected_to ''
82 assert_nil @request.session[:user_id]
82 assert_nil @request.session[:user_id]
83 end
83 end
84 end
84 end
General Comments 0
You need to be logged in to leave comments. Login now