jro_apps/redmine Commit - r906:987a5aa22114

Anonymous users can now be allowed to create, edit, comment issues, comment news and post messages in the forums....

Jean-Philippe Lang -

r906:987a5aa22114

parent child

Context file:

r906:987a5aa22114

Collapse all files

db/migrate/080_add_users_type.rb created 644 +10 0

@@ -0,0 +1,10
	1	class AddUsersType < ActiveRecord::Migration
	2	def self.up
	3	add_column :users, :type, :string
	4	User.update_all "type = 'User'"
	5	end
	6
	7	def self.down
	8	remove_column :users, :type
	9	end
	10	end

app/controllers/application.rb 0 -4

             # redMine - project management software
             # Copyright (C) 2006-2007  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             class ApplicationController < ActionController::Base
               before_filter :user_setup, :check_if_login_required, :set_localization
               filter_parameter_logging :password
               REDMINE_SUPPORTED_SCM.each do |scm|
                 require_dependency "repository/#{scm.underscore}"
               end
-              def logged_in_user
-                User.current.logged? ? User.current : nil
-              end
               def current_role
                 @current_role ||= User.current.role_for_project(@project)
               end
               def user_setup
                 Setting.check_cache
                 if session[:user_id]
                   # existing session
                   User.current = User.find(session[:user_id])
                 elsif cookies[:autologin] && Setting.autologin?
                   # auto-login feature
                   User.current = User.find_by_autologin_key(cookies[:autologin])
                 elsif params[:key] && accept_key_auth_actions.include?(params[:action])
                   # RSS key authentication
                   User.current = User.find_by_rss_key(params[:key])
                 else
                   User.current = User.anonymous
                 end
               end
               # check if login is globally required to access the application
               def check_if_login_required
                 # no check needed if user is already logged in
                 return true if User.current.logged?
                 require_login if Setting.login_required?
               end
               def set_localization
                 lang = begin
                   if !User.current.language.blank? and GLoc.valid_languages.include? User.current.language.to_sym
                     User.current.language
                   elsif request.env['HTTP_ACCEPT_LANGUAGE']
                     accept_lang = parse_qvalues(request.env['HTTP_ACCEPT_LANGUAGE']).first.split('-').first
                     if accept_lang and !accept_lang.empty? and GLoc.valid_languages.include? accept_lang.to_sym
                       accept_lang
                     end
                   end
                 rescue
                   nil
                 end || Setting.default_language
                 set_language_if_valid(lang)
               end
               def require_login
                 if !User.current.logged?
                   store_location
                   redirect_to :controller => "account", :action => "login"
                   return false
                 end
                 true
               end
               def require_admin
                 return unless require_login
                 if !User.current.admin?
                   render_403
                   return false
                 end
                 true
               end
               # Authorize the user for the requested action
               def authorize(ctrl = params[:controller], action = params[:action])
                 allowed = User.current.allowed_to?({:controller => ctrl, :action => action}, @project)
                 allowed ? true : (User.current.logged? ? render_403 : require_login)
               end
               # make sure that the user is a member of the project (or admin) if project is private
               # used as a before_filter for actions that do not require any particular permission on the project
               def check_project_privacy
                 unless @project.active?
                   @project = nil
                   render_404
                   return false
                 end
                 return true if @project.is_public? || User.current.member_of?(@project) || User.current.admin?
                 User.current.logged? ? render_403 : require_login
               end
               # store current uri in session.
               # return to this location by calling redirect_back_or_default
               def store_location
                 session[:return_to_params] = params
               end
               # move to the last store_location call or to the passed default one
               def redirect_back_or_default(default)
                 if session[:return_to_params].nil?
                   redirect_to default
                 else
                   redirect_to session[:return_to_params]
                   session[:return_to_params] = nil
                 end
               end
               def render_403
                 @project = nil
                 render :template => "common/403", :layout => !request.xhr?, :status => 403
                 return false
               end
               def render_404
                 render :template => "common/404", :layout => !request.xhr?, :status => 404
                 return false
               end
               def render_feed(items, options={})
                 @items = items || []
                 @items.sort! {|x,y| y.event_datetime <=> x.event_datetime }
                 @title = options[:title] || Setting.app_title
                 render :template => "common/feed.atom.rxml", :layout => false, :content_type => 'application/atom+xml'
               end
               def self.accept_key_auth(*actions)
                 actions = actions.flatten.map(&:to_s)
                 write_inheritable_attribute('accept_key_auth_actions', actions)
               end
               def accept_key_auth_actions
                 self.class.read_inheritable_attribute('accept_key_auth_actions') || []
               end
               # qvalues http header parser
               # code taken from webrick
               def parse_qvalues(value)
                 tmp = []
                 if value
                   parts = value.split(/,\s*/)
                   parts.each {|part|
                     if m = %r{^([^\s,]+?)(?:;\s*q=(\d+(?:\.\d+)?))?$}.match(part)
                       val = m[1]
                       q = (m[2] or 1).to_f
                       tmp.push([val, q])
                     end
                   }
                   tmp = tmp.sort_by{|val, q| -q}
                   tmp.collect!{|val, q| val}
                 end
                 return tmp
               end
             end

app/controllers/documents_controller.rb +1 -1

             # redMine - project management software
             # Copyright (C) 2006-2007  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             class DocumentsController < ApplicationController
               layout 'base'
               before_filter :find_project, :authorize
               def show
                 @attachments = @document.attachments.find(:all, :order => "created_on DESC")
               end
               def edit
                 @categories = Enumeration::get_values('DCAT')
                 if request.post? and @document.update_attributes(params[:document])
                   flash[:notice] = l(:notice_successful_update)
                   redirect_to :action => 'show', :id => @document
                 end
               end
               def destroy
                 @document.destroy
                 redirect_to :controller => 'projects', :action => 'list_documents', :id => @project
               end
               def download
                 @attachment = @document.attachments.find(params[:attachment_id])
                 @attachment.increment_download
                 send_file @attachment.diskfile, :filename => @attachment.filename, :type => @attachment.content_type
               rescue
                 render_404
               end
               def add_attachment
                 # Save the attachments
                 @attachments = []
                 params[:attachments].each { |file|
                   next unless file.size > 0
-                  a = Attachment.create(:container => @document, :file => file, :author => logged_in_user)
+                  a = Attachment.create(:container => @document, :file => file, :author => User.current)
                   @attachments << a unless a.new_record?
                 } if params[:attachments] and params[:attachments].is_a? Array
                 Mailer.deliver_attachments_added(@attachments) if !@attachments.empty? && Setting.notified_events.include?('document_added')
                 redirect_to :action => 'show', :id => @document
               end
               def destroy_attachment
                 @document.attachments.find(params[:attachment_id]).destroy
                 redirect_to :action => 'show', :id => @document
               end
             private
               def find_project
                 @document = Document.find(params[:id])
                 @project = @document.project
               rescue ActiveRecord::RecordNotFound
                 render_404
               end
             end

app/controllers/issues_controller.rb +9 -10

             # redMine - project management software
             # Copyright (C) 2006-2007  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             class IssuesController < ApplicationController
               layout 'base'
               before_filter :find_project, :authorize, :except => [:index, :changes, :preview]
               before_filter :find_optional_project, :only => [:index, :changes]
               accept_key_auth :index, :changes
               cache_sweeper :issue_sweeper, :only => [ :edit, :change_status, :destroy ]
               helper :projects
               include ProjectsHelper
               helper :custom_fields
               include CustomFieldsHelper
               helper :ifpdf
               include IfpdfHelper
               helper :issue_relations
               include IssueRelationsHelper
               helper :watchers
               include WatchersHelper
               helper :attachments
               include AttachmentsHelper
               helper :queries
               helper :sort
               include SortHelper
               include IssuesHelper
               def index
                 sort_init "#{Issue.table_name}.id", "desc"
                 sort_update
                 retrieve_query
                 if @query.valid?
                   limit = %w(pdf csv).include?(params[:format]) ? Setting.issues_export_limit.to_i : 25
                   @issue_count = Issue.count(:include => [:status, :project], :conditions => @query.statement)
                   @issue_pages = Paginator.new self, @issue_count, limit, params['page']
                   @issues = Issue.find :all, :order => sort_clause,
                                        :include => [ :assigned_to, :status, :tracker, :project, :priority, :category, :fixed_version ],
                                        :conditions => @query.statement,
                                        :limit  =>  limit,
                                        :offset =>  @issue_pages.current.offset
                   respond_to do |format|
                     format.html { render :template => 'issues/index.rhtml', :layout => !request.xhr? }
                     format.atom { render_feed(@issues, :title => l(:label_issue_plural)) }
                     format.csv  { send_data(issues_to_csv(@issues, @project).read, :type => 'text/csv; header=present', :filename => 'export.csv') }
                     format.pdf  { send_data(render(:template => 'issues/index.rfpdf', :layout => false), :type => 'application/pdf', :filename => 'export.pdf') }
                   end
                 else
                   # Send html if the query is not valid
                   render(:template => 'issues/index.rhtml', :layout => !request.xhr?)
                 end
               end
               def changes
                 sort_init "#{Issue.table_name}.id", "desc"
                 sort_update
                 retrieve_query
                 if @query.valid?
                   @changes = Journal.find :all, :include => [ :details, :user, {:issue => [:project, :author, :tracker, :status]} ],
                                                  :conditions => @query.statement,
                                                  :limit => 25,
                                                  :order => "#{Journal.table_name}.created_on DESC"
                 end
                 @title = (@project ? @project.name : Setting.app_title) + ": " + (@query.new_record? ? l(:label_changes_details) : @query.name)
                 render :layout => false, :content_type => 'application/atom+xml'
               end
               def show
                 @custom_values = @issue.custom_values.find(:all, :include => :custom_field, :order => "#{CustomField.table_name}.position")
                 @journals = @issue.journals.find(:all, :include => [:user, :details], :order => "#{Journal.table_name}.created_on ASC")
-                @status_options = @issue.status.find_new_statuses_allowed_to(logged_in_user.role_for_project(@project), @issue.tracker) if logged_in_user
+                @status_options = @issue.status.find_new_statuses_allowed_to(User.current.role_for_project(@project), @issue.tracker)
                 respond_to do |format|
                   format.html { render :template => 'issues/show.rhtml' }
                   format.pdf  { send_data(render(:template => 'issues/show.rfpdf', :layout => false), :type => 'application/pdf', :filename => "#{@project.identifier}-#{@issue.id}.pdf") }
                 end
               end
               def edit
                 @priorities = Enumeration::get_values('IPRI')
                 if request.get?
                   @custom_values = @project.custom_fields_for_issues(@issue.tracker).collect { |x| @issue.custom_values.find_by_custom_field_id(x.id) || CustomValue.new(:custom_field => x, :customized => @issue) }
                 else
                   begin
-                    @issue.init_journal(self.logged_in_user)
+                    @issue.init_journal(User.current)
                     # Retrieve custom fields and values
                     if params["custom_fields"]
                       @custom_values = @project.custom_fields_for_issues(@issue.tracker).collect { |x| CustomValue.new(:custom_field => x, :customized => @issue, :value => params["custom_fields"][x.id.to_s]) }
                       @issue.custom_values = @custom_values
                     end
                     @issue.attributes = params[:issue]
                     if @issue.save
                       flash[:notice] = l(:notice_successful_update)
                       redirect_to(params[:back_to] || {:action => 'show', :id => @issue})
                     end
                   rescue ActiveRecord::StaleObjectError
                     # Optimistic locking exception
                     flash[:error] = l(:notice_locking_conflict)
                   end
                 end
               end
               def add_note
                 journal = @issue.init_journal(User.current, params[:notes])
                 params[:attachments].each { |file|
                   next unless file.size > 0
-                  a = Attachment.create(:container => @issue, :file => file, :author => logged_in_user)
+                  a = Attachment.create(:container => @issue, :file => file, :author => User.current)
                   journal.details << JournalDetail.new(:property => 'attachment',
                                                        :prop_key => a.id,
                                                        :value => a.filename) unless a.new_record?
                 } if params[:attachments] and params[:attachments].is_a? Array
                 if journal.save
                   flash[:notice] = l(:notice_successful_update)
                   Mailer.deliver_issue_edit(journal) if Setting.notified_events.include?('issue_updated')
                   redirect_to :action => 'show', :id => @issue
                   return
                 end
                 show
               end
               def change_status
-                @status_options = @issue.status.find_new_statuses_allowed_to(logged_in_user.role_for_project(@project), @issue.tracker) if logged_in_user
+                @status_options = @issue.status.find_new_statuses_allowed_to(User.current.role_for_project(@project), @issue.tracker)
                 @new_status = IssueStatus.find(params[:new_status_id])
                 if params[:confirm]
                   begin
-                    journal = @issue.init_journal(self.logged_in_user, params[:notes])
+                    journal = @issue.init_journal(User.current, params[:notes])
                     @issue.status = @new_status
                     if @issue.update_attributes(params[:issue])
                       # Save attachments
                       params[:attachments].each { |file|
                         next unless file.size > 0
-                        a = Attachment.create(:container => @issue, :file => file, :author => logged_in_user)
+                        a = Attachment.create(:container => @issue, :file => file, :author => User.current)
                         journal.details << JournalDetail.new(:property => 'attachment',
                                                              :prop_key => a.id,
                                                              :value => a.filename) unless a.new_record?
                       } if params[:attachments] and params[:attachments].is_a? Array
                       # Log time
                       if current_role.allowed_to?(:log_time)
-                        @time_entry ||= TimeEntry.new(:project => @project, :issue => @issue, :user => logged_in_user, :spent_on => Date.today)
+                        @time_entry ||= TimeEntry.new(:project => @project, :issue => @issue, :user => User.current, :spent_on => Date.today)
                         @time_entry.attributes = params[:time_entry]
                         @time_entry.save
                       end
                       flash[:notice] = l(:notice_successful_update)
                       Mailer.deliver_issue_edit(journal) if Setting.notified_events.include?('issue_updated')
                       redirect_to :action => 'show', :id => @issue
                     end
                   rescue ActiveRecord::StaleObjectError
                     # Optimistic locking exception
                     flash[:error] = l(:notice_locking_conflict)
                   end
                 end
                 @assignable_to = @project.members.find(:all, :include => :user).collect{ |m| m.user }
                 @activities = Enumeration::get_values('ACTI')
               end
               def destroy
                 @issue.destroy
                 redirect_to :action => 'index', :project_id => @project
               end
               def destroy_attachment
                 a = @issue.attachments.find(params[:attachment_id])
                 a.destroy
-                journal = @issue.init_journal(self.logged_in_user)
+                journal = @issue.init_journal(User.current)
                 journal.details << JournalDetail.new(:property => 'attachment',
                                                      :prop_key => a.id,
                                                      :old_value => a.filename)
                 journal.save
                 redirect_to :action => 'show', :id => @issue
               end
               def context_menu
                 @priorities = Enumeration.get_values('IPRI').reverse
                 @statuses = IssueStatus.find(:all, :order => 'position')
                 @allowed_statuses = @issue.status.find_new_statuses_allowed_to(User.current.role_for_project(@project), @issue.tracker)
                 @assignables = @issue.assignable_users
                 @assignables << @issue.assigned_to if @issue.assigned_to && !@assignables.include?(@issue.assigned_to)
                 @can = {:edit => User.current.allowed_to?(:edit_issues, @project),
                         :change_status => User.current.allowed_to?(:change_issue_status, @project),
                         :add => User.current.allowed_to?(:add_issues, @project),
                         :move => User.current.allowed_to?(:move_issues, @project),
                         :delete => User.current.allowed_to?(:delete_issues, @project)}
                 render :layout => false
               end
               def preview
                 issue = Issue.find_by_id(params[:id])
                 @attachements = issue.attachments if issue
                 @text = params[:issue][:description]
                 render :partial => 'common/preview'
               end
             private
               def find_project
                 @issue = Issue.find(params[:id], :include => [:project, :tracker, :status, :author, :priority, :category])
                 @project = @issue.project
               rescue ActiveRecord::RecordNotFound
                 render_404
               end
               def find_optional_project
                 return true unless params[:project_id]
                 @project = Project.find(params[:project_id])
                 authorize
               rescue ActiveRecord::RecordNotFound
                 render_404
               end
               # Retrieve query from session or build a new query
               def retrieve_query
                 if params[:query_id]
                   @query = Query.find(params[:query_id], :conditions => {:project_id => (@project ? @project.id : nil)})
-                  @query.executed_by = logged_in_user
                   session[:query] = @query
                 else
                   if params[:set_filter] or !session[:query] or session[:query].project != @project
                     # Give it a name, required to be valid
-                    @query = Query.new(:name => "_", :executed_by => logged_in_user)
+                    @query = Query.new(:name => "_")
                     @query.project = @project
                     if params[:fields] and params[:fields].is_a? Array
                       params[:fields].each do |field|
                         @query.add_filter(field, params[:operators][field], params[:values][field])
                       end
                     else
                       @query.available_filters.keys.each do |field|
                         @query.add_short_filter(field, params[field]) if params[field]
                       end
                     end
                     session[:query] = @query
                   else
                     @query = session[:query]
                   end
                 end
               end
             end

