jro_apps/redmine Commit - r411:e227b9297252

Various code cleaning, mainly on User, Permission and IssueStatus models....

Jean-Philippe Lang -

r411:e227b9297252

parent child

Context file:

r411:e227b9297252

Collapse all files

app/controllers/application.rb +2 -2

             # redMine - project management software
             # Copyright (C) 2006-2007  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             class ApplicationController < ActionController::Base
               before_filter :check_if_login_required, :set_localization
               filter_parameter_logging :password
               def logged_in_user=(user)
                 @logged_in_user = user
                 session[:user_id] = (user ? user.id : nil)
               end
               def logged_in_user
                 if session[:user_id]
                   @logged_in_user ||= User.find(session[:user_id])
                 else
                   nil
                 end
               end
               def logged_in_user_membership
                 @user_membership ||= Member.find(:first, :conditions => ["user_id=? and project_id=?", self.logged_in_user.id, @project.id])
               end
               # check if login is globally required to access the application
               def check_if_login_required
                 require_login if Setting.login_required?
               end
               def set_localization
                 lang = begin
                   if self.logged_in_user and self.logged_in_user.language and !self.logged_in_user.language.empty? and GLoc.valid_languages.include? self.logged_in_user.language.to_sym
                     self.logged_in_user.language
                   elsif request.env['HTTP_ACCEPT_LANGUAGE']
                     accept_lang = parse_qvalues(request.env['HTTP_ACCEPT_LANGUAGE']).first.split('-').first
                     if accept_lang and !accept_lang.empty? and GLoc.valid_languages.include? accept_lang.to_sym
                       accept_lang
                     end
                   end
                 rescue
                   nil
                 end || Setting.default_language
                 set_language_if_valid(lang)
               end
               def require_login
                 unless self.logged_in_user
                   store_location
                   redirect_to :controller => "account", :action => "login"
                   return false
                 end
                 true
               end
               def require_admin
                 return unless require_login
                 unless self.logged_in_user.admin?
                   render :nothing => true, :status => 403
                   return false
                 end
                 true
               end
               # authorizes the user for the requested action.
               def authorize(ctrl = params[:controller], action = params[:action])
                 # check if action is allowed on public projects
                 if @project.is_public? and Permission.allowed_to_public "%s/%s" % [ ctrl, action ]
                   return true
                 end
                 # if action is not public, force login
                 return unless require_login
                 # admin is always authorized
                 return true if self.logged_in_user.admin?
                 # if not admin, check membership permission
-                @user_membership ||= Member.find(:first, :conditions => ["user_id=? and project_id=?", self.logged_in_user.id, @project.id])
+                @user_membership ||= logged_in_user.role_for_project(@project)
-                if @user_membership and Permission.allowed_to_role( "%s/%s" % [ ctrl, action ], @user_membership.role_id )
+                if @user_membership and Permission.allowed_to_role( "%s/%s" % [ ctrl, action ], @user_membership )
                   return true
                 end
                 render :nothing => true, :status => 403
                 false
               end
               # make sure that the user is a member of the project (or admin) if project is private
               # used as a before_filter for actions that do not require any particular permission on the project
               def check_project_privacy
                 return true if @project.is_public?
                 return false unless logged_in_user
                 return true if logged_in_user.admin? || logged_in_user_membership
                 render :nothing => true, :status => 403
                 false
               end
               # store current uri in session.
               # return to this location by calling redirect_back_or_default
               def store_location
                 session[:return_to_params] = params
               end
               # move to the last store_location call or to the passed default one
               def redirect_back_or_default(default)
                 if session[:return_to_params].nil?
                   redirect_to default
                 else
                   redirect_to session[:return_to_params]
                   session[:return_to_params] = nil
                 end
               end
               def render_404
                 @html_title = "404"
                 render :template => "common/404", :layout => true, :status => 404
                 return false
               end
               # qvalues http header parser
               # code taken from webrick
               def parse_qvalues(value)
                 tmp = []
                 if value
                   parts = value.split(/,\s*/)
                   parts.each {|part|
                     if m = %r{^([^\s,]+?)(?:;\s*q=(\d+(?:\.\d+)?))?$}.match(part)
                       val = m[1]
                       q = (m[2] or 1).to_f
                       tmp.push([val, q])
                     end
                   }
                   tmp = tmp.sort_by{|val, q| -q}
                   tmp.collect!{|val, q| val}
                 end
                 return tmp
               end
             end

app/controllers/feeds_controller.rb +1 -1

             # redMine - project management software
             # Copyright (C) 2006-2007  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             class FeedsController < ApplicationController
               before_filter :find_scope
               session :off
               helper :issues
               include IssuesHelper
               helper :custom_fields
               include CustomFieldsHelper
               # news feeds
               def news
                 News.with_scope(:find => @find_options) do
                   @news = News.find :all, :order => "#{News.table_name}.created_on DESC", :include => [ :author, :project ]
                 end
                 headers["Content-Type"] = "application/rss+xml"
                 render :action => 'news_atom' if 'atom' == params[:format]
               end
               # issue feeds
               def issues
                 if @project && params[:query_id]
                   query = Query.find(params[:query_id])
                   # ignore query if it's not valid
                   query = nil unless query.valid?
                   # override with query conditions
                   @find_options[:conditions] = query.statement if query.valid? and @project == query.project
                 end
                 Issue.with_scope(:find => @find_options) do
                   @issues = Issue.find :all, :include => [:project, :author, :tracker, :status],
                                              :order => "#{Issue.table_name}.created_on DESC"
                 end
                 @title = (@project ? @project.name : Setting.app_title) + ": " + (query ? query.name : l(:label_reported_issues))
                 headers["Content-Type"] = "application/rss+xml"
                 render :action => 'issues_atom' if 'atom' == params[:format]
               end
               # issue changes feeds
               def history
                 if @project && params[:query_id]
                   query = Query.find(params[:query_id])
                   # ignore query if it's not valid
                   query = nil unless query.valid?
                   # override with query conditions
                   @find_options[:conditions] = query.statement if query.valid? and @project == query.project
                 end
                 Journal.with_scope(:find => @find_options) do
                   @journals = Journal.find :all, :include => [ :details, :user, {:issue => [:project, :author, :tracker, :status]} ],
                                                  :order => "#{Journal.table_name}.created_on DESC"
                 end
                 @title = (@project ? @project.name : Setting.app_title) + ": " + (query ? query.name : l(:label_reported_issues))
                 headers["Content-Type"] = "application/rss+xml"
                 render :action => 'history_atom' if 'atom' == params[:format]
               end
             private
               # override for feeds specific authentication
               def check_if_login_required
                 @user = User.find_by_rss_key(params[:key])
                 render(:nothing => true, :status => 403) and return false if !@user && Setting.login_required?
               end
               def find_scope
                 if params[:project_id]
                   # project feed
                   # check if project is public or if the user is a member
                   @project = Project.find(params[:project_id])
-                  render(:nothing => true, :status => 403) and return false unless @project.is_public? || (@user && @user.role_for_project(@project.id))
+                  render(:nothing => true, :status => 403) and return false unless @project.is_public? || (@user && @user.role_for_project(@project))
                   scope = ["#{Project.table_name}.id=?", params[:project_id].to_i]
                 else
                   # global feed
                   scope = ["#{Project.table_name}.is_public=?", true]
                 end
                 @find_options = {:conditions => scope, :limit => Setting.feeds_limit}
                 return true
               end
             end

app/controllers/issues_controller.rb +2 -12

             # redMine - project management software
             # Copyright (C) 2006-2007  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             class IssuesController < ApplicationController
               layout 'base', :except => :export_pdf
               before_filter :find_project, :authorize
               helper :custom_fields
               include CustomFieldsHelper
               helper :ifpdf
               include IfpdfHelper
               def show
-                @status_options = ([@issue.status] + @issue.status.workflows.find(:all, :order => 'position', :include => :new_status, :conditions => ["role_id=? and tracker_id=?", self.logged_in_user.role_for_project(@project.id), @issue.tracker.id]).collect{ |w| w.new_status }) if self.logged_in_user
+                @status_options = @issue.status.find_new_statuses_allowed_to(logged_in_user.role_for_project(@project), @issue.tracker) if logged_in_user
                 @custom_values = @issue.custom_values.find(:all, :include => :custom_field)
                 @journals_count = @issue.journals.count
                 @journals = @issue.journals.find(:all, :include => [:user, :details], :limit => 15, :order => "#{Journal.table_name}.created_on desc")
               end
               def history
                 @journals = @issue.journals.find(:all, :include => [:user, :details], :order => "#{Journal.table_name}.created_on desc")
                 @journals_count = @journals.length
               end
               def export_pdf
                 @custom_values = @issue.custom_values.find(:all, :include => :custom_field)
                 @options_for_rfpdf ||= {}
                 @options_for_rfpdf[:file_name] = "#{@project.name}_#{@issue.long_id}.pdf"
               end
               def edit
                 @priorities = Enumeration::get_values('IPRI')
                 if request.get?
                   @custom_values = @project.custom_fields_for_issues(@issue.tracker).collect { |x| @issue.custom_values.find_by_custom_field_id(x.id) || CustomValue.new(:custom_field => x, :customized => @issue) }
                 else
                   begin
                     @issue.init_journal(self.logged_in_user)
                     # Retrieve custom fields and values
                     @custom_values = @project.custom_fields_for_issues(@issue.tracker).collect { |x| CustomValue.new(:custom_field => x, :customized => @issue, :value => params["custom_fields"][x.id.to_s]) }
                     @issue.custom_values = @custom_values
                     @issue.attributes = params[:issue]
                     if @issue.save
                       flash[:notice] = l(:notice_successful_update)
                       redirect_to :action => 'show', :id => @issue
                     end
                   rescue ActiveRecord::StaleObjectError
                     # Optimistic locking exception
                     flash[:notice] = l(:notice_locking_conflict)
                   end
                 end
               end
               def add_note
                 unless params[:notes].empty?
                   journal = @issue.init_journal(self.logged_in_user, params[:notes])
-                  #@history = @issue.histories.build(params[:history])
-                  #@history.author_id = self.logged_in_user.id if self.logged_in_user
-                  #@history.status = @issue.status
                   if @issue.save
                     flash[:notice] = l(:notice_successful_update)
                     Mailer.deliver_issue_edit(journal) if Permission.find_by_controller_and_action(params[:controller], params[:action]).mail_enabled?
                     redirect_to :action => 'show', :id => @issue
                     return
                   end
                 end
                 show
                 render :action => 'show'
               end
               def change_status
-                #@history = @issue.histories.build(params[:history])
+                @status_options = @issue.status.find_new_statuses_allowed_to(logged_in_user.role_for_project(@project), @issue.tracker) if logged_in_user
-                @status_options = ([@issue.status] + @issue.status.workflows.find(:all, :order => 'position', :include => :new_status, :conditions => ["role_id=? and tracker_id=?", self.logged_in_user.role_for_project(@project.id), @issue.tracker.id]).collect{ |w| w.new_status }) if self.logged_in_user
                 @new_status = IssueStatus.find(params[:new_status_id])
                 if params[:confirm]
                   begin
-                    #@history.author_id = self.logged_in_user.id if self.logged_in_user
-                    #@issue.status = @history.status
-                    #@issue.fixed_version_id = (params[:issue][:fixed_version_id])
-                    #@issue.assigned_to_id = (params[:issue][:assigned_to_id])
-                    #@issue.done_ratio = (params[:issue][:done_ratio])
-                    #@issue.lock_version = (params[:issue][:lock_version])
                     journal = @issue.init_journal(self.logged_in_user, params[:notes])
                     @issue.status = @new_status
                     if @issue.update_attributes(params[:issue])
                       flash[:notice] = l(:notice_successful_update)
                       Mailer.deliver_issue_edit(journal) if Permission.find_by_controller_and_action(params[:controller], params[:action]).mail_enabled?
                       redirect_to :action => 'show', :id => @issue
                     end
                   rescue ActiveRecord::StaleObjectError
                     # Optimistic locking exception
                     flash[:notice] = l(:notice_locking_conflict)
                   end
                 end
                 @assignable_to = @project.members.find(:all, :include => :user).collect{ |m| m.user }
               end
               def destroy
                 @issue.destroy
                 redirect_to :controller => 'projects', :action => 'list_issues', :id => @project
               end
               def add_attachment
                 # Save the attachments
                 @attachments = []
                 params[:attachments].each { |file|
                   next unless file.size > 0
                   a = Attachment.create(:container => @issue, :file => file, :author => logged_in_user)
                   @attachments << a unless a.new_record?
                 } if params[:attachments] and params[:attachments].is_a? Array
                 Mailer.deliver_attachments_add(@attachments) if !@attachments.empty? and Permission.find_by_controller_and_action(params[:controller], params[:action]).mail_enabled?
                 redirect_to :action => 'show', :id => @issue
               end
               def destroy_attachment
                 @issue.attachments.find(params[:attachment_id]).destroy
                 redirect_to :action => 'show', :id => @issue
               end
               # Send the file in stream mode
               def download
                 @attachment = @issue.attachments.find(params[:attachment_id])
                 send_file @attachment.diskfile, :filename => @attachment.filename
               rescue
                 render_404
               end
             private
               def find_project
                 @issue = Issue.find(params[:id], :include => [:project, :tracker, :status, :author, :priority, :category])
                 @project = @issue.project
                 @html_title = "#{@project.name} - #{@issue.tracker.name} ##{@issue.id}"
               rescue ActiveRecord::RecordNotFound
                 render_404
               end
             end

app/controllers/projects_controller.rb +2 -3

             # redMine - project management software
             # Copyright (C) 2006-2007  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             require 'csv'
             class ProjectsController < ApplicationController
               layout 'base'
               before_filter :find_project, :authorize, :except => [ :index, :list, :add ]
               before_filter :require_admin, :only => [ :add, :destroy ]
               helper :sort
               include SortHelper
               helper :custom_fields
               include CustomFieldsHelper
               helper :ifpdf
               include IfpdfHelper
               helper IssuesHelper
               helper :queries
               include QueriesHelper
               def index
                 list
                 render :action => 'list' unless request.xhr?
               end
               # Lists public projects
               def list
                 sort_init "#{Project.table_name}.name", "asc"
                 sort_update
                 @project_count = Project.count(:all, :conditions => ["is_public=?", true])
                 @project_pages = Paginator.new self, @project_count,
 ,
             								params['page']
                 @projects = Project.find :all, :order => sort_clause,
             						:conditions => ["#{Project.table_name}.is_public=?", true],
             						:include => :parent,
             						:limit  =>  @project_pages.items_per_page,
             						:offset =>  @project_pages.current.offset
                 render :action => "list", :layout => false if request.xhr?
               end
               # Add a new project
               def add
                 @custom_fields = IssueCustomField.find(:all)
                 @root_projects = Project.find(:all, :conditions => "parent_id is null")
                 @project = Project.new(params[:project])
                 if request.get?
                   @custom_values = ProjectCustomField.find(:all).collect { |x| CustomValue.new(:custom_field => x, :customized => @project) }
                 else
                   @project.custom_fields = CustomField.find(params[:custom_field_ids]) if params[:custom_field_ids]
                   @custom_values = ProjectCustomField.find(:all).collect { |x| CustomValue.new(:custom_field => x, :customized => @project, :value => params["custom_fields"][x.id.to_s]) }
                   @project.custom_values = @custom_values
                   if params[:repository_enabled] && params[:repository_enabled] == "1"
                     @project.repository = Repository.new
                     @project.repository.attributes = params[:repository]
                   end
                   if "1" == params[:wiki_enabled]
                     @project.wiki = Wiki.new
                     @project.wiki.attributes = params[:wiki]
                   end
                   if @project.save
                     flash[:notice] = l(:notice_successful_create)
                     redirect_to :controller => 'admin', :action => 'projects'
             	  end
                 end
               end
               # Show @project
               def show
                 @custom_values = @project.custom_values.find(:all, :include => :custom_field)
                 @members = @project.members.find(:all, :include => [:user, :role], :order => 'position')
                 @subprojects = @project.children if @project.children.size > 0
                 @news = @project.news.find(:all, :limit => 5, :include => [ :author, :project ], :order => "#{News.table_name}.created_on DESC")
                 @trackers = Tracker.find(:all, :order => 'position')
                 @open_issues_by_tracker = Issue.count(:group => :tracker, :joins => "INNER JOIN #{IssueStatus.table_name} ON #{IssueStatus.table_name}.id = #{Issue.table_name}.status_id", :conditions => ["project_id=? and #{IssueStatus.table_name}.is_closed=?", @project.id, false])
                 @total_issues_by_tracker = Issue.count(:group => :tracker, :conditions => ["project_id=?", @project.id])
               end
               def settings
                 @root_projects = Project::find(:all, :conditions => ["parent_id is null and id <> ?", @project.id])
                 @custom_fields = IssueCustomField.find(:all)
                 @issue_category ||= IssueCategory.new
                 @member ||= @project.members.new
                 @roles = Role.find(:all, :order => 'position')
                 @users = User.find_active(:all) - @project.users
                 @custom_values ||= ProjectCustomField.find(:all).collect { |x| @project.custom_values.find_by_custom_field_id(x.id) || CustomValue.new(:custom_field => x) }
               end
               # Edit @project
               def edit
                 if request.post?
                   @project.custom_fields = IssueCustomField.find(params[:custom_field_ids]) if params[:custom_field_ids]
                   if params[:custom_fields]
                     @custom_values = ProjectCustomField.find(:all).collect { |x| CustomValue.new(:custom_field => x, :customized => @project, :value => params["custom_fields"][x.id.to_s]) }
                     @project.custom_values = @custom_values
                   end
                   if params[:repository_enabled]
                     case params[:repository_enabled]
                     when "0"
                       @project.repository = nil
                     when "1"
                       @project.repository ||= Repository.new
                       @project.repository.update_attributes params[:repository]
                     end
                   end
                   if params[:wiki_enabled]
                     case params[:wiki_enabled]
                     when "0"
                       @project.wiki.destroy if @project.wiki
                     when "1"
                       @project.wiki ||= Wiki.new
                       @project.wiki.update_attributes params[:wiki]
                     end
                   end
                   @project.attributes = params[:project]
                   if @project.save
                     flash[:notice] = l(:notice_successful_update)
                     redirect_to :action => 'settings', :id => @project
                   else
                     settings
                     render :action => 'settings'
                   end
                 end
               end
               # Delete @project
               def destroy
                 if request.post? and params[:confirm]
                   @project.destroy
                   redirect_to :controller => 'admin', :action => 'projects'
                 end
               end
               # Add a new issue category to @project
               def add_issue_category
                 if request.post?
                   @issue_category = @project.issue_categories.build(params[:issue_category])
                   if @issue_category.save
                     flash[:notice] = l(:notice_successful_create)
                     redirect_to :action => 'settings', :tab => 'categories', :id => @project
                   else
                     settings
                     render :action => 'settings'
                   end
                 end
               end
               # Add a new version to @project
               def add_version
               	@version = @project.versions.build(params[:version])
               	if request.post? and @version.save
               	  flash[:notice] = l(:notice_successful_create)
                   redirect_to :action => 'settings', :tab => 'versions', :id => @project
               	end
               end
               # Add a new member to @project
               def add_member
                 @member = @project.members.build(params[:member])
               	if request.post?
                   if @member.save
                     flash[:notice] = l(:notice_successful_create)
                     redirect_to :action => 'settings', :tab => 'members', :id => @project
                   else
                     settings
                     render :action => 'settings'
                   end
                 end
               end
               # Show members list of @project
               def list_members
                 @members = @project.members.find(:all)
               end
               # Add a new document to @project
               def add_document
                 @categories = Enumeration::get_values('DCAT')
                 @document = @project.documents.build(params[:document])
                 if request.post? and @document.save
                   # Save the attachments
                   params[:attachments].each { |a|
                     Attachment.create(:container => @document, :file => a, :author => logged_in_user) unless a.size == 0
                   } if params[:attachments] and params[:attachments].is_a? Array
                   flash[:notice] = l(:notice_successful_create)
                   Mailer.deliver_document_add(@document) if Permission.find_by_controller_and_action(params[:controller], params[:action]).mail_enabled?
                   redirect_to :action => 'list_documents', :id => @project
                 end
               end
               # Show documents list of @project
               def list_documents
                 @documents = @project.documents.find :all, :include => :category
               end
               # Add a new issue to @project
               def add_issue
                 @tracker = Tracker.find(params[:tracker_id])
                 @priorities = Enumeration::get_values('IPRI')
                 default_status = IssueStatus.default
                 @issue = Issue.new(:project => @project, :tracker => @tracker, :status => default_status)
-                @allowed_statuses = [default_status] + default_status.workflows.find(:all, :order => 'position', :include => :new_status, :conditions => ["role_id=? and tracker_id=?", self.logged_in_user.role_for_project(@project.id), @issue.tracker.id]).collect{ |w| w.new_status }
+                @allowed_statuses = default_status.find_new_statuses_allowed_to(logged_in_user.role_for_project(@project), @issue.tracker) if logged_in_user
                 if request.get?
                   @issue.start_date = Date.today
                   @custom_values = @project.custom_fields_for_issues(@tracker).collect { |x| CustomValue.new(:custom_field => x, :customized => @issue) }
                 else
                   @issue.attributes = params[:issue]
                   requested_status = IssueStatus.find_by_id(params[:issue][:status_id])
                   @issue.status = (@allowed_statuses.include? requested_status) ? requested_status : default_status
                   @issue.author_id = self.logged_in_user.id if self.logged_in_user
                   # Multiple file upload
                   @attachments = []
                   params[:attachments].each { |a|
                     @attachments << Attachment.new(:container => @issue, :file => a, :author => logged_in_user) unless a.size == 0
                   } if params[:attachments] and params[:attachments].is_a? Array
                   @custom_values = @project.custom_fields_for_issues(@tracker).collect { |x| CustomValue.new(:custom_field => x, :customized => @issue, :value => params["custom_fields"][x.id.to_s]) }
                   @issue.custom_values = @custom_values
                   if @issue.save
                     @attachments.each(&:save)
                     flash[:notice] = l(:notice_successful_create)
                     Mailer.deliver_issue_add(@issue) if Permission.find_by_controller_and_action(params[:controller], params[:action]).mail_enabled?
                     redirect_to :action => 'list_issues', :id => @project
                   end
                 end
               end
               # Show filtered/sorted issues list of @project
               def list_issues
                 sort_init "#{Issue.table_name}.id", "desc"
                 sort_update
                 retrieve_query
                 @results_per_page_options = [ 15, 25, 50, 100 ]
                 if params[:per_page] and @results_per_page_options.include? params[:per_page].to_i
                   @results_per_page = params[:per_page].to_i
                   session[:results_per_page] = @results_per_page
                 else
                   @results_per_page = session[:results_per_page] || 25
                 end
                 if @query.valid?
                   @issue_count = Issue.count(:include => [:status, :project], :conditions => @query.statement)
                   @issue_pages = Paginator.new self, @issue_count, @results_per_page, params['page']
                   @issues = Issue.find :all, :order => sort_clause,
               						:include => [ :author, :status, :tracker, :project, :priority ],
               						:conditions => @query.statement,
               						:limit  =>  @issue_pages.items_per_page,
               						:offset =>  @issue_pages.current.offset
                 end
                 @trackers = Tracker.find :all, :order => 'position'
                 render :layout => false if request.xhr?
               end
               # Export filtered/sorted issues list to CSV
               def export_issues_csv
                 sort_init "#{Issue.table_name}.id", "desc"
                 sort_update
                 retrieve_query
                 render :action => 'list_issues' and return unless @query.valid?
                 @issues =  Issue.find :all, :order => sort_clause,
             						:include => [ :author, :status, :tracker, :priority, {:custom_values => :custom_field} ],
             						:conditions => @query.statement,
             						:limit => Setting.issues_export_limit
                 ic = Iconv.new(l(:general_csv_encoding), 'UTF-8')
                 export = StringIO.new
                 CSV::Writer.generate(export, l(:general_csv_separator)) do |csv|
                   # csv header fields
                   headers = [ "#", l(:field_status),
                                    l(:field_tracker),
                                    l(:field_priority),
                                    l(:field_subject),
                                    l(:field_author),
                                    l(:field_start_date),
                                    l(:field_due_date),
                                    l(:field_done_ratio),
                                    l(:field_created_on),
                                    l(:field_updated_on)
                                    ]
                   for custom_field in @project.all_custom_fields
                     headers << custom_field.name
                   end
                   csv << headers.collect {|c| ic.iconv(c) }
                   # csv lines
                   @issues.each do |issue|
                     fields = [issue.id, issue.status.name,
                                         issue.tracker.name,
                                         issue.priority.name,
                                         issue.subject,
                                         issue.author.display_name,
                                         issue.start_date ? l_date(issue.start_date) : nil,
                                         issue.due_date ? l_date(issue.due_date) : nil,
                                         issue.done_ratio,
                                         l_datetime(issue.created_on),
                                         l_datetime(issue.updated_on)
                                         ]
                     for custom_field in @project.all_custom_fields
                       fields << (show_value issue.custom_value_for(custom_field))
                     end
                     csv << fields.collect {|c| ic.iconv(c.to_s) }
                   end
                 end
                 export.rewind
                 send_data(export.read, :type => 'text/csv; header=present', :filename => 'export.csv')
               end
               # Export filtered/sorted issues to PDF
               def export_issues_pdf
                 sort_init "#{Issue.table_name}.id", "desc"
                 sort_update
                 retrieve_query
                 render :action => 'list_issues' and return unless @query.valid?
                 @issues =  Issue.find :all, :order => sort_clause,
             						:include => [ :author, :status, :tracker, :priority ],
             						:conditions => @query.statement,
             						:limit => Setting.issues_export_limit
                 @options_for_rfpdf ||= {}
                 @options_for_rfpdf[:file_name] = "export.pdf"
                 render :layout => false
               end
               def move_issues
                 @issues = @project.issues.find(params[:issue_ids]) if params[:issue_ids]
                 redirect_to :action => 'list_issues', :id => @project and return unless @issues
                 @projects = []
                 # find projects to which the user is allowed to move the issue
-                @logged_in_user.memberships.each {|m| @projects << m.project if Permission.allowed_to_role("projects/move_issues", m.role_id)}
+                @logged_in_user.memberships.each {|m| @projects << m.project if Permission.allowed_to_role("projects/move_issues", m.role)}
                 # issue can be moved to any tracker
                 @trackers = Tracker.find(:all)
                 if request.post? and params[:new_project_id] and params[:new_tracker_id]
                   new_project = Project.find(params[:new_project_id])
                   new_tracker = Tracker.find(params[:new_tracker_id])
                   @issues.each { |i|
                     # project dependent properties
                     unless i.project_id == new_project.id
                       i.category = nil
                       i.fixed_version = nil
                     end
                     # move the issue
                     i.project = new_project
                     i.tracker = new_tracker
                     i.save
                   }
                   flash[:notice] = l(:notice_successful_update)
                   redirect_to :action => 'list_issues', :id => @project
                 end
               end
               def add_query
                 @query = Query.new(params[:query])
                 @query.project = @project
                 @query.user = logged_in_user
                 params[:fields].each do |field|
                   @query.add_filter(field, params[:operators][field], params[:values][field])
                 end if params[:fields]
                 if request.post? and @query.save
                   flash[:notice] = l(:notice_successful_create)
                   redirect_to :controller => 'reports', :action => 'issue_report', :id => @project
                 end
                 render :layout => false if request.xhr?
               end
               # Add a news to @project
               def add_news
                 @news = News.new(:project => @project)
                 if request.post?
                   @news.attributes = params[:news]
                   @news.author_id = self.logged_in_user.id if self.logged_in_user
                   if @news.save
                     flash[:notice] = l(:notice_successful_create)
                     redirect_to :action => 'list_news', :id => @project
                   end
                 end
               end
               # Show news list of @project
               def list_news
                 @news_pages, @news = paginate :news, :per_page => 10, :conditions => ["project_id=?", @project.id], :include => :author, :order => "#{News.table_name}.created_on DESC"
                 render :action => "list_news", :layout => false if request.xhr?
               end
               def add_file
                 if request.post?
                   @version = @project.versions.find_by_id(params[:version_id])
                   # Save the attachments
                   @attachments = []
                   params[:attachments].each { |file|
                     next unless file.size > 0
                     a = Attachment.create(:container => @version, :file => file, :author => logged_in_user)
                     @attachments << a unless a.new_record?
                   } if params[:attachments] and params[:attachments].is_a? Array
                   Mailer.deliver_attachments_add(@attachments) if !@attachments.empty? and Permission.find_by_controller_and_action(params[:controller], params[:action]).mail_enabled?
                   redirect_to :controller => 'projects', :action => 'list_files', :id => @project
                 end
                 @versions = @project.versions
               end
               def list_files
                 @versions = @project.versions
               end
               # Show changelog for @project
               def changelog
                 @trackers = Tracker.find(:all, :conditions => ["is_in_chlog=?", true], :order => 'position')
                 retrieve_selected_tracker_ids(@trackers)
                 @fixed_issues = @project.issues.find(:all,
                   :include => [ :fixed_version, :status, :tracker ],
                   :conditions => [ "#{IssueStatus.table_name}.is_closed=? and #{Issue.table_name}.tracker_id in (#{@selected_tracker_ids.join(',')}) and #{Issue.table_name}.fixed_version_id is not null", true],
                   :order => "#{Version.table_name}.effective_date DESC, #{Issue.table_name}.id DESC"
                 ) unless @selected_tracker_ids.empty?
                 @fixed_issues ||= []
               end
               def roadmap
                 @trackers = Tracker.find(:all, :conditions => ["is_in_roadmap=?", true], :order => 'position')
                 retrieve_selected_tracker_ids(@trackers)
                 @versions = @project.versions.find(:all,
                   :conditions => [ "#{Version.table_name}.effective_date>?", Date.today],
                   :order => "#{Version.table_name}.effective_date ASC"
                 )
               end
               def activity
                 if params[:year] and params[:year].to_i > 1900
                   @year = params[:year].to_i
                   if params[:month] and params[:month].to_i > 0 and params[:month].to_i < 13
                     @month = params[:month].to_i
                   end
                 end
                 @year ||= Date.today.year
                 @month ||= Date.today.month
                 @date_from = Date.civil(@year, @month, 1)
                 @date_to = (@date_from >> 1)-1
                 @events_by_day = {}
                 unless params[:show_issues] == "0"
                   @project.issues.find(:all, :include => [:author, :status], :conditions => ["#{Issue.table_name}.created_on>=? and #{Issue.table_name}.created_on<=?", @date_from, @date_to] ).each { |i|
                     @events_by_day[i.created_on.to_date] ||= []
                     @events_by_day[i.created_on.to_date] << i
                   }
                   @show_issues = 1
                 end
                 unless params[:show_news] == "0"
                   @project.news.find(:all, :conditions => ["#{News.table_name}.created_on>=? and #{News.table_name}.created_on<=?", @date_from, @date_to], :include => :author ).each { |i|
                     @events_by_day[i.created_on.to_date] ||= []
                     @events_by_day[i.created_on.to_date] << i
                   }
                   @show_news = 1
                 end
                 unless params[:show_files] == "0"
                   Attachment.find(:all, :select => "#{Attachment.table_name}.*", :joins => "LEFT JOIN #{Version.table_name} ON #{Version.table_name}.id = #{Attachment.table_name}.container_id", :conditions => ["#{Attachment.table_name}.container_type='Version' and #{Version.table_name}.project_id=? and #{Attachment.table_name}.created_on>=? and #{Attachment.table_name}.created_on<=?", @project.id, @date_from, @date_to], :include => :author ).each { |i|
                     @events_by_day[i.created_on.to_date] ||= []
                     @events_by_day[i.created_on.to_date] << i
                   }
                   @show_files = 1
                 end
                 unless params[:show_documents] == "0"
                   @project.documents.find(:all, :conditions => ["#{Document.table_name}.created_on>=? and #{Document.table_name}.created_on<=?", @date_from, @date_to] ).each { |i|
                     @events_by_day[i.created_on.to_date] ||= []
                     @events_by_day[i.created_on.to_date] << i
                   }
                   Attachment.find(:all, :select => "attachments.*", :joins => "LEFT JOIN #{Document.table_name} ON #{Document.table_name}.id = #{Attachment.table_name}.container_id", :conditions => ["#{Attachment.table_name}.container_type='Document' and #{Document.table_name}.project_id=? and #{Attachment.table_name}.created_on>=? and #{Attachment.table_name}.created_on<=?", @project.id, @date_from, @date_to], :include => :author ).each { |i|
                     @events_by_day[i.created_on.to_date] ||= []
                     @events_by_day[i.created_on.to_date] << i
                   }
                   @show_documents = 1
                 end
                 unless params[:show_wiki_edits] == "0"
                   select = "#{WikiContent.versioned_table_name}.updated_on, #{WikiContent.versioned_table_name}.comment, " +
                            "#{WikiContent.versioned_table_name}.#{WikiContent.version_column}, #{WikiPage.table_name}.title"
                   joins = "LEFT JOIN #{WikiPage.table_name} ON #{WikiPage.table_name}.id = #{WikiContent.versioned_table_name}.page_id " +
                           "LEFT JOIN #{Wiki.table_name} ON #{Wiki.table_name}.id = #{WikiPage.table_name}.wiki_id "
                   conditions = ["#{Wiki.table_name}.project_id = ? AND #{WikiContent.versioned_table_name}.updated_on BETWEEN ? AND ?",
                                 @project.id, @date_from, @date_to]
                   WikiContent.versioned_class.find(:all, :select => select, :joins => joins, :conditions => conditions).each { |i|
                     # We provide this alias so all events can be treated in the same manner
                     def i.created_on
                       self.updated_on
                     end
                     @events_by_day[i.created_on.to_date] ||= []
                     @events_by_day[i.created_on.to_date] << i
                   }
                   @show_wiki_edits = 1
                 end
                 unless @project.repository.nil? || params[:show_changesets] == "0"
                   @project.repository.changesets.find(:all, :conditions => ["#{Changeset.table_name}.committed_on BETWEEN ? AND ?", @date_from, @date_to]).each { |i|
                     def i.created_on
                       self.committed_on
                     end
                     @events_by_day[i.created_on.to_date] ||= []
                     @events_by_day[i.created_on.to_date] << i
                   }
                   @show_changesets = 1
                 end
                 render :layout => false if request.xhr?
               end
               def calendar
                 @trackers = Tracker.find(:all, :order => 'position')
                 retrieve_selected_tracker_ids(@trackers)
                 if params[:year] and params[:year].to_i > 1900
                   @year = params[:year].to_i
                   if params[:month] and params[:month].to_i > 0 and params[:month].to_i < 13
                     @month = params[:month].to_i
                   end
                 end
                 @year ||= Date.today.year
                 @month ||= Date.today.month
                 @date_from = Date.civil(@year, @month, 1)
                 @date_to = (@date_from >> 1)-1
                 # start on monday
                 @date_from = @date_from - (@date_from.cwday-1)
                 # finish on sunday
                 @date_to = @date_to + (7-@date_to.cwday)
                 @project.issues_with_subprojects(params[:with_subprojects]) do
                   @issues = Issue.find(:all,
                                        :include => [:tracker, :status, :assigned_to, :priority],
                                        :conditions => ["((start_date>=? and start_date<=?) or (due_date>=? and due_date<=?)) and #{Issue.table_name}.tracker_id in (#{@selected_tracker_ids.join(',')})", @date_from, @date_to, @date_from, @date_to]
                                        ) unless @selected_tracker_ids.empty?
                 end
                 @issues ||=[]
                 @ending_issues_by_days = @issues.group_by {|issue| issue.due_date}
                 @starting_issues_by_days = @issues.group_by {|issue| issue.start_date}
                 render :layout => false if request.xhr?
               end
               def gantt
                 @trackers = Tracker.find(:all, :order => 'position')
                 retrieve_selected_tracker_ids(@trackers)
                 if params[:year] and params[:year].to_i >0
                   @year_from = params[:year].to_i
                   if params[:month] and params[:month].to_i >=1 and params[:month].to_i <= 12
                     @month_from = params[:month].to_i
                   else
                     @month_from = 1
                   end
                 else
                   @month_from ||= (Date.today << 1).month
                   @year_from ||= (Date.today << 1).year
                 end
                 @zoom = (params[:zoom].to_i > 0 and params[:zoom].to_i < 5) ? params[:zoom].to_i : 2
                 @months = (params[:months].to_i > 0 and params[:months].to_i < 25) ? params[:months].to_i : 6
                 @date_from = Date.civil(@year_from, @month_from, 1)
                 @date_to = (@date_from >> @months) - 1
                 @project.issues_with_subprojects(params[:with_subprojects]) do
                   @issues = Issue.find(:all,
                                        :order => "start_date, due_date",
                                        :include => [:tracker, :status, :assigned_to, :priority],
                                        :conditions => ["(((start_date>=? and start_date<=?) or (due_date>=? and due_date<=?) or (start_date<? and due_date>?)) and start_date is not null and due_date is not null and #{Issue.table_name}.tracker_id in (#{@selected_tracker_ids.join(',')}))", @date_from, @date_to, @date_from, @date_to, @date_from, @date_to]
                                        ) unless @selected_tracker_ids.empty?
                 end
                 @issues ||=[]
                 if params[:output]=='pdf'
                   @options_for_rfpdf ||= {}
                   @options_for_rfpdf[:file_name] = "gantt.pdf"
                   render :template => "projects/gantt.rfpdf", :layout => false
                 else
                   render :template => "projects/gantt.rhtml"
                 end
               end
               def search
                 @question = params[:q] || ""
                 @question.strip!
                 @all_words = params[:all_words] || (params[:submit] ? false : true)
                 @scope = params[:scope] || (params[:submit] ? [] : %w(issues changesets news documents wiki) )
                 # tokens must be at least 3 character long
                 @tokens = @question.split.uniq.select {|w| w.length > 2 }
                 if !@tokens.empty?
                   # no more than 5 tokens to search for
                   @tokens.slice! 5..-1 if @tokens.size > 5
                   # strings used in sql like statement
                   like_tokens = @tokens.collect {|w| "%#{w}%"}
                   operator = @all_words ? " AND " : " OR "
                   limit = 10
                   @results = []
                   @results += @project.issues.find(:all, :limit => limit, :include => :author, :conditions => [ (["(LOWER(subject) like ? OR LOWER(description) like ?)"] * like_tokens.size).join(operator), * (like_tokens * 2).sort] ) if @scope.include? 'issues'
                   @results += @project.news.find(:all, :limit => limit, :conditions => [ (["(LOWER(title) like ? OR LOWER(description) like ?)"] * like_tokens.size).join(operator), * (like_tokens * 2).sort], :include => :author ) if @scope.include? 'news'
                   @results += @project.documents.find(:all, :limit => limit, :conditions => [ (["(LOWER(title) like ? OR LOWER(description) like ?)"] * like_tokens.size).join(operator), * (like_tokens * 2).sort] ) if @scope.include? 'documents'
                   @results += @project.wiki.pages.find(:all, :limit => limit, :include => :content, :conditions => [ (["(LOWER(title) like ? OR LOWER(text) like ?)"] * like_tokens.size).join(operator), * (like_tokens * 2).sort] ) if @project.wiki && @scope.include?('wiki')
                   @results += @project.repository.changesets.find(:all, :limit => limit, :conditions => [ (["(LOWER(comment) like ?)"] * like_tokens.size).join(operator), * (like_tokens).sort] ) if @project.repository && @scope.include?('changesets')
                   @question = @tokens.join(" ")
                 else
                   @question = ""
                 end
               end
               def feeds
                 @queries = @project.queries.find :all, :conditions => ["is_public=? or user_id=?", true, (logged_in_user ? logged_in_user.id : 0)]
                 @key = logged_in_user.get_or_create_rss_key.value if logged_in_user
               end
             private
               # Find project of id params[:id]
               # if not found, redirect to project list
               # Used as a before_filter
               def find_project
                 @project = Project.find(params[:id])
                 @html_title = @project.name
               rescue ActiveRecord::RecordNotFound
                 render_404
               end
               def retrieve_selected_tracker_ids(selectable_trackers)
                 if ids = params[:tracker_ids]
                   @selected_tracker_ids = (ids.is_a? Array) ? ids.collect { |id| id.to_i.to_s } : ids.split('/').collect { |id| id.to_i.to_s }
                 else
                   @selected_tracker_ids = selectable_trackers.collect {|t| t.id.to_s }
                 end
               end
               # Retrieve query from session or build a new query
               def retrieve_query
                 if params[:query_id]
                   @query = @project.queries.find(params[:query_id])
                   session[:query] = @query
                 else
                   if params[:set_filter] or !session[:query] or session[:query].project_id != @project.id
                     # Give it a name, required to be valid
                     @query = Query.new(:name => "_")
                     @query.project = @project
                     if params[:fields] and params[:fields].is_a? Array
                       params[:fields].each do |field|
                         @query.add_filter(field, params[:operators][field], params[:values][field])
                       end
                     else
                       @query.available_filters.keys.each do |field|
                         @query.add_short_filter(field, params[field]) if params[field]
                       end
                     end
                     session[:query] = @query
                   else
                     @query = session[:query]
                   end
                 end
               end
             end

app/helpers/application_helper.rb +1 -1

             # redMine - project management software
             # Copyright (C) 2006-2007  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             module ApplicationHelper
               # Return current logged in user or nil
               def loggedin?
                 @logged_in_user
               end
               # Return true if user is logged in and is admin, otherwise false
               def admin_loggedin?
                 @logged_in_user and @logged_in_user.admin?
               end
               # Return true if user is authorized for controller/action, otherwise false
               def authorize_for(controller, action)
                 # check if action is allowed on public projects
                 if @project.is_public? and Permission.allowed_to_public "%s/%s" % [ controller, action ]
                   return true
                 end
                 # check if user is authorized
-                if @logged_in_user and (@logged_in_user.admin? or Permission.allowed_to_role( "%s/%s" % [ controller, action ], @logged_in_user.role_for_project(@project.id)  )  )
+                if @logged_in_user and (@logged_in_user.admin? or Permission.allowed_to_role( "%s/%s" % [ controller, action ], @logged_in_user.role_for_project(@project)  )  )
                   return true
                 end
                 return false
               end
               # Display a link if user is authorized
               def link_to_if_authorized(name, options = {}, html_options = nil, *parameters_for_method_reference)
                 link_to(name, options, html_options, *parameters_for_method_reference) if authorize_for(options[:controller], options[:action])
               end
               # Display a link to user's account page
               def link_to_user(user)
                 link_to user.display_name, :controller => 'account', :action => 'show', :id => user
               end
               def image_to_function(name, function, html_options = {})
                 html_options.symbolize_keys!
                 tag(:input, html_options.merge({
                     :type => "image", :src => image_path(name),
                     :onclick => (html_options[:onclick] ? "#{html_options[:onclick]}; " : "") + "#{function};"
                     }))
               end
               def format_date(date)
                 l_date(date) if date
               end
               def format_time(time)
                 l_datetime((time.is_a? String) ? time.to_time : time) if time
               end
               def day_name(day)
                 l(:general_day_names).split(',')[day-1]
               end
               def month_name(month)
                 l(:actionview_datehelper_select_month_names).split(',')[month-1]
               end
               def pagination_links_full(paginator, options={}, html_options={})
                 html = ''
                 html << link_to_remote(('&#171; ' + l(:label_previous)),
                                         {:update => "content", :url => options.merge(:page => paginator.current.previous)},
                                         {:href => url_for(:params => options.merge(:page => paginator.current.previous))}) + ' ' if paginator.current.previous
                 html << (pagination_links_each(paginator, options) do |n|
                   link_to_remote(n.to_s,
                                   {:url => {:action => 'list', :params => options.merge(:page => n)}, :update => 'content'},
                                   {:href => url_for(:params => options.merge(:page => n))})
                 end || '')
                 html << ' ' + link_to_remote((l(:label_next) + ' &#187;'),
                                              {:update => "content", :url => options.merge(:page => paginator.current.next)},
                                              {:href => url_for(:params => options.merge(:page => paginator.current.next))}) if paginator.current.next
                 html
               end
               # textilize text according to system settings and RedCloth availability
               def textilizable(text, options = {})
                 # different methods for formatting wiki links
                 case options[:wiki_links]
                 when :local
                   # used for local links to html files
                   format_wiki_link = Proc.new {|title| "#{title}.html" }
                 when :anchor
                   # used for single-file wiki export
                   format_wiki_link = Proc.new {|title| "##{title}" }
                 else
                   if @project
                     format_wiki_link = Proc.new {|title| url_for :controller => 'wiki', :action => 'index', :id => @project, :page => title }
                   else
                     format_wiki_link = Proc.new {|title| title }
                   end
                 end
                 # turn wiki links into textile links:
                 # example:
                 #   [[link]] -> "link":link
                 #   [[link|title]] -> "title":link
                 text = text.gsub(/\[\[([^\]\|]+)(\|([^\]\|]+))?\]\]/) {|m| "\"#{$3 || $1}\":" + format_wiki_link.call(Wiki.titleize($1)) }
                 # turn issue ids to textile links
                 # example:
                 #   #52 -> "#52":/issues/show/52
                 text = text.gsub(/#(\d+)(?=\b)/) {|m| "\"##{$1}\":" + url_for(:controller => 'issues', :action => 'show', :id => $1) }
                 # turn revision ids to textile links (@project needed)
                 # example:
                 #   r52 -> "r52":/repositories/revision/6?rev=52 (@project.id is 6)
                 text = text.gsub(/r(\d+)(?=\b)/) {|m| "\"r#{$1}\":" + url_for(:controller => 'repositories', :action => 'revision', :id => @project.id, :rev => $1) } if @project
                 # finally textilize text
                 @do_textilize ||= (Setting.text_formatting == 'textile') && (ActionView::Helpers::TextHelper.method_defined? "textilize")
                 text = @do_textilize ? auto_link(RedCloth.new(text).to_html) : simple_format(auto_link(h(text)))
               end
               def error_messages_for(object_name, options = {})
                 options = options.symbolize_keys
                 object = instance_variable_get("@#{object_name}")
                 if object && !object.errors.empty?
                   # build full_messages here with controller current language
                   full_messages = []
                   object.errors.each do |attr, msg|
                     next if msg.nil?
                     msg = msg.first if msg.is_a? Array
                     if attr == "base"
                       full_messages << l(msg)
                     else
                       full_messages << "&#171; " + (l_has_string?("field_" + attr) ? l("field_" + attr) : object.class.human_attribute_name(attr)) + " &#187; " + l(msg) unless attr == "custom_values"
                     end
                   end
                   # retrieve custom values error messages
                   if object.errors[:custom_values]
                     object.custom_values.each do |v|
                       v.errors.each do |attr, msg|
                         next if msg.nil?
                         msg = msg.first if msg.is_a? Array
                         full_messages << "&#171; " + v.custom_field.name + " &#187; " + l(msg)
                       end
                     end
                   end
                   content_tag("div",
                     content_tag(
                       options[:header_tag] || "h2", lwr(:gui_validation_error, full_messages.length) + " :"
                     ) +
                     content_tag("ul", full_messages.collect { |msg| content_tag("li", msg) }),
                     "id" => options[:id] || "errorExplanation", "class" => options[:class] || "errorExplanation"
                   )
                 else
                   ""
                 end
               end
               def lang_options_for_select(blank=true)
                 (blank ? [["(auto)", ""]] : []) +
                   (GLoc.valid_languages.sort {|x,y| x.to_s <=> y.to_s }).collect {|lang| [ l_lang_name(lang.to_s, lang), lang.to_s]}
               end
               def label_tag_for(name, option_tags = nil, options = {})
                 label_text = l(("field_"+field.to_s.gsub(/\_id$/, "")).to_sym) + (options.delete(:required) ? @template.content_tag("span", " *", :class => "required"): "")
                 content_tag("label", label_text)
               end
               def labelled_tabular_form_for(name, object, options, &proc)
                 options[:html] ||= {}
                 options[:html].store :class, "tabular"
                 form_for(name, object, options.merge({ :builder => TabularFormBuilder, :lang => current_language}), &proc)
               end
               def check_all_links(form_name)
                 link_to_function(l(:button_check_all), "checkAll('#{form_name}', true)") +
                 " | " +
                 link_to_function(l(:button_uncheck_all), "checkAll('#{form_name}', false)")
               end
               def calendar_for(field_id)
                 image_tag("calendar.png", {:id => "#{field_id}_trigger",:class => "calendar-trigger"}) +
                 javascript_tag("Calendar.setup({inputField : '#{field_id}', ifFormat : '%Y-%m-%d', button : '#{field_id}_trigger' });")
               end
             end
             class TabularFormBuilder < ActionView::Helpers::FormBuilder
               include GLoc
               def initialize(object_name, object, template, options, proc)
                 set_language_if_valid options.delete(:lang)
                 @object_name, @object, @template, @options, @proc = object_name, object, template, options, proc
               end
               (field_helpers - %w(radio_button hidden_field) + %w(date_select)).each do |selector|
                 src = <<-END_SRC
                 def #{selector}(field, options = {})
                   return super if options.delete :no_label
                   label_text = l(("field_"+field.to_s.gsub(/\_id$/, "")).to_sym) + (options.delete(:required) ? @template.content_tag("span", " *", :class => "required"): "")
                   label = @template.content_tag("label", label_text,
                                 :class => (@object && @object.errors[field] ? "error" : nil),
                                 :for => (@object_name.to_s + "_" + field.to_s))
                   label + super
                 end
                 END_SRC
                 class_eval src, __FILE__, __LINE__
               end
               def select(field, choices, options = {}, html_options = {})
                 label_text = l(("field_"+field.to_s.gsub(/\_id$/, "")).to_sym) + (options.delete(:required) ? @template.content_tag("span", " *", :class => "required"): "")
                 label = @template.content_tag("label", label_text,
                               :class => (@object && @object.errors[field] ? "error" : nil),
                               :for => (@object_name.to_s + "_" + field.to_s))
                 label + super
               end
             end

app/models/issue_status.rb +12 -5

             # redMine - project management software
             # Copyright (C) 2006  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             class IssueStatus < ActiveRecord::Base
               before_destroy :check_integrity
               has_many :workflows, :foreign_key => "old_status_id"
               acts_as_list
               validates_presence_of :name
               validates_uniqueness_of :name
               validates_format_of :name, :with => /^[\w\s\'\-]*$/i
               validates_length_of :html_color, :is => 6
               validates_format_of :html_color, :with => /^[a-f0-9]*$/i
               def before_save
                 IssueStatus.update_all "is_default=#{connection.quoted_false}" if self.is_default?
               end
               # Returns the default status for new issues
               def self.default
                 find(:first, :conditions =>["is_default=?", true])
               end
               # Returns an array of all statuses the given role can switch to
+              # Uses association cache when called more than one time
               def new_statuses_allowed_to(role, tracker)
-                statuses = []
+                new_statuses = [self] + workflows.select {|w| w.role_id == role.id && w.tracker_id == tracker.id}.collect{|w| w.new_status}
-                for workflow in self.workflows
+                new_statuses.sort{|x, y| x.position <=> y.position }
-                  statuses << workflow.new_status if workflow.role_id == role.id and workflow.tracker_id == tracker.id
+              end
-                end unless role.nil? or tracker.nil?
-                statuses
+              # Same thing as above but uses a database query
+              # More efficient than the previous method if called just once
+              def find_new_statuses_allowed_to(role, tracker)
+                new_statuses = [self] + workflows.find(:all,
+                                                       :include => :new_status,
+                                                       :conditions => ["role_id=? and tracker_id=?", role.id, tracker.id]).collect{ |w| w.new_status }
+                new_statuses.sort{|x, y| x.position <=> y.position }
               end
             private
               def check_integrity
                 raise "Can't delete status" if Issue.find(:first, :conditions => ["status_id=?", self.id])
               end
             end

app/models/permission.rb +1 -1

             # redMine - project management software
             # Copyright (C) 2006  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             class Permission < ActiveRecord::Base
               has_and_belongs_to_many :roles
               validates_presence_of :controller, :action, :description
               GROUPS = {
 => :label_project,
 => :label_member_plural,
 => :label_version_plural,
 => :label_issue_category_plural,
 => :label_query_plural,
 => :label_issue_plural,
 => :label_news_plural,
 => :label_document_plural,
 => :label_attachment_plural,
 => :label_repository,
 => :label_time_tracking
               }.freeze
               @@cached_perms_for_public = nil
               @@cached_perms_for_roles = nil
               def name
                 self.controller + "/" + self.action
               end
               def group_id
                 (self.sort / 100)*100
               end
               def self.allowed_to_public(action)
                 @@cached_perms_for_public ||= find(:all, :conditions => ["is_public=?", true]).collect {|p| "#{p.controller}/#{p.action}"}
                 @@cached_perms_for_public.include? action
               end
               def self.allowed_to_role(action, role)
                 @@cached_perms_for_roles ||=
                   begin
                     perms = {}
                     find(:all, :include => :roles).each {|p| perms.store "#{p.controller}/#{p.action}", p.roles.collect {|r| r.id } }
                     perms
                   end
-                allowed_to_public(action) or (@@cached_perms_for_roles[action] and @@cached_perms_for_roles[action].include? role)
+                allowed_to_public(action) or (role && @@cached_perms_for_roles[action] && @@cached_perms_for_roles[action].include?(role.id))
               end
               def self.allowed_to_role_expired
                 @@cached_perms_for_roles = nil
               end
             end

app/models/user.rb +2 -8

             # redMine - project management software
             # Copyright (C) 2006-2007  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             require "digest/sha1"
             class User < ActiveRecord::Base
               has_many :memberships, :class_name => 'Member', :include => [ :project, :role ], :dependent => :delete_all
               has_many :projects, :through => :memberships
               has_many :custom_values, :dependent => :delete_all, :as => :customized
               has_one :preference, :dependent => :destroy, :class_name => 'UserPreference'
               has_one :rss_key, :dependent => :destroy, :class_name => 'Token', :conditions => "action='feeds'"
               belongs_to :auth_source
               attr_accessor :password, :password_confirmation
               attr_accessor :last_before_login_on
               # Prevents unauthorized assignments
               attr_protected :login, :admin, :password, :password_confirmation, :hashed_password
               validates_presence_of :login, :firstname, :lastname, :mail
               validates_uniqueness_of :login, :mail
               # Login must contain lettres, numbers, underscores only
               validates_format_of :login, :with => /^[a-z0-9_\-@\.]+$/i
               validates_length_of :login, :maximum => 30
               validates_format_of :firstname, :lastname, :with => /^[\w\s\'\-]*$/i
               validates_length_of :firstname, :lastname, :maximum => 30
               validates_format_of :mail, :with => /^([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})$/i
               validates_length_of :mail, :maximum => 60
               # Password length between 4 and 12
               validates_length_of :password, :in => 4..12, :allow_nil => true
               validates_confirmation_of :password, :allow_nil => true
               validates_associated :custom_values, :on => :update
               # Account statuses
               STATUS_ACTIVE     = 1
               STATUS_REGISTERED = 2
               STATUS_LOCKED     = 3
               def before_save
                 # update hashed_password if password was set
                 self.hashed_password = User.hash_password(self.password) if self.password
               end
               def self.active
                 with_scope :find => { :conditions => [ "status = ?", STATUS_ACTIVE ] } do
                   yield
                 end
               end
               def self.find_active(*args)
                 active do
                   find(*args)
                 end
               end
               # Returns the user that matches provided login and password, or nil
               def self.try_to_login(login, password)
                 user = find(:first, :conditions => ["login=?", login])
                 if user
                   # user is already in local database
                   return nil if !user.active?
                   if user.auth_source
                     # user has an external authentication method
                     return nil unless user.auth_source.authenticate(login, password)
                   else
                     # authentication with local password
                     return nil unless User.hash_password(password) == user.hashed_password
                   end
                 else
                   # user is not yet registered, try to authenticate with available sources
                   attrs = AuthSource.authenticate(login, password)
                   if attrs
                     onthefly = new(*attrs)
                     onthefly.login = login
                     onthefly.language = Setting.default_language
                     if onthefly.save
                       user = find(:first, :conditions => ["login=?", login])
                       logger.info("User '#{user.login}' created on the fly.") if logger
                     end
                   end
                 end
                 user.update_attribute(:last_login_on, Time.now) if user
                 user
                 rescue => text
                   raise text
               end
               # Return user's full name for display
               def display_name
                 firstname + " " + lastname
               end
               def name
                 display_name
               end
               def active?
                 self.status == STATUS_ACTIVE
               end
               def registered?
                 self.status == STATUS_REGISTERED
               end
               def locked?
                 self.status == STATUS_LOCKED
               end
               def check_password?(clear_password)
                 User.hash_password(clear_password) == self.hashed_password
               end
-              def role_for_project(project_id)
+              def role_for_project(project)
-                @role_for_projects ||=
+                memberships.detect {|m| m.project_id == project.id}
-                  begin
-                    roles = {}
-                    self.memberships.each { |m| roles.store m.project_id, m.role_id }
-                    roles
-                  end
-                @role_for_projects[project_id]
               end
               def pref
                 self.preference ||= UserPreference.new(:user => self)
               end
               def get_or_create_rss_key
                 self.rss_key || Token.create(:user => self, :action => 'feeds')
               end
               def self.find_by_rss_key(key)
                 token = Token.find_by_value(key)
                 token && token.user.active? ? token.user : nil
               end
             private
               # Return password digest
               def self.hash_password(clear_password)
                 Digest::SHA1.hexdigest(clear_password || "")
               end
             end

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages