@@ -1,1095 +1,1095 | |||
|
1 | 1 | # Redmine - project management software |
|
2 | 2 | # Copyright (C) 2006-2016 Jean-Philippe Lang |
|
3 | 3 | # |
|
4 | 4 | # This program is free software; you can redistribute it and/or |
|
5 | 5 | # modify it under the terms of the GNU General Public License |
|
6 | 6 | # as published by the Free Software Foundation; either version 2 |
|
7 | 7 | # of the License, or (at your option) any later version. |
|
8 | 8 | # |
|
9 | 9 | # This program is distributed in the hope that it will be useful, |
|
10 | 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
11 | 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
12 | 12 | # GNU General Public License for more details. |
|
13 | 13 | # |
|
14 | 14 | # You should have received a copy of the GNU General Public License |
|
15 | 15 | # along with this program; if not, write to the Free Software |
|
16 | 16 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
|
17 | 17 | |
|
18 | 18 | class Project < ActiveRecord::Base |
|
19 | 19 | include Redmine::SafeAttributes |
|
20 | 20 | include Redmine::NestedSet::ProjectNestedSet |
|
21 | 21 | |
|
22 | 22 | # Project statuses |
|
23 | 23 | STATUS_ACTIVE = 1 |
|
24 | 24 | STATUS_CLOSED = 5 |
|
25 | 25 | STATUS_ARCHIVED = 9 |
|
26 | 26 | |
|
27 | 27 | # Maximum length for project identifiers |
|
28 | 28 | IDENTIFIER_MAX_LENGTH = 100 |
|
29 | 29 | |
|
30 | 30 | # Specific overridden Activities |
|
31 | 31 | has_many :time_entry_activities |
|
32 | 32 | has_many :memberships, :class_name => 'Member', :inverse_of => :project |
|
33 | 33 | # Memberships of active users only |
|
34 | 34 | has_many :members, |
|
35 | 35 | lambda { joins(:principal).where(:users => {:type => 'User', :status => Principal::STATUS_ACTIVE}) } |
|
36 | 36 | has_many :enabled_modules, :dependent => :delete_all |
|
37 | 37 | has_and_belongs_to_many :trackers, lambda {order(:position)} |
|
38 | 38 | has_many :issues, :dependent => :destroy |
|
39 | 39 | has_many :issue_changes, :through => :issues, :source => :journals |
|
40 | 40 | has_many :versions, lambda {order("#{Version.table_name}.effective_date DESC, #{Version.table_name}.name DESC")}, :dependent => :destroy |
|
41 | 41 | belongs_to :default_version, :class_name => 'Version' |
|
42 | 42 | has_many :time_entries, :dependent => :destroy |
|
43 | 43 | has_many :queries, :class_name => 'IssueQuery', :dependent => :delete_all |
|
44 | 44 | has_many :documents, :dependent => :destroy |
|
45 | 45 | has_many :news, lambda {includes(:author)}, :dependent => :destroy |
|
46 | 46 | has_many :issue_categories, lambda {order("#{IssueCategory.table_name}.name")}, :dependent => :delete_all |
|
47 | 47 | has_many :boards, lambda {order("position ASC")}, :dependent => :destroy |
|
48 | 48 | has_one :repository, lambda {where(["is_default = ?", true])} |
|
49 | 49 | has_many :repositories, :dependent => :destroy |
|
50 | 50 | has_many :changesets, :through => :repository |
|
51 | 51 | has_one :wiki, :dependent => :destroy |
|
52 | 52 | # Custom field for the project issues |
|
53 | 53 | has_and_belongs_to_many :issue_custom_fields, |
|
54 | 54 | lambda {order("#{CustomField.table_name}.position")}, |
|
55 | 55 | :class_name => 'IssueCustomField', |
|
56 | 56 | :join_table => "#{table_name_prefix}custom_fields_projects#{table_name_suffix}", |
|
57 | 57 | :association_foreign_key => 'custom_field_id' |
|
58 | 58 | |
|
59 | 59 | acts_as_attachable :view_permission => :view_files, |
|
60 | 60 | :edit_permission => :manage_files, |
|
61 | 61 | :delete_permission => :manage_files |
|
62 | 62 | |
|
63 | 63 | acts_as_customizable |
|
64 | 64 | acts_as_searchable :columns => ['name', 'identifier', 'description'], :project_key => "#{Project.table_name}.id", :permission => nil |
|
65 | 65 | acts_as_event :title => Proc.new {|o| "#{l(:label_project)}: #{o.name}"}, |
|
66 | 66 | :url => Proc.new {|o| {:controller => 'projects', :action => 'show', :id => o}}, |
|
67 | 67 | :author => nil |
|
68 | 68 | |
|
69 | 69 | attr_protected :status |
|
70 | 70 | |
|
71 | 71 | validates_presence_of :name, :identifier |
|
72 | 72 | validates_uniqueness_of :identifier, :if => Proc.new {|p| p.identifier_changed?} |
|
73 | 73 | validates_length_of :name, :maximum => 255 |
|
74 | 74 | validates_length_of :homepage, :maximum => 255 |
|
75 | 75 | validates_length_of :identifier, :maximum => IDENTIFIER_MAX_LENGTH |
|
76 | 76 | # downcase letters, digits, dashes but not digits only |
|
77 | 77 | validates_format_of :identifier, :with => /\A(?!\d+$)[a-z0-9\-_]*\z/, :if => Proc.new { |p| p.identifier_changed? } |
|
78 | 78 | # reserved words |
|
79 | 79 | validates_exclusion_of :identifier, :in => %w( new ) |
|
80 | 80 | validate :validate_parent |
|
81 | 81 | |
|
82 | 82 | after_save :update_inherited_members, :if => Proc.new {|project| project.inherit_members_changed?} |
|
83 | 83 | after_save :remove_inherited_member_roles, :add_inherited_member_roles, :if => Proc.new {|project| project.parent_id_changed?} |
|
84 | 84 | after_update :update_versions_from_hierarchy_change, :if => Proc.new {|project| project.parent_id_changed?} |
|
85 | 85 | before_destroy :delete_all_members |
|
86 | 86 | |
|
87 | 87 | scope :has_module, lambda {|mod| |
|
88 | 88 | where("#{Project.table_name}.id IN (SELECT em.project_id FROM #{EnabledModule.table_name} em WHERE em.name=?)", mod.to_s) |
|
89 | 89 | } |
|
90 | 90 | scope :active, lambda { where(:status => STATUS_ACTIVE) } |
|
91 | 91 | scope :status, lambda {|arg| where(arg.blank? ? nil : {:status => arg.to_i}) } |
|
92 | 92 | scope :all_public, lambda { where(:is_public => true) } |
|
93 | 93 | scope :visible, lambda {|*args| where(Project.visible_condition(args.shift || User.current, *args)) } |
|
94 | 94 | scope :allowed_to, lambda {|*args| |
|
95 | 95 | user = User.current |
|
96 | 96 | permission = nil |
|
97 | 97 | if args.first.is_a?(Symbol) |
|
98 | 98 | permission = args.shift |
|
99 | 99 | else |
|
100 | 100 | user = args.shift |
|
101 | 101 | permission = args.shift |
|
102 | 102 | end |
|
103 | 103 | where(Project.allowed_to_condition(user, permission, *args)) |
|
104 | 104 | } |
|
105 | 105 | scope :like, lambda {|arg| |
|
106 | 106 | if arg.blank? |
|
107 | 107 | where(nil) |
|
108 | 108 | else |
|
109 | 109 | pattern = "%#{arg.to_s.strip.downcase}%" |
|
110 | 110 | where("LOWER(identifier) LIKE :p OR LOWER(name) LIKE :p", :p => pattern) |
|
111 | 111 | end |
|
112 | 112 | } |
|
113 | 113 | scope :sorted, lambda {order(:lft)} |
|
114 | 114 | scope :having_trackers, lambda { |
|
115 | 115 | where("#{Project.table_name}.id IN (SELECT DISTINCT project_id FROM #{table_name_prefix}projects_trackers#{table_name_suffix})") |
|
116 | 116 | } |
|
117 | 117 | |
|
118 | 118 | def initialize(attributes=nil, *args) |
|
119 | 119 | super |
|
120 | 120 | |
|
121 | 121 | initialized = (attributes || {}).stringify_keys |
|
122 | 122 | if !initialized.key?('identifier') && Setting.sequential_project_identifiers? |
|
123 | 123 | self.identifier = Project.next_identifier |
|
124 | 124 | end |
|
125 | 125 | if !initialized.key?('is_public') |
|
126 | 126 | self.is_public = Setting.default_projects_public? |
|
127 | 127 | end |
|
128 | 128 | if !initialized.key?('enabled_module_names') |
|
129 | 129 | self.enabled_module_names = Setting.default_projects_modules |
|
130 | 130 | end |
|
131 | 131 | if !initialized.key?('trackers') && !initialized.key?('tracker_ids') |
|
132 | 132 | default = Setting.default_projects_tracker_ids |
|
133 | 133 | if default.is_a?(Array) |
|
134 | 134 | self.trackers = Tracker.where(:id => default.map(&:to_i)).sorted.to_a |
|
135 | 135 | else |
|
136 | 136 | self.trackers = Tracker.sorted.to_a |
|
137 | 137 | end |
|
138 | 138 | end |
|
139 | 139 | end |
|
140 | 140 | |
|
141 | 141 | def identifier=(identifier) |
|
142 | 142 | super unless identifier_frozen? |
|
143 | 143 | end |
|
144 | 144 | |
|
145 | 145 | def identifier_frozen? |
|
146 | 146 | errors[:identifier].blank? && !(new_record? || identifier.blank?) |
|
147 | 147 | end |
|
148 | 148 | |
|
149 | 149 | # returns latest created projects |
|
150 | 150 | # non public projects will be returned only if user is a member of those |
|
151 | 151 | def self.latest(user=nil, count=5) |
|
152 | 152 | visible(user).limit(count). |
|
153 | 153 | order(:created_on => :desc). |
|
154 | 154 | where("#{table_name}.created_on >= ?", 30.days.ago). |
|
155 | 155 | to_a |
|
156 | 156 | end |
|
157 | 157 | |
|
158 | 158 | # Returns true if the project is visible to +user+ or to the current user. |
|
159 | 159 | def visible?(user=User.current) |
|
160 | 160 | user.allowed_to?(:view_project, self) |
|
161 | 161 | end |
|
162 | 162 | |
|
163 | 163 | # Returns a SQL conditions string used to find all projects visible by the specified user. |
|
164 | 164 | # |
|
165 | 165 | # Examples: |
|
166 | 166 | # Project.visible_condition(admin) => "projects.status = 1" |
|
167 | 167 | # Project.visible_condition(normal_user) => "((projects.status = 1) AND (projects.is_public = 1 OR projects.id IN (1,3,4)))" |
|
168 | 168 | # Project.visible_condition(anonymous) => "((projects.status = 1) AND (projects.is_public = 1))" |
|
169 | 169 | def self.visible_condition(user, options={}) |
|
170 | 170 | allowed_to_condition(user, :view_project, options) |
|
171 | 171 | end |
|
172 | 172 | |
|
173 | 173 | # Returns a SQL conditions string used to find all projects for which +user+ has the given +permission+ |
|
174 | 174 | # |
|
175 | 175 | # Valid options: |
|
176 | 176 | # * :project => limit the condition to project |
|
177 | 177 | # * :with_subprojects => limit the condition to project and its subprojects |
|
178 | 178 | # * :member => limit the condition to the user projects |
|
179 | 179 | def self.allowed_to_condition(user, permission, options={}) |
|
180 | 180 | perm = Redmine::AccessControl.permission(permission) |
|
181 | 181 | base_statement = (perm && perm.read? ? "#{Project.table_name}.status <> #{Project::STATUS_ARCHIVED}" : "#{Project.table_name}.status = #{Project::STATUS_ACTIVE}") |
|
182 | 182 | if perm && perm.project_module |
|
183 | 183 | # If the permission belongs to a project module, make sure the module is enabled |
|
184 | 184 | base_statement << " AND #{Project.table_name}.id IN (SELECT em.project_id FROM #{EnabledModule.table_name} em WHERE em.name='#{perm.project_module}')" |
|
185 | 185 | end |
|
186 | 186 | if project = options[:project] |
|
187 | 187 | project_statement = project.project_condition(options[:with_subprojects]) |
|
188 | 188 | base_statement = "(#{project_statement}) AND (#{base_statement})" |
|
189 | 189 | end |
|
190 | 190 | |
|
191 | 191 | if user.admin? |
|
192 | 192 | base_statement |
|
193 | 193 | else |
|
194 | 194 | statement_by_role = {} |
|
195 | 195 | unless options[:member] |
|
196 | 196 | role = user.builtin_role |
|
197 | 197 | if role.allowed_to?(permission) |
|
198 | 198 | s = "#{Project.table_name}.is_public = #{connection.quoted_true}" |
|
199 | 199 | if user.id |
|
200 | 200 | group = role.anonymous? ? Group.anonymous : Group.non_member |
|
201 | 201 | principal_ids = [user.id, group.id].compact |
|
202 | 202 | s = "(#{s} AND #{Project.table_name}.id NOT IN (SELECT project_id FROM #{Member.table_name} WHERE user_id IN (#{principal_ids.join(',')})))" |
|
203 | 203 | end |
|
204 | 204 | statement_by_role[role] = s |
|
205 | 205 | end |
|
206 | 206 | end |
|
207 | user.projects_by_role.each do |role, projects| | |
|
208 | if role.allowed_to?(permission) && projects.any? | |
|
209 |
statement_by_role[role] = "#{Project.table_name}.id IN (#{project |
|
|
207 | user.project_ids_by_role.each do |role, project_ids| | |
|
208 | if role.allowed_to?(permission) && project_ids.any? | |
|
209 | statement_by_role[role] = "#{Project.table_name}.id IN (#{project_ids.join(',')})" | |
|
210 | 210 | end |
|
211 | 211 | end |
|
212 | 212 | if statement_by_role.empty? |
|
213 | 213 | "1=0" |
|
214 | 214 | else |
|
215 | 215 | if block_given? |
|
216 | 216 | statement_by_role.each do |role, statement| |
|
217 | 217 | if s = yield(role, user) |
|
218 | 218 | statement_by_role[role] = "(#{statement} AND (#{s}))" |
|
219 | 219 | end |
|
220 | 220 | end |
|
221 | 221 | end |
|
222 | 222 | "((#{base_statement}) AND (#{statement_by_role.values.join(' OR ')}))" |
|
223 | 223 | end |
|
224 | 224 | end |
|
225 | 225 | end |
|
226 | 226 | |
|
227 | 227 | def override_roles(role) |
|
228 | 228 | @override_members ||= memberships. |
|
229 | 229 | joins(:principal). |
|
230 | 230 | where(:users => {:type => ['GroupAnonymous', 'GroupNonMember']}).to_a |
|
231 | 231 | |
|
232 | 232 | group_class = role.anonymous? ? GroupAnonymous : GroupNonMember |
|
233 | 233 | member = @override_members.detect {|m| m.principal.is_a? group_class} |
|
234 | 234 | member ? member.roles.to_a : [role] |
|
235 | 235 | end |
|
236 | 236 | |
|
237 | 237 | def principals |
|
238 | 238 | @principals ||= Principal.active.joins(:members).where("#{Member.table_name}.project_id = ?", id).distinct |
|
239 | 239 | end |
|
240 | 240 | |
|
241 | 241 | def users |
|
242 | 242 | @users ||= User.active.joins(:members).where("#{Member.table_name}.project_id = ?", id).distinct |
|
243 | 243 | end |
|
244 | 244 | |
|
245 | 245 | # Returns the Systemwide and project specific activities |
|
246 | 246 | def activities(include_inactive=false) |
|
247 | 247 | t = TimeEntryActivity.table_name |
|
248 | 248 | scope = TimeEntryActivity.where("#{t}.project_id IS NULL OR #{t}.project_id = ?", id) |
|
249 | 249 | |
|
250 | 250 | overridden_activity_ids = self.time_entry_activities.pluck(:parent_id).compact |
|
251 | 251 | if overridden_activity_ids.any? |
|
252 | 252 | scope = scope.where("#{t}.id NOT IN (?)", overridden_activity_ids) |
|
253 | 253 | end |
|
254 | 254 | unless include_inactive |
|
255 | 255 | scope = scope.active |
|
256 | 256 | end |
|
257 | 257 | scope |
|
258 | 258 | end |
|
259 | 259 | |
|
260 | 260 | # Will create a new Project specific Activity or update an existing one |
|
261 | 261 | # |
|
262 | 262 | # This will raise a ActiveRecord::Rollback if the TimeEntryActivity |
|
263 | 263 | # does not successfully save. |
|
264 | 264 | def update_or_create_time_entry_activity(id, activity_hash) |
|
265 | 265 | if activity_hash.respond_to?(:has_key?) && activity_hash.has_key?('parent_id') |
|
266 | 266 | self.create_time_entry_activity_if_needed(activity_hash) |
|
267 | 267 | else |
|
268 | 268 | activity = project.time_entry_activities.find_by_id(id.to_i) |
|
269 | 269 | activity.update_attributes(activity_hash) if activity |
|
270 | 270 | end |
|
271 | 271 | end |
|
272 | 272 | |
|
273 | 273 | # Create a new TimeEntryActivity if it overrides a system TimeEntryActivity |
|
274 | 274 | # |
|
275 | 275 | # This will raise a ActiveRecord::Rollback if the TimeEntryActivity |
|
276 | 276 | # does not successfully save. |
|
277 | 277 | def create_time_entry_activity_if_needed(activity) |
|
278 | 278 | if activity['parent_id'] |
|
279 | 279 | parent_activity = TimeEntryActivity.find(activity['parent_id']) |
|
280 | 280 | activity['name'] = parent_activity.name |
|
281 | 281 | activity['position'] = parent_activity.position |
|
282 | 282 | if Enumeration.overriding_change?(activity, parent_activity) |
|
283 | 283 | project_activity = self.time_entry_activities.create(activity) |
|
284 | 284 | if project_activity.new_record? |
|
285 | 285 | raise ActiveRecord::Rollback, "Overriding TimeEntryActivity was not successfully saved" |
|
286 | 286 | else |
|
287 | 287 | self.time_entries. |
|
288 | 288 | where(:activity_id => parent_activity.id). |
|
289 | 289 | update_all(:activity_id => project_activity.id) |
|
290 | 290 | end |
|
291 | 291 | end |
|
292 | 292 | end |
|
293 | 293 | end |
|
294 | 294 | |
|
295 | 295 | # Returns a :conditions SQL string that can be used to find the issues associated with this project. |
|
296 | 296 | # |
|
297 | 297 | # Examples: |
|
298 | 298 | # project.project_condition(true) => "(projects.id = 1 OR (projects.lft > 1 AND projects.rgt < 10))" |
|
299 | 299 | # project.project_condition(false) => "projects.id = 1" |
|
300 | 300 | def project_condition(with_subprojects) |
|
301 | 301 | cond = "#{Project.table_name}.id = #{id}" |
|
302 | 302 | cond = "(#{cond} OR (#{Project.table_name}.lft > #{lft} AND #{Project.table_name}.rgt < #{rgt}))" if with_subprojects |
|
303 | 303 | cond |
|
304 | 304 | end |
|
305 | 305 | |
|
306 | 306 | def self.find(*args) |
|
307 | 307 | if args.first && args.first.is_a?(String) && !args.first.match(/^\d*$/) |
|
308 | 308 | project = find_by_identifier(*args) |
|
309 | 309 | raise ActiveRecord::RecordNotFound, "Couldn't find Project with identifier=#{args.first}" if project.nil? |
|
310 | 310 | project |
|
311 | 311 | else |
|
312 | 312 | super |
|
313 | 313 | end |
|
314 | 314 | end |
|
315 | 315 | |
|
316 | 316 | def self.find_by_param(*args) |
|
317 | 317 | self.find(*args) |
|
318 | 318 | end |
|
319 | 319 | |
|
320 | 320 | alias :base_reload :reload |
|
321 | 321 | def reload(*args) |
|
322 | 322 | @principals = nil |
|
323 | 323 | @users = nil |
|
324 | 324 | @shared_versions = nil |
|
325 | 325 | @rolled_up_versions = nil |
|
326 | 326 | @rolled_up_trackers = nil |
|
327 | 327 | @all_issue_custom_fields = nil |
|
328 | 328 | @all_time_entry_custom_fields = nil |
|
329 | 329 | @to_param = nil |
|
330 | 330 | @allowed_parents = nil |
|
331 | 331 | @allowed_permissions = nil |
|
332 | 332 | @actions_allowed = nil |
|
333 | 333 | @start_date = nil |
|
334 | 334 | @due_date = nil |
|
335 | 335 | @override_members = nil |
|
336 | 336 | @assignable_users = nil |
|
337 | 337 | base_reload(*args) |
|
338 | 338 | end |
|
339 | 339 | |
|
340 | 340 | def to_param |
|
341 | 341 | if new_record? |
|
342 | 342 | nil |
|
343 | 343 | else |
|
344 | 344 | # id is used for projects with a numeric identifier (compatibility) |
|
345 | 345 | @to_param ||= (identifier.to_s =~ %r{^\d*$} ? id.to_s : identifier) |
|
346 | 346 | end |
|
347 | 347 | end |
|
348 | 348 | |
|
349 | 349 | def active? |
|
350 | 350 | self.status == STATUS_ACTIVE |
|
351 | 351 | end |
|
352 | 352 | |
|
353 | 353 | def closed? |
|
354 | 354 | self.status == STATUS_CLOSED |
|
355 | 355 | end |
|
356 | 356 | |
|
357 | 357 | def archived? |
|
358 | 358 | self.status == STATUS_ARCHIVED |
|
359 | 359 | end |
|
360 | 360 | |
|
361 | 361 | # Archives the project and its descendants |
|
362 | 362 | def archive |
|
363 | 363 | # Check that there is no issue of a non descendant project that is assigned |
|
364 | 364 | # to one of the project or descendant versions |
|
365 | 365 | version_ids = self_and_descendants.joins(:versions).pluck("#{Version.table_name}.id") |
|
366 | 366 | |
|
367 | 367 | if version_ids.any? && |
|
368 | 368 | Issue. |
|
369 | 369 | includes(:project). |
|
370 | 370 | where("#{Project.table_name}.lft < ? OR #{Project.table_name}.rgt > ?", lft, rgt). |
|
371 | 371 | where(:fixed_version_id => version_ids). |
|
372 | 372 | exists? |
|
373 | 373 | return false |
|
374 | 374 | end |
|
375 | 375 | Project.transaction do |
|
376 | 376 | archive! |
|
377 | 377 | end |
|
378 | 378 | true |
|
379 | 379 | end |
|
380 | 380 | |
|
381 | 381 | # Unarchives the project |
|
382 | 382 | # All its ancestors must be active |
|
383 | 383 | def unarchive |
|
384 | 384 | return false if ancestors.detect {|a| a.archived?} |
|
385 | 385 | new_status = STATUS_ACTIVE |
|
386 | 386 | if parent |
|
387 | 387 | new_status = parent.status |
|
388 | 388 | end |
|
389 | 389 | update_attribute :status, new_status |
|
390 | 390 | end |
|
391 | 391 | |
|
392 | 392 | def close |
|
393 | 393 | self_and_descendants.status(STATUS_ACTIVE).update_all :status => STATUS_CLOSED |
|
394 | 394 | end |
|
395 | 395 | |
|
396 | 396 | def reopen |
|
397 | 397 | self_and_descendants.status(STATUS_CLOSED).update_all :status => STATUS_ACTIVE |
|
398 | 398 | end |
|
399 | 399 | |
|
400 | 400 | # Returns an array of projects the project can be moved to |
|
401 | 401 | # by the current user |
|
402 | 402 | def allowed_parents(user=User.current) |
|
403 | 403 | return @allowed_parents if @allowed_parents |
|
404 | 404 | @allowed_parents = Project.allowed_to(user, :add_subprojects).to_a |
|
405 | 405 | @allowed_parents = @allowed_parents - self_and_descendants |
|
406 | 406 | if user.allowed_to?(:add_project, nil, :global => true) || (!new_record? && parent.nil?) |
|
407 | 407 | @allowed_parents << nil |
|
408 | 408 | end |
|
409 | 409 | unless parent.nil? || @allowed_parents.empty? || @allowed_parents.include?(parent) |
|
410 | 410 | @allowed_parents << parent |
|
411 | 411 | end |
|
412 | 412 | @allowed_parents |
|
413 | 413 | end |
|
414 | 414 | |
|
415 | 415 | # Sets the parent of the project with authorization check |
|
416 | 416 | def set_allowed_parent!(p) |
|
417 | 417 | ActiveSupport::Deprecation.warn "Project#set_allowed_parent! is deprecated and will be removed in Redmine 4, use #safe_attributes= instead." |
|
418 | 418 | p = p.id if p.is_a?(Project) |
|
419 | 419 | send :safe_attributes, {:project_id => p} |
|
420 | 420 | save |
|
421 | 421 | end |
|
422 | 422 | |
|
423 | 423 | # Sets the parent of the project and saves the project |
|
424 | 424 | # Argument can be either a Project, a String, a Fixnum or nil |
|
425 | 425 | def set_parent!(p) |
|
426 | 426 | if p.is_a?(Project) |
|
427 | 427 | self.parent = p |
|
428 | 428 | else |
|
429 | 429 | self.parent_id = p |
|
430 | 430 | end |
|
431 | 431 | save |
|
432 | 432 | end |
|
433 | 433 | |
|
434 | 434 | # Returns a scope of the trackers used by the project and its active sub projects |
|
435 | 435 | def rolled_up_trackers(include_subprojects=true) |
|
436 | 436 | if include_subprojects |
|
437 | 437 | @rolled_up_trackers ||= rolled_up_trackers_base_scope. |
|
438 | 438 | where("#{Project.table_name}.lft >= ? AND #{Project.table_name}.rgt <= ?", lft, rgt) |
|
439 | 439 | else |
|
440 | 440 | rolled_up_trackers_base_scope. |
|
441 | 441 | where(:projects => {:id => id}) |
|
442 | 442 | end |
|
443 | 443 | end |
|
444 | 444 | |
|
445 | 445 | def rolled_up_trackers_base_scope |
|
446 | 446 | Tracker. |
|
447 | 447 | joins(projects: :enabled_modules). |
|
448 | 448 | where("#{Project.table_name}.status <> ?", STATUS_ARCHIVED). |
|
449 | 449 | where(:enabled_modules => {:name => 'issue_tracking'}). |
|
450 | 450 | distinct. |
|
451 | 451 | sorted |
|
452 | 452 | end |
|
453 | 453 | |
|
454 | 454 | # Closes open and locked project versions that are completed |
|
455 | 455 | def close_completed_versions |
|
456 | 456 | Version.transaction do |
|
457 | 457 | versions.where(:status => %w(open locked)).each do |version| |
|
458 | 458 | if version.completed? |
|
459 | 459 | version.update_attribute(:status, 'closed') |
|
460 | 460 | end |
|
461 | 461 | end |
|
462 | 462 | end |
|
463 | 463 | end |
|
464 | 464 | |
|
465 | 465 | # Returns a scope of the Versions on subprojects |
|
466 | 466 | def rolled_up_versions |
|
467 | 467 | @rolled_up_versions ||= |
|
468 | 468 | Version. |
|
469 | 469 | joins(:project). |
|
470 | 470 | where("#{Project.table_name}.lft >= ? AND #{Project.table_name}.rgt <= ? AND #{Project.table_name}.status <> ?", lft, rgt, STATUS_ARCHIVED) |
|
471 | 471 | end |
|
472 | 472 | |
|
473 | 473 | # Returns a scope of the Versions used by the project |
|
474 | 474 | def shared_versions |
|
475 | 475 | if new_record? |
|
476 | 476 | Version. |
|
477 | 477 | joins(:project). |
|
478 | 478 | preload(:project). |
|
479 | 479 | where("#{Project.table_name}.status <> ? AND #{Version.table_name}.sharing = 'system'", STATUS_ARCHIVED) |
|
480 | 480 | else |
|
481 | 481 | @shared_versions ||= begin |
|
482 | 482 | r = root? ? self : root |
|
483 | 483 | Version. |
|
484 | 484 | joins(:project). |
|
485 | 485 | preload(:project). |
|
486 | 486 | where("#{Project.table_name}.id = #{id}" + |
|
487 | 487 | " OR (#{Project.table_name}.status <> #{Project::STATUS_ARCHIVED} AND (" + |
|
488 | 488 | " #{Version.table_name}.sharing = 'system'" + |
|
489 | 489 | " OR (#{Project.table_name}.lft >= #{r.lft} AND #{Project.table_name}.rgt <= #{r.rgt} AND #{Version.table_name}.sharing = 'tree')" + |
|
490 | 490 | " OR (#{Project.table_name}.lft < #{lft} AND #{Project.table_name}.rgt > #{rgt} AND #{Version.table_name}.sharing IN ('hierarchy', 'descendants'))" + |
|
491 | 491 | " OR (#{Project.table_name}.lft > #{lft} AND #{Project.table_name}.rgt < #{rgt} AND #{Version.table_name}.sharing = 'hierarchy')" + |
|
492 | 492 | "))") |
|
493 | 493 | end |
|
494 | 494 | end |
|
495 | 495 | end |
|
496 | 496 | |
|
497 | 497 | # Returns a hash of project users grouped by role |
|
498 | 498 | def users_by_role |
|
499 | 499 | members.includes(:user, :roles).inject({}) do |h, m| |
|
500 | 500 | m.roles.each do |r| |
|
501 | 501 | h[r] ||= [] |
|
502 | 502 | h[r] << m.user |
|
503 | 503 | end |
|
504 | 504 | h |
|
505 | 505 | end |
|
506 | 506 | end |
|
507 | 507 | |
|
508 | 508 | # Adds user as a project member with the default role |
|
509 | 509 | # Used for when a non-admin user creates a project |
|
510 | 510 | def add_default_member(user) |
|
511 | 511 | role = self.class.default_member_role |
|
512 | 512 | member = Member.new(:project => self, :principal => user, :roles => [role]) |
|
513 | 513 | self.members << member |
|
514 | 514 | member |
|
515 | 515 | end |
|
516 | 516 | |
|
517 | 517 | # Default role that is given to non-admin users that |
|
518 | 518 | # create a project |
|
519 | 519 | def self.default_member_role |
|
520 | 520 | Role.givable.find_by_id(Setting.new_project_user_role_id.to_i) || Role.givable.first |
|
521 | 521 | end |
|
522 | 522 | |
|
523 | 523 | # Deletes all project's members |
|
524 | 524 | def delete_all_members |
|
525 | 525 | me, mr = Member.table_name, MemberRole.table_name |
|
526 | 526 | self.class.connection.delete("DELETE FROM #{mr} WHERE #{mr}.member_id IN (SELECT #{me}.id FROM #{me} WHERE #{me}.project_id = #{id})") |
|
527 | 527 | Member.where(:project_id => id).delete_all |
|
528 | 528 | end |
|
529 | 529 | |
|
530 | 530 | # Return a Principal scope of users/groups issues can be assigned to |
|
531 | 531 | def assignable_users(tracker=nil) |
|
532 | 532 | return @assignable_users[tracker] if @assignable_users && @assignable_users[tracker] |
|
533 | 533 | |
|
534 | 534 | types = ['User'] |
|
535 | 535 | types << 'Group' if Setting.issue_group_assignment? |
|
536 | 536 | |
|
537 | 537 | scope = Principal. |
|
538 | 538 | active. |
|
539 | 539 | joins(:members => :roles). |
|
540 | 540 | where(:type => types, :members => {:project_id => id}, :roles => {:assignable => true}). |
|
541 | 541 | distinct. |
|
542 | 542 | sorted |
|
543 | 543 | |
|
544 | 544 | if tracker |
|
545 | 545 | # Rejects users that cannot the view the tracker |
|
546 | 546 | roles = Role.where(:assignable => true).select {|role| role.permissions_tracker?(:view_issues, tracker)} |
|
547 | 547 | scope = scope.where(:roles => {:id => roles.map(&:id)}) |
|
548 | 548 | end |
|
549 | 549 | |
|
550 | 550 | @assignable_users ||= {} |
|
551 | 551 | @assignable_users[tracker] = scope |
|
552 | 552 | end |
|
553 | 553 | |
|
554 | 554 | # Returns the mail addresses of users that should be always notified on project events |
|
555 | 555 | def recipients |
|
556 | 556 | notified_users.collect {|user| user.mail} |
|
557 | 557 | end |
|
558 | 558 | |
|
559 | 559 | # Returns the users that should be notified on project events |
|
560 | 560 | def notified_users |
|
561 | 561 | # TODO: User part should be extracted to User#notify_about? |
|
562 | 562 | members.preload(:principal).select {|m| m.principal.present? && (m.mail_notification? || m.principal.mail_notification == 'all')}.collect {|m| m.principal} |
|
563 | 563 | end |
|
564 | 564 | |
|
565 | 565 | # Returns a scope of all custom fields enabled for project issues |
|
566 | 566 | # (explicitly associated custom fields and custom fields enabled for all projects) |
|
567 | 567 | def all_issue_custom_fields |
|
568 | 568 | if new_record? |
|
569 | 569 | @all_issue_custom_fields ||= IssueCustomField. |
|
570 | 570 | sorted. |
|
571 | 571 | where("is_for_all = ? OR id IN (?)", true, issue_custom_field_ids) |
|
572 | 572 | else |
|
573 | 573 | @all_issue_custom_fields ||= IssueCustomField. |
|
574 | 574 | sorted. |
|
575 | 575 | where("is_for_all = ? OR id IN (SELECT DISTINCT cfp.custom_field_id" + |
|
576 | 576 | " FROM #{table_name_prefix}custom_fields_projects#{table_name_suffix} cfp" + |
|
577 | 577 | " WHERE cfp.project_id = ?)", true, id) |
|
578 | 578 | end |
|
579 | 579 | end |
|
580 | 580 | |
|
581 | 581 | def project |
|
582 | 582 | self |
|
583 | 583 | end |
|
584 | 584 | |
|
585 | 585 | def <=>(project) |
|
586 | 586 | name.casecmp(project.name) |
|
587 | 587 | end |
|
588 | 588 | |
|
589 | 589 | def to_s |
|
590 | 590 | name |
|
591 | 591 | end |
|
592 | 592 | |
|
593 | 593 | # Returns a short description of the projects (first lines) |
|
594 | 594 | def short_description(length = 255) |
|
595 | 595 | description.gsub(/^(.{#{length}}[^\n\r]*).*$/m, '\1...').strip if description |
|
596 | 596 | end |
|
597 | 597 | |
|
598 | 598 | def css_classes |
|
599 | 599 | s = 'project' |
|
600 | 600 | s << ' root' if root? |
|
601 | 601 | s << ' child' if child? |
|
602 | 602 | s << (leaf? ? ' leaf' : ' parent') |
|
603 | 603 | unless active? |
|
604 | 604 | if archived? |
|
605 | 605 | s << ' archived' |
|
606 | 606 | else |
|
607 | 607 | s << ' closed' |
|
608 | 608 | end |
|
609 | 609 | end |
|
610 | 610 | s |
|
611 | 611 | end |
|
612 | 612 | |
|
613 | 613 | # The earliest start date of a project, based on it's issues and versions |
|
614 | 614 | def start_date |
|
615 | 615 | @start_date ||= [ |
|
616 | 616 | issues.minimum('start_date'), |
|
617 | 617 | shared_versions.minimum('effective_date'), |
|
618 | 618 | Issue.fixed_version(shared_versions).minimum('start_date') |
|
619 | 619 | ].compact.min |
|
620 | 620 | end |
|
621 | 621 | |
|
622 | 622 | # The latest due date of an issue or version |
|
623 | 623 | def due_date |
|
624 | 624 | @due_date ||= [ |
|
625 | 625 | issues.maximum('due_date'), |
|
626 | 626 | shared_versions.maximum('effective_date'), |
|
627 | 627 | Issue.fixed_version(shared_versions).maximum('due_date') |
|
628 | 628 | ].compact.max |
|
629 | 629 | end |
|
630 | 630 | |
|
631 | 631 | def overdue? |
|
632 | 632 | active? && !due_date.nil? && (due_date < User.current.today) |
|
633 | 633 | end |
|
634 | 634 | |
|
635 | 635 | # Returns the percent completed for this project, based on the |
|
636 | 636 | # progress on it's versions. |
|
637 | 637 | def completed_percent(options={:include_subprojects => false}) |
|
638 | 638 | if options.delete(:include_subprojects) |
|
639 | 639 | total = self_and_descendants.collect(&:completed_percent).sum |
|
640 | 640 | |
|
641 | 641 | total / self_and_descendants.count |
|
642 | 642 | else |
|
643 | 643 | if versions.count > 0 |
|
644 | 644 | total = versions.collect(&:completed_percent).sum |
|
645 | 645 | |
|
646 | 646 | total / versions.count |
|
647 | 647 | else |
|
648 | 648 | 100 |
|
649 | 649 | end |
|
650 | 650 | end |
|
651 | 651 | end |
|
652 | 652 | |
|
653 | 653 | # Return true if this project allows to do the specified action. |
|
654 | 654 | # action can be: |
|
655 | 655 | # * a parameter-like Hash (eg. :controller => 'projects', :action => 'edit') |
|
656 | 656 | # * a permission Symbol (eg. :edit_project) |
|
657 | 657 | def allows_to?(action) |
|
658 | 658 | if archived? |
|
659 | 659 | # No action allowed on archived projects |
|
660 | 660 | return false |
|
661 | 661 | end |
|
662 | 662 | unless active? || Redmine::AccessControl.read_action?(action) |
|
663 | 663 | # No write action allowed on closed projects |
|
664 | 664 | return false |
|
665 | 665 | end |
|
666 | 666 | # No action allowed on disabled modules |
|
667 | 667 | if action.is_a? Hash |
|
668 | 668 | allowed_actions.include? "#{action[:controller]}/#{action[:action]}" |
|
669 | 669 | else |
|
670 | 670 | allowed_permissions.include? action |
|
671 | 671 | end |
|
672 | 672 | end |
|
673 | 673 | |
|
674 | 674 | # Return the enabled module with the given name |
|
675 | 675 | # or nil if the module is not enabled for the project |
|
676 | 676 | def enabled_module(name) |
|
677 | 677 | name = name.to_s |
|
678 | 678 | enabled_modules.detect {|m| m.name == name} |
|
679 | 679 | end |
|
680 | 680 | |
|
681 | 681 | # Return true if the module with the given name is enabled |
|
682 | 682 | def module_enabled?(name) |
|
683 | 683 | enabled_module(name).present? |
|
684 | 684 | end |
|
685 | 685 | |
|
686 | 686 | def enabled_module_names=(module_names) |
|
687 | 687 | if module_names && module_names.is_a?(Array) |
|
688 | 688 | module_names = module_names.collect(&:to_s).reject(&:blank?) |
|
689 | 689 | self.enabled_modules = module_names.collect {|name| enabled_modules.detect {|mod| mod.name == name} || EnabledModule.new(:name => name)} |
|
690 | 690 | else |
|
691 | 691 | enabled_modules.clear |
|
692 | 692 | end |
|
693 | 693 | end |
|
694 | 694 | |
|
695 | 695 | # Returns an array of the enabled modules names |
|
696 | 696 | def enabled_module_names |
|
697 | 697 | enabled_modules.collect(&:name) |
|
698 | 698 | end |
|
699 | 699 | |
|
700 | 700 | # Enable a specific module |
|
701 | 701 | # |
|
702 | 702 | # Examples: |
|
703 | 703 | # project.enable_module!(:issue_tracking) |
|
704 | 704 | # project.enable_module!("issue_tracking") |
|
705 | 705 | def enable_module!(name) |
|
706 | 706 | enabled_modules << EnabledModule.new(:name => name.to_s) unless module_enabled?(name) |
|
707 | 707 | end |
|
708 | 708 | |
|
709 | 709 | # Disable a module if it exists |
|
710 | 710 | # |
|
711 | 711 | # Examples: |
|
712 | 712 | # project.disable_module!(:issue_tracking) |
|
713 | 713 | # project.disable_module!("issue_tracking") |
|
714 | 714 | # project.disable_module!(project.enabled_modules.first) |
|
715 | 715 | def disable_module!(target) |
|
716 | 716 | target = enabled_modules.detect{|mod| target.to_s == mod.name} unless enabled_modules.include?(target) |
|
717 | 717 | target.destroy unless target.blank? |
|
718 | 718 | end |
|
719 | 719 | |
|
720 | 720 | safe_attributes 'name', |
|
721 | 721 | 'description', |
|
722 | 722 | 'homepage', |
|
723 | 723 | 'is_public', |
|
724 | 724 | 'identifier', |
|
725 | 725 | 'custom_field_values', |
|
726 | 726 | 'custom_fields', |
|
727 | 727 | 'tracker_ids', |
|
728 | 728 | 'issue_custom_field_ids', |
|
729 | 729 | 'parent_id', |
|
730 | 730 | 'default_version_id' |
|
731 | 731 | |
|
732 | 732 | safe_attributes 'enabled_module_names', |
|
733 | 733 | :if => lambda {|project, user| |
|
734 | 734 | if project.new_record? |
|
735 | 735 | if user.admin? |
|
736 | 736 | true |
|
737 | 737 | else |
|
738 | 738 | default_member_role.has_permission?(:select_project_modules) |
|
739 | 739 | end |
|
740 | 740 | else |
|
741 | 741 | user.allowed_to?(:select_project_modules, project) |
|
742 | 742 | end |
|
743 | 743 | } |
|
744 | 744 | |
|
745 | 745 | safe_attributes 'inherit_members', |
|
746 | 746 | :if => lambda {|project, user| project.parent.nil? || project.parent.visible?(user)} |
|
747 | 747 | |
|
748 | 748 | def safe_attributes=(attrs, user=User.current) |
|
749 | 749 | return unless attrs.is_a?(Hash) |
|
750 | 750 | attrs = attrs.deep_dup |
|
751 | 751 | |
|
752 | 752 | @unallowed_parent_id = nil |
|
753 | 753 | if new_record? || attrs.key?('parent_id') |
|
754 | 754 | parent_id_param = attrs['parent_id'].to_s |
|
755 | 755 | if new_record? || parent_id_param != parent_id.to_s |
|
756 | 756 | p = parent_id_param.present? ? Project.find_by_id(parent_id_param) : nil |
|
757 | 757 | unless allowed_parents(user).include?(p) |
|
758 | 758 | attrs.delete('parent_id') |
|
759 | 759 | @unallowed_parent_id = true |
|
760 | 760 | end |
|
761 | 761 | end |
|
762 | 762 | end |
|
763 | 763 | |
|
764 | 764 | super(attrs, user) |
|
765 | 765 | end |
|
766 | 766 | |
|
767 | 767 | # Returns an auto-generated project identifier based on the last identifier used |
|
768 | 768 | def self.next_identifier |
|
769 | 769 | p = Project.order('id DESC').first |
|
770 | 770 | p.nil? ? nil : p.identifier.to_s.succ |
|
771 | 771 | end |
|
772 | 772 | |
|
773 | 773 | # Copies and saves the Project instance based on the +project+. |
|
774 | 774 | # Duplicates the source project's: |
|
775 | 775 | # * Wiki |
|
776 | 776 | # * Versions |
|
777 | 777 | # * Categories |
|
778 | 778 | # * Issues |
|
779 | 779 | # * Members |
|
780 | 780 | # * Queries |
|
781 | 781 | # |
|
782 | 782 | # Accepts an +options+ argument to specify what to copy |
|
783 | 783 | # |
|
784 | 784 | # Examples: |
|
785 | 785 | # project.copy(1) # => copies everything |
|
786 | 786 | # project.copy(1, :only => 'members') # => copies members only |
|
787 | 787 | # project.copy(1, :only => ['members', 'versions']) # => copies members and versions |
|
788 | 788 | def copy(project, options={}) |
|
789 | 789 | project = project.is_a?(Project) ? project : Project.find(project) |
|
790 | 790 | |
|
791 | 791 | to_be_copied = %w(members wiki versions issue_categories issues queries boards) |
|
792 | 792 | to_be_copied = to_be_copied & Array.wrap(options[:only]) unless options[:only].nil? |
|
793 | 793 | |
|
794 | 794 | Project.transaction do |
|
795 | 795 | if save |
|
796 | 796 | reload |
|
797 | 797 | to_be_copied.each do |name| |
|
798 | 798 | send "copy_#{name}", project |
|
799 | 799 | end |
|
800 | 800 | Redmine::Hook.call_hook(:model_project_copy_before_save, :source_project => project, :destination_project => self) |
|
801 | 801 | save |
|
802 | 802 | else |
|
803 | 803 | false |
|
804 | 804 | end |
|
805 | 805 | end |
|
806 | 806 | end |
|
807 | 807 | |
|
808 | 808 | def member_principals |
|
809 | 809 | ActiveSupport::Deprecation.warn "Project#member_principals is deprecated and will be removed in Redmine 4.0. Use #memberships.active instead." |
|
810 | 810 | memberships.active |
|
811 | 811 | end |
|
812 | 812 | |
|
813 | 813 | # Returns a new unsaved Project instance with attributes copied from +project+ |
|
814 | 814 | def self.copy_from(project) |
|
815 | 815 | project = project.is_a?(Project) ? project : Project.find(project) |
|
816 | 816 | # clear unique attributes |
|
817 | 817 | attributes = project.attributes.dup.except('id', 'name', 'identifier', 'status', 'parent_id', 'lft', 'rgt') |
|
818 | 818 | copy = Project.new(attributes) |
|
819 | 819 | copy.enabled_module_names = project.enabled_module_names |
|
820 | 820 | copy.trackers = project.trackers |
|
821 | 821 | copy.custom_values = project.custom_values.collect {|v| v.clone} |
|
822 | 822 | copy.issue_custom_fields = project.issue_custom_fields |
|
823 | 823 | copy |
|
824 | 824 | end |
|
825 | 825 | |
|
826 | 826 | # Yields the given block for each project with its level in the tree |
|
827 | 827 | def self.project_tree(projects, options={}, &block) |
|
828 | 828 | ancestors = [] |
|
829 | 829 | if options[:init_level] && projects.first |
|
830 | 830 | ancestors = projects.first.ancestors.to_a |
|
831 | 831 | end |
|
832 | 832 | projects.sort_by(&:lft).each do |project| |
|
833 | 833 | while (ancestors.any? && !project.is_descendant_of?(ancestors.last)) |
|
834 | 834 | ancestors.pop |
|
835 | 835 | end |
|
836 | 836 | yield project, ancestors.size |
|
837 | 837 | ancestors << project |
|
838 | 838 | end |
|
839 | 839 | end |
|
840 | 840 | |
|
841 | 841 | private |
|
842 | 842 | |
|
843 | 843 | def update_inherited_members |
|
844 | 844 | if parent |
|
845 | 845 | if inherit_members? && !inherit_members_was |
|
846 | 846 | remove_inherited_member_roles |
|
847 | 847 | add_inherited_member_roles |
|
848 | 848 | elsif !inherit_members? && inherit_members_was |
|
849 | 849 | remove_inherited_member_roles |
|
850 | 850 | end |
|
851 | 851 | end |
|
852 | 852 | end |
|
853 | 853 | |
|
854 | 854 | def remove_inherited_member_roles |
|
855 | 855 | member_roles = MemberRole.where(:member_id => membership_ids).to_a |
|
856 | 856 | member_role_ids = member_roles.map(&:id) |
|
857 | 857 | member_roles.each do |member_role| |
|
858 | 858 | if member_role.inherited_from && !member_role_ids.include?(member_role.inherited_from) |
|
859 | 859 | member_role.destroy |
|
860 | 860 | end |
|
861 | 861 | end |
|
862 | 862 | end |
|
863 | 863 | |
|
864 | 864 | def add_inherited_member_roles |
|
865 | 865 | if inherit_members? && parent |
|
866 | 866 | parent.memberships.each do |parent_member| |
|
867 | 867 | member = Member.find_or_new(self.id, parent_member.user_id) |
|
868 | 868 | parent_member.member_roles.each do |parent_member_role| |
|
869 | 869 | member.member_roles << MemberRole.new(:role => parent_member_role.role, :inherited_from => parent_member_role.id) |
|
870 | 870 | end |
|
871 | 871 | member.save! |
|
872 | 872 | end |
|
873 | 873 | memberships.reset |
|
874 | 874 | end |
|
875 | 875 | end |
|
876 | 876 | |
|
877 | 877 | def update_versions_from_hierarchy_change |
|
878 | 878 | Issue.update_versions_from_hierarchy_change(self) |
|
879 | 879 | end |
|
880 | 880 | |
|
881 | 881 | def validate_parent |
|
882 | 882 | if @unallowed_parent_id |
|
883 | 883 | errors.add(:parent_id, :invalid) |
|
884 | 884 | elsif parent_id_changed? |
|
885 | 885 | unless parent.nil? || (parent.active? && move_possible?(parent)) |
|
886 | 886 | errors.add(:parent_id, :invalid) |
|
887 | 887 | end |
|
888 | 888 | end |
|
889 | 889 | end |
|
890 | 890 | |
|
891 | 891 | # Copies wiki from +project+ |
|
892 | 892 | def copy_wiki(project) |
|
893 | 893 | # Check that the source project has a wiki first |
|
894 | 894 | unless project.wiki.nil? |
|
895 | 895 | wiki = self.wiki || Wiki.new |
|
896 | 896 | wiki.attributes = project.wiki.attributes.dup.except("id", "project_id") |
|
897 | 897 | wiki_pages_map = {} |
|
898 | 898 | project.wiki.pages.each do |page| |
|
899 | 899 | # Skip pages without content |
|
900 | 900 | next if page.content.nil? |
|
901 | 901 | new_wiki_content = WikiContent.new(page.content.attributes.dup.except("id", "page_id", "updated_on")) |
|
902 | 902 | new_wiki_page = WikiPage.new(page.attributes.dup.except("id", "wiki_id", "created_on", "parent_id")) |
|
903 | 903 | new_wiki_page.content = new_wiki_content |
|
904 | 904 | wiki.pages << new_wiki_page |
|
905 | 905 | wiki_pages_map[page.id] = new_wiki_page |
|
906 | 906 | end |
|
907 | 907 | |
|
908 | 908 | self.wiki = wiki |
|
909 | 909 | wiki.save |
|
910 | 910 | # Reproduce page hierarchy |
|
911 | 911 | project.wiki.pages.each do |page| |
|
912 | 912 | if page.parent_id && wiki_pages_map[page.id] |
|
913 | 913 | wiki_pages_map[page.id].parent = wiki_pages_map[page.parent_id] |
|
914 | 914 | wiki_pages_map[page.id].save |
|
915 | 915 | end |
|
916 | 916 | end |
|
917 | 917 | end |
|
918 | 918 | end |
|
919 | 919 | |
|
920 | 920 | # Copies versions from +project+ |
|
921 | 921 | def copy_versions(project) |
|
922 | 922 | project.versions.each do |version| |
|
923 | 923 | new_version = Version.new |
|
924 | 924 | new_version.attributes = version.attributes.dup.except("id", "project_id", "created_on", "updated_on") |
|
925 | 925 | self.versions << new_version |
|
926 | 926 | end |
|
927 | 927 | end |
|
928 | 928 | |
|
929 | 929 | # Copies issue categories from +project+ |
|
930 | 930 | def copy_issue_categories(project) |
|
931 | 931 | project.issue_categories.each do |issue_category| |
|
932 | 932 | new_issue_category = IssueCategory.new |
|
933 | 933 | new_issue_category.attributes = issue_category.attributes.dup.except("id", "project_id") |
|
934 | 934 | self.issue_categories << new_issue_category |
|
935 | 935 | end |
|
936 | 936 | end |
|
937 | 937 | |
|
938 | 938 | # Copies issues from +project+ |
|
939 | 939 | def copy_issues(project) |
|
940 | 940 | # Stores the source issue id as a key and the copied issues as the |
|
941 | 941 | # value. Used to map the two together for issue relations. |
|
942 | 942 | issues_map = {} |
|
943 | 943 | |
|
944 | 944 | # Store status and reopen locked/closed versions |
|
945 | 945 | version_statuses = versions.reject(&:open?).map {|version| [version, version.status]} |
|
946 | 946 | version_statuses.each do |version, status| |
|
947 | 947 | version.update_attribute :status, 'open' |
|
948 | 948 | end |
|
949 | 949 | |
|
950 | 950 | # Get issues sorted by root_id, lft so that parent issues |
|
951 | 951 | # get copied before their children |
|
952 | 952 | project.issues.reorder('root_id, lft').each do |issue| |
|
953 | 953 | new_issue = Issue.new |
|
954 | 954 | new_issue.copy_from(issue, :subtasks => false, :link => false) |
|
955 | 955 | new_issue.project = self |
|
956 | 956 | # Changing project resets the custom field values |
|
957 | 957 | # TODO: handle this in Issue#project= |
|
958 | 958 | new_issue.custom_field_values = issue.custom_field_values.inject({}) {|h,v| h[v.custom_field_id] = v.value; h} |
|
959 | 959 | # Reassign fixed_versions by name, since names are unique per project |
|
960 | 960 | if issue.fixed_version && issue.fixed_version.project == project |
|
961 | 961 | new_issue.fixed_version = self.versions.detect {|v| v.name == issue.fixed_version.name} |
|
962 | 962 | end |
|
963 | 963 | # Reassign version custom field values |
|
964 | 964 | new_issue.custom_field_values.each do |custom_value| |
|
965 | 965 | if custom_value.custom_field.field_format == 'version' && custom_value.value.present? |
|
966 | 966 | versions = Version.where(:id => custom_value.value).to_a |
|
967 | 967 | new_value = versions.map do |version| |
|
968 | 968 | if version.project == project |
|
969 | 969 | self.versions.detect {|v| v.name == version.name}.try(:id) |
|
970 | 970 | else |
|
971 | 971 | version.id |
|
972 | 972 | end |
|
973 | 973 | end |
|
974 | 974 | new_value.compact! |
|
975 | 975 | new_value = new_value.first unless custom_value.custom_field.multiple? |
|
976 | 976 | custom_value.value = new_value |
|
977 | 977 | end |
|
978 | 978 | end |
|
979 | 979 | # Reassign the category by name, since names are unique per project |
|
980 | 980 | if issue.category |
|
981 | 981 | new_issue.category = self.issue_categories.detect {|c| c.name == issue.category.name} |
|
982 | 982 | end |
|
983 | 983 | # Parent issue |
|
984 | 984 | if issue.parent_id |
|
985 | 985 | if copied_parent = issues_map[issue.parent_id] |
|
986 | 986 | new_issue.parent_issue_id = copied_parent.id |
|
987 | 987 | end |
|
988 | 988 | end |
|
989 | 989 | |
|
990 | 990 | self.issues << new_issue |
|
991 | 991 | if new_issue.new_record? |
|
992 | 992 | logger.info "Project#copy_issues: issue ##{issue.id} could not be copied: #{new_issue.errors.full_messages}" if logger && logger.info? |
|
993 | 993 | else |
|
994 | 994 | issues_map[issue.id] = new_issue unless new_issue.new_record? |
|
995 | 995 | end |
|
996 | 996 | end |
|
997 | 997 | |
|
998 | 998 | # Restore locked/closed version statuses |
|
999 | 999 | version_statuses.each do |version, status| |
|
1000 | 1000 | version.update_attribute :status, status |
|
1001 | 1001 | end |
|
1002 | 1002 | |
|
1003 | 1003 | # Relations after in case issues related each other |
|
1004 | 1004 | project.issues.each do |issue| |
|
1005 | 1005 | new_issue = issues_map[issue.id] |
|
1006 | 1006 | unless new_issue |
|
1007 | 1007 | # Issue was not copied |
|
1008 | 1008 | next |
|
1009 | 1009 | end |
|
1010 | 1010 | |
|
1011 | 1011 | # Relations |
|
1012 | 1012 | issue.relations_from.each do |source_relation| |
|
1013 | 1013 | new_issue_relation = IssueRelation.new |
|
1014 | 1014 | new_issue_relation.attributes = source_relation.attributes.dup.except("id", "issue_from_id", "issue_to_id") |
|
1015 | 1015 | new_issue_relation.issue_to = issues_map[source_relation.issue_to_id] |
|
1016 | 1016 | if new_issue_relation.issue_to.nil? && Setting.cross_project_issue_relations? |
|
1017 | 1017 | new_issue_relation.issue_to = source_relation.issue_to |
|
1018 | 1018 | end |
|
1019 | 1019 | new_issue.relations_from << new_issue_relation |
|
1020 | 1020 | end |
|
1021 | 1021 | |
|
1022 | 1022 | issue.relations_to.each do |source_relation| |
|
1023 | 1023 | new_issue_relation = IssueRelation.new |
|
1024 | 1024 | new_issue_relation.attributes = source_relation.attributes.dup.except("id", "issue_from_id", "issue_to_id") |
|
1025 | 1025 | new_issue_relation.issue_from = issues_map[source_relation.issue_from_id] |
|
1026 | 1026 | if new_issue_relation.issue_from.nil? && Setting.cross_project_issue_relations? |
|
1027 | 1027 | new_issue_relation.issue_from = source_relation.issue_from |
|
1028 | 1028 | end |
|
1029 | 1029 | new_issue.relations_to << new_issue_relation |
|
1030 | 1030 | end |
|
1031 | 1031 | end |
|
1032 | 1032 | end |
|
1033 | 1033 | |
|
1034 | 1034 | # Copies members from +project+ |
|
1035 | 1035 | def copy_members(project) |
|
1036 | 1036 | # Copy users first, then groups to handle members with inherited and given roles |
|
1037 | 1037 | members_to_copy = [] |
|
1038 | 1038 | members_to_copy += project.memberships.select {|m| m.principal.is_a?(User)} |
|
1039 | 1039 | members_to_copy += project.memberships.select {|m| !m.principal.is_a?(User)} |
|
1040 | 1040 | |
|
1041 | 1041 | members_to_copy.each do |member| |
|
1042 | 1042 | new_member = Member.new |
|
1043 | 1043 | new_member.attributes = member.attributes.dup.except("id", "project_id", "created_on") |
|
1044 | 1044 | # only copy non inherited roles |
|
1045 | 1045 | # inherited roles will be added when copying the group membership |
|
1046 | 1046 | role_ids = member.member_roles.reject(&:inherited?).collect(&:role_id) |
|
1047 | 1047 | next if role_ids.empty? |
|
1048 | 1048 | new_member.role_ids = role_ids |
|
1049 | 1049 | new_member.project = self |
|
1050 | 1050 | self.members << new_member |
|
1051 | 1051 | end |
|
1052 | 1052 | end |
|
1053 | 1053 | |
|
1054 | 1054 | # Copies queries from +project+ |
|
1055 | 1055 | def copy_queries(project) |
|
1056 | 1056 | project.queries.each do |query| |
|
1057 | 1057 | new_query = IssueQuery.new |
|
1058 | 1058 | new_query.attributes = query.attributes.dup.except("id", "project_id", "sort_criteria", "user_id", "type") |
|
1059 | 1059 | new_query.sort_criteria = query.sort_criteria if query.sort_criteria |
|
1060 | 1060 | new_query.project = self |
|
1061 | 1061 | new_query.user_id = query.user_id |
|
1062 | 1062 | new_query.role_ids = query.role_ids if query.visibility == IssueQuery::VISIBILITY_ROLES |
|
1063 | 1063 | self.queries << new_query |
|
1064 | 1064 | end |
|
1065 | 1065 | end |
|
1066 | 1066 | |
|
1067 | 1067 | # Copies boards from +project+ |
|
1068 | 1068 | def copy_boards(project) |
|
1069 | 1069 | project.boards.each do |board| |
|
1070 | 1070 | new_board = Board.new |
|
1071 | 1071 | new_board.attributes = board.attributes.dup.except("id", "project_id", "topics_count", "messages_count", "last_message_id") |
|
1072 | 1072 | new_board.project = self |
|
1073 | 1073 | self.boards << new_board |
|
1074 | 1074 | end |
|
1075 | 1075 | end |
|
1076 | 1076 | |
|
1077 | 1077 | def allowed_permissions |
|
1078 | 1078 | @allowed_permissions ||= begin |
|
1079 | 1079 | module_names = enabled_modules.loaded? ? enabled_modules.map(&:name) : enabled_modules.pluck(:name) |
|
1080 | 1080 | Redmine::AccessControl.modules_permissions(module_names).collect {|p| p.name} |
|
1081 | 1081 | end |
|
1082 | 1082 | end |
|
1083 | 1083 | |
|
1084 | 1084 | def allowed_actions |
|
1085 | 1085 | @actions_allowed ||= allowed_permissions.inject([]) { |actions, permission| actions += Redmine::AccessControl.allowed_actions(permission) }.flatten |
|
1086 | 1086 | end |
|
1087 | 1087 | |
|
1088 | 1088 | # Archives subprojects recursively |
|
1089 | 1089 | def archive! |
|
1090 | 1090 | children.each do |subproject| |
|
1091 | 1091 | subproject.send :archive! |
|
1092 | 1092 | end |
|
1093 | 1093 | update_attribute :status, STATUS_ARCHIVED |
|
1094 | 1094 | end |
|
1095 | 1095 | end |
@@ -1,929 +1,948 | |||
|
1 | 1 | # Redmine - project management software |
|
2 | 2 | # Copyright (C) 2006-2016 Jean-Philippe Lang |
|
3 | 3 | # |
|
4 | 4 | # This program is free software; you can redistribute it and/or |
|
5 | 5 | # modify it under the terms of the GNU General Public License |
|
6 | 6 | # as published by the Free Software Foundation; either version 2 |
|
7 | 7 | # of the License, or (at your option) any later version. |
|
8 | 8 | # |
|
9 | 9 | # This program is distributed in the hope that it will be useful, |
|
10 | 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
11 | 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
12 | 12 | # GNU General Public License for more details. |
|
13 | 13 | # |
|
14 | 14 | # You should have received a copy of the GNU General Public License |
|
15 | 15 | # along with this program; if not, write to the Free Software |
|
16 | 16 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
|
17 | 17 | |
|
18 | 18 | require "digest/sha1" |
|
19 | 19 | |
|
20 | 20 | class User < Principal |
|
21 | 21 | include Redmine::SafeAttributes |
|
22 | 22 | |
|
23 | 23 | # Different ways of displaying/sorting users |
|
24 | 24 | USER_FORMATS = { |
|
25 | 25 | :firstname_lastname => { |
|
26 | 26 | :string => '#{firstname} #{lastname}', |
|
27 | 27 | :order => %w(firstname lastname id), |
|
28 | 28 | :setting_order => 1 |
|
29 | 29 | }, |
|
30 | 30 | :firstname_lastinitial => { |
|
31 | 31 | :string => '#{firstname} #{lastname.to_s.chars.first}.', |
|
32 | 32 | :order => %w(firstname lastname id), |
|
33 | 33 | :setting_order => 2 |
|
34 | 34 | }, |
|
35 | 35 | :firstinitial_lastname => { |
|
36 | 36 | :string => '#{firstname.to_s.gsub(/(([[:alpha:]])[[:alpha:]]*\.?)/, \'\2.\')} #{lastname}', |
|
37 | 37 | :order => %w(firstname lastname id), |
|
38 | 38 | :setting_order => 2 |
|
39 | 39 | }, |
|
40 | 40 | :firstname => { |
|
41 | 41 | :string => '#{firstname}', |
|
42 | 42 | :order => %w(firstname id), |
|
43 | 43 | :setting_order => 3 |
|
44 | 44 | }, |
|
45 | 45 | :lastname_firstname => { |
|
46 | 46 | :string => '#{lastname} #{firstname}', |
|
47 | 47 | :order => %w(lastname firstname id), |
|
48 | 48 | :setting_order => 4 |
|
49 | 49 | }, |
|
50 | 50 | :lastnamefirstname => { |
|
51 | 51 | :string => '#{lastname}#{firstname}', |
|
52 | 52 | :order => %w(lastname firstname id), |
|
53 | 53 | :setting_order => 5 |
|
54 | 54 | }, |
|
55 | 55 | :lastname_comma_firstname => { |
|
56 | 56 | :string => '#{lastname}, #{firstname}', |
|
57 | 57 | :order => %w(lastname firstname id), |
|
58 | 58 | :setting_order => 6 |
|
59 | 59 | }, |
|
60 | 60 | :lastname => { |
|
61 | 61 | :string => '#{lastname}', |
|
62 | 62 | :order => %w(lastname id), |
|
63 | 63 | :setting_order => 7 |
|
64 | 64 | }, |
|
65 | 65 | :username => { |
|
66 | 66 | :string => '#{login}', |
|
67 | 67 | :order => %w(login id), |
|
68 | 68 | :setting_order => 8 |
|
69 | 69 | }, |
|
70 | 70 | } |
|
71 | 71 | |
|
72 | 72 | MAIL_NOTIFICATION_OPTIONS = [ |
|
73 | 73 | ['all', :label_user_mail_option_all], |
|
74 | 74 | ['selected', :label_user_mail_option_selected], |
|
75 | 75 | ['only_my_events', :label_user_mail_option_only_my_events], |
|
76 | 76 | ['only_assigned', :label_user_mail_option_only_assigned], |
|
77 | 77 | ['only_owner', :label_user_mail_option_only_owner], |
|
78 | 78 | ['none', :label_user_mail_option_none] |
|
79 | 79 | ] |
|
80 | 80 | |
|
81 | 81 | has_and_belongs_to_many :groups, |
|
82 | 82 | :join_table => "#{table_name_prefix}groups_users#{table_name_suffix}", |
|
83 | 83 | :after_add => Proc.new {|user, group| group.user_added(user)}, |
|
84 | 84 | :after_remove => Proc.new {|user, group| group.user_removed(user)} |
|
85 | 85 | has_many :changesets, :dependent => :nullify |
|
86 | 86 | has_one :preference, :dependent => :destroy, :class_name => 'UserPreference' |
|
87 | 87 | has_one :rss_token, lambda {where "action='feeds'"}, :class_name => 'Token' |
|
88 | 88 | has_one :api_token, lambda {where "action='api'"}, :class_name => 'Token' |
|
89 | 89 | has_one :email_address, lambda {where :is_default => true}, :autosave => true |
|
90 | 90 | has_many :email_addresses, :dependent => :delete_all |
|
91 | 91 | belongs_to :auth_source |
|
92 | 92 | |
|
93 | 93 | scope :logged, lambda { where("#{User.table_name}.status <> #{STATUS_ANONYMOUS}") } |
|
94 | 94 | scope :status, lambda {|arg| where(arg.blank? ? nil : {:status => arg.to_i}) } |
|
95 | 95 | |
|
96 | 96 | acts_as_customizable |
|
97 | 97 | |
|
98 | 98 | attr_accessor :password, :password_confirmation, :generate_password |
|
99 | 99 | attr_accessor :last_before_login_on |
|
100 | 100 | attr_accessor :remote_ip |
|
101 | 101 | |
|
102 | 102 | # Prevents unauthorized assignments |
|
103 | 103 | attr_protected :password, :password_confirmation, :hashed_password |
|
104 | 104 | |
|
105 | 105 | LOGIN_LENGTH_LIMIT = 60 |
|
106 | 106 | MAIL_LENGTH_LIMIT = 60 |
|
107 | 107 | |
|
108 | 108 | validates_presence_of :login, :firstname, :lastname, :if => Proc.new { |user| !user.is_a?(AnonymousUser) } |
|
109 | 109 | validates_uniqueness_of :login, :if => Proc.new { |user| user.login_changed? && user.login.present? }, :case_sensitive => false |
|
110 | 110 | # Login must contain letters, numbers, underscores only |
|
111 | 111 | validates_format_of :login, :with => /\A[a-z0-9_\-@\.]*\z/i |
|
112 | 112 | validates_length_of :login, :maximum => LOGIN_LENGTH_LIMIT |
|
113 | 113 | validates_length_of :firstname, :lastname, :maximum => 30 |
|
114 | 114 | validates_length_of :identity_url, maximum: 255 |
|
115 | 115 | validates_inclusion_of :mail_notification, :in => MAIL_NOTIFICATION_OPTIONS.collect(&:first), :allow_blank => true |
|
116 | 116 | validate :validate_password_length |
|
117 | 117 | validate do |
|
118 | 118 | if password_confirmation && password != password_confirmation |
|
119 | 119 | errors.add(:password, :confirmation) |
|
120 | 120 | end |
|
121 | 121 | end |
|
122 | 122 | |
|
123 | 123 | self.valid_statuses = [STATUS_ACTIVE, STATUS_REGISTERED, STATUS_LOCKED] |
|
124 | 124 | |
|
125 | 125 | before_validation :instantiate_email_address |
|
126 | 126 | before_create :set_mail_notification |
|
127 | 127 | before_save :generate_password_if_needed, :update_hashed_password |
|
128 | 128 | before_destroy :remove_references_before_destroy |
|
129 | 129 | after_save :update_notified_project_ids, :destroy_tokens, :deliver_security_notification |
|
130 | 130 | after_destroy :deliver_security_notification |
|
131 | 131 | |
|
132 | 132 | scope :in_group, lambda {|group| |
|
133 | 133 | group_id = group.is_a?(Group) ? group.id : group.to_i |
|
134 | 134 | where("#{User.table_name}.id IN (SELECT gu.user_id FROM #{table_name_prefix}groups_users#{table_name_suffix} gu WHERE gu.group_id = ?)", group_id) |
|
135 | 135 | } |
|
136 | 136 | scope :not_in_group, lambda {|group| |
|
137 | 137 | group_id = group.is_a?(Group) ? group.id : group.to_i |
|
138 | 138 | where("#{User.table_name}.id NOT IN (SELECT gu.user_id FROM #{table_name_prefix}groups_users#{table_name_suffix} gu WHERE gu.group_id = ?)", group_id) |
|
139 | 139 | } |
|
140 | 140 | scope :sorted, lambda { order(*User.fields_for_order_statement)} |
|
141 | 141 | scope :having_mail, lambda {|arg| |
|
142 | 142 | addresses = Array.wrap(arg).map {|a| a.to_s.downcase} |
|
143 | 143 | if addresses.any? |
|
144 | 144 | joins(:email_addresses).where("LOWER(#{EmailAddress.table_name}.address) IN (?)", addresses).distinct |
|
145 | 145 | else |
|
146 | 146 | none |
|
147 | 147 | end |
|
148 | 148 | } |
|
149 | 149 | |
|
150 | 150 | def set_mail_notification |
|
151 | 151 | self.mail_notification = Setting.default_notification_option if self.mail_notification.blank? |
|
152 | 152 | true |
|
153 | 153 | end |
|
154 | 154 | |
|
155 | 155 | def update_hashed_password |
|
156 | 156 | # update hashed_password if password was set |
|
157 | 157 | if self.password && self.auth_source_id.blank? |
|
158 | 158 | salt_password(password) |
|
159 | 159 | end |
|
160 | 160 | end |
|
161 | 161 | |
|
162 | 162 | alias :base_reload :reload |
|
163 | 163 | def reload(*args) |
|
164 | 164 | @name = nil |
|
165 | 165 | @projects_by_role = nil |
|
166 | @project_ids_by_role = nil | |
|
166 | 167 | @membership_by_project_id = nil |
|
167 | 168 | @notified_projects_ids = nil |
|
168 | 169 | @notified_projects_ids_changed = false |
|
169 | 170 | @builtin_role = nil |
|
170 | 171 | @visible_project_ids = nil |
|
171 | 172 | @managed_roles = nil |
|
172 | 173 | base_reload(*args) |
|
173 | 174 | end |
|
174 | 175 | |
|
175 | 176 | def mail |
|
176 | 177 | email_address.try(:address) |
|
177 | 178 | end |
|
178 | 179 | |
|
179 | 180 | def mail=(arg) |
|
180 | 181 | email = email_address || build_email_address |
|
181 | 182 | email.address = arg |
|
182 | 183 | end |
|
183 | 184 | |
|
184 | 185 | def mail_changed? |
|
185 | 186 | email_address.try(:address_changed?) |
|
186 | 187 | end |
|
187 | 188 | |
|
188 | 189 | def mails |
|
189 | 190 | email_addresses.pluck(:address) |
|
190 | 191 | end |
|
191 | 192 | |
|
192 | 193 | def self.find_or_initialize_by_identity_url(url) |
|
193 | 194 | user = where(:identity_url => url).first |
|
194 | 195 | unless user |
|
195 | 196 | user = User.new |
|
196 | 197 | user.identity_url = url |
|
197 | 198 | end |
|
198 | 199 | user |
|
199 | 200 | end |
|
200 | 201 | |
|
201 | 202 | def identity_url=(url) |
|
202 | 203 | if url.blank? |
|
203 | 204 | write_attribute(:identity_url, '') |
|
204 | 205 | else |
|
205 | 206 | begin |
|
206 | 207 | write_attribute(:identity_url, OpenIdAuthentication.normalize_identifier(url)) |
|
207 | 208 | rescue OpenIdAuthentication::InvalidOpenId |
|
208 | 209 | # Invalid url, don't save |
|
209 | 210 | end |
|
210 | 211 | end |
|
211 | 212 | self.read_attribute(:identity_url) |
|
212 | 213 | end |
|
213 | 214 | |
|
214 | 215 | # Returns the user that matches provided login and password, or nil |
|
215 | 216 | def self.try_to_login(login, password, active_only=true) |
|
216 | 217 | login = login.to_s |
|
217 | 218 | password = password.to_s |
|
218 | 219 | |
|
219 | 220 | # Make sure no one can sign in with an empty login or password |
|
220 | 221 | return nil if login.empty? || password.empty? |
|
221 | 222 | user = find_by_login(login) |
|
222 | 223 | if user |
|
223 | 224 | # user is already in local database |
|
224 | 225 | return nil unless user.check_password?(password) |
|
225 | 226 | return nil if !user.active? && active_only |
|
226 | 227 | else |
|
227 | 228 | # user is not yet registered, try to authenticate with available sources |
|
228 | 229 | attrs = AuthSource.authenticate(login, password) |
|
229 | 230 | if attrs |
|
230 | 231 | user = new(attrs) |
|
231 | 232 | user.login = login |
|
232 | 233 | user.language = Setting.default_language |
|
233 | 234 | if user.save |
|
234 | 235 | user.reload |
|
235 | 236 | logger.info("User '#{user.login}' created from external auth source: #{user.auth_source.type} - #{user.auth_source.name}") if logger && user.auth_source |
|
236 | 237 | end |
|
237 | 238 | end |
|
238 | 239 | end |
|
239 | 240 | user.update_column(:last_login_on, Time.now) if user && !user.new_record? && user.active? |
|
240 | 241 | user |
|
241 | 242 | rescue => text |
|
242 | 243 | raise text |
|
243 | 244 | end |
|
244 | 245 | |
|
245 | 246 | # Returns the user who matches the given autologin +key+ or nil |
|
246 | 247 | def self.try_to_autologin(key) |
|
247 | 248 | user = Token.find_active_user('autologin', key, Setting.autologin.to_i) |
|
248 | 249 | if user |
|
249 | 250 | user.update_column(:last_login_on, Time.now) |
|
250 | 251 | user |
|
251 | 252 | end |
|
252 | 253 | end |
|
253 | 254 | |
|
254 | 255 | def self.name_formatter(formatter = nil) |
|
255 | 256 | USER_FORMATS[formatter || Setting.user_format] || USER_FORMATS[:firstname_lastname] |
|
256 | 257 | end |
|
257 | 258 | |
|
258 | 259 | # Returns an array of fields names than can be used to make an order statement for users |
|
259 | 260 | # according to how user names are displayed |
|
260 | 261 | # Examples: |
|
261 | 262 | # |
|
262 | 263 | # User.fields_for_order_statement => ['users.login', 'users.id'] |
|
263 | 264 | # User.fields_for_order_statement('authors') => ['authors.login', 'authors.id'] |
|
264 | 265 | def self.fields_for_order_statement(table=nil) |
|
265 | 266 | table ||= table_name |
|
266 | 267 | name_formatter[:order].map {|field| "#{table}.#{field}"} |
|
267 | 268 | end |
|
268 | 269 | |
|
269 | 270 | # Return user's full name for display |
|
270 | 271 | def name(formatter = nil) |
|
271 | 272 | f = self.class.name_formatter(formatter) |
|
272 | 273 | if formatter |
|
273 | 274 | eval('"' + f[:string] + '"') |
|
274 | 275 | else |
|
275 | 276 | @name ||= eval('"' + f[:string] + '"') |
|
276 | 277 | end |
|
277 | 278 | end |
|
278 | 279 | |
|
279 | 280 | def active? |
|
280 | 281 | self.status == STATUS_ACTIVE |
|
281 | 282 | end |
|
282 | 283 | |
|
283 | 284 | def registered? |
|
284 | 285 | self.status == STATUS_REGISTERED |
|
285 | 286 | end |
|
286 | 287 | |
|
287 | 288 | def locked? |
|
288 | 289 | self.status == STATUS_LOCKED |
|
289 | 290 | end |
|
290 | 291 | |
|
291 | 292 | def activate |
|
292 | 293 | self.status = STATUS_ACTIVE |
|
293 | 294 | end |
|
294 | 295 | |
|
295 | 296 | def register |
|
296 | 297 | self.status = STATUS_REGISTERED |
|
297 | 298 | end |
|
298 | 299 | |
|
299 | 300 | def lock |
|
300 | 301 | self.status = STATUS_LOCKED |
|
301 | 302 | end |
|
302 | 303 | |
|
303 | 304 | def activate! |
|
304 | 305 | update_attribute(:status, STATUS_ACTIVE) |
|
305 | 306 | end |
|
306 | 307 | |
|
307 | 308 | def register! |
|
308 | 309 | update_attribute(:status, STATUS_REGISTERED) |
|
309 | 310 | end |
|
310 | 311 | |
|
311 | 312 | def lock! |
|
312 | 313 | update_attribute(:status, STATUS_LOCKED) |
|
313 | 314 | end |
|
314 | 315 | |
|
315 | 316 | # Returns true if +clear_password+ is the correct user's password, otherwise false |
|
316 | 317 | def check_password?(clear_password) |
|
317 | 318 | if auth_source_id.present? |
|
318 | 319 | auth_source.authenticate(self.login, clear_password) |
|
319 | 320 | else |
|
320 | 321 | User.hash_password("#{salt}#{User.hash_password clear_password}") == hashed_password |
|
321 | 322 | end |
|
322 | 323 | end |
|
323 | 324 | |
|
324 | 325 | # Generates a random salt and computes hashed_password for +clear_password+ |
|
325 | 326 | # The hashed password is stored in the following form: SHA1(salt + SHA1(password)) |
|
326 | 327 | def salt_password(clear_password) |
|
327 | 328 | self.salt = User.generate_salt |
|
328 | 329 | self.hashed_password = User.hash_password("#{salt}#{User.hash_password clear_password}") |
|
329 | 330 | self.passwd_changed_on = Time.now.change(:usec => 0) |
|
330 | 331 | end |
|
331 | 332 | |
|
332 | 333 | # Does the backend storage allow this user to change their password? |
|
333 | 334 | def change_password_allowed? |
|
334 | 335 | return true if auth_source.nil? |
|
335 | 336 | return auth_source.allow_password_changes? |
|
336 | 337 | end |
|
337 | 338 | |
|
338 | 339 | # Returns true if the user password has expired |
|
339 | 340 | def password_expired? |
|
340 | 341 | period = Setting.password_max_age.to_i |
|
341 | 342 | if period.zero? |
|
342 | 343 | false |
|
343 | 344 | else |
|
344 | 345 | changed_on = self.passwd_changed_on || Time.at(0) |
|
345 | 346 | changed_on < period.days.ago |
|
346 | 347 | end |
|
347 | 348 | end |
|
348 | 349 | |
|
349 | 350 | def must_change_password? |
|
350 | 351 | (must_change_passwd? || password_expired?) && change_password_allowed? |
|
351 | 352 | end |
|
352 | 353 | |
|
353 | 354 | def generate_password? |
|
354 | 355 | generate_password == '1' || generate_password == true |
|
355 | 356 | end |
|
356 | 357 | |
|
357 | 358 | # Generate and set a random password on given length |
|
358 | 359 | def random_password(length=40) |
|
359 | 360 | chars = ("a".."z").to_a + ("A".."Z").to_a + ("0".."9").to_a |
|
360 | 361 | chars -= %w(0 O 1 l) |
|
361 | 362 | password = '' |
|
362 | 363 | length.times {|i| password << chars[SecureRandom.random_number(chars.size)] } |
|
363 | 364 | self.password = password |
|
364 | 365 | self.password_confirmation = password |
|
365 | 366 | self |
|
366 | 367 | end |
|
367 | 368 | |
|
368 | 369 | def pref |
|
369 | 370 | self.preference ||= UserPreference.new(:user => self) |
|
370 | 371 | end |
|
371 | 372 | |
|
372 | 373 | def time_zone |
|
373 | 374 | @time_zone ||= (self.pref.time_zone.blank? ? nil : ActiveSupport::TimeZone[self.pref.time_zone]) |
|
374 | 375 | end |
|
375 | 376 | |
|
376 | 377 | def force_default_language? |
|
377 | 378 | Setting.force_default_language_for_loggedin? |
|
378 | 379 | end |
|
379 | 380 | |
|
380 | 381 | def language |
|
381 | 382 | if force_default_language? |
|
382 | 383 | Setting.default_language |
|
383 | 384 | else |
|
384 | 385 | super |
|
385 | 386 | end |
|
386 | 387 | end |
|
387 | 388 | |
|
388 | 389 | def wants_comments_in_reverse_order? |
|
389 | 390 | self.pref[:comments_sorting] == 'desc' |
|
390 | 391 | end |
|
391 | 392 | |
|
392 | 393 | # Return user's RSS key (a 40 chars long string), used to access feeds |
|
393 | 394 | def rss_key |
|
394 | 395 | if rss_token.nil? |
|
395 | 396 | create_rss_token(:action => 'feeds') |
|
396 | 397 | end |
|
397 | 398 | rss_token.value |
|
398 | 399 | end |
|
399 | 400 | |
|
400 | 401 | # Return user's API key (a 40 chars long string), used to access the API |
|
401 | 402 | def api_key |
|
402 | 403 | if api_token.nil? |
|
403 | 404 | create_api_token(:action => 'api') |
|
404 | 405 | end |
|
405 | 406 | api_token.value |
|
406 | 407 | end |
|
407 | 408 | |
|
408 | 409 | # Generates a new session token and returns its value |
|
409 | 410 | def generate_session_token |
|
410 | 411 | token = Token.create!(:user_id => id, :action => 'session') |
|
411 | 412 | token.value |
|
412 | 413 | end |
|
413 | 414 | |
|
414 | 415 | # Returns true if token is a valid session token for the user whose id is user_id |
|
415 | 416 | def self.verify_session_token(user_id, token) |
|
416 | 417 | return false if user_id.blank? || token.blank? |
|
417 | 418 | |
|
418 | 419 | scope = Token.where(:user_id => user_id, :value => token.to_s, :action => 'session') |
|
419 | 420 | if Setting.session_lifetime? |
|
420 | 421 | scope = scope.where("created_on > ?", Setting.session_lifetime.to_i.minutes.ago) |
|
421 | 422 | end |
|
422 | 423 | if Setting.session_timeout? |
|
423 | 424 | scope = scope.where("updated_on > ?", Setting.session_timeout.to_i.minutes.ago) |
|
424 | 425 | end |
|
425 | 426 | scope.update_all(:updated_on => Time.now) == 1 |
|
426 | 427 | end |
|
427 | 428 | |
|
428 | 429 | # Return an array of project ids for which the user has explicitly turned mail notifications on |
|
429 | 430 | def notified_projects_ids |
|
430 | 431 | @notified_projects_ids ||= memberships.select {|m| m.mail_notification?}.collect(&:project_id) |
|
431 | 432 | end |
|
432 | 433 | |
|
433 | 434 | def notified_project_ids=(ids) |
|
434 | 435 | @notified_projects_ids_changed = true |
|
435 | 436 | @notified_projects_ids = ids.map(&:to_i).uniq.select {|n| n > 0} |
|
436 | 437 | end |
|
437 | 438 | |
|
438 | 439 | # Updates per project notifications (after_save callback) |
|
439 | 440 | def update_notified_project_ids |
|
440 | 441 | if @notified_projects_ids_changed |
|
441 | 442 | ids = (mail_notification == 'selected' ? Array.wrap(notified_projects_ids).reject(&:blank?) : []) |
|
442 | 443 | members.update_all(:mail_notification => false) |
|
443 | 444 | members.where(:project_id => ids).update_all(:mail_notification => true) if ids.any? |
|
444 | 445 | end |
|
445 | 446 | end |
|
446 | 447 | private :update_notified_project_ids |
|
447 | 448 | |
|
448 | 449 | def valid_notification_options |
|
449 | 450 | self.class.valid_notification_options(self) |
|
450 | 451 | end |
|
451 | 452 | |
|
452 | 453 | # Only users that belong to more than 1 project can select projects for which they are notified |
|
453 | 454 | def self.valid_notification_options(user=nil) |
|
454 | 455 | # Note that @user.membership.size would fail since AR ignores |
|
455 | 456 | # :include association option when doing a count |
|
456 | 457 | if user.nil? || user.memberships.length < 1 |
|
457 | 458 | MAIL_NOTIFICATION_OPTIONS.reject {|option| option.first == 'selected'} |
|
458 | 459 | else |
|
459 | 460 | MAIL_NOTIFICATION_OPTIONS |
|
460 | 461 | end |
|
461 | 462 | end |
|
462 | 463 | |
|
463 | 464 | # Find a user account by matching the exact login and then a case-insensitive |
|
464 | 465 | # version. Exact matches will be given priority. |
|
465 | 466 | def self.find_by_login(login) |
|
466 | 467 | login = Redmine::CodesetUtil.replace_invalid_utf8(login.to_s) |
|
467 | 468 | if login.present? |
|
468 | 469 | # First look for an exact match |
|
469 | 470 | user = where(:login => login).detect {|u| u.login == login} |
|
470 | 471 | unless user |
|
471 | 472 | # Fail over to case-insensitive if none was found |
|
472 | 473 | user = where("LOWER(login) = ?", login.downcase).first |
|
473 | 474 | end |
|
474 | 475 | user |
|
475 | 476 | end |
|
476 | 477 | end |
|
477 | 478 | |
|
478 | 479 | def self.find_by_rss_key(key) |
|
479 | 480 | Token.find_active_user('feeds', key) |
|
480 | 481 | end |
|
481 | 482 | |
|
482 | 483 | def self.find_by_api_key(key) |
|
483 | 484 | Token.find_active_user('api', key) |
|
484 | 485 | end |
|
485 | 486 | |
|
486 | 487 | # Makes find_by_mail case-insensitive |
|
487 | 488 | def self.find_by_mail(mail) |
|
488 | 489 | having_mail(mail).first |
|
489 | 490 | end |
|
490 | 491 | |
|
491 | 492 | # Returns true if the default admin account can no longer be used |
|
492 | 493 | def self.default_admin_account_changed? |
|
493 | 494 | !User.active.find_by_login("admin").try(:check_password?, "admin") |
|
494 | 495 | end |
|
495 | 496 | |
|
496 | 497 | def to_s |
|
497 | 498 | name |
|
498 | 499 | end |
|
499 | 500 | |
|
500 | 501 | CSS_CLASS_BY_STATUS = { |
|
501 | 502 | STATUS_ANONYMOUS => 'anon', |
|
502 | 503 | STATUS_ACTIVE => 'active', |
|
503 | 504 | STATUS_REGISTERED => 'registered', |
|
504 | 505 | STATUS_LOCKED => 'locked' |
|
505 | 506 | } |
|
506 | 507 | |
|
507 | 508 | def css_classes |
|
508 | 509 | "user #{CSS_CLASS_BY_STATUS[status]}" |
|
509 | 510 | end |
|
510 | 511 | |
|
511 | 512 | # Returns the current day according to user's time zone |
|
512 | 513 | def today |
|
513 | 514 | if time_zone.nil? |
|
514 | 515 | Date.today |
|
515 | 516 | else |
|
516 | 517 | time_zone.today |
|
517 | 518 | end |
|
518 | 519 | end |
|
519 | 520 | |
|
520 | 521 | # Returns the day of +time+ according to user's time zone |
|
521 | 522 | def time_to_date(time) |
|
522 | 523 | if time_zone.nil? |
|
523 | 524 | time.to_date |
|
524 | 525 | else |
|
525 | 526 | time.in_time_zone(time_zone).to_date |
|
526 | 527 | end |
|
527 | 528 | end |
|
528 | 529 | |
|
529 | 530 | def logged? |
|
530 | 531 | true |
|
531 | 532 | end |
|
532 | 533 | |
|
533 | 534 | def anonymous? |
|
534 | 535 | !logged? |
|
535 | 536 | end |
|
536 | 537 | |
|
537 | 538 | # Returns user's membership for the given project |
|
538 | 539 | # or nil if the user is not a member of project |
|
539 | 540 | def membership(project) |
|
540 | 541 | project_id = project.is_a?(Project) ? project.id : project |
|
541 | 542 | |
|
542 | 543 | @membership_by_project_id ||= Hash.new {|h, project_id| |
|
543 | 544 | h[project_id] = memberships.where(:project_id => project_id).first |
|
544 | 545 | } |
|
545 | 546 | @membership_by_project_id[project_id] |
|
546 | 547 | end |
|
547 | 548 | |
|
548 | 549 | # Returns the user's bult-in role |
|
549 | 550 | def builtin_role |
|
550 | 551 | @builtin_role ||= Role.non_member |
|
551 | 552 | end |
|
552 | 553 | |
|
553 | 554 | # Return user's roles for project |
|
554 | 555 | def roles_for_project(project) |
|
555 | 556 | # No role on archived projects |
|
556 | 557 | return [] if project.nil? || project.archived? |
|
557 | 558 | if membership = membership(project) |
|
558 | 559 | membership.roles.to_a |
|
559 | 560 | elsif project.is_public? |
|
560 | 561 | project.override_roles(builtin_role) |
|
561 | 562 | else |
|
562 | 563 | [] |
|
563 | 564 | end |
|
564 | 565 | end |
|
565 | 566 | |
|
566 | 567 | # Returns a hash of user's projects grouped by roles |
|
568 | # TODO: No longer used, should be deprecated | |
|
567 | 569 | def projects_by_role |
|
568 | 570 | return @projects_by_role if @projects_by_role |
|
569 | 571 | |
|
570 |
|
|
|
572 | result = Hash.new([]) | |
|
573 | project_ids_by_role.each do |role, ids| | |
|
574 | result[role] = Project.where(:id => ids).to_a | |
|
575 | end | |
|
576 | @projects_by_role = result | |
|
577 | end | |
|
578 | ||
|
579 | # Returns a hash of project ids grouped by roles. | |
|
580 | # Includes the projects that the user is a member of and the projects | |
|
581 | # that grant custom permissions to the builtin groups. | |
|
582 | def project_ids_by_role | |
|
583 | return @project_ids_by_role if @project_ids_by_role | |
|
571 | 584 | |
|
572 | 585 | group_class = anonymous? ? GroupAnonymous : GroupNonMember |
|
573 | members = Member.joins(:project, :principal). | |
|
586 | group_id = group_class.pluck(:id).first | |
|
587 | ||
|
588 | members = Member.joins(:project, :member_roles). | |
|
574 | 589 | where("#{Project.table_name}.status <> 9"). |
|
575 |
where("#{Member.table_name}.user_id = ? OR (#{Project.table_name}.is_public = ? AND #{ |
|
|
576 | preload(:project, :roles). | |
|
577 | to_a | |
|
578 | ||
|
579 | members.reject! {|member| member.user_id != id && project_ids.include?(member.project_id)} | |
|
580 | members.each do |member| | |
|
581 | if member.project | |
|
582 | member.roles.each do |role| | |
|
583 | hash[role] = [] unless hash.key?(role) | |
|
584 | hash[role] << member.project | |
|
585 | end | |
|
586 | end | |
|
587 | end | |
|
590 | where("#{Member.table_name}.user_id = ? OR (#{Project.table_name}.is_public = ? AND #{Member.table_name}.user_id = ?)", self.id, true, group_id). | |
|
591 | pluck(:user_id, :role_id, :project_id) | |
|
592 | ||
|
593 | hash = {} | |
|
594 | members.each do |user_id, role_id, project_id| | |
|
595 | # Ignore the roles of the builtin group if the user is a member of the project | |
|
596 | next if user_id != id && project_ids.include?(project_id) | |
|
588 | 597 | |
|
589 | hash.each do |role, projects| | |
|
590 | projects.uniq! | |
|
598 | hash[role_id] ||= [] | |
|
599 | hash[role_id] << project_id | |
|
591 | 600 | end |
|
592 | 601 | |
|
593 | @projects_by_role = hash | |
|
602 | result = Hash.new([]) | |
|
603 | if hash.present? | |
|
604 | roles = Role.where(:id => hash.keys).to_a | |
|
605 | hash.each do |role_id, proj_ids| | |
|
606 | role = roles.detect {|r| r.id == role_id} | |
|
607 | if role | |
|
608 | result[role] = proj_ids.uniq | |
|
609 | end | |
|
610 | end | |
|
611 | end | |
|
612 | @project_ids_by_role = result | |
|
594 | 613 | end |
|
595 | 614 | |
|
596 | 615 | # Returns the ids of visible projects |
|
597 | 616 | def visible_project_ids |
|
598 | 617 | @visible_project_ids ||= Project.visible(self).pluck(:id) |
|
599 | 618 | end |
|
600 | 619 | |
|
601 | 620 | # Returns the roles that the user is allowed to manage for the given project |
|
602 | 621 | def managed_roles(project) |
|
603 | 622 | if admin? |
|
604 | 623 | @managed_roles ||= Role.givable.to_a |
|
605 | 624 | else |
|
606 | 625 | membership(project).try(:managed_roles) || [] |
|
607 | 626 | end |
|
608 | 627 | end |
|
609 | 628 | |
|
610 | 629 | # Returns true if user is arg or belongs to arg |
|
611 | 630 | def is_or_belongs_to?(arg) |
|
612 | 631 | if arg.is_a?(User) |
|
613 | 632 | self == arg |
|
614 | 633 | elsif arg.is_a?(Group) |
|
615 | 634 | arg.users.include?(self) |
|
616 | 635 | else |
|
617 | 636 | false |
|
618 | 637 | end |
|
619 | 638 | end |
|
620 | 639 | |
|
621 | 640 | # Return true if the user is allowed to do the specified action on a specific context |
|
622 | 641 | # Action can be: |
|
623 | 642 | # * a parameter-like Hash (eg. :controller => 'projects', :action => 'edit') |
|
624 | 643 | # * a permission Symbol (eg. :edit_project) |
|
625 | 644 | # Context can be: |
|
626 | 645 | # * a project : returns true if user is allowed to do the specified action on this project |
|
627 | 646 | # * an array of projects : returns true if user is allowed on every project |
|
628 | 647 | # * nil with options[:global] set : check if user has at least one role allowed for this action, |
|
629 | 648 | # or falls back to Non Member / Anonymous permissions depending if the user is logged |
|
630 | 649 | def allowed_to?(action, context, options={}, &block) |
|
631 | 650 | if context && context.is_a?(Project) |
|
632 | 651 | return false unless context.allows_to?(action) |
|
633 | 652 | # Admin users are authorized for anything else |
|
634 | 653 | return true if admin? |
|
635 | 654 | |
|
636 | 655 | roles = roles_for_project(context) |
|
637 | 656 | return false unless roles |
|
638 | 657 | roles.any? {|role| |
|
639 | 658 | (context.is_public? || role.member?) && |
|
640 | 659 | role.allowed_to?(action) && |
|
641 | 660 | (block_given? ? yield(role, self) : true) |
|
642 | 661 | } |
|
643 | 662 | elsif context && context.is_a?(Array) |
|
644 | 663 | if context.empty? |
|
645 | 664 | false |
|
646 | 665 | else |
|
647 | 666 | # Authorize if user is authorized on every element of the array |
|
648 | 667 | context.map {|project| allowed_to?(action, project, options, &block)}.reduce(:&) |
|
649 | 668 | end |
|
650 | 669 | elsif context |
|
651 | 670 | raise ArgumentError.new("#allowed_to? context argument must be a Project, an Array of projects or nil") |
|
652 | 671 | elsif options[:global] |
|
653 | 672 | # Admin users are always authorized |
|
654 | 673 | return true if admin? |
|
655 | 674 | |
|
656 | 675 | # authorize if user has at least one role that has this permission |
|
657 | 676 | roles = memberships.collect {|m| m.roles}.flatten.uniq |
|
658 | 677 | roles << (self.logged? ? Role.non_member : Role.anonymous) |
|
659 | 678 | roles.any? {|role| |
|
660 | 679 | role.allowed_to?(action) && |
|
661 | 680 | (block_given? ? yield(role, self) : true) |
|
662 | 681 | } |
|
663 | 682 | else |
|
664 | 683 | false |
|
665 | 684 | end |
|
666 | 685 | end |
|
667 | 686 | |
|
668 | 687 | # Is the user allowed to do the specified action on any project? |
|
669 | 688 | # See allowed_to? for the actions and valid options. |
|
670 | 689 | # |
|
671 | 690 | # NB: this method is not used anywhere in the core codebase as of |
|
672 | 691 | # 2.5.2, but it's used by many plugins so if we ever want to remove |
|
673 | 692 | # it it has to be carefully deprecated for a version or two. |
|
674 | 693 | def allowed_to_globally?(action, options={}, &block) |
|
675 | 694 | allowed_to?(action, nil, options.reverse_merge(:global => true), &block) |
|
676 | 695 | end |
|
677 | 696 | |
|
678 | 697 | def allowed_to_view_all_time_entries?(context) |
|
679 | 698 | allowed_to?(:view_time_entries, context) do |role, user| |
|
680 | 699 | role.time_entries_visibility == 'all' |
|
681 | 700 | end |
|
682 | 701 | end |
|
683 | 702 | |
|
684 | 703 | # Returns true if the user is allowed to delete the user's own account |
|
685 | 704 | def own_account_deletable? |
|
686 | 705 | Setting.unsubscribe? && |
|
687 | 706 | (!admin? || User.active.where("admin = ? AND id <> ?", true, id).exists?) |
|
688 | 707 | end |
|
689 | 708 | |
|
690 | 709 | safe_attributes 'firstname', |
|
691 | 710 | 'lastname', |
|
692 | 711 | 'mail', |
|
693 | 712 | 'mail_notification', |
|
694 | 713 | 'notified_project_ids', |
|
695 | 714 | 'language', |
|
696 | 715 | 'custom_field_values', |
|
697 | 716 | 'custom_fields', |
|
698 | 717 | 'identity_url' |
|
699 | 718 | |
|
700 | 719 | safe_attributes 'login', |
|
701 | 720 | :if => lambda {|user, current_user| user.new_record?} |
|
702 | 721 | |
|
703 | 722 | safe_attributes 'status', |
|
704 | 723 | 'auth_source_id', |
|
705 | 724 | 'generate_password', |
|
706 | 725 | 'must_change_passwd', |
|
707 | 726 | 'login', |
|
708 | 727 | 'admin', |
|
709 | 728 | :if => lambda {|user, current_user| current_user.admin?} |
|
710 | 729 | |
|
711 | 730 | safe_attributes 'group_ids', |
|
712 | 731 | :if => lambda {|user, current_user| current_user.admin? && !user.new_record?} |
|
713 | 732 | |
|
714 | 733 | # Utility method to help check if a user should be notified about an |
|
715 | 734 | # event. |
|
716 | 735 | # |
|
717 | 736 | # TODO: only supports Issue events currently |
|
718 | 737 | def notify_about?(object) |
|
719 | 738 | if mail_notification == 'all' |
|
720 | 739 | true |
|
721 | 740 | elsif mail_notification.blank? || mail_notification == 'none' |
|
722 | 741 | false |
|
723 | 742 | else |
|
724 | 743 | case object |
|
725 | 744 | when Issue |
|
726 | 745 | case mail_notification |
|
727 | 746 | when 'selected', 'only_my_events' |
|
728 | 747 | # user receives notifications for created/assigned issues on unselected projects |
|
729 | 748 | object.author == self || is_or_belongs_to?(object.assigned_to) || is_or_belongs_to?(object.assigned_to_was) |
|
730 | 749 | when 'only_assigned' |
|
731 | 750 | is_or_belongs_to?(object.assigned_to) || is_or_belongs_to?(object.assigned_to_was) |
|
732 | 751 | when 'only_owner' |
|
733 | 752 | object.author == self |
|
734 | 753 | end |
|
735 | 754 | when News |
|
736 | 755 | # always send to project members except when mail_notification is set to 'none' |
|
737 | 756 | true |
|
738 | 757 | end |
|
739 | 758 | end |
|
740 | 759 | end |
|
741 | 760 | |
|
742 | 761 | def self.current=(user) |
|
743 | 762 | RequestStore.store[:current_user] = user |
|
744 | 763 | end |
|
745 | 764 | |
|
746 | 765 | def self.current |
|
747 | 766 | RequestStore.store[:current_user] ||= User.anonymous |
|
748 | 767 | end |
|
749 | 768 | |
|
750 | 769 | # Returns the anonymous user. If the anonymous user does not exist, it is created. There can be only |
|
751 | 770 | # one anonymous user per database. |
|
752 | 771 | def self.anonymous |
|
753 | 772 | anonymous_user = AnonymousUser.unscoped.first |
|
754 | 773 | if anonymous_user.nil? |
|
755 | 774 | anonymous_user = AnonymousUser.unscoped.create(:lastname => 'Anonymous', :firstname => '', :login => '', :status => 0) |
|
756 | 775 | raise 'Unable to create the anonymous user.' if anonymous_user.new_record? |
|
757 | 776 | end |
|
758 | 777 | anonymous_user |
|
759 | 778 | end |
|
760 | 779 | |
|
761 | 780 | # Salts all existing unsalted passwords |
|
762 | 781 | # It changes password storage scheme from SHA1(password) to SHA1(salt + SHA1(password)) |
|
763 | 782 | # This method is used in the SaltPasswords migration and is to be kept as is |
|
764 | 783 | def self.salt_unsalted_passwords! |
|
765 | 784 | transaction do |
|
766 | 785 | User.where("salt IS NULL OR salt = ''").find_each do |user| |
|
767 | 786 | next if user.hashed_password.blank? |
|
768 | 787 | salt = User.generate_salt |
|
769 | 788 | hashed_password = User.hash_password("#{salt}#{user.hashed_password}") |
|
770 | 789 | User.where(:id => user.id).update_all(:salt => salt, :hashed_password => hashed_password) |
|
771 | 790 | end |
|
772 | 791 | end |
|
773 | 792 | end |
|
774 | 793 | |
|
775 | 794 | protected |
|
776 | 795 | |
|
777 | 796 | def validate_password_length |
|
778 | 797 | return if password.blank? && generate_password? |
|
779 | 798 | # Password length validation based on setting |
|
780 | 799 | if !password.nil? && password.size < Setting.password_min_length.to_i |
|
781 | 800 | errors.add(:password, :too_short, :count => Setting.password_min_length.to_i) |
|
782 | 801 | end |
|
783 | 802 | end |
|
784 | 803 | |
|
785 | 804 | def instantiate_email_address |
|
786 | 805 | email_address || build_email_address |
|
787 | 806 | end |
|
788 | 807 | |
|
789 | 808 | private |
|
790 | 809 | |
|
791 | 810 | def generate_password_if_needed |
|
792 | 811 | if generate_password? && auth_source.nil? |
|
793 | 812 | length = [Setting.password_min_length.to_i + 2, 10].max |
|
794 | 813 | random_password(length) |
|
795 | 814 | end |
|
796 | 815 | end |
|
797 | 816 | |
|
798 | 817 | # Delete all outstanding password reset tokens on password change. |
|
799 | 818 | # Delete the autologin tokens on password change to prohibit session leakage. |
|
800 | 819 | # This helps to keep the account secure in case the associated email account |
|
801 | 820 | # was compromised. |
|
802 | 821 | def destroy_tokens |
|
803 | 822 | if hashed_password_changed? || (status_changed? && !active?) |
|
804 | 823 | tokens = ['recovery', 'autologin', 'session'] |
|
805 | 824 | Token.where(:user_id => id, :action => tokens).delete_all |
|
806 | 825 | end |
|
807 | 826 | end |
|
808 | 827 | |
|
809 | 828 | # Removes references that are not handled by associations |
|
810 | 829 | # Things that are not deleted are reassociated with the anonymous user |
|
811 | 830 | def remove_references_before_destroy |
|
812 | 831 | return if self.id.nil? |
|
813 | 832 | |
|
814 | 833 | substitute = User.anonymous |
|
815 | 834 | Attachment.where(['author_id = ?', id]).update_all(['author_id = ?', substitute.id]) |
|
816 | 835 | Comment.where(['author_id = ?', id]).update_all(['author_id = ?', substitute.id]) |
|
817 | 836 | Issue.where(['author_id = ?', id]).update_all(['author_id = ?', substitute.id]) |
|
818 | 837 | Issue.where(['assigned_to_id = ?', id]).update_all('assigned_to_id = NULL') |
|
819 | 838 | Journal.where(['user_id = ?', id]).update_all(['user_id = ?', substitute.id]) |
|
820 | 839 | JournalDetail. |
|
821 | 840 | where(["property = 'attr' AND prop_key = 'assigned_to_id' AND old_value = ?", id.to_s]). |
|
822 | 841 | update_all(['old_value = ?', substitute.id.to_s]) |
|
823 | 842 | JournalDetail. |
|
824 | 843 | where(["property = 'attr' AND prop_key = 'assigned_to_id' AND value = ?", id.to_s]). |
|
825 | 844 | update_all(['value = ?', substitute.id.to_s]) |
|
826 | 845 | Message.where(['author_id = ?', id]).update_all(['author_id = ?', substitute.id]) |
|
827 | 846 | News.where(['author_id = ?', id]).update_all(['author_id = ?', substitute.id]) |
|
828 | 847 | # Remove private queries and keep public ones |
|
829 | 848 | ::Query.where('user_id = ? AND visibility = ?', id, ::Query::VISIBILITY_PRIVATE).delete_all |
|
830 | 849 | ::Query.where(['user_id = ?', id]).update_all(['user_id = ?', substitute.id]) |
|
831 | 850 | TimeEntry.where(['user_id = ?', id]).update_all(['user_id = ?', substitute.id]) |
|
832 | 851 | Token.where('user_id = ?', id).delete_all |
|
833 | 852 | Watcher.where('user_id = ?', id).delete_all |
|
834 | 853 | WikiContent.where(['author_id = ?', id]).update_all(['author_id = ?', substitute.id]) |
|
835 | 854 | WikiContent::Version.where(['author_id = ?', id]).update_all(['author_id = ?', substitute.id]) |
|
836 | 855 | end |
|
837 | 856 | |
|
838 | 857 | # Return password digest |
|
839 | 858 | def self.hash_password(clear_password) |
|
840 | 859 | Digest::SHA1.hexdigest(clear_password || "") |
|
841 | 860 | end |
|
842 | 861 | |
|
843 | 862 | # Returns a 128bits random salt as a hex string (32 chars long) |
|
844 | 863 | def self.generate_salt |
|
845 | 864 | Redmine::Utils.random_hex(16) |
|
846 | 865 | end |
|
847 | 866 | |
|
848 | 867 | # Send a security notification to all admins if the user has gained/lost admin privileges |
|
849 | 868 | def deliver_security_notification |
|
850 | 869 | options = { |
|
851 | 870 | field: :field_admin, |
|
852 | 871 | value: login, |
|
853 | 872 | title: :label_user_plural, |
|
854 | 873 | url: {controller: 'users', action: 'index'} |
|
855 | 874 | } |
|
856 | 875 | |
|
857 | 876 | deliver = false |
|
858 | 877 | if (admin? && id_changed? && active?) || # newly created admin |
|
859 | 878 | (admin? && admin_changed? && active?) || # regular user became admin |
|
860 | 879 | (admin? && status_changed? && active?) # locked admin became active again |
|
861 | 880 | |
|
862 | 881 | deliver = true |
|
863 | 882 | options[:message] = :mail_body_security_notification_add |
|
864 | 883 | |
|
865 | 884 | elsif (admin? && destroyed? && active?) || # active admin user was deleted |
|
866 | 885 | (!admin? && admin_changed? && active?) || # admin is no longer admin |
|
867 | 886 | (admin? && status_changed? && !active?) # admin was locked |
|
868 | 887 | |
|
869 | 888 | deliver = true |
|
870 | 889 | options[:message] = :mail_body_security_notification_remove |
|
871 | 890 | end |
|
872 | 891 | |
|
873 | 892 | if deliver |
|
874 | 893 | users = User.active.where(admin: true).to_a |
|
875 | 894 | Mailer.security_notification(users, options).deliver |
|
876 | 895 | end |
|
877 | 896 | end |
|
878 | 897 | end |
|
879 | 898 | |
|
880 | 899 | class AnonymousUser < User |
|
881 | 900 | validate :validate_anonymous_uniqueness, :on => :create |
|
882 | 901 | |
|
883 | 902 | self.valid_statuses = [STATUS_ANONYMOUS] |
|
884 | 903 | |
|
885 | 904 | def validate_anonymous_uniqueness |
|
886 | 905 | # There should be only one AnonymousUser in the database |
|
887 | 906 | errors.add :base, 'An anonymous user already exists.' if AnonymousUser.exists? |
|
888 | 907 | end |
|
889 | 908 | |
|
890 | 909 | def available_custom_fields |
|
891 | 910 | [] |
|
892 | 911 | end |
|
893 | 912 | |
|
894 | 913 | # Overrides a few properties |
|
895 | 914 | def logged?; false end |
|
896 | 915 | def admin; false end |
|
897 | 916 | def name(*args); I18n.t(:label_user_anonymous) end |
|
898 | 917 | def mail=(*args); nil end |
|
899 | 918 | def mail; nil end |
|
900 | 919 | def time_zone; nil end |
|
901 | 920 | def rss_key; nil end |
|
902 | 921 | |
|
903 | 922 | def pref |
|
904 | 923 | UserPreference.new(:user => self) |
|
905 | 924 | end |
|
906 | 925 | |
|
907 | 926 | # Returns the user's bult-in role |
|
908 | 927 | def builtin_role |
|
909 | 928 | @builtin_role ||= Role.anonymous |
|
910 | 929 | end |
|
911 | 930 | |
|
912 | 931 | def membership(*args) |
|
913 | 932 | nil |
|
914 | 933 | end |
|
915 | 934 | |
|
916 | 935 | def member_of?(*args) |
|
917 | 936 | false |
|
918 | 937 | end |
|
919 | 938 | |
|
920 | 939 | # Anonymous user can not be destroyed |
|
921 | 940 | def destroy |
|
922 | 941 | false |
|
923 | 942 | end |
|
924 | 943 | |
|
925 | 944 | protected |
|
926 | 945 | |
|
927 | 946 | def instantiate_email_address |
|
928 | 947 | end |
|
929 | 948 | end |
General Comments 0
You need to be logged in to leave comments.
Login now