manuelcillero/suitepro
manuelcillero/suitepro
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Redmine 3.4.4

Browse source
This commit is contained in:
Manuel Cillero 2018-02-02 22:19:29 +01:00
commit 64924a6376
2112 changed files with 259028 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

375
app/controllers/account_controller.rb Normal file
View file

@ -0,0 +1,375 @@
# Redmine - project management software
# Copyright (C) 2006-2017 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class AccountController < ApplicationController
helper :custom_fields
include CustomFieldsHelper
self.main_menu = false
# prevents login action to be filtered by check_if_login_required application scope filter
skip_before_action :check_if_login_required, :check_password_change
# Overrides ApplicationController#verify_authenticity_token to disable
# token verification on openid callbacks
def verify_authenticity_token
unless using_open_id?
super
end
end
# Login request and validation
def login
if request.post?
authenticate_user
else
if User.current.logged?
redirect_back_or_default home_url, :referer => true
end
end
rescue AuthSourceException => e
logger.error "An error occurred when authenticating #{params[:username]}: #{e.message}"
render_error :message => e.message
end
# Log out current user and redirect to welcome page
def logout
if User.current.anonymous?
redirect_to home_url
elsif request.post?
logout_user
redirect_to home_url
end
# display the logout form
end
# Lets user choose a new password
def lost_password
(redirect_to(home_url); return) unless Setting.lost_password?
if prt = (params[:token] || session[:password_recovery_token])
@token = Token.find_token("recovery", prt.to_s)
if @token.nil? || @token.expired?
redirect_to home_url
return
end
# redirect to remove the token query parameter from the URL and add it to the session
if request.query_parameters[:token].present?
session[:password_recovery_token] = @token.value
redirect_to lost_password_url
return
end
@user = @token.user
unless @user && @user.active?
redirect_to home_url
return
end
if request.post?
if @user.must_change_passwd? && @user.check_password?(params[:new_password])
flash.now[:error] = l(:notice_new_password_must_be_different)
else
@user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation]
@user.must_change_passwd = false
if @user.save
@token.destroy
Mailer.password_updated(@user)
flash[:notice] = l(:notice_account_password_updated)
redirect_to signin_path
return
end
end
end
render :template => "account/password_recovery"
return
else
if request.post?
email = params[:mail].to_s.strip
user = User.find_by_mail(email)
# user not found
unless user
flash.now[:error] = l(:notice_account_unknown_email)
return
end
unless user.active?
handle_inactive_user(user, lost_password_path)
return
end
# user cannot change its password
unless user.change_password_allowed?
flash.now[:error] = l(:notice_can_t_change_password)
return
end
# create a new token for password recovery
token = Token.new(:user => user, :action => "recovery")
if token.save
# Don't use the param to send the email
recipent = user.mails.detect {|e| email.casecmp(e) == 0} || user.mail
Mailer.lost_password(token, recipent).deliver
flash[:notice] = l(:notice_account_lost_email_sent)
redirect_to signin_path
return
end
end
end
end
# User self-registration
def register
(redirect_to(home_url); return) unless Setting.self_registration? || session[:auth_source_registration]
if !request.post?
session[:auth_source_registration] = nil
@user = User.new(:language => current_language.to_s)
else
user_params = params[:user] || {}
@user = User.new
@user.safe_attributes = user_params
@user.pref.safe_attributes = params[:pref]
@user.admin = false
@user.register
if session[:auth_source_registration]
@user.activate
@user.login = session[:auth_source_registration][:login]
@user.auth_source_id = session[:auth_source_registration][:auth_source_id]
if @user.save
session[:auth_source_registration] = nil
self.logged_user = @user
flash[:notice] = l(:notice_account_activated)
redirect_to my_account_path
end
else
unless user_params[:identity_url].present? && user_params[:password].blank? && user_params[:password_confirmation].blank?
@user.password, @user.password_confirmation = user_params[:password], user_params[:password_confirmation]
end
case Setting.self_registration
when '1'
register_by_email_activation(@user)
when '3'
register_automatically(@user)
else
register_manually_by_administrator(@user)
end
end
end
end
# Token based account activation
def activate
(redirect_to(home_url); return) unless Setting.self_registration? && params[:token].present?
token = Token.find_token('register', params[:token].to_s)
(redirect_to(home_url); return) unless token and !token.expired?
user = token.user
(redirect_to(home_url); return) unless user.registered?
user.activate
if user.save
token.destroy
flash[:notice] = l(:notice_account_activated)
end
redirect_to signin_path
end
# Sends a new account activation email
def activation_email
if session[:registered_user_id] && Setting.self_registration == '1'
user_id = session.delete(:registered_user_id).to_i
user = User.find_by_id(user_id)
if user && user.registered?
register_by_email_activation(user)
return
end
end
redirect_to(home_url)
end
private
def authenticate_user
if Setting.openid? && using_open_id?
open_id_authenticate(params[:openid_url])
else
password_authentication
end
end
def password_authentication
user = User.try_to_login(params[:username], params[:password], false)
if user.nil?
invalid_credentials
elsif user.new_record?
onthefly_creation_failed(user, {:login => user.login, :auth_source_id => user.auth_source_id })
else
# Valid user
if user.active?
successful_authentication(user)
update_sudo_timestamp! # activate Sudo Mode
else
handle_inactive_user(user)
end
end
end
def open_id_authenticate(openid_url)
back_url = signin_url(:autologin => params[:autologin])
authenticate_with_open_id(
openid_url, :required => [:nickname, :fullname, :email],
:return_to => back_url, :method => :post
) do |result, identity_url, registration|
if result.successful?
user = User.find_or_initialize_by_identity_url(identity_url)
if user.new_record?
# Self-registration off
(redirect_to(home_url); return) unless Setting.self_registration?
# Create on the fly
user.login = registration['nickname'] unless registration['nickname'].nil?
user.mail = registration['email'] unless registration['email'].nil?
user.firstname, user.lastname = registration['fullname'].split(' ') unless registration['fullname'].nil?
user.random_password
user.register
case Setting.self_registration
when '1'
register_by_email_activation(user) do
onthefly_creation_failed(user)
end
when '3'
register_automatically(user) do
onthefly_creation_failed(user)
end
else
register_manually_by_administrator(user) do
onthefly_creation_failed(user)
end
end
else
# Existing record
if user.active?
successful_authentication(user)
else
handle_inactive_user(user)
end
end
end
end
end
def successful_authentication(user)
logger.info "Successful authentication for '#{user.login}' from #{request.remote_ip} at #{Time.now.utc}"
# Valid user
self.logged_user = user
# generate a key and set cookie if autologin
if params[:autologin] && Setting.autologin?
set_autologin_cookie(user)
end
call_hook(:controller_account_success_authentication_after, {:user => user })
redirect_back_or_default my_page_path
end
def set_autologin_cookie(user)
token = user.generate_autologin_token
secure = Redmine::Configuration['autologin_cookie_secure']
if secure.nil?
secure = request.ssl?
end
cookie_options = {
:value => token,
:expires => 1.year.from_now,
:path => (Redmine::Configuration['autologin_cookie_path'] || RedmineApp::Application.config.relative_url_root || '/'),
:secure => secure,
:httponly => true
}
cookies[autologin_cookie_name] = cookie_options
end
# Onthefly creation failed, display the registration form to fill/fix attributes
def onthefly_creation_failed(user, auth_source_options = { })
@user = user
session[:auth_source_registration] = auth_source_options unless auth_source_options.empty?
render :action => 'register'
end
def invalid_credentials
logger.warn "Failed login for '#{params[:username]}' from #{request.remote_ip} at #{Time.now.utc}"
flash.now[:error] = l(:notice_account_invalid_credentials)
end
# Register a user for email activation.
#
# Pass a block for behavior when a user fails to save
def register_by_email_activation(user, &block)
token = Token.new(:user => user, :action => "register")
if user.save and token.save
Mailer.register(token).deliver
flash[:notice] = l(:notice_account_register_done, :email => ERB::Util.h(user.mail))
redirect_to signin_path
else
yield if block_given?
end
end
# Automatically register a user
#
# Pass a block for behavior when a user fails to save
def register_automatically(user, &block)
# Automatic activation
user.activate
user.last_login_on = Time.now
if user.save
self.logged_user = user
flash[:notice] = l(:notice_account_activated)
redirect_to my_account_path
else
yield if block_given?
end
end
# Manual activation by the administrator
#
# Pass a block for behavior when a user fails to save
def register_manually_by_administrator(user, &block)
if user.save
# Sends an email to the administrators
Mailer.account_activation_request(user).deliver
account_pending(user)
else
yield if block_given?
end
end
def handle_inactive_user(user, redirect_path=signin_path)
if user.registered?
account_pending(user, redirect_path)
else
account_locked(user, redirect_path)
end
end
def account_pending(user, redirect_path=signin_path)
if Setting.self_registration == '1'
flash[:error] = l(:notice_account_not_activated_yet, :url => activation_email_path)
session[:registered_user_id] = user.id
else
flash[:error] = l(:notice_account_pending)
end
redirect_to redirect_path
end
def account_locked(user, redirect_path=signin_path)
flash[:error] = l(:notice_account_locked)
redirect_to redirect_path
end
end

90
app/controllers/activities_controller.rb Normal file
View file

@ -0,0 +1,90 @@
# Redmine - project management software
# Copyright (C) 2006-2017 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class ActivitiesController < ApplicationController
menu_item :activity
before_action :find_optional_project
accept_rss_auth :index
def index
@days = Setting.activity_days_default.to_i
if params[:from]
begin; @date_to = params[:from].to_date + 1; rescue; end
end
@date_to ||= User.current.today + 1
@date_from = @date_to - @days
@with_subprojects = params[:with_subprojects].nil? ? Setting.display_subprojects_issues? : (params[:with_subprojects] == '1')
if params[:user_id].present?
@author = User.active.find(params[:user_id])
end
@activity = Redmine::Activity::Fetcher.new(User.current, :project => @project,
:with_subprojects => @with_subprojects,
:author => @author)
pref = User.current.pref
@activity.scope_select {|t| !params["show_#{t}"].nil?}
if @activity.scope.present?
if params[:submit].present?
pref.activity_scope = @activity.scope
pref.save
end
else
if @author.nil?
scope = pref.activity_scope & @activity.event_types
@activity.scope = scope.present? ? scope : :default
else
@activity.scope = :all
end
end
events = @activity.events(@date_from, @date_to)
if events.empty? || stale?(:etag => [@activity.scope, @date_to, @date_from, @with_subprojects, @author, events.first, events.size, User.current, current_language])
respond_to do |format|
format.html {
@events_by_day = events.group_by {|event| User.current.time_to_date(event.event_datetime)}
render :layout => false if request.xhr?
}
format.atom {
title = l(:label_activity)
if @author
title = @author.name
elsif @activity.scope.size == 1
title = l("label_#{@activity.scope.first.singularize}_plural")
end
render_feed(events, :title => "#{@project || Setting.app_title}: #{title}")
}
end
end
rescue ActiveRecord::RecordNotFound
render_404
end
private
# TODO: refactor, duplicated in projects_controller
def find_optional_project
return true unless params[:id]
@project = Project.find(params[:id])
authorize
rescue ActiveRecord::RecordNotFound
render_404
end
end

85
app/controllers/admin_controller.rb Normal file
View file

@ -0,0 +1,85 @@
# Redmine - project management software
# Copyright (C) 2006-2017 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class AdminController < ApplicationController
layout 'admin'
self.main_menu = false
menu_item :projects, :only => :projects
menu_item :plugins, :only => :plugins
menu_item :info, :only => :info
before_action :require_admin
def index
@no_configuration_data = Redmine::DefaultData::Loader::no_data?
end
def projects
@status = params[:status] || 1
scope = Project.status(@status).sorted
scope = scope.like(params[:name]) if params[:name].present?
@project_count = scope.count
@project_pages = Paginator.new @project_count, per_page_option, params['page']
@projects = scope.limit(@project_pages.per_page).offset(@project_pages.offset).to_a
render :action => "projects", :layout => false if request.xhr?
end
def plugins
@plugins = Redmine::Plugin.all
end
# Loads the default configuration
# (roles, trackers, statuses, workflow, enumerations)
def default_configuration
if request.post?
begin
Redmine::DefaultData::Loader::load(params[:lang])
flash[:notice] = l(:notice_default_data_loaded)
rescue Exception => e
flash[:error] = l(:error_can_t_load_default_data, ERB::Util.h(e.message))
end
end
redirect_to admin_path
end
def test_email
raise_delivery_errors = ActionMailer::Base.raise_delivery_errors
# Force ActionMailer to raise delivery errors so we can catch it
ActionMailer::Base.raise_delivery_errors = true
begin
@test = Mailer.test_email(User.current).deliver
flash[:notice] = l(:notice_email_sent, ERB::Util.h(User.current.mail))
rescue Exception => e
flash[:error] = l(:notice_email_error, ERB::Util.h(Redmine::CodesetUtil.replace_invalid_utf8(e.message.dup)))
end
ActionMailer::Base.raise_delivery_errors = raise_delivery_errors
redirect_to settings_path(:tab => 'notifications')
end
def info
@checklist = [
[:text_default_administrator_account_changed, User.default_admin_account_changed?],
[:text_file_repository_writable, File.writable?(Attachment.storage_path)],
["#{l :text_plugin_assets_writable} (./public/plugin_assets)", File.writable?(Redmine::Plugin.public_directory)],
[:text_rmagick_available, Object.const_defined?(:Magick)],
[:text_convert_available, Redmine::Thumbnail.convert_available?]
]
end
end

679
app/controllers/application_controller.rb Normal file
View file

@ -0,0 +1,679 @@
# Redmine - project management software
# Copyright (C) 2006-2017 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
require 'uri'
require 'cgi'
class Unauthorized < Exception; end
class ApplicationController < ActionController::Base
include Redmine::I18n
include Redmine::Pagination
include Redmine::Hook::Helper
include RoutesHelper
helper :routes
class_attribute :accept_api_auth_actions
class_attribute :accept_rss_auth_actions
class_attribute :model_object
layout 'base'
protect_from_forgery
def verify_authenticity_token
unless api_request?
super
end
end
def handle_unverified_request
unless api_request?
super
cookies.delete(autologin_cookie_name)
self.logged_user = nil
set_localization
render_error :status => 422, :message => "Invalid form authenticity token."
end
end
before_action :session_expiration, :user_setup, :check_if_login_required, :set_localization, :check_password_change
rescue_from ::Unauthorized, :with => :deny_access
rescue_from ::ActionView::MissingTemplate, :with => :missing_template
include Redmine::Search::Controller
include Redmine::MenuManager::MenuController
helper Redmine::MenuManager::MenuHelper
include Redmine::SudoMode::Controller
def session_expiration
if session[:user_id] && Rails.application.config.redmine_verify_sessions != false
if session_expired? && !try_to_autologin
set_localization(User.active.find_by_id(session[:user_id]))
self.logged_user = nil
flash[:error] = l(:error_session_expired)
require_login
end
end
end
def session_expired?
! User.verify_session_token(session[:user_id], session[:tk])
end
def start_user_session(user)
session[:user_id] = user.id
session[:tk] = user.generate_session_token
if user.must_change_password?
session[:pwd] = '1'
end
end
def user_setup
# Check the settings cache for each request
Setting.check_cache
# Find the current user
User.current = find_current_user
logger.info(" Current user: " + (User.current.logged? ? "#{User.current.login} (id=#{User.current.id})" : "anonymous")) if logger
end
# Returns the current user or nil if no user is logged in
# and starts a session if needed
def find_current_user
user = nil
unless api_request?
if session[:user_id]
# existing session
user = (User.active.find(session[:user_id]) rescue nil)
elsif autologin_user = try_to_autologin
user = autologin_user
elsif params[:format] == 'atom' && params[:key] && request.get? && accept_rss_auth?
# RSS key authentication does not start a session
user = User.find_by_rss_key(params[:key])
end
end
if user.nil? && Setting.rest_api_enabled? && accept_api_auth?
if (key = api_key_from_request)
# Use API key
user = User.find_by_api_key(key)
elsif request.authorization.to_s =~ /\ABasic /i
# HTTP Basic, either username/password or API key/random
authenticate_with_http_basic do |username, password|
user = User.try_to_login(username, password) || User.find_by_api_key(username)
end
if user && user.must_change_password?
render_error :message => 'You must change your password', :status => 403
return
end
end
# Switch user if requested by an admin user
if user && user.admin? && (username = api_switch_user_from_request)
su = User.find_by_login(username)
if su && su.active?
logger.info(" User switched by: #{user.login} (id=#{user.id})") if logger
user = su
else
render_error :message => 'Invalid X-Redmine-Switch-User header', :status => 412
end
end
end
# store current ip address in user object ephemerally
user.remote_ip = request.remote_ip if user
user
end
def autologin_cookie_name
Redmine::Configuration['autologin_cookie_name'].presence || 'autologin'
end
def try_to_autologin
if cookies[autologin_cookie_name] && Setting.autologin?
# auto-login feature starts a new session
user = User.try_to_autologin(cookies[autologin_cookie_name])
if user
reset_session
start_user_session(user)
end
user
end
end
# Sets the logged in user
def logged_user=(user)
reset_session
if user && user.is_a?(User)
User.current = user
start_user_session(user)
else
User.current = User.anonymous
end
end
# Logs out current user
def logout_user
if User.current.logged?
if autologin = cookies.delete(autologin_cookie_name)
User.current.delete_autologin_token(autologin)
end
User.current.delete_session_token(session[:tk])
self.logged_user = nil
end
end
# check if login is globally required to access the application
def check_if_login_required
# no check needed if user is already logged in
return true if User.current.logged?
require_login if Setting.login_required?
end
def check_password_change
if session[:pwd]
if User.current.must_change_password?
flash[:error] = l(:error_password_expired)
redirect_to my_password_path
else
session.delete(:pwd)
end
end
end
def set_localization(user=User.current)
lang = nil
if user && user.logged?
lang = find_language(user.language)
end
if lang.nil? && !Setting.force_default_language_for_anonymous? && request.env['HTTP_ACCEPT_LANGUAGE']
accept_lang = parse_qvalues(request.env['HTTP_ACCEPT_LANGUAGE']).first
if !accept_lang.blank?
accept_lang = accept_lang.downcase
lang = find_language(accept_lang) || find_language(accept_lang.split('-').first)
end
end
lang ||= Setting.default_language
set_language_if_valid(lang)
end
def require_login
if !User.current.logged?
# Extract only the basic url parameters on non-GET requests
if request.get?
url = request.original_url
else
url = url_for(:controller => params[:controller], :action => params[:action], :id => params[:id], :project_id => params[:project_id])
end
respond_to do |format|
format.html {
if request.xhr?
head :unauthorized
else
redirect_to signin_path(:back_url => url)
end
}
format.any(:atom, :pdf, :csv) {
redirect_to signin_path(:back_url => url)
}
format.xml { head :unauthorized, 'WWW-Authenticate' => 'Basic realm="Redmine API"' }
format.js { head :unauthorized, 'WWW-Authenticate' => 'Basic realm="Redmine API"' }
format.json { head :unauthorized, 'WWW-Authenticate' => 'Basic realm="Redmine API"' }
format.any { head :unauthorized }
end
return false
end
true
end
def require_admin
return unless require_login
if !User.current.admin?
render_403
return false
end
true
end
def deny_access
User.current.logged? ? render_403 : require_login
end
# Authorize the user for the requested action
def authorize(ctrl = params[:controller], action = params[:action], global = false)
allowed = User.current.allowed_to?({:controller => ctrl, :action => action}, @project || @projects, :global => global)
if allowed
true
else
if @project && @project.archived?
render_403 :message => :notice_not_authorized_archived_project
else
deny_access
end
end
end
# Authorize the user for the requested action outside a project
def authorize_global(ctrl = params[:controller], action = params[:action], global = true)
authorize(ctrl, action, global)
end
# Find project of id params[:id]
def find_project
@project = Project.find(params[:id])
rescue ActiveRecord::RecordNotFound
render_404
end
# Find project of id params[:project_id]
def find_project_by_project_id
@project = Project.find(params[:project_id])
rescue ActiveRecord::RecordNotFound
render_404
end
# Find a project based on params[:project_id]
# TODO: some subclasses override this, see about merging their logic
def find_optional_project
@project = Project.find(params[:project_id]) unless params[:project_id].blank?
allowed = User.current.allowed_to?({:controller => params[:controller], :action => params[:action]}, @project, :global => true)
allowed ? true : deny_access
rescue ActiveRecord::RecordNotFound
render_404
end
# Finds and sets @project based on @object.project
def find_project_from_association
render_404 unless @object.present?
@project = @object.project
end
def find_model_object
model = self.class.model_object
if model
@object = model.find(params[:id])
self.instance_variable_set('@' + controller_name.singularize, @object) if @object
end
rescue ActiveRecord::RecordNotFound
render_404
end
def self.model_object(model)
self.model_object = model
end
# Find the issue whose id is the :id parameter
# Raises a Unauthorized exception if the issue is not visible
def find_issue
# Issue.visible.find(...) can not be used to redirect user to the login form
# if the issue actually exists but requires authentication
@issue = Issue.find(params[:id])
raise Unauthorized unless @issue.visible?
@project = @issue.project
rescue ActiveRecord::RecordNotFound
render_404
end
# Find issues with a single :id param or :ids array param
# Raises a Unauthorized exception if one of the issues is not visible
def find_issues
@issues = Issue.
where(:id => (params[:id] || params[:ids])).
preload(:project, :status, :tracker, :priority, :author, :assigned_to, :relations_to, {:custom_values => :custom_field}).
to_a
raise ActiveRecord::RecordNotFound if @issues.empty?
raise Unauthorized unless @issues.all?(&:visible?)
@projects = @issues.collect(&:project).compact.uniq
@project = @projects.first if @projects.size == 1
rescue ActiveRecord::RecordNotFound
render_404
end
def find_attachments
if (attachments = params[:attachments]).present?
att = attachments.values.collect do |attachment|
Attachment.find_by_token( attachment[:token] ) if attachment[:token].present?
end
att.compact!
end
@attachments = att || []
end
def parse_params_for_bulk_update(params)
attributes = (params || {}).reject {|k,v| v.blank?}
attributes.keys.each {|k| attributes[k] = '' if attributes[k] == 'none'}
if custom = attributes[:custom_field_values]
custom.reject! {|k,v| v.blank?}
custom.keys.each do |k|
if custom[k].is_a?(Array)
custom[k] << '' if custom[k].delete('__none__')
else
custom[k] = '' if custom[k] == '__none__'
end
end
end
attributes
end
# make sure that the user is a member of the project (or admin) if project is private
# used as a before_action for actions that do not require any particular permission on the project
def check_project_privacy
if @project && !@project.archived?
if @project.visible?
true
else
deny_access
end
else
@project = nil
render_404
false
end
end
def back_url
url = params[:back_url]
if url.nil? && referer = request.env['HTTP_REFERER']
url = CGI.unescape(referer.to_s)
end
url
end
def redirect_back_or_default(default, options={})
back_url = params[:back_url].to_s
if back_url.present? && valid_url = validate_back_url(back_url)
redirect_to(valid_url)
return
elsif options[:referer]
redirect_to_referer_or default
return
end
redirect_to default
false
end
# Returns a validated URL string if back_url is a valid url for redirection,
# otherwise false
def validate_back_url(back_url)
if CGI.unescape(back_url).include?('..')
return false
end
begin
uri = URI.parse(back_url)
rescue URI::InvalidURIError
return false
end
[:scheme, :host, :port].each do |component|
if uri.send(component).present? && uri.send(component) != request.send(component)
return false
end
uri.send(:"#{component}=", nil)
end
# Always ignore basic user:password in the URL
uri.userinfo = nil
path = uri.to_s
# Ensure that the remaining URL starts with a slash, followed by a
# non-slash character or the end
if path !~ %r{\A/([^/]|\z)}
return false
end
if path.match(%r{/(login|account/register|account/lost_password)})
return false
end
if relative_url_root.present? && !path.starts_with?(relative_url_root)
return false
end
return path
end
private :validate_back_url
def valid_back_url?(back_url)
!!validate_back_url(back_url)
end
private :valid_back_url?
# Redirects to the request referer if present, redirects to args or call block otherwise.
def redirect_to_referer_or(*args, &block)
if referer = request.headers["Referer"]
redirect_to referer
else
if args.any?
redirect_to *args
elsif block_given?
block.call
else
raise "#redirect_to_referer_or takes arguments or a block"
end
end
end
def render_403(options={})
@project = nil
render_error({:message => :notice_not_authorized, :status => 403}.merge(options))
return false
end
def render_404(options={})
render_error({:message => :notice_file_not_found, :status => 404}.merge(options))
return false
end
# Renders an error response
def render_error(arg)
arg = {:message => arg} unless arg.is_a?(Hash)
@message = arg[:message]
@message = l(@message) if @message.is_a?(Symbol)
@status = arg[:status] || 500
respond_to do |format|
format.html {
render :template => 'common/error', :layout => use_layout, :status => @status
}
format.any { head @status }
end
end
# Handler for ActionView::MissingTemplate exception
def missing_template
logger.warn "Missing template, responding with 404"
@project = nil
render_404
end
# Filter for actions that provide an API response
# but have no HTML representation for non admin users
def require_admin_or_api_request
return true if api_request?
if User.current.admin?
true
elsif User.current.logged?
render_error(:status => 406)
else
deny_access
end
end
# Picks which layout to use based on the request
#
# @return [boolean, string] name of the layout to use or false for no layout
def use_layout
request.xhr? ? false : 'base'
end
def render_feed(items, options={})
@items = (items || []).to_a
@items.sort! {|x,y| y.event_datetime <=> x.event_datetime }
@items = @items.slice(0, Setting.feeds_limit.to_i)
@title = options[:title] || Setting.app_title
render :template => "common/feed", :formats => [:atom], :layout => false,
:content_type => 'application/atom+xml'
end
def self.accept_rss_auth(*actions)
if actions.any?
self.accept_rss_auth_actions = actions
else
self.accept_rss_auth_actions || []
end
end
def accept_rss_auth?(action=action_name)
self.class.accept_rss_auth.include?(action.to_sym)
end
def self.accept_api_auth(*actions)
if actions.any?
self.accept_api_auth_actions = actions
else
self.accept_api_auth_actions || []
end
end
def accept_api_auth?(action=action_name)
self.class.accept_api_auth.include?(action.to_sym)
end
# Returns the number of objects that should be displayed
# on the paginated list
def per_page_option
per_page = nil
if params[:per_page] && Setting.per_page_options_array.include?(params[:per_page].to_s.to_i)
per_page = params[:per_page].to_s.to_i
session[:per_page] = per_page
elsif session[:per_page]
per_page = session[:per_page]
else
per_page = Setting.per_page_options_array.first || 25
end
per_page
end
# Returns offset and limit used to retrieve objects
# for an API response based on offset, limit and page parameters
def api_offset_and_limit(options=params)
if options[:offset].present?
offset = options[:offset].to_i
if offset < 0
offset = 0
end
end
limit = options[:limit].to_i
if limit < 1
limit = 25
elsif limit > 100
limit = 100
end
if offset.nil? && options[:page].present?
offset = (options[:page].to_i - 1) * limit
offset = 0 if offset < 0
end
offset ||= 0
[offset, limit]
end
# qvalues http header parser
# code taken from webrick
def parse_qvalues(value)
tmp = []
if value
parts = value.split(/,\s*/)
parts.each {|part|
if m = %r{^([^\s,]+?)(?:;\s*q=(\d+(?:\.\d+)?))?$}.match(part)
val = m[1]
q = (m[2] or 1).to_f
tmp.push([val, q])
end
}
tmp = tmp.sort_by{|val, q| -q}
tmp.collect!{|val, q| val}
end
return tmp
rescue
nil
end
# Returns a string that can be used as filename value in Content-Disposition header
def filename_for_content_disposition(name)
request.env['HTTP_USER_AGENT'] =~ %r{(MSIE|Trident|Edge)} ? ERB::Util.url_encode(name) : name
end
def api_request?
%w(xml json).include? params[:format]
end
# Returns the API key present in the request
def api_key_from_request
if params[:key].present?
params[:key].to_s
elsif request.headers["X-Redmine-API-Key"].present?
request.headers["X-Redmine-API-Key"].to_s
end
end
# Returns the API 'switch user' value if present
def api_switch_user_from_request
request.headers["X-Redmine-Switch-User"].to_s.presence
end
# Renders a warning flash if obj has unsaved attachments
def render_attachment_warning_if_needed(obj)
flash[:warning] = l(:warning_attachments_not_saved, obj.unsaved_attachments.size) if obj.unsaved_attachments.present?
end
# Rescues an invalid query statement. Just in case...
def query_statement_invalid(exception)
logger.error "Query::StatementInvalid: #{exception.message}" if logger
session.delete(:issue_query)
render_error "An error occurred while executing the query and has been logged. Please report this error to your Redmine administrator."
end
# Renders a 200 response for successful updates or deletions via the API
def render_api_ok
render_api_head :ok
end
# Renders a head API response
def render_api_head(status)
head status
end
# Renders API response on validation failure
# for an object or an array of objects
def render_validation_errors(objects)
messages = Array.wrap(objects).map {|object| object.errors.full_messages}.flatten
render_api_errors(messages)
end
def render_api_errors(*messages)
@error_messages = messages.flatten
render :template => 'common/error_messages.api', :status => :unprocessable_entity, :layout => nil
end
# Overrides #_include_layout? so that #render with no arguments
# doesn't use the layout for api requests
def _include_layout?(*args)
api_request? ? false : super
end
end

