jro_apps/redmine Commit - r619:a8b202c9bc6b

1

# redMine - project management software

1

# redMine - project management software

2

3

#

3

#

4

# This program is free software; you can redistribute it and/or

4

# This program is free software; you can redistribute it and/or

5

# modify it under the terms of the GNU General Public License

5

# modify it under the terms of the GNU General Public License

6

# as published by the Free Software Foundation; either version 2

6

# as published by the Free Software Foundation; either version 2

7

# of the License, or (at your option) any later version.

7

# of the License, or (at your option) any later version.

8

#

8

#

9

# This program is distributed in the hope that it will be useful,

9

# This program is distributed in the hope that it will be useful,

10

# but WITHOUT ANY WARRANTY; without even the implied warranty of

10

# but WITHOUT ANY WARRANTY; without even the implied warranty of

11

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

11

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

12

# GNU General Public License for more details.

12

# GNU General Public License for more details.

13

#

13

#

14

# You should have received a copy of the GNU General Public License

14

# You should have received a copy of the GNU General Public License

15

# along with this program; if not, write to the Free Software

15

# along with this program; if not, write to the Free Software

16

# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.

16

# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.

17

18

class AccountController < ApplicationController

18

class AccountController < ApplicationController

19

layout 'base'

19

layout 'base'

20

helper :custom_fields

20

helper :custom_fields

21

include CustomFieldsHelper

21

include CustomFieldsHelper

22

23

# prevents login action to be filtered by check_if_login_required application scope filter

23

# prevents login action to be filtered by check_if_login_required application scope filter

24

skip_before_filter :check_if_login_required, :only => [:login, :lost_password, :register]

24

skip_before_filter :check_if_login_required, :only => [:login, :lost_password, :register]

25

before_filter :require_login, :only => :logout

25

before_filter :require_login, :only => :logout

26

27

# Show user's account

27

# Show user's account

28

def show

28

def show

29

@user = User.find(params[:id])

29

@user = User.find_active(params[:id])

30

@custom_values = @user.custom_values.find(:all, :include => :custom_field)

30

@custom_values = @user.custom_values.find(:all, :include => :custom_field)

31

32

# show only public projects and private projects that the logged in user is also a member of

32

# show only public projects and private projects that the logged in user is also a member of

33

@memberships = @user.memberships.select do |membership|

33

@memberships = @user.memberships.select do |membership|

34

membership.project.is_public? || (logged_in_user && logged_in_user.role_for_project(membership.project))

34

membership.project.is_public? || (logged_in_user && logged_in_user.role_for_project(membership.project))

35

end

35

end

36

rescue ActiveRecord::RecordNotFound

36

rescue ActiveRecord::RecordNotFound

37

render_404

37

render_404

38

end

38

end

39

40

# Login request and validation

40

# Login request and validation

41

def login

41

def login

42

if request.get?

42

if request.get?

43

# Logout user

43

# Logout user

44

self.logged_in_user = nil

44

self.logged_in_user = nil

45

else

45

else

46

# Authenticate user

46

# Authenticate user

47

user = User.try_to_login(params[:login], params[:password])

47

user = User.try_to_login(params[:login], params[:password])

48

if user

48

if user

49

self.logged_in_user = user

49

self.logged_in_user = user

50

# generate a key and set cookie if autologin

50

# generate a key and set cookie if autologin

51

if params[:autologin] && Setting.autologin?

51

if params[:autologin] && Setting.autologin?

52

token = Token.create(:user => user, :action => 'autologin')

52

token = Token.create(:user => user, :action => 'autologin')

53

cookies[:autologin] = { :value => token.value, :expires => 1.year.from_now }

53

cookies[:autologin] = { :value => token.value, :expires => 1.year.from_now }

54

end

54

end

55

redirect_back_or_default :controller => 'my', :action => 'page'

55

redirect_back_or_default :controller => 'my', :action => 'page'

56

else

56

else

57

flash.now[:error] = l(:notice_account_invalid_creditentials)

57

flash.now[:error] = l(:notice_account_invalid_creditentials)

58

end

58

end

59

end

59

end

60

end

60

end

61

62

# Log out current user and redirect to welcome page

62

# Log out current user and redirect to welcome page

63

def logout

63

def logout

64

cookies.delete :autologin

64

cookies.delete :autologin

65

Token.delete_all(["user_id = ? AND action = ?", logged_in_user.id, "autologin"]) if logged_in_user

65

Token.delete_all(["user_id = ? AND action = ?", logged_in_user.id, "autologin"]) if logged_in_user

66

self.logged_in_user = nil

66

self.logged_in_user = nil

67

redirect_to :controller => 'welcome'

67

redirect_to :controller => 'welcome'

68

end

68

end

69

70

# Enable user to choose a new password

70

# Enable user to choose a new password

71

def lost_password

71

def lost_password

72

redirect_to :controller => 'welcome' and return unless Setting.lost_password?

72

redirect_to :controller => 'welcome' and return unless Setting.lost_password?

73

if params[:token]

73

if params[:token]

74

@token = Token.find_by_action_and_value("recovery", params[:token])

74

@token = Token.find_by_action_and_value("recovery", params[:token])

75

redirect_to :controller => 'welcome' and return unless @token and !@token.expired?

75

redirect_to :controller => 'welcome' and return unless @token and !@token.expired?

76

@user = @token.user

76

@user = @token.user

77

if request.post?

77

if request.post?

78

@user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation]

78

@user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation]

79

if @user.save

79

if @user.save

80

@token.destroy

80

@token.destroy

81

flash[:notice] = l(:notice_account_password_updated)

81

flash[:notice] = l(:notice_account_password_updated)

82

redirect_to :action => 'login'

82

redirect_to :action => 'login'

83

return

83

return

84

end

84

end

85

end

85

end

86

render :template => "account/password_recovery"

86

render :template => "account/password_recovery"

87

return

87

return

88

else

88

else

89

if request.post?

89

if request.post?

90

user = User.find_by_mail(params[:mail])

90

user = User.find_by_mail(params[:mail])

91

# user not found in db

91

# user not found in db

92

flash.now[:error] = l(:notice_account_unknown_email) and return unless user

92

flash.now[:error] = l(:notice_account_unknown_email) and return unless user

93

# user uses an external authentification

93

# user uses an external authentification

94

flash.now[:error] = l(:notice_can_t_change_password) and return if user.auth_source_id

94

flash.now[:error] = l(:notice_can_t_change_password) and return if user.auth_source_id

95

# create a new token for password recovery

95

# create a new token for password recovery

96

token = Token.new(:user => user, :action => "recovery")

96

token = Token.new(:user => user, :action => "recovery")

97

if token.save

97

if token.save

98

Mailer.deliver_lost_password(token)

98

Mailer.deliver_lost_password(token)

99

flash[:notice] = l(:notice_account_lost_email_sent)

99

flash[:notice] = l(:notice_account_lost_email_sent)

100

redirect_to :action => 'login'

100

redirect_to :action => 'login'

101

return

101

return

102

end

102

end

103

end

103

end

104

end

104

end

105

end

105

end

106

107

# User self-registration

107

# User self-registration

108

def register

108

def register

109

redirect_to :controller => 'welcome' and return unless Setting.self_registration?

109

redirect_to :controller => 'welcome' and return unless Setting.self_registration?

110

if params[:token]

110

if params[:token]

111

token = Token.find_by_action_and_value("register", params[:token])

111

token = Token.find_by_action_and_value("register", params[:token])

112

redirect_to :controller => 'welcome' and return unless token and !token.expired?

112

redirect_to :controller => 'welcome' and return unless token and !token.expired?

113

user = token.user

113

user = token.user

114

redirect_to :controller => 'welcome' and return unless user.status == User::STATUS_REGISTERED

114

redirect_to :controller => 'welcome' and return unless user.status == User::STATUS_REGISTERED

115

user.status = User::STATUS_ACTIVE

115

user.status = User::STATUS_ACTIVE

116

if user.save

116

if user.save

117

token.destroy

117

token.destroy

118

flash[:notice] = l(:notice_account_activated)

118

flash[:notice] = l(:notice_account_activated)

119

redirect_to :action => 'login'

119

redirect_to :action => 'login'

120

return

120

return

121

end

121

end

122

else

122

else

123

if request.get?

123

if request.get?

124

@user = User.new(:language => Setting.default_language)

124

@user = User.new(:language => Setting.default_language)

125

@custom_values = UserCustomField.find(:all).collect { |x| CustomValue.new(:custom_field => x, :customized => @user) }

125

@custom_values = UserCustomField.find(:all).collect { |x| CustomValue.new(:custom_field => x, :customized => @user) }

126

else

126

else

127

@user = User.new(params[:user])

127

@user = User.new(params[:user])

128

@user.admin = false

128

@user.admin = false

129

@user.login = params[:user][:login]

129

@user.login = params[:user][:login]

130

@user.status = User::STATUS_REGISTERED

130

@user.status = User::STATUS_REGISTERED

131

@user.password, @user.password_confirmation = params[:password], params[:password_confirmation]

131

@user.password, @user.password_confirmation = params[:password], params[:password_confirmation]

132

@custom_values = UserCustomField.find(:all).collect { |x| CustomValue.new(:custom_field => x, :customized => @user, :value => params["custom_fields"][x.id.to_s]) }

132

@custom_values = UserCustomField.find(:all).collect { |x| CustomValue.new(:custom_field => x, :customized => @user, :value => params["custom_fields"][x.id.to_s]) }

133

@user.custom_values = @custom_values

133

@user.custom_values = @custom_values

134

token = Token.new(:user => @user, :action => "register")

134

token = Token.new(:user => @user, :action => "register")

135

if @user.save and token.save

135

if @user.save and token.save

136

Mailer.deliver_register(token)

136

Mailer.deliver_register(token)

137

flash[:notice] = l(:notice_account_register_done)

137

flash[:notice] = l(:notice_account_register_done)

138

redirect_to :controller => 'account', :action => 'login'

138

redirect_to :controller => 'account', :action => 'login'

139

end

139

end

140

end

140

end

141

end

141

end

142

end

142

end

143

end

143

end

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

             # redMine - project management software
             # Copyright (C) 2006-2007  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             class AccountController < ApplicationController
               layout 'base'
               helper :custom_fields
               include CustomFieldsHelper
               # prevents login action to be filtered by check_if_login_required application scope filter
               skip_before_filter :check_if_login_required, :only => [:login, :lost_password, :register]
               before_filter :require_login, :only => :logout
               # Show user's account
               def show
-                @user = User.find(params[:id])
+                @user = User.find_active(params[:id])
                 @custom_values = @user.custom_values.find(:all, :include => :custom_field)
                 # show only public projects and private projects that the logged in user is also a member of
                 @memberships = @user.memberships.select do |membership|
                   membership.project.is_public? || (logged_in_user && logged_in_user.role_for_project(membership.project))
                 end
               rescue ActiveRecord::RecordNotFound
                 render_404
               end
               # Login request and validation
               def login
                 if request.get?
                   # Logout user
                   self.logged_in_user = nil
                 else
                   # Authenticate user
                   user = User.try_to_login(params[:login], params[:password])
                   if user
                     self.logged_in_user = user
                     # generate a key and set cookie if autologin
                     if params[:autologin] && Setting.autologin?
                       token = Token.create(:user => user, :action => 'autologin')
                       cookies[:autologin] = { :value => token.value, :expires => 1.year.from_now }
                     end
                     redirect_back_or_default :controller => 'my', :action => 'page'
                   else
                     flash.now[:error] = l(:notice_account_invalid_creditentials)
                   end
                 end
               end
               # Log out current user and redirect to welcome page
               def logout
                 cookies.delete :autologin
                 Token.delete_all(["user_id = ? AND action = ?", logged_in_user.id, "autologin"]) if logged_in_user
                 self.logged_in_user = nil
                 redirect_to :controller => 'welcome'
               end
               # Enable user to choose a new password
               def lost_password
                 redirect_to :controller => 'welcome' and return unless Setting.lost_password?
                 if params[:token]
                   @token = Token.find_by_action_and_value("recovery", params[:token])
                   redirect_to :controller => 'welcome' and return unless @token and !@token.expired?
                   @user = @token.user
                   if request.post?
                     @user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation]
                     if @user.save
                       @token.destroy
                       flash[:notice] = l(:notice_account_password_updated)
                       redirect_to :action => 'login'
                       return
                     end
                   end
                   render :template => "account/password_recovery"
                   return
                 else
                   if request.post?
                     user = User.find_by_mail(params[:mail])
                     # user not found in db
                     flash.now[:error] = l(:notice_account_unknown_email) and return unless user
                     # user uses an external authentification
                     flash.now[:error] = l(:notice_can_t_change_password) and return if user.auth_source_id
                     # create a new token for password recovery
                     token = Token.new(:user => user, :action => "recovery")
                     if token.save
                       Mailer.deliver_lost_password(token)
                       flash[:notice] = l(:notice_account_lost_email_sent)
                       redirect_to :action => 'login'
                       return
                     end
                   end
                 end
               end
               # User self-registration
               def register
                 redirect_to :controller => 'welcome' and return unless Setting.self_registration?
                 if params[:token]
                   token = Token.find_by_action_and_value("register", params[:token])
                   redirect_to :controller => 'welcome' and return unless token and !token.expired?
                   user = token.user
                   redirect_to :controller => 'welcome' and return unless user.status == User::STATUS_REGISTERED
                   user.status = User::STATUS_ACTIVE
                   if user.save
                     token.destroy
                     flash[:notice] = l(:notice_account_activated)
                     redirect_to :action => 'login'
                     return
                   end
                 else
                   if request.get?
                     @user = User.new(:language => Setting.default_language)
                     @custom_values = UserCustomField.find(:all).collect { |x| CustomValue.new(:custom_field => x, :customized => @user) }
                   else
                     @user = User.new(params[:user])
                     @user.admin = false
                     @user.login = params[:user][:login]
                     @user.status = User::STATUS_REGISTERED
                     @user.password, @user.password_confirmation = params[:password], params[:password_confirmation]
                     @custom_values = UserCustomField.find(:all).collect { |x| CustomValue.new(:custom_field => x, :customized => @user, :value => params["custom_fields"][x.id.to_s]) }
                     @user.custom_values = @custom_values
                     token = Token.new(:user => @user, :action => "register")
                     if @user.save and token.save
                       Mailer.deliver_register(token)
                       flash[:notice] = l(:notice_account_register_done)
                       redirect_to :controller => 'account', :action => 'login'
                     end
                   end
                 end
               end
             end