##// END OF EJS Templates
jro_apps » redmine
RSS
Don't use && return....
Jean-Philippe Lang -
r10991:e355a55e3c69
parent child
Show More
Side by Side Unified
Context file:
r10991:e355a55e3c69 Loading diff...:
Show file before | Show file after | Hide comments
@@ -1,298 +1,298
1 1 # Redmine - project management software
2 2 # Copyright (C) 2006-2013 Jean-Philippe Lang
3 3 #
4 4 # This program is free software; you can redistribute it and/or
5 5 # modify it under the terms of the GNU General Public License
6 6 # as published by the Free Software Foundation; either version 2
7 7 # of the License, or (at your option) any later version.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU General Public License
15 15 # along with this program; if not, write to the Free Software
16 16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17 17
18 18 class AccountController < ApplicationController
19 19 helper :custom_fields
20 20 include CustomFieldsHelper
21 21
22 22 # prevents login action to be filtered by check_if_login_required application scope filter
23 23 skip_before_filter :check_if_login_required
24 24
25 25 # Login request and validation
26 26 def login
27 27 if request.get?
28 28 if User.current.logged?
29 29 redirect_to home_url
30 30 end
31 31 else
32 32 authenticate_user
33 33 end
34 34 rescue AuthSourceException => e
35 35 logger.error "An error occured when authenticating #{params[:username]}: #{e.message}"
36 36 render_error :message => e.message
37 37 end
38 38
39 39 # Log out current user and redirect to welcome page
40 40 def logout
41 41 logout_user
42 42 redirect_to home_url
43 43 end
44 44
45 45 # Lets user choose a new password
46 46 def lost_password
47 redirect_to(home_url) && return unless Setting.lost_password?
47 (redirect_to(home_url); return) unless Setting.lost_password?
48 48 if params[:token]
49 49 @token = Token.find_by_action_and_value("recovery", params[:token].to_s)
50 50 if @token.nil? || @token.expired?
51 51 redirect_to home_url
52 52 return
53 53 end
54 54 @user = @token.user
55 55 unless @user && @user.active?
56 56 redirect_to home_url
57 57 return
58 58 end
59 59 if request.post?
60 60 @user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation]
61 61 if @user.save
62 62 @token.destroy
63 63 flash[:notice] = l(:notice_account_password_updated)
64 64 redirect_to signin_path
65 65 return
66 66 end
67 67 end
68 68 render :template => "account/password_recovery"
69 69 return
70 70 else
71 71 if request.post?
72 72 user = User.find_by_mail(params[:mail].to_s)
73 73 # user not found or not active
74 74 unless user && user.active?
75 75 flash.now[:error] = l(:notice_account_unknown_email)
76 76 return
77 77 end
78 78 # user cannot change its password
79 79 unless user.change_password_allowed?
80 80 flash.now[:error] = l(:notice_can_t_change_password)
81 81 return
82 82 end
83 83 # create a new token for password recovery
84 84 token = Token.new(:user => user, :action => "recovery")
85 85 if token.save
86 86 Mailer.lost_password(token).deliver
87 87 flash[:notice] = l(:notice_account_lost_email_sent)
88 88 redirect_to signin_path
89 89 return
90 90 end
91 91 end
92 92 end
93 93 end
94 94
95 95 # User self-registration
96 96 def register
97 redirect_to(home_url) && return unless Setting.self_registration? || session[:auth_source_registration]
97 (redirect_to(home_url); return) unless Setting.self_registration? || session[:auth_source_registration]
98 98 if request.get?
99 99 session[:auth_source_registration] = nil
100 100 @user = User.new(:language => current_language.to_s)
101 101 else
102 102 user_params = params[:user] || {}
103 103 @user = User.new
104 104 @user.safe_attributes = user_params
105 105 @user.admin = false
106 106 @user.register
107 107 if session[:auth_source_registration]
108 108 @user.activate
109 109 @user.login = session[:auth_source_registration][:login]
110 110 @user.auth_source_id = session[:auth_source_registration][:auth_source_id]
111 111 if @user.save
112 112 session[:auth_source_registration] = nil
113 113 self.logged_user = @user
114 114 flash[:notice] = l(:notice_account_activated)
115 115 redirect_to my_account_path
116 116 end
117 117 else
118 118 @user.login = params[:user][:login]
119 119 unless user_params[:identity_url].present? && user_params[:password].blank? && user_params[:password_confirmation].blank?
120 120 @user.password, @user.password_confirmation = user_params[:password], user_params[:password_confirmation]
121 121 end
122 122
123 123 case Setting.self_registration
124 124 when '1'
125 125 register_by_email_activation(@user)
126 126 when '3'
127 127 register_automatically(@user)
128 128 else
129 129 register_manually_by_administrator(@user)
130 130 end
131 131 end
132 132 end
133 133 end
134 134
135 135 # Token based account activation
136 136 def activate
137 137 (redirect_to(home_url); return) unless Setting.self_registration? && params[:token].present?
138 138 token = Token.find_by_action_and_value('register', params[:token].to_s)
139 139 (redirect_to(home_url); return) unless token and !token.expired?
140 140 user = token.user
141 141 (redirect_to(home_url); return) unless user.registered?
142 142 user.activate
143 143 if user.save
144 144 token.destroy
145 145 flash[:notice] = l(:notice_account_activated)
146 146 end
147 147 redirect_to signin_path
148 148 end
149 149
150 150 private
151 151
152 152 def authenticate_user
153 153 if Setting.openid? && using_open_id?
154 154 open_id_authenticate(params[:openid_url])
155 155 else
156 156 password_authentication
157 157 end
158 158 end
159 159
160 160 def password_authentication
161 161 user = User.try_to_login(params[:username], params[:password])
162 162
163 163 if user.nil?
164 164 invalid_credentials
165 165 elsif user.new_record?
166 166 onthefly_creation_failed(user, {:login => user.login, :auth_source_id => user.auth_source_id })
167 167 else
168 168 # Valid user
169 169 successful_authentication(user)
170 170 end
171 171 end
172 172
173 173 def open_id_authenticate(openid_url)
174 174 authenticate_with_open_id(openid_url, :required => [:nickname, :fullname, :email], :return_to => signin_url, :method => :post) do |result, identity_url, registration|
175 175 if result.successful?
176 176 user = User.find_or_initialize_by_identity_url(identity_url)
177 177 if user.new_record?
178 178 # Self-registration off
179 redirect_to(home_url) && return unless Setting.self_registration?
179 (redirect_to(home_url); return) unless Setting.self_registration?
180 180
181 181 # Create on the fly
182 182 user.login = registration['nickname'] unless registration['nickname'].nil?
183 183 user.mail = registration['email'] unless registration['email'].nil?
184 184 user.firstname, user.lastname = registration['fullname'].split(' ') unless registration['fullname'].nil?
185 185 user.random_password
186 186 user.register
187 187
188 188 case Setting.self_registration
189 189 when '1'
190 190 register_by_email_activation(user) do
191 191 onthefly_creation_failed(user)
192 192 end
193 193 when '3'
194 194 register_automatically(user) do
195 195 onthefly_creation_failed(user)
196 196 end
197 197 else
198 198 register_manually_by_administrator(user) do
199 199 onthefly_creation_failed(user)
200 200 end
201 201 end
202 202 else
203 203 # Existing record
204 204 if user.active?
205 205 successful_authentication(user)
206 206 else
207 207 account_pending
208 208 end
209 209 end
210 210 end
211 211 end
212 212 end
213 213
214 214 def successful_authentication(user)
215 215 logger.info "Successful authentication for '#{user.login}' from #{request.remote_ip} at #{Time.now.utc}"
216 216 # Valid user
217 217 self.logged_user = user
218 218 # generate a key and set cookie if autologin
219 219 if params[:autologin] && Setting.autologin?
220 220 set_autologin_cookie(user)
221 221 end
222 222 call_hook(:controller_account_success_authentication_after, {:user => user })
223 223 redirect_back_or_default my_page_path
224 224 end
225 225
226 226 def set_autologin_cookie(user)
227 227 token = Token.create(:user => user, :action => 'autologin')
228 228 cookie_name = Redmine::Configuration['autologin_cookie_name'] || 'autologin'
229 229 cookie_options = {
230 230 :value => token.value,
231 231 :expires => 1.year.from_now,
232 232 :path => (Redmine::Configuration['autologin_cookie_path'] || '/'),
233 233 :secure => (Redmine::Configuration['autologin_cookie_secure'] ? true : false),
234 234 :httponly => true
235 235 }
236 236 cookies[cookie_name] = cookie_options
237 237 end
238 238
239 239 # Onthefly creation failed, display the registration form to fill/fix attributes
240 240 def onthefly_creation_failed(user, auth_source_options = { })
241 241 @user = user
242 242 session[:auth_source_registration] = auth_source_options unless auth_source_options.empty?
243 243 render :action => 'register'
244 244 end
245 245
246 246 def invalid_credentials
247 247 logger.warn "Failed login for '#{params[:username]}' from #{request.remote_ip} at #{Time.now.utc}"
248 248 flash.now[:error] = l(:notice_account_invalid_creditentials)
249 249 end
250 250
251 251 # Register a user for email activation.
252 252 #
253 253 # Pass a block for behavior when a user fails to save
254 254 def register_by_email_activation(user, &block)
255 255 token = Token.new(:user => user, :action => "register")
256 256 if user.save and token.save
257 257 Mailer.register(token).deliver
258 258 flash[:notice] = l(:notice_account_register_done)
259 259 redirect_to signin_path
260 260 else
261 261 yield if block_given?
262 262 end
263 263 end
264 264
265 265 # Automatically register a user
266 266 #
267 267 # Pass a block for behavior when a user fails to save
268 268 def register_automatically(user, &block)
269 269 # Automatic activation
270 270 user.activate
271 271 user.last_login_on = Time.now
272 272 if user.save
273 273 self.logged_user = user
274 274 flash[:notice] = l(:notice_account_activated)
275 275 redirect_to my_account_path
276 276 else
277 277 yield if block_given?
278 278 end
279 279 end
280 280
281 281 # Manual activation by the administrator
282 282 #
283 283 # Pass a block for behavior when a user fails to save
284 284 def register_manually_by_administrator(user, &block)
285 285 if user.save
286 286 # Sends an email to the administrators
287 287 Mailer.account_activation_request(user).deliver
288 288 account_pending
289 289 else
290 290 yield if block_given?
291 291 end
292 292 end
293 293
294 294 def account_pending
295 295 flash[:notice] = l(:notice_account_pending)
296 296 redirect_to signin_path
297 297 end
298 298 end
Show file before | Show file after | Hide comments
@@ -1,262 +1,263
1 1 # Redmine - project management software
2 2 # Copyright (C) 2006-2013 Jean-Philippe Lang
3 3 #
4 4 # This program is free software; you can redistribute it and/or
5 5 # modify it under the terms of the GNU General Public License
6 6 # as published by the Free Software Foundation; either version 2
7 7 # of the License, or (at your option) any later version.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU General Public License
15 15 # along with this program; if not, write to the Free Software
16 16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17 17
18 18 class ProjectsController < ApplicationController
19 19 menu_item :overview
20 20 menu_item :roadmap, :only => :roadmap
21 21 menu_item :settings, :only => :settings
22 22
23 23 before_filter :find_project, :except => [ :index, :list, :new, :create, :copy ]
24 24 before_filter :authorize, :except => [ :index, :list, :new, :create, :copy, :archive, :unarchive, :destroy]
25 25 before_filter :authorize_global, :only => [:new, :create]
26 26 before_filter :require_admin, :only => [ :copy, :archive, :unarchive, :destroy ]
27 27 accept_rss_auth :index
28 28 accept_api_auth :index, :show, :create, :update, :destroy
29 29
30 30 after_filter :only => [:create, :edit, :update, :archive, :unarchive, :destroy] do |controller|
31 31 if controller.request.post?
32 32 controller.send :expire_action, :controller => 'welcome', :action => 'robots'
33 33 end
34 34 end
35 35
36 36 helper :sort
37 37 include SortHelper
38 38 helper :custom_fields
39 39 include CustomFieldsHelper
40 40 helper :issues
41 41 helper :queries
42 42 include QueriesHelper
43 43 helper :repositories
44 44 include RepositoriesHelper
45 45 include ProjectsHelper
46 46 helper :members
47 47
48 48 # Lists visible projects
49 49 def index
50 50 respond_to do |format|
51 51 format.html {
52 52 scope = Project
53 53 unless params[:closed]
54 54 scope = scope.active
55 55 end
56 56 @projects = scope.visible.order('lft').all
57 57 }
58 58 format.api {
59 59 @offset, @limit = api_offset_and_limit
60 60 @project_count = Project.visible.count
61 61 @projects = Project.visible.offset(@offset).limit(@limit).order('lft').all
62 62 }
63 63 format.atom {
64 64 projects = Project.visible.order('created_on DESC').limit(Setting.feeds_limit.to_i).all
65 65 render_feed(projects, :title => "#{Setting.app_title}: #{l(:label_project_latest)}")
66 66 }
67 67 end
68 68 end
69 69
70 70 def new
71 71 @issue_custom_fields = IssueCustomField.sorted.all
72 72 @trackers = Tracker.sorted.all
73 73 @project = Project.new
74 74 @project.safe_attributes = params[:project]
75 75 end
76 76
77 77 def create
78 78 @issue_custom_fields = IssueCustomField.sorted.all
79 79 @trackers = Tracker.sorted.all
80 80 @project = Project.new
81 81 @project.safe_attributes = params[:project]
82 82
83 83 if validate_parent_id && @project.save
84 84 @project.set_allowed_parent!(params[:project]['parent_id']) if params[:project].has_key?('parent_id')
85 85 # Add current user as a project member if he is not admin
86 86 unless User.current.admin?
87 87 r = Role.givable.find_by_id(Setting.new_project_user_role_id.to_i) || Role.givable.first
88 88 m = Member.new(:user => User.current, :roles => [r])
89 89 @project.members << m
90 90 end
91 91 respond_to do |format|
92 92 format.html {
93 93 flash[:notice] = l(:notice_successful_create)
94 94 if params[:continue]
95 95 attrs = {:parent_id => @project.parent_id}.reject {|k,v| v.nil?}
96 96 redirect_to new_project_path(attrs)
97 97 else
98 98 redirect_to settings_project_path(@project)
99 99 end
100 100 }
101 101 format.api { render :action => 'show', :status => :created, :location => url_for(:controller => 'projects', :action => 'show', :id => @project.id) }
102 102 end
103 103 else
104 104 respond_to do |format|
105 105 format.html { render :action => 'new' }
106 106 format.api { render_validation_errors(@project) }
107 107 end
108 108 end
109 109 end
110 110
111 111 def copy
112 112 @issue_custom_fields = IssueCustomField.sorted.all
113 113 @trackers = Tracker.sorted.all
114 114 @source_project = Project.find(params[:id])
115 115 if request.get?
116 116 @project = Project.copy_from(@source_project)
117 117 @project.identifier = Project.next_identifier if Setting.sequential_project_identifiers?
118 118 else
119 119 Mailer.with_deliveries(params[:notifications] == '1') do
120 120 @project = Project.new
121 121 @project.safe_attributes = params[:project]
122 122 if validate_parent_id && @project.copy(@source_project, :only => params[:only])
123 123 @project.set_allowed_parent!(params[:project]['parent_id']) if params[:project].has_key?('parent_id')
124 124 flash[:notice] = l(:notice_successful_create)
125 125 redirect_to settings_project_path(@project)
126 126 elsif !@project.new_record?
127 127 # Project was created
128 128 # But some objects were not copied due to validation failures
129 129 # (eg. issues from disabled trackers)
130 130 # TODO: inform about that
131 131 redirect_to settings_project_path(@project)
132 132 end
133 133 end
134 134 end
135 135 rescue ActiveRecord::RecordNotFound
136 136 # source_project not found
137 137 render_404
138 138 end
139 139
140 140 # Show @project
141 141 def show
142 142 if params[:jump]
143 143 # try to redirect to the requested menu item
144 redirect_to_project_menu_item(@project, params[:jump]) && return
144 redirect_to_project_menu_item(@project, params[:jump])
145 return
145 146 end
146 147
147 148 @users_by_role = @project.users_by_role
148 149 @subprojects = @project.children.visible.all
149 150 @news = @project.news.limit(5).includes(:author, :project).reorder("#{News.table_name}.created_on DESC").all
150 151 @trackers = @project.rolled_up_trackers
151 152
152 153 cond = @project.project_condition(Setting.display_subprojects_issues?)
153 154
154 155 @open_issues_by_tracker = Issue.visible.open.where(cond).count(:group => :tracker)
155 156 @total_issues_by_tracker = Issue.visible.where(cond).count(:group => :tracker)
156 157
157 158 if User.current.allowed_to?(:view_time_entries, @project)
158 159 @total_hours = TimeEntry.visible.sum(:hours, :include => :project, :conditions => cond).to_f
159 160 end
160 161
161 162 @key = User.current.rss_key
162 163
163 164 respond_to do |format|
164 165 format.html
165 166 format.api
166 167 end
167 168 end
168 169
169 170 def settings
170 171 @issue_custom_fields = IssueCustomField.sorted.all
171 172 @issue_category ||= IssueCategory.new
172 173 @member ||= @project.members.new
173 174 @trackers = Tracker.sorted.all
174 175 @wiki ||= @project.wiki
175 176 end
176 177
177 178 def edit
178 179 end
179 180
180 181 def update
181 182 @project.safe_attributes = params[:project]
182 183 if validate_parent_id && @project.save
183 184 @project.set_allowed_parent!(params[:project]['parent_id']) if params[:project].has_key?('parent_id')
184 185 respond_to do |format|
185 186 format.html {
186 187 flash[:notice] = l(:notice_successful_update)
187 188 redirect_to settings_project_path(@project)
188 189 }
189 190 format.api { render_api_ok }
190 191 end
191 192 else
192 193 respond_to do |format|
193 194 format.html {
194 195 settings
195 196 render :action => 'settings'
196 197 }
197 198 format.api { render_validation_errors(@project) }
198 199 end
199 200 end
200 201 end
201 202
202 203 def modules
203 204 @project.enabled_module_names = params[:enabled_module_names]
204 205 flash[:notice] = l(:notice_successful_update)
205 206 redirect_to settings_project_path(@project, :tab => 'modules')
206 207 end
207 208
208 209 def archive
209 210 if request.post?
210 211 unless @project.archive
211 212 flash[:error] = l(:error_can_not_archive_project)
212 213 end
213 214 end
214 215 redirect_to admin_projects_path(:status => params[:status])
215 216 end
216 217
217 218 def unarchive
218 219 @project.unarchive if request.post? && !@project.active?
219 220 redirect_to admin_projects_path(:status => params[:status])
220 221 end
221 222
222 223 def close
223 224 @project.close
224 225 redirect_to project_path(@project)
225 226 end
226 227
227 228 def reopen
228 229 @project.reopen
229 230 redirect_to project_path(@project)
230 231 end
231 232
232 233 # Delete @project
233 234 def destroy
234 235 @project_to_destroy = @project
235 236 if api_request? || params[:confirm]
236 237 @project_to_destroy.destroy
237 238 respond_to do |format|
238 239 format.html { redirect_to admin_projects_path }
239 240 format.api { render_api_ok }
240 241 end
241 242 end
242 243 # hide project in layout
243 244 @project = nil
244 245 end
245 246
246 247 private
247 248
248 249 # Validates parent_id param according to user's permissions
249 250 # TODO: move it to Project model in a validation that depends on User.current
250 251 def validate_parent_id
251 252 return true if User.current.admin?
252 253 parent_id = params[:project] && params[:project][:parent_id]
253 254 if parent_id || @project.new_record?
254 255 parent = parent_id.blank? ? nil : Project.find_by_id(parent_id.to_i)
255 256 unless @project.allowed_parents.include?(parent)
256 257 @project.errors.add :parent_id, :invalid
257 258 return false
258 259 end
259 260 end
260 261 true
261 262 end
262 263 end
General Comments 0
You need to be logged in to leave comments. Login now