247
app/controllers/attachments_controller.rb Normal file
View file

@ -0,0 +1,247 @@
# Redmine - project management software
# Copyright (C) 2006-2017 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class AttachmentsController < ApplicationController
before_action :find_attachment, :only => [:show, :download, :thumbnail, :update, :destroy]
before_action :find_editable_attachments, :only => [:edit_all, :update_all]
before_action :file_readable, :read_authorize, :only => [:show, :download, :thumbnail]
before_action :update_authorize, :only => :update
before_action :delete_authorize, :only => :destroy
before_action :authorize_global, :only => :upload
# Disable check for same origin requests for JS files, i.e. attachments with
# MIME type text/javascript.
skip_after_action :verify_same_origin_request, :only => :download
accept_api_auth :show, :download, :thumbnail, :upload, :update, :destroy
def show
respond_to do |format|
format.html {
if @attachment.is_diff?
@diff = File.read(@attachment.diskfile, :mode => "rb")
@diff_type = params[:type] || User.current.pref[:diff_type] || 'inline'
@diff_type = 'inline' unless %w(inline sbs).include?(@diff_type)
# Save diff type as user preference
if User.current.logged? && @diff_type != User.current.pref[:diff_type]
User.current.pref[:diff_type] = @diff_type
User.current.preference.save
end
render :action => 'diff'
elsif @attachment.is_text? && @attachment.filesize <= Setting.file_max_size_displayed.to_i.kilobyte
@content = File.read(@attachment.diskfile, :mode => "rb")
render :action => 'file'
elsif @attachment.is_image?
render :action => 'image'
else
render :action => 'other'
end
}
format.api
end
end
def download
if @attachment.container.is_a?(Version) || @attachment.container.is_a?(Project)
@attachment.increment_download
end
if stale?(:etag => @attachment.digest)
# images are sent inline
send_file @attachment.diskfile, :filename => filename_for_content_disposition(@attachment.filename),
:type => detect_content_type(@attachment),
:disposition => disposition(@attachment)
end
end
def thumbnail
if @attachment.thumbnailable? && tbnail = @attachment.thumbnail(:size => params[:size])
if stale?(:etag => tbnail)
send_file tbnail,
:filename => filename_for_content_disposition(@attachment.filename),
:type => detect_content_type(@attachment),
:disposition => 'inline'
end
else
# No thumbnail for the attachment or thumbnail could not be created
head 404
end
end
def upload
# Make sure that API users get used to set this content type
# as it won't trigger Rails' automatic parsing of the request body for parameters
unless request.content_type == 'application/octet-stream'
head 406
return
end
@attachment = Attachment.new(:file => request.raw_post)
@attachment.author = User.current
@attachment.filename = params[:filename].presence || Redmine::Utils.random_hex(16)
@attachment.content_type = params[:content_type].presence
saved = @attachment.save
respond_to do |format|
format.js
format.api {
if saved
render :action => 'upload', :status => :created
else
render_validation_errors(@attachment)
end
}
end
end
# Edit all the attachments of a container
def edit_all
end
# Update all the attachments of a container
def update_all
if Attachment.update_attachments(@attachments, update_all_params)
redirect_back_or_default home_path
return
end
render :action => 'edit_all'
end
def update
@attachment.safe_attributes = params[:attachment]
saved = @attachment.save
respond_to do |format|
format.api {
if saved
render_api_ok
else
render_validation_errors(@attachment)
end
}
end
end
def destroy
if @attachment.container.respond_to?(:init_journal)
@attachment.container.init_journal(User.current)
end
if @attachment.container
# Make sure association callbacks are called
@attachment.container.attachments.delete(@attachment)
else
@attachment.destroy
end
respond_to do |format|
format.html { redirect_to_referer_or project_path(@project) }
format.js
format.api { render_api_ok }
end
end
# Returns the menu item that should be selected when viewing an attachment
def current_menu_item
if @attachment
case @attachment.container
when WikiPage
:wiki
when Message
:boards
when Project, Version
:files
else
@attachment.container.class.name.pluralize.downcase.to_sym
end
end
end
private
def find_attachment
@attachment = Attachment.find(params[:id])
# Show 404 if the filename in the url is wrong
raise ActiveRecord::RecordNotFound if params[:filename] && params[:filename] != @attachment.filename
@project = @attachment.project
rescue ActiveRecord::RecordNotFound
render_404
end
def find_editable_attachments
klass = params[:object_type].to_s.singularize.classify.constantize rescue nil
unless klass && klass.reflect_on_association(:attachments)
render_404
return
end
@container = klass.find(params[:object_id])
if @container.respond_to?(:visible?) && !@container.visible?
render_403
return
end
@attachments = @container.attachments.select(&:editable?)
if @container.respond_to?(:project)
@project = @container.project
end
render_404 if @attachments.empty?
rescue ActiveRecord::RecordNotFound
render_404
end
# Checks that the file exists and is readable
def file_readable
if @attachment.readable?
true
else
logger.error "Cannot send attachment, #{@attachment.diskfile} does not exist or is unreadable."
render_404
end
end
def read_authorize
@attachment.visible? ? true : deny_access
end
def update_authorize
@attachment.editable? ? true : deny_access
end
def delete_authorize
@attachment.deletable? ? true : deny_access
end
def detect_content_type(attachment)
content_type = attachment.content_type
if content_type.blank? || content_type == "application/octet-stream"
content_type = Redmine::MimeType.of(attachment.filename)
end
content_type.to_s
end
def disposition(attachment)
if attachment.is_pdf?
'inline'
else
'attachment'
end
end
# Returns attachments param for #update_all
def update_all_params
params.permit(:attachments => [:filename, :description]).require(:attachments)
end
end

105
app/controllers/auth_sources_controller.rb Normal file
View file

@ -0,0 +1,105 @@
# Redmine - project management software
# Copyright (C) 2006-2017 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class AuthSourcesController < ApplicationController
layout 'admin'
self.main_menu = false
menu_item :ldap_authentication
before_action :require_admin
before_action :build_new_auth_source, :only => [:new, :create]
before_action :find_auth_source, :only => [:edit, :update, :test_connection, :destroy]
require_sudo_mode :update, :destroy
def index
@auth_source_pages, @auth_sources = paginate AuthSource, :per_page => 25
end
def new
end
def create
if @auth_source.save
flash[:notice] = l(:notice_successful_create)
redirect_to auth_sources_path
else
render :action => 'new'
end
end
def edit
end
def update
@auth_source.safe_attributes = params[:auth_source]
if @auth_source.save
flash[:notice] = l(:notice_successful_update)
redirect_to auth_sources_path
else
render :action => 'edit'
end
end
def test_connection
begin
@auth_source.test_connection
flash[:notice] = l(:notice_successful_connection)
rescue Exception => e
flash[:error] = l(:error_unable_to_connect, e.message)
end
redirect_to auth_sources_path
end
def destroy
unless @auth_source.users.exists?
@auth_source.destroy
flash[:notice] = l(:notice_successful_delete)
end
redirect_to auth_sources_path
end
def autocomplete_for_new_user
results = AuthSource.search(params[:term])
render :json => results.map {|result| {
'value' => result[:login],
'label' => "#{result[:login]} (#{result[:firstname]} #{result[:lastname]})",
'login' => result[:login].to_s,
'firstname' => result[:firstname].to_s,
'lastname' => result[:lastname].to_s,
'mail' => result[:mail].to_s,
'auth_source_id' => result[:auth_source_id].to_s
}}
end
private
def build_new_auth_source
@auth_source = AuthSource.new_subclass_instance(params[:type] || 'AuthSourceLdap')
if @auth_source
@auth_source.safe_attributes = params[:auth_source]
else
render_404
end
end
def find_auth_source
@auth_source = AuthSource.find(params[:id])
rescue ActiveRecord::RecordNotFound
render_404
end
end

53
app/controllers/auto_completes_controller.rb Normal file
View file

@ -0,0 +1,53 @@
# Redmine - project management software
# Copyright (C) 2006-2017 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class AutoCompletesController < ApplicationController
before_action :find_project
def issues
@issues = []
q = (params[:q] || params[:term]).to_s.strip
status = params[:status].to_s
issue_id = params[:issue_id].to_s
if q.present?
scope = Issue.cross_project_scope(@project, params[:scope]).visible
if status.present?
scope = scope.open(status == 'o')
end
if issue_id.present?
scope = scope.where.not(:id => issue_id.to_i)
end
if q.match(/\A#?(\d+)\z/)
@issues << scope.find_by_id($1.to_i)
end
@issues += scope.like(q).order(:id => :desc).limit(10).to_a
@issues.compact!
end
render :layout => false
end
private
def find_project
if params[:project_id].present?
@project = Project.find(params[:project_id])
end
rescue ActiveRecord::RecordNotFound
render_404
end
end

121
app/controllers/boards_controller.rb Normal file
View file

@ -0,0 +1,121 @@
# Redmine - project management software
# Copyright (C) 2006-2017 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class BoardsController < ApplicationController
default_search_scope :messages
before_action :find_project_by_project_id, :find_board_if_available, :authorize
accept_rss_auth :index, :show
helper :sort
include SortHelper
helper :watchers
def index
@boards = @project.boards.preload(:last_message => :author).to_a
# show the board if there is only one
if @boards.size == 1
@board = @boards.first
show
end
end
def show
respond_to do |format|
format.html {
sort_init 'updated_on', 'desc'
sort_update 'created_on' => "#{Message.table_name}.id",
'replies' => "#{Message.table_name}.replies_count",
'updated_on' => "COALESCE(#{Message.table_name}.last_reply_id, #{Message.table_name}.id)"
@topic_count = @board.topics.count
@topic_pages = Paginator.new @topic_count, per_page_option, params['page']
@topics = @board.topics.
reorder(:sticky => :desc).
limit(@topic_pages.per_page).
offset(@topic_pages.offset).
order(sort_clause).
preload(:author, {:last_reply => :author}).
to_a
@message = Message.new(:board => @board)
render :action => 'show', :layout => !request.xhr?
}
format.atom {
@messages = @board.messages.
reorder(:id => :desc).
includes(:author, :board).
limit(Setting.feeds_limit.to_i).
to_a
render_feed(@messages, :title => "#{@project}: #{@board}")
}
end
end
def new
@board = @project.boards.build
@board.safe_attributes = params[:board]
end
def create
@board = @project.boards.build
@board.safe_attributes = params[:board]
if @board.save
flash[:notice] = l(:notice_successful_create)
redirect_to_settings_in_projects
else
render :action => 'new'
end
end
def edit
end
def update
@board.safe_attributes = params[:board]
if @board.save
respond_to do |format|
format.html {
flash[:notice] = l(:notice_successful_update)
redirect_to_settings_in_projects
}
format.js { head 200 }
end
else
respond_to do |format|
format.html { render :action => 'edit' }
format.js { head 422 }
end
end
end
def destroy
if @board.destroy
flash[:notice] = l(:notice_successful_delete)
end
redirect_to_settings_in_projects
end
private
def redirect_to_settings_in_projects
redirect_to settings_project_path(@project, :tab => 'boards')
end
def find_board_if_available
@board = @project.boards.find(params[:id]) if params[:id]
rescue ActiveRecord::RecordNotFound
render_404
end
end

55
app/controllers/calendars_controller.rb Normal file
View file

@ -0,0 +1,55 @@
# Redmine - project management software
# Copyright (C) 2006-2017 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class CalendarsController < ApplicationController
menu_item :calendar
before_action :find_optional_project
rescue_from Query::StatementInvalid, :with => :query_statement_invalid
helper :issues
helper :projects
helper :queries
include QueriesHelper
def show
if params[:year] and params[:year].to_i > 1900
@year = params[:year].to_i
if params[:month] and params[:month].to_i > 0 and params[:month].to_i < 13
@month = params[:month].to_i
end
end
@year ||= User.current.today.year
@month ||= User.current.today.month
@calendar = Redmine::Helpers::Calendar.new(Date.civil(@year, @month, 1), current_language, :month)
retrieve_query
@query.group_by = nil
@query.sort_criteria = nil
if @query.valid?
events = []
events += @query.issues(:include => [:tracker, :assigned_to, :priority],
:conditions => ["((start_date BETWEEN ? AND ?) OR (due_date BETWEEN ? AND ?))", @calendar.startdt, @calendar.enddt, @calendar.startdt, @calendar.enddt]
)
events += @query.versions(:conditions => ["effective_date BETWEEN ? AND ?", @calendar.startdt, @calendar.enddt])
@calendar.events = events
end
render :action => 'show', :layout => false if request.xhr?
end
end

53
app/controllers/comments_controller.rb Normal file
View file

@ -0,0 +1,53 @@
# Redmine - project management software
# Copyright (C) 2006-2017 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class CommentsController < ApplicationController
default_search_scope :news
model_object News
before_action :find_model_object
before_action :find_project_from_association
before_action :authorize
def create
raise Unauthorized unless @news.commentable?
@comment = Comment.new
@comment.safe_attributes = params[:comment]
@comment.author = User.current
if @news.comments << @comment
flash[:notice] = l(:label_comment_added)
end
redirect_to news_path(@news)
end
def destroy
@news.comments.find(params[:comment_id]).destroy
redirect_to news_path(@news)
end
private
# ApplicationController's find_model_object sets it based on the controller
# name so it needs to be overridden and set to @news instead
def find_model_object
super
@news = @object
@comment = nil
@news
end
end

92
app/controllers/context_menus_controller.rb Normal file
View file

@ -0,0 +1,92 @@
# Redmine - project management software
# Copyright (C) 2006-2017 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class ContextMenusController < ApplicationController
helper :watchers
helper :issues
before_action :find_issues, :only => :issues
def issues
if (@issues.size == 1)
@issue = @issues.first
end
@issue_ids = @issues.map(&:id).sort
@allowed_statuses = @issues.map(&:new_statuses_allowed_to).reduce(:&)
@can = {:edit => @issues.all?(&:attributes_editable?),
:log_time => (@project && User.current.allowed_to?(:log_time, @project)),
:copy => User.current.allowed_to?(:copy_issues, @projects) && Issue.allowed_target_projects.any?,
:add_watchers => User.current.allowed_to?(:add_issue_watchers, @projects),
:delete => @issues.all?(&:deletable?)
}
@assignables = @issues.map(&:assignable_users).reduce(:&)
@trackers = @projects.map {|p| Issue.allowed_target_trackers(p) }.reduce(:&)
@versions = @projects.map {|p| p.shared_versions.open}.reduce(:&)
@priorities = IssuePriority.active.reverse
@back = back_url
@options_by_custom_field = {}
if @can[:edit]
custom_fields = @issues.map(&:editable_custom_fields).reduce(:&).reject(&:multiple?).select {|field| field.format.bulk_edit_supported}
custom_fields.each do |field|
values = field.possible_values_options(@projects)
if values.present?
@options_by_custom_field[field] = values
end
end
end
@safe_attributes = @issues.map(&:safe_attribute_names).reduce(:&)
render :layout => false
end
def time_entries
@time_entries = TimeEntry.where(:id => params[:ids]).
preload(:project => :time_entry_activities).
preload(:user).to_a
(render_404; return) unless @time_entries.present?
if (@time_entries.size == 1)
@time_entry = @time_entries.first
end
@projects = @time_entries.collect(&:project).compact.uniq
@project = @projects.first if @projects.size == 1
@activities = @projects.map(&:activities).reduce(:&)
edit_allowed = @time_entries.all? {|t| t.editable_by?(User.current)}
@can = {:edit => edit_allowed, :delete => edit_allowed}
@back = back_url
@options_by_custom_field = {}
if @can[:edit]
custom_fields = @time_entries.map(&:editable_custom_fields).reduce(:&).reject(&:multiple?).select {|field| field.format.bulk_edit_supported}
custom_fields.each do |field|
values = field.possible_values_options(@projects)
if values.present?
@options_by_custom_field[field] = values
end
end
end
render :layout => false
end
end

84
app/controllers/custom_field_enumerations_controller.rb Normal file
View file

@ -0,0 +1,84 @@
# Redmine - project management software
# Copyright (C) 2006-2017 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class CustomFieldEnumerationsController < ApplicationController
layout 'admin'
self.main_menu = false
before_action :require_admin
before_action :find_custom_field
before_action :find_enumeration, :only => :destroy
helper :custom_fields
def index
@values = @custom_field.enumerations.order(:position)
end
def create
@value = @custom_field.enumerations.build
@value.attributes = enumeration_params
@value.save
respond_to do |format|
format.html { redirect_to custom_field_enumerations_path(@custom_field) }
format.js
end
end
def update_each
saved = CustomFieldEnumeration.update_each(@custom_field, update_each_params)
if saved
flash[:notice] = l(:notice_successful_update)
end
redirect_to :action => 'index'
end
def destroy
reassign_to = @custom_field.enumerations.find_by_id(params[:reassign_to_id])
if reassign_to.nil? && @value.in_use?
@enumerations = @custom_field.enumerations - [@value]
render :action => 'destroy'
return
end
@value.destroy(reassign_to)
redirect_to custom_field_enumerations_path(@custom_field)
end
private
def find_custom_field
@custom_field = CustomField.find(params[:custom_field_id])
rescue ActiveRecord::RecordNotFound
render_404
end
def find_enumeration
@value = @custom_field.enumerations.find(params[:id])
rescue ActiveRecord::RecordNotFound
render_404
end
def enumeration_params
params.require(:custom_field_enumeration).permit(:name, :active, :position)
end
def update_each_params
# params.require(:custom_field_enumerations).permit(:name, :active, :position) does not work here with param like this:
# "custom_field_enumerations":{"0":{"name": ...}, "1":{"name...}}
params.permit(:custom_field_enumerations => [:name, :active, :position]).require(:custom_field_enumerations)
end
end

104
app/controllers/custom_fields_controller.rb Normal file
View file

@ -0,0 +1,104 @@
# Redmine - project management software
# Copyright (C) 2006-2017 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class CustomFieldsController < ApplicationController
layout 'admin'
self.main_menu = false
before_action :require_admin
before_action :build_new_custom_field, :only => [:new, :create]
before_action :find_custom_field, :only => [:edit, :update, :destroy]
accept_api_auth :index
def index
respond_to do |format|
format.html {
@custom_fields_by_type = CustomField.all.group_by {|f| f.class.name }
@custom_fields_projects_count =
IssueCustomField.where(is_for_all: false).joins(:projects).group(:custom_field_id).count
}
format.api {
@custom_fields = CustomField.all
}
end
end
def new
@custom_field.field_format = 'string' if @custom_field.field_format.blank?
@custom_field.default_value = nil
end
def create
if @custom_field.save
flash[:notice] = l(:notice_successful_create)
call_hook(:controller_custom_fields_new_after_save, :params => params, :custom_field => @custom_field)
redirect_to edit_custom_field_path(@custom_field)
else
render :action => 'new'
end
end
def edit
end
def update
@custom_field.safe_attributes = params[:custom_field]
if @custom_field.save
call_hook(:controller_custom_fields_edit_after_save, :params => params, :custom_field => @custom_field)
respond_to do |format|
format.html {
flash[:notice] = l(:notice_successful_update)
redirect_back_or_default edit_custom_field_path(@custom_field)
}
format.js { head 200 }
end
else
respond_to do |format|
format.html { render :action => 'edit' }
format.js { head 422 }
end
end
end
def destroy
begin
if @custom_field.destroy
flash[:notice] = l(:notice_successful_delete)
end
rescue
flash[:error] = l(:error_can_not_delete_custom_field)
end
redirect_to custom_fields_path(:tab => @custom_field.class.name)
end
private
def build_new_custom_field
@custom_field = CustomField.new_subclass_instance(params[:type])
if @custom_field.nil?
render :action => 'select_type'
else
@custom_field.safe_attributes = params[:custom_field]
end
end
def find_custom_field
@custom_field = CustomField.find(params[:id])
rescue ActiveRecord::RecordNotFound
render_404
end
end

95
app/controllers/documents_controller.rb Normal file
View file

@ -0,0 +1,95 @@
# Redmine - project management software
# Copyright (C) 2006-2017 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class DocumentsController < ApplicationController
default_search_scope :documents
model_object Document
before_action :find_project_by_project_id, :only => [:index, :new, :create]
before_action :find_model_object, :except => [:index, :new, :create]
before_action :find_project_from_association, :except => [:index, :new, :create]
before_action :authorize
helper :attachments
helper :custom_fields
def index
@sort_by = %w(category date title author).include?(params[:sort_by]) ? params[:sort_by] : 'category'
documents = @project.documents.includes(:attachments, :category).to_a
case @sort_by
when 'date'
@grouped = documents.group_by {|d| d.updated_on.to_date }
when 'title'
@grouped = documents.group_by {|d| d.title.first.upcase}
when 'author'
@grouped = documents.select{|d| d.attachments.any?}.group_by {|d| d.attachments.last.author}
else
@grouped = documents.group_by(&:category)
end
@document = @project.documents.build
render :layout => false if request.xhr?
end
def show
@attachments = @document.attachments.to_a
end
def new
@document = @project.documents.build
@document.safe_attributes = params[:document]
end
def create
@document = @project.documents.build
@document.safe_attributes = params[:document]
@document.save_attachments(params[:attachments])
if @document.save
render_attachment_warning_if_needed(@document)
flash[:notice] = l(:notice_successful_create)
redirect_to project_documents_path(@project)
else
render :action => 'new'
end
end
def edit
end
def update
@document.safe_attributes = params[:document]
if @document.save
flash[:notice] = l(:notice_successful_update)
redirect_to document_path(@document)
else
render :action => 'edit'
end
end
def destroy
@document.destroy if request.delete?
redirect_to project_documents_path(@project)
end
def add_attachment
attachments = Attachment.attach_files(@document, params[:attachments])
render_attachment_warning_if_needed(@document)
if attachments.present? && attachments[:files].present? && Setting.notified_events.include?('document_added')
Mailer.attachments_added(attachments[:files]).deliver
end
redirect_to document_path(@document)
end
end

104
app/controllers/email_addresses_controller.rb Normal file
View file

@ -0,0 +1,104 @@
# Redmine - project management software
# Copyright (C) 2006-2017 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class EmailAddressesController < ApplicationController
self.main_menu = false
before_action :find_user, :require_admin_or_current_user
before_action :find_email_address, :only => [:update, :destroy]
require_sudo_mode :create, :update, :destroy
def index
@addresses = @user.email_addresses.order(:id).where(:is_default => false).to_a
@address ||= EmailAddress.new
end
def create
saved = false
if @user.email_addresses.count <= Setting.max_additional_emails.to_i
@address = EmailAddress.new(:user => @user, :is_default => false)
@address.safe_attributes = params[:email_address]
saved = @address.save
end
respond_to do |format|
format.html {
if saved
redirect_to user_email_addresses_path(@user)
else
index
render :action => 'index'
end
}
format.js {
@address = nil if saved
index
render :action => 'index'
}
end
end
def update
if params[:notify].present?
@address.notify = params[:notify].to_s
end
@address.save
respond_to do |format|
format.html {
redirect_to user_email_addresses_path(@user)
}
format.js {
@address = nil
index
render :action => 'index'
}
end
end
def destroy
@address.destroy
respond_to do |format|
format.html {
redirect_to user_email_addresses_path(@user)
}
format.js {
@address = nil
index
render :action => 'index'
}
end
end
private
def find_user
@user = User.find(params[:user_id])
end
def find_email_address
@address = @user.email_addresses.where(:is_default => false).find(params[:id])
rescue ActiveRecord::RecordNotFound
render_404
end
def require_admin_or_current_user
unless @user == User.current
require_admin
end
end
end

110
app/controllers/enumerations_controller.rb Normal file
View file

@ -0,0 +1,110 @@
# Redmine - project management software
# Copyright (C) 2006-2017 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class EnumerationsController < ApplicationController
layout 'admin'
self.main_menu = false
before_action :require_admin, :except => :index
before_action :require_admin_or_api_request, :only => :index
before_action :build_new_enumeration, :only => [:new, :create]
before_action :find_enumeration, :only => [:edit, :update, :destroy]
accept_api_auth :index
helper :custom_fields
def index
respond_to do |format|
format.html
format.api {
@klass = Enumeration.get_subclass(params[:type])
if @klass
@enumerations = @klass.shared.sorted.to_a
else
render_404
end
}
end
end
def new
end
def create
if request.post? && @enumeration.save
flash[:notice] = l(:notice_successful_create)
redirect_to enumerations_path
else
render :action => 'new'
end
end
def edit
end
def update
if @enumeration.update_attributes(enumeration_params)
respond_to do |format|
format.html {
flash[:notice] = l(:notice_successful_update)
redirect_to enumerations_path
}
format.js { head 200 }
end
else
respond_to do |format|
format.html { render :action => 'edit' }
format.js { head 422 }
end
end
end
def destroy
if !@enumeration.in_use?
# No associated objects
@enumeration.destroy
redirect_to enumerations_path
return
elsif params[:reassign_to_id].present? && (reassign_to = @enumeration.class.find_by_id(params[:reassign_to_id].to_i))
@enumeration.destroy(reassign_to)
redirect_to enumerations_path
return
end
@enumerations = @enumeration.class.system.to_a - [@enumeration]
end
private
def build_new_enumeration
class_name = params[:enumeration] && params[:enumeration][:type] || params[:type]
@enumeration = Enumeration.new_subclass_instance(class_name, enumeration_params)
if @enumeration.nil?
render_404
end
end
def find_enumeration
@enumeration = Enumeration.find(params[:id])
rescue ActiveRecord::RecordNotFound
render_404
end
def enumeration_params
# can't require enumeration on #new action
params.permit(:enumeration => [:name, :active, :is_default, :position])[:enumeration]
end
end

76
app/controllers/files_controller.rb Normal file
View file

@ -0,0 +1,76 @@
# Redmine - project management software
# Copyright (C) 2006-2017 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class FilesController < ApplicationController
menu_item :files
before_action :find_project_by_project_id
before_action :authorize
accept_api_auth :index, :create
helper :attachments
helper :sort
include SortHelper
def index
sort_init 'filename', 'asc'
sort_update 'filename' => "#{Attachment.table_name}.filename",
'created_on' => "#{Attachment.table_name}.created_on",
'size' => "#{Attachment.table_name}.filesize",
'downloads' => "#{Attachment.table_name}.downloads"
@containers = [Project.includes(:attachments).
references(:attachments).reorder(sort_clause).find(@project.id)]
@containers += @project.versions.includes(:attachments).
references(:attachments).reorder(sort_clause).to_a.sort.reverse
respond_to do |format|
format.html { render :layout => !request.xhr? }
format.api
end
end
def new
@versions = @project.versions.sort
end
def create
version_id = params[:version_id] || (params[:file] && params[:file][:version_id])
container = version_id.blank? ? @project : @project.versions.find_by_id(version_id)
attachments = Attachment.attach_files(container, (params[:attachments] || (params[:file] && params[:file][:token] && params)))
render_attachment_warning_if_needed(container)
if attachments[:files].present?
if Setting.notified_events.include?('file_added')
Mailer.attachments_added(attachments[:files]).deliver
end
respond_to do |format|
format.html {
flash[:notice] = l(:label_file_added)
redirect_to project_files_path(@project) }
format.api { render_api_ok }
end
else
respond_to do |format|
format.html {
flash.now[:error] = l(:label_attachment) + " " + l('activerecord.errors.messages.invalid')
new
render :action => 'new' }
format.api { render :status => :bad_request }
end
end
end
end

46
app/controllers/gantts_controller.rb Normal file
View file

@ -0,0 +1,46 @@
# Redmine - project management software
# Copyright (C) 2006-2017 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class GanttsController < ApplicationController
menu_item :gantt
before_action :find_optional_project
rescue_from Query::StatementInvalid, :with => :query_statement_invalid
helper :gantt
helper :issues
helper :projects
helper :queries
include QueriesHelper
include Redmine::Export::PDF
def show
@gantt = Redmine::Helpers::Gantt.new(params)
@gantt.project = @project
retrieve_query
@query.group_by = nil
@gantt.query = @query if @query.valid?
basename = (@project ? "#{@project.identifier}-" : '') + 'gantt'
respond_to do |format|
format.html { render :action => "show", :layout => !request.xhr? }
format.png { send_data(@gantt.to_image, :disposition => 'inline', :type => 'image/png', :filename => "#{basename}.png") } if @gantt.respond_to?('to_image')
format.pdf { send_data(@gantt.to_pdf, :type => 'application/pdf', :filename => "#{basename}.pdf") }
end
end
end

155
app/controllers/groups_controller.rb Normal file
View file

@ -0,0 +1,155 @@
# Redmine - project management software
# Copyright (C) 2006-2017 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class GroupsController < ApplicationController
layout 'admin'
self.main_menu = false
before_action :require_admin
before_action :find_group, :except => [:index, :new, :create]
accept_api_auth :index, :show, :create, :update, :destroy, :add_users, :remove_user
require_sudo_mode :add_users, :remove_user, :create, :update, :destroy, :edit_membership, :destroy_membership
helper :custom_fields
helper :principal_memberships
def index
respond_to do |format|
format.html {
scope = Group.sorted
scope = scope.like(params[:name]) if params[:name].present?
@group_count = scope.count
@group_pages = Paginator.new @group_count, per_page_option, params['page']
@groups = scope.limit(@group_pages.per_page).offset(@group_pages.offset).to_a
@user_count_by_group_id = user_count_by_group_id
}
format.api {
scope = Group.sorted
scope = scope.givable unless params[:builtin] == '1'
@groups = scope.to_a
}
end
end
def show
respond_to do |format|
format.html
format.api
end
end
def new
@group = Group.new
end
def create
@group = Group.new
@group.safe_attributes = params[:group]
respond_to do |format|
if @group.save
format.html {
flash[:notice] = l(:notice_successful_create)
redirect_to(params[:continue] ? new_group_path : groups_path)
}
format.api { render :action => 'show', :status => :created, :location => group_url(@group) }
else
format.html { render :action => "new" }
format.api { render_validation_errors(@group) }
end
end
end
def edit
end
def update
@group.safe_attributes = params[:group]
respond_to do |format|
if @group.save
flash[:notice] = l(:notice_successful_update)
format.html { redirect_to_referer_or(groups_path) }
format.api { render_api_ok }
else
format.html { render :action => "edit" }
format.api { render_validation_errors(@group) }
end
end
end
def destroy
@group.destroy
respond_to do |format|
format.html { redirect_to_referer_or(groups_path) }
format.api { render_api_ok }
end
end
def new_users
end
def add_users
@users = User.not_in_group(@group).where(:id => (params[:user_id] || params[:user_ids])).to_a
@group.users << @users
respond_to do |format|
format.html { redirect_to edit_group_path(@group, :tab => 'users') }
format.js
format.api {
if @users.any?
render_api_ok
else
render_api_errors "#{l(:label_user)} #{l('activerecord.errors.messages.invalid')}"
end
}
end
end
def remove_user
@group.users.delete(User.find(params[:user_id])) if request.delete?
respond_to do |format|
format.html { redirect_to edit_group_path(@group, :tab => 'users') }
format.js
format.api { render_api_ok }
end
end
def autocomplete_for_user
respond_to do |format|
format.js
end
end
private
def find_group
@group = Group.find(params[:id])
rescue ActiveRecord::RecordNotFound
render_404
end
def user_count_by_group_id
h = User.joins(:groups).group('group_id').count
h.keys.each do |key|
h[key.to_i] = h.delete(key)
end
h
end
end

122
app/controllers/imports_controller.rb Normal file
View file

@ -0,0 +1,122 @@
# Redmine - project management software
# Copyright (C) 2006-2017 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
require 'csv'
class ImportsController < ApplicationController
menu_item :issues
before_action :find_import, :only => [:show, :settings, :mapping, :run]
before_action :authorize_global
helper :issues
helper :queries
def new
end
def create
@import = IssueImport.new
@import.user = User.current
@import.file = params[:file]
@import.set_default_settings
if @import.save
redirect_to import_settings_path(@import)
else
render :action => 'new'
end
end
def show
end
def settings
if request.post? && @import.parse_file
redirect_to import_mapping_path(@import)
end
rescue CSV::MalformedCSVError => e
flash.now[:error] = l(:error_invalid_csv_file_or_settings)
rescue ArgumentError, EncodingError => e
flash.now[:error] = l(:error_invalid_file_encoding, :encoding => ERB::Util.h(@import.settings['encoding']))
rescue SystemCallError => e
flash.now[:error] = l(:error_can_not_read_import_file)
end
def mapping
@custom_fields = @import.mappable_custom_fields
if request.post?
respond_to do |format|
format.html {
if params[:previous]
redirect_to import_settings_path(@import)
else
redirect_to import_run_path(@import)
end
}
format.js # updates mapping form on project or tracker change
end
end
end
def run
if request.post?
@current = @import.run(
:max_items => max_items_per_request,
:max_time => 10.seconds
)
respond_to do |format|
format.html {
if @import.finished?
redirect_to import_path(@import)
else
redirect_to import_run_path(@import)
end
}
format.js
end
end
end
private
def find_import
@import = Import.where(:user_id => User.current.id, :filename => params[:id]).first
if @import.nil?
render_404
return
elsif @import.finished? && action_name != 'show'
redirect_to import_path(@import)
return
end
update_from_params if request.post?
end
def update_from_params
if params[:import_settings].is_a?(Hash)
@import.settings ||= {}
@import.settings.merge!(params[:import_settings])
@import.save!
end
end
def max_items_per_request
5
end
end

122
app/controllers/issue_categories_controller.rb Normal file
View file

@ -0,0 +1,122 @@
# Redmine - project management software
# Copyright (C) 2006-2017 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class IssueCategoriesController < ApplicationController
menu_item :settings
model_object IssueCategory
before_action :find_model_object, :except => [:index, :new, :create]
before_action :find_project_from_association, :except => [:index, :new, :create]
before_action :find_project_by_project_id, :only => [:index, :new, :create]
before_action :authorize
accept_api_auth :index, :show, :create, :update, :destroy
def index
respond_to do |format|
format.html { redirect_to_settings_in_projects }
format.api { @categories = @project.issue_categories.to_a }
end
end
def show
respond_to do |format|
format.html { redirect_to_settings_in_projects }
format.api
end
end
def new
@category = @project.issue_categories.build
@category.safe_attributes = params[:issue_category]
respond_to do |format|
format.html
format.js
end
end
def create
@category = @project.issue_categories.build
@category.safe_attributes = params[:issue_category]
if @category.save
respond_to do |format|
format.html do
flash[:notice] = l(:notice_successful_create)
redirect_to_settings_in_projects
end
format.js
format.api { render :action => 'show', :status => :created, :location => issue_category_path(@category) }
end
else
respond_to do |format|
format.html { render :action => 'new'}
format.js { render :action => 'new'}
format.api { render_validation_errors(@category) }
end
end
end
def edit
end
def update
@category.safe_attributes = params[:issue_category]
if @category.save
respond_to do |format|
format.html {
flash[:notice] = l(:notice_successful_update)
redirect_to_settings_in_projects
}
format.api { render_api_ok }
end
else
respond_to do |format|
format.html { render :action => 'edit' }
format.api { render_validation_errors(@category) }
end
end
end
def destroy
@issue_count = @category.issues.size
if @issue_count == 0 || params[:todo] || api_request?
reassign_to = nil
if params[:reassign_to_id] && (params[:todo] == 'reassign' || params[:todo].blank?)
reassign_to = @project.issue_categories.find_by_id(params[:reassign_to_id])
end
@category.destroy(reassign_to)
respond_to do |format|
format.html { redirect_to_settings_in_projects }
format.api { render_api_ok }
end
return
end
@categories = @project.issue_categories - [@category]
end
private
def redirect_to_settings_in_projects
redirect_to settings_project_path(@project, :tab => 'categories')
end
# Wrap ApplicationController's find_model_object method to set
# @category instead of just @issue_category
def find_model_object
super
@category = @object
end
end

98
app/controllers/issue_relations_controller.rb Normal file
View file

@ -0,0 +1,98 @@
# Redmine - project management software
# Copyright (C) 2006-2017 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class IssueRelationsController < ApplicationController
helper :issues
before_action :find_issue, :authorize, :only => [:index, :create]
before_action :find_relation, :only => [:show, :destroy]
accept_api_auth :index, :show, :create, :destroy
def index
@relations = @issue.relations
respond_to do |format|
format.html { head 200 }
format.api
end
end
def show
raise Unauthorized unless @relation.visible?
respond_to do |format|
format.html { head 200 }
format.api
end
end
def create
@relation = IssueRelation.new
@relation.issue_from = @issue
@relation.safe_attributes = params[:relation]
@relation.init_journals(User.current)
begin
saved = @relation.save
rescue ActiveRecord::RecordNotUnique
saved = false
@relation.errors.add :base, :taken
end
respond_to do |format|
format.html { redirect_to issue_path(@issue) }
format.js {
@relations = @issue.reload.relations.select {|r| r.other_issue(@issue) && r.other_issue(@issue).visible? }
}
format.api {
if saved
render :action => 'show', :status => :created, :location => relation_url(@relation)
else
render_validation_errors(@relation)
end
}
end
end
def destroy
raise Unauthorized unless @relation.deletable?
@relation.init_journals(User.current)
@relation.destroy
respond_to do |format|
format.html { redirect_to issue_path(@relation.issue_from) }
format.js
format.api { render_api_ok }
end
end
private
def find_issue
@issue = Issue.find(params[:issue_id])
@project = @issue.project
rescue ActiveRecord::RecordNotFound
render_404
end
def find_relation
@relation = IssueRelation.find(params[:id])
rescue ActiveRecord::RecordNotFound
render_404
end
end

88
app/controllers/issue_statuses_controller.rb Normal file
View file

@ -0,0 +1,88 @@
# Redmine - project management software
# Copyright (C) 2006-2017 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class IssueStatusesController < ApplicationController
layout 'admin'
self.main_menu = false
before_action :require_admin, :except => :index
before_action :require_admin_or_api_request, :only => :index
accept_api_auth :index
def index
@issue_statuses = IssueStatus.sorted.to_a
respond_to do |format|
format.html { render :layout => false if request.xhr? }
format.api
end
end
def new
@issue_status = IssueStatus.new
end
def create
@issue_status = IssueStatus.new
@issue_status.safe_attributes = params[:issue_status]
if @issue_status.save
flash[:notice] = l(:notice_successful_create)
redirect_to issue_statuses_path
else
render :action => 'new'
end
end
def edit
@issue_status = IssueStatus.find(params[:id])
end
def update
@issue_status = IssueStatus.find(params[:id])
@issue_status.safe_attributes = params[:issue_status]
if @issue_status.save
respond_to do |format|
format.html {
flash[:notice] = l(:notice_successful_update)
redirect_to issue_statuses_path(:page => params[:page])
}
format.js { head 200 }
end
else
respond_to do |format|
format.html { render :action => 'edit' }
format.js { head 422 }
end
end
end
def destroy
IssueStatus.find(params[:id]).destroy
redirect_to issue_statuses_path
rescue
flash[:error] = l(:error_unable_delete_issue_status)
redirect_to issue_statuses_path
end
def update_issue_done_ratio
if request.post? && IssueStatus.update_issue_done_ratios
flash[:notice] = l(:notice_issue_done_ratios_updated)
else
flash[:error] = l(:error_issue_done_ratios_not_updated)
end
redirect_to issue_statuses_path
end
end

596
app/controllers/issues_controller.rb Normal file
View file

@ -0,0 +1,596 @@
# Redmine - project management software
# Copyright (C) 2006-2017 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class IssuesController < ApplicationController
default_search_scope :issues
before_action :find_issue, :only => [:show, :edit, :update]
before_action :find_issues, :only => [:bulk_edit, :bulk_update, :destroy]
before_action :authorize, :except => [:index, :new, :create]
before_action :find_optional_project, :only => [:index, :new, :create]
before_action :build_new_issue_from_params, :only => [:new, :create]
accept_rss_auth :index, :show
accept_api_auth :index, :show, :create, :update, :destroy
rescue_from Query::StatementInvalid, :with => :query_statement_invalid
helper :journals
helper :projects
helper :custom_fields
helper :issue_relations
helper :watchers
helper :attachments
helper :queries
include QueriesHelper
helper :repositories
helper :timelog
def index
retrieve_query
if @query.valid?
respond_to do |format|
format.html {
@issue_count = @query.issue_count
@issue_pages = Paginator.new @issue_count, per_page_option, params['page']
@issues = @query.issues(:offset => @issue_pages.offset, :limit => @issue_pages.per_page)
render :layout => !request.xhr?
}
format.api {
@offset, @limit = api_offset_and_limit
@query.column_names = %w(author)
@issue_count = @query.issue_count
@issues = @query.issues(:offset => @offset, :limit => @limit)
Issue.load_visible_relations(@issues) if include_in_api_response?('relations')
}
format.atom {
@issues = @query.issues(:limit => Setting.feeds_limit.to_i)
render_feed(@issues, :title => "#{@project || Setting.app_title}: #{l(:label_issue_plural)}")
}
format.csv {
@issues = @query.issues(:limit => Setting.issues_export_limit.to_i)
send_data(query_to_csv(@issues, @query, params[:csv]), :type => 'text/csv; header=present', :filename => 'issues.csv')
}
format.pdf {
@issues = @query.issues(:limit => Setting.issues_export_limit.to_i)
send_file_headers! :type => 'application/pdf', :filename => 'issues.pdf'
}
end
else
respond_to do |format|
format.html { render :layout => !request.xhr? }
format.any(:atom, :csv, :pdf) { head 422 }
format.api { render_validation_errors(@query) }
end
end
rescue ActiveRecord::RecordNotFound
render_404
end
def show
@journals = @issue.visible_journals_with_index
@changesets = @issue.changesets.visible.preload(:repository, :user).to_a
@relations = @issue.relations.select {|r| r.other_issue(@issue) && r.other_issue(@issue).visible? }
if User.current.wants_comments_in_reverse_order?
@journals.reverse!
@changesets.reverse!
end
if User.current.allowed_to?(:view_time_entries, @project)
Issue.load_visible_spent_hours([@issue])
Issue.load_visible_total_spent_hours([@issue])
end
respond_to do |format|
format.html {
@allowed_statuses = @issue.new_statuses_allowed_to(User.current)
@priorities = IssuePriority.active
@time_entry = TimeEntry.new(:issue => @issue, :project => @issue.project)
@relation = IssueRelation.new
retrieve_previous_and_next_issue_ids
render :template => 'issues/show'
}
format.api
format.atom { render :template => 'journals/index', :layout => false, :content_type => 'application/atom+xml' }
format.pdf {
send_file_headers! :type => 'application/pdf', :filename => "#{@project.identifier}-#{@issue.id}.pdf"
}
end
end
def new
respond_to do |format|
format.html { render :action => 'new', :layout => !request.xhr? }
format.js
end
end
def create
unless User.current.allowed_to?(:add_issues, @issue.project, :global => true)
raise ::Unauthorized
end
call_hook(:controller_issues_new_before_save, { :params => params, :issue => @issue })
@issue.save_attachments(params[:attachments] || (params[:issue] && params[:issue][:uploads]))
if @issue.save
call_hook(:controller_issues_new_after_save, { :params => params, :issue => @issue})
respond_to do |format|
format.html {
render_attachment_warning_if_needed(@issue)
flash[:notice] = l(:notice_issue_successful_create, :id => view_context.link_to("##{@issue.id}", issue_path(@issue), :title => @issue.subject))
redirect_after_create
}
format.api { render :action => 'show', :status => :created, :location => issue_url(@issue) }
end
return
else
respond_to do |format|
format.html {
if @issue.project.nil?
render_error :status => 422
else
render :action => 'new'
end
}
format.api { render_validation_errors(@issue) }
end
end
end
def edit
return unless update_issue_from_params
respond_to do |format|
format.html { }
format.js
end
end
def update
return unless update_issue_from_params
@issue.save_attachments(params[:attachments] || (params[:issue] && params[:issue][:uploads]))
saved = false
begin
saved = save_issue_with_child_records
rescue ActiveRecord::StaleObjectError
@conflict = true
if params[:last_journal_id]
@conflict_journals = @issue.journals_after(params[:last_journal_id]).to_a
@conflict_journals.reject!(&:private_notes?) unless User.current.allowed_to?(:view_private_notes, @issue.project)
end
end
if saved
render_attachment_warning_if_needed(@issue)
flash[:notice] = l(:notice_successful_update) unless @issue.current_journal.new_record?
respond_to do |format|
format.html { redirect_back_or_default issue_path(@issue, previous_and_next_issue_ids_params) }
format.api { render_api_ok }
end
else
respond_to do |format|
format.html { render :action => 'edit' }
format.api { render_validation_errors(@issue) }
end
end
end
# Bulk edit/copy a set of issues
def bulk_edit
@issues.sort!
@copy = params[:copy].present?
@notes = params[:notes]
if @copy
unless User.current.allowed_to?(:copy_issues, @projects)
raise ::Unauthorized
end
else
unless @issues.all?(&:attributes_editable?)
raise ::Unauthorized
end
end
edited_issues = Issue.where(:id => @issues.map(&:id)).to_a
@values_by_custom_field = {}
edited_issues.each do |issue|
issue.custom_field_values.each do |c|
if c.value_present?
@values_by_custom_field[c.custom_field] ||= []
@values_by_custom_field[c.custom_field] << issue.id
end
end
end
@allowed_projects = Issue.allowed_target_projects
if params[:issue]
@target_project = @allowed_projects.detect {|p| p.id.to_s == params[:issue][:project_id].to_s}
if @target_project
target_projects = [@target_project]
edited_issues.each {|issue| issue.project = @target_project}
end
end
target_projects ||= @projects
@trackers = target_projects.map {|p| Issue.allowed_target_trackers(p) }.reduce(:&)
if params[:issue]
@target_tracker = @trackers.detect {|t| t.id.to_s == params[:issue][:tracker_id].to_s}
if @target_tracker
edited_issues.each {|issue| issue.tracker = @target_tracker}
end
end
if @copy
# Copied issues will get their default statuses
@available_statuses = []
else
@available_statuses = edited_issues.map(&:new_statuses_allowed_to).reduce(:&)
end
if params[:issue]
@target_status = @available_statuses.detect {|t| t.id.to_s == params[:issue][:status_id].to_s}
if @target_status
edited_issues.each {|issue| issue.status = @target_status}
end
end
edited_issues.each do |issue|
issue.custom_field_values.each do |c|
if c.value_present? && @values_by_custom_field[c.custom_field]
@values_by_custom_field[c.custom_field].delete(issue.id)
end
end
end
@values_by_custom_field.delete_if {|k,v| v.blank?}
@custom_fields = edited_issues.map{|i|i.editable_custom_fields}.reduce(:&).select {|field| field.format.bulk_edit_supported}
@assignables = target_projects.map(&:assignable_users).reduce(:&)
@versions = target_projects.map {|p| p.shared_versions.open}.reduce(:&)
@categories = target_projects.map {|p| p.issue_categories}.reduce(:&)
if @copy
@attachments_present = @issues.detect {|i| i.attachments.any?}.present?
@subtasks_present = @issues.detect {|i| !i.leaf?}.present?
@watchers_present = User.current.allowed_to?(:add_issue_watchers, @projects) && Watcher.where(:watchable_type => 'Issue', :watchable_id => @issues.map(&:id)).exists?
end
@safe_attributes = edited_issues.map(&:safe_attribute_names).reduce(:&)
@issue_params = params[:issue] || {}
@issue_params[:custom_field_values] ||= {}
end
def bulk_update
@issues.sort!
@copy = params[:copy].present?
attributes = parse_params_for_bulk_update(params[:issue])
copy_subtasks = (params[:copy_subtasks] == '1')
copy_attachments = (params[:copy_attachments] == '1')
copy_watchers = (params[:copy_watchers] == '1')
if @copy
unless User.current.allowed_to?(:copy_issues, @projects)
raise ::Unauthorized
end
target_projects = @projects
if attributes['project_id'].present?
target_projects = Project.where(:id => attributes['project_id']).to_a
end
unless User.current.allowed_to?(:add_issues, target_projects)
raise ::Unauthorized
end
unless User.current.allowed_to?(:add_issue_watchers, @projects)
copy_watchers = false
end
else
unless @issues.all?(&:attributes_editable?)
raise ::Unauthorized
end
end
unsaved_issues = []
saved_issues = []
if @copy && copy_subtasks
# Descendant issues will be copied with the parent task
# Don't copy them twice
@issues.reject! {|issue| @issues.detect {|other| issue.is_descendant_of?(other)}}
end
@issues.each do |orig_issue|
orig_issue.reload
if @copy
issue = orig_issue.copy({},
:attachments => copy_attachments,
:subtasks => copy_subtasks,
:watchers => copy_watchers,
:link => link_copy?(params[:link_copy])
)
else
issue = orig_issue
end
journal = issue.init_journal(User.current, params[:notes])
issue.safe_attributes = attributes
call_hook(:controller_issues_bulk_edit_before_save, { :params => params, :issue => issue })
if issue.save
saved_issues << issue
else
unsaved_issues << orig_issue
end
end
if unsaved_issues.empty?
flash[:notice] = l(:notice_successful_update) unless saved_issues.empty?
if params[:follow]
if @issues.size == 1 && saved_issues.size == 1
redirect_to issue_path(saved_issues.first)
elsif saved_issues.map(&:project).uniq.size == 1
redirect_to project_issues_path(saved_issues.map(&:project).first)
end
else
redirect_back_or_default _project_issues_path(@project)
end
else
@saved_issues = @issues
@unsaved_issues = unsaved_issues
@issues = Issue.visible.where(:id => @unsaved_issues.map(&:id)).to_a
bulk_edit
render :action => 'bulk_edit'
end
end
def destroy
raise Unauthorized unless @issues.all?(&:deletable?)
# all issues and their descendants are about to be deleted
issues_and_descendants_ids = Issue.self_and_descendants(@issues).pluck(:id)
time_entries = TimeEntry.where(:issue_id => issues_and_descendants_ids)
@hours = time_entries.sum(:hours).to_f
if @hours > 0
case params[:todo]
when 'destroy'
# nothing to do
when 'nullify'
time_entries.update_all(:issue_id => nil)
when 'reassign'
reassign_to = @project && @project.issues.find_by_id(params[:reassign_to_id])
if reassign_to.nil?
flash.now[:error] = l(:error_issue_not_found_in_project)
return
elsif issues_and_descendants_ids.include?(reassign_to.id)
flash.now[:error] = l(:error_cannot_reassign_time_entries_to_an_issue_about_to_be_deleted)
return
else
time_entries.update_all(:issue_id => reassign_to.id, :project_id => reassign_to.project_id)
end
else
# display the destroy form if it's a user request
return unless api_request?
end
end
@issues.each do |issue|
begin
issue.reload.destroy
rescue ::ActiveRecord::RecordNotFound # raised by #reload if issue no longer exists
# nothing to do, issue was already deleted (eg. by a parent)
end
end
respond_to do |format|
format.html { redirect_back_or_default _project_issues_path(@project) }
format.api { render_api_ok }
end
end
# Overrides Redmine::MenuManager::MenuController::ClassMethods for
# when the "New issue" tab is enabled
def current_menu_item
if Setting.new_item_menu_tab == '1' && [:new, :create].include?(action_name.to_sym)
:new_issue
else
super
end
end
private
def retrieve_previous_and_next_issue_ids
if params[:prev_issue_id].present? || params[:next_issue_id].present?
@prev_issue_id = params[:prev_issue_id].presence.try(:to_i)
@next_issue_id = params[:next_issue_id].presence.try(:to_i)
@issue_position = params[:issue_position].presence.try(:to_i)
@issue_count = params[:issue_count].presence.try(:to_i)
else
retrieve_query_from_session
if @query
@per_page = per_page_option
limit = 500
issue_ids = @query.issue_ids(:limit => (limit + 1))
if (idx = issue_ids.index(@issue.id)) && idx < limit
if issue_ids.size < 500
@issue_position = idx + 1
@issue_count = issue_ids.size
end
@prev_issue_id = issue_ids[idx - 1] if idx > 0
@next_issue_id = issue_ids[idx + 1] if idx < (issue_ids.size - 1)
end
query_params = @query.as_params
if @issue_position
query_params = query_params.merge(:page => (@issue_position / per_page_option) + 1, :per_page => per_page_option)
end
@query_path = _project_issues_path(@query.project, query_params)
end
end
end
def previous_and_next_issue_ids_params
{
:prev_issue_id => params[:prev_issue_id],
:next_issue_id => params[:next_issue_id],
:issue_position => params[:issue_position],
:issue_count => params[:issue_count]
}.reject {|k,v| k.blank?}
end
# Used by #edit and #update to set some common instance variables
# from the params
def update_issue_from_params
@time_entry = TimeEntry.new(:issue => @issue, :project => @issue.project)
if params[:time_entry]
@time_entry.safe_attributes = params[:time_entry]
end
@issue.init_journal(User.current)
issue_attributes = params[:issue]
if issue_attributes && params[:conflict_resolution]
case params[:conflict_resolution]
when 'overwrite'
issue_attributes = issue_attributes.dup
issue_attributes.delete(:lock_version)
when 'add_notes'
issue_attributes = issue_attributes.slice(:notes, :private_notes)
when 'cancel'
redirect_to issue_path(@issue)
return false
end
end
@issue.safe_attributes = issue_attributes
@priorities = IssuePriority.active
@allowed_statuses = @issue.new_statuses_allowed_to(User.current)
true
end
# Used by #new and #create to build a new issue from the params
# The new issue will be copied from an existing one if copy_from parameter is given
def build_new_issue_from_params
@issue = Issue.new
if params[:copy_from]
begin
@issue.init_journal(User.current)
@copy_from = Issue.visible.find(params[:copy_from])
unless User.current.allowed_to?(:copy_issues, @copy_from.project)
raise ::Unauthorized
end
@link_copy = link_copy?(params[:link_copy]) || request.get?
@copy_attachments = params[:copy_attachments].present? || request.get?
@copy_subtasks = params[:copy_subtasks].present? || request.get?
@copy_watchers = User.current.allowed_to?(:add_issue_watchers, @project)
@issue.copy_from(@copy_from, :attachments => @copy_attachments, :subtasks => @copy_subtasks, :watchers => @copy_watchers, :link => @link_copy)
@issue.parent_issue_id = @copy_from.parent_id
rescue ActiveRecord::RecordNotFound
render_404
return
end
end
@issue.project = @project
if request.get?
@issue.project ||= @issue.allowed_target_projects.first
end
@issue.author ||= User.current
@issue.start_date ||= User.current.today if Setting.default_issue_start_date_to_creation_date?
attrs = (params[:issue] || {}).deep_dup
if action_name == 'new' && params[:was_default_status] == attrs[:status_id]
attrs.delete(:status_id)
end
if action_name == 'new' && params[:form_update_triggered_by] == 'issue_project_id'
# Discard submitted version when changing the project on the issue form
# so we can use the default version for the new project
attrs.delete(:fixed_version_id)
end
@issue.safe_attributes = attrs
if @issue.project
@issue.tracker ||= @issue.allowed_target_trackers.first
if @issue.tracker.nil?
if @issue.project.trackers.any?
# None of the project trackers is allowed to the user
render_error :message => l(:error_no_tracker_allowed_for_new_issue_in_project), :status => 403
else
# Project has no trackers
render_error l(:error_no_tracker_in_project)
end
return false
end
if @issue.status.nil?
render_error l(:error_no_default_issue_status)
return false
end
elsif request.get?
render_error :message => l(:error_no_projects_with_tracker_allowed_for_new_issue), :status => 403
return false
end
@priorities = IssuePriority.active
@allowed_statuses = @issue.new_statuses_allowed_to(User.current)
end
# Saves @issue and a time_entry from the parameters
def save_issue_with_child_records
Issue.transaction do
if params[:time_entry] && (params[:time_entry][:hours].present? || params[:time_entry][:comments].present?) && User.current.allowed_to?(:log_time, @issue.project)
time_entry = @time_entry || TimeEntry.new
time_entry.project = @issue.project
time_entry.issue = @issue
time_entry.user = User.current
time_entry.spent_on = User.current.today
time_entry.safe_attributes = params[:time_entry]
@issue.time_entries << time_entry
end
call_hook(:controller_issues_edit_before_save, { :params => params, :issue => @issue, :time_entry => time_entry, :journal => @issue.current_journal})
if @issue.save
call_hook(:controller_issues_edit_after_save, { :params => params, :issue => @issue, :time_entry => time_entry, :journal => @issue.current_journal})
else
raise ActiveRecord::Rollback
end
end
end
# Returns true if the issue copy should be linked
# to the original issue
def link_copy?(param)
case Setting.link_copied_issue
when 'yes'
true
when 'no'
false
when 'ask'
param == '1'
end
end
# Redirects user after a successful issue creation
def redirect_after_create
if params[:continue]
url_params = {}
url_params[:issue] = {:tracker_id => @issue.tracker, :parent_issue_id => @issue.parent_issue_id}.reject {|k,v| v.nil?}
url_params[:back_url] = params[:back_url].presence
if params[:project_id]
redirect_to new_project_issue_path(@issue.project, url_params)
else
url_params[:issue].merge! :project_id => @issue.project_id
redirect_to new_issue_path(url_params)
end
else
redirect_back_or_default issue_path(@issue)
end
end
end

107
app/controllers/journals_controller.rb Normal file
View file

@ -0,0 +1,107 @@
# Redmine - project management software
# Copyright (C) 2006-2017 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class JournalsController < ApplicationController
before_action :find_journal, :only => [:edit, :update, :diff]
before_action :find_issue, :only => [:new]
before_action :find_optional_project, :only => [:index]
before_action :authorize, :only => [:new, :edit, :update, :diff]
accept_rss_auth :index
menu_item :issues
helper :issues
helper :custom_fields
helper :queries
include QueriesHelper
def index
retrieve_query
if @query.valid?
@journals = @query.journals(:order => "#{Journal.table_name}.created_on DESC",
:limit => 25)
end
@title = (@project ? @project.name : Setting.app_title) + ": " + (@query.new_record? ? l(:label_changes_details) : @query.name)
render :layout => false, :content_type => 'application/atom+xml'
rescue ActiveRecord::RecordNotFound
render_404
end
def diff
@issue = @journal.issue
if params[:detail_id].present?
@detail = @journal.details.find_by_id(params[:detail_id])
else
@detail = @journal.details.detect {|d| d.property == 'attr' && d.prop_key == 'description'}
end
unless @issue && @detail
render_404
return false
end
if @detail.property == 'cf'
unless @detail.custom_field && @detail.custom_field.visible_by?(@issue.project, User.current)
raise ::Unauthorized
end
end
@diff = Redmine::Helpers::Diff.new(@detail.value, @detail.old_value)
end
def new
@journal = Journal.visible.find(params[:journal_id]) if params[:journal_id]
if @journal
user = @journal.user
text = @journal.notes
else
user = @issue.author
text = @issue.description
end
# Replaces pre blocks with [...]
text = text.to_s.strip.gsub(%r{<pre>(.*?)</pre>}m, '[...]')
@content = "#{ll(Setting.default_language, :text_user_wrote, user)}\n> "
@content << text.gsub(/(\r?\n|\r\n?)/, "\n> ") + "\n\n"
rescue ActiveRecord::RecordNotFound
render_404
end
def edit
(render_403; return false) unless @journal.editable_by?(User.current)
respond_to do |format|
# TODO: implement non-JS journal update
format.js
end
end
def update
(render_403; return false) unless @journal.editable_by?(User.current)
@journal.safe_attributes = params[:journal]
@journal.save
@journal.destroy if @journal.details.empty? && @journal.notes.blank?
call_hook(:controller_journals_edit_post, { :journal => @journal, :params => params})
respond_to do |format|
format.html { redirect_to issue_path(@journal.journalized) }
format.js
end
end
private
def find_journal
@journal = Journal.visible.find(params[:id])
@project = @journal.journalized.project
rescue ActiveRecord::RecordNotFound
render_404
end
end

44
app/controllers/mail_handler_controller.rb Normal file
View file

@ -0,0 +1,44 @@
# Redmine - project management software
# Copyright (C) 2006-2017 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class MailHandlerController < ActionController::Base
before_action :check_credential
# Displays the email submission form
def new
end
# Submits an incoming email to MailHandler
def index
options = params.dup
email = options.delete(:email)
if MailHandler.receive(email, options)
head :created
else
head :unprocessable_entity
end
end
private
def check_credential
User.current = nil
unless Setting.mail_handler_api_enabled? && params[:key].to_s == Setting.mail_handler_api_key
render :plain => 'Access denied. Incoming emails WS is disabled or key is invalid.', :status => 403
end
end
end

133
app/controllers/members_controller.rb Normal file
View file

@ -0,0 +1,133 @@
# Redmine - project management software
# Copyright (C) 2006-2017 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class MembersController < ApplicationController
model_object Member
before_action :find_model_object, :except => [:index, :new, :create, :autocomplete]
before_action :find_project_from_association, :except => [:index, :new, :create, :autocomplete]
before_action :find_project_by_project_id, :only => [:index, :new, :create, :autocomplete]
before_action :authorize
accept_api_auth :index, :show, :create, :update, :destroy
require_sudo_mode :create, :update, :destroy
def index
scope = @project.memberships
@offset, @limit = api_offset_and_limit
@member_count = scope.count
@member_pages = Paginator.new @member_count, @limit, params['page']
@offset ||= @member_pages.offset
@members = scope.order(:id).limit(@limit).offset(@offset).to_a
respond_to do |format|
format.html { head 406 }
format.api
end
end
def show
respond_to do |format|
format.html { head 406 }
format.api
end
end
def new
@member = Member.new
end
def create
members = []
if params[:membership]
user_ids = Array.wrap(params[:membership][:user_id] || params[:membership][:user_ids])
user_ids << nil if user_ids.empty?
user_ids.each do |user_id|
member = Member.new(:project => @project, :user_id => user_id)
member.set_editable_role_ids(params[:membership][:role_ids])
members << member
end
@project.members << members
end
respond_to do |format|
format.html { redirect_to_settings_in_projects }
format.js {
@members = members
@member = Member.new
}
format.api {
@member = members.first
if @member.valid?
render :action => 'show', :status => :created, :location => membership_url(@member)
else
render_validation_errors(@member)
end
}
end
end
def edit
@roles = Role.givable.to_a
end
def update
if params[:membership]
@member.set_editable_role_ids(params[:membership][:role_ids])
end
saved = @member.save
respond_to do |format|
format.html { redirect_to_settings_in_projects }
format.js
format.api {
if saved
render_api_ok
else
render_validation_errors(@member)
end
}
end
end
def destroy
if @member.deletable?
@member.destroy
end
respond_to do |format|
format.html { redirect_to_settings_in_projects }
format.js
format.api {
if @member.destroyed?
render_api_ok
else
head :unprocessable_entity
end
}
end
end
def autocomplete
respond_to do |format|
format.js
end
end
private
def redirect_to_settings_in_projects
redirect_to settings_project_path(@project, :tab => 'members')
end
end

142
app/controllers/messages_controller.rb Normal file
View file

@ -0,0 +1,142 @@
# Redmine - project management software
# Copyright (C) 2006-2017 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class MessagesController < ApplicationController
menu_item :boards
default_search_scope :messages
before_action :find_board, :only => [:new, :preview]
before_action :find_attachments, :only => [:preview]
before_action :find_message, :except => [:new, :preview]
before_action :authorize, :except => [:preview, :edit, :destroy]
helper :boards
helper :watchers
helper :attachments
include AttachmentsHelper
REPLIES_PER_PAGE = 25 unless const_defined?(:REPLIES_PER_PAGE)
# Show a topic and its replies
def show
page = params[:page]
# Find the page of the requested reply
if params[:r] && page.nil?
offset = @topic.children.where("#{Message.table_name}.id < ?", params[:r].to_i).count
page = 1 + offset / REPLIES_PER_PAGE
end
@reply_count = @topic.children.count
@reply_pages = Paginator.new @reply_count, REPLIES_PER_PAGE, page
@replies = @topic.children.
includes(:author, :attachments, {:board => :project}).
reorder("#{Message.table_name}.created_on ASC, #{Message.table_name}.id ASC").
limit(@reply_pages.per_page).
offset(@reply_pages.offset).
to_a
@reply = Message.new(:subject => "RE: #{@message.subject}")
render :action => "show", :layout => false if request.xhr?
end
# Create a new topic
def new
@message = Message.new
@message.author = User.current
@message.board = @board
@message.safe_attributes = params[:message]
if request.post?
@message.save_attachments(params[:attachments])
if @message.save
call_hook(:controller_messages_new_after_save, { :params => params, :message => @message})
render_attachment_warning_if_needed(@message)
redirect_to board_message_path(@board, @message)
end
end
end
# Reply to a topic
def reply
@reply = Message.new
@reply.author = User.current
@reply.board = @board
@reply.safe_attributes = params[:reply]
@topic.children << @reply
if !@reply.new_record?
call_hook(:controller_messages_reply_after_save, { :params => params, :message => @reply})
attachments = Attachment.attach_files(@reply, params[:attachments])
render_attachment_warning_if_needed(@reply)
end
redirect_to board_message_path(@board, @topic, :r => @reply)
end
# Edit a message
def edit
(render_403; return false) unless @message.editable_by?(User.current)
@message.safe_attributes = params[:message]
if request.post? && @message.save
attachments = Attachment.attach_files(@message, params[:attachments])
render_attachment_warning_if_needed(@message)
flash[:notice] = l(:notice_successful_update)
@message.reload
redirect_to board_message_path(@message.board, @message.root, :r => (@message.parent_id && @message.id))
end
end
# Delete a messages
def destroy
(render_403; return false) unless @message.destroyable_by?(User.current)
r = @message.to_param
@message.destroy
if @message.parent
redirect_to board_message_path(@board, @message.parent, :r => r)
else
redirect_to project_board_path(@project, @board)
end
end
def quote
@subject = @message.subject
@subject = "RE: #{@subject}" unless @subject.starts_with?('RE:')
@content = "#{ll(Setting.default_language, :text_user_wrote, @message.author)}\n> "
@content << @message.content.to_s.strip.gsub(%r{<pre>(.*?)</pre>}m, '[...]').gsub(/(\r?\n|\r\n?)/, "\n> ") + "\n\n"
end
def preview
message = @board.messages.find_by_id(params[:id])
@text = (params[:message] || params[:reply])[:content]
@previewed = message
render :partial => 'common/preview'
end
private
def find_message
return unless find_board
@message = @board.messages.includes(:parent).find(params[:id])
@topic = @message.root
rescue ActiveRecord::RecordNotFound
render_404
end
def find_board
@board = Board.includes(:project).find(params[:board_id])
@project = @board.project
rescue ActiveRecord::RecordNotFound
render_404
nil
end
end

186
app/controllers/my_controller.rb Normal file
View file

@ -0,0 +1,186 @@
# Redmine - project management software
# Copyright (C) 2006-2017 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class MyController < ApplicationController
self.main_menu = false
before_action :require_login
# let user change user's password when user has to
skip_before_action :check_password_change, :only => :password
require_sudo_mode :account, only: :post
require_sudo_mode :reset_rss_key, :reset_api_key, :show_api_key, :destroy
helper :issues
helper :users
helper :custom_fields
helper :queries
def index
page
render :action => 'page'
end
# Show user's page
def page
@user = User.current
@groups = @user.pref.my_page_groups
@blocks = @user.pref.my_page_layout
end
# Edit user's account
def account
@user = User.current
@pref = @user.pref
if request.post?
@user.safe_attributes = params[:user]
@user.pref.safe_attributes = params[:pref]
if @user.save
@user.pref.save
set_language_if_valid @user.language
flash[:notice] = l(:notice_account_updated)
redirect_to my_account_path
return
end
end
end
# Destroys user's account
def destroy
@user = User.current
unless @user.own_account_deletable?
redirect_to my_account_path
return
end
if request.post? && params[:confirm]
@user.destroy
if @user.destroyed?
logout_user
flash[:notice] = l(:notice_account_deleted)
end
redirect_to home_path
end
end
# Manage user's password
def password
@user = User.current
unless @user.change_password_allowed?
flash[:error] = l(:notice_can_t_change_password)
redirect_to my_account_path
return
end
if request.post?
if !@user.check_password?(params[:password])
flash.now[:error] = l(:notice_account_wrong_password)
elsif params[:password] == params[:new_password]
flash.now[:error] = l(:notice_new_password_must_be_different)
else
@user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation]
@user.must_change_passwd = false
if @user.save
# The session token was destroyed by the password change, generate a new one
session[:tk] = @user.generate_session_token
Mailer.password_updated(@user)
flash[:notice] = l(:notice_account_password_updated)
redirect_to my_account_path
end
end
end
end
# Create a new feeds key
def reset_rss_key
if request.post?
if User.current.rss_token
User.current.rss_token.destroy
User.current.reload
end
User.current.rss_key
flash[:notice] = l(:notice_feeds_access_key_reseted)
end
redirect_to my_account_path
end
def show_api_key
@user = User.current
end
# Create a new API key
def reset_api_key
if request.post?
if User.current.api_token
User.current.api_token.destroy
User.current.reload
end
User.current.api_key
flash[:notice] = l(:notice_api_access_key_reseted)
end
redirect_to my_account_path
end
def update_page
@user = User.current
block_settings = params[:settings] || {}
block_settings.each do |block, settings|
@user.pref.update_block_settings(block, settings)
end
@user.pref.save
@updated_blocks = block_settings.keys
end
# Add a block to user's page
# The block is added on top of the page
# params[:block] : id of the block to add
def add_block
@user = User.current
@block = params[:block]
if @user.pref.add_block @block
@user.pref.save
respond_to do |format|
format.html { redirect_to my_page_path }
format.js
end
else
render_error :status => 422
end
end
# Remove a block to user's page
# params[:block] : id of the block to remove
def remove_block
@user = User.current
@block = params[:block]
@user.pref.remove_block @block
@user.pref.save
respond_to do |format|
format.html { redirect_to my_page_path }
format.js
end
end
# Change blocks order on user's page
# params[:group] : group to order (top, left or right)
# params[:blocks] : array of block ids of the group
def order_blocks
@user = User.current
@user.pref.order_blocks params[:group], params[:blocks]
@user.pref.save
head 200
end
end

101
app/controllers/news_controller.rb Normal file
View file

@ -0,0 +1,101 @@
# Redmine - project management software
# Copyright (C) 2006-2017 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class NewsController < ApplicationController
default_search_scope :news
model_object News
before_action :find_model_object, :except => [:new, :create, :index]
before_action :find_project_from_association, :except => [:new, :create, :index]
before_action :find_project_by_project_id, :only => [:new, :create]
before_action :authorize, :except => [:index]
before_action :find_optional_project, :only => :index
accept_rss_auth :index
accept_api_auth :index
helper :watchers
helper :attachments
def index
case params[:format]
when 'xml', 'json'
@offset, @limit = api_offset_and_limit
else
@limit = 10
end
scope = @project ? @project.news.visible : News.visible
@news_count = scope.count
@news_pages = Paginator.new @news_count, @limit, params['page']
@offset ||= @news_pages.offset
@newss = scope.includes([:author, :project]).
order("#{News.table_name}.created_on DESC").
limit(@limit).
offset(@offset).
to_a
respond_to do |format|
format.html {
@news = News.new # for adding news inline
render :layout => false if request.xhr?
}
format.api
format.atom { render_feed(@newss, :title => (@project ? @project.name : Setting.app_title) + ": #{l(:label_news_plural)}") }
end
end
def show
@comments = @news.comments.to_a
@comments.reverse! if User.current.wants_comments_in_reverse_order?
end
def new
@news = News.new(:project => @project, :author => User.current)
end
def create
@news = News.new(:project => @project, :author => User.current)
@news.safe_attributes = params[:news]
@news.save_attachments(params[:attachments])
if @news.save
render_attachment_warning_if_needed(@news)
flash[:notice] = l(:notice_successful_create)
redirect_to project_news_index_path(@project)
else
render :action => 'new'
end
end
def edit
end
def update
@news.safe_attributes = params[:news]
@news.save_attachments(params[:attachments])
if @news.save
render_attachment_warning_if_needed(@news)
flash[:notice] = l(:notice_successful_update)
redirect_to news_path(@news)
else
render :action => 'edit'
end
end
def destroy
@news.destroy
redirect_to project_news_index_path(@project)
end
end

53
app/controllers/previews_controller.rb Normal file
View file

@ -0,0 +1,53 @@
# Redmine - project management software
# Copyright (C) 2006-2017 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class PreviewsController < ApplicationController
before_action :find_project, :find_attachments
def issue
@issue = Issue.visible.find_by_id(params[:id]) unless params[:id].blank?
if @issue
@description = params[:issue] && params[:issue][:description]
if @description && @description.gsub(/(\r?\n|\n\r?)/, "\n") == @issue.description.to_s.gsub(/(\r?\n|\n\r?)/, "\n")
@description = nil
end
@notes = params[:journal] ? params[:journal][:notes] : nil
@notes ||= params[:issue] ? params[:issue][:notes] : nil
else
@description = (params[:issue] ? params[:issue][:description] : nil)
end
render :layout => false
end
def news
if params[:id].present? && news = News.visible.find_by_id(params[:id])
@previewed = news
end
@text = (params[:news] ? params[:news][:description] : nil)
render :partial => 'common/preview'
end
private
def find_project
project_id = (params[:issue] && params[:issue][:project_id]) || params[:project_id]
@project = Project.find(project_id)
rescue ActiveRecord::RecordNotFound
render_404
end
end

85
app/controllers/principal_memberships_controller.rb Normal file
View file

@ -0,0 +1,85 @@
# Redmine - project management software
# Copyright (C) 2006-2017 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class PrincipalMembershipsController < ApplicationController
layout 'admin'
self.main_menu = false
before_action :require_admin
before_action :find_principal, :only => [:new, :create]
before_action :find_membership, :only => [:edit, :update, :destroy]
def new
@projects = Project.active.all
@roles = Role.find_all_givable
respond_to do |format|
format.html
format.js
end
end
def create
@members = Member.create_principal_memberships(@principal, params[:membership])
respond_to do |format|
format.html { redirect_to_principal @principal }
format.js
end
end
def edit
@roles = Role.givable.to_a
end
def update
@membership.attributes = params.require(:membership).permit(:role_ids => [])
@membership.save
respond_to do |format|
format.html { redirect_to_principal @principal }
format.js
end
end
def destroy
if @membership.deletable?
@membership.destroy
end
respond_to do |format|
format.html { redirect_to_principal @principal }
format.js
end
end
private
def find_principal
principal_id = params[:user_id] || params[:group_id]
@principal = Principal.find(principal_id)
rescue ActiveRecord::RecordNotFound
render_404
end
def find_membership
@membership = Member.find(params[:id])
@principal = @membership.principal
rescue ActiveRecord::RecordNotFound
render_404
end
def redirect_to_principal(principal)
redirect_to edit_polymorphic_path(principal, :tab => 'memberships')
end
end

44
app/controllers/project_enumerations_controller.rb Normal file
View file

@ -0,0 +1,44 @@
# Redmine - project management software
# Copyright (C) 2006-2017 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class ProjectEnumerationsController < ApplicationController
before_action :find_project_by_project_id
before_action :authorize
def update
if params[:enumerations]
saved = Project.transaction do
params[:enumerations].each do |id, activity|
@project.update_or_create_time_entry_activity(id, activity)
end
end
if saved
flash[:notice] = l(:notice_successful_update)
end
end
redirect_to settings_project_path(@project, :tab => 'activities')
end
def destroy
@project.time_entry_activities.each do |time_entry_activity|
time_entry_activity.destroy(time_entry_activity.parent)
end
flash[:notice] = l(:notice_successful_update)
redirect_to settings_project_path(@project, :tab => 'activities')
end
end

250
app/controllers/projects_controller.rb Normal file
View file

@ -0,0 +1,250 @@
# Redmine - project management software
# Copyright (C) 2006-2017 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class ProjectsController < ApplicationController
menu_item :overview
menu_item :settings, :only => :settings
menu_item :projects, :only => [:index, :new, :copy, :create]
before_action :find_project, :except => [ :index, :autocomplete, :list, :new, :create, :copy ]
before_action :authorize, :except => [ :index, :autocomplete, :list, :new, :create, :copy, :archive, :unarchive, :destroy]
before_action :authorize_global, :only => [:new, :create]
before_action :require_admin, :only => [ :copy, :archive, :unarchive, :destroy ]
accept_rss_auth :index
accept_api_auth :index, :show, :create, :update, :destroy
require_sudo_mode :destroy
helper :custom_fields
helper :issues
helper :queries
helper :repositories
helper :members
# Lists visible projects
def index
# try to redirect to the requested menu item
if params[:jump] && redirect_to_menu_item(params[:jump])
return
end
scope = Project.visible.sorted
respond_to do |format|
format.html {
unless params[:closed]
scope = scope.active
end
@projects = scope.to_a
}
format.api {
@offset, @limit = api_offset_and_limit
@project_count = scope.count
@projects = scope.offset(@offset).limit(@limit).to_a
}
format.atom {
projects = scope.reorder(:created_on => :desc).limit(Setting.feeds_limit.to_i).to_a
render_feed(projects, :title => "#{Setting.app_title}: #{l(:label_project_latest)}")
}
end
end
def autocomplete
respond_to do |format|
format.js {
if params[:q].present?
@projects = Project.visible.like(params[:q]).to_a
else
@projects = User.current.projects.to_a
end
}
end
end
def new
@issue_custom_fields = IssueCustomField.sorted.to_a
@trackers = Tracker.sorted.to_a
@project = Project.new
@project.safe_attributes = params[:project]
end
def create
@issue_custom_fields = IssueCustomField.sorted.to_a
@trackers = Tracker.sorted.to_a
@project = Project.new
@project.safe_attributes = params[:project]
if @project.save
unless User.current.admin?
@project.add_default_member(User.current)
end
respond_to do |format|
format.html {
flash[:notice] = l(:notice_successful_create)
if params[:continue]
attrs = {:parent_id => @project.parent_id}.reject {|k,v| v.nil?}
redirect_to new_project_path(attrs)
else
redirect_to settings_project_path(@project)
end
}
format.api { render :action => 'show', :status => :created, :location => url_for(:controller => 'projects', :action => 'show', :id => @project.id) }
end
else
respond_to do |format|
format.html { render :action => 'new' }
format.api { render_validation_errors(@project) }
end
end
end
def copy
@issue_custom_fields = IssueCustomField.sorted.to_a
@trackers = Tracker.sorted.to_a
@source_project = Project.find(params[:id])
if request.get?
@project = Project.copy_from(@source_project)
@project.identifier = Project.next_identifier if Setting.sequential_project_identifiers?
else
Mailer.with_deliveries(params[:notifications] == '1') do
@project = Project.new
@project.safe_attributes = params[:project]
if @project.copy(@source_project, :only => params[:only])
flash[:notice] = l(:notice_successful_create)
redirect_to settings_project_path(@project)
elsif !@project.new_record?
# Project was created
# But some objects were not copied due to validation failures
# (eg. issues from disabled trackers)
# TODO: inform about that
redirect_to settings_project_path(@project)
end
end
end
rescue ActiveRecord::RecordNotFound
# source_project not found
render_404
end
# Show @project
def show
# try to redirect to the requested menu item
if params[:jump] && redirect_to_project_menu_item(@project, params[:jump])
return
end
@users_by_role = @project.users_by_role
@subprojects = @project.children.visible.to_a
@news = @project.news.limit(5).includes(:author, :project).reorder("#{News.table_name}.created_on DESC").to_a
@trackers = @project.rolled_up_trackers.visible
cond = @project.project_condition(Setting.display_subprojects_issues?)
@open_issues_by_tracker = Issue.visible.open.where(cond).group(:tracker).count
@total_issues_by_tracker = Issue.visible.where(cond).group(:tracker).count
if User.current.allowed_to_view_all_time_entries?(@project)
@total_hours = TimeEntry.visible.where(cond).sum(:hours).to_f
end
@key = User.current.rss_key
respond_to do |format|
format.html
format.api
end
end
def settings
@issue_custom_fields = IssueCustomField.sorted.to_a
@issue_category ||= IssueCategory.new
@member ||= @project.members.new
@trackers = Tracker.sorted.to_a
@version_status = params[:version_status] || 'open'
@version_name = params[:version_name]
@versions = @project.shared_versions.status(@version_status).like(@version_name)
@wiki ||= @project.wiki || Wiki.new(:project => @project)
end
def edit
end
def update
@project.safe_attributes = params[:project]
if @project.save
respond_to do |format|
format.html {
flash[:notice] = l(:notice_successful_update)
redirect_to settings_project_path(@project)
}
format.api { render_api_ok }
end
else
respond_to do |format|
format.html {
settings
render :action => 'settings'
}
format.api { render_validation_errors(@project) }
end
end
end
def modules
@project.enabled_module_names = params[:enabled_module_names]
flash[:notice] = l(:notice_successful_update)
redirect_to settings_project_path(@project, :tab => 'modules')
end
def archive
unless @project.archive
flash[:error] = l(:error_can_not_archive_project)
end
redirect_to_referer_or admin_projects_path(:status => params[:status])
end
def unarchive
unless @project.active?
@project.unarchive
end
redirect_to_referer_or admin_projects_path(:status => params[:status])
end
def close
@project.close
redirect_to project_path(@project)
end
def reopen
@project.reopen
redirect_to project_path(@project)
end
# Delete @project
def destroy
@project_to_destroy = @project
if api_request? || params[:confirm]
@project_to_destroy.destroy
respond_to do |format|
format.html { redirect_to admin_projects_path }
format.api { render_api_ok }
end
end
# hide project in layout
@project = nil
end
end

165
app/controllers/queries_controller.rb Normal file
View file

@ -0,0 +1,165 @@
# Redmine - project management software
# Copyright (C) 2006-2017 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class QueriesController < ApplicationController
menu_item :issues
before_action :find_query, :only => [:edit, :update, :destroy]
before_action :find_optional_project, :only => [:new, :create]
accept_api_auth :index
include QueriesHelper
def index
case params[:format]
when 'xml', 'json'
@offset, @limit = api_offset_and_limit
else
@limit = per_page_option
end
scope = query_class.visible
@query_count = scope.count
@query_pages = Paginator.new @query_count, @limit, params['page']
@queries = scope.
order("#{Query.table_name}.name").
limit(@limit).
offset(@offset).
to_a
respond_to do |format|
format.html {render_error :status => 406}
format.api
end
end
def new
@query = query_class.new
@query.user = User.current
@query.project = @project
@query.build_from_params(params)
end
def create
@query = query_class.new
@query.user = User.current
@query.project = @project
update_query_from_params
if @query.save
flash[:notice] = l(:notice_successful_create)
redirect_to_items(:query_id => @query)
else
render :action => 'new', :layout => !request.xhr?
end
end
def edit
end
def update
update_query_from_params
if @query.save
flash[:notice] = l(:notice_successful_update)
redirect_to_items(:query_id => @query)
else
render :action => 'edit'
end
end
def destroy
@query.destroy
redirect_to_items(:set_filter => 1)
end
# Returns the values for a query filter
def filter
q = query_class.new
if params[:project_id].present?
q.project = Project.find(params[:project_id])
end
unless User.current.allowed_to?(q.class.view_permission, q.project, :global => true)
raise Unauthorized
end
filter = q.available_filters[params[:name].to_s]
values = filter ? filter.values : []
render :json => values
rescue ActiveRecord::RecordNotFound
render_404
end
private
def find_query
@query = Query.find(params[:id])
@project = @query.project
render_403 unless @query.editable_by?(User.current)
rescue ActiveRecord::RecordNotFound
render_404
end
def find_optional_project
@project = Project.find(params[:project_id]) if params[:project_id]
render_403 unless User.current.allowed_to?(:save_queries, @project, :global => true)
rescue ActiveRecord::RecordNotFound
render_404
end
def update_query_from_params
@query.project = params[:query_is_for_all] ? nil : @project
@query.build_from_params(params)
@query.column_names = nil if params[:default_columns]
@query.sort_criteria = params[:query] && params[:query][:sort_criteria]
@query.name = params[:query] && params[:query][:name]
if User.current.allowed_to?(:manage_public_queries, @query.project) || User.current.admin?
@query.visibility = (params[:query] && params[:query][:visibility]) || Query::VISIBILITY_PRIVATE
@query.role_ids = params[:query] && params[:query][:role_ids]
else
@query.visibility = Query::VISIBILITY_PRIVATE
end
@query
end
def redirect_to_items(options)
method = "redirect_to_#{@query.class.name.underscore}"
send method, options
end
def redirect_to_issue_query(options)
if params[:gantt]
if @project
redirect_to project_gantt_path(@project, options)
else
redirect_to issues_gantt_path(options)
end
else
redirect_to _project_issues_path(@project, options)
end
end
def redirect_to_time_entry_query(options)
redirect_to _time_entries_path(@project, nil, options)
end
# Returns the Query subclass, IssueQuery by default
# for compatibility with previous behaviour
def query_class
Query.get_subclass(params[:type] || 'IssueQuery')
end
end

89
app/controllers/reports_controller.rb Normal file
View file

@ -0,0 +1,89 @@
# Redmine - project management software
# Copyright (C) 2006-2017 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class ReportsController < ApplicationController
menu_item :issues
before_action :find_project, :authorize, :find_issue_statuses
def issue_report
@trackers = @project.rolled_up_trackers(false).visible
@versions = @project.shared_versions.sort
@priorities = IssuePriority.all.reverse
@categories = @project.issue_categories
@assignees = (Setting.issue_group_assignment? ? @project.principals : @project.users).sort
@authors = @project.users.sort
@subprojects = @project.descendants.visible
@issues_by_tracker = Issue.by_tracker(@project)
@issues_by_version = Issue.by_version(@project)
@issues_by_priority = Issue.by_priority(@project)
@issues_by_category = Issue.by_category(@project)
@issues_by_assigned_to = Issue.by_assigned_to(@project)
@issues_by_author = Issue.by_author(@project)
@issues_by_subproject = Issue.by_subproject(@project) || []
render :template => "reports/issue_report"
end
def issue_report_details
case params[:detail]
when "tracker"
@field = "tracker_id"
@rows = @project.rolled_up_trackers(false).visible
@data = Issue.by_tracker(@project)
@report_title = l(:field_tracker)
when "version"
@field = "fixed_version_id"
@rows = @project.shared_versions.sort
@data = Issue.by_version(@project)
@report_title = l(:field_version)
when "priority"
@field = "priority_id"
@rows = IssuePriority.all.reverse
@data = Issue.by_priority(@project)
@report_title = l(:field_priority)
when "category"
@field = "category_id"
@rows = @project.issue_categories
@data = Issue.by_category(@project)
@report_title = l(:field_category)
when "assigned_to"
@field = "assigned_to_id"
@rows = (Setting.issue_group_assignment? ? @project.principals : @project.users).sort
@data = Issue.by_assigned_to(@project)
@report_title = l(:field_assigned_to)
when "author"
@field = "author_id"
@rows = @project.users.sort
@data = Issue.by_author(@project)
@report_title = l(:field_author)
when "subproject"
@field = "project_id"
@rows = @project.descendants.visible
@data = Issue.by_subproject(@project) || []
@report_title = l(:field_subproject)
else
render_404
end
end
private
def find_issue_statuses
@statuses = IssueStatus.sorted.to_a
end
end

439
app/controllers/repositories_controller.rb Normal file
View file

@ -0,0 +1,439 @@
# Redmine - project management software
# Copyright (C) 2006-2017 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
require 'SVG/Graph/Bar'
require 'SVG/Graph/BarHorizontal'
require 'digest/sha1'
require 'redmine/scm/adapters'
class ChangesetNotFound < Exception; end
class InvalidRevisionParam < Exception; end
class RepositoriesController < ApplicationController
menu_item :repository
menu_item :settings, :only => [:new, :create, :edit, :update, :destroy, :committers]
default_search_scope :changesets
before_action :find_project_by_project_id, :only => [:new, :create]
before_action :build_new_repository_from_params, :only => [:new, :create]
before_action :find_repository, :only => [:edit, :update, :destroy, :committers]
before_action :find_project_repository, :except => [:new, :create, :edit, :update, :destroy, :committers]
before_action :find_changeset, :only => [:revision, :add_related_issue, :remove_related_issue]
before_action :authorize
accept_rss_auth :revisions
rescue_from Redmine::Scm::Adapters::CommandFailed, :with => :show_error_command_failed
def new
@repository.is_default = @project.repository.nil?
end
def create
if @repository.save
redirect_to settings_project_path(@project, :tab => 'repositories')
else
render :action => 'new'
end
end
def edit
end
def update
@repository.safe_attributes = params[:repository]
if @repository.save
redirect_to settings_project_path(@project, :tab => 'repositories')
else
render :action => 'edit'
end
end
def committers
@committers = @repository.committers
@users = @project.users.to_a
additional_user_ids = @committers.collect(&:last).collect(&:to_i) - @users.collect(&:id)
@users += User.where(:id => additional_user_ids).to_a unless additional_user_ids.empty?
@users.compact!
@users.sort!
if request.post? && params[:committers].present?
# Build a hash with repository usernames as keys and corresponding user ids as values
@repository.committer_ids = params[:committers].values.inject({}) {|h, c| h[c.first] = c.last; h}
flash[:notice] = l(:notice_successful_update)
redirect_to settings_project_path(@project, :tab => 'repositories')
end
end
def destroy
@repository.destroy if request.delete?
redirect_to settings_project_path(@project, :tab => 'repositories')
end
def show
@repository.fetch_changesets if @project.active? && Setting.autofetch_changesets? && @path.empty?
@entries = @repository.entries(@path, @rev)
@changeset = @repository.find_changeset_by_name(@rev)
if request.xhr?
@entries ? render(:partial => 'dir_list_content') : head(200)
else
(show_error_not_found; return) unless @entries
@changesets = @repository.latest_changesets(@path, @rev)
@properties = @repository.properties(@path, @rev)
@repositories = @project.repositories
render :action => 'show'
end
end
alias_method :browse, :show
def changes
@entry = @repository.entry(@path, @rev)
(show_error_not_found; return) unless @entry
@changesets = @repository.latest_changesets(@path, @rev, Setting.repository_log_display_limit.to_i)
@properties = @repository.properties(@path, @rev)
@changeset = @repository.find_changeset_by_name(@rev)
end
def revisions
@changeset_count = @repository.changesets.count
@changeset_pages = Paginator.new @changeset_count,
per_page_option,
params['page']
@changesets = @repository.changesets.
limit(@changeset_pages.per_page).
offset(@changeset_pages.offset).
includes(:user, :repository, :parents).
to_a
respond_to do |format|
format.html { render :layout => false if request.xhr? }
format.atom { render_feed(@changesets, :title => "#{@project.name}: #{l(:label_revision_plural)}") }
end
end
def raw
entry_and_raw(true)
end
def entry
entry_and_raw(false)
end
def entry_and_raw(is_raw)
@entry = @repository.entry(@path, @rev)
(show_error_not_found; return) unless @entry
# If the entry is a dir, show the browser
(show; return) if @entry.is_dir?
if is_raw
# Force the download
send_opt = { :filename => filename_for_content_disposition(@path.split('/').last) }
send_type = Redmine::MimeType.of(@path)
send_opt[:type] = send_type.to_s if send_type
send_opt[:disposition] = disposition(@path)
send_data @repository.cat(@path, @rev), send_opt
else
if !@entry.size || @entry.size <= Setting.file_max_size_displayed.to_i.kilobyte
content = @repository.cat(@path, @rev)
(show_error_not_found; return) unless content
if content.size <= Setting.file_max_size_displayed.to_i.kilobyte &&
is_entry_text_data?(content, @path)
# TODO: UTF-16
# Prevent empty lines when displaying a file with Windows style eol
# Is this needed? AttachmentsController simply reads file.
@content = content.gsub("\r\n", "\n")
end
end
@changeset = @repository.find_changeset_by_name(@rev)
end
end
private :entry_and_raw
def is_entry_text_data?(ent, path)
# UTF-16 contains "\x00".
# It is very strict that file contains less than 30% of ascii symbols
# in non Western Europe.
return true if Redmine::MimeType.is_type?('text', path)
# Ruby 1.8.6 has a bug of integer divisions.
# http://apidock.com/ruby/v1_8_6_287/String/is_binary_data%3F
return false if Redmine::Scm::Adapters::ScmData.binary?(ent)
true
end
private :is_entry_text_data?
def annotate
@entry = @repository.entry(@path, @rev)
(show_error_not_found; return) unless @entry
@annotate = @repository.scm.annotate(@path, @rev)
if @annotate.nil? || @annotate.empty?
@annotate = nil
@error_message = l(:error_scm_annotate)
else
ann_buf_size = 0
@annotate.lines.each do |buf|
ann_buf_size += buf.size
end
if ann_buf_size > Setting.file_max_size_displayed.to_i.kilobyte
@annotate = nil
@error_message = l(:error_scm_annotate_big_text_file)
end
end
@changeset = @repository.find_changeset_by_name(@rev)
end
def revision
respond_to do |format|
format.html
format.js {render :layout => false}
end
end
# Adds a related issue to a changeset
# POST /projects/:project_id/repository/(:repository_id/)revisions/:rev/issues
def add_related_issue
issue_id = params[:issue_id].to_s.sub(/^#/,'')
@issue = @changeset.find_referenced_issue_by_id(issue_id)
if @issue && (!@issue.visible? || @changeset.issues.include?(@issue))
@issue = nil
end
if @issue
@changeset.issues << @issue
end
end
# Removes a related issue from a changeset
# DELETE /projects/:project_id/repository/(:repository_id/)revisions/:rev/issues/:issue_id
def remove_related_issue
@issue = Issue.visible.find_by_id(params[:issue_id])
if @issue
@changeset.issues.delete(@issue)
end
end
def diff
if params[:format] == 'diff'
@diff = @repository.diff(@path, @rev, @rev_to)
(show_error_not_found; return) unless @diff
filename = "changeset_r#{@rev}"
filename << "_r#{@rev_to}" if @rev_to
send_data @diff.join, :filename => "#{filename}.diff",
:type => 'text/x-patch',
:disposition => 'attachment'
else
@diff_type = params[:type] || User.current.pref[:diff_type] || 'inline'
@diff_type = 'inline' unless %w(inline sbs).include?(@diff_type)
# Save diff type as user preference
if User.current.logged? && @diff_type != User.current.pref[:diff_type]
User.current.pref[:diff_type] = @diff_type
User.current.preference.save
end
@cache_key = "repositories/diff/#{@repository.id}/" +
Digest::MD5.hexdigest("#{@path}-#{@rev}-#{@rev_to}-#{@diff_type}-#{current_language}")
unless read_fragment(@cache_key)
@diff = @repository.diff(@path, @rev, @rev_to)
show_error_not_found unless @diff
end
@changeset = @repository.find_changeset_by_name(@rev)
@changeset_to = @rev_to ? @repository.find_changeset_by_name(@rev_to) : nil
@diff_format_revisions = @repository.diff_format_revisions(@changeset, @changeset_to)
end
end
def stats
end
def graph
data = nil
case params[:graph]
when "commits_per_month"
data = graph_commits_per_month(@repository)
when "commits_per_author"
data = graph_commits_per_author(@repository)
end
if data
headers["Content-Type"] = "image/svg+xml"
send_data(data, :type => "image/svg+xml", :disposition => "inline")
else
render_404
end
end
private
def build_new_repository_from_params
scm = params[:repository_scm] || (Redmine::Scm::Base.all & Setting.enabled_scm).first
unless @repository = Repository.factory(scm)
render_404
return
end
@repository.project = @project
@repository.safe_attributes = params[:repository]
@repository
end
def find_repository
@repository = Repository.find(params[:id])
@project = @repository.project
rescue ActiveRecord::RecordNotFound
render_404
end
REV_PARAM_RE = %r{\A[a-f0-9]*\Z}i
def find_project_repository
@project = Project.find(params[:id])
if params[:repository_id].present?
@repository = @project.repositories.find_by_identifier_param(params[:repository_id])
else
@repository = @project.repository
end
(render_404; return false) unless @repository
@path = params[:path].is_a?(Array) ? params[:path].join('/') : params[:path].to_s
@rev = params[:rev].blank? ? @repository.default_branch : params[:rev].to_s.strip
@rev_to = params[:rev_to]
unless @rev.to_s.match(REV_PARAM_RE) && @rev_to.to_s.match(REV_PARAM_RE)
if @repository.branches.blank?
raise InvalidRevisionParam
end
end
rescue ActiveRecord::RecordNotFound
render_404
rescue InvalidRevisionParam
show_error_not_found
end
def find_changeset
if @rev.present?
@changeset = @repository.find_changeset_by_name(@rev)
end
show_error_not_found unless @changeset
end
def show_error_not_found
render_error :message => l(:error_scm_not_found), :status => 404
end
# Handler for Redmine::Scm::Adapters::CommandFailed exception
def show_error_command_failed(exception)
render_error l(:error_scm_command_failed, exception.message)
end
def graph_commits_per_month(repository)
@date_to = User.current.today
@date_from = @date_to << 11
@date_from = Date.civil(@date_from.year, @date_from.month, 1)
commits_by_day = Changeset.
where("repository_id = ? AND commit_date BETWEEN ? AND ?", repository.id, @date_from, @date_to).
group(:commit_date).
count
commits_by_month = [0] * 12
commits_by_day.each {|c| commits_by_month[(@date_to.month - c.first.to_date.month) % 12] += c.last }
changes_by_day = Change.
joins(:changeset).
where("#{Changeset.table_name}.repository_id = ? AND #{Changeset.table_name}.commit_date BETWEEN ? AND ?", repository.id, @date_from, @date_to).
group(:commit_date).
count
changes_by_month = [0] * 12
changes_by_day.each {|c| changes_by_month[(@date_to.month - c.first.to_date.month) % 12] += c.last }
fields = []
today = User.current.today
12.times {|m| fields << month_name(((today.month - 1 - m) % 12) + 1)}
graph = SVG::Graph::Bar.new(
:height => 300,
:width => 800,
:fields => fields.reverse,
:stack => :side,
:scale_integers => true,
:step_x_labels => 2,
:show_data_values => false,
:graph_title => l(:label_commits_per_month),
:show_graph_title => true
)
graph.add_data(
:data => commits_by_month[0..11].reverse,
:title => l(:label_revision_plural)
)
graph.add_data(
:data => changes_by_month[0..11].reverse,
:title => l(:label_change_plural)
)
graph.burn
end
def graph_commits_per_author(repository)
#data
stats = repository.stats_by_author
fields, commits_data, changes_data = [], [], []
stats.each do |name, hsh|
fields << name
commits_data << hsh[:commits_count]
changes_data << hsh[:changes_count]
end
#expand to 10 values if needed
fields = fields + [""]*(10 - fields.length) if fields.length<10
commits_data = commits_data + [0]*(10 - commits_data.length) if commits_data.length<10
changes_data = changes_data + [0]*(10 - changes_data.length) if changes_data.length<10
# Remove email address in usernames
fields = fields.collect {|c| c.gsub(%r{<.+@.+>}, '') }
#prepare graph
graph = SVG::Graph::BarHorizontal.new(
:height => 30 * commits_data.length,
:width => 800,
:fields => fields,
:stack => :side,
:scale_integers => true,
:show_data_values => false,
:rotate_y_labels => false,
:graph_title => l(:label_commits_per_author),
:show_graph_title => true
)
graph.add_data(
:data => commits_data,
:title => l(:label_revision_plural)
)
graph.add_data(
:data => changes_data,
:title => l(:label_change_plural)
)
graph.burn
end
def disposition(path)
if Redmine::MimeType.of(@path) == "application/pdf"
'inline'
else
'attachment'
end
end
end

123
app/controllers/roles_controller.rb Normal file
View file

@ -0,0 +1,123 @@
# Redmine - project management software
# Copyright (C) 2006-2017 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class RolesController < ApplicationController
layout 'admin'
self.main_menu = false
before_action :require_admin, :except => [:index, :show]
before_action :require_admin_or_api_request, :only => [:index, :show]
before_action :find_role, :only => [:show, :edit, :update, :destroy]
accept_api_auth :index, :show
require_sudo_mode :create, :update, :destroy
def index
respond_to do |format|
format.html {
@roles = Role.sorted.to_a
render :layout => false if request.xhr?
}
format.api {
@roles = Role.givable.to_a
}
end
end
def show
respond_to do |format|
format.api
end
end
def new
# Prefills the form with 'Non member' role permissions by default
@role = Role.new
@role.safe_attributes = params[:role] || {:permissions => Role.non_member.permissions}
if params[:copy].present? && @copy_from = Role.find_by_id(params[:copy])
@role.copy_from(@copy_from)
end
@roles = Role.sorted.to_a
end
def create
@role = Role.new
@role.safe_attributes = params[:role]
if request.post? && @role.save
# workflow copy
if !params[:copy_workflow_from].blank? && (copy_from = Role.find_by_id(params[:copy_workflow_from]))
@role.copy_workflow_rules(copy_from)
end
flash[:notice] = l(:notice_successful_create)
redirect_to roles_path
else
@roles = Role.sorted.to_a
render :action => 'new'
end
end
def edit
end
def update
@role.safe_attributes = params[:role]
if @role.save
respond_to do |format|
format.html {
flash[:notice] = l(:notice_successful_update)
redirect_to roles_path(:page => params[:page])
}
format.js { head 200 }
end
else
respond_to do |format|
format.html { render :action => 'edit' }
format.js { head 422 }
end
end
end
def destroy
begin
@role.destroy
rescue
flash[:error] = l(:error_can_not_remove_role)
end
redirect_to roles_path
end
def permissions
@roles = Role.sorted.to_a
@permissions = Redmine::AccessControl.permissions.select { |p| !p.public? }
if request.post?
@roles.each do |role|
role.permissions = params[:permissions][role.id.to_s]
role.save
end
flash[:notice] = l(:notice_successful_update)
redirect_to roles_path
end
end
private
def find_role
@role = Role.find(params[:id])
rescue ActiveRecord::RecordNotFound
render_404
end
end

99
app/controllers/search_controller.rb Normal file
View file

@ -0,0 +1,99 @@
# Redmine - project management software
# Copyright (C) 2006-2017 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class SearchController < ApplicationController
before_action :find_optional_project
accept_api_auth :index
def index
@question = params[:q] || ""
@question.strip!
@all_words = params[:all_words] ? params[:all_words].present? : true
@titles_only = params[:titles_only] ? params[:titles_only].present? : false
@search_attachments = params[:attachments].presence || '0'
@open_issues = params[:open_issues] ? params[:open_issues].present? : false
case params[:format]
when 'xml', 'json'
@offset, @limit = api_offset_and_limit
else
@offset = nil
@limit = Setting.search_results_per_page.to_i
@limit = 10 if @limit == 0
end
# quick jump to an issue
if (m = @question.match(/^#?(\d+)$/)) && (issue = Issue.visible.find_by_id(m[1].to_i))
redirect_to issue_path(issue)
return
end
projects_to_search =
case params[:scope]
when 'all'
nil
when 'my_projects'
User.current.projects
when 'subprojects'
@project ? (@project.self_and_descendants.active.to_a) : nil
else
@project
end
@object_types = Redmine::Search.available_search_types.dup
if projects_to_search.is_a? Project
# don't search projects
@object_types.delete('projects')
# only show what the user is allowed to view
@object_types = @object_types.select {|o| User.current.allowed_to?("view_#{o}".to_sym, projects_to_search)}
end
@scope = @object_types.select {|t| params[t]}
@scope = @object_types if @scope.empty?
fetcher = Redmine::Search::Fetcher.new(
@question, User.current, @scope, projects_to_search,
:all_words => @all_words, :titles_only => @titles_only, :attachments => @search_attachments, :open_issues => @open_issues,
:cache => params[:page].present?, :params => params
)
if fetcher.tokens.present?
@result_count = fetcher.result_count
@result_count_by_type = fetcher.result_count_by_type
@tokens = fetcher.tokens
@result_pages = Paginator.new @result_count, @limit, params['page']
@offset ||= @result_pages.offset
@results = fetcher.results(@offset, @result_pages.per_page)
else
@question = ""
end
respond_to do |format|
format.html { render :layout => false if request.xhr? }
format.api { @results ||= []; render :layout => false }
end
end
private
def find_optional_project
return true unless params[:id]
@project = Project.find(params[:id])
check_project_privacy
rescue ActiveRecord::RecordNotFound
render_404
end
end

81
app/controllers/settings_controller.rb Normal file
View file

@ -0,0 +1,81 @@
# Redmine - project management software
# Copyright (C) 2006-2017 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class SettingsController < ApplicationController
layout 'admin'
self.main_menu = false
menu_item :plugins, :only => :plugin
helper :queries
before_action :require_admin
require_sudo_mode :index, :edit, :plugin
def index
edit
render :action => 'edit'
end
def edit
@notifiables = Redmine::Notifiable.all
if request.post?
errors = Setting.set_all_from_params(params[:settings])
if errors.blank?
flash[:notice] = l(:notice_successful_update)
redirect_to settings_path(:tab => params[:tab])
return
else
@setting_errors = errors
# render the edit form with error messages
end
end
@options = {}
user_format = User::USER_FORMATS.collect{|key, value| [key, value[:setting_order]]}.sort{|a, b| a[1] <=> b[1]}
@options[:user_format] = user_format.collect{|f| [User.current.name(f[0]), f[0].to_s]}
@deliveries = ActionMailer::Base.perform_deliveries
@guessed_host_and_path = request.host_with_port.dup
@guessed_host_and_path << ('/'+ Redmine::Utils.relative_url_root.gsub(%r{^\/}, '')) unless Redmine::Utils.relative_url_root.blank?
@commit_update_keywords = Setting.commit_update_keywords.dup
@commit_update_keywords = [{}] unless @commit_update_keywords.is_a?(Array) && @commit_update_keywords.any?
Redmine::Themes.rescan
end
def plugin
@plugin = Redmine::Plugin.find(params[:id])
unless @plugin.configurable?
render_404
return
end
if request.post?
setting = params[:settings] ? params[:settings].permit!.to_h : {}
Setting.send "plugin_#{@plugin.id}=", setting
flash[:notice] = l(:notice_successful_update)
redirect_to plugin_settings_path(@plugin)
else
@partial = @plugin.settings[:partial]
@settings = Setting.send "plugin_#{@plugin.id}"
end
rescue Redmine::PluginNotFound
render_404
end
end

82
app/controllers/sys_controller.rb Normal file
View file

@ -0,0 +1,82 @@
# Redmine - project management software
# Copyright (C) 2006-2017 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class SysController < ActionController::Base
before_action :check_enabled
def projects
p = Project.active.has_module(:repository).
order("#{Project.table_name}.identifier").preload(:repository).to_a
# extra_info attribute from repository breaks activeresource client
render :json => p.to_json(
:only => [:id, :identifier, :name, :is_public, :status],
:include => {:repository => {:only => [:id, :url]}}
)
end
def create_project_repository
project = Project.find(params[:id])
if project.repository
head 409
else
logger.info "Repository for #{project.name} was reported to be created by #{request.remote_ip}."
repository = Repository.factory(params[:vendor])
repository.safe_attributes = params[:repository]
repository.project = project
if repository.save
render :json => {repository.class.name.underscore.gsub('/', '-') => {:id => repository.id, :url => repository.url}}, :status => 201
else
head 422
end
end
end
def fetch_changesets
projects = []
scope = Project.active.has_module(:repository)
if params[:id]
project = nil
if params[:id].to_s =~ /^\d*$/
project = scope.find(params[:id])
else
project = scope.find_by_identifier(params[:id])
end
raise ActiveRecord::RecordNotFound unless project
projects << project
else
projects = scope.to_a
end
projects.each do |project|
project.repositories.each do |repository|
repository.fetch_changesets
end
end
head 200
rescue ActiveRecord::RecordNotFound
head 404
end
protected
def check_enabled
User.current = nil
unless Setting.sys_api_enabled? && params[:key].to_s == Setting.sys_api_key
render :plain => 'Access denied. Repository management WS is disabled or key is invalid.', :status => 403
return false
end
end
end

285
app/controllers/timelog_controller.rb Normal file
View file

@ -0,0 +1,285 @@
# Redmine - project management software
# Copyright (C) 2006-2017 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class TimelogController < ApplicationController
menu_item :time_entries
before_action :find_time_entry, :only => [:show, :edit, :update]
before_action :check_editability, :only => [:edit, :update]
before_action :find_time_entries, :only => [:bulk_edit, :bulk_update, :destroy]
before_action :authorize, :only => [:show, :edit, :update, :bulk_edit, :bulk_update, :destroy]
before_action :find_optional_issue, :only => [:new, :create]
before_action :find_optional_project, :only => [:index, :report]
before_action :authorize_global, :only => [:new, :create, :index, :report]
accept_rss_auth :index
accept_api_auth :index, :show, :create, :update, :destroy
rescue_from Query::StatementInvalid, :with => :query_statement_invalid
helper :issues
include TimelogHelper
helper :custom_fields
include CustomFieldsHelper
helper :queries
include QueriesHelper
def index
retrieve_time_entry_query
scope = time_entry_scope.
preload(:issue => [:project, :tracker, :status, :assigned_to, :priority]).
preload(:project, :user)
respond_to do |format|
format.html {
@entry_count = scope.count
@entry_pages = Paginator.new @entry_count, per_page_option, params['page']
@entries = scope.offset(@entry_pages.offset).limit(@entry_pages.per_page).to_a
render :layout => !request.xhr?
}
format.api {
@entry_count = scope.count
@offset, @limit = api_offset_and_limit
@entries = scope.offset(@offset).limit(@limit).preload(:custom_values => :custom_field).to_a
}
format.atom {
entries = scope.limit(Setting.feeds_limit.to_i).reorder("#{TimeEntry.table_name}.created_on DESC").to_a
render_feed(entries, :title => l(:label_spent_time))
}
format.csv {
# Export all entries
@entries = scope.to_a
send_data(query_to_csv(@entries, @query, params), :type => 'text/csv; header=present', :filename => 'timelog.csv')
}
end
end
def report
retrieve_time_entry_query
scope = time_entry_scope
@report = Redmine::Helpers::TimeReport.new(@project, @issue, params[:criteria], params[:columns], scope)
respond_to do |format|
format.html { render :layout => !request.xhr? }
format.csv { send_data(report_to_csv(@report), :type => 'text/csv; header=present', :filename => 'timelog.csv') }
end
end
def show
respond_to do |format|
# TODO: Implement html response
format.html { head 406 }
format.api
end
end
def new
@time_entry ||= TimeEntry.new(:project => @project, :issue => @issue, :user => User.current, :spent_on => User.current.today)
@time_entry.safe_attributes = params[:time_entry]
end
def create
@time_entry ||= TimeEntry.new(:project => @project, :issue => @issue, :user => User.current, :spent_on => User.current.today)
@time_entry.safe_attributes = params[:time_entry]
if @time_entry.project && !User.current.allowed_to?(:log_time, @time_entry.project)
render_403
return
end
call_hook(:controller_timelog_edit_before_save, { :params => params, :time_entry => @time_entry })
if @time_entry.save
respond_to do |format|
format.html {
flash[:notice] = l(:notice_successful_create)
if params[:continue]
options = {
:time_entry => {
:project_id => params[:time_entry][:project_id],
:issue_id => @time_entry.issue_id,
:activity_id => @time_entry.activity_id
},
:back_url => params[:back_url]
}
if params[:project_id] && @time_entry.project
redirect_to new_project_time_entry_path(@time_entry.project, options)
elsif params[:issue_id] && @time_entry.issue
redirect_to new_issue_time_entry_path(@time_entry.issue, options)
else
redirect_to new_time_entry_path(options)
end
else
redirect_back_or_default project_time_entries_path(@time_entry.project)
end
}
format.api { render :action => 'show', :status => :created, :location => time_entry_url(@time_entry) }
end
else
respond_to do |format|
format.html { render :action => 'new' }
format.api { render_validation_errors(@time_entry) }
end
end
end
def edit
@time_entry.safe_attributes = params[:time_entry]
end
def update
@time_entry.safe_attributes = params[:time_entry]
call_hook(:controller_timelog_edit_before_save, { :params => params, :time_entry => @time_entry })
if @time_entry.save
respond_to do |format|
format.html {
flash[:notice] = l(:notice_successful_update)
redirect_back_or_default project_time_entries_path(@time_entry.project)
}
format.api { render_api_ok }
end
else
respond_to do |format|
format.html { render :action => 'edit' }
format.api { render_validation_errors(@time_entry) }
end
end
end
def bulk_edit
@available_activities = @projects.map(&:activities).reduce(:&)
@custom_fields = TimeEntry.first.available_custom_fields.select {|field| field.format.bulk_edit_supported}
end
def bulk_update
attributes = parse_params_for_bulk_update(params[:time_entry])
unsaved_time_entries = []
saved_time_entries = []
@time_entries.each do |time_entry|
time_entry.reload
time_entry.safe_attributes = attributes
call_hook(:controller_time_entries_bulk_edit_before_save, { :params => params, :time_entry => time_entry })
if time_entry.save
saved_time_entries << time_entry
else
unsaved_time_entries << time_entry
end
end
if unsaved_time_entries.empty?
flash[:notice] = l(:notice_successful_update) unless saved_time_entries.empty?
redirect_back_or_default project_time_entries_path(@projects.first)
else
@saved_time_entries = @time_entries
@unsaved_time_entries = unsaved_time_entries
@time_entries = TimeEntry.where(:id => unsaved_time_entries.map(&:id)).
preload(:project => :time_entry_activities).
preload(:user).to_a
bulk_edit
render :action => 'bulk_edit'
end
end
def destroy
destroyed = TimeEntry.transaction do
@time_entries.each do |t|
unless t.destroy && t.destroyed?
raise ActiveRecord::Rollback
end
end
end
respond_to do |format|
format.html {
if destroyed
flash[:notice] = l(:notice_successful_delete)
else
flash[:error] = l(:notice_unable_delete_time_entry)
end
redirect_back_or_default project_time_entries_path(@projects.first), :referer => true
}
format.api {
if destroyed
render_api_ok
else
render_validation_errors(@time_entries)
end
}
end
end
private
def find_time_entry
@time_entry = TimeEntry.find(params[:id])
@project = @time_entry.project
rescue ActiveRecord::RecordNotFound
render_404
end
def check_editability
unless @time_entry.editable_by?(User.current)
render_403
return false
end
end
def find_time_entries
@time_entries = TimeEntry.where(:id => params[:id] || params[:ids]).
preload(:project => :time_entry_activities).
preload(:user).to_a
raise ActiveRecord::RecordNotFound if @time_entries.empty?
raise Unauthorized unless @time_entries.all? {|t| t.editable_by?(User.current)}
@projects = @time_entries.collect(&:project).compact.uniq
@project = @projects.first if @projects.size == 1
rescue ActiveRecord::RecordNotFound
render_404
end
def find_optional_issue
if params[:issue_id].present?
@issue = Issue.find(params[:issue_id])
@project = @issue.project
else
find_optional_project
end
end
def find_optional_project
if params[:project_id].present?
@project = Project.find(params[:project_id])
end
rescue ActiveRecord::RecordNotFound
render_404
end
# Returns the TimeEntry scope for index and report actions
def time_entry_scope(options={})
@query.results_scope(options)
end
def retrieve_time_entry_query
retrieve_query(TimeEntryQuery, false)
end
end

111
app/controllers/trackers_controller.rb Normal file
View file

@ -0,0 +1,111 @@
# Redmine - project management software
# Copyright (C) 2006-2017 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class TrackersController < ApplicationController
layout 'admin'
self.main_menu = false
before_action :require_admin, :except => :index
before_action :require_admin_or_api_request, :only => :index
accept_api_auth :index
def index
@trackers = Tracker.sorted.to_a
respond_to do |format|
format.html { render :layout => false if request.xhr? }
format.api
end
end
def new
@tracker ||= Tracker.new
@tracker.safe_attributes = params[:tracker]
@trackers = Tracker.sorted.to_a
@projects = Project.all
end
def create
@tracker = Tracker.new
@tracker.safe_attributes = params[:tracker]
if @tracker.save
# workflow copy
if !params[:copy_workflow_from].blank? && (copy_from = Tracker.find_by_id(params[:copy_workflow_from]))
@tracker.copy_workflow_rules(copy_from)
end
flash[:notice] = l(:notice_successful_create)
redirect_to trackers_path
return
end
new
render :action => 'new'
end
def edit
@tracker ||= Tracker.find(params[:id])
@projects = Project.all
end
def update
@tracker = Tracker.find(params[:id])
@tracker.safe_attributes = params[:tracker]
if @tracker.save
respond_to do |format|
format.html {
flash[:notice] = l(:notice_successful_update)
redirect_to trackers_path(:page => params[:page])
}
format.js { head 200 }
end
else
respond_to do |format|
format.html {
edit
render :action => 'edit'
}
format.js { head 422 }
end
end
end
def destroy
@tracker = Tracker.find(params[:id])
unless @tracker.issues.empty?
flash[:error] = l(:error_can_not_delete_tracker)
else
@tracker.destroy
end
redirect_to trackers_path
end
def fields
if request.post? && params[:trackers]
params[:trackers].each do |tracker_id, tracker_params|
tracker = Tracker.find_by_id(tracker_id)
if tracker
tracker.core_fields = tracker_params[:core_fields]
tracker.custom_field_ids = tracker_params[:custom_field_ids]
tracker.save
end
end
flash[:notice] = l(:notice_successful_update)
redirect_to fields_trackers_path
return
end
@trackers = Tracker.sorted.to_a
@custom_fields = IssueCustomField.all.sort
end
end

190
app/controllers/users_controller.rb Normal file
View file

@ -0,0 +1,190 @@
# Redmine - project management software
# Copyright (C) 2006-2017 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class UsersController < ApplicationController
layout 'admin'
self.main_menu = false
before_action :require_admin, :except => :show
before_action ->{ find_user(false) }, :only => :show
before_action :find_user, :only => [:edit, :update, :destroy]
accept_api_auth :index, :show, :create, :update, :destroy
helper :sort
include SortHelper
helper :custom_fields
include CustomFieldsHelper
helper :principal_memberships
require_sudo_mode :create, :update, :destroy
def index
sort_init 'login', 'asc'
sort_update %w(login firstname lastname admin created_on last_login_on)
case params[:format]
when 'xml', 'json'
@offset, @limit = api_offset_and_limit
else
@limit = per_page_option
end
@status = params[:status] || 1
scope = User.logged.status(@status).preload(:email_address)
scope = scope.like(params[:name]) if params[:name].present?
scope = scope.in_group(params[:group_id]) if params[:group_id].present?
@user_count = scope.count
@user_pages = Paginator.new @user_count, @limit, params['page']
@offset ||= @user_pages.offset
@users = scope.order(sort_clause).limit(@limit).offset(@offset).to_a
respond_to do |format|
format.html {
@groups = Group.givable.sort
render :layout => !request.xhr?
}
format.api
end
end
def show
unless @user.visible?
render_404
return
end
# show projects based on current user visibility
@memberships = @user.memberships.preload(:roles, :project).where(Project.visible_condition(User.current)).to_a
respond_to do |format|
format.html {
events = Redmine::Activity::Fetcher.new(User.current, :author => @user).events(nil, nil, :limit => 10)
@events_by_day = events.group_by {|event| User.current.time_to_date(event.event_datetime)}
render :layout => 'base'
}
format.api
end
end
def new
@user = User.new(:language => Setting.default_language, :mail_notification => Setting.default_notification_option)
@user.safe_attributes = params[:user]
@auth_sources = AuthSource.all
end
def create
@user = User.new(:language => Setting.default_language, :mail_notification => Setting.default_notification_option, :admin => false)
@user.safe_attributes = params[:user]
@user.password, @user.password_confirmation = params[:user][:password], params[:user][:password_confirmation] unless @user.auth_source_id
@user.pref.safe_attributes = params[:pref]
if @user.save
Mailer.account_information(@user, @user.password).deliver if params[:send_information]
respond_to do |format|
format.html {
flash[:notice] = l(:notice_user_successful_create, :id => view_context.link_to(@user.login, user_path(@user)))
if params[:continue]
attrs = params[:user].slice(:generate_password)
redirect_to new_user_path(:user => attrs)
else
redirect_to edit_user_path(@user)
end
}
format.api { render :action => 'show', :status => :created, :location => user_url(@user) }
end
else
@auth_sources = AuthSource.all
# Clear password input
@user.password = @user.password_confirmation = nil
respond_to do |format|
format.html { render :action => 'new' }
format.api { render_validation_errors(@user) }
end
end
end
def edit
@auth_sources = AuthSource.all
@membership ||= Member.new
end
def update
if params[:user][:password].present? && (@user.auth_source_id.nil? || params[:user][:auth_source_id].blank?)
@user.password, @user.password_confirmation = params[:user][:password], params[:user][:password_confirmation]
end
@user.safe_attributes = params[:user]
# Was the account actived ? (do it before User#save clears the change)
was_activated = (@user.status_change == [User::STATUS_REGISTERED, User::STATUS_ACTIVE])
# TODO: Similar to My#account
@user.pref.safe_attributes = params[:pref]
if @user.save
@user.pref.save
if was_activated
Mailer.account_activated(@user).deliver
elsif @user.active? && params[:send_information] && @user != User.current
Mailer.account_information(@user, @user.password).deliver
end
respond_to do |format|
format.html {
flash[:notice] = l(:notice_successful_update)
redirect_to_referer_or edit_user_path(@user)
}
format.api { render_api_ok }
end
else
@auth_sources = AuthSource.all
@membership ||= Member.new
# Clear password input
@user.password = @user.password_confirmation = nil
respond_to do |format|
format.html { render :action => :edit }
format.api { render_validation_errors(@user) }
end
end
end
def destroy
@user.destroy
respond_to do |format|
format.html { redirect_back_or_default(users_path) }
format.api { render_api_ok }
end
end
private
def find_user(logged = true)
if params[:id] == 'current'
require_login || return
@user = User.current
elsif logged
@user = User.logged.find(params[:id])
else
@user = User.find(params[:id])
end
rescue ActiveRecord::RecordNotFound
render_404
end
end

183
app/controllers/versions_controller.rb Normal file
View file

@ -0,0 +1,183 @@
# Redmine - project management software
# Copyright (C) 2006-2017 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class VersionsController < ApplicationController
menu_item :roadmap
model_object Version
before_action :find_model_object, :except => [:index, :new, :create, :close_completed]
before_action :find_project_from_association, :except => [:index, :new, :create, :close_completed]
before_action :find_project_by_project_id, :only => [:index, :new, :create, :close_completed]
before_action :authorize
accept_api_auth :index, :show, :create, :update, :destroy
helper :custom_fields
helper :projects
def index
respond_to do |format|
format.html {
@trackers = @project.trackers.sorted.to_a
retrieve_selected_tracker_ids(@trackers, @trackers.select {|t| t.is_in_roadmap?})
@with_subprojects = params[:with_subprojects].nil? ? Setting.display_subprojects_issues? : (params[:with_subprojects] == '1')
project_ids = @with_subprojects ? @project.self_and_descendants.collect(&:id) : [@project.id]
@versions = @project.shared_versions.preload(:custom_values)
@versions += @project.rolled_up_versions.visible.preload(:custom_values) if @with_subprojects
@versions = @versions.to_a.uniq.sort
unless params[:completed]
@completed_versions = @versions.select(&:completed?).reverse
@versions -= @completed_versions
end
@issues_by_version = {}
if @selected_tracker_ids.any? && @versions.any?
issues = Issue.visible.
includes(:project, :tracker).
preload(:status, :priority, :fixed_version).
where(:tracker_id => @selected_tracker_ids, :project_id => project_ids, :fixed_version_id => @versions.map(&:id)).
order("#{Project.table_name}.lft, #{Tracker.table_name}.position, #{Issue.table_name}.id")
@issues_by_version = issues.group_by(&:fixed_version)
end
@versions.reject! {|version| !project_ids.include?(version.project_id) && @issues_by_version[version].blank?}
}
format.api {
@versions = @project.shared_versions.to_a
}
end
end
def show
respond_to do |format|
format.html {
@issues = @version.fixed_issues.visible.
includes(:status, :tracker, :priority).
preload(:project).
reorder("#{Tracker.table_name}.position, #{Issue.table_name}.id").
to_a
}
format.api
end
end
def new
@version = @project.versions.build
@version.safe_attributes = params[:version]
respond_to do |format|
format.html
format.js
end
end
def create
@version = @project.versions.build
if params[:version]
attributes = params[:version].dup
attributes.delete('sharing') unless attributes.nil? || @version.allowed_sharings.include?(attributes['sharing'])
@version.safe_attributes = attributes
end
if request.post?
if @version.save
respond_to do |format|
format.html do
flash[:notice] = l(:notice_successful_create)
redirect_back_or_default settings_project_path(@project, :tab => 'versions')
end
format.js
format.api do
render :action => 'show', :status => :created, :location => version_url(@version)
end
end
else
respond_to do |format|
format.html { render :action => 'new' }
format.js { render :action => 'new' }
format.api { render_validation_errors(@version) }
end
end
end
end
def edit
end
def update
if params[:version]
attributes = params[:version].dup
attributes.delete('sharing') unless @version.allowed_sharings.include?(attributes['sharing'])
@version.safe_attributes = attributes
if @version.save
respond_to do |format|
format.html {
flash[:notice] = l(:notice_successful_update)
redirect_back_or_default settings_project_path(@project, :tab => 'versions')
}
format.api { render_api_ok }
end
else
respond_to do |format|
format.html { render :action => 'edit' }
format.api { render_validation_errors(@version) }
end
end
end
end
def close_completed
if request.put?
@project.close_completed_versions
end
redirect_to settings_project_path(@project, :tab => 'versions')
end
def destroy
if @version.deletable?
@version.destroy
respond_to do |format|
format.html { redirect_back_or_default settings_project_path(@project, :tab => 'versions') }
format.api { render_api_ok }
end
else
respond_to do |format|
format.html {
flash[:error] = l(:notice_unable_delete_version)
redirect_to settings_project_path(@project, :tab => 'versions')
}
format.api { head :unprocessable_entity }
end
end
end
def status_by
respond_to do |format|
format.html { render :action => 'show' }
format.js
end
end
private
def retrieve_selected_tracker_ids(selectable_trackers, default_trackers=nil)
if ids = params[:tracker_ids]
@selected_tracker_ids = (ids.is_a? Array) ? ids.collect { |id| id.to_i.to_s } : ids.split('/').collect { |id| id.to_i.to_s }
else
@selected_tracker_ids = (default_trackers || selectable_trackers).collect {|t| t.id.to_s }
end
end
end

152
app/controllers/watchers_controller.rb Normal file
View file

@ -0,0 +1,152 @@
# Redmine - project management software
# Copyright (C) 2006-2017 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class WatchersController < ApplicationController
before_action :require_login, :find_watchables, :only => [:watch, :unwatch]
def watch
set_watcher(@watchables, User.current, true)
end
def unwatch
set_watcher(@watchables, User.current, false)
end
before_action :find_project, :authorize, :only => [:new, :create, :append, :destroy, :autocomplete_for_user]
accept_api_auth :create, :destroy
def new
@users = users_for_new_watcher
end
def create
user_ids = []
if params[:watcher]
user_ids << (params[:watcher][:user_ids] || params[:watcher][:user_id])
else
user_ids << params[:user_id]
end
users = User.active.visible.where(:id => user_ids.flatten.compact.uniq)
users.each do |user|
@watchables.each do |watchable|
Watcher.create(:watchable => watchable, :user => user)
end
end
respond_to do |format|
format.html { redirect_to_referer_or {render :html => 'Watcher added.', :status => 200, :layout => true}}
format.js { @users = users_for_new_watcher }
format.api { render_api_ok }
end
end
def append
if params[:watcher]
user_ids = params[:watcher][:user_ids] || [params[:watcher][:user_id]]
@users = User.active.visible.where(:id => user_ids).to_a
end
if @users.blank?
head 200
end
end
def destroy
user = User.find(params[:user_id])
@watchables.each do |watchable|
watchable.set_watcher(user, false)
end
respond_to do |format|
format.html { redirect_to_referer_or {render :html => 'Watcher removed.', :status => 200, :layout => true} }
format.js
format.api { render_api_ok }
end
rescue ActiveRecord::RecordNotFound
render_404
end
def autocomplete_for_user
@users = users_for_new_watcher
render :layout => false
end
private
def find_project
if params[:object_type] && params[:object_id]
@watchables = find_objets_from_params
@projects = @watchables.map(&:project).uniq
if @projects.size == 1
@project = @projects.first
end
elsif params[:project_id]
@project = Project.visible.find_by_param(params[:project_id])
end
end
def find_watchables
@watchables = find_objets_from_params
unless @watchables.present?
render_404
end
end
def set_watcher(watchables, user, watching)
watchables.each do |watchable|
watchable.set_watcher(user, watching)
end
respond_to do |format|
format.html {
text = watching ? 'Watcher added.' : 'Watcher removed.'
redirect_to_referer_or {render :html => text, :status => 200, :layout => true}
}
format.js { render :partial => 'set_watcher', :locals => {:user => user, :watched => watchables} }
end
end
def users_for_new_watcher
scope = nil
if params[:q].blank? && @project.present?
scope = @project.users
else
scope = User.all.limit(100)
end
users = scope.active.visible.sorted.like(params[:q]).to_a
if @watchables && @watchables.size == 1
users -= @watchables.first.watcher_users
end
users
end
def find_objets_from_params
klass = Object.const_get(params[:object_type].camelcase) rescue nil
return unless klass && klass.respond_to?('watched_by')
scope = klass.where(:id => Array.wrap(params[:object_id]))
if klass.reflect_on_association(:project)
scope = scope.preload(:project => :enabled_modules)
end
objects = scope.to_a
raise Unauthorized if objects.any? do |w|
if w.respond_to?(:visible?)
!w.visible?
elsif w.respond_to?(:project) && w.project
!w.project.visible?
end
end
objects
end
end

29
app/controllers/welcome_controller.rb Normal file
View file

@ -0,0 +1,29 @@
# Redmine - project management software
# Copyright (C) 2006-2017 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class WelcomeController < ApplicationController
self.main_menu = false
def index
@news = News.latest User.current
end
def robots
@projects = Project.all_public.active
render :layout => false, :content_type => 'text/plain'
end
end

392
app/controllers/wiki_controller.rb Normal file
View file

@ -0,0 +1,392 @@
# Redmine - project management software
# Copyright (C) 2006-2017 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
# The WikiController follows the Rails REST controller pattern but with
# a few differences
#
# * index - shows a list of WikiPages grouped by page or date
# * new - not used
# * create - not used
# * show - will also show the form for creating a new wiki page
# * edit - used to edit an existing or new page
# * update - used to save a wiki page update to the database, including new pages
# * destroy - normal
#
# Other member and collection methods are also used
#
# TODO: still being worked on
class WikiController < ApplicationController
default_search_scope :wiki_pages
before_action :find_wiki, :authorize
before_action :find_existing_or_new_page, :only => [:show, :edit, :update]
before_action :find_existing_page, :only => [:rename, :protect, :history, :diff, :annotate, :add_attachment, :destroy, :destroy_version]
before_action :find_attachments, :only => [:preview]
accept_api_auth :index, :show, :update, :destroy
helper :attachments
include AttachmentsHelper
helper :watchers
include Redmine::Export::PDF
# List of pages, sorted alphabetically and by parent (hierarchy)
def index
load_pages_for_index
respond_to do |format|
format.html {
@pages_by_parent_id = @pages.group_by(&:parent_id)
}
format.api
end
end
# List of page, by last update
def date_index
load_pages_for_index
@pages_by_date = @pages.group_by {|p| p.updated_on.to_date}
end
def new
@page = WikiPage.new(:wiki => @wiki, :title => params[:title])
unless User.current.allowed_to?(:edit_wiki_pages, @project)
render_403
return
end
if request.post?
@page.title = '' unless editable?
@page.validate
if @page.errors[:title].blank?
path = project_wiki_page_path(@project, @page.title)
respond_to do |format|
format.html { redirect_to path }
format.js { render :js => "window.location = #{path.to_json}" }
end
end
end
end
# display a page (in editing mode if it doesn't exist)
def show
if params[:version] && !User.current.allowed_to?(:view_wiki_edits, @project)
deny_access
return
end
@content = @page.content_for_version(params[:version])
if @content.nil?
if User.current.allowed_to?(:edit_wiki_pages, @project) && editable? && !api_request?
edit
render :action => 'edit'
else
render_404
end
return
end
call_hook :controller_wiki_show_before_render, content: @content, format: params[:format]
if User.current.allowed_to?(:export_wiki_pages, @project)
if params[:format] == 'pdf'
send_file_headers! :type => 'application/pdf', :filename => filename_for_content_disposition("#{@page.title}.pdf")
return
elsif params[:format] == 'html'
export = render_to_string :action => 'export', :layout => false
send_data(export, :type => 'text/html', :filename => filename_for_content_disposition("#{@page.title}.html"))
return
elsif params[:format] == 'txt'
send_data(@content.text, :type => 'text/plain', :filename => filename_for_content_disposition("#{@page.title}.txt"))
return
end
end
@editable = editable?
@sections_editable = @editable && User.current.allowed_to?(:edit_wiki_pages, @page.project) &&
@content.current_version? &&
Redmine::WikiFormatting.supports_section_edit?
respond_to do |format|
format.html
format.api
end
end
# edit an existing page or a new one
def edit
return render_403 unless editable?
if @page.new_record?
if params[:parent].present?
@page.parent = @page.wiki.find_page(params[:parent].to_s)
end
end
@content = @page.content_for_version(params[:version])
@content ||= WikiContent.new(:page => @page)
@content.text = initial_page_content(@page) if @content.text.blank?
# don't keep previous comment
@content.comments = nil
# To prevent StaleObjectError exception when reverting to a previous version
@content.version = @page.content.version if @page.content
@text = @content.text
if params[:section].present? && Redmine::WikiFormatting.supports_section_edit?
@section = params[:section].to_i
@text, @section_hash = Redmine::WikiFormatting.formatter.new(@text).get_section(@section)
render_404 if @text.blank?
end
end
# Creates a new page or updates an existing one
def update
return render_403 unless editable?
was_new_page = @page.new_record?
@page.safe_attributes = params[:wiki_page]
@content = @page.content || WikiContent.new(:page => @page)
content_params = params[:content]
if content_params.nil? && params[:wiki_page].present?
content_params = params[:wiki_page].slice(:text, :comments, :version)
end
content_params ||= {}
@content.comments = content_params[:comments]
@text = content_params[:text]
if params[:section].present? && Redmine::WikiFormatting.supports_section_edit?
@section = params[:section].to_i
@section_hash = params[:section_hash]
@content.text = Redmine::WikiFormatting.formatter.new(@content.text).update_section(@section, @text, @section_hash)
else
@content.version = content_params[:version] if content_params[:version]
@content.text = @text
end
@content.author = User.current
if @page.save_with_content(@content)
attachments = Attachment.attach_files(@page, params[:attachments] || (params[:wiki_page] && params[:wiki_page][:uploads]))
render_attachment_warning_if_needed(@page)
call_hook(:controller_wiki_edit_after_save, { :params => params, :page => @page})
respond_to do |format|
format.html {
anchor = @section ? "section-#{@section}" : nil
redirect_to project_wiki_page_path(@project, @page.title, :anchor => anchor)
}
format.api {
if was_new_page
render :action => 'show', :status => :created, :location => project_wiki_page_path(@project, @page.title)
else
render_api_ok
end
}
end
else
respond_to do |format|
format.html { render :action => 'edit' }
format.api { render_validation_errors(@content) }
end
end
rescue ActiveRecord::StaleObjectError, Redmine::WikiFormatting::StaleSectionError
# Optimistic locking exception
respond_to do |format|
format.html {
flash.now[:error] = l(:notice_locking_conflict)
render :action => 'edit'
}
format.api { render_api_head :conflict }
end
end
# rename a page
def rename
return render_403 unless editable?
@page.redirect_existing_links = true
# used to display the *original* title if some AR validation errors occur
@original_title = @page.pretty_title
@page.safe_attributes = params[:wiki_page]
if request.post? && @page.save
flash[:notice] = l(:notice_successful_update)
redirect_to project_wiki_page_path(@page.project, @page.title)
end
end
def protect
@page.update_attribute :protected, params[:protected]
redirect_to project_wiki_page_path(@project, @page.title)
end
# show page history
def history
@version_count = @page.content.versions.count
@version_pages = Paginator.new @version_count, per_page_option, params['page']
# don't load text
@versions = @page.content.versions.
select("id, author_id, comments, updated_on, version").
reorder('version DESC').
limit(@version_pages.per_page + 1).
offset(@version_pages.offset).
to_a
render :layout => false if request.xhr?
end
def diff
@diff = @page.diff(params[:version], params[:version_from])
render_404 unless @diff
end
def annotate
@annotate = @page.annotate(params[:version])
render_404 unless @annotate
end
# Removes a wiki page and its history
# Children can be either set as root pages, removed or reassigned to another parent page
def destroy
return render_403 unless editable?
@descendants_count = @page.descendants.size
if @descendants_count > 0
case params[:todo]
when 'nullify'
# Nothing to do
when 'destroy'
# Removes all its descendants
@page.descendants.each(&:destroy)
when 'reassign'
# Reassign children to another parent page
reassign_to = @wiki.pages.find_by_id(params[:reassign_to_id].to_i)
return unless reassign_to
@page.children.each do |child|
child.update_attribute(:parent, reassign_to)
end
else
@reassignable_to = @wiki.pages - @page.self_and_descendants
# display the destroy form if it's a user request
return unless api_request?
end
end
@page.destroy
respond_to do |format|
format.html { redirect_to project_wiki_index_path(@project) }
format.api { render_api_ok }
end
end
def destroy_version
return render_403 unless editable?
if content = @page.content.versions.find_by_version(params[:version])
content.destroy
redirect_to_referer_or history_project_wiki_page_path(@project, @page.title)
else
render_404
end
end
# Export wiki to a single pdf or html file
def export
@pages = @wiki.pages.
order('title').
includes([:content, {:attachments => :author}]).
to_a
respond_to do |format|
format.html {
export = render_to_string :action => 'export_multiple', :layout => false
send_data(export, :type => 'text/html', :filename => "wiki.html")
}
format.pdf {
send_file_headers! :type => 'application/pdf', :filename => "#{@project.identifier}.pdf"
}
end
end
def preview
page = @wiki.find_page(params[:id])
# page is nil when previewing a new page
return render_403 unless page.nil? || editable?(page)
if page
@attachments += page.attachments
@previewed = page.content
end
@text = params[:content][:text]
render :partial => 'common/preview'
end
def add_attachment
return render_403 unless editable?
attachments = Attachment.attach_files(@page, params[:attachments])
render_attachment_warning_if_needed(@page)
redirect_to :action => 'show', :id => @page.title, :project_id => @project
end
private
def find_wiki
@project = Project.find(params[:project_id])
@wiki = @project.wiki
render_404 unless @wiki
rescue ActiveRecord::RecordNotFound
render_404
end
# Finds the requested page or a new page if it doesn't exist
def find_existing_or_new_page
@page = @wiki.find_or_new_page(params[:id])
if @wiki.page_found_with_redirect?
redirect_to_page @page
end
end
# Finds the requested page and returns a 404 error if it doesn't exist
def find_existing_page
@page = @wiki.find_page(params[:id])
if @page.nil?
render_404
return
end
if @wiki.page_found_with_redirect?
redirect_to_page @page
end
end
def redirect_to_page(page)
if page.project && page.project.visible?
redirect_to :action => action_name, :project_id => page.project, :id => page.title
else
render_404
end
end
# Returns true if the current user is allowed to edit the page, otherwise false
def editable?(page = @page)
page.editable_by?(User.current)
end
# Returns the default content of a new wiki page
def initial_page_content(page)
helper = Redmine::WikiFormatting.helper_for(Setting.text_formatting)
extend helper unless self.instance_of?(helper)
helper.instance_method(:initial_page_content).bind(self).call(page)
end
def load_pages_for_index
@pages = @wiki.pages.with_updated_on.
reorder("#{WikiPage.table_name}.title").
includes(:wiki => :project).
includes(:parent).
to_a
end
end

36
app/controllers/wikis_controller.rb Normal file
View file

@ -0,0 +1,36 @@
# Redmine - project management software
# Copyright (C) 2006-2017 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class WikisController < ApplicationController
menu_item :settings
before_action :find_project, :authorize
# Create or update a project's wiki
def edit
@wiki = @project.wiki || Wiki.new(:project => @project)
@wiki.safe_attributes = params[:wiki]
@wiki.save if request.post?
end
# Delete a project's wiki
def destroy
if request.post? && params[:confirm] && @project.wiki
@project.wiki.destroy
redirect_to settings_project_path(@project, :tab => 'wiki')
end
end
end

149
app/controllers/workflows_controller.rb Normal file
View file

@ -0,0 +1,149 @@
# Redmine - project management software
# Copyright (C) 2006-2017 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class WorkflowsController < ApplicationController
layout 'admin'
self.main_menu = false
before_action :require_admin
def index
@roles = Role.sorted.select(&:consider_workflow?)
@trackers = Tracker.sorted
@workflow_counts = WorkflowTransition.group(:tracker_id, :role_id).count
end
def edit
find_trackers_roles_and_statuses_for_edit
if request.post? && @roles && @trackers && params[:transitions]
transitions = params[:transitions].deep_dup
transitions.each do |old_status_id, transitions_by_new_status|
transitions_by_new_status.each do |new_status_id, transition_by_rule|
transition_by_rule.reject! {|rule, transition| transition == 'no_change'}
end
end
WorkflowTransition.replace_transitions(@trackers, @roles, transitions)
flash[:notice] = l(:notice_successful_update)
redirect_to_referer_or workflows_edit_path
return
end
if @trackers && @roles && @statuses.any?
workflows = WorkflowTransition.
where(:role_id => @roles.map(&:id), :tracker_id => @trackers.map(&:id)).
preload(:old_status, :new_status)
@workflows = {}
@workflows['always'] = workflows.select {|w| !w.author && !w.assignee}
@workflows['author'] = workflows.select {|w| w.author}
@workflows['assignee'] = workflows.select {|w| w.assignee}
end
end
def permissions
find_trackers_roles_and_statuses_for_edit
if request.post? && @roles && @trackers && params[:permissions]
permissions = params[:permissions].deep_dup
permissions.each { |field, rule_by_status_id|
rule_by_status_id.reject! {|status_id, rule| rule == 'no_change'}
}
WorkflowPermission.replace_permissions(@trackers, @roles, permissions)
flash[:notice] = l(:notice_successful_update)
redirect_to_referer_or workflows_permissions_path
return
end
if @roles && @trackers
@fields = (Tracker::CORE_FIELDS_ALL - @trackers.map(&:disabled_core_fields).reduce(:&)).map {|field| [field, l("field_"+field.sub(/_id$/, ''))]}
@custom_fields = @trackers.map(&:custom_fields).flatten.uniq.sort
@permissions = WorkflowPermission.rules_by_status_id(@trackers, @roles)
@statuses.each {|status| @permissions[status.id] ||= {}}
end
end
def copy
@roles = Role.sorted.select(&:consider_workflow?)
@trackers = Tracker.sorted
if params[:source_tracker_id].blank? || params[:source_tracker_id] == 'any'
@source_tracker = nil
else
@source_tracker = Tracker.find_by_id(params[:source_tracker_id].to_i)
end
if params[:source_role_id].blank? || params[:source_role_id] == 'any'
@source_role = nil
else
@source_role = Role.find_by_id(params[:source_role_id].to_i)
end
@target_trackers = params[:target_tracker_ids].blank? ?
nil : Tracker.where(:id => params[:target_tracker_ids]).to_a
@target_roles = params[:target_role_ids].blank? ?
nil : Role.where(:id => params[:target_role_ids]).to_a
if request.post?
if params[:source_tracker_id].blank? || params[:source_role_id].blank? || (@source_tracker.nil? && @source_role.nil?)
flash.now[:error] = l(:error_workflow_copy_source)
elsif @target_trackers.blank? || @target_roles.blank?
flash.now[:error] = l(:error_workflow_copy_target)
else
WorkflowRule.copy(@source_tracker, @source_role, @target_trackers, @target_roles)
flash[:notice] = l(:notice_successful_update)
redirect_to workflows_copy_path(:source_tracker_id => @source_tracker, :source_role_id => @source_role)
end
end
end
private
def find_trackers_roles_and_statuses_for_edit
find_roles
find_trackers
find_statuses
end
def find_roles
ids = Array.wrap(params[:role_id])
if ids == ['all']
@roles = Role.sorted.to_a
elsif ids.present?
@roles = Role.where(:id => ids).to_a
end
@roles = nil if @roles.blank?
end
def find_trackers
ids = Array.wrap(params[:tracker_id])
if ids == ['all']
@trackers = Tracker.sorted.to_a
elsif ids.present?
@trackers = Tracker.where(:id => ids).to_a
end
@trackers = nil if @trackers.blank?
end
def find_statuses
@used_statuses_only = (params[:used_statuses_only] == '0' ? false : true)
if @trackers && @used_statuses_only
role_ids = Role.all.select(&:consider_workflow?).map(&:id)
status_ids = WorkflowTransition.where(
:tracker_id => @trackers.map(&:id), :role_id => role_ids
).distinct.pluck(:old_status_id, :new_status_id).flatten.uniq
@statuses = IssueStatus.where(:id => status_ids).sorted.to_a.presence
end
@statuses ||= IssueStatus.sorted.to_a
end
end