app/controllers/messages_controller.rb +3 -3

             # redMine - project management software
             # Copyright (C) 2006-2007  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             class MessagesController < ApplicationController
               layout 'base'
               before_filter :find_project, :authorize
               verify :method => :post, :only => [ :reply, :destroy ], :redirect_to => { :action => :show }
               helper :attachments
               include AttachmentsHelper
               def show
                 @reply = Message.new(:subject => "RE: #{@message.subject}")
                 render :action => "show", :layout => false if request.xhr?
               end
               def new
                 @message = Message.new(params[:message])
-                @message.author = logged_in_user
+                @message.author = User.current
                 @message.board = @board
                 if request.post? && @message.save
                   params[:attachments].each { |file|
                     next unless file.size > 0
-                    Attachment.create(:container => @message, :file => file, :author => logged_in_user)
+                    Attachment.create(:container => @message, :file => file, :author => User.current)
                   } if params[:attachments] and params[:attachments].is_a? Array
                   redirect_to :action => 'show', :id => @message
                 end
               end
               def reply
                 @reply = Message.new(params[:reply])
-                @reply.author = logged_in_user
+                @reply.author = User.current
                 @reply.board = @board
                 @message.children << @reply
                 redirect_to :action => 'show', :id => @message
               end
             private
               def find_project
                 @board = Board.find(params[:board_id], :include => :project)
                 @project = @board.project
                 @message = @board.topics.find(params[:id]) if params[:id]
               rescue ActiveRecord::RecordNotFound
                 render_404
               end
             end

app/controllers/my_controller.rb +5 -5

             # redMine - project management software
             # Copyright (C) 2006  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             class MyController < ApplicationController
               helper :issues
               layout 'base'
               before_filter :require_login
               BLOCKS = { 'issuesassignedtome' => :label_assigned_to_me_issues,
                          'issuesreportedbyme' => :label_reported_issues,
                          'issueswatched' => :label_watched_issues,
                          'news' => :label_news_latest,
                          'calendar' => :label_calendar,
                          'documents' => :label_document_plural
                        }.freeze
               DEFAULT_LAYOUT = {  'left' => ['issuesassignedtome'],
                                   'right' => ['issuesreportedbyme']
                                }.freeze
               verify :xhr => true,
                      :session => :page_layout,
                      :only => [:add_block, :remove_block, :order_blocks]
               def index
                 page
                 render :action => 'page'
               end
               # Show user's page
               def page
-                @user = self.logged_in_user
+                @user = User.current
                 @blocks = @user.pref[:my_page_layout] || DEFAULT_LAYOUT
               end
               # Edit user's account
               def account
                 @user = User.current
                 @pref = @user.pref
                 if request.post?
                   @user.attributes = params[:user]
                   @user.mail_notification = (params[:notification_option] == 'all')
                   @user.pref.attributes = params[:pref]
                   @user.pref[:no_self_notified] = (params[:no_self_notified] == '1')
                   if @user.save
                     @user.pref.save
                     @user.notified_project_ids = (params[:notification_option] == 'selected' ? params[:notified_project_ids] : [])
                     set_language_if_valid @user.language
                     flash[:notice] = l(:notice_account_updated)
                     redirect_to :action => 'account'
                     return
                   end
                 end
                 @notification_options = [[l(:label_user_mail_option_all), 'all'],
                                          [l(:label_user_mail_option_none), 'none']]
                 # Only users that belong to more than 1 project can select projects for which they are notified
                 # Note that @user.membership.size would fail since AR ignores :include association option when doing a count
                 @notification_options.insert 1, [l(:label_user_mail_option_selected), 'selected'] if @user.memberships.length > 1
                 @notification_option = @user.mail_notification? ? 'all' : (@user.notified_projects_ids.empty? ? 'none' : 'selected')
               end
               # Manage user's password
               def password
-                @user = self.logged_in_user
+                @user = User.current
                 flash[:error] = l(:notice_can_t_change_password) and redirect_to :action => 'account' and return if @user.auth_source_id
                 if request.post?
                   if @user.check_password?(params[:password])
                     @user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation]
                     if @user.save
                       flash[:notice] = l(:notice_account_password_updated)
                       redirect_to :action => 'account'
                     end
                   else
                     flash[:error] = l(:notice_account_wrong_password)
                   end
                 end
               end
               # Create a new feeds key
               def reset_rss_key
                 if request.post? && User.current.rss_token
                   User.current.rss_token.destroy
                   flash[:notice] = l(:notice_feeds_access_key_reseted)
                 end
                 redirect_to :action => 'account'
               end
               # User's page layout configuration
               def page_layout
-                @user = self.logged_in_user
+                @user = User.current
                 @blocks = @user.pref[:my_page_layout] || DEFAULT_LAYOUT.dup
                 session[:page_layout] = @blocks
                 %w(top left right).each {|f| session[:page_layout][f] ||= [] }
                 @block_options = []
                 BLOCKS.each {|k, v| @block_options << [l(v), k]}
               end
               # Add a block to user's page
               # The block is added on top of the page
               # params[:block] : id of the block to add
               def add_block
                 block = params[:block]
                 render(:nothing => true) and return unless block && (BLOCKS.keys.include? block)
-                @user = self.logged_in_user
+                @user = User.current
                 # remove if already present in a group
                 %w(top left right).each {|f| (session[:page_layout][f] ||= []).delete block }
                 # add it on top
                 session[:page_layout]['top'].unshift block
                 render :partial => "block", :locals => {:user => @user, :block_name => block}
               end
               # Remove a block to user's page
               # params[:block] : id of the block to remove
               def remove_block
                 block = params[:block]
                 # remove block in all groups
                 %w(top left right).each {|f| (session[:page_layout][f] ||= []).delete block }
                 render :nothing => true
               end
               # Change blocks order on user's page
               # params[:group] : group to order (top, left or right)
               # params[:list-(top|left|right)] : array of block ids of the group
               def order_blocks
                 group = params[:group]
                 group_items = params["list-#{group}"]
                 if group_items and group_items.is_a? Array
                   # remove group blocks if they are presents in other groups
                   %w(top left right).each {|f|
                     session[:page_layout][f] = (session[:page_layout][f] || []) - group_items
                   }
                   session[:page_layout][group] = group_items
                 end
                 render :nothing => true
               end
               # Save user's page layout
               def page_layout_save
-                @user = self.logged_in_user
+                @user = User.current
                 @user.pref[:my_page_layout] = session[:page_layout] if session[:page_layout]
                 @user.pref.save
                 session[:page_layout] = nil
                 redirect_to :action => 'page'
               end
             end

app/controllers/news_controller.rb +1 -1

             # redMine - project management software
             # Copyright (C) 2006  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             class NewsController < ApplicationController
               layout 'base'
               before_filter :find_project, :authorize, :except => :index
               before_filter :find_optional_project, :only => :index
               accept_key_auth :index
               def index
                 @news_pages, @newss = paginate :news,
                                                :per_page => 10,
                                                :conditions => (@project ? {:project_id => @project.id} : Project.visible_by(User.current)),
                                                :include => [:author, :project],
                                                :order => "#{News.table_name}.created_on DESC"
                 respond_to do |format|
                   format.html { render :layout => false if request.xhr? }
                   format.atom { render_feed(@newss, :title => (@project ? @project.name : Setting.app_title) + ": #{l(:label_news_plural)}") }
                 end
               end
               def show
               end
               def edit
                 if request.post? and @news.update_attributes(params[:news])
                   flash[:notice] = l(:notice_successful_update)
                   redirect_to :action => 'show', :id => @news
                 end
               end
               def add_comment
                 @comment = Comment.new(params[:comment])
-                @comment.author = logged_in_user
+                @comment.author = User.current
                 if @news.comments << @comment
                   flash[:notice] = l(:label_comment_added)
                   redirect_to :action => 'show', :id => @news
                 else
                   render :action => 'show'
                 end
               end
               def destroy_comment
                 @news.comments.find(params[:comment_id]).destroy
                 redirect_to :action => 'show', :id => @news
               end
               def destroy
                 @news.destroy
                 redirect_to :action => 'index', :project_id => @project
               end
             private
               def find_project
                 @news = News.find(params[:id])
                 @project = @news.project
               rescue ActiveRecord::RecordNotFound
                 render_404
               end
               def find_optional_project
                 return true unless params[:project_id]
                 @project = Project.find(params[:project_id])
                 authorize
               rescue ActiveRecord::RecordNotFound
                 render_404
               end
             end

app/controllers/projects_controller.rb +5 -6

             # redMine - project management software
             # Copyright (C) 2006-2007  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             class ProjectsController < ApplicationController
               layout 'base'
               before_filter :find_project, :except => [ :index, :list, :add ]
               before_filter :authorize, :except => [ :index, :list, :add, :archive, :unarchive, :destroy ]
               before_filter :require_admin, :only => [ :add, :archive, :unarchive, :destroy ]
               accept_key_auth :activity, :calendar
               cache_sweeper :project_sweeper, :only => [ :add, :edit, :archive, :unarchive, :destroy ]
               cache_sweeper :issue_sweeper, :only => [ :add_issue ]
               cache_sweeper :version_sweeper, :only => [ :add_version ]
               helper :sort
               include SortHelper
               helper :custom_fields
               include CustomFieldsHelper
               helper :ifpdf
               include IfpdfHelper
               helper :issues
               helper IssuesHelper
               helper :queries
               include QueriesHelper
               helper :repositories
               include RepositoriesHelper
               include ProjectsHelper
               def index
                 list
                 render :action => 'list' unless request.xhr?
               end
               # Lists visible projects
               def list
                 projects = Project.find :all,
-                                        :conditions => Project.visible_by(logged_in_user),
+                                        :conditions => Project.visible_by(User.current),
                                         :include => :parent
                 @project_tree = projects.group_by {|p| p.parent || p}
                 @project_tree.each_key {|p| @project_tree[p] -= [p]}
               end
               # Add a new project
               def add
                 @custom_fields = IssueCustomField.find(:all, :order => "#{CustomField.table_name}.position")
                 @root_projects = Project.find(:all, :conditions => "parent_id IS NULL AND status = #{Project::STATUS_ACTIVE}")
                 @project = Project.new(params[:project])
                 @project.enabled_module_names = Redmine::AccessControl.available_project_modules
                 if request.get?
                   @custom_values = ProjectCustomField.find(:all, :order => "#{CustomField.table_name}.position").collect { |x| CustomValue.new(:custom_field => x, :customized => @project) }
                 else
                   @project.custom_fields = CustomField.find(params[:custom_field_ids]) if params[:custom_field_ids]
                   @custom_values = ProjectCustomField.find(:all, :order => "#{CustomField.table_name}.position").collect { |x| CustomValue.new(:custom_field => x, :customized => @project, :value => (params[:custom_fields] ? params["custom_fields"][x.id.to_s] : nil)) }
                   @project.custom_values = @custom_values
                   if @project.save
                     @project.enabled_module_names = params[:enabled_modules]
                     flash[:notice] = l(:notice_successful_create)
                     redirect_to :controller => 'admin', :action => 'projects'
             	  end
                 end
               end
               # Show @project
               def show
                 @custom_values = @project.custom_values.find(:all, :include => :custom_field, :order => "#{CustomField.table_name}.position")
                 @members_by_role = @project.members.find(:all, :include => [:user, :role], :order => 'position').group_by {|m| m.role}
                 @subprojects = @project.active_children
                 @news = @project.news.find(:all, :limit => 5, :include => [ :author, :project ], :order => "#{News.table_name}.created_on DESC")
                 @trackers = Tracker.find(:all, :order => 'position')
                 @open_issues_by_tracker = Issue.count(:group => :tracker, :joins => "INNER JOIN #{IssueStatus.table_name} ON #{IssueStatus.table_name}.id = #{Issue.table_name}.status_id", :conditions => ["project_id=? and #{IssueStatus.table_name}.is_closed=?", @project.id, false])
                 @total_issues_by_tracker = Issue.count(:group => :tracker, :conditions => ["project_id=?", @project.id])
                 @total_hours = @project.time_entries.sum(:hours)
                 @key = User.current.rss_key
               end
               def settings
                 @root_projects = Project::find(:all, :conditions => ["parent_id IS NULL AND status = #{Project::STATUS_ACTIVE} AND id <> ?", @project.id])
                 @custom_fields = IssueCustomField.find(:all)
                 @issue_category ||= IssueCategory.new
                 @member ||= @project.members.new
                 @custom_values ||= ProjectCustomField.find(:all, :order => "#{CustomField.table_name}.position").collect { |x| @project.custom_values.find_by_custom_field_id(x.id) || CustomValue.new(:custom_field => x) }
                 @repository ||= @project.repository
                 @wiki ||= @project.wiki
               end
               # Edit @project
               def edit
                 if request.post?
                   @project.custom_fields = IssueCustomField.find(params[:custom_field_ids]) if params[:custom_field_ids]
                   if params[:custom_fields]
                     @custom_values = ProjectCustomField.find(:all, :order => "#{CustomField.table_name}.position").collect { |x| CustomValue.new(:custom_field => x, :customized => @project, :value => params["custom_fields"][x.id.to_s]) }
                     @project.custom_values = @custom_values
                   end
                   @project.attributes = params[:project]
                   if @project.save
                     flash[:notice] = l(:notice_successful_update)
                     redirect_to :action => 'settings', :id => @project
                   else
                     settings
                     render :action => 'settings'
                   end
                 end
               end
               def modules
                 @project.enabled_module_names = params[:enabled_modules]
                 redirect_to :action => 'settings', :id => @project, :tab => 'modules'
               end
               def archive
                 @project.archive if request.post? && @project.active?
                 redirect_to :controller => 'admin', :action => 'projects'
               end
               def unarchive
                 @project.unarchive if request.post? && !@project.active?
                 redirect_to :controller => 'admin', :action => 'projects'
               end
               # Delete @project
               def destroy
                 @project_to_destroy = @project
                 if request.post? and params[:confirm]
                   @project_to_destroy.destroy
                   redirect_to :controller => 'admin', :action => 'projects'
                 end
                 # hide project in layout
                 @project = nil
               end
               # Add a new issue category to @project
               def add_issue_category
                 @category = @project.issue_categories.build(params[:category])
                 if request.post? and @category.save
               	  respond_to do |format|
                     format.html do
                       flash[:notice] = l(:notice_successful_create)
                       redirect_to :action => 'settings', :tab => 'categories', :id => @project
                     end
                     format.js do
                       # IE doesn't support the replace_html rjs method for select box options
                       render(:update) {|page| page.replace "issue_category_id",
                         content_tag('select', '<option></option>' + options_from_collection_for_select(@project.issue_categories, 'id', 'name', @category.id), :id => 'issue_category_id', :name => 'issue[category_id]')
                       }
                     end
                   end
                 end
               end
               # Add a new version to @project
               def add_version
               	@version = @project.versions.build(params[:version])
               	if request.post? and @version.save
               	  flash[:notice] = l(:notice_successful_create)
                   redirect_to :action => 'settings', :tab => 'versions', :id => @project
               	end
               end
               # Add a new document to @project
               def add_document
                 @document = @project.documents.build(params[:document])
                 if request.post? and @document.save
                   # Save the attachments
                   params[:attachments].each { |a|
-                    Attachment.create(:container => @document, :file => a, :author => logged_in_user) unless a.size == 0
+                    Attachment.create(:container => @document, :file => a, :author => User.current) unless a.size == 0
                   } if params[:attachments] and params[:attachments].is_a? Array
                   flash[:notice] = l(:notice_successful_create)
                   Mailer.deliver_document_added(@document) if Setting.notified_events.include?('document_added')
                   redirect_to :action => 'list_documents', :id => @project
                 end
               end
               # Show documents list of @project
               def list_documents
                 @sort_by = %w(category date title author).include?(params[:sort_by]) ? params[:sort_by] : 'category'
                 documents = @project.documents.find :all, :include => [:attachments, :category]
                 case @sort_by
                 when 'date'
                   @grouped = documents.group_by {|d| d.created_on.to_date }
                 when 'title'
                   @grouped = documents.group_by {|d| d.title.first.upcase}
                 when 'author'
                   @grouped = documents.select{|d| d.attachments.any?}.group_by {|d| d.attachments.last.author}
                 else
                   @grouped = documents.group_by(&:category)
                 end
                 render :layout => false if request.xhr?
               end
               # Add a new issue to @project
               # The new issue will be created from an existing one if copy_from parameter is given
               def add_issue
                 @issue = params[:copy_from] ? Issue.new.copy_from(params[:copy_from]) : Issue.new(params[:issue])
                 @issue.project = @project
                 @issue.author = User.current
                 @issue.tracker ||= Tracker.find(params[:tracker_id])
                 default_status = IssueStatus.default
                 unless default_status
                   flash.now[:error] = 'No default issue status is defined. Please check your configuration (Go to "Administration -> Issue statuses").'
                   render :nothing => true, :layout => true
                   return
                 end
                 @issue.status = default_status
-                @allowed_statuses = ([default_status] + default_status.find_new_statuses_allowed_to(logged_in_user.role_for_project(@project), @issue.tracker))if logged_in_user
+                @allowed_statuses = ([default_status] + default_status.find_new_statuses_allowed_to(User.current.role_for_project(@project), @issue.tracker))
                 if request.get?
                   @issue.start_date ||= Date.today
                   @custom_values = @issue.custom_values.empty? ?
                     @project.custom_fields_for_issues(@issue.tracker).collect { |x| CustomValue.new(:custom_field => x, :customized => @issue) } :
                     @issue.custom_values
                 else
                   requested_status = IssueStatus.find_by_id(params[:issue][:status_id])
                   # Check that the user is allowed to apply the requested status
                   @issue.status = (@allowed_statuses.include? requested_status) ? requested_status : default_status
                   @custom_values = @project.custom_fields_for_issues(@issue.tracker).collect { |x| CustomValue.new(:custom_field => x, :customized => @issue, :value => params["custom_fields"][x.id.to_s]) }
                   @issue.custom_values = @custom_values
                   if @issue.save
                     if params[:attachments] && params[:attachments].is_a?(Array)
                       # Save attachments
                       params[:attachments].each {|a| Attachment.create(:container => @issue, :file => a, :author => User.current) unless a.size == 0}
                     end
                     flash[:notice] = l(:notice_successful_create)
                     Mailer.deliver_issue_add(@issue) if Setting.notified_events.include?('issue_added')
                     redirect_to :controller => 'issues', :action => 'index', :project_id => @project
                     return
                   end
                 end
                 @priorities = Enumeration::get_values('IPRI')
               end
               # Bulk edit issues
               def bulk_edit_issues
                 if request.post?
                   status = params[:status_id].blank? ? nil : IssueStatus.find_by_id(params[:status_id])
                   priority = params[:priority_id].blank? ? nil : Enumeration.find_by_id(params[:priority_id])
                   assigned_to = params[:assigned_to_id].blank? ? nil : User.find_by_id(params[:assigned_to_id])
                   category = params[:category_id].blank? ? nil : @project.issue_categories.find_by_id(params[:category_id])
                   fixed_version = params[:fixed_version_id].blank? ? nil : @project.versions.find_by_id(params[:fixed_version_id])
                   issues = @project.issues.find_all_by_id(params[:issue_ids])
                   unsaved_issue_ids = []
                   issues.each do |issue|
                     journal = issue.init_journal(User.current, params[:notes])
                     issue.priority = priority if priority
                     issue.assigned_to = assigned_to if assigned_to || params[:assigned_to_id] == 'none'
                     issue.category = category if category
                     issue.fixed_version = fixed_version if fixed_version
                     issue.start_date = params[:start_date] unless params[:start_date].blank?
                     issue.due_date = params[:due_date] unless params[:due_date].blank?
                     issue.done_ratio = params[:done_ratio] unless params[:done_ratio].blank?
                     # Don't save any change to the issue if the user is not authorized to apply the requested status
                     if (status.nil? || (issue.status.new_status_allowed_to?(status, current_role, issue.tracker) && issue.status = status)) && issue.save
                       # Send notification for each issue (if changed)
                       Mailer.deliver_issue_edit(journal) if journal.details.any? && Setting.notified_events.include?('issue_updated')
                     else
                       # Keep unsaved issue ids to display them in flash error
                       unsaved_issue_ids << issue.id
                     end
                   end
                   if unsaved_issue_ids.empty?
                     flash[:notice] = l(:notice_successful_update) unless issues.empty?
                   else
                     flash[:error] = l(:notice_failed_to_save_issues, unsaved_issue_ids.size, issues.size, '#' + unsaved_issue_ids.join(', #'))
                   end
                   redirect_to :controller => 'issues', :action => 'index', :project_id => @project
                   return
                 end
                 if current_role && User.current.allowed_to?(:change_issue_status, @project)
                   # Find potential statuses the user could be allowed to switch issues to
                   @available_statuses = Workflow.find(:all, :include => :new_status,
                                                             :conditions => {:role_id => current_role.id}).collect(&:new_status).compact.uniq
                 end
                 render :update do |page|
                   page.hide 'query_form'
                   page.replace_html  'bulk-edit', :partial => 'issues/bulk_edit_form'
                 end
               end
               def move_issues
                 @issues = @project.issues.find(params[:issue_ids]) if params[:issue_ids]
                 redirect_to :controller => 'issues', :action => 'index', :project_id => @project and return unless @issues
                 @projects = []
                 # find projects to which the user is allowed to move the issue
                 if User.current.admin?
                   # admin is allowed to move issues to any active (visible) project
                   @projects = Project.find(:all, :conditions => Project.visible_by(User.current), :order => 'name')
                 else
                   User.current.memberships.each {|m| @projects << m.project if m.role.allowed_to?(:move_issues)}
                 end
                 # issue can be moved to any tracker
                 @trackers = Tracker.find(:all)
                 if request.post? && params[:new_project_id] && @projects.collect(&:id).include?(params[:new_project_id].to_i) && params[:new_tracker_id]
                   new_project = Project.find_by_id(params[:new_project_id])
                   new_tracker = params[:new_tracker_id].blank? ? nil : Tracker.find_by_id(params[:new_tracker_id])
                   unsaved_issue_ids = []
                   @issues.each do |issue|
                     unsaved_issue_ids << issue.id unless issue.move_to(new_project, new_tracker)
                   end
                   if unsaved_issue_ids.empty?
                     flash[:notice] = l(:notice_successful_update) unless @issues.empty?
                   else
                     flash[:error] = l(:notice_failed_to_save_issues, unsaved_issue_ids.size, @issues.size, '#' + unsaved_issue_ids.join(', #'))
                   end
                   redirect_to :controller => 'issues', :action => 'index', :project_id => @project
                 end
               end
               # Add a news to @project
               def add_news
-                @news = News.new(:project => @project)
+                @news = News.new(:project => @project, :author => User.current)
                 if request.post?
                   @news.attributes = params[:news]
-                  @news.author_id = self.logged_in_user.id if self.logged_in_user
                   if @news.save
                     flash[:notice] = l(:notice_successful_create)
                     Mailer.deliver_news_added(@news) if Setting.notified_events.include?('news_added')
                     redirect_to :controller => 'news', :action => 'index', :project_id => @project
                   end
                 end
               end
               def add_file
                 if request.post?
                   @version = @project.versions.find_by_id(params[:version_id])
                   # Save the attachments
                   @attachments = []
                   params[:attachments].each { |file|
                     next unless file.size > 0
-                    a = Attachment.create(:container => @version, :file => file, :author => logged_in_user)
+                    a = Attachment.create(:container => @version, :file => file, :author => User.current)
                     @attachments << a unless a.new_record?
                   } if params[:attachments] and params[:attachments].is_a? Array
                   Mailer.deliver_attachments_added(@attachments) if !@attachments.empty? && Setting.notified_events.include?('file_added')
                   redirect_to :controller => 'projects', :action => 'list_files', :id => @project
                 end
                 @versions = @project.versions.sort
               end
               def list_files
                 @versions = @project.versions.sort
               end
               # Show changelog for @project
               def changelog
                 @trackers = Tracker.find(:all, :conditions => ["is_in_chlog=?", true], :order => 'position')
                 retrieve_selected_tracker_ids(@trackers)
                 @versions = @project.versions.sort
               end
               def roadmap
                 @trackers = Tracker.find(:all, :conditions => ["is_in_roadmap=?", true], :order => 'position')
                 retrieve_selected_tracker_ids(@trackers)
                 @versions = @project.versions.sort
                 @versions = @versions.select {|v| !v.completed? } unless params[:completed]
               end
               def activity
                 if params[:year] and params[:year].to_i > 1900
                   @year = params[:year].to_i
                   if params[:month] and params[:month].to_i > 0 and params[:month].to_i < 13
                     @month = params[:month].to_i
                   end
                 end
                 @year ||= Date.today.year
                 @month ||= Date.today.month
                 case params[:format]
                 when 'atom'
                   # 30 last days
                   @date_from = Date.today - 30
                   @date_to = Date.today + 1
                 else
                   # current month
                   @date_from = Date.civil(@year, @month, 1)
                   @date_to = @date_from >> 1
                 end
                 @event_types = %w(issues news files documents changesets wiki_pages messages)
                 @event_types.delete('wiki_pages') unless @project.wiki
                 @event_types.delete('changesets') unless @project.repository
                 @event_types.delete('messages') unless @project.boards.any?
                 # only show what the user is allowed to view
                 @event_types = @event_types.select {|o| User.current.allowed_to?("view_#{o}".to_sym, @project)}
                 @scope = @event_types.select {|t| params["show_#{t}"]}
                 # default events if none is specified in parameters
                 @scope = (@event_types - %w(wiki_pages messages))if @scope.empty?
                 @events = []
                 if @scope.include?('issues')
                   @events += @project.issues.find(:all, :include => [:author, :tracker], :conditions => ["#{Issue.table_name}.created_on>=? and #{Issue.table_name}.created_on<=?", @date_from, @date_to] )
                   @events += @project.issues_status_changes(@date_from, @date_to)
                 end
                 if @scope.include?('news')
                   @events += @project.news.find(:all, :conditions => ["#{News.table_name}.created_on>=? and #{News.table_name}.created_on<=?", @date_from, @date_to], :include => :author )
                 end
                 if @scope.include?('files')
                   @events += Attachment.find(:all, :select => "#{Attachment.table_name}.*", :joins => "LEFT JOIN #{Version.table_name} ON #{Version.table_name}.id = #{Attachment.table_name}.container_id", :conditions => ["#{Attachment.table_name}.container_type='Version' and #{Version.table_name}.project_id=? and #{Attachment.table_name}.created_on>=? and #{Attachment.table_name}.created_on<=?", @project.id, @date_from, @date_to], :include => :author )
                 end
                 if @scope.include?('documents')
                   @events += @project.documents.find(:all, :conditions => ["#{Document.table_name}.created_on>=? and #{Document.table_name}.created_on<=?", @date_from, @date_to] )
                   @events += Attachment.find(:all, :select => "attachments.*", :joins => "LEFT JOIN #{Document.table_name} ON #{Document.table_name}.id = #{Attachment.table_name}.container_id", :conditions => ["#{Attachment.table_name}.container_type='Document' and #{Document.table_name}.project_id=? and #{Attachment.table_name}.created_on>=? and #{Attachment.table_name}.created_on<=?", @project.id, @date_from, @date_to], :include => :author )
                 end
                 if @scope.include?('wiki_pages')
                   select = "#{WikiContent.versioned_table_name}.updated_on, #{WikiContent.versioned_table_name}.comments, " +
                            "#{WikiContent.versioned_table_name}.#{WikiContent.version_column}, #{WikiPage.table_name}.title, " +
                            "#{WikiContent.versioned_table_name}.page_id, #{WikiContent.versioned_table_name}.author_id, " +
                            "#{WikiContent.versioned_table_name}.id"
                   joins = "LEFT JOIN #{WikiPage.table_name} ON #{WikiPage.table_name}.id = #{WikiContent.versioned_table_name}.page_id " +
                           "LEFT JOIN #{Wiki.table_name} ON #{Wiki.table_name}.id = #{WikiPage.table_name}.wiki_id "
                   conditions = ["#{Wiki.table_name}.project_id = ? AND #{WikiContent.versioned_table_name}.updated_on BETWEEN ? AND ?",
                                 @project.id, @date_from, @date_to]
                   @events += WikiContent.versioned_class.find(:all, :select => select, :joins => joins, :conditions => conditions)
                 end
                 if @scope.include?('changesets')
                   @events += @project.repository.changesets.find(:all, :conditions => ["#{Changeset.table_name}.committed_on BETWEEN ? AND ?", @date_from, @date_to])
                 end
                 if @scope.include?('messages')
                   @events += Message.find(:all,
                                           :include => [:board, :author],
                                           :conditions => ["#{Board.table_name}.project_id=? AND #{Message.table_name}.parent_id IS NULL AND #{Message.table_name}.created_on BETWEEN ? AND ?", @project.id, @date_from, @date_to])
                 end
                 @events_by_day = @events.group_by(&:event_date)
                 respond_to do |format|
                   format.html { render :layout => false if request.xhr? }
                   format.atom { render_feed(@events, :title => "#{@project.name}: #{l(:label_activity)}") }
                 end
               end
               def calendar
                 @trackers = Tracker.find(:all, :order => 'position')
                 retrieve_selected_tracker_ids(@trackers)
                 if params[:year] and params[:year].to_i > 1900
                   @year = params[:year].to_i
                   if params[:month] and params[:month].to_i > 0 and params[:month].to_i < 13
                     @month = params[:month].to_i
                   end
                 end
                 @year ||= Date.today.year
                 @month ||= Date.today.month
                 @calendar = Redmine::Helpers::Calendar.new(Date.civil(@year, @month, 1), current_language, :month)
                 events = []
                 @project.issues_with_subprojects(params[:with_subprojects]) do
                   events += Issue.find(:all,
                                        :include => [:tracker, :status, :assigned_to, :priority, :project],
                                        :conditions => ["((start_date BETWEEN ? AND ?) OR (due_date BETWEEN ? AND ?)) AND #{Issue.table_name}.tracker_id IN (#{@selected_tracker_ids.join(',')})", @calendar.startdt, @calendar.enddt, @calendar.startdt, @calendar.enddt]
                                        ) unless @selected_tracker_ids.empty?
                 end
                 events += @project.versions.find(:all, :conditions => ["effective_date BETWEEN ? AND ?", @calendar.startdt, @calendar.enddt])
                 @calendar.events = events
                 render :layout => false if request.xhr?
               end
               def gantt
                 @trackers = Tracker.find(:all, :order => 'position')
                 retrieve_selected_tracker_ids(@trackers)
                 if params[:year] and params[:year].to_i >0
                   @year_from = params[:year].to_i
                   if params[:month] and params[:month].to_i >=1 and params[:month].to_i <= 12
                     @month_from = params[:month].to_i
                   else
                     @month_from = 1
                   end
                 else
                   @month_from ||= Date.today.month
                   @year_from ||= Date.today.year
                 end
                 zoom = (params[:zoom] || User.current.pref[:gantt_zoom]).to_i
                 @zoom = (zoom > 0 && zoom < 5) ? zoom : 2
                 months = (params[:months] || User.current.pref[:gantt_months]).to_i
                 @months = (months > 0 && months < 25) ? months : 6
                 # Save gantt paramters as user preference (zoom and months count)
                 if (User.current.logged? && (@zoom != User.current.pref[:gantt_zoom] || @months != User.current.pref[:gantt_months]))
                   User.current.pref[:gantt_zoom], User.current.pref[:gantt_months] = @zoom, @months
                   User.current.preference.save
                 end
                 @date_from = Date.civil(@year_from, @month_from, 1)
                 @date_to = (@date_from >> @months) - 1
                 @events = []
                 @project.issues_with_subprojects(params[:with_subprojects]) do
                   @events += Issue.find(:all,
                                        :order => "start_date, due_date",
                                        :include => [:tracker, :status, :assigned_to, :priority, :project],
                                        :conditions => ["(((start_date>=? and start_date<=?) or (due_date>=? and due_date<=?) or (start_date<? and due_date>?)) and start_date is not null and due_date is not null and #{Issue.table_name}.tracker_id in (#{@selected_tracker_ids.join(',')}))", @date_from, @date_to, @date_from, @date_to, @date_from, @date_to]
                                        ) unless @selected_tracker_ids.empty?
                 end
                 @events += @project.versions.find(:all, :conditions => ["effective_date BETWEEN ? AND ?", @date_from, @date_to])
                 @events.sort! {|x,y| x.start_date <=> y.start_date }
                 if params[:format]=='pdf'
                   @options_for_rfpdf ||= {}
                   @options_for_rfpdf[:file_name] = "#{@project.identifier}-gantt.pdf"
                   render :template => "projects/gantt.rfpdf", :layout => false
                 elsif params[:format]=='png' && respond_to?('gantt_image')
                   image = gantt_image(@events, @date_from, @months, @zoom)
                   image.format = 'PNG'
                   send_data(image.to_blob, :disposition => 'inline', :type => 'image/png', :filename => "#{@project.identifier}-gantt.png")
                 else
                   render :template => "projects/gantt.rhtml"
                 end
               end
             private
               # Find project of id params[:id]
               # if not found, redirect to project list
               # Used as a before_filter
               def find_project
                 @project = Project.find(params[:id])
               rescue ActiveRecord::RecordNotFound
                 render_404
               end
               def retrieve_selected_tracker_ids(selectable_trackers)
                 if ids = params[:tracker_ids]
                   @selected_tracker_ids = (ids.is_a? Array) ? ids.collect { |id| id.to_i.to_s } : ids.split('/').collect { |id| id.to_i.to_s }
                 else
                   @selected_tracker_ids = selectable_trackers.collect {|t| t.id.to_s }
                 end
               end
             end

app/controllers/queries_controller.rb +3 -5

             # redMine - project management software
             # Copyright (C) 2006-2007  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             class QueriesController < ApplicationController
               layout 'base'
               before_filter :find_project, :authorize
               def index
                 @queries = @project.queries.find(:all,
                                                  :order => "name ASC",
-                                                 :conditions => ["is_public = ? or user_id = ?", true, (logged_in_user ? logged_in_user.id : 0)])
+                                                 :conditions => ["is_public = ? or user_id = ?", true, (User.current.logged? ? User.current.id : 0)])
               end
               def new
                 @query = Query.new(params[:query])
                 @query.project = @project
-                @query.user = logged_in_user
+                @query.user = User.current
-                @query.executed_by = logged_in_user
                 @query.is_public = false unless current_role.allowed_to?(:manage_public_queries)
                 @query.column_names = nil if params[:default_columns]
                 params[:fields].each do |field|
                   @query.add_filter(field, params[:operators][field], params[:values][field])
                 end if params[:fields]
                 if request.post? && params[:confirm] && @query.save
                   flash[:notice] = l(:notice_successful_create)
                   redirect_to :controller => 'issues', :action => 'index', :project_id => @project, :query_id => @query
                   return
                 end
                 render :layout => false if request.xhr?
               end
               def edit
                 if request.post?
                   @query.filters = {}
                   params[:fields].each do |field|
                     @query.add_filter(field, params[:operators][field], params[:values][field])
                   end if params[:fields]
                   @query.attributes = params[:query]
                   @query.is_public = false unless current_role.allowed_to?(:manage_public_queries)
                   @query.column_names = nil if params[:default_columns]
                   if @query.save
                     flash[:notice] = l(:notice_successful_update)
                     redirect_to :controller => 'issues', :action => 'index', :project_id => @project, :query_id => @query
                   end
                 end
               end
               def destroy
                 @query.destroy if request.post?
                 redirect_to :controller => 'queries', :project_id => @project
               end
             private
               def find_project
                 if params[:id]
                   @query = Query.find(params[:id])
-                  @query.executed_by = logged_in_user
                   @project = @query.project
-                  render_403 unless @query.editable_by?(logged_in_user)
+                  render_403 unless @query.editable_by?(User.current)
                 else
                   @project = Project.find(params[:project_id])
                 end
               rescue ActiveRecord::RecordNotFound
                 render_404
               end
             end

app/controllers/search_controller.rb +2 -2

             # redMine - project management software
             # Copyright (C) 2006  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             class SearchController < ApplicationController
               layout 'base'
               helper :messages
               include MessagesHelper
               def index
                 @question = params[:q] || ""
                 @question.strip!
                 @all_words = params[:all_words] || (params[:submit] ? false : true)
                 @titles_only = !params[:titles_only].nil?
                 offset = nil
                 begin; offset = params[:offset].to_time if params[:offset]; rescue; end
                 # quick jump to an issue
-                if @question.match(/^#?(\d+)$/) && Issue.find_by_id($1, :include => :project, :conditions => Project.visible_by(logged_in_user))
+                if @question.match(/^#?(\d+)$/) && Issue.find_by_id($1, :include => :project, :conditions => Project.visible_by(User.current))
                   redirect_to :controller => "issues", :action => "show", :id => $1
                   return
                 end
                 if params[:id]
                   find_project
                   return unless check_project_privacy
                 end
                 if @project
                   # only show what the user is allowed to view
                   @object_types = %w(issues news documents changesets wiki_pages messages)
                   @object_types = @object_types.select {|o| User.current.allowed_to?("view_#{o}".to_sym, @project)}
                   @scope = @object_types.select {|t| params[t]}
                   @scope = @object_types if @scope.empty?
                 else
                   @object_types = @scope = %w(projects)
                 end
                 # tokens must be at least 3 character long
                 @tokens = @question.split.uniq.select {|w| w.length > 2 }
                 if !@tokens.empty?
                   # no more than 5 tokens to search for
                   @tokens.slice! 5..-1 if @tokens.size > 5
                   # strings used in sql like statement
                   like_tokens = @tokens.collect {|w| "%#{w.downcase}%"}
                   @results = []
                   limit = 10
                   if @project
                     @scope.each do |s|
                       @results += s.singularize.camelcase.constantize.search(like_tokens, @project,
                         :all_words => @all_words,
                         :titles_only => @titles_only,
                         :limit => (limit+1),
                         :offset => offset,
                         :before => params[:previous].nil?)
                     end
                     @results = @results.sort {|a,b| b.event_datetime <=> a.event_datetime}
                     if params[:previous].nil?
                       @pagination_previous_date = @results[0].event_datetime if offset && @results[0]
                       if @results.size > limit
                         @pagination_next_date = @results[limit-1].event_datetime
                         @results = @results[0, limit]
                       end
                     else
                       @pagination_next_date = @results[-1].event_datetime if offset && @results[-1]
                       if @results.size > limit
                         @pagination_previous_date = @results[-(limit)].event_datetime
                         @results = @results[-(limit), limit]
                       end
                     end
                   else
                     operator = @all_words ? ' AND ' : ' OR '
-                    Project.with_scope(:find => {:conditions => Project.visible_by(logged_in_user)}) do
+                    Project.with_scope(:find => {:conditions => Project.visible_by(User.current)}) do
                       @results += Project.find(:all, :limit => limit, :conditions => [ (["(LOWER(name) like ? OR LOWER(description) like ?)"] * like_tokens.size).join(operator), * (like_tokens * 2).sort] ) if @scope.include? 'projects'
                     end
                     # if only one project is found, user is redirected to its overview
                     redirect_to :controller => 'projects', :action => 'show', :id => @results.first and return if @results.size == 1
                   end
                   @question = @tokens.join(" ")
                 else
                   @question = ""
                 end
                 render :layout => false if request.xhr?
               end
             private
               def find_project
                 @project = Project.find(params[:id])
               rescue ActiveRecord::RecordNotFound
                 render_404
               end
             end

app/controllers/timelog_controller.rb +3 -3

             # redMine - project management software
             # Copyright (C) 2006-2007  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             class TimelogController < ApplicationController
               layout 'base'
               before_filter :find_project, :authorize
               helper :sort
               include SortHelper
               helper :issues
               def report
                 @available_criterias = { 'version' => {:sql => "#{Issue.table_name}.fixed_version_id",
                                                       :values => @project.versions,
                                                       :label => :label_version},
                                          'category' => {:sql => "#{Issue.table_name}.category_id",
                                                         :values => @project.issue_categories,
                                                         :label => :field_category},
                                          'member' => {:sql => "#{TimeEntry.table_name}.user_id",
                                                      :values => @project.users,
                                                      :label => :label_member},
                                          'tracker' => {:sql => "#{Issue.table_name}.tracker_id",
                                                       :values => Tracker.find(:all),
                                                       :label => :label_tracker},
                                          'activity' => {:sql => "#{TimeEntry.table_name}.activity_id",
                                                        :values => Enumeration::get_values('ACTI'),
                                                        :label => :label_activity}
                                        }
                 @criterias = params[:criterias] || []
                 @criterias = @criterias.select{|criteria| @available_criterias.has_key? criteria}
                 @criterias.uniq!
                 @columns = (params[:period] && %w(year month week).include?(params[:period])) ? params[:period] : 'month'
                 if params[:date_from]
                   begin; @date_from = params[:date_from].to_date; rescue; end
                 end
                 if params[:date_to]
                   begin; @date_to = params[:date_to].to_date; rescue; end
                 end
                 @date_from ||= Date.civil(Date.today.year, 1, 1)
                 @date_to ||= Date.civil(Date.today.year, Date.today.month+1, 1) - 1
                 unless @criterias.empty?
                   sql_select = @criterias.collect{|criteria| @available_criterias[criteria][:sql] + " AS " + criteria}.join(', ')
                   sql_group_by = @criterias.collect{|criteria| @available_criterias[criteria][:sql]}.join(', ')
                   sql = "SELECT #{sql_select}, tyear, tmonth, tweek, SUM(hours) AS hours"
                   sql << " FROM #{TimeEntry.table_name} LEFT JOIN #{Issue.table_name} ON #{TimeEntry.table_name}.issue_id = #{Issue.table_name}.id"
                   sql << " WHERE #{TimeEntry.table_name}.project_id = %s" % @project.id
                   sql << " AND spent_on BETWEEN '%s' AND '%s'" % [ActiveRecord::Base.connection.quoted_date(@date_from.to_time), ActiveRecord::Base.connection.quoted_date(@date_to.to_time)]
                   sql << " GROUP BY #{sql_group_by}, tyear, tmonth, tweek"
                   @hours = ActiveRecord::Base.connection.select_all(sql)
                   @hours.each do |row|
                     case @columns
                     when 'year'
                       row['year'] = row['tyear']
                     when 'month'
                       row['month'] = "#{row['tyear']}-#{row['tmonth']}"
                     when 'week'
                       row['week'] = "#{row['tyear']}-#{row['tweek']}"
                     end
                   end
                 end
                 @periods = []
                 date_from = @date_from
                 # 100 columns max
                 while date_from < @date_to && @periods.length < 100
                   case @columns
                   when 'year'
                     @periods << "#{date_from.year}"
                     date_from = date_from >> 12
                   when 'month'
                     @periods << "#{date_from.year}-#{date_from.month}"
                     date_from = date_from >> 1
                   when 'week'
                     @periods << "#{date_from.year}-#{date_from.cweek}"
                     date_from = date_from + 7
                   end
                 end
                 render :layout => false if request.xhr?
               end
               def details
                 sort_init 'spent_on', 'desc'
                 sort_update
                 @entries = (@issue ? @issue : @project).time_entries.find(:all, :include => [:activity, :user, {:issue => [:tracker, :assigned_to, :priority]}], :order => sort_clause)
                 @total_hours = @entries.inject(0) { |sum,entry| sum + entry.hours }
-                @owner_id = logged_in_user ? logged_in_user.id : 0
+                @owner_id = User.current.id
                 send_csv and return if 'csv' == params[:export]
                 render :action => 'details', :layout => false if request.xhr?
               end
               def edit
-                render_404 and return if @time_entry && @time_entry.user != logged_in_user
+                render_404 and return if @time_entry && @time_entry.user != User.current
-                @time_entry ||= TimeEntry.new(:project => @project, :issue => @issue, :user => logged_in_user, :spent_on => Date.today)
+                @time_entry ||= TimeEntry.new(:project => @project, :issue => @issue, :user => User.current, :spent_on => Date.today)
                 @time_entry.attributes = params[:time_entry]
                 if request.post? and @time_entry.save
                   flash[:notice] = l(:notice_successful_update)
                   redirect_to :action => 'details', :project_id => @time_entry.project, :issue_id => @time_entry.issue
                   return
                 end
                 @activities = Enumeration::get_values('ACTI')
               end
             private
               def find_project
                 if params[:id]
                   @time_entry = TimeEntry.find(params[:id])
                   @project = @time_entry.project
                 elsif params[:issue_id]
                   @issue = Issue.find(params[:issue_id])
                   @project = @issue.project
                 elsif params[:project_id]
                   @project = Project.find(params[:project_id])
                 else
                   render_404
                   return false
                 end
               end
               def send_csv
                 ic = Iconv.new(l(:general_csv_encoding), 'UTF-8')
                 export = StringIO.new
                 CSV::Writer.generate(export, l(:general_csv_separator)) do |csv|
                   # csv header fields
                   headers = [l(:field_spent_on),
                              l(:field_user),
                              l(:field_activity),
                              l(:field_issue),
                              l(:field_hours),
                              l(:field_comments)
                              ]
                   csv << headers.collect {|c| begin; ic.iconv(c.to_s); rescue; c.to_s; end }
                   # csv lines
                   @entries.each do |entry|
                     fields = [l_date(entry.spent_on),
                               entry.user.name,
                               entry.activity.name,
                               (entry.issue ? entry.issue.id : nil),
                               entry.hours,
                               entry.comments
                               ]
                     csv << fields.collect {|c| begin; ic.iconv(c.to_s); rescue; c.to_s; end }
                   end
                 end
                 export.rewind
                 send_data(export.read, :type => 'text/csv; header=present', :filename => 'export.csv')
               end
             end

app/controllers/welcome_controller.rb +2 -2

             # redMine - project management software
             # Copyright (C) 2006  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             class WelcomeController < ApplicationController
               layout 'base'
               def index
-                @news = News.latest logged_in_user
+                @news = News.latest User.current
-                @projects = Project.latest logged_in_user
+                @projects = Project.latest User.current
               end
             end

app/controllers/wiki_controller.rb +2 -2

             # redMine - project management software
             # Copyright (C) 2006-2007  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             require 'diff'
             class WikiController < ApplicationController
               layout 'base'
               before_filter :find_wiki, :authorize
               verify :method => :post, :only => [:destroy, :destroy_attachment], :redirect_to => { :action => :index }
               helper :attachments
               include AttachmentsHelper
               # display a page (in editing mode if it doesn't exist)
               def index
                 page_title = params[:page]
                 @page = @wiki.find_or_new_page(page_title)
                 if @page.new_record?
                   if User.current.allowed_to?(:edit_wiki_pages, @project)
                     edit
                     render :action => 'edit'
                   else
                     render_404
                   end
                   return
                 end
                 @content = @page.content_for_version(params[:version])
                 if params[:export] == 'html'
                   export = render_to_string :action => 'export', :layout => false
                   send_data(export, :type => 'text/html', :filename => "#{@page.title}.html")
                   return
                 elsif params[:export] == 'txt'
                   send_data(@content.text, :type => 'text/plain', :filename => "#{@page.title}.txt")
                   return
                 end
                 render :action => 'show'
               end
               # edit an existing page or a new one
               def edit
                 @page = @wiki.find_or_new_page(params[:page])
                 @page.content = WikiContent.new(:page => @page) if @page.new_record?
                 @content = @page.content_for_version(params[:version])
                 @content.text = "h1. #{@page.pretty_title}" if @content.text.blank?
                 # don't keep previous comment
                 @content.comments = nil
                 if request.post?
                   if !@page.new_record? && @content.text == params[:content][:text]
                     # don't save if text wasn't changed
                     redirect_to :action => 'index', :id => @project, :page => @page.title
                     return
                   end
                   #@content.text = params[:content][:text]
                   #@content.comments = params[:content][:comments]
                   @content.attributes = params[:content]
-                  @content.author = logged_in_user
+                  @content.author = User.current
                   # if page is new @page.save will also save content, but not if page isn't a new record
                   if (@page.new_record? ? @page.save : @content.save)
                     redirect_to :action => 'index', :id => @project, :page => @page.title
                   end
                 end
               rescue ActiveRecord::StaleObjectError
                 # Optimistic locking exception
                 flash[:error] = l(:notice_locking_conflict)
               end
               # rename a page
               def rename
                 @page = @wiki.find_page(params[:page])
                 @page.redirect_existing_links = true
                 # used to display the *original* title if some AR validation errors occur
                 @original_title = @page.pretty_title
                 if request.post? && @page.update_attributes(params[:wiki_page])
                   flash[:notice] = l(:notice_successful_update)
                   redirect_to :action => 'index', :id => @project, :page => @page.title
                 end
               end
               # show page history
               def history
                 @page = @wiki.find_page(params[:page])
                 @version_count = @page.content.versions.count
                 @version_pages = Paginator.new self, @version_count, 25, params['p']
                 # don't load text
                 @versions = @page.content.versions.find :all,
                                                         :select => "id, author_id, comments, updated_on, version",
                                                         :order => 'version DESC',
                                                         :limit  =>  @version_pages.items_per_page + 1,
                                                         :offset =>  @version_pages.current.offset
                 render :layout => false if request.xhr?
               end
               def diff
                 @page = @wiki.find_page(params[:page])
                 @diff = @page.diff(params[:version], params[:version_from])
                 render_404 unless @diff
               end
               # remove a wiki page and its history
               def destroy
                 @page = @wiki.find_page(params[:page])
                 @page.destroy if @page
                 redirect_to :action => 'special', :id => @project, :page => 'Page_index'
               end
               # display special pages
               def special
                 page_title = params[:page].downcase
                 case page_title
                 # show pages index, sorted by title
                 when 'page_index', 'date_index'
                   # eager load information about last updates, without loading text
                   @pages = @wiki.pages.find :all, :select => "#{WikiPage.table_name}.*, #{WikiContent.table_name}.updated_on",
                                                   :joins => "LEFT JOIN #{WikiContent.table_name} ON #{WikiContent.table_name}.page_id = #{WikiPage.table_name}.id",
                                                   :order => 'title'
                   @pages_by_date = @pages.group_by {|p| p.updated_on.to_date}
                 # export wiki to a single html file
                 when 'export'
                   @pages = @wiki.pages.find :all, :order => 'title'
                   export = render_to_string :action => 'export_multiple', :layout => false
                   send_data(export, :type => 'text/html', :filename => "wiki.html")
                   return
                 else
                   # requested special page doesn't exist, redirect to default page
                   redirect_to :action => 'index', :id => @project, :page => nil and return
                 end
                 render :action => "special_#{page_title}"
               end
               def preview
                 page = @wiki.find_page(params[:page])
                 @attachements = page.attachments if page
                 @text = params[:content][:text]
                 render :partial => 'common/preview'
               end
               def add_attachment
                 @page = @wiki.find_page(params[:page])
                 # Save the attachments
                 params[:attachments].each { |file|
                   next unless file.size > 0
-                  a = Attachment.create(:container => @page, :file => file, :author => logged_in_user)
+                  a = Attachment.create(:container => @page, :file => file, :author => User.current)
                 } if params[:attachments] and params[:attachments].is_a? Array
                 redirect_to :action => 'index', :page => @page.title
               end
               def destroy_attachment
                 @page = @wiki.find_page(params[:page])
                 @page.attachments.find(params[:attachment_id]).destroy
                 redirect_to :action => 'index', :page => @page.title
               end
             private
               def find_wiki
                 @project = Project.find(params[:id])
                 @wiki = @project.wiki
                 render_404 unless @wiki
               rescue ActiveRecord::RecordNotFound
                 render_404
               end
             end

app/models/attachment.rb +1 -6

             # redMine - project management software
             # Copyright (C) 2006-2007  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             require "digest/md5"
             class Attachment < ActiveRecord::Base
               belongs_to :container, :polymorphic => true
               belongs_to :author, :class_name => "User", :foreign_key => "author_id"
-              validates_presence_of :container, :filename
+              validates_presence_of :container, :filename, :author
               validates_length_of :filename, :maximum => 255
               validates_length_of :disk_filename, :maximum => 255
               acts_as_event :title => :filename,
                             :description => :filename,
                             :url => Proc.new {|o| {:controller => 'attachments', :action => 'download', :id => o.id}}
               cattr_accessor :storage_path
               @@storage_path = "#{RAILS_ROOT}/files"
               def validate
                 errors.add_to_base :too_long if self.filesize > Setting.attachment_max_size.to_i.kilobytes
               end
             	def file=(incomming_file)
             		unless incomming_file.nil?
             			@temp_file = incomming_file
             			if @temp_file.size > 0
             				self.filename = sanitize_filename(@temp_file.original_filename)
             				self.disk_filename = DateTime.now.strftime("%y%m%d%H%M%S") + "_" + self.filename
             				self.content_type = @temp_file.content_type.chomp
             				self.filesize = @temp_file.size
             			end
             		end
             	end
             	def file
             	 nil
             	end
             	# Copy temp file to its final location
             	def before_save
             		if @temp_file && (@temp_file.size > 0)
             			logger.debug("saving '#{self.diskfile}'")
             			File.open(diskfile, "wb") do |f|
             				f.write(@temp_file.read)
             			end
             			self.digest = Digest::MD5.hexdigest(File.read(diskfile))
             		end
             		# Don't save the content type if it's longer than the authorized length
             		if self.content_type && self.content_type.length > 255
             		  self.content_type = nil
             		end
             	end
             	# Deletes file on the disk
             	def after_destroy
             		if self.filename?
             			File.delete(diskfile) if File.exist?(diskfile)
             		end
             	end
             	# Returns file's location on disk
             	def diskfile
             		"#{@@storage_path}/#{self.disk_filename}"
             	end
               def increment_download
                 increment!(:downloads)
               end
-            	# returns last created projects
-            	def self.most_downloaded
-            		find(:all, :limit => 5, :order => "downloads DESC")
-            	end
               def project
                 container.is_a?(Project) ? container : container.project
               end
               def image?
                 self.filename =~ /\.(jpeg|jpg|gif|png)$/i
               end
             private
               def sanitize_filename(value)
                   # get only the filename, not the whole path
                   just_filename = value.gsub(/^.*(\\|\/)/, '')
                   # NOTE: File.basename doesn't work right with Windows paths on Unix
                   # INCORRECT: just_filename = File.basename(value.gsub('\\\\', '/'))
                   # Finally, replace all non alphanumeric, underscore or periods with underscore
                   @filename = just_filename.gsub(/[^\w\.\-]/,'_')
               end
             end

app/models/query.rb +2 -5

             # redMine - project management software
             # Copyright (C) 2006-2007  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             class QueryColumn
               attr_accessor :name, :sortable
               include GLoc
               def initialize(name, options={})
                 self.name = name
                 self.sortable = options[:sortable]
               end
               def caption
                 set_language_if_valid(User.current.language)
                 l("field_#{name}")
               end
             end
             class QueryCustomFieldColumn < QueryColumn
               def initialize(custom_field)
                 self.name = "cf_#{custom_field.id}".to_sym
                 self.sortable = false
                 @cf = custom_field
               end
               def caption
                 @cf.name
               end
               def custom_field
                 @cf
               end
             end
             class Query < ActiveRecord::Base
               belongs_to :project
               belongs_to :user
               serialize :filters
               serialize :column_names
               attr_protected :project, :user
               attr_accessor :executed_by
               validates_presence_of :name, :on => :save
               validates_length_of :name, :maximum => 255
               @@operators = { "="   => :label_equals,
                               "!"   => :label_not_equals,
                               "o"   => :label_open_issues,
                               "c"   => :label_closed_issues,
                               "!*"  => :label_none,
                               "*"   => :label_all,
                               ">="   => '>=',
                               "<="   => '<=',
                               "<t+" => :label_in_less_than,
                               ">t+" => :label_in_more_than,
                               "t+"  => :label_in,
                               "t"   => :label_today,
                               "w"   => :label_this_week,
                               ">t-" => :label_less_than_ago,
                               "<t-" => :label_more_than_ago,
                               "t-"  => :label_ago,
                               "~"   => :label_contains,
                               "!~"  => :label_not_contains }
               cattr_reader :operators
               @@operators_by_filter_type = { :list => [ "=", "!" ],
                                              :list_status => [ "o", "=", "!", "c", "*" ],
                                              :list_optional => [ "=", "!", "!*", "*" ],
                                              :list_one_or_more => [ "*", "=" ],
                                              :date => [ "<t+", ">t+", "t+", "t", "w", ">t-", "<t-", "t-" ],
                                              :date_past => [ ">t-", "<t-", "t-", "t", "w" ],
                                              :string => [ "=", "~", "!", "!~" ],
                                              :text => [  "~", "!~" ],
                                              :integer => [ "=", ">=", "<=" ] }
               cattr_reader :operators_by_filter_type
               @@available_columns = [
                 QueryColumn.new(:tracker, :sortable => "#{Tracker.table_name}.position"),
                 QueryColumn.new(:status, :sortable => "#{IssueStatus.table_name}.position"),
                 QueryColumn.new(:priority, :sortable => "#{Enumeration.table_name}.position"),
                 QueryColumn.new(:subject),
                 QueryColumn.new(:assigned_to, :sortable => "#{User.table_name}.lastname"),
                 QueryColumn.new(:updated_on, :sortable => "#{Issue.table_name}.updated_on"),
                 QueryColumn.new(:category, :sortable => "#{IssueCategory.table_name}.name"),
                 QueryColumn.new(:fixed_version),
                 QueryColumn.new(:start_date, :sortable => "#{Issue.table_name}.start_date"),
                 QueryColumn.new(:due_date, :sortable => "#{Issue.table_name}.due_date"),
                 QueryColumn.new(:estimated_hours, :sortable => "#{Issue.table_name}.estimated_hours"),
                 QueryColumn.new(:done_ratio, :sortable => "#{Issue.table_name}.done_ratio"),
                 QueryColumn.new(:created_on, :sortable => "#{Issue.table_name}.created_on"),
               ]
               cattr_reader :available_columns
               def initialize(attributes = nil)
                 super attributes
                 self.filters ||= { 'status_id' => {:operator => "o", :values => [""]} }
-              end
+                @executed_by = User.current.logged? ? User.current : nil
+                set_language_if_valid(executed_by.language) if executed_by
-              def executed_by=(user)
-                @executed_by = user
-                set_language_if_valid(user.language) if user
               end
               def validate
                 filters.each_key do |field|
                   errors.add label_for(field), :activerecord_error_blank unless
                       # filter requires one or more values
                       (values_for(field) and !values_for(field).first.empty?) or
                       # filter doesn't require any value
                       ["o", "c", "!*", "*", "t", "w"].include? operator_for(field)
                 end if filters
               end
               def editable_by?(user)
                 return false unless user
                 return true if !is_public && self.user_id == user.id
                 is_public && user.allowed_to?(:manage_public_queries, project)
               end
               def available_filters
                 return @available_filters if @available_filters
                 @available_filters = { "status_id" => { :type => :list_status, :order => 1, :values => IssueStatus.find(:all, :order => 'position').collect{|s| [s.name, s.id.to_s] } },
                                        "tracker_id" => { :type => :list, :order => 2, :values => Tracker.find(:all, :order => 'position').collect{|s| [s.name, s.id.to_s] } },
                                        "priority_id" => { :type => :list, :order => 3, :values => Enumeration.find(:all, :conditions => ['opt=?','IPRI']).collect{|s| [s.name, s.id.to_s] } },
                                        "subject" => { :type => :text, :order => 8 },
                                        "created_on" => { :type => :date_past, :order => 9 },
                                        "updated_on" => { :type => :date_past, :order => 10 },
                                        "start_date" => { :type => :date, :order => 11 },
                                        "due_date" => { :type => :date, :order => 12 },
                                        "done_ratio" =>  { :type => :integer, :order => 13 }}
                 user_values = []
                 user_values << ["<< #{l(:label_me)} >>", "me"] if executed_by
                 if project
                   user_values += project.users.collect{|s| [s.name, s.id.to_s] }
                 elsif executed_by
                   # members of the user's projects
                   user_values += executed_by.projects.collect(&:users).flatten.uniq.sort.collect{|s| [s.name, s.id.to_s] }
                 end
                 @available_filters["assigned_to_id"] = { :type => :list_optional, :order => 4, :values => user_values } unless user_values.empty?
                 @available_filters["author_id"] = { :type => :list, :order => 5, :values => user_values } unless user_values.empty?
                 if project
                   # project specific filters
                   @available_filters["category_id"] = { :type => :list_optional, :order => 6, :values => @project.issue_categories.collect{|s| [s.name, s.id.to_s] } }
                   @available_filters["fixed_version_id"] = { :type => :list_optional, :order => 7, :values => @project.versions.sort.collect{|s| [s.name, s.id.to_s] } }
                   unless @project.active_children.empty?
                     @available_filters["subproject_id"] = { :type => :list_one_or_more, :order => 13, :values => @project.active_children.collect{|s| [s.name, s.id.to_s] } }
                   end
                   @project.all_custom_fields.select(&:is_filter?).each do |field|
                     case field.field_format
                     when "string", "int"
                       options = { :type => :string, :order => 20 }
                     when "text"
                       options = { :type => :text, :order => 20 }
                     when "list"
                       options = { :type => :list_optional, :values => field.possible_values, :order => 20}
                     when "date"
                       options = { :type => :date, :order => 20 }
                     when "bool"
                       options = { :type => :list, :values => [[l(:general_text_yes), "1"], [l(:general_text_no), "0"]], :order => 20 }
                     end
                     @available_filters["cf_#{field.id}"] = options.merge({ :name => field.name })
                   end
                   # remove category filter if no category defined
                   @available_filters.delete "category_id" if @available_filters["category_id"][:values].empty?
                 end
                 @available_filters
               end
               def add_filter(field, operator, values)
                 # values must be an array
                 return unless values and values.is_a? Array # and !values.first.empty?
                 # check if field is defined as an available filter
                 if available_filters.has_key? field
                   filter_options = available_filters[field]
                   # check if operator is allowed for that filter
                   #if @@operators_by_filter_type[filter_options[:type]].include? operator
                   #  allowed_values = values & ([""] + (filter_options[:values] || []).collect {|val| val[1]})
                   #  filters[field] = {:operator => operator, :values => allowed_values } if (allowed_values.first and !allowed_values.first.empty?) or ["o", "c", "!*", "*", "t"].include? operator
                   #end
                   filters[field] = {:operator => operator, :values => values }
                 end
               end
               def add_short_filter(field, expression)
                 return unless expression
                 parms = expression.scan(/^(o|c|\!|\*)?(.*)$/).first
                 add_filter field, (parms[0] || "="), [parms[1] || ""]
               end
               def has_filter?(field)
                 filters and filters[field]
               end
               def operator_for(field)
                 has_filter?(field) ? filters[field][:operator] : nil
               end
               def values_for(field)
                 has_filter?(field) ? filters[field][:values] : nil
               end
               def label_for(field)
                 label = @available_filters[field][:name] if @available_filters.has_key?(field)
                 label ||= field.gsub(/\_id$/, "")
               end
               def available_columns
                 return @available_columns if @available_columns
                 @available_columns = Query.available_columns
                 @available_columns += (project ?
                                         project.custom_fields :
                                         IssueCustomField.find(:all, :conditions => {:is_for_all => true})
                                        ).collect {|cf| QueryCustomFieldColumn.new(cf) }
               end
               def columns
                 if has_default_columns?
                   available_columns.select {|c| Setting.issue_list_default_columns.include?(c.name.to_s) }
                 else
                   # preserve the column_names order
                   column_names.collect {|name| available_columns.find {|col| col.name == name}}.compact
                 end
               end
               def column_names=(names)
                 names = names.select {|n| n.is_a?(Symbol) || !n.blank? } if names
                 names = names.collect {|n| n.is_a?(Symbol) ? n : n.to_sym } if names
                 write_attribute(:column_names, names)
               end
               def has_column?(column)
                 column_names && column_names.include?(column.name)
               end
               def has_default_columns?
                 column_names.nil? || column_names.empty?
               end
               def statement
                 # project/subprojects clause
                 clause = ''
                 if project && has_filter?("subproject_id")
                   subproject_ids = []
                   if operator_for("subproject_id") == "="
                     subproject_ids = values_for("subproject_id").each(&:to_i)
                   else
                     subproject_ids = project.active_children.collect{|p| p.id}
                   end
                   clause << "#{Issue.table_name}.project_id IN (%d,%s)" % [project.id, subproject_ids.join(",")] if project
                 elsif project
                   clause << "#{Issue.table_name}.project_id=%d" % project.id
                 else
                   clause << Project.visible_by(executed_by)
                 end
                 # filters clauses
                 filters_clauses = []
                 filters.each_key do |field|
                   next if field == "subproject_id"
                   v = values_for(field).clone
                   next unless v and !v.empty?
                   sql = ''
                   if field =~ /^cf_(\d+)$/
                     # custom field
                     db_table = CustomValue.table_name
                     db_field = 'value'
                     sql << "#{Issue.table_name}.id IN (SELECT #{db_table}.customized_id FROM #{db_table} where #{db_table}.customized_type='Issue' AND #{db_table}.customized_id=#{Issue.table_name}.id AND #{db_table}.custom_field_id=#{$1} AND "
                   else
                     # regular field
                     db_table = Issue.table_name
                     db_field = field
                     sql << '('
                   end
                   # "me" value subsitution
                   if %w(assigned_to_id author_id).include?(field)
                     v.push(executed_by ? executed_by.id.to_s : "0") if v.delete("me")
                   end
                   case operator_for field
                   when "="
                     sql = sql + "#{db_table}.#{db_field} IN (" + v.collect{|val| "'#{connection.quote_string(val)}'"}.join(",") + ")"
                   when "!"
                     sql = sql + "#{db_table}.#{db_field} NOT IN (" + v.collect{|val| "'#{connection.quote_string(val)}'"}.join(",") + ")"
                   when "!*"
                     sql = sql + "#{db_table}.#{db_field} IS NULL"
                   when "*"
                     sql = sql + "#{db_table}.#{db_field} IS NOT NULL"
                   when ">="
                     sql = sql + "#{db_table}.#{db_field} >= #{v.first.to_i}"
                   when "<="
                     sql = sql + "#{db_table}.#{db_field} <= #{v.first.to_i}"
                   when "o"
                     sql = sql + "#{IssueStatus.table_name}.is_closed=#{connection.quoted_false}" if field == "status_id"
                   when "c"
                     sql = sql + "#{IssueStatus.table_name}.is_closed=#{connection.quoted_true}" if field == "status_id"
                   when ">t-"
                     sql = sql + "#{db_table}.#{db_field} BETWEEN '%s' AND '%s'" % [connection.quoted_date((Date.today - v.first.to_i).to_time), connection.quoted_date((Date.today + 1).to_time)]
                   when "<t-"
                     sql = sql + "#{db_table}.#{db_field} <= '%s'" % connection.quoted_date((Date.today - v.first.to_i).to_time)
                   when "t-"
                     sql = sql + "#{db_table}.#{db_field} BETWEEN '%s' AND '%s'" % [connection.quoted_date((Date.today - v.first.to_i).to_time), connection.quoted_date((Date.today - v.first.to_i + 1).to_time)]
                   when ">t+"
                     sql = sql + "#{db_table}.#{db_field} >= '%s'" % connection.quoted_date((Date.today + v.first.to_i).to_time)
                   when "<t+"
                     sql = sql + "#{db_table}.#{db_field} BETWEEN '%s' AND '%s'" % [connection.quoted_date(Date.today.to_time), connection.quoted_date((Date.today + v.first.to_i + 1).to_time)]
                   when "t+"
                     sql = sql + "#{db_table}.#{db_field} BETWEEN '%s' AND '%s'" % [connection.quoted_date((Date.today + v.first.to_i).to_time), connection.quoted_date((Date.today + v.first.to_i + 1).to_time)]
                   when "t"
                     sql = sql + "#{db_table}.#{db_field} BETWEEN '%s' AND '%s'" % [connection.quoted_date(Date.today.to_time), connection.quoted_date((Date.today+1).to_time)]
                   when "w"
                     sql = sql + "#{db_table}.#{db_field} BETWEEN '%s' AND '%s'" % [connection.quoted_date(Time.now.at_beginning_of_week), connection.quoted_date(Time.now.next_week.yesterday)]
                   when "~"
                     sql = sql + "#{db_table}.#{db_field} LIKE '%#{connection.quote_string(v.first)}%'"
                   when "!~"
                     sql = sql + "#{db_table}.#{db_field} NOT LIKE '%#{connection.quote_string(v.first)}%'"
                   end
                   sql << ')'
                   filters_clauses << sql
                 end if filters and valid?
                 clause << ' AND ' unless clause.empty?
                 clause << filters_clauses.join(' AND ') unless filters_clauses.empty?
                 clause
               end
             end

app/models/user.rb +23 -15

             # redMine - project management software
             # Copyright (C) 2006-2007  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             require "digest/sha1"
             class User < ActiveRecord::Base
               # Account statuses
+              STATUS_ANONYMOUS  = 0
               STATUS_ACTIVE     = 1
               STATUS_REGISTERED = 2
               STATUS_LOCKED     = 3
               has_many :memberships, :class_name => 'Member', :include => [ :project, :role ], :conditions => "#{Project.table_name}.status=#{Project::STATUS_ACTIVE}", :order => "#{Project.table_name}.name", :dependent => :delete_all
               has_many :projects, :through => :memberships
               has_many :custom_values, :dependent => :delete_all, :as => :customized
               has_many :issue_categories, :foreign_key => 'assigned_to_id', :dependent => :nullify
               has_one :preference, :dependent => :destroy, :class_name => 'UserPreference'
               has_one :rss_token, :dependent => :destroy, :class_name => 'Token', :conditions => "action='feeds'"
               belongs_to :auth_source
               attr_accessor :password, :password_confirmation
               attr_accessor :last_before_login_on
               # Prevents unauthorized assignments
               attr_protected :login, :admin, :password, :password_confirmation, :hashed_password
-              validates_presence_of :login, :firstname, :lastname, :mail
+              validates_presence_of :login, :firstname, :lastname, :mail, :if => Proc.new { |user| !user.is_a?(AnonymousUser) }
               validates_uniqueness_of :login, :mail
               # Login must contain lettres, numbers, underscores only
-              validates_format_of :login, :with => /^[a-z0-9_\-@\.]+$/i
+              validates_format_of :login, :with => /^[a-z0-9_\-@\.]*$/i
               validates_length_of :login, :maximum => 30
               validates_format_of :firstname, :lastname, :with => /^[\w\s\'\-]*$/i
               validates_length_of :firstname, :lastname, :maximum => 30
-              validates_format_of :mail, :with => /^([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})$/i
+              validates_format_of :mail, :with => /^([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})$/i, :allow_nil => true
-              validates_length_of :mail, :maximum => 60
+              validates_length_of :mail, :maximum => 60, :allow_nil => true
               # Password length between 4 and 12
               validates_length_of :password, :in => 4..12, :allow_nil => true
               validates_confirmation_of :password, :allow_nil => true
               validates_associated :custom_values, :on => :update
               def before_create
                 self.mail_notification = false
                 true
               end
               def before_save
                 # update hashed_password if password was set
                 self.hashed_password = User.hash_password(self.password) if self.password
               end
               def self.active
                 with_scope :find => { :conditions => [ "status = ?", STATUS_ACTIVE ] } do
                   yield
                 end
               end
               def self.find_active(*args)
                 active do
                   find(*args)
                 end
               end
               # Returns the user that matches provided login and password, or nil
               def self.try_to_login(login, password)
                 user = find(:first, :conditions => ["login=?", login])
                 if user
                   # user is already in local database
                   return nil if !user.active?
                   if user.auth_source
                     # user has an external authentication method
                     return nil unless user.auth_source.authenticate(login, password)
                   else
                     # authentication with local password
                     return nil unless User.hash_password(password) == user.hashed_password
                   end
                 else
                   # user is not yet registered, try to authenticate with available sources
                   attrs = AuthSource.authenticate(login, password)
                   if attrs
                     onthefly = new(*attrs)
                     onthefly.login = login
                     onthefly.language = Setting.default_language
                     if onthefly.save
                       user = find(:first, :conditions => ["login=?", login])
                       logger.info("User '#{user.login}' created on the fly.") if logger
                     end
                   end
                 end
                 user.update_attribute(:last_login_on, Time.now) if user
                 user
                 rescue => text
                   raise text
               end
               # Return user's full name for display
               def name
                 "#{firstname} #{lastname}"
               end
               def active?
                 self.status == STATUS_ACTIVE
               end
               def registered?
                 self.status == STATUS_REGISTERED
               end
               def locked?
                 self.status == STATUS_LOCKED
               end
               def check_password?(clear_password)
                 User.hash_password(clear_password) == self.hashed_password
               end
               def pref
                 self.preference ||= UserPreference.new(:user => self)
               end
               def time_zone
                 self.pref.time_zone.nil? ? nil : TimeZone[self.pref.time_zone]
               end
               # Return user's RSS key (a 40 chars long string), used to access feeds
               def rss_key
                 token = self.rss_token || Token.create(:user => self, :action => 'feeds')
                 token.value
               end
               # Return an array of project ids for which the user has explicitly turned mail notifications on
               def notified_projects_ids
                 @notified_projects_ids ||= memberships.select {|m| m.mail_notification?}.collect(&:project_id)
               end
               def notified_project_ids=(ids)
                 Member.update_all("mail_notification = #{connection.quoted_false}", ['user_id = ?', id])
                 Member.update_all("mail_notification = #{connection.quoted_true}", ['user_id = ? AND project_id IN (?)', id, ids]) if ids && !ids.empty?
                 @notified_projects_ids = nil
                 notified_projects_ids
               end
               def self.find_by_rss_key(key)
                 token = Token.find_by_value(key)
                 token && token.user.active? ? token.user : nil
               end
               def self.find_by_autologin_key(key)
                 token = Token.find_by_action_and_value('autologin', key)
                 token && (token.created_on > Setting.autologin.to_i.day.ago) && token.user.active? ? token.user : nil
               end
               def <=>(user)
                 lastname == user.lastname ? firstname <=> user.firstname : lastname <=> user.lastname
               end
               def to_s
                 name
               end
               def logged?
                 true
               end
               # Return user's role for project
               def role_for_project(project)
                 # No role on archived projects
                 return nil unless project && project.active?
                 # Find project membership
                 membership = memberships.detect {|m| m.project_id == project.id}
                 if membership
                   membership.role
                 elsif logged?
                   Role.non_member
                 else
                   Role.anonymous
                 end
               end
               # Return true if the user is a member of project
               def member_of?(project)
                 role_for_project(project).member?
               end
               # Return true if the user is allowed to do the specified action on project
               # action can be:
               # * a parameter-like Hash (eg. :controller => 'projects', :action => 'edit')
               # * a permission Symbol (eg. :edit_project)
               def allowed_to?(action, project)
                 # No action allowed on archived projects
                 return false unless project.active?
                 # No action allowed on disabled modules
                 return false unless project.allows_to?(action)
                 # Admin users are authorized for anything else
                 return true if admin?
                 role = role_for_project(project)
                 return false unless role
                 role.allowed_to?(action) && (project.is_public? || role.member?)
               end
               def self.current=(user)
                 @current_user = user
               end
               def self.current
-                @current_user ||= AnonymousUser.new
+                @current_user ||= User.anonymous
               end
               def self.anonymous
-                AnonymousUser.new
+                return @anonymous_user if @anonymous_user
+                anonymous_user = AnonymousUser.find(:first)
+                if anonymous_user.nil?
+                  anonymous_user = AnonymousUser.create(:lastname => 'Anonymous', :firstname => '', :mail => '', :login => '', :status => 0)
+                  raise 'Unable to create the anonymous user.' if anonymous_user.new_record?
+                end
+                @anonymous_user = anonymous_user
               end
             private
               # Return password digest
               def self.hash_password(clear_password)
                 Digest::SHA1.hexdigest(clear_password || "")
               end
             end
             class AnonymousUser < User
-              def logged?
-                false
-              end
-              def time_zone
+              def validate_on_create
-                nil
+                # There should be only one AnonymousUser in the database
+                errors.add_to_base 'An anonymous user already exists.' if AnonymousUser.find(:first)
               end
-              # Anonymous user has no RSS key
+              # Overrides a few properties
-              def rss_key
+              def logged?; false end
-                nil
+              def admin; false end
-              end
+              def name; 'Anonymous' end
+              def mail; nil end
+              def time_zone; nil end
+              def rss_key; nil end
             end

app/views/news/show.rhtml +1 -1

             <div class="contextual">
             <%= link_to_if_authorized l(:button_edit),
                                       {:controller => 'news', :action => 'edit', :id => @news},
                                       :class => 'icon icon-edit',
                                       :accesskey => accesskey(:edit),
                                       :onclick => 'Element.show("edit-news"); return false;' %>
             <%= link_to_if_authorized l(:button_delete), {:controller => 'news', :action => 'destroy', :id => @news}, :confirm => l(:text_are_you_sure), :method => :post, :class => 'icon icon-del' %>
             </div>
             <h2><%=h @news.title %></h2>
             <div id="edit-news" style="display:none;">
             <% labelled_tabular_form_for :news, @news, :url => { :action => "edit", :id => @news } do |f| %>
             <%= render :partial => 'form', :locals => { :f => f } %>
             <%= submit_tag l(:button_save) %>
             <%= link_to l(:button_cancel), "#", :onclick => 'Element.hide("edit-news")' %>
             <% end %>
             </div>
             <p><em><% unless @news.summary.empty? %><%=h @news.summary %><br /><% end %>
             <span class="author"><%= authoring @news.created_on, @news.author %></span></em></p>
             <%= textilizable(@news.description) %>
             <br />
             <div id="comments" style="margin-bottom:16px;">
             <h3 class="icon22 icon22-comment"><%= l(:label_comment_plural) %></h3>
             <% @news.comments.each do |comment| %>
                 <% next if comment.new_record? %>
-                <h4><%= format_time(comment.created_on) %> - <%= comment.author.name %></h4>
+                <h4><%= authoring comment.created_on, comment.author %></h4>
                 <div class="contextual">
                     <%= link_to_if_authorized l(:button_delete), {:controller => 'news', :action => 'destroy_comment', :id => @news, :comment_id => comment}, :confirm => l(:text_are_you_sure), :method => :post, :class => 'icon icon-del' %>
                 </div>
                 <%= simple_format(auto_link(h comment.comments))%>
             <% end if @news.comments_count > 0 %>
             </div>
             <% if authorize_for 'news', 'add_comment' %>
             <p><%= toggle_link l(:label_comment_add), "add_comment_form", :focus => "comment_comments" %></p>
             <% form_tag({:action => 'add_comment', :id => @news}, :id => "add_comment_form", :style => "display:none;") do %>
             <%= text_area 'comment', 'comments', :cols => 60, :rows => 6 %>
             <p><%= submit_tag l(:button_add) %></p>
             <% end %>
             <% end %>

lib/redmine.rb +6 -6

             require 'redmine/access_control'
             require 'redmine/menu_manager'
             require 'redmine/mime_type'
             require 'redmine/themes'
             require 'redmine/plugin'
             begin
               require_library_or_gem 'RMagick' unless Object.const_defined?(:Magick)
             rescue LoadError
               # RMagick is not available
             end
             REDMINE_SUPPORTED_SCM = %w( Subversion Darcs Mercurial Cvs )
             # Permissions
             Redmine::AccessControl.map do |map|
               map.permission :view_project, {:projects => [:show, :activity]}, :public => true
               map.permission :search_project, {:search => :index}, :public => true
               map.permission :edit_project, {:projects => [:settings, :edit]}, :require => :member
               map.permission :select_project_modules, {:projects => :modules}, :require => :member
               map.permission :manage_members, {:projects => :settings, :members => [:new, :edit, :destroy]}, :require => :member
               map.permission :manage_versions, {:projects => [:settings, :add_version], :versions => [:edit, :destroy]}, :require => :member
               map.project_module :issue_tracking do |map|
                 # Issue categories
                 map.permission :manage_categories, {:projects => [:settings, :add_issue_category], :issue_categories => [:edit, :destroy]}, :require => :member
                 # Issues
                 map.permission :view_issues, {:projects => [:changelog, :roadmap],
                                               :issues => [:index, :changes, :show, :context_menu],
                                               :queries => :index,
                                               :reports => :issue_report}, :public => true
-                map.permission :add_issues, {:projects => :add_issue}, :require => :loggedin
+                map.permission :add_issues, {:projects => :add_issue}
                 map.permission :edit_issues, {:projects => :bulk_edit_issues,
-                                              :issues => [:edit, :destroy_attachment]}, :require => :loggedin
+                                              :issues => [:edit, :destroy_attachment]}
-                map.permission :manage_issue_relations, {:issue_relations => [:new, :destroy]}, :require => :loggedin
+                map.permission :manage_issue_relations, {:issue_relations => [:new, :destroy]}
-                map.permission :add_issue_notes, {:issues => :add_note}, :require => :loggedin
+                map.permission :add_issue_notes, {:issues => :add_note}
                 map.permission :change_issue_status, {:issues => :change_status}, :require => :loggedin
                 map.permission :move_issues, {:projects => :move_issues}, :require => :loggedin
                 map.permission :delete_issues, {:issues => :destroy}, :require => :member
                 # Queries
                 map.permission :manage_public_queries, {:queries => [:new, :edit, :destroy]}, :require => :member
                 map.permission :save_queries, {:queries => [:new, :edit, :destroy]}, :require => :loggedin
                 # Gantt & calendar
                 map.permission :view_gantt, :projects => :gantt
                 map.permission :view_calendar, :projects => :calendar
               end
               map.project_module :time_tracking do |map|
                 map.permission :log_time, {:timelog => :edit}, :require => :loggedin
                 map.permission :view_time_entries, :timelog => [:details, :report]
               end
               map.project_module :news do |map|
                 map.permission :manage_news, {:projects => :add_news, :news => [:edit, :destroy, :destroy_comment]}, :require => :member
                 map.permission :view_news, {:news => [:index, :show]}, :public => true
-                map.permission :comment_news, {:news => :add_comment}, :require => :loggedin
+                map.permission :comment_news, {:news => :add_comment}
               end
               map.project_module :documents do |map|
                 map.permission :manage_documents, {:projects => :add_document, :documents => [:edit, :destroy, :add_attachment, :destroy_attachment]}, :require => :loggedin
                 map.permission :view_documents, :projects => :list_documents, :documents => [:show, :download]
               end
               map.project_module :files do |map|
                 map.permission :manage_files, {:projects => :add_file, :versions => :destroy_file}, :require => :loggedin
                 map.permission :view_files, :projects => :list_files, :versions => :download
               end
               map.project_module :wiki do |map|
                 map.permission :manage_wiki, {:wikis => [:edit, :destroy]}, :require => :member
                 map.permission :rename_wiki_pages, {:wiki => :rename}, :require => :member
                 map.permission :delete_wiki_pages, {:wiki => :destroy}, :require => :member
                 map.permission :view_wiki_pages, :wiki => [:index, :history, :diff, :special]
                 map.permission :edit_wiki_pages, :wiki => [:edit, :preview, :add_attachment, :destroy_attachment]
               end
               map.project_module :repository do |map|
                 map.permission :manage_repository, {:repositories => [:edit, :destroy]}, :require => :member
                 map.permission :browse_repository, :repositories => [:show, :browse, :entry, :changes, :diff, :stats, :graph]
                 map.permission :view_changesets, :repositories => [:show, :revisions, :revision]
               end
               map.project_module :boards do |map|
                 map.permission :manage_boards, {:boards => [:new, :edit, :destroy]}, :require => :member
                 map.permission :view_messages, {:boards => [:index, :show], :messages => [:show]}, :public => true
-                map.permission :add_messages, {:messages => [:new, :reply]}, :require => :loggedin
+                map.permission :add_messages, {:messages => [:new, :reply]}
               end
             end
             # Project menu configuration
             Redmine::MenuManager.map :project_menu do |menu|
               menu.push :label_overview, :controller => 'projects', :action => 'show'
               menu.push :label_activity, :controller => 'projects', :action => 'activity'
               menu.push :label_roadmap, :controller => 'projects', :action => 'roadmap'
               menu.push :label_issue_plural, { :controller => 'issues', :action => 'index' }, :param => :project_id
               menu.push :label_news_plural, { :controller => 'news', :action => 'index' }, :param => :project_id
               menu.push :label_document_plural, :controller => 'projects', :action => 'list_documents'
               menu.push :label_wiki, { :controller => 'wiki', :action => 'index', :page => nil }, :if => Proc.new { |p| p.wiki && !p.wiki.new_record? }
               menu.push :label_board_plural, { :controller => 'boards', :action => 'index', :id => nil }, :param => :project_id, :if => Proc.new { |p| p.boards.any? }
               menu.push :label_attachment_plural, :controller => 'projects', :action => 'list_files'
               menu.push :label_repository, { :controller => 'repositories', :action => 'show' }, :if => Proc.new { |p| p.repository && !p.repository.new_record? }
               menu.push :label_settings, :controller => 'projects', :action => 'settings'
             end

test/unit/user_test.rb +8 -1

             # redMine - project management software
             # Copyright (C) 2006  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             require File.dirname(__FILE__) + '/../test_helper'
             class UserTest < Test::Unit::TestCase
               fixtures :users, :members, :projects
               def setup
                 @admin = User.find(1)
                 @jsmith = User.find(2)
                 @dlopper = User.find(3)
               end
               def test_truth
                 assert_kind_of User, @jsmith
               end
               def test_create
                 user = User.new(:firstname => "new", :lastname => "user", :mail => "newuser@somenet.foo")
                 user.login = "jsmith"
                 user.password, user.password_confirmation = "password", "password"
                 # login uniqueness
                 assert !user.save
                 assert_equal 1, user.errors.count
                 user.login = "newuser"
                 user.password, user.password_confirmation = "passwd", "password"
                 # password confirmation
                 assert !user.save
                 assert_equal 1, user.errors.count
                 user.password, user.password_confirmation = "password", "password"
                 assert user.save
               end
               def test_update
                 assert_equal "admin", @admin.login
                 @admin.login = "john"
                 assert @admin.save, @admin.errors.full_messages.join("; ")
                 @admin.reload
                 assert_equal "john", @admin.login
               end
               def test_validate
                 @admin.login = ""
                 assert !@admin.save
-                assert_equal 2, @admin.errors.count
+                assert_equal 1, @admin.errors.count
               end
               def test_password
                 user = User.try_to_login("admin", "admin")
                 assert_kind_of User, user
                 assert_equal "admin", user.login
                 user.password = "hello"
                 assert user.save
                 user = User.try_to_login("admin", "hello")
                 assert_kind_of User, user
                 assert_equal "admin", user.login
                 assert_equal User.hash_password("hello"), user.hashed_password
               end
               def test_lock
                 user = User.try_to_login("jsmith", "jsmith")
                 assert_equal @jsmith, user
                 @jsmith.status = User::STATUS_LOCKED
                 assert @jsmith.save
                 user = User.try_to_login("jsmith", "jsmith")
                 assert_equal nil, user
               end
+              def test_create_anonymous
+                AnonymousUser.delete_all
+                anon = User.anonymous
+                assert !anon.new_record?
+                assert_kind_of AnonymousUser, anon
+              end
               def test_rss_key
                 assert_nil @jsmith.rss_token
                 key = @jsmith.rss_key
                 assert_equal 40, key.length
                 @jsmith.reload
                 assert_equal key, @jsmith.rss_key
               end
               def test_role_for_project
                 # user with a role
                 role = @jsmith.role_for_project(Project.find(1))
                 assert_kind_of Role, role
                 assert_equal "Manager", role.name
                 # user with no role
                 assert !@dlopper.role_for_project(Project.find(2)).member?
               end
               def test_mail_notification_all
                 @jsmith.mail_notification = true
                 @jsmith.notified_project_ids = []
                 @jsmith.save
                 @jsmith.reload
                 assert @jsmith.projects.first.recipients.include?(@jsmith.mail)
               end
               def test_mail_notification_selected
                 @jsmith.mail_notification = false
                 @jsmith.notified_project_ids = [1]
                 @jsmith.save
                 @jsmith.reload
                 assert Project.find(1).recipients.include?(@jsmith.mail)
               end
               def test_mail_notification_none
                 @jsmith.mail_notification = false
                 @jsmith.notified_project_ids = []
                 @jsmith.save
                 @jsmith.reload
                 assert !@jsmith.projects.first.recipients.include?(@jsmith.mail)
               end
             end

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages