##// END OF EJS Templates
jro_apps » redmine
RSS
API: creating an issue with an invalid project_id should return 422 instead of 403 (#19276)....
Jean-Philippe Lang -
r13759:d5093417971b
parent child
Show More
Side by Side Unified
Context file:
r13759:d5093417971b Loading diff...:
Show file before | Show file after | Hide comments
@@ -1,508 +1,508
1 1 # Redmine - project management software
2 2 # Copyright (C) 2006-2015 Jean-Philippe Lang
3 3 #
4 4 # This program is free software; you can redistribute it and/or
5 5 # modify it under the terms of the GNU General Public License
6 6 # as published by the Free Software Foundation; either version 2
7 7 # of the License, or (at your option) any later version.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU General Public License
15 15 # along with this program; if not, write to the Free Software
16 16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17 17
18 18 class IssuesController < ApplicationController
19 19 menu_item :new_issue, :only => [:new, :create]
20 20 default_search_scope :issues
21 21
22 22 before_filter :find_issue, :only => [:show, :edit, :update]
23 23 before_filter :find_issues, :only => [:bulk_edit, :bulk_update, :destroy]
24 24 before_filter :authorize, :except => [:index, :new, :create]
25 25 before_filter :find_optional_project, :only => [:index, :new, :create]
26 26 before_filter :build_new_issue_from_params, :only => [:new, :create]
27 27 accept_rss_auth :index, :show
28 28 accept_api_auth :index, :show, :create, :update, :destroy
29 29
30 30 rescue_from Query::StatementInvalid, :with => :query_statement_invalid
31 31
32 32 helper :journals
33 33 helper :projects
34 34 helper :custom_fields
35 35 helper :issue_relations
36 36 helper :watchers
37 37 helper :attachments
38 38 helper :queries
39 39 include QueriesHelper
40 40 helper :repositories
41 41 helper :sort
42 42 include SortHelper
43 43 helper :timelog
44 44
45 45 def index
46 46 retrieve_query
47 47 sort_init(@query.sort_criteria.empty? ? [['id', 'desc']] : @query.sort_criteria)
48 48 sort_update(@query.sortable_columns)
49 49 @query.sort_criteria = sort_criteria.to_a
50 50
51 51 if @query.valid?
52 52 case params[:format]
53 53 when 'csv', 'pdf'
54 54 @limit = Setting.issues_export_limit.to_i
55 55 if params[:columns] == 'all'
56 56 @query.column_names = @query.available_inline_columns.map(&:name)
57 57 end
58 58 when 'atom'
59 59 @limit = Setting.feeds_limit.to_i
60 60 when 'xml', 'json'
61 61 @offset, @limit = api_offset_and_limit
62 62 @query.column_names = %w(author)
63 63 else
64 64 @limit = per_page_option
65 65 end
66 66
67 67 @issue_count = @query.issue_count
68 68 @issue_pages = Paginator.new @issue_count, @limit, params['page']
69 69 @offset ||= @issue_pages.offset
70 70 @issues = @query.issues(:include => [:assigned_to, :tracker, :priority, :category, :fixed_version],
71 71 :order => sort_clause,
72 72 :offset => @offset,
73 73 :limit => @limit)
74 74 @issue_count_by_group = @query.issue_count_by_group
75 75
76 76 respond_to do |format|
77 77 format.html { render :template => 'issues/index', :layout => !request.xhr? }
78 78 format.api {
79 79 Issue.load_visible_relations(@issues) if include_in_api_response?('relations')
80 80 }
81 81 format.atom { render_feed(@issues, :title => "#{@project || Setting.app_title}: #{l(:label_issue_plural)}") }
82 82 format.csv { send_data(query_to_csv(@issues, @query, params), :type => 'text/csv; header=present', :filename => 'issues.csv') }
83 83 format.pdf { send_file_headers! :type => 'application/pdf', :filename => 'issues.pdf' }
84 84 end
85 85 else
86 86 respond_to do |format|
87 87 format.html { render(:template => 'issues/index', :layout => !request.xhr?) }
88 88 format.any(:atom, :csv, :pdf) { render(:nothing => true) }
89 89 format.api { render_validation_errors(@query) }
90 90 end
91 91 end
92 92 rescue ActiveRecord::RecordNotFound
93 93 render_404
94 94 end
95 95
96 96 def show
97 97 @journals = @issue.journals.includes(:user, :details).
98 98 references(:user, :details).
99 99 reorder("#{Journal.table_name}.id ASC").to_a
100 100 @journals.each_with_index {|j,i| j.indice = i+1}
101 101 @journals.reject!(&:private_notes?) unless User.current.allowed_to?(:view_private_notes, @issue.project)
102 102 Journal.preload_journals_details_custom_fields(@journals)
103 103 @journals.select! {|journal| journal.notes? || journal.visible_details.any?}
104 104 @journals.reverse! if User.current.wants_comments_in_reverse_order?
105 105
106 106 @changesets = @issue.changesets.visible.to_a
107 107 @changesets.reverse! if User.current.wants_comments_in_reverse_order?
108 108
109 109 @relations = @issue.relations.select {|r| r.other_issue(@issue) && r.other_issue(@issue).visible? }
110 110 @allowed_statuses = @issue.new_statuses_allowed_to(User.current)
111 111 @priorities = IssuePriority.active
112 112 @time_entry = TimeEntry.new(:issue => @issue, :project => @issue.project)
113 113 @relation = IssueRelation.new
114 114
115 115 respond_to do |format|
116 116 format.html {
117 117 retrieve_previous_and_next_issue_ids
118 118 render :template => 'issues/show'
119 119 }
120 120 format.api
121 121 format.atom { render :template => 'journals/index', :layout => false, :content_type => 'application/atom+xml' }
122 122 format.pdf {
123 123 send_file_headers! :type => 'application/pdf', :filename => "#{@project.identifier}-#{@issue.id}.pdf"
124 124 }
125 125 end
126 126 end
127 127
128 128 def new
129 129 respond_to do |format|
130 130 format.html { render :action => 'new', :layout => !request.xhr? }
131 131 format.js
132 132 end
133 133 end
134 134
135 135 def create
136 unless User.current.allowed_to?(:add_issues, @issue.project)
136 unless User.current.allowed_to?(:add_issues, @issue.project, :global => true)
137 137 raise ::Unauthorized
138 138 end
139 139 call_hook(:controller_issues_new_before_save, { :params => params, :issue => @issue })
140 140 @issue.save_attachments(params[:attachments] || (params[:issue] && params[:issue][:uploads]))
141 141 if @issue.save
142 142 call_hook(:controller_issues_new_after_save, { :params => params, :issue => @issue})
143 143 respond_to do |format|
144 144 format.html {
145 145 render_attachment_warning_if_needed(@issue)
146 146 flash[:notice] = l(:notice_issue_successful_create, :id => view_context.link_to("##{@issue.id}", issue_path(@issue), :title => @issue.subject))
147 147 redirect_after_create
148 148 }
149 149 format.api { render :action => 'show', :status => :created, :location => issue_url(@issue) }
150 150 end
151 151 return
152 152 else
153 153 respond_to do |format|
154 154 format.html { render :action => 'new' }
155 155 format.api { render_validation_errors(@issue) }
156 156 end
157 157 end
158 158 end
159 159
160 160 def edit
161 161 return unless update_issue_from_params
162 162
163 163 respond_to do |format|
164 164 format.html { }
165 165 format.js
166 166 end
167 167 end
168 168
169 169 def update
170 170 return unless update_issue_from_params
171 171 @issue.save_attachments(params[:attachments] || (params[:issue] && params[:issue][:uploads]))
172 172 saved = false
173 173 begin
174 174 saved = save_issue_with_child_records
175 175 rescue ActiveRecord::StaleObjectError
176 176 @conflict = true
177 177 if params[:last_journal_id]
178 178 @conflict_journals = @issue.journals_after(params[:last_journal_id]).to_a
179 179 @conflict_journals.reject!(&:private_notes?) unless User.current.allowed_to?(:view_private_notes, @issue.project)
180 180 end
181 181 end
182 182
183 183 if saved
184 184 render_attachment_warning_if_needed(@issue)
185 185 flash[:notice] = l(:notice_successful_update) unless @issue.current_journal.new_record?
186 186
187 187 respond_to do |format|
188 188 format.html { redirect_back_or_default issue_path(@issue) }
189 189 format.api { render_api_ok }
190 190 end
191 191 else
192 192 respond_to do |format|
193 193 format.html { render :action => 'edit' }
194 194 format.api { render_validation_errors(@issue) }
195 195 end
196 196 end
197 197 end
198 198
199 199 # Bulk edit/copy a set of issues
200 200 def bulk_edit
201 201 @issues.sort!
202 202 @copy = params[:copy].present?
203 203 @notes = params[:notes]
204 204
205 205 if @copy
206 206 unless User.current.allowed_to?(:copy_issues, @projects)
207 207 raise ::Unauthorized
208 208 end
209 209 end
210 210
211 211 @allowed_projects = Issue.allowed_target_projects
212 212 if params[:issue]
213 213 @target_project = @allowed_projects.detect {|p| p.id.to_s == params[:issue][:project_id].to_s}
214 214 if @target_project
215 215 target_projects = [@target_project]
216 216 end
217 217 end
218 218 target_projects ||= @projects
219 219
220 220 if @copy
221 221 # Copied issues will get their default statuses
222 222 @available_statuses = []
223 223 else
224 224 @available_statuses = @issues.map(&:new_statuses_allowed_to).reduce(:&)
225 225 end
226 226 @custom_fields = target_projects.map{|p|p.all_issue_custom_fields.visible}.reduce(:&)
227 227 @assignables = target_projects.map(&:assignable_users).reduce(:&)
228 228 @trackers = target_projects.map(&:trackers).reduce(:&)
229 229 @versions = target_projects.map {|p| p.shared_versions.open}.reduce(:&)
230 230 @categories = target_projects.map {|p| p.issue_categories}.reduce(:&)
231 231 if @copy
232 232 @attachments_present = @issues.detect {|i| i.attachments.any?}.present?
233 233 @subtasks_present = @issues.detect {|i| !i.leaf?}.present?
234 234 end
235 235
236 236 @safe_attributes = @issues.map(&:safe_attribute_names).reduce(:&)
237 237
238 238 @issue_params = params[:issue] || {}
239 239 @issue_params[:custom_field_values] ||= {}
240 240 end
241 241
242 242 def bulk_update
243 243 @issues.sort!
244 244 @copy = params[:copy].present?
245 245 attributes = parse_params_for_bulk_issue_attributes(params)
246 246
247 247 if @copy
248 248 unless User.current.allowed_to?(:copy_issues, @projects)
249 249 raise ::Unauthorized
250 250 end
251 251 target_projects = @projects
252 252 if attributes['project_id'].present?
253 253 target_projects = Project.where(:id => attributes['project_id']).to_a
254 254 end
255 255 unless User.current.allowed_to?(:add_issues, target_projects)
256 256 raise ::Unauthorized
257 257 end
258 258 end
259 259
260 260 unsaved_issues = []
261 261 saved_issues = []
262 262
263 263 if @copy && params[:copy_subtasks].present?
264 264 # Descendant issues will be copied with the parent task
265 265 # Don't copy them twice
266 266 @issues.reject! {|issue| @issues.detect {|other| issue.is_descendant_of?(other)}}
267 267 end
268 268
269 269 @issues.each do |orig_issue|
270 270 orig_issue.reload
271 271 if @copy
272 272 issue = orig_issue.copy({},
273 273 :attachments => params[:copy_attachments].present?,
274 274 :subtasks => params[:copy_subtasks].present?,
275 275 :link => link_copy?(params[:link_copy])
276 276 )
277 277 else
278 278 issue = orig_issue
279 279 end
280 280 journal = issue.init_journal(User.current, params[:notes])
281 281 issue.safe_attributes = attributes
282 282 call_hook(:controller_issues_bulk_edit_before_save, { :params => params, :issue => issue })
283 283 if issue.save
284 284 saved_issues << issue
285 285 else
286 286 unsaved_issues << orig_issue
287 287 end
288 288 end
289 289
290 290 if unsaved_issues.empty?
291 291 flash[:notice] = l(:notice_successful_update) unless saved_issues.empty?
292 292 if params[:follow]
293 293 if @issues.size == 1 && saved_issues.size == 1
294 294 redirect_to issue_path(saved_issues.first)
295 295 elsif saved_issues.map(&:project).uniq.size == 1
296 296 redirect_to project_issues_path(saved_issues.map(&:project).first)
297 297 end
298 298 else
299 299 redirect_back_or_default _project_issues_path(@project)
300 300 end
301 301 else
302 302 @saved_issues = @issues
303 303 @unsaved_issues = unsaved_issues
304 304 @issues = Issue.visible.where(:id => @unsaved_issues.map(&:id)).to_a
305 305 bulk_edit
306 306 render :action => 'bulk_edit'
307 307 end
308 308 end
309 309
310 310 def destroy
311 311 @hours = TimeEntry.where(:issue_id => @issues.map(&:id)).sum(:hours).to_f
312 312 if @hours > 0
313 313 case params[:todo]
314 314 when 'destroy'
315 315 # nothing to do
316 316 when 'nullify'
317 317 TimeEntry.where(['issue_id IN (?)', @issues]).update_all('issue_id = NULL')
318 318 when 'reassign'
319 319 reassign_to = @project.issues.find_by_id(params[:reassign_to_id])
320 320 if reassign_to.nil?
321 321 flash.now[:error] = l(:error_issue_not_found_in_project)
322 322 return
323 323 else
324 324 TimeEntry.where(['issue_id IN (?)', @issues]).
325 325 update_all("issue_id = #{reassign_to.id}")
326 326 end
327 327 else
328 328 # display the destroy form if it's a user request
329 329 return unless api_request?
330 330 end
331 331 end
332 332 @issues.each do |issue|
333 333 begin
334 334 issue.reload.destroy
335 335 rescue ::ActiveRecord::RecordNotFound # raised by #reload if issue no longer exists
336 336 # nothing to do, issue was already deleted (eg. by a parent)
337 337 end
338 338 end
339 339 respond_to do |format|
340 340 format.html { redirect_back_or_default _project_issues_path(@project) }
341 341 format.api { render_api_ok }
342 342 end
343 343 end
344 344
345 345 private
346 346
347 347 def retrieve_previous_and_next_issue_ids
348 348 retrieve_query_from_session
349 349 if @query
350 350 sort_init(@query.sort_criteria.empty? ? [['id', 'desc']] : @query.sort_criteria)
351 351 sort_update(@query.sortable_columns, 'issues_index_sort')
352 352 limit = 500
353 353 issue_ids = @query.issue_ids(:order => sort_clause, :limit => (limit + 1), :include => [:assigned_to, :tracker, :priority, :category, :fixed_version])
354 354 if (idx = issue_ids.index(@issue.id)) && idx < limit
355 355 if issue_ids.size < 500
356 356 @issue_position = idx + 1
357 357 @issue_count = issue_ids.size
358 358 end
359 359 @prev_issue_id = issue_ids[idx - 1] if idx > 0
360 360 @next_issue_id = issue_ids[idx + 1] if idx < (issue_ids.size - 1)
361 361 end
362 362 end
363 363 end
364 364
365 365 # Used by #edit and #update to set some common instance variables
366 366 # from the params
367 367 def update_issue_from_params
368 368 @time_entry = TimeEntry.new(:issue => @issue, :project => @issue.project)
369 369 if params[:time_entry]
370 370 @time_entry.attributes = params[:time_entry]
371 371 end
372 372
373 373 @issue.init_journal(User.current)
374 374
375 375 issue_attributes = params[:issue]
376 376 if issue_attributes && params[:conflict_resolution]
377 377 case params[:conflict_resolution]
378 378 when 'overwrite'
379 379 issue_attributes = issue_attributes.dup
380 380 issue_attributes.delete(:lock_version)
381 381 when 'add_notes'
382 382 issue_attributes = issue_attributes.slice(:notes)
383 383 when 'cancel'
384 384 redirect_to issue_path(@issue)
385 385 return false
386 386 end
387 387 end
388 388 @issue.safe_attributes = issue_attributes
389 389 @priorities = IssuePriority.active
390 390 @allowed_statuses = @issue.new_statuses_allowed_to(User.current)
391 391 true
392 392 end
393 393
394 394 # Used by #new and #create to build a new issue from the params
395 395 # The new issue will be copied from an existing one if copy_from parameter is given
396 396 def build_new_issue_from_params
397 397 @issue = Issue.new
398 398 if params[:copy_from]
399 399 begin
400 400 @issue.init_journal(User.current)
401 401 @copy_from = Issue.visible.find(params[:copy_from])
402 402 unless User.current.allowed_to?(:copy_issues, @copy_from.project)
403 403 raise ::Unauthorized
404 404 end
405 405 @link_copy = link_copy?(params[:link_copy]) || request.get?
406 406 @copy_attachments = params[:copy_attachments].present? || request.get?
407 407 @copy_subtasks = params[:copy_subtasks].present? || request.get?
408 408 @issue.copy_from(@copy_from, :attachments => @copy_attachments, :subtasks => @copy_subtasks, :link => @link_copy)
409 409 rescue ActiveRecord::RecordNotFound
410 410 render_404
411 411 return
412 412 end
413 413 end
414 414 @issue.project = @project
415 415 if request.get?
416 416 @issue.project ||= @issue.allowed_target_projects.first
417 417 end
418 418 @issue.author ||= User.current
419 419 @issue.start_date ||= Date.today if Setting.default_issue_start_date_to_creation_date?
420 420
421 421 if attrs = params[:issue].deep_dup
422 422 if params[:was_default_status] == attrs[:status_id]
423 423 attrs.delete(:status_id)
424 424 end
425 425 @issue.safe_attributes = attrs
426 426 end
427 427 if @issue.project
428 428 @issue.tracker ||= @issue.project.trackers.first
429 429 if @issue.tracker.nil?
430 430 render_error l(:error_no_tracker_in_project)
431 431 return false
432 432 end
433 433 if @issue.status.nil?
434 434 render_error l(:error_no_default_issue_status)
435 435 return false
436 436 end
437 437 end
438 438
439 439 @priorities = IssuePriority.active
440 440 @allowed_statuses = @issue.new_statuses_allowed_to(User.current, @issue.new_record?)
441 441 end
442 442
443 443 def parse_params_for_bulk_issue_attributes(params)
444 444 attributes = (params[:issue] || {}).reject {|k,v| v.blank?}
445 445 attributes.keys.each {|k| attributes[k] = '' if attributes[k] == 'none'}
446 446 if custom = attributes[:custom_field_values]
447 447 custom.reject! {|k,v| v.blank?}
448 448 custom.keys.each do |k|
449 449 if custom[k].is_a?(Array)
450 450 custom[k] << '' if custom[k].delete('__none__')
451 451 else
452 452 custom[k] = '' if custom[k] == '__none__'
453 453 end
454 454 end
455 455 end
456 456 attributes
457 457 end
458 458
459 459 # Saves @issue and a time_entry from the parameters
460 460 def save_issue_with_child_records
461 461 Issue.transaction do
462 462 if params[:time_entry] && (params[:time_entry][:hours].present? || params[:time_entry][:comments].present?) && User.current.allowed_to?(:log_time, @issue.project)
463 463 time_entry = @time_entry || TimeEntry.new
464 464 time_entry.project = @issue.project
465 465 time_entry.issue = @issue
466 466 time_entry.user = User.current
467 467 time_entry.spent_on = User.current.today
468 468 time_entry.attributes = params[:time_entry]
469 469 @issue.time_entries << time_entry
470 470 end
471 471
472 472 call_hook(:controller_issues_edit_before_save, { :params => params, :issue => @issue, :time_entry => time_entry, :journal => @issue.current_journal})
473 473 if @issue.save
474 474 call_hook(:controller_issues_edit_after_save, { :params => params, :issue => @issue, :time_entry => time_entry, :journal => @issue.current_journal})
475 475 else
476 476 raise ActiveRecord::Rollback
477 477 end
478 478 end
479 479 end
480 480
481 481 # Returns true if the issue copy should be linked
482 482 # to the original issue
483 483 def link_copy?(param)
484 484 case Setting.link_copied_issue
485 485 when 'yes'
486 486 true
487 487 when 'no'
488 488 false
489 489 when 'ask'
490 490 param == '1'
491 491 end
492 492 end
493 493
494 494 # Redirects user after a successful issue creation
495 495 def redirect_after_create
496 496 if params[:continue]
497 497 attrs = {:tracker_id => @issue.tracker, :parent_issue_id => @issue.parent_issue_id}.reject {|k,v| v.nil?}
498 498 if params[:project_id]
499 499 redirect_to new_project_issue_path(@issue.project, :issue => attrs)
500 500 else
501 501 attrs.merge! :project_id => @issue.project_id
502 502 redirect_to new_issue_path(:issue => attrs)
503 503 end
504 504 else
505 505 redirect_to issue_path(@issue)
506 506 end
507 507 end
508 508 end
Show file before | Show file after | Hide comments
@@ -1,699 +1,704
1 1 # Redmine - project management software
2 2 # Copyright (C) 2006-2015 Jean-Philippe Lang
3 3 #
4 4 # This program is free software; you can redistribute it and/or
5 5 # modify it under the terms of the GNU General Public License
6 6 # as published by the Free Software Foundation; either version 2
7 7 # of the License, or (at your option) any later version.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU General Public License
15 15 # along with this program; if not, write to the Free Software
16 16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17 17
18 18 require File.expand_path('../../../test_helper', __FILE__)
19 19
20 20 class Redmine::ApiTest::IssuesTest < Redmine::ApiTest::Base
21 21 fixtures :projects,
22 22 :users,
23 23 :roles,
24 24 :members,
25 25 :member_roles,
26 26 :issues,
27 27 :issue_statuses,
28 28 :issue_relations,
29 29 :versions,
30 30 :trackers,
31 31 :projects_trackers,
32 32 :issue_categories,
33 33 :enabled_modules,
34 34 :enumerations,
35 35 :attachments,
36 36 :workflows,
37 37 :custom_fields,
38 38 :custom_values,
39 39 :custom_fields_projects,
40 40 :custom_fields_trackers,
41 41 :time_entries,
42 42 :journals,
43 43 :journal_details,
44 44 :queries,
45 45 :attachments
46 46
47 47 test "GET /issues.xml should contain metadata" do
48 48 get '/issues.xml'
49 49 assert_select 'issues[type=array][total_count=?][limit="25"][offset="0"]',
50 50 assigns(:issue_count).to_s
51 51 end
52 52
53 53 test "GET /issues.xml with nometa param should not contain metadata" do
54 54 get '/issues.xml?nometa=1'
55 55 assert_select 'issues[type=array]:not([total_count]):not([limit]):not([offset])'
56 56 end
57 57
58 58 test "GET /issues.xml with nometa header should not contain metadata" do
59 59 get '/issues.xml', {}, {'X-Redmine-Nometa' => '1'}
60 60 assert_select 'issues[type=array]:not([total_count]):not([limit]):not([offset])'
61 61 end
62 62
63 63 test "GET /issues.xml with offset and limit" do
64 64 get '/issues.xml?offset=2&limit=3'
65 65
66 66 assert_equal 3, assigns(:limit)
67 67 assert_equal 2, assigns(:offset)
68 68 assert_select 'issues issue', 3
69 69 end
70 70
71 71 test "GET /issues.xml with relations" do
72 72 get '/issues.xml?include=relations'
73 73
74 74 assert_response :success
75 75 assert_equal 'application/xml', @response.content_type
76 76
77 77 assert_select 'issue id', :text => '3' do
78 78 assert_select '~ relations relation', 1
79 79 assert_select '~ relations relation[id="2"][issue_id="2"][issue_to_id="3"][relation_type=relates]'
80 80 end
81 81
82 82 assert_select 'issue id', :text => '1' do
83 83 assert_select '~ relations'
84 84 assert_select '~ relations relation', 0
85 85 end
86 86 end
87 87
88 88 test "GET /issues.xml with invalid query params" do
89 89 get '/issues.xml', {:f => ['start_date'], :op => {:start_date => '='}}
90 90
91 91 assert_response :unprocessable_entity
92 92 assert_equal 'application/xml', @response.content_type
93 93 assert_select 'errors error', :text => "Start date cannot be blank"
94 94 end
95 95
96 96 test "GET /issues.xml with custom field filter" do
97 97 get '/issues.xml',
98 98 {:set_filter => 1, :f => ['cf_1'], :op => {:cf_1 => '='}, :v => {:cf_1 => ['MySQL']}}
99 99
100 100 expected_ids = Issue.visible.
101 101 joins(:custom_values).
102 102 where(:custom_values => {:custom_field_id => 1, :value => 'MySQL'}).map(&:id)
103 103 assert expected_ids.any?
104 104
105 105 assert_select 'issues > issue > id', :count => expected_ids.count do |ids|
106 106 ids.each { |id| assert expected_ids.delete(id.children.first.content.to_i) }
107 107 end
108 108 end
109 109
110 110 test "GET /issues.xml with custom field filter (shorthand method)" do
111 111 get '/issues.xml', {:cf_1 => 'MySQL'}
112 112
113 113 expected_ids = Issue.visible.
114 114 joins(:custom_values).
115 115 where(:custom_values => {:custom_field_id => 1, :value => 'MySQL'}).map(&:id)
116 116 assert expected_ids.any?
117 117
118 118 assert_select 'issues > issue > id', :count => expected_ids.count do |ids|
119 119 ids.each { |id| assert expected_ids.delete(id.children.first.content.to_i) }
120 120 end
121 121 end
122 122
123 123 def test_index_should_include_issue_attributes
124 124 get '/issues.xml'
125 125 assert_select 'issues>issue>is_private', :text => 'false'
126 126 end
127 127
128 128 def test_index_should_allow_timestamp_filtering
129 129 Issue.delete_all
130 130 Issue.generate!(:subject => '1').update_column(:updated_on, Time.parse("2014-01-02T10:25:00Z"))
131 131 Issue.generate!(:subject => '2').update_column(:updated_on, Time.parse("2014-01-02T12:13:00Z"))
132 132
133 133 get '/issues.xml',
134 134 {:set_filter => 1, :f => ['updated_on'], :op => {:updated_on => '<='},
135 135 :v => {:updated_on => ['2014-01-02T12:00:00Z']}}
136 136 assert_select 'issues>issue', :count => 1
137 137 assert_select 'issues>issue>subject', :text => '1'
138 138
139 139 get '/issues.xml',
140 140 {:set_filter => 1, :f => ['updated_on'], :op => {:updated_on => '>='},
141 141 :v => {:updated_on => ['2014-01-02T12:00:00Z']}}
142 142 assert_select 'issues>issue', :count => 1
143 143 assert_select 'issues>issue>subject', :text => '2'
144 144
145 145 get '/issues.xml',
146 146 {:set_filter => 1, :f => ['updated_on'], :op => {:updated_on => '>='},
147 147 :v => {:updated_on => ['2014-01-02T08:00:00Z']}}
148 148 assert_select 'issues>issue', :count => 2
149 149 end
150 150
151 151 test "GET /issues.xml with filter" do
152 152 get '/issues.xml?status_id=5'
153 153
154 154 expected_ids = Issue.visible.where(:status_id => 5).map(&:id)
155 155 assert expected_ids.any?
156 156
157 157 assert_select 'issues > issue > id', :count => expected_ids.count do |ids|
158 158 ids.each { |id| assert expected_ids.delete(id.children.first.content.to_i) }
159 159 end
160 160 end
161 161
162 162 test "GET /issues.json with filter" do
163 163 get '/issues.json?status_id=5'
164 164
165 165 json = ActiveSupport::JSON.decode(response.body)
166 166 status_ids_used = json['issues'].collect {|j| j['status']['id'] }
167 167 assert_equal 3, status_ids_used.length
168 168 assert status_ids_used.all? {|id| id == 5 }
169 169 end
170 170
171 171 test "GET /issues/:id.xml with journals" do
172 172 get '/issues/1.xml?include=journals'
173 173
174 174 assert_select 'issue journals[type=array]' do
175 175 assert_select 'journal[id="1"]' do
176 176 assert_select 'details[type=array]' do
177 177 assert_select 'detail[name=status_id]' do
178 178 assert_select 'old_value', :text => '1'
179 179 assert_select 'new_value', :text => '2'
180 180 end
181 181 end
182 182 end
183 183 end
184 184 end
185 185
186 186 test "GET /issues/:id.xml with journals should format timestamps in ISO 8601" do
187 187 get '/issues/1.xml?include=journals'
188 188
189 189 iso_date = /^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}Z$/
190 190 assert_select 'issue>created_on', :text => iso_date
191 191 assert_select 'issue>updated_on', :text => iso_date
192 192 assert_select 'issue journal>created_on', :text => iso_date
193 193 end
194 194
195 195 test "GET /issues/:id.xml with custom fields" do
196 196 get '/issues/3.xml'
197 197
198 198 assert_select 'issue custom_fields[type=array]' do
199 199 assert_select 'custom_field[id="1"]' do
200 200 assert_select 'value', :text => 'MySQL'
201 201 end
202 202 end
203 203 assert_nothing_raised do
204 204 Hash.from_xml(response.body).to_xml
205 205 end
206 206 end
207 207
208 208 test "GET /issues/:id.xml with multi custom fields" do
209 209 field = CustomField.find(1)
210 210 field.update_attribute :multiple, true
211 211 issue = Issue.find(3)
212 212 issue.custom_field_values = {1 => ['MySQL', 'Oracle']}
213 213 issue.save!
214 214
215 215 get '/issues/3.xml'
216 216 assert_response :success
217 217
218 218 assert_select 'issue custom_fields[type=array]' do
219 219 assert_select 'custom_field[id="1"]' do
220 220 assert_select 'value[type=array] value', 2
221 221 end
222 222 end
223 223 xml = Hash.from_xml(response.body)
224 224 custom_fields = xml['issue']['custom_fields']
225 225 assert_kind_of Array, custom_fields
226 226 field = custom_fields.detect {|f| f['id'] == '1'}
227 227 assert_kind_of Hash, field
228 228 assert_equal ['MySQL', 'Oracle'], field['value'].sort
229 229 end
230 230
231 231 test "GET /issues/:id.json with multi custom fields" do
232 232 field = CustomField.find(1)
233 233 field.update_attribute :multiple, true
234 234 issue = Issue.find(3)
235 235 issue.custom_field_values = {1 => ['MySQL', 'Oracle']}
236 236 issue.save!
237 237
238 238 get '/issues/3.json'
239 239 assert_response :success
240 240
241 241 json = ActiveSupport::JSON.decode(response.body)
242 242 custom_fields = json['issue']['custom_fields']
243 243 assert_kind_of Array, custom_fields
244 244 field = custom_fields.detect {|f| f['id'] == 1}
245 245 assert_kind_of Hash, field
246 246 assert_equal ['MySQL', 'Oracle'], field['value'].sort
247 247 end
248 248
249 249 test "GET /issues/:id.xml with empty value for multi custom field" do
250 250 field = CustomField.find(1)
251 251 field.update_attribute :multiple, true
252 252 issue = Issue.find(3)
253 253 issue.custom_field_values = {1 => ['']}
254 254 issue.save!
255 255
256 256 get '/issues/3.xml'
257 257
258 258 assert_select 'issue custom_fields[type=array]' do
259 259 assert_select 'custom_field[id="1"]' do
260 260 assert_select 'value[type=array]:empty'
261 261 end
262 262 end
263 263 xml = Hash.from_xml(response.body)
264 264 custom_fields = xml['issue']['custom_fields']
265 265 assert_kind_of Array, custom_fields
266 266 field = custom_fields.detect {|f| f['id'] == '1'}
267 267 assert_kind_of Hash, field
268 268 assert_equal [], field['value']
269 269 end
270 270
271 271 test "GET /issues/:id.json with empty value for multi custom field" do
272 272 field = CustomField.find(1)
273 273 field.update_attribute :multiple, true
274 274 issue = Issue.find(3)
275 275 issue.custom_field_values = {1 => ['']}
276 276 issue.save!
277 277
278 278 get '/issues/3.json'
279 279 assert_response :success
280 280 json = ActiveSupport::JSON.decode(response.body)
281 281 custom_fields = json['issue']['custom_fields']
282 282 assert_kind_of Array, custom_fields
283 283 field = custom_fields.detect {|f| f['id'] == 1}
284 284 assert_kind_of Hash, field
285 285 assert_equal [], field['value'].sort
286 286 end
287 287
288 288 test "GET /issues/:id.xml with attachments" do
289 289 get '/issues/3.xml?include=attachments'
290 290
291 291 assert_select 'issue attachments[type=array]' do
292 292 assert_select 'attachment', 4
293 293 assert_select 'attachment id', :text => '1' do
294 294 assert_select '~ filename', :text => 'error281.txt'
295 295 assert_select '~ content_url', :text => 'http://www.example.com/attachments/download/1/error281.txt'
296 296 end
297 297 end
298 298 end
299 299
300 300 test "GET /issues/:id.xml with subtasks" do
301 301 issue = Issue.generate_with_descendants!(:project_id => 1)
302 302 get "/issues/#{issue.id}.xml?include=children"
303 303
304 304 assert_select 'issue id', :text => issue.id.to_s do
305 305 assert_select '~ children[type=array] > issue', 2
306 306 assert_select '~ children[type=array] > issue > children', 1
307 307 end
308 308 end
309 309
310 310 test "GET /issues/:id.json with subtasks" do
311 311 issue = Issue.generate_with_descendants!(:project_id => 1)
312 312 get "/issues/#{issue.id}.json?include=children"
313 313
314 314 json = ActiveSupport::JSON.decode(response.body)
315 315 assert_equal 2, json['issue']['children'].size
316 316 assert_equal 1, json['issue']['children'].select {|child| child.key?('children')}.size
317 317 end
318 318
319 319 def test_show_should_include_issue_attributes
320 320 get '/issues/1.xml'
321 321 assert_select 'issue>is_private', :text => 'false'
322 322 end
323 323
324 324 test "GET /issues/:id.xml?include=watchers should include watchers" do
325 325 Watcher.create!(:user_id => 3, :watchable => Issue.find(1))
326 326
327 327 get '/issues/1.xml?include=watchers', {}, credentials('jsmith')
328 328
329 329 assert_response :ok
330 330 assert_equal 'application/xml', response.content_type
331 331 assert_select 'issue' do
332 332 assert_select 'watchers', Issue.find(1).watchers.count
333 333 assert_select 'watchers' do
334 334 assert_select 'user[id="3"]'
335 335 end
336 336 end
337 337 end
338 338
339 339 test "POST /issues.xml should create an issue with the attributes" do
340 340
341 341 payload = <<-XML
342 342 <?xml version="1.0" encoding="UTF-8" ?>
343 343 <issue>
344 344 <project_id>1</project_id>
345 345 <tracker_id>2</tracker_id>
346 346 <status_id>3</status_id>
347 347 <subject>API test</subject>
348 348 </issue>
349 349 XML
350 350
351 351 assert_difference('Issue.count') do
352 352 post '/issues.xml', payload, {"CONTENT_TYPE" => 'application/xml'}.merge(credentials('jsmith'))
353 353 end
354 354 issue = Issue.order('id DESC').first
355 355 assert_equal 1, issue.project_id
356 356 assert_equal 2, issue.tracker_id
357 357 assert_equal 3, issue.status_id
358 358 assert_equal 'API test', issue.subject
359 359
360 360 assert_response :created
361 361 assert_equal 'application/xml', @response.content_type
362 362 assert_select 'issue > id', :text => issue.id.to_s
363 363 end
364 364
365 365 test "POST /issues.xml with watcher_user_ids should create issue with watchers" do
366 366 assert_difference('Issue.count') do
367 367 post '/issues.xml',
368 368 {:issue => {:project_id => 1, :subject => 'Watchers',
369 369 :tracker_id => 2, :status_id => 3, :watcher_user_ids => [3, 1]}}, credentials('jsmith')
370 370 assert_response :created
371 371 end
372 372 issue = Issue.order('id desc').first
373 373 assert_equal 2, issue.watchers.size
374 374 assert_equal [1, 3], issue.watcher_user_ids.sort
375 375 end
376 376
377 377 test "POST /issues.xml with failure should return errors" do
378 378 assert_no_difference('Issue.count') do
379 379 post '/issues.xml', {:issue => {:project_id => 1}}, credentials('jsmith')
380 380 end
381 381
382 382 assert_select 'errors error', :text => "Subject cannot be blank"
383 383 end
384 384
385 385 test "POST /issues.json should create an issue with the attributes" do
386 386
387 387 payload = <<-JSON
388 388 {
389 389 "issue": {
390 390 "project_id": "1",
391 391 "tracker_id": "2",
392 392 "status_id": "3",
393 393 "subject": "API test"
394 394 }
395 395 }
396 396 JSON
397 397
398 398 assert_difference('Issue.count') do
399 399 post '/issues.json', payload, {"CONTENT_TYPE" => 'application/json'}.merge(credentials('jsmith'))
400 400 end
401 401
402 402 issue = Issue.order('id DESC').first
403 403 assert_equal 1, issue.project_id
404 404 assert_equal 2, issue.tracker_id
405 405 assert_equal 3, issue.status_id
406 406 assert_equal 'API test', issue.subject
407 407 end
408 408
409 409 test "POST /issues.json without tracker_id should accept custom fields" do
410 410 field = IssueCustomField.generate!(
411 411 :field_format => 'list',
412 412 :multiple => true,
413 413 :possible_values => ["V1", "V2", "V3"],
414 414 :default_value => "V2",
415 415 :is_for_all => true,
416 416 :trackers => Tracker.all.to_a
417 417 )
418 418
419 419 payload = <<-JSON
420 420 {
421 421 "issue": {
422 422 "project_id": "1",
423 423 "subject": "Multivalued custom field",
424 424 "custom_field_values":{"#{field.id}":["V1","V3"]}
425 425 }
426 426 }
427 427 JSON
428 428
429 429 assert_difference('Issue.count') do
430 430 post '/issues.json', payload, {"CONTENT_TYPE" => 'application/json'}.merge(credentials('jsmith'))
431 431 end
432 432
433 433 assert_response :created
434 434 issue = Issue.order('id DESC').first
435 435 assert_equal ["V1", "V3"], issue.custom_field_value(field).sort
436 436 end
437 437
438 438 test "POST /issues.json with failure should return errors" do
439 439 assert_no_difference('Issue.count') do
440 440 post '/issues.json', {:issue => {:project_id => 1}}, credentials('jsmith')
441 441 end
442 442
443 443 json = ActiveSupport::JSON.decode(response.body)
444 444 assert json['errors'].include?("Subject cannot be blank")
445 445 end
446 446
447 test "POST /issues.json with invalid project_id should respond with 422" do
448 post '/issues.json', {:issue => {:project_id => 999, :subject => "API"}}, credentials('jsmith')
449 assert_response 422
450 end
451
447 452 test "PUT /issues/:id.xml" do
448 453 assert_difference('Journal.count') do
449 454 put '/issues/6.xml',
450 455 {:issue => {:subject => 'API update', :notes => 'A new note'}},
451 456 credentials('jsmith')
452 457 end
453 458
454 459 issue = Issue.find(6)
455 460 assert_equal "API update", issue.subject
456 461 journal = Journal.last
457 462 assert_equal "A new note", journal.notes
458 463 end
459 464
460 465 test "PUT /issues/:id.xml with custom fields" do
461 466 put '/issues/3.xml',
462 467 {:issue => {:custom_fields => [
463 468 {'id' => '1', 'value' => 'PostgreSQL' },
464 469 {'id' => '2', 'value' => '150'}
465 470 ]}},
466 471 credentials('jsmith')
467 472
468 473 issue = Issue.find(3)
469 474 assert_equal '150', issue.custom_value_for(2).value
470 475 assert_equal 'PostgreSQL', issue.custom_value_for(1).value
471 476 end
472 477
473 478 test "PUT /issues/:id.xml with multi custom fields" do
474 479 field = CustomField.find(1)
475 480 field.update_attribute :multiple, true
476 481
477 482 put '/issues/3.xml',
478 483 {:issue => {:custom_fields => [
479 484 {'id' => '1', 'value' => ['MySQL', 'PostgreSQL'] },
480 485 {'id' => '2', 'value' => '150'}
481 486 ]}},
482 487 credentials('jsmith')
483 488
484 489 issue = Issue.find(3)
485 490 assert_equal '150', issue.custom_value_for(2).value
486 491 assert_equal ['MySQL', 'PostgreSQL'], issue.custom_field_value(1).sort
487 492 end
488 493
489 494 test "PUT /issues/:id.xml with project change" do
490 495 put '/issues/3.xml',
491 496 {:issue => {:project_id => 2, :subject => 'Project changed'}},
492 497 credentials('jsmith')
493 498
494 499 issue = Issue.find(3)
495 500 assert_equal 2, issue.project_id
496 501 assert_equal 'Project changed', issue.subject
497 502 end
498 503
499 504 test "PUT /issues/:id.xml with notes only" do
500 505 assert_difference('Journal.count') do
501 506 put '/issues/6.xml',
502 507 {:issue => {:notes => 'Notes only'}},
503 508 credentials('jsmith')
504 509 end
505 510
506 511 journal = Journal.last
507 512 assert_equal "Notes only", journal.notes
508 513 end
509 514
510 515 test "PUT /issues/:id.xml with failed update" do
511 516 put '/issues/6.xml', {:issue => {:subject => ''}}, credentials('jsmith')
512 517
513 518 assert_response :unprocessable_entity
514 519 assert_select 'errors error', :text => "Subject cannot be blank"
515 520 end
516 521
517 522 test "PUT /issues/:id.json" do
518 523 assert_difference('Journal.count') do
519 524 put '/issues/6.json',
520 525 {:issue => {:subject => 'API update', :notes => 'A new note'}},
521 526 credentials('jsmith')
522 527
523 528 assert_response :ok
524 529 assert_equal '', response.body
525 530 end
526 531
527 532 issue = Issue.find(6)
528 533 assert_equal "API update", issue.subject
529 534 journal = Journal.last
530 535 assert_equal "A new note", journal.notes
531 536 end
532 537
533 538 test "PUT /issues/:id.json with failed update" do
534 539 put '/issues/6.json', {:issue => {:subject => ''}}, credentials('jsmith')
535 540
536 541 assert_response :unprocessable_entity
537 542 json = ActiveSupport::JSON.decode(response.body)
538 543 assert json['errors'].include?("Subject cannot be blank")
539 544 end
540 545
541 546 test "DELETE /issues/:id.xml" do
542 547 assert_difference('Issue.count', -1) do
543 548 delete '/issues/6.xml', {}, credentials('jsmith')
544 549
545 550 assert_response :ok
546 551 assert_equal '', response.body
547 552 end
548 553 assert_nil Issue.find_by_id(6)
549 554 end
550 555
551 556 test "DELETE /issues/:id.json" do
552 557 assert_difference('Issue.count', -1) do
553 558 delete '/issues/6.json', {}, credentials('jsmith')
554 559
555 560 assert_response :ok
556 561 assert_equal '', response.body
557 562 end
558 563 assert_nil Issue.find_by_id(6)
559 564 end
560 565
561 566 test "POST /issues/:id/watchers.xml should add watcher" do
562 567 assert_difference 'Watcher.count' do
563 568 post '/issues/1/watchers.xml', {:user_id => 3}, credentials('jsmith')
564 569
565 570 assert_response :ok
566 571 assert_equal '', response.body
567 572 end
568 573 watcher = Watcher.order('id desc').first
569 574 assert_equal Issue.find(1), watcher.watchable
570 575 assert_equal User.find(3), watcher.user
571 576 end
572 577
573 578 test "DELETE /issues/:id/watchers/:user_id.xml should remove watcher" do
574 579 Watcher.create!(:user_id => 3, :watchable => Issue.find(1))
575 580
576 581 assert_difference 'Watcher.count', -1 do
577 582 delete '/issues/1/watchers/3.xml', {}, credentials('jsmith')
578 583
579 584 assert_response :ok
580 585 assert_equal '', response.body
581 586 end
582 587 assert_equal false, Issue.find(1).watched_by?(User.find(3))
583 588 end
584 589
585 590 def test_create_issue_with_uploaded_file
586 591 token = xml_upload('test_create_with_upload', credentials('jsmith'))
587 592 attachment = Attachment.find_by_token(token)
588 593
589 594 # create the issue with the upload's token
590 595 assert_difference 'Issue.count' do
591 596 post '/issues.xml',
592 597 {:issue => {:project_id => 1, :subject => 'Uploaded file',
593 598 :uploads => [{:token => token, :filename => 'test.txt',
594 599 :content_type => 'text/plain'}]}},
595 600 credentials('jsmith')
596 601 assert_response :created
597 602 end
598 603 issue = Issue.order('id DESC').first
599 604 assert_equal 1, issue.attachments.count
600 605 assert_equal attachment, issue.attachments.first
601 606
602 607 attachment.reload
603 608 assert_equal 'test.txt', attachment.filename
604 609 assert_equal 'text/plain', attachment.content_type
605 610 assert_equal 'test_create_with_upload'.size, attachment.filesize
606 611 assert_equal 2, attachment.author_id
607 612
608 613 # get the issue with its attachments
609 614 get "/issues/#{issue.id}.xml", :include => 'attachments'
610 615 assert_response :success
611 616 xml = Hash.from_xml(response.body)
612 617 attachments = xml['issue']['attachments']
613 618 assert_kind_of Array, attachments
614 619 assert_equal 1, attachments.size
615 620 url = attachments.first['content_url']
616 621 assert_not_nil url
617 622
618 623 # download the attachment
619 624 get url
620 625 assert_response :success
621 626 assert_equal 'test_create_with_upload', response.body
622 627 end
623 628
624 629 def test_create_issue_with_multiple_uploaded_files_as_xml
625 630 token1 = xml_upload('File content 1', credentials('jsmith'))
626 631 token2 = xml_upload('File content 2', credentials('jsmith'))
627 632
628 633 payload = <<-XML
629 634 <?xml version="1.0" encoding="UTF-8" ?>
630 635 <issue>
631 636 <project_id>1</project_id>
632 637 <tracker_id>1</tracker_id>
633 638 <subject>Issue with multiple attachments</subject>
634 639 <uploads type="array">
635 640 <upload>
636 641 <token>#{token1}</token>
637 642 <filename>test1.txt</filename>
638 643 </upload>
639 644 <upload>
640 645 <token>#{token2}</token>
641 646 <filename>test1.txt</filename>
642 647 </upload>
643 648 </uploads>
644 649 </issue>
645 650 XML
646 651
647 652 assert_difference 'Issue.count' do
648 653 post '/issues.xml', payload, {"CONTENT_TYPE" => 'application/xml'}.merge(credentials('jsmith'))
649 654 assert_response :created
650 655 end
651 656 issue = Issue.order('id DESC').first
652 657 assert_equal 2, issue.attachments.count
653 658 end
654 659
655 660 def test_create_issue_with_multiple_uploaded_files_as_json
656 661 token1 = json_upload('File content 1', credentials('jsmith'))
657 662 token2 = json_upload('File content 2', credentials('jsmith'))
658 663
659 664 payload = <<-JSON
660 665 {
661 666 "issue": {
662 667 "project_id": "1",
663 668 "tracker_id": "1",
664 669 "subject": "Issue with multiple attachments",
665 670 "uploads": [
666 671 {"token": "#{token1}", "filename": "test1.txt"},
667 672 {"token": "#{token2}", "filename": "test2.txt"}
668 673 ]
669 674 }
670 675 }
671 676 JSON
672 677
673 678 assert_difference 'Issue.count' do
674 679 post '/issues.json', payload, {"CONTENT_TYPE" => 'application/json'}.merge(credentials('jsmith'))
675 680 assert_response :created
676 681 end
677 682 issue = Issue.order('id DESC').first
678 683 assert_equal 2, issue.attachments.count
679 684 end
680 685
681 686 def test_update_issue_with_uploaded_file
682 687 token = xml_upload('test_upload_with_upload', credentials('jsmith'))
683 688 attachment = Attachment.find_by_token(token)
684 689
685 690 # update the issue with the upload's token
686 691 assert_difference 'Journal.count' do
687 692 put '/issues/1.xml',
688 693 {:issue => {:notes => 'Attachment added',
689 694 :uploads => [{:token => token, :filename => 'test.txt',
690 695 :content_type => 'text/plain'}]}},
691 696 credentials('jsmith')
692 697 assert_response :ok
693 698 assert_equal '', @response.body
694 699 end
695 700
696 701 issue = Issue.find(1)
697 702 assert_include attachment, issue.attachments
698 703 end
699 704 end
General Comments 0
You need to be logged in to leave comments. Login now