jro_apps/redmine Commit - r11735:e978b3ace0e8

Adds User#builtin_role....

Jean-Philippe Lang -

r11735:e978b3ace0e8

parent child

Context file:

r11735:e978b3ace0e8

Collapse all files

app/models/project.rb +1 -1

             # Redmine - project management software
             # Copyright (C) 2006-2013  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             class Project < ActiveRecord::Base
               include Redmine::SafeAttributes
               # Project statuses
               STATUS_ACTIVE     = 1
               STATUS_CLOSED     = 5
               STATUS_ARCHIVED   = 9
               # Maximum length for project identifiers
               IDENTIFIER_MAX_LENGTH = 100
               # Specific overidden Activities
               has_many :time_entry_activities
               has_many :members, :include => [:principal, :roles], :conditions => "#{Principal.table_name}.type='User' AND #{Principal.table_name}.status=#{Principal::STATUS_ACTIVE}"
               has_many :memberships, :class_name => 'Member'
               has_many :member_principals, :class_name => 'Member',
                                            :include => :principal,
                                            :conditions => "#{Principal.table_name}.type='Group' OR (#{Principal.table_name}.type='User' AND #{Principal.table_name}.status=#{Principal::STATUS_ACTIVE})"
               has_many :enabled_modules, :dependent => :delete_all
               has_and_belongs_to_many :trackers, :order => "#{Tracker.table_name}.position"
               has_many :issues, :dependent => :destroy, :include => [:status, :tracker]
               has_many :issue_changes, :through => :issues, :source => :journals
               has_many :versions, :dependent => :destroy, :order => "#{Version.table_name}.effective_date DESC, #{Version.table_name}.name DESC"
               has_many :time_entries, :dependent => :delete_all
               has_many :queries, :class_name => 'IssueQuery', :dependent => :delete_all
               has_many :documents, :dependent => :destroy
               has_many :news, :dependent => :destroy, :include => :author
               has_many :issue_categories, :dependent => :delete_all, :order => "#{IssueCategory.table_name}.name"
               has_many :boards, :dependent => :destroy, :order => "position ASC"
               has_one :repository, :conditions => ["is_default = ?", true]
               has_many :repositories, :dependent => :destroy
               has_many :changesets, :through => :repository
               has_one :wiki, :dependent => :destroy
               # Custom field for the project issues
               has_and_belongs_to_many :issue_custom_fields,
                                       :class_name => 'IssueCustomField',
                                       :order => "#{CustomField.table_name}.position",
                                       :join_table => "#{table_name_prefix}custom_fields_projects#{table_name_suffix}",
                                       :association_foreign_key => 'custom_field_id'
               acts_as_nested_set :order => 'name', :dependent => :destroy
               acts_as_attachable :view_permission => :view_files,
                                  :delete_permission => :manage_files
               acts_as_customizable
               acts_as_searchable :columns => ['name', 'identifier', 'description'], :project_key => 'id', :permission => nil
               acts_as_event :title => Proc.new {|o| "#{l(:label_project)}: #{o.name}"},
                             :url => Proc.new {|o| {:controller => 'projects', :action => 'show', :id => o}},
                             :author => nil
               attr_protected :status
               validates_presence_of :name, :identifier
               validates_uniqueness_of :identifier
               validates_associated :repository, :wiki
               validates_length_of :name, :maximum => 255
               validates_length_of :homepage, :maximum => 255
               validates_length_of :identifier, :in => 1..IDENTIFIER_MAX_LENGTH
               # donwcase letters, digits, dashes but not digits only
               validates_format_of :identifier, :with => /\A(?!\d+$)[a-z0-9\-_]*\z/, :if => Proc.new { |p| p.identifier_changed? }
               # reserved words
               validates_exclusion_of :identifier, :in => %w( new )
               after_save :update_position_under_parent, :if => Proc.new {|project| project.name_changed?}
               after_save :update_inherited_members, :if => Proc.new {|project| project.inherit_members_changed?}
               before_destroy :delete_all_members
               scope :has_module, lambda {|mod|
                 where("#{Project.table_name}.id IN (SELECT em.project_id FROM #{EnabledModule.table_name} em WHERE em.name=?)", mod.to_s)
               }
               scope :active, lambda { where(:status => STATUS_ACTIVE) }
               scope :status, lambda {|arg| where(arg.blank? ? nil : {:status => arg.to_i}) }
               scope :all_public, lambda { where(:is_public => true) }
               scope :visible, lambda {|*args| where(Project.visible_condition(args.shift || User.current, *args)) }
               scope :allowed_to, lambda {|*args|
                 user = User.current
                 permission = nil
                 if args.first.is_a?(Symbol)
                   permission = args.shift
                 else
                   user = args.shift
                   permission = args.shift
                 end
                 where(Project.allowed_to_condition(user, permission, *args))
               }
               scope :like, lambda {|arg|
                 if arg.blank?
                   where(nil)
                 else
                   pattern = "%#{arg.to_s.strip.downcase}%"
                   where("LOWER(identifier) LIKE :p OR LOWER(name) LIKE :p", :p => pattern)
                 end
               }
               def initialize(attributes=nil, *args)
                 super
                 initialized = (attributes || {}).stringify_keys
                 if !initialized.key?('identifier') && Setting.sequential_project_identifiers?
                   self.identifier = Project.next_identifier
                 end
                 if !initialized.key?('is_public')
                   self.is_public = Setting.default_projects_public?
                 end
                 if !initialized.key?('enabled_module_names')
                   self.enabled_module_names = Setting.default_projects_modules
                 end
                 if !initialized.key?('trackers') && !initialized.key?('tracker_ids')
                   default = Setting.default_projects_tracker_ids
                   if default.is_a?(Array)
                     self.trackers = Tracker.where(:id => default.map(&:to_i)).sorted.all
                   else
                     self.trackers = Tracker.sorted.all
                   end
                 end
               end
               def identifier=(identifier)
                 super unless identifier_frozen?
               end
               def identifier_frozen?
                 errors[:identifier].blank? && !(new_record? || identifier.blank?)
               end
               # returns latest created projects
               # non public projects will be returned only if user is a member of those
               def self.latest(user=nil, count=5)
                 visible(user).limit(count).order("created_on DESC").all
               end
               # Returns true if the project is visible to +user+ or to the current user.
               def visible?(user=User.current)
                 user.allowed_to?(:view_project, self)
               end
               # Returns a SQL conditions string used to find all projects visible by the specified user.
               #
               # Examples:
               #   Project.visible_condition(admin)        => "projects.status = 1"
               #   Project.visible_condition(normal_user)  => "((projects.status = 1) AND (projects.is_public = 1 OR projects.id IN (1,3,4)))"
               #   Project.visible_condition(anonymous)    => "((projects.status = 1) AND (projects.is_public = 1))"
               def self.visible_condition(user, options={})
                 allowed_to_condition(user, :view_project, options)
               end
               # Returns a SQL conditions string used to find all projects for which +user+ has the given +permission+
               #
               # Valid options:
               # * :project => limit the condition to project
               # * :with_subprojects => limit the condition to project and its subprojects
               # * :member => limit the condition to the user projects
               def self.allowed_to_condition(user, permission, options={})
                 perm = Redmine::AccessControl.permission(permission)
                 base_statement = (perm && perm.read? ? "#{Project.table_name}.status <> #{Project::STATUS_ARCHIVED}" : "#{Project.table_name}.status = #{Project::STATUS_ACTIVE}")
                 if perm && perm.project_module
                   # If the permission belongs to a project module, make sure the module is enabled
                   base_statement << " AND #{Project.table_name}.id IN (SELECT em.project_id FROM #{EnabledModule.table_name} em WHERE em.name='#{perm.project_module}')"
                 end
                 if options[:project]
                   project_statement = "#{Project.table_name}.id = #{options[:project].id}"
                   project_statement << " OR (#{Project.table_name}.lft > #{options[:project].lft} AND #{Project.table_name}.rgt < #{options[:project].rgt})" if options[:with_subprojects]
                   base_statement = "(#{project_statement}) AND (#{base_statement})"
                 end
                 if user.admin?
                   base_statement
                 else
                   statement_by_role = {}
                   unless options[:member]
-                    role = user.logged? ? Role.non_member : Role.anonymous
+                    role = user.builtin_role
                     if role.allowed_to?(permission)
                       statement_by_role[role] = "#{Project.table_name}.is_public = #{connection.quoted_true}"
                     end
                   end
                   if user.logged?
                     user.projects_by_role.each do |role, projects|
                       if role.allowed_to?(permission) && projects.any?
                         statement_by_role[role] = "#{Project.table_name}.id IN (#{projects.collect(&:id).join(',')})"
                       end
                     end
                   end
                   if statement_by_role.empty?
                     "1=0"
                   else
                     if block_given?
                       statement_by_role.each do |role, statement|
                         if s = yield(role, user)
                           statement_by_role[role] = "(#{statement} AND (#{s}))"
                         end
                       end
                     end
                     "((#{base_statement}) AND (#{statement_by_role.values.join(' OR ')}))"
                   end
                 end
               end
               def principals
                 @principals ||= Principal.active.joins(:members).where("#{Member.table_name}.project_id = ?", id).uniq
               end
               def users
                 @users ||= User.active.joins(:members).where("#{Member.table_name}.project_id = ?", id).uniq
               end
               # Returns the Systemwide and project specific activities
               def activities(include_inactive=false)
                 if include_inactive
                   return all_activities
                 else
                   return active_activities
                 end
               end
               # Will create a new Project specific Activity or update an existing one
               #
               # This will raise a ActiveRecord::Rollback if the TimeEntryActivity
               # does not successfully save.
               def update_or_create_time_entry_activity(id, activity_hash)
                 if activity_hash.respond_to?(:has_key?) && activity_hash.has_key?('parent_id')
                   self.create_time_entry_activity_if_needed(activity_hash)
                 else
                   activity = project.time_entry_activities.find_by_id(id.to_i)
                   activity.update_attributes(activity_hash) if activity
                 end
               end
               # Create a new TimeEntryActivity if it overrides a system TimeEntryActivity
               #
               # This will raise a ActiveRecord::Rollback if the TimeEntryActivity
               # does not successfully save.
               def create_time_entry_activity_if_needed(activity)
                 if activity['parent_id']
                   parent_activity = TimeEntryActivity.find(activity['parent_id'])
                   activity['name'] = parent_activity.name
                   activity['position'] = parent_activity.position
                   if Enumeration.overridding_change?(activity, parent_activity)
                     project_activity = self.time_entry_activities.create(activity)
                     if project_activity.new_record?
                       raise ActiveRecord::Rollback, "Overridding TimeEntryActivity was not successfully saved"
                     else
                       self.time_entries.update_all("activity_id = #{project_activity.id}", ["activity_id = ?", parent_activity.id])
                     end
                   end
                 end
               end
               # Returns a :conditions SQL string that can be used to find the issues associated with this project.
               #
               # Examples:
               #   project.project_condition(true)  => "(projects.id = 1 OR (projects.lft > 1 AND projects.rgt < 10))"
               #   project.project_condition(false) => "projects.id = 1"
               def project_condition(with_subprojects)
                 cond = "#{Project.table_name}.id = #{id}"
                 cond = "(#{cond} OR (#{Project.table_name}.lft > #{lft} AND #{Project.table_name}.rgt < #{rgt}))" if with_subprojects
                 cond
               end
               def self.find(*args)
                 if args.first && args.first.is_a?(String) && !args.first.match(/^\d*$/)
                   project = find_by_identifier(*args)
                   raise ActiveRecord::RecordNotFound, "Couldn't find Project with identifier=#{args.first}" if project.nil?
                   project
                 else
                   super
                 end
               end
               def self.find_by_param(*args)
                 self.find(*args)
               end
               alias :base_reload :reload
               def reload(*args)
                 @principals = nil
                 @users = nil
                 @shared_versions = nil
                 @rolled_up_versions = nil
                 @rolled_up_trackers = nil
                 @all_issue_custom_fields = nil
                 @all_time_entry_custom_fields = nil
                 @to_param = nil
                 @allowed_parents = nil
                 @allowed_permissions = nil
                 @actions_allowed = nil
                 @start_date = nil
                 @due_date = nil
                 base_reload(*args)
               end
               def to_param
                 # id is used for projects with a numeric identifier (compatibility)
                 @to_param ||= (identifier.to_s =~ %r{^\d*$} ? id.to_s : identifier)
               end
               def active?
                 self.status == STATUS_ACTIVE
               end
               def archived?
                 self.status == STATUS_ARCHIVED
               end
               # Archives the project and its descendants
               def archive
                 # Check that there is no issue of a non descendant project that is assigned
                 # to one of the project or descendant versions
                 v_ids = self_and_descendants.collect {|p| p.version_ids}.flatten
                 if v_ids.any? &&
                   Issue.
                     includes(:project).
                     where("#{Project.table_name}.lft < ? OR #{Project.table_name}.rgt > ?", lft, rgt).
                     where("#{Issue.table_name}.fixed_version_id IN (?)", v_ids).
                     exists?
                   return false
                 end
                 Project.transaction do
                   archive!
                 end
                 true
               end
               # Unarchives the project
               # All its ancestors must be active
               def unarchive
                 return false if ancestors.detect {|a| !a.active?}
                 update_attribute :status, STATUS_ACTIVE
               end
               def close
                 self_and_descendants.status(STATUS_ACTIVE).update_all :status => STATUS_CLOSED
               end
               def reopen
                 self_and_descendants.status(STATUS_CLOSED).update_all :status => STATUS_ACTIVE
               end
               # Returns an array of projects the project can be moved to
               # by the current user
               def allowed_parents
                 return @allowed_parents if @allowed_parents
                 @allowed_parents = Project.where(Project.allowed_to_condition(User.current, :add_subprojects)).all
                 @allowed_parents = @allowed_parents - self_and_descendants
                 if User.current.allowed_to?(:add_project, nil, :global => true) || (!new_record? && parent.nil?)
                   @allowed_parents << nil
                 end
                 unless parent.nil? || @allowed_parents.empty? || @allowed_parents.include?(parent)
                   @allowed_parents << parent
                 end
                 @allowed_parents
               end
               # Sets the parent of the project with authorization check
               def set_allowed_parent!(p)
                 unless p.nil? || p.is_a?(Project)
                   if p.to_s.blank?
                     p = nil
                   else
                     p = Project.find_by_id(p)
                     return false unless p
                   end
                 end
                 if p.nil?
                   if !new_record? && allowed_parents.empty?
                     return false
                   end
                 elsif !allowed_parents.include?(p)
                   return false
                 end
                 set_parent!(p)
               end
               # Sets the parent of the project
               # Argument can be either a Project, a String, a Fixnum or nil
               def set_parent!(p)
                 unless p.nil? || p.is_a?(Project)
                   if p.to_s.blank?
                     p = nil
                   else
                     p = Project.find_by_id(p)
                     return false unless p
                   end
                 end
                 if p == parent && !p.nil?
                   # Nothing to do
                   true
                 elsif p.nil? || (p.active? && move_possible?(p))
                   set_or_update_position_under(p)
                   Issue.update_versions_from_hierarchy_change(self)
                   true
                 else
                   # Can not move to the given target
                   false
                 end
               end
               # Recalculates all lft and rgt values based on project names
               # Unlike Project.rebuild!, these values are recalculated even if the tree "looks" valid
               # Used in BuildProjectsTree migration
               def self.rebuild_tree!
                 transaction do
                   update_all "lft = NULL, rgt = NULL"
                   rebuild!(false)
                 end
               end
               # Returns an array of the trackers used by the project and its active sub projects
               def rolled_up_trackers
                 @rolled_up_trackers ||=
                   Tracker.
                     joins(:projects).
                     joins("JOIN #{EnabledModule.table_name} ON #{EnabledModule.table_name}.project_id = #{Project.table_name}.id AND #{EnabledModule.table_name}.name = 'issue_tracking'").
                     select("DISTINCT #{Tracker.table_name}.*").
                     where("#{Project.table_name}.lft >= ? AND #{Project.table_name}.rgt <= ? AND #{Project.table_name}.status <> #{STATUS_ARCHIVED}", lft, rgt).
                     sorted.
                     all
               end
               # Closes open and locked project versions that are completed
               def close_completed_versions
                 Version.transaction do
                   versions.where(:status => %w(open locked)).all.each do |version|
                     if version.completed?
                       version.update_attribute(:status, 'closed')
                     end
                   end
                 end
               end
               # Returns a scope of the Versions on subprojects
               def rolled_up_versions
                 @rolled_up_versions ||=
                   Version.
                     includes(:project).
                     where("#{Project.table_name}.lft >= ? AND #{Project.table_name}.rgt <= ? AND #{Project.table_name}.status <> ?", lft, rgt, STATUS_ARCHIVED)
               end
               # Returns a scope of the Versions used by the project
               def shared_versions
                 if new_record?
                   Version.
                     includes(:project).
                     where("#{Project.table_name}.status <> ? AND #{Version.table_name}.sharing = 'system'", STATUS_ARCHIVED)
                 else
                   @shared_versions ||= begin
                     r = root? ? self : root
                     Version.
                       includes(:project).
                       where("#{Project.table_name}.id = #{id}" +
                               " OR (#{Project.table_name}.status <> #{Project::STATUS_ARCHIVED} AND (" +
                                 " #{Version.table_name}.sharing = 'system'" +
                                 " OR (#{Project.table_name}.lft >= #{r.lft} AND #{Project.table_name}.rgt <= #{r.rgt} AND #{Version.table_name}.sharing = 'tree')" +
                                 " OR (#{Project.table_name}.lft < #{lft} AND #{Project.table_name}.rgt > #{rgt} AND #{Version.table_name}.sharing IN ('hierarchy', 'descendants'))" +
                                 " OR (#{Project.table_name}.lft > #{lft} AND #{Project.table_name}.rgt < #{rgt} AND #{Version.table_name}.sharing = 'hierarchy')" +
                               "))")
                   end
                 end
               end
               # Returns a hash of project users grouped by role
               def users_by_role
                 members.includes(:user, :roles).all.inject({}) do |h, m|
                   m.roles.each do |r|
                     h[r] ||= []
                     h[r] << m.user
                   end
                   h
                 end
               end
               # Deletes all project's members
               def delete_all_members
                 me, mr = Member.table_name, MemberRole.table_name
                 connection.delete("DELETE FROM #{mr} WHERE #{mr}.member_id IN (SELECT #{me}.id FROM #{me} WHERE #{me}.project_id = #{id})")
                 Member.delete_all(['project_id = ?', id])
               end
               # Users/groups issues can be assigned to
               def assignable_users
                 assignable = Setting.issue_group_assignment? ? member_principals : members
                 assignable.select {|m| m.roles.detect {|role| role.assignable?}}.collect {|m| m.principal}.sort
               end
               # Returns the mail adresses of users that should be always notified on project events
               def recipients
                 notified_users.collect {|user| user.mail}
               end
               # Returns the users that should be notified on project events
               def notified_users
                 # TODO: User part should be extracted to User#notify_about?
                 members.select {|m| m.principal.present? && (m.mail_notification? || m.principal.mail_notification == 'all')}.collect {|m| m.principal}
               end
               # Returns a scope of all custom fields enabled for project issues
               # (explictly associated custom fields and custom fields enabled for all projects)
               def all_issue_custom_fields
                 @all_issue_custom_fields ||= IssueCustomField.
                   sorted.
                   where("is_for_all = ? OR id IN (SELECT DISTINCT cfp.custom_field_id" +
                     " FROM #{table_name_prefix}custom_fields_projects#{table_name_suffix} cfp" +
                     " WHERE cfp.project_id = ?)", true, id)
               end
               # Returns an array of all custom fields enabled for project time entries
               # (explictly associated custom fields and custom fields enabled for all projects)
               def all_time_entry_custom_fields
                 @all_time_entry_custom_fields ||= (TimeEntryCustomField.for_all + time_entry_custom_fields).uniq.sort
               end
               def project
                 self
               end
               def <=>(project)
                 name.downcase <=> project.name.downcase
               end
               def to_s
                 name
               end
               # Returns a short description of the projects (first lines)
               def short_description(length = 255)
                 description.gsub(/^(.{#{length}}[^\n\r]*).*$/m, '\1...').strip if description
               end
               def css_classes
                 s = 'project'
                 s << ' root' if root?
                 s << ' child' if child?
                 s << (leaf? ? ' leaf' : ' parent')
                 unless active?
                   if archived?
                     s << ' archived'
                   else
                     s << ' closed'
                   end
                 end
                 s
               end
               # The earliest start date of a project, based on it's issues and versions
               def start_date
                 @start_date ||= [
                  issues.minimum('start_date'),
                  shared_versions.minimum('effective_date'),
                  Issue.fixed_version(shared_versions).minimum('start_date')
                 ].compact.min
               end
               # The latest due date of an issue or version
               def due_date
                 @due_date ||= [
                  issues.maximum('due_date'),
                  shared_versions.maximum('effective_date'),
                  Issue.fixed_version(shared_versions).maximum('due_date')
                 ].compact.max
               end
               def overdue?
                 active? && !due_date.nil? && (due_date < Date.today)
               end
               # Returns the percent completed for this project, based on the
               # progress on it's versions.
               def completed_percent(options={:include_subprojects => false})
                 if options.delete(:include_subprojects)
                   total = self_and_descendants.collect(&:completed_percent).sum
                   total / self_and_descendants.count
                 else
                   if versions.count > 0
                     total = versions.collect(&:completed_percent).sum
                     total / versions.count
                   else
                   end
                 end
               end
               # Return true if this project allows to do the specified action.
               # action can be:
               # * a parameter-like Hash (eg. :controller => 'projects', :action => 'edit')
               # * a permission Symbol (eg. :edit_project)
               def allows_to?(action)
                 if archived?
                   # No action allowed on archived projects
                   return false
                 end
                 unless active? || Redmine::AccessControl.read_action?(action)
                   # No write action allowed on closed projects
                   return false
                 end
                 # No action allowed on disabled modules
                 if action.is_a? Hash
                   allowed_actions.include? "#{action[:controller]}/#{action[:action]}"
                 else
                   allowed_permissions.include? action
                 end
               end
               def module_enabled?(module_name)
                 module_name = module_name.to_s
                 enabled_modules.detect {|m| m.name == module_name}
               end
               def enabled_module_names=(module_names)
                 if module_names && module_names.is_a?(Array)
                   module_names = module_names.collect(&:to_s).reject(&:blank?)
                   self.enabled_modules = module_names.collect {|name| enabled_modules.detect {|mod| mod.name == name} || EnabledModule.new(:name => name)}
                 else
                   enabled_modules.clear
                 end
               end
               # Returns an array of the enabled modules names
               def enabled_module_names
                 enabled_modules.collect(&:name)
               end
               # Enable a specific module
               #
               # Examples:
               #   project.enable_module!(:issue_tracking)
               #   project.enable_module!("issue_tracking")
               def enable_module!(name)
                 enabled_modules << EnabledModule.new(:name => name.to_s) unless module_enabled?(name)
               end
               # Disable a module if it exists
               #
               # Examples:
               #   project.disable_module!(:issue_tracking)
               #   project.disable_module!("issue_tracking")
               #   project.disable_module!(project.enabled_modules.first)
               def disable_module!(target)
                 target = enabled_modules.detect{|mod| target.to_s == mod.name} unless enabled_modules.include?(target)
                 target.destroy unless target.blank?
               end
               safe_attributes 'name',
                 'description',
                 'homepage',
                 'is_public',
                 'identifier',
                 'custom_field_values',
                 'custom_fields',
                 'tracker_ids',
                 'issue_custom_field_ids'
               safe_attributes 'enabled_module_names',
                 :if => lambda {|project, user| project.new_record? || user.allowed_to?(:select_project_modules, project) }
               safe_attributes 'inherit_members',
                 :if => lambda {|project, user| project.parent.nil? || project.parent.visible?(user)}
               # Returns an array of projects that are in this project's hierarchy
               #
               # Example: parents, children, siblings
               def hierarchy
                 parents = project.self_and_ancestors || []
                 descendants = project.descendants || []
                 project_hierarchy = parents | descendants # Set union
               end
               # Returns an auto-generated project identifier based on the last identifier used
               def self.next_identifier
                 p = Project.order('id DESC').first
                 p.nil? ? nil : p.identifier.to_s.succ
               end
               # Copies and saves the Project instance based on the +project+.
               # Duplicates the source project's:
               # * Wiki
               # * Versions
               # * Categories
               # * Issues
               # * Members
               # * Queries
               #
               # Accepts an +options+ argument to specify what to copy
               #
               # Examples:
               #   project.copy(1)                                    # => copies everything
               #   project.copy(1, :only => 'members')                # => copies members only
               #   project.copy(1, :only => ['members', 'versions'])  # => copies members and versions
               def copy(project, options={})
                 project = project.is_a?(Project) ? project : Project.find(project)
                 to_be_copied = %w(wiki versions issue_categories issues members queries boards)
                 to_be_copied = to_be_copied & options[:only].to_a unless options[:only].nil?
                 Project.transaction do
                   if save
                     reload
                     to_be_copied.each do |name|
                       send "copy_#{name}", project
                     end
                     Redmine::Hook.call_hook(:model_project_copy_before_save, :source_project => project, :destination_project => self)
                     save
                   end
                 end
               end
               # Returns a new unsaved Project instance with attributes copied from +project+
               def self.copy_from(project)
                 project = project.is_a?(Project) ? project : Project.find(project)
                 # clear unique attributes
                 attributes = project.attributes.dup.except('id', 'name', 'identifier', 'status', 'parent_id', 'lft', 'rgt')
                 copy = Project.new(attributes)
                 copy.enabled_modules = project.enabled_modules
                 copy.trackers = project.trackers
                 copy.custom_values = project.custom_values.collect {|v| v.clone}
                 copy.issue_custom_fields = project.issue_custom_fields
                 copy
               end
               # Yields the given block for each project with its level in the tree
               def self.project_tree(projects, &block)
                 ancestors = []
                 projects.sort_by(&:lft).each do |project|
                   while (ancestors.any? && !project.is_descendant_of?(ancestors.last))
                     ancestors.pop
                   end
                   yield project, ancestors.size
                   ancestors << project
                 end
               end
               private
               def after_parent_changed(parent_was)
                 remove_inherited_member_roles
                 add_inherited_member_roles
               end
               def update_inherited_members
                 if parent
                   if inherit_members? && !inherit_members_was
                     remove_inherited_member_roles
                     add_inherited_member_roles
                   elsif !inherit_members? && inherit_members_was
                     remove_inherited_member_roles
                   end
                 end
               end
               def remove_inherited_member_roles
                 member_roles = memberships.map(&:member_roles).flatten
                 member_role_ids = member_roles.map(&:id)
                 member_roles.each do |member_role|
                   if member_role.inherited_from && !member_role_ids.include?(member_role.inherited_from)
                     member_role.destroy
                   end
                 end
               end
               def add_inherited_member_roles
                 if inherit_members? && parent
                   parent.memberships.each do |parent_member|
                     member = Member.find_or_new(self.id, parent_member.user_id)
                     parent_member.member_roles.each do |parent_member_role|
                       member.member_roles << MemberRole.new(:role => parent_member_role.role, :inherited_from => parent_member_role.id)
                     end
                     member.save!
                   end
                 end
               end
               # Copies wiki from +project+
               def copy_wiki(project)
                 # Check that the source project has a wiki first
                 unless project.wiki.nil?
                   wiki = self.wiki || Wiki.new
                   wiki.attributes = project.wiki.attributes.dup.except("id", "project_id")
                   wiki_pages_map = {}
                   project.wiki.pages.each do |page|
                     # Skip pages without content
                     next if page.content.nil?
                     new_wiki_content = WikiContent.new(page.content.attributes.dup.except("id", "page_id", "updated_on"))
                     new_wiki_page = WikiPage.new(page.attributes.dup.except("id", "wiki_id", "created_on", "parent_id"))
                     new_wiki_page.content = new_wiki_content
                     wiki.pages << new_wiki_page
                     wiki_pages_map[page.id] = new_wiki_page
                   end
                   self.wiki = wiki
                   wiki.save
                   # Reproduce page hierarchy
                   project.wiki.pages.each do |page|
                     if page.parent_id && wiki_pages_map[page.id]
                       wiki_pages_map[page.id].parent = wiki_pages_map[page.parent_id]
                       wiki_pages_map[page.id].save
                     end
                   end
                 end
               end
               # Copies versions from +project+
               def copy_versions(project)
                 project.versions.each do |version|
                   new_version = Version.new
                   new_version.attributes = version.attributes.dup.except("id", "project_id", "created_on", "updated_on")
                   self.versions << new_version
                 end
               end
               # Copies issue categories from +project+
               def copy_issue_categories(project)
                 project.issue_categories.each do |issue_category|
                   new_issue_category = IssueCategory.new
                   new_issue_category.attributes = issue_category.attributes.dup.except("id", "project_id")
                   self.issue_categories << new_issue_category
                 end
               end
               # Copies issues from +project+
               def copy_issues(project)
                 # Stores the source issue id as a key and the copied issues as the
                 # value.  Used to map the two togeather for issue relations.
                 issues_map = {}
                 # Store status and reopen locked/closed versions
                 version_statuses = versions.reject(&:open?).map {|version| [version, version.status]}
                 version_statuses.each do |version, status|
                   version.update_attribute :status, 'open'
                 end
                 # Get issues sorted by root_id, lft so that parent issues
                 # get copied before their children
                 project.issues.reorder('root_id, lft').all.each do |issue|
                   new_issue = Issue.new
                   new_issue.copy_from(issue, :subtasks => false, :link => false)
                   new_issue.project = self
                   # Changing project resets the custom field values
                   # TODO: handle this in Issue#project=
                   new_issue.custom_field_values = issue.custom_field_values.inject({}) {|h,v| h[v.custom_field_id] = v.value; h}
                   # Reassign fixed_versions by name, since names are unique per project
                   if issue.fixed_version && issue.fixed_version.project == project
                     new_issue.fixed_version = self.versions.detect {|v| v.name == issue.fixed_version.name}
                   end
                   # Reassign the category by name, since names are unique per project
                   if issue.category
                     new_issue.category = self.issue_categories.detect {|c| c.name == issue.category.name}
                   end
                   # Parent issue
                   if issue.parent_id
                     if copied_parent = issues_map[issue.parent_id]
                       new_issue.parent_issue_id = copied_parent.id
                     end
                   end
                   self.issues << new_issue
                   if new_issue.new_record?
                     logger.info "Project#copy_issues: issue ##{issue.id} could not be copied: #{new_issue.errors.full_messages}" if logger && logger.info
                   else
                     issues_map[issue.id] = new_issue unless new_issue.new_record?
                   end
                 end
                 # Restore locked/closed version statuses
                 version_statuses.each do |version, status|
                   version.update_attribute :status, status
                 end
                 # Relations after in case issues related each other
                 project.issues.each do |issue|
                   new_issue = issues_map[issue.id]
                   unless new_issue
                     # Issue was not copied
                     next
                   end
                   # Relations
                   issue.relations_from.each do |source_relation|
                     new_issue_relation = IssueRelation.new
                     new_issue_relation.attributes = source_relation.attributes.dup.except("id", "issue_from_id", "issue_to_id")
                     new_issue_relation.issue_to = issues_map[source_relation.issue_to_id]
                     if new_issue_relation.issue_to.nil? && Setting.cross_project_issue_relations?
                       new_issue_relation.issue_to = source_relation.issue_to
                     end
                     new_issue.relations_from << new_issue_relation
                   end
                   issue.relations_to.each do |source_relation|
                     new_issue_relation = IssueRelation.new
                     new_issue_relation.attributes = source_relation.attributes.dup.except("id", "issue_from_id", "issue_to_id")
                     new_issue_relation.issue_from = issues_map[source_relation.issue_from_id]
                     if new_issue_relation.issue_from.nil? && Setting.cross_project_issue_relations?
                       new_issue_relation.issue_from = source_relation.issue_from
                     end
                     new_issue.relations_to << new_issue_relation
                   end
                 end
               end
               # Copies members from +project+
               def copy_members(project)
                 # Copy users first, then groups to handle members with inherited and given roles
                 members_to_copy = []
                 members_to_copy += project.memberships.select {|m| m.principal.is_a?(User)}
                 members_to_copy += project.memberships.select {|m| !m.principal.is_a?(User)}
                 members_to_copy.each do |member|
                   new_member = Member.new
                   new_member.attributes = member.attributes.dup.except("id", "project_id", "created_on")
                   # only copy non inherited roles
                   # inherited roles will be added when copying the group membership
                   role_ids = member.member_roles.reject(&:inherited?).collect(&:role_id)
                   next if role_ids.empty?
                   new_member.role_ids = role_ids
                   new_member.project = self
                   self.members << new_member
                 end
               end
               # Copies queries from +project+
               def copy_queries(project)
                 project.queries.each do |query|
                   new_query = IssueQuery.new
                   new_query.attributes = query.attributes.dup.except("id", "project_id", "sort_criteria")
                   new_query.sort_criteria = query.sort_criteria if query.sort_criteria
                   new_query.project = self
                   new_query.user_id = query.user_id
                   self.queries << new_query
                 end
               end
               # Copies boards from +project+
               def copy_boards(project)
                 project.boards.each do |board|
                   new_board = Board.new
                   new_board.attributes = board.attributes.dup.except("id", "project_id", "topics_count", "messages_count", "last_message_id")
                   new_board.project = self
                   self.boards << new_board
                 end
               end
               def allowed_permissions
                 @allowed_permissions ||= begin
                   module_names = enabled_modules.pluck(:name)
                   Redmine::AccessControl.modules_permissions(module_names).collect {|p| p.name}
                 end
               end
               def allowed_actions
                 @actions_allowed ||= allowed_permissions.inject([]) { |actions, permission| actions += Redmine::AccessControl.allowed_actions(permission) }.flatten
               end
               # Returns all the active Systemwide and project specific activities
               def active_activities
                 overridden_activity_ids = self.time_entry_activities.collect(&:parent_id)
                 if overridden_activity_ids.empty?
                   return TimeEntryActivity.shared.active
                 else
                   return system_activities_and_project_overrides
                 end
               end
               # Returns all the Systemwide and project specific activities
               # (inactive and active)
               def all_activities
                 overridden_activity_ids = self.time_entry_activities.collect(&:parent_id)
                 if overridden_activity_ids.empty?
                   return TimeEntryActivity.shared
                 else
                   return system_activities_and_project_overrides(true)
                 end
               end
               # Returns the systemwide active activities merged with the project specific overrides
               def system_activities_and_project_overrides(include_inactive=false)
                 if include_inactive
                   return TimeEntryActivity.shared.
                     where("id NOT IN (?)", self.time_entry_activities.collect(&:parent_id)).all +
                     self.time_entry_activities
                 else
                   return TimeEntryActivity.shared.active.
                     where("id NOT IN (?)", self.time_entry_activities.collect(&:parent_id)).all +
                     self.time_entry_activities.active
                 end
               end
               # Archives subprojects recursively
               def archive!
                 children.each do |subproject|
                   subproject.send :archive!
                 end
                 update_attribute :status, STATUS_ARCHIVED
               end
               def update_position_under_parent
                 set_or_update_position_under(parent)
               end
               # Inserts/moves the project so that target's children or root projects stay alphabetically sorted
               def set_or_update_position_under(target_parent)
                 parent_was = parent
                 sibs = (target_parent.nil? ? self.class.roots : target_parent.children)
                 to_be_inserted_before = sibs.sort_by {|c| c.name.to_s.downcase}.detect {|c| c.name.to_s.downcase > name.to_s.downcase }
                 if to_be_inserted_before
                   move_to_left_of(to_be_inserted_before)
                 elsif target_parent.nil?
                   if sibs.empty?
                     # move_to_root adds the project in first (ie. left) position
                     move_to_root
                   else
                     move_to_right_of(sibs.last) unless self == sibs.last
                   end
                 else
                   # move_to_child_of adds the project in last (ie.right) position
                   move_to_child_of(target_parent)
                 end
                 if parent_was != target_parent
                   after_parent_changed(parent_was)
                 end
               end
             end

app/models/user.rb +11 -4

             # Redmine - project management software
             # Copyright (C) 2006-2013  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             require "digest/sha1"
             class User < Principal
               include Redmine::SafeAttributes
               # Different ways of displaying/sorting users
               USER_FORMATS = {
                 :firstname_lastname => {
                     :string => '#{firstname} #{lastname}',
                     :order => %w(firstname lastname id),
                     :setting_order => 1
                   },
                 :firstname_lastinitial => {
                     :string => '#{firstname} #{lastname.to_s.chars.first}.',
                     :order => %w(firstname lastname id),
                     :setting_order => 2
                   },
                 :firstname => {
                     :string => '#{firstname}',
                     :order => %w(firstname id),
                     :setting_order => 3
                   },
                 :lastname_firstname => {
                     :string => '#{lastname} #{firstname}',
                     :order => %w(lastname firstname id),
                     :setting_order => 4
                   },
                 :lastname_coma_firstname => {
                     :string => '#{lastname}, #{firstname}',
                     :order => %w(lastname firstname id),
                     :setting_order => 5
                   },
                 :lastname => {
                     :string => '#{lastname}',
                     :order => %w(lastname id),
                     :setting_order => 6
                   },
                 :username => {
                     :string => '#{login}',
                     :order => %w(login id),
                     :setting_order => 7
                   },
               }
               MAIL_NOTIFICATION_OPTIONS = [
                 ['all', :label_user_mail_option_all],
                 ['selected', :label_user_mail_option_selected],
                 ['only_my_events', :label_user_mail_option_only_my_events],
                 ['only_assigned', :label_user_mail_option_only_assigned],
                 ['only_owner', :label_user_mail_option_only_owner],
                 ['none', :label_user_mail_option_none]
               ]
               has_and_belongs_to_many :groups, :after_add => Proc.new {|user, group| group.user_added(user)},
                                                :after_remove => Proc.new {|user, group| group.user_removed(user)}
               has_many :changesets, :dependent => :nullify
               has_one :preference, :dependent => :destroy, :class_name => 'UserPreference'
               has_one :rss_token, :class_name => 'Token', :conditions => "action='feeds'"
               has_one :api_token, :class_name => 'Token', :conditions => "action='api'"
               belongs_to :auth_source
               scope :logged, lambda { where("#{User.table_name}.status <> #{STATUS_ANONYMOUS}") }
               scope :status, lambda {|arg| where(arg.blank? ? nil : {:status => arg.to_i}) }
               acts_as_customizable
               attr_accessor :password, :password_confirmation, :generate_password
               attr_accessor :last_before_login_on
               # Prevents unauthorized assignments
               attr_protected :login, :admin, :password, :password_confirmation, :hashed_password
               LOGIN_LENGTH_LIMIT = 60
               MAIL_LENGTH_LIMIT = 60
               validates_presence_of :login, :firstname, :lastname, :mail, :if => Proc.new { |user| !user.is_a?(AnonymousUser) }
               validates_uniqueness_of :login, :if => Proc.new { |user| user.login_changed? && user.login.present? }, :case_sensitive => false
               validates_uniqueness_of :mail, :if => Proc.new { |user| user.mail_changed? && user.mail.present? }, :case_sensitive => false
               # Login must contain letters, numbers, underscores only
               validates_format_of :login, :with => /\A[a-z0-9_\-@\.]*\z/i
               validates_length_of :login, :maximum => LOGIN_LENGTH_LIMIT
               validates_length_of :firstname, :lastname, :maximum => 30
               validates_format_of :mail, :with => /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\z/i, :allow_blank => true
               validates_length_of :mail, :maximum => MAIL_LENGTH_LIMIT, :allow_nil => true
               validates_confirmation_of :password, :allow_nil => true
               validates_inclusion_of :mail_notification, :in => MAIL_NOTIFICATION_OPTIONS.collect(&:first), :allow_blank => true
               validate :validate_password_length
               before_create :set_mail_notification
               before_save   :generate_password_if_needed, :update_hashed_password
               before_destroy :remove_references_before_destroy
               after_save :update_notified_project_ids
               scope :in_group, lambda {|group|
                 group_id = group.is_a?(Group) ? group.id : group.to_i
                 where("#{User.table_name}.id IN (SELECT gu.user_id FROM #{table_name_prefix}groups_users#{table_name_suffix} gu WHERE gu.group_id = ?)", group_id)
               }
               scope :not_in_group, lambda {|group|
                 group_id = group.is_a?(Group) ? group.id : group.to_i
                 where("#{User.table_name}.id NOT IN (SELECT gu.user_id FROM #{table_name_prefix}groups_users#{table_name_suffix} gu WHERE gu.group_id = ?)", group_id)
               }
               scope :sorted, lambda { order(*User.fields_for_order_statement)}
               def set_mail_notification
                 self.mail_notification = Setting.default_notification_option if self.mail_notification.blank?
                 true
               end
               def update_hashed_password
                 # update hashed_password if password was set
                 if self.password && self.auth_source_id.blank?
                   salt_password(password)
                 end
               end
               alias :base_reload :reload
               def reload(*args)
                 @name = nil
                 @projects_by_role = nil
                 @membership_by_project_id = nil
                 @notified_projects_ids = nil
                 @notified_projects_ids_changed = false
                 base_reload(*args)
               end
               def mail=(arg)
                 write_attribute(:mail, arg.to_s.strip)
               end
               def identity_url=(url)
                 if url.blank?
                   write_attribute(:identity_url, '')
                 else
                   begin
                     write_attribute(:identity_url, OpenIdAuthentication.normalize_identifier(url))
                   rescue OpenIdAuthentication::InvalidOpenId
                     # Invalid url, don't save
                   end
                 end
                 self.read_attribute(:identity_url)
               end
               # Returns the user that matches provided login and password, or nil
               def self.try_to_login(login, password, active_only=true)
                 login = login.to_s
                 password = password.to_s
                 # Make sure no one can sign in with an empty login or password
                 return nil if login.empty? || password.empty?
                 user = find_by_login(login)
                 if user
                   # user is already in local database
                   return nil unless user.check_password?(password)
                   return nil if !user.active? && active_only
                 else
                   # user is not yet registered, try to authenticate with available sources
                   attrs = AuthSource.authenticate(login, password)
                   if attrs
                     user = new(attrs)
                     user.login = login
                     user.language = Setting.default_language
                     if user.save
                       user.reload
                       logger.info("User '#{user.login}' created from external auth source: #{user.auth_source.type} - #{user.auth_source.name}") if logger && user.auth_source
                     end
                   end
                 end
                 user.update_column(:last_login_on, Time.now) if user && !user.new_record? && user.active?
                 user
               rescue => text
                 raise text
               end
               # Returns the user who matches the given autologin +key+ or nil
               def self.try_to_autologin(key)
                 user = Token.find_active_user('autologin', key, Setting.autologin.to_i)
                 if user
                   user.update_column(:last_login_on, Time.now)
                   user
                 end
               end
               def self.name_formatter(formatter = nil)
                 USER_FORMATS[formatter || Setting.user_format] || USER_FORMATS[:firstname_lastname]
               end
               # Returns an array of fields names than can be used to make an order statement for users
               # according to how user names are displayed
               # Examples:
               #
               #   User.fields_for_order_statement              => ['users.login', 'users.id']
               #   User.fields_for_order_statement('authors')   => ['authors.login', 'authors.id']
               def self.fields_for_order_statement(table=nil)
                 table ||= table_name
                 name_formatter[:order].map {|field| "#{table}.#{field}"}
               end
               # Return user's full name for display
               def name(formatter = nil)
                 f = self.class.name_formatter(formatter)
                 if formatter
                   eval('"' + f[:string] + '"')
                 else
                   @name ||= eval('"' + f[:string] + '"')
                 end
               end
               def active?
                 self.status == STATUS_ACTIVE
               end
               def registered?
                 self.status == STATUS_REGISTERED
               end
               def locked?
                 self.status == STATUS_LOCKED
               end
               def activate
                 self.status = STATUS_ACTIVE
               end
               def register
                 self.status = STATUS_REGISTERED
               end
               def lock
                 self.status = STATUS_LOCKED
               end
               def activate!
                 update_attribute(:status, STATUS_ACTIVE)
               end
               def register!
                 update_attribute(:status, STATUS_REGISTERED)
               end
               def lock!
                 update_attribute(:status, STATUS_LOCKED)
               end
               # Returns true if +clear_password+ is the correct user's password, otherwise false
               def check_password?(clear_password)
                 if auth_source_id.present?
                   auth_source.authenticate(self.login, clear_password)
                 else
                   User.hash_password("#{salt}#{User.hash_password clear_password}") == hashed_password
                 end
               end
               # Generates a random salt and computes hashed_password for +clear_password+
               # The hashed password is stored in the following form: SHA1(salt + SHA1(password))
               def salt_password(clear_password)
                 self.salt = User.generate_salt
                 self.hashed_password = User.hash_password("#{salt}#{User.hash_password clear_password}")
               end
               # Does the backend storage allow this user to change their password?
               def change_password_allowed?
                 return true if auth_source.nil?
                 return auth_source.allow_password_changes?
               end
               def generate_password?
                 generate_password == '1' || generate_password == true
               end
               # Generate and set a random password on given length
               def random_password(length=40)
                 chars = ("a".."z").to_a + ("A".."Z").to_a + ("0".."9").to_a
                 chars -= %w(0 O 1 l)
                 password = ''
                 length.times {|i| password << chars[SecureRandom.random_number(chars.size)] }
                 self.password = password
                 self.password_confirmation = password
                 self
               end
               def pref
                 self.preference ||= UserPreference.new(:user => self)
               end
               def time_zone
                 @time_zone ||= (self.pref.time_zone.blank? ? nil : ActiveSupport::TimeZone[self.pref.time_zone])
               end
               def wants_comments_in_reverse_order?
                 self.pref[:comments_sorting] == 'desc'
               end
               # Return user's RSS key (a 40 chars long string), used to access feeds
               def rss_key
                 if rss_token.nil?
                   create_rss_token(:action => 'feeds')
                 end
                 rss_token.value
               end
               # Return user's API key (a 40 chars long string), used to access the API
               def api_key
                 if api_token.nil?
                   create_api_token(:action => 'api')
                 end
                 api_token.value
               end
               # Return an array of project ids for which the user has explicitly turned mail notifications on
               def notified_projects_ids
                 @notified_projects_ids ||= memberships.select {|m| m.mail_notification?}.collect(&:project_id)
               end
               def notified_project_ids=(ids)
                 @notified_projects_ids_changed = true
                 @notified_projects_ids = ids
               end
               # Updates per project notifications (after_save callback)
               def update_notified_project_ids
                 if @notified_projects_ids_changed
                   ids = (mail_notification == 'selected' ? Array.wrap(notified_projects_ids).reject(&:blank?) : [])
                   members.update_all(:mail_notification => false)
                   members.where(:project_id => ids).update_all(:mail_notification => true) if ids.any?
                 end
               end
               private :update_notified_project_ids
               def valid_notification_options
                 self.class.valid_notification_options(self)
               end
               # Only users that belong to more than 1 project can select projects for which they are notified
               def self.valid_notification_options(user=nil)
                 # Note that @user.membership.size would fail since AR ignores
                 # :include association option when doing a count
                 if user.nil? || user.memberships.length < 1
                   MAIL_NOTIFICATION_OPTIONS.reject {|option| option.first == 'selected'}
                 else
                   MAIL_NOTIFICATION_OPTIONS
                 end
               end
               # Find a user account by matching the exact login and then a case-insensitive
               # version.  Exact matches will be given priority.
               def self.find_by_login(login)
                 if login.present?
                   login = login.to_s
                   # First look for an exact match
                   user = where(:login => login).all.detect {|u| u.login == login}
                   unless user
                     # Fail over to case-insensitive if none was found
                     user = where("LOWER(login) = ?", login.downcase).first
                   end
                   user
                 end
               end
               def self.find_by_rss_key(key)
                 Token.find_active_user('feeds', key)
               end
               def self.find_by_api_key(key)
                 Token.find_active_user('api', key)
               end
               # Makes find_by_mail case-insensitive
               def self.find_by_mail(mail)
                 where("LOWER(mail) = ?", mail.to_s.downcase).first
               end
               # Returns true if the default admin account can no longer be used
               def self.default_admin_account_changed?
                 !User.active.find_by_login("admin").try(:check_password?, "admin")
               end
               def to_s
                 name
               end
               CSS_CLASS_BY_STATUS = {
                 STATUS_ANONYMOUS  => 'anon',
                 STATUS_ACTIVE     => 'active',
                 STATUS_REGISTERED => 'registered',
                 STATUS_LOCKED     => 'locked'
               }
               def css_classes
                 "user #{CSS_CLASS_BY_STATUS[status]}"
               end
               # Returns the current day according to user's time zone
               def today
                 if time_zone.nil?
                   Date.today
                 else
                   Time.now.in_time_zone(time_zone).to_date
                 end
               end
               # Returns the day of +time+ according to user's time zone
               def time_to_date(time)
                 if time_zone.nil?
                   time.to_date
                 else
                   time.in_time_zone(time_zone).to_date
                 end
               end
               def logged?
                 true
               end
               def anonymous?
                 !logged?
               end
               # Returns user's membership for the given project
               # or nil if the user is not a member of project
               def membership(project)
                 project_id = project.is_a?(Project) ? project.id : project
                 @membership_by_project_id ||= Hash.new {|h, project_id|
                   h[project_id] = memberships.where(:project_id => project_id).first
                 }
                 @membership_by_project_id[project_id]
               end
+              # Returns the user's bult-in role
+              def builtin_role
+                if logged?
+                  @role_non_member ||= Role.non_member
+                else
+                  @role_anonymous ||= Role.anonymous
+                end
+              end
               # Return user's roles for project
               def roles_for_project(project)
                 roles = []
                 # No role on archived projects
                 return roles if project.nil? || project.archived?
                 if logged?
                   # Find project membership
                   membership = membership(project)
                   if membership
                     roles = membership.roles
                   else
-                    @role_non_member ||= Role.non_member
+                    roles << builtin_role
-                    roles << @role_non_member
                   end
                 else
-                  @role_anonymous ||= Role.anonymous
+                  roles << builtin_role
-                  roles << @role_anonymous
                 end
                 roles
               end
               # Return true if the user is a member of project
               def member_of?(project)
                 projects.to_a.include?(project)
               end
               # Returns a hash of user's projects grouped by roles
               def projects_by_role
                 return @projects_by_role if @projects_by_role
                 @projects_by_role = Hash.new([])
                 memberships.each do |membership|
                   if membership.project
                     membership.roles.each do |role|
                       @projects_by_role[role] = [] unless @projects_by_role.key?(role)
                       @projects_by_role[role] << membership.project
                     end
                   end
                 end
                 @projects_by_role.each do |role, projects|
                   projects.uniq!
                 end
                 @projects_by_role
               end
               # Returns true if user is arg or belongs to arg
               def is_or_belongs_to?(arg)
                 if arg.is_a?(User)
                   self == arg
                 elsif arg.is_a?(Group)
                   arg.users.include?(self)
                 else
                   false
                 end
               end
               # Return true if the user is allowed to do the specified action on a specific context
               # Action can be:
               # * a parameter-like Hash (eg. :controller => 'projects', :action => 'edit')
               # * a permission Symbol (eg. :edit_project)
               # Context can be:
               # * a project : returns true if user is allowed to do the specified action on this project
               # * an array of projects : returns true if user is allowed on every project
               # * nil with options[:global] set : check if user has at least one role allowed for this action,
               #   or falls back to Non Member / Anonymous permissions depending if the user is logged
               def allowed_to?(action, context, options={}, &block)
                 if context && context.is_a?(Project)
                   return false unless context.allows_to?(action)
                   # Admin users are authorized for anything else
                   return true if admin?
                   roles = roles_for_project(context)
                   return false unless roles
                   roles.any? {|role|
                     (context.is_public? || role.member?) &&
                     role.allowed_to?(action) &&
                     (block_given? ? yield(role, self) : true)
                   }
                 elsif context && context.is_a?(Array)
                   if context.empty?
                     false
                   else
                     # Authorize if user is authorized on every element of the array
                     context.map {|project| allowed_to?(action, project, options, &block)}.reduce(:&)
                   end
                 elsif options[:global]
                   # Admin users are always authorized
                   return true if admin?
                   # authorize if user has at least one role that has this permission
                   roles = memberships.collect {|m| m.roles}.flatten.uniq
                   roles << (self.logged? ? Role.non_member : Role.anonymous)
                   roles.any? {|role|
                     role.allowed_to?(action) &&
                     (block_given? ? yield(role, self) : true)
                   }
                 else
                   false
                 end
               end
               # Is the user allowed to do the specified action on any project?
               # See allowed_to? for the actions and valid options.
               def allowed_to_globally?(action, options, &block)
                 allowed_to?(action, nil, options.reverse_merge(:global => true), &block)
               end
               # Returns true if the user is allowed to delete his own account
               def own_account_deletable?
                 Setting.unsubscribe? &&
                   (!admin? || User.active.where("admin = ? AND id <> ?", true, id).exists?)
               end
               safe_attributes 'login',
                 'firstname',
                 'lastname',
                 'mail',
                 'mail_notification',
                 'notified_project_ids',
                 'language',
                 'custom_field_values',
                 'custom_fields',
                 'identity_url'
               safe_attributes 'status',
                 'auth_source_id',
                 'generate_password',
                 :if => lambda {|user, current_user| current_user.admin?}
               safe_attributes 'group_ids',
                 :if => lambda {|user, current_user| current_user.admin? && !user.new_record?}
               # Utility method to help check if a user should be notified about an
               # event.
               #
               # TODO: only supports Issue events currently
               def notify_about?(object)
                 if mail_notification == 'all'
                   true
                 elsif mail_notification.blank? || mail_notification == 'none'
                   false
                 else
                   case object
                   when Issue
                     case mail_notification
                     when 'selected', 'only_my_events'
                       # user receives notifications for created/assigned issues on unselected projects
                       object.author == self || is_or_belongs_to?(object.assigned_to) || is_or_belongs_to?(object.assigned_to_was)
                     when 'only_assigned'
                       is_or_belongs_to?(object.assigned_to) || is_or_belongs_to?(object.assigned_to_was)
                     when 'only_owner'
                       object.author == self
                     end
                   when News
                     # always send to project members except when mail_notification is set to 'none'
                     true
                   end
                 end
               end
               def self.current=(user)
                 Thread.current[:current_user] = user
               end
               def self.current
                 Thread.current[:current_user] ||= User.anonymous
               end
               # Returns the anonymous user.  If the anonymous user does not exist, it is created.  There can be only
               # one anonymous user per database.
               def self.anonymous
                 anonymous_user = AnonymousUser.first
                 if anonymous_user.nil?
                   anonymous_user = AnonymousUser.create(:lastname => 'Anonymous', :firstname => '', :mail => '', :login => '', :status => 0)
                   raise 'Unable to create the anonymous user.' if anonymous_user.new_record?
                 end
                 anonymous_user
               end
               # Salts all existing unsalted passwords
               # It changes password storage scheme from SHA1(password) to SHA1(salt + SHA1(password))
               # This method is used in the SaltPasswords migration and is to be kept as is
               def self.salt_unsalted_passwords!
                 transaction do
                   User.where("salt IS NULL OR salt = ''").find_each do |user|
                     next if user.hashed_password.blank?
                     salt = User.generate_salt
                     hashed_password = User.hash_password("#{salt}#{user.hashed_password}")
                     User.where(:id => user.id).update_all(:salt => salt, :hashed_password => hashed_password)
                   end
                 end
               end
               protected
               def validate_password_length
                 return if password.blank? && generate_password?
                 # Password length validation based on setting
                 if !password.nil? && password.size < Setting.password_min_length.to_i
                   errors.add(:password, :too_short, :count => Setting.password_min_length.to_i)
                 end
               end
               private
               def generate_password_if_needed
                 if generate_password? && auth_source.nil?
                   length = [Setting.password_min_length.to_i + 2, 10].max
                   random_password(length)
                 end
               end
               # Removes references that are not handled by associations
               # Things that are not deleted are reassociated with the anonymous user
               def remove_references_before_destroy
                 return if self.id.nil?
                 substitute = User.anonymous
                 Attachment.update_all ['author_id = ?', substitute.id], ['author_id = ?', id]
                 Comment.update_all ['author_id = ?', substitute.id], ['author_id = ?', id]
                 Issue.update_all ['author_id = ?', substitute.id], ['author_id = ?', id]
                 Issue.update_all 'assigned_to_id = NULL', ['assigned_to_id = ?', id]
                 Journal.update_all ['user_id = ?', substitute.id], ['user_id = ?', id]
                 JournalDetail.update_all ['old_value = ?', substitute.id.to_s], ["property = 'attr' AND prop_key = 'assigned_to_id' AND old_value = ?", id.to_s]
                 JournalDetail.update_all ['value = ?', substitute.id.to_s], ["property = 'attr' AND prop_key = 'assigned_to_id' AND value = ?", id.to_s]
                 Message.update_all ['author_id = ?', substitute.id], ['author_id = ?', id]
                 News.update_all ['author_id = ?', substitute.id], ['author_id = ?', id]
                 # Remove private queries and keep public ones
                 ::Query.delete_all ['user_id = ? AND is_public = ?', id, false]
                 ::Query.update_all ['user_id = ?', substitute.id], ['user_id = ?', id]
                 TimeEntry.update_all ['user_id = ?', substitute.id], ['user_id = ?', id]
                 Token.delete_all ['user_id = ?', id]
                 Watcher.delete_all ['user_id = ?', id]
                 WikiContent.update_all ['author_id = ?', substitute.id], ['author_id = ?', id]
                 WikiContent::Version.update_all ['author_id = ?', substitute.id], ['author_id = ?', id]
               end
               # Return password digest
               def self.hash_password(clear_password)
                 Digest::SHA1.hexdigest(clear_password || "")
               end
               # Returns a 128bits random salt as a hex string (32 chars long)
               def self.generate_salt
                 Redmine::Utils.random_hex(16)
               end
             end
             class AnonymousUser < User
               validate :validate_anonymous_uniqueness, :on => :create
               def validate_anonymous_uniqueness
                 # There should be only one AnonymousUser in the database
                 errors.add :base, 'An anonymous user already exists.' if AnonymousUser.exists?
               end
               def available_custom_fields
                 []
               end
               # Overrides a few properties
               def logged?; false end
               def admin; false end
               def name(*args); I18n.t(:label_user_anonymous) end
               def mail; nil end
               def time_zone; nil end
               def rss_key; nil end
               def pref
                 UserPreference.new(:user => self)
               end
               def member_of?(project)
                 false
               end
               # Anonymous user can not be destroyed
               def destroy
                 false
               end
             end

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages