Skip to content

R
redmine
Commit 5b64556d by François C.
Options

Initial commit from redmine-4.1.1.tar.gz

parents
Showing with 4885 additions and 0 deletions

Too many changes to show.
Plain diff Email patch

To preserve performance only 1000 of 1000+ files are displayed.

.gitignore 0 → 100644
/.project
/.idea
/.loadpath
/.powrc
/.rvmrc
/.ruby-version
/config/additional_environment.rb
/config/configuration.yml
/config/database.yml
/config/email.yml
/config/secrets.yml
/config/initializers/session_store.rb
/config/initializers/secret_token.rb
/coverage
/db/*.db
/db/*.sqlite3
/db/schema.rb
/files/*
/lib/redmine/scm/adapters/mercurial/redminehelper.pyc
/lib/redmine/scm/adapters/mercurial/redminehelper.pyo
/log/*.log*
/log/mongrel_debug
/plugins/*
!/plugins/README
/public/dispatch.*
/public/plugin_assets/*
/public/themes/*
!/public/themes/alternate
!/public/themes/classic
!/public/themes/README
/tmp/*
/tmp/cache/*
/tmp/pdf/*
/tmp/sessions/*
/tmp/sockets/*
/tmp/test/*
/tmp/thumbnails/*
/vendor/cache
*.rbc
/.bundle
/Gemfile.lock
/Gemfile.local
CONTRIBUTING.md 0 → 100644
Your contributions to Redmine are welcome!
Please **open an issue on the [official website]** instead of sending pull requests.
Since the development of Redmine is not conducted on GitHub but on the [official website] and core developers are not monitoring the GitHub repo, pull requests might not get reviewed.
For more detail about how to contribute, please see the wiki page [Contribute] on the [official website].
[official website]: https://www.redmine.org/
[Contribute]: https://www.redmine.org/projects/redmine/wiki/Contribute
Gemfile 0 → 100644
source 'https://rubygems.org'
ruby '>= 2.3.0', '< 2.7.0' if Bundler::VERSION >= '1.12.0'
gem "bundler", ">= 1.5.0"
gem 'rails', '5.2.4.2'
gem 'sprockets', '~> 3.7.2' if RUBY_VERSION < '2.5'
gem "rouge", "~> 3.12.0"
gem "request_store", "~> 1.4.1"
gem "mini_mime", "~> 1.0.1"
gem "actionpack-xml_parser"
gem "roadie-rails", (RUBY_VERSION < "2.5" ? "~> 1.3.0" : "~> 2.1.0")
gem "mimemagic"
gem "mail", "~> 2.7.1"
gem "csv", "~> 3.1.1"
gem "nokogiri", "~> 1.10.0"
gem "i18n", "~> 1.6.0"
gem "rbpdf", "~> 1.20.0"
# Windows does not include zoneinfo files, so bundle the tzinfo-data gem
gem 'tzinfo-data', platforms: [:mingw, :x64_mingw, :mswin]
# Optional gem for LDAP authentication
group :ldap do
gem "net-ldap", "~> 0.16.0"
end
# Optional gem for OpenID authentication
group :openid do
gem "ruby-openid", "~> 2.9.2", :require => "openid"
gem "rack-openid"
end
# Optional gem for exporting the gantt to a PNG file
group :minimagick do
gem "mini_magick", "~> 4.9.5"
end
# Optional Markdown support, not for JRuby
group :markdown do
gem "redcarpet", "~> 3.5.0"
end
# Include database gems for the adapters found in the database
# configuration file
require 'erb'
require 'yaml'
database_file = File.join(File.dirname(__FILE__), "config/database.yml")
if File.exist?(database_file)
database_config = YAML::load(ERB.new(IO.read(database_file)).result)
adapters = database_config.values.map {|c| c['adapter']}.compact.uniq
if adapters.any?
adapters.each do |adapter|
case adapter
when 'mysql2'
gem "mysql2", "~> 0.5.0", :platforms => [:mri, :mingw, :x64_mingw]
when /postgresql/
gem "pg", "~> 1.1.4", :platforms => [:mri, :mingw, :x64_mingw]
when /sqlite3/
gem "sqlite3", "~> 1.4.0", :platforms => [:mri, :mingw, :x64_mingw]
when /sqlserver/
gem "tiny_tds", "~> 2.1.2", :platforms => [:mri, :mingw, :x64_mingw]
gem "activerecord-sqlserver-adapter", "~> 5.2.1", :platforms => [:mri, :mingw, :x64_mingw]
else
warn("Unknown database adapter `#{adapter}` found in config/database.yml, use Gemfile.local to load your own database gems")
end
end
else
warn("No adapter found in config/database.yml, please configure it first")
end
else
warn("Please configure your config/database.yml first")
end
group :development do
gem "yard"
end
group :test do
gem "rails-dom-testing"
gem 'mocha', '>= 1.4.0'
gem "simplecov", "~> 0.17.0", :require => false
gem "ffi", platforms: [:mingw, :x64_mingw, :mswin]
# For running system tests
gem 'puma', '~> 3.7'
gem "capybara", (RUBY_VERSION < "2.4" ? "~> 3.15.1" : "~> 3.25.0")
gem "selenium-webdriver"
# RuboCop
gem 'rubocop', '~> 0.76.0'
gem 'rubocop-performance', '~> 1.5.0'
gem 'rubocop-rails', '~> 2.3.0'
end
local_gemfile = File.join(File.dirname(__FILE__), "Gemfile.local")
if File.exists?(local_gemfile)
eval_gemfile local_gemfile
end
# Load plugins' Gemfiles
Dir.glob File.expand_path("../plugins/*/{Gemfile,PluginGemfile}", __FILE__) do |file|
eval_gemfile file
end
README.rdoc 0 → 100644
= Redmine
Redmine is a flexible project management web application written using Ruby on Rails framework.
More details can be found in the doc directory or on the official website http://www.redmine.org
Rakefile 0 → 100755
#!/usr/bin/env rake
# Add your own tasks in files placed in lib/tasks ending in .rake,
# for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
require File.expand_path('../config/application', __FILE__)
RedmineApp::Application.load_tasks
app/controllers/activities_controller.rb 0 → 100644
# frozen_string_literal: true
# Redmine - project management software
# Copyright (C) 2006-2019 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class ActivitiesController < ApplicationController
menu_item :activity
before_action :find_optional_project_by_id, :authorize_global
accept_rss_auth :index
def index
@days = Setting.activity_days_default.to_i
if params[:from]
begin; @date_to = params[:from].to_date + 1; rescue; end
end
@date_to ||= User.current.today + 1
@date_from = @date_to - @days
@with_subprojects = params[:with_subprojects].nil? ? Setting.display_subprojects_issues? : (params[:with_subprojects] == '1')
if params[:user_id].present?
@author = User.active.find(params[:user_id])
end
@activity = Redmine::Activity::Fetcher.new(User.current, :project => @project,
:with_subprojects => @with_subprojects,
:author => @author)
pref = User.current.pref
@activity.scope_select {|t| !params["show_#{t}"].nil?}
if @activity.scope.present?
if params[:submit].present?
pref.activity_scope = @activity.scope
pref.save
end
else
if @author.nil?
scope = pref.activity_scope & @activity.event_types
@activity.scope = scope.present? ? scope : :default
else
@activity.scope = :all
end
end
events = @activity.events(@date_from, @date_to)
if events.empty? || stale?(:etag => [@activity.scope, @date_to, @date_from, @with_subprojects, @author, events.first, events.size, User.current, current_language])
respond_to do |format|
format.html {
@events_by_day = events.group_by {|event| User.current.time_to_date(event.event_datetime)}
render :layout => false if request.xhr?
}
format.atom {
title = l(:label_activity)
if @author
title = @author.name
elsif @activity.scope.size == 1
title = l("label_#{@activity.scope.first.singularize}_plural")
end
render_feed(events, :title => "#{@project || Setting.app_title}: #{title}")
}
end
end
rescue ActiveRecord::RecordNotFound
render_404
end
end
app/controllers/admin_controller.rb 0 → 100644
# frozen_string_literal: true
# Redmine - project management software
# Copyright (C) 2006-2019 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class AdminController < ApplicationController
layout 'admin'
self.main_menu = false
menu_item :projects, :only => :projects
menu_item :plugins, :only => :plugins
menu_item :info, :only => :info
before_action :require_admin
def index
@no_configuration_data = Redmine::DefaultData::Loader::no_data?
end
def projects
@status = params[:status] || 1
scope = Project.status(@status).sorted
scope = scope.like(params[:name]) if params[:name].present?
@project_count = scope.count
@project_pages = Paginator.new @project_count, per_page_option, params['page']
@projects = scope.limit(@project_pages.per_page).offset(@project_pages.offset).to_a
render :action => "projects", :layout => false if request.xhr?
end
def plugins
@plugins = Redmine::Plugin.all
end
# Loads the default configuration
# (roles, trackers, statuses, workflow, enumerations)
def default_configuration
if request.post?
begin
Redmine::DefaultData::Loader::load(params[:lang])
flash[:notice] = l(:notice_default_data_loaded)
rescue => e
flash[:error] = l(:error_can_t_load_default_data, ERB::Util.h(e.message))
end
end
redirect_to admin_path
end
def test_email
begin
Mailer.deliver_test_email(User.current)
flash[:notice] = l(:notice_email_sent, ERB::Util.h(User.current.mail))
rescue => e
flash[:error] = l(:notice_email_error, ERB::Util.h(Redmine::CodesetUtil.replace_invalid_utf8(e.message.dup)))
end
redirect_to settings_path(:tab => 'notifications')
end
def info
@checklist = [
[:text_default_administrator_account_changed, User.default_admin_account_changed?],
[:text_file_repository_writable, File.writable?(Attachment.storage_path)],
["#{l :text_plugin_assets_writable} (./public/plugin_assets)", File.writable?(Redmine::Plugin.public_directory)],
[:text_minimagick_available, Object.const_defined?(:MiniMagick)],
[:text_convert_available, Redmine::Thumbnail.convert_available?],
[:text_gs_available, Redmine::Thumbnail.gs_available?]
]
end
end
app/controllers/attachments_controller.rb 0 → 100644
# frozen_string_literal: true
# Redmine - project management software
# Copyright (C) 2006-2019 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class AttachmentsController < ApplicationController
before_action :find_attachment, :only => [:show, :download, :thumbnail, :update, :destroy]
before_action :find_editable_attachments, :only => [:edit_all, :update_all]
before_action :file_readable, :read_authorize, :only => [:show, :download, :thumbnail]
before_action :update_authorize, :only => :update
before_action :delete_authorize, :only => :destroy
before_action :authorize_global, :only => :upload
# Disable check for same origin requests for JS files, i.e. attachments with
# MIME type text/javascript.
skip_after_action :verify_same_origin_request, :only => :download
accept_api_auth :show, :download, :thumbnail, :upload, :update, :destroy
def show
respond_to do |format|
format.html {
if @attachment.container.respond_to?(:attachments)
@attachments = @attachment.container.attachments.to_a
if index = @attachments.index(@attachment)
@paginator = Redmine::Pagination::Paginator.new(
@attachments.size, 1, index+1
)
end
end
if @attachment.is_diff?
@diff = File.read(@attachment.diskfile, :mode => "rb")
@diff_type = params[:type] || User.current.pref[:diff_type] || 'inline'
@diff_type = 'inline' unless %w(inline sbs).include?(@diff_type)
# Save diff type as user preference
if User.current.logged? && @diff_type != User.current.pref[:diff_type]
User.current.pref[:diff_type] = @diff_type
User.current.preference.save
end
render :action => 'diff'
elsif @attachment.is_text? && @attachment.filesize <= Setting.file_max_size_displayed.to_i.kilobyte
@content = File.read(@attachment.diskfile, :mode => "rb")
render :action => 'file'
elsif @attachment.is_image?
render :action => 'image'
else
render :action => 'other'
end
}
format.api
end
end
def download
if @attachment.container.is_a?(Version) || @attachment.container.is_a?(Project)
@attachment.increment_download
end
if stale?(:etag => @attachment.digest, :template => false)
# images are sent inline
send_file @attachment.diskfile, :filename => filename_for_content_disposition(@attachment.filename),
:type => detect_content_type(@attachment),
:disposition => disposition(@attachment)
end
end
def thumbnail
if @attachment.thumbnailable? && tbnail = @attachment.thumbnail(:size => params[:size])
if stale?(:etag => tbnail, :template => false)
send_file(
tbnail,
:filename => filename_for_content_disposition(@attachment.filename),
:type => detect_content_type(@attachment, true),
:disposition => 'inline')
end
else
# No thumbnail for the attachment or thumbnail could not be created
head 404
end
end
def upload
# Make sure that API users get used to set this content type
# as it won't trigger Rails' automatic parsing of the request body for parameters
unless request.content_type == 'application/octet-stream'
head 406
return
end
@attachment = Attachment.new(:file => request.raw_post)
@attachment.author = User.current
@attachment.filename = params[:filename].presence || Redmine::Utils.random_hex(16)
@attachment.content_type = params[:content_type].presence
saved = @attachment.save
respond_to do |format|
format.js
format.api {
if saved
render :action => 'upload', :status => :created
else
render_validation_errors(@attachment)
end
}
end
end
# Edit all the attachments of a container
def edit_all
end
# Update all the attachments of a container
def update_all
if Attachment.update_attachments(@attachments, update_all_params)
redirect_back_or_default home_path
return
end
render :action => 'edit_all'
end
def update
@attachment.safe_attributes = params[:attachment]
saved = @attachment.save
respond_to do |format|
format.api {
if saved
render_api_ok
else
render_validation_errors(@attachment)
end
}
end
end
def destroy
if @attachment.container.respond_to?(:init_journal)
@attachment.container.init_journal(User.current)
end
if @attachment.container
# Make sure association callbacks are called
@attachment.container.attachments.delete(@attachment)
else
@attachment.destroy
end
respond_to do |format|
format.html { redirect_to_referer_or project_path(@project) }
format.js
format.api { render_api_ok }
end
end
# Returns the menu item that should be selected when viewing an attachment
def current_menu_item
container = @attachment.try(:container) || @container
if container
case container
when WikiPage
:wiki
when Message
:boards
when Project, Version
:files
else
container.class.name.pluralize.downcase.to_sym
end
end
end
private
def find_attachment
@attachment = Attachment.find(params[:id])
# Show 404 if the filename in the url is wrong
raise ActiveRecord::RecordNotFound if params[:filename] && params[:filename] != @attachment.filename
@project = @attachment.project
rescue ActiveRecord::RecordNotFound
render_404
end
def find_editable_attachments
klass = params[:object_type].to_s.singularize.classify.constantize rescue nil
unless klass && klass.reflect_on_association(:attachments)
render_404
return
end
@container = klass.find(params[:object_id])
if @container.respond_to?(:visible?) && !@container.visible?
render_403
return
end
@attachments = @container.attachments.select(&:editable?)
if @container.respond_to?(:project)
@project = @container.project
end
render_404 if @attachments.empty?
rescue ActiveRecord::RecordNotFound
render_404
end
# Checks that the file exists and is readable
def file_readable
if @attachment.readable?
true
else
logger.error "Cannot send attachment, #{@attachment.diskfile} does not exist or is unreadable."
render_404
end
end
def read_authorize
@attachment.visible? ? true : deny_access
end
def update_authorize
@attachment.editable? ? true : deny_access
end
def delete_authorize
@attachment.deletable? ? true : deny_access
end
def detect_content_type(attachment, is_thumb = false)
content_type = attachment.content_type
if content_type.blank? || content_type == "application/octet-stream"
content_type =
Redmine::MimeType.of(attachment.filename).presence ||
"application/octet-stream"
end
if is_thumb && content_type == "application/pdf"
# PDF previews are stored in PNG format
content_type = "image/png"
end
content_type
end
def disposition(attachment)
if attachment.is_pdf?
'inline'
else
'attachment'
end
end
# Returns attachments param for #update_all
def update_all_params
params.permit(:attachments => [:filename, :description]).require(:attachments)
end
end
app/controllers/auth_sources_controller.rb 0 → 100644
# frozen_string_literal: true
# Redmine - project management software
# Copyright (C) 2006-2019 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class AuthSourcesController < ApplicationController
layout 'admin'
self.main_menu = false
menu_item :ldap_authentication
before_action :require_admin
before_action :build_new_auth_source, :only => [:new, :create]
before_action :find_auth_source, :only => [:edit, :update, :test_connection, :destroy]
require_sudo_mode :update, :destroy
def index
@auth_source_pages, @auth_sources = paginate AuthSource, :per_page => 25
end
def new
end
def create
if @auth_source.save
flash[:notice] = l(:notice_successful_create)
redirect_to auth_sources_path
else
render :action => 'new'
end
end
def edit
end
def update
@auth_source.safe_attributes = params[:auth_source]
if @auth_source.save
flash[:notice] = l(:notice_successful_update)
redirect_to auth_sources_path
else
render :action => 'edit'
end
end
def test_connection
begin
@auth_source.test_connection
flash[:notice] = l(:notice_successful_connection)
rescue => e
flash[:error] = l(:error_unable_to_connect, e.message)
end
redirect_to auth_sources_path
end
def destroy
unless @auth_source.users.exists?
@auth_source.destroy
flash[:notice] = l(:notice_successful_delete)
else
flash[:error] = l(:error_can_not_delete_auth_source)
end
redirect_to auth_sources_path
end
def autocomplete_for_new_user
results = AuthSource.search(params[:term])
render :json => results.map {|result|
{
'value' => result[:login],
'label' => "#{result[:login]} (#{result[:firstname]} #{result[:lastname]})",
'login' => result[:login].to_s,
'firstname' => result[:firstname].to_s,
'lastname' => result[:lastname].to_s,
'mail' => result[:mail].to_s,
'auth_source_id' => result[:auth_source_id].to_s
}
}
end
private
def build_new_auth_source
@auth_source = AuthSource.new_subclass_instance(params[:type] || 'AuthSourceLdap')
if @auth_source
@auth_source.safe_attributes = params[:auth_source]
else
render_404
end
end
def find_auth_source
@auth_source = AuthSource.find(params[:id])
rescue ActiveRecord::RecordNotFound
render_404
end
end
app/controllers/auto_completes_controller.rb 0 → 100644
# frozen_string_literal: true
# Redmine - project management software
# Copyright (C) 2006-2019 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class AutoCompletesController < ApplicationController
before_action :find_project
def issues
issues = []
q = (params[:q] || params[:term]).to_s.strip
status = params[:status].to_s
issue_id = params[:issue_id].to_s
scope = Issue.cross_project_scope(@project, params[:scope]).visible
scope = scope.open(status == 'o') if status.present?
scope = scope.where.not(:id => issue_id.to_i) if issue_id.present?
if q.present?
if q =~ /\A#?(\d+)\z/
issues << scope.find_by(:id => $1.to_i)
end
issues += scope.like(q).order(:id => :desc).limit(10).to_a
issues.compact!
else
issues += scope.order(:id => :desc).limit(10).to_a
end
render :json => format_issues_json(issues)
end
private
def find_project
if params[:project_id].present?
@project = Project.find(params[:project_id])
end
rescue ActiveRecord::RecordNotFound
render_404
end
def format_issues_json(issues)
issues.map {|issue|
{
'id' => issue.id,
'label' => "#{issue.tracker} ##{issue.id}: #{issue.subject.to_s.truncate(60)}",
'value' => issue.id
}
}
end
end
app/controllers/boards_controller.rb 0 → 100644
# frozen_string_literal: true
# Redmine - project management software
# Copyright (C) 2006-2019 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class BoardsController < ApplicationController
default_search_scope :messages
before_action :find_project_by_project_id, :find_board_if_available, :authorize
accept_rss_auth :index, :show
helper :sort
include SortHelper
helper :watchers
def index
@boards = @project.boards.preload(:last_message => :author).to_a
# show the board if there is only one
if @boards.size == 1
@board = @boards.first
show
end
end
def show
respond_to do |format|
format.html {
sort_init 'updated_on', 'desc'
sort_update 'created_on' => "#{Message.table_name}.id",
'replies' => "#{Message.table_name}.replies_count",
'updated_on' => "COALESCE(#{Message.table_name}.last_reply_id, #{Message.table_name}.id)"
@topic_count = @board.topics.count
@topic_pages = Paginator.new @topic_count, per_page_option, params['page']
@topics = @board.topics.
reorder(:sticky => :desc).
limit(@topic_pages.per_page).
offset(@topic_pages.offset).
order(sort_clause).
preload(:author, {:last_reply => :author}).
to_a
@message = Message.new(:board => @board)
render :action => 'show', :layout => !request.xhr?
}
format.atom {
@messages = @board.messages.
reorder(:id => :desc).
includes(:author, :board).
limit(Setting.feeds_limit.to_i).
to_a
render_feed(@messages, :title => "#{@project}: #{@board}")
}
end
end
def new
@board = @project.boards.build
@board.safe_attributes = params[:board]
end
def create
@board = @project.boards.build
@board.safe_attributes = params[:board]
if @board.save
flash[:notice] = l(:notice_successful_create)
redirect_to_settings_in_projects
else
render :action => 'new'
end
end
def edit
end
def update
@board.safe_attributes = params[:board]
if @board.save
respond_to do |format|
format.html {
flash[:notice] = l(:notice_successful_update)
redirect_to_settings_in_projects
}
format.js { head 200 }
end
else
respond_to do |format|
format.html { render :action => 'edit' }
format.js { head 422 }
end
end
end
def destroy
if @board.destroy
flash[:notice] = l(:notice_successful_delete)
end
redirect_to_settings_in_projects
end
private
def redirect_to_settings_in_projects
redirect_to settings_project_path(@project, :tab => 'boards')
end
def find_board_if_available
@board = @project.boards.find(params[:id]) if params[:id]
rescue ActiveRecord::RecordNotFound
render_404
end
end
app/controllers/calendars_controller.rb 0 → 100644
# frozen_string_literal: true
# Redmine - project management software
# Copyright (C) 2006-2019 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class CalendarsController < ApplicationController
menu_item :calendar
before_action :find_optional_project
rescue_from Query::StatementInvalid, :with => :query_statement_invalid
helper :issues
helper :projects
helper :queries
include QueriesHelper
def show
if params[:year] and params[:year].to_i > 1900
@year = params[:year].to_i
if params[:month] and params[:month].to_i > 0 and params[:month].to_i < 13
@month = params[:month].to_i
end
end
@year ||= User.current.today.year
@month ||= User.current.today.month
@calendar = Redmine::Helpers::Calendar.new(Date.civil(@year, @month, 1), current_language, :month)
retrieve_query
@query.group_by = nil
@query.sort_criteria = nil
if @query.valid?
events = []
events += @query.issues(:include => [:tracker, :assigned_to, :priority],
:conditions => ["((start_date BETWEEN ? AND ?) OR (due_date BETWEEN ? AND ?))", @calendar.startdt, @calendar.enddt, @calendar.startdt, @calendar.enddt]
)
events += @query.versions(:conditions => ["effective_date BETWEEN ? AND ?", @calendar.startdt, @calendar.enddt])
@calendar.events = events
end
render :action => 'show', :layout => false if request.xhr?
end
end
app/controllers/comments_controller.rb 0 → 100644
# frozen_string_literal: true
# Redmine - project management software
# Copyright (C) 2006-2019 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class CommentsController < ApplicationController
default_search_scope :news
model_object News
before_action :find_model_object
before_action :find_project_from_association
before_action :authorize
def create
raise Unauthorized unless @news.commentable?
@comment = Comment.new
@comment.safe_attributes = params[:comment]
@comment.author = User.current
if @news.comments << @comment
flash[:notice] = l(:label_comment_added)
end
redirect_to news_path(@news)
end
def destroy
@news.comments.find(params[:comment_id]).destroy
redirect_to news_path(@news)
end
private
# ApplicationController's find_model_object sets it based on the controller
# name so it needs to be overridden and set to @news instead
def find_model_object
super
@news = @object
@comment = nil
@news
end
end
app/controllers/context_menus_controller.rb 0 → 100644
# frozen_string_literal: true
# Redmine - project management software
# Copyright (C) 2006-2019 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class ContextMenusController < ApplicationController
helper :watchers
helper :issues
before_action :find_issues, :only => :issues
def issues
if @issues.size == 1
@issue = @issues.first
end
@issue_ids = @issues.map(&:id).sort
@allowed_statuses = @issues.map(&:new_statuses_allowed_to).reduce(:&)
@can = {:edit => @issues.all?(&:attributes_editable?),
:log_time => (@project && User.current.allowed_to?(:log_time, @project)),
:copy => User.current.allowed_to?(:copy_issues, @projects) && Issue.allowed_target_projects.any?,
:add_watchers => User.current.allowed_to?(:add_issue_watchers, @projects),
:delete => @issues.all?(&:deletable?)
}
@assignables = @issues.map(&:assignable_users).reduce(:&)
@trackers = @projects.map {|p| Issue.allowed_target_trackers(p) }.reduce(:&)
@versions = @projects.map {|p| p.shared_versions.open}.reduce(:&)
@priorities = IssuePriority.active.reverse
@back = back_url
@columns = params[:c]
@options_by_custom_field = {}
if @can[:edit]
custom_fields = @issues.map(&:editable_custom_fields).reduce(:&).reject(&:multiple?).select {|field| field.format.bulk_edit_supported}
custom_fields.each do |field|
values = field.possible_values_options(@projects)
if values.present?
@options_by_custom_field[field] = values
end
end
end
@safe_attributes = @issues.map(&:safe_attribute_names).reduce(:&)
render :layout => false
end
def time_entries
@time_entries = TimeEntry.where(:id => params[:ids]).
preload(:project => :time_entry_activities).
preload(:user).to_a
(render_404; return) unless @time_entries.present?
if @time_entries.size == 1
@time_entry = @time_entries.first
end
@projects = @time_entries.collect(&:project).compact.uniq
@project = @projects.first if @projects.size == 1
@activities = @projects.map(&:activities).reduce(:&)
edit_allowed = @time_entries.all? {|t| t.editable_by?(User.current)}
@can = {:edit => edit_allowed, :delete => edit_allowed}
@back = back_url
@options_by_custom_field = {}
if @can[:edit]
custom_fields = @time_entries.map(&:editable_custom_fields).reduce(:&).reject(&:multiple?).select {|field| field.format.bulk_edit_supported}
custom_fields.each do |field|
values = field.possible_values_options(@projects)
if values.present?
@options_by_custom_field[field] = values
end
end
end
render :layout => false
end
end
app/controllers/custom_field_enumerations_controller.rb 0 → 100644
# frozen_string_literal: true
# Redmine - project management software
# Copyright (C) 2006-2019 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class CustomFieldEnumerationsController < ApplicationController
layout 'admin'
self.main_menu = false
before_action :require_admin
before_action :find_custom_field
before_action :find_enumeration, :only => :destroy
helper :custom_fields
def index
@values = @custom_field.enumerations.order(:position)
end
def create
@value = @custom_field.enumerations.build
@value.attributes = enumeration_params
@value.save
respond_to do |format|
format.html { redirect_to custom_field_enumerations_path(@custom_field) }
format.js
end
end
def update_each
saved = CustomFieldEnumeration.update_each(@custom_field, update_each_params)
if saved
flash[:notice] = l(:notice_successful_update)
end
redirect_to :action => 'index'
end
def destroy
reassign_to = @custom_field.enumerations.find_by_id(params[:reassign_to_id])
if reassign_to.nil? && @value.in_use?
@enumerations = @custom_field.enumerations - [@value]
render :action => 'destroy'
return
end
@value.destroy(reassign_to)
redirect_to custom_field_enumerations_path(@custom_field)
end
private
def find_custom_field
@custom_field = CustomField.find(params[:custom_field_id])
rescue ActiveRecord::RecordNotFound
render_404
end
def find_enumeration
@value = @custom_field.enumerations.find(params[:id])
rescue ActiveRecord::RecordNotFound
render_404
end
def enumeration_params
params.require(:custom_field_enumeration).permit(:name, :active, :position)
end
def update_each_params
# params.require(:custom_field_enumerations).permit(:name, :active, :position) does not work here with param like this:
# "custom_field_enumerations":{"0":{"name": ...}, "1":{"name...}}
params.permit(:custom_field_enumerations => [:name, :active, :position]).require(:custom_field_enumerations)
end
end
app/controllers/custom_fields_controller.rb 0 → 100644
# frozen_string_literal: true
# Redmine - project management software
# Copyright (C) 2006-2019 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class CustomFieldsController < ApplicationController
layout 'admin'
self.main_menu = false
before_action :require_admin
before_action :build_new_custom_field, :only => [:new, :create]
before_action :find_custom_field, :only => [:edit, :update, :destroy]
accept_api_auth :index
def index
respond_to do |format|
format.html {
@custom_fields_by_type = CustomField.all.group_by {|f| f.class.name }
@custom_fields_projects_count =
IssueCustomField.where(is_for_all: false).joins(:projects).group(:custom_field_id).count
}
format.api {
@custom_fields = CustomField.all
}
end
end
def new
@custom_field.field_format = 'string' if @custom_field.field_format.blank?
@custom_field.default_value = nil
end
def create
if @custom_field.save
flash[:notice] = l(:notice_successful_create)
call_hook(:controller_custom_fields_new_after_save, :params => params, :custom_field => @custom_field)
if params[:continue]
redirect_to new_custom_field_path({:type => @custom_field.type})
else
redirect_to edit_custom_field_path(@custom_field)
end
else
render :action => 'new'
end
end
def edit
end
def update
@custom_field.safe_attributes = params[:custom_field]
if @custom_field.save
call_hook(:controller_custom_fields_edit_after_save, :params => params, :custom_field => @custom_field)
respond_to do |format|
format.html {
flash[:notice] = l(:notice_successful_update)
redirect_back_or_default edit_custom_field_path(@custom_field)
}
format.js { head 200 }
end
else
respond_to do |format|
format.html { render :action => 'edit' }
format.js { head 422 }
end
end
end
def destroy
begin
if @custom_field.destroy
flash[:notice] = l(:notice_successful_delete)
end
rescue
flash[:error] = l(:error_can_not_delete_custom_field)
end
redirect_to custom_fields_path(:tab => @custom_field.class.name)
end
private
def build_new_custom_field
@custom_field = CustomField.new_subclass_instance(params[:type])
if @custom_field.nil?
render :action => 'select_type'
else
@custom_field.safe_attributes = params[:custom_field]
end
end
def find_custom_field
@custom_field = CustomField.find(params[:id])
rescue ActiveRecord::RecordNotFound
render_404
end
end
app/controllers/documents_controller.rb 0 → 100644
# frozen_string_literal: true
# Redmine - project management software
# Copyright (C) 2006-2019 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class DocumentsController < ApplicationController
default_search_scope :documents
model_object Document
before_action :find_project_by_project_id, :only => [:index, :new, :create]
before_action :find_model_object, :except => [:index, :new, :create]
before_action :find_project_from_association, :except => [:index, :new, :create]
before_action :authorize
helper :attachments
helper :custom_fields
def index
@sort_by = %w(category date title author).include?(params[:sort_by]) ? params[:sort_by] : 'category'
documents = @project.documents.includes(:attachments, :category).to_a
case @sort_by
when 'date'
documents.sort!{|a,b| b.updated_on <=> a.updated_on}
@grouped = documents.group_by {|d| d.updated_on.to_date}
when 'title'
@grouped = documents.group_by {|d| d.title.first.upcase}
when 'author'
@grouped = documents.select{|d| d.attachments.any?}.group_by {|d| d.attachments.last.author}
else
@grouped = documents.group_by(&:category)
end
@document = @project.documents.build
render :layout => false if request.xhr?
end
def show
@attachments = @document.attachments.to_a
end
def new
@document = @project.documents.build
@document.safe_attributes = params[:document]
end
def create
@document = @project.documents.build
@document.safe_attributes = params[:document]
@document.save_attachments(params[:attachments])
if @document.save
render_attachment_warning_if_needed(@document)
flash[:notice] = l(:notice_successful_create)
redirect_to project_documents_path(@project)
else
render :action => 'new'
end
end
def edit
end
def update
@document.safe_attributes = params[:document]
if @document.save
flash[:notice] = l(:notice_successful_update)
redirect_to document_path(@document)
else
render :action => 'edit'
end
end
def destroy
@document.destroy if request.delete?
redirect_to project_documents_path(@project)
end
def add_attachment
attachments = Attachment.attach_files(@document, params[:attachments])
render_attachment_warning_if_needed(@document)
if attachments.present? && attachments[:files].present? && Setting.notified_events.include?('document_added')
Mailer.deliver_attachments_added(attachments[:files])
end
redirect_to document_path(@document)
end
end
app/controllers/email_addresses_controller.rb 0 → 100644
# frozen_string_literal: true
# Redmine - project management software
# Copyright (C) 2006-2019 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class EmailAddressesController < ApplicationController
self.main_menu = false
before_action :find_user, :require_admin_or_current_user
before_action :find_email_address, :only => [:update, :destroy]
require_sudo_mode :create, :update, :destroy
def index
@addresses = @user.email_addresses.order(:id).where(:is_default => false).to_a
@address ||= EmailAddress.new
end
def create
saved = false
if @user.email_addresses.count <= Setting.max_additional_emails.to_i
@address = EmailAddress.new(:user => @user, :is_default => false)
@address.safe_attributes = params[:email_address]
saved = @address.save
end
respond_to do |format|
format.html {
if saved
redirect_to user_email_addresses_path(@user)
else
index
render :action => 'index'
end
}
format.js {
@address = nil if saved
index
render :action => 'index'
}
end
end
def update
if params[:notify].present?
@address.notify = params[:notify].to_s
end
@address.save
respond_to do |format|
format.html {
redirect_to user_email_addresses_path(@user)
}
format.js {
@address = nil
index
render :action => 'index'
}
end
end
def destroy
@address.destroy
respond_to do |format|
format.html {
redirect_to user_email_addresses_path(@user)
}
format.js {
@address = nil
index
render :action => 'index'
}
end
end
private
def find_user
@user = User.find(params[:user_id])
end
def find_email_address
@address = @user.email_addresses.where(:is_default => false).find(params[:id])
rescue ActiveRecord::RecordNotFound
render_404
end
def require_admin_or_current_user
unless @user == User.current
require_admin
end
end
end
app/controllers/enumerations_controller.rb 0 → 100644
# frozen_string_literal: true
# Redmine - project management software
# Copyright (C) 2006-2019 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class EnumerationsController < ApplicationController
layout 'admin'
self.main_menu = false
before_action :require_admin, :except => :index
before_action :require_admin_or_api_request, :only => :index
before_action :build_new_enumeration, :only => [:new, :create]
before_action :find_enumeration, :only => [:edit, :update, :destroy]
accept_api_auth :index
helper :custom_fields
def index
respond_to do |format|
format.html
format.api {
@klass = Enumeration.get_subclass(params[:type])
if @klass
@enumerations = @klass.shared.sorted.to_a
else
render_404
end
}
end
end
def new
end
def create
if request.post? && @enumeration.save
flash[:notice] = l(:notice_successful_create)
redirect_to enumerations_path
else
render :action => 'new'
end
end
def edit
end
def update
if @enumeration.update(enumeration_params)
respond_to do |format|
format.html {
flash[:notice] = l(:notice_successful_update)
redirect_to enumerations_path
}
format.js { head 200 }
end
else
respond_to do |format|
format.html { render :action => 'edit' }
format.js { head 422 }
end
end
end
def destroy
if !@enumeration.in_use?
# No associated objects
@enumeration.destroy
redirect_to enumerations_path
return
elsif params[:reassign_to_id].present? && (reassign_to = @enumeration.class.find_by_id(params[:reassign_to_id].to_i))
@enumeration.destroy(reassign_to)
redirect_to enumerations_path
return
end
@enumerations = @enumeration.class.system.to_a - [@enumeration]
end
private
def build_new_enumeration
class_name = params[:enumeration] && params[:enumeration][:type] || params[:type]
@enumeration = Enumeration.new_subclass_instance(class_name)
if @enumeration
@enumeration.attributes = enumeration_params || {}
else
render_404
end
end
def find_enumeration
@enumeration = Enumeration.find(params[:id])
rescue ActiveRecord::RecordNotFound
render_404
end
def enumeration_params
# can't require enumeration on #new action
cf_ids = @enumeration.available_custom_fields.map {|c| c.multiple? ? {c.id.to_s => []} : c.id.to_s}
params.permit(:enumeration => [:name, :active, :is_default, :position, :custom_field_values => cf_ids])[:enumeration]
end
end
app/controllers/files_controller.rb 0 → 100644
# frozen_string_literal: true
# Redmine - project management software
# Copyright (C) 2006-2019 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class FilesController < ApplicationController
menu_item :files
before_action :find_project_by_project_id
before_action :authorize
accept_api_auth :index, :create
helper :attachments
helper :sort
include SortHelper
def index
sort_init 'filename', 'asc'
sort_update 'filename' => "#{Attachment.table_name}.filename",
'created_on' => "#{Attachment.table_name}.created_on",
'size' => "#{Attachment.table_name}.filesize",
'downloads' => "#{Attachment.table_name}.downloads"
@containers = [Project.includes(:attachments).
references(:attachments).reorder(sort_clause).find(@project.id)]
@containers += @project.versions.includes(:attachments).
references(:attachments).reorder(sort_clause).to_a.sort.reverse
respond_to do |format|
format.html { render :layout => !request.xhr? }
format.api
end
end
def new
@versions = @project.versions.sorted
end
def create
version_id = params[:version_id] || (params[:file] && params[:file][:version_id])
container = version_id.blank? ? @project : @project.versions.find_by_id(version_id)
attachments = Attachment.attach_files(container, (params[:attachments] || (params[:file] && params[:file][:token] && params)))
render_attachment_warning_if_needed(container)
if attachments[:files].present?
if Setting.notified_events.include?('file_added')
Mailer.deliver_attachments_added(attachments[:files])
end
respond_to do |format|
format.html {
flash[:notice] = l(:label_file_added)
redirect_to project_files_path(@project)
}
format.api { render_api_ok }
end
else
respond_to do |format|
format.html {
flash.now[:error] = l(:label_attachment) + " " + l('activerecord.errors.messages.invalid')
new
render :action => 'new'
}
format.api { render :status => :bad_request }
end
end
end
end
app/controllers/gantts_controller.rb 0 → 100644
# frozen_string_literal: true
# Redmine - project management software
# Copyright (C) 2006-2019 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class GanttsController < ApplicationController
menu_item :gantt
before_action :find_optional_project
rescue_from Query::StatementInvalid, :with => :query_statement_invalid
helper :gantt
helper :issues
helper :projects
helper :queries
include QueriesHelper
include Redmine::Export::PDF
def show
@gantt = Redmine::Helpers::Gantt.new(params)
@gantt.project = @project
retrieve_query
@query.group_by = nil
@gantt.query = @query if @query.valid?
basename = (@project ? "#{@project.identifier}-" : '') + 'gantt'
respond_to do |format|
format.html { render :action => "show", :layout => !request.xhr? }
format.png { send_data(@gantt.to_image, :disposition => 'inline', :type => 'image/png', :filename => "#{basename}.png") } if @gantt.respond_to?('to_image')
format.pdf { send_data(@gantt.to_pdf, :type => 'application/pdf', :filename => "#{basename}.pdf") }
end
end
end
app/controllers/groups_controller.rb 0 → 100644
# frozen_string_literal: true
# Redmine - project management software
# Copyright (C) 2006-2019 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class GroupsController < ApplicationController
layout 'admin'
self.main_menu = false
before_action :require_admin
before_action :find_group, :except => [:index, :new, :create]
accept_api_auth :index, :show, :create, :update, :destroy, :add_users, :remove_user
require_sudo_mode :add_users, :remove_user, :create, :update, :destroy, :edit_membership, :destroy_membership
helper :custom_fields
helper :principal_memberships
def index
respond_to do |format|
format.html {
scope = Group.sorted
scope = scope.like(params[:name]) if params[:name].present?
@group_count = scope.count
@group_pages = Paginator.new @group_count, per_page_option, params['page']
@groups = scope.limit(@group_pages.per_page).offset(@group_pages.offset).to_a
@user_count_by_group_id = user_count_by_group_id
}
format.api {
scope = Group.sorted
scope = scope.givable unless params[:builtin] == '1'
@groups = scope.to_a
}
end
end
def show
respond_to do |format|
format.html
format.api
end
end
def new
@group = Group.new
end
def create
@group = Group.new
@group.safe_attributes = params[:group]
respond_to do |format|
if @group.save
format.html {
flash[:notice] = l(:notice_successful_create)
redirect_to(params[:continue] ? new_group_path : groups_path)
}
format.api { render :action => 'show', :status => :created, :location => group_url(@group) }
else
format.html { render :action => "new" }
format.api { render_validation_errors(@group) }
end
end
end
def edit
end
def update
@group.safe_attributes = params[:group]
respond_to do |format|
if @group.save
flash[:notice] = l(:notice_successful_update)
format.html { redirect_to_referer_or(groups_path) }
format.api { render_api_ok }
else
format.html { render :action => "edit" }
format.api { render_validation_errors(@group) }
end
end
end
def destroy
@group.destroy
respond_to do |format|
format.html { redirect_to_referer_or(groups_path) }
format.api { render_api_ok }
end
end
def new_users
end
def add_users
@users = User.not_in_group(@group).where(:id => (params[:user_id] || params[:user_ids])).to_a
@group.users << @users
respond_to do |format|
format.html { redirect_to edit_group_path(@group, :tab => 'users') }
format.js
format.api {
if @users.any?
render_api_ok
else
render_api_errors "#{l(:label_user)} #{l('activerecord.errors.messages.invalid')}"
end
}
end
end
def remove_user
@group.users.delete(User.find(params[:user_id])) if request.delete?
respond_to do |format|
format.html { redirect_to edit_group_path(@group, :tab => 'users') }
format.js
format.api { render_api_ok }
end
end
def autocomplete_for_user
respond_to do |format|
format.js
end
end
private
def find_group
@group = Group.find(params[:id])
rescue ActiveRecord::RecordNotFound
render_404
end
def user_count_by_group_id
h = User.joins(:groups).group('group_id').count
h.keys.each do |key|
h[key.to_i] = h.delete(key)
end
h
end
end
app/controllers/imports_controller.rb 0 → 100644
# frozen_string_literal: true
# Redmine - project management software
# Copyright (C) 2006-2019 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
require 'csv'
class ImportsController < ApplicationController
before_action :find_import, :only => [:show, :settings, :mapping, :run]
before_action :authorize_import
layout :import_layout
helper :issues
helper :queries
def new
@import = import_type.new
end
def create
@import = import_type.new
@import.user = User.current
@import.file = params[:file]
@import.set_default_settings(:project_id => params[:project_id])
if @import.save
redirect_to import_settings_path(@import)
else
render :action => 'new'
end
end
def show
end
def settings
if request.post? && @import.parse_file
redirect_to import_mapping_path(@import)
end
rescue CSV::MalformedCSVError, EncodingError => e
if e.is_a?(CSV::MalformedCSVError) && e.message !~ /Invalid byte sequence/
flash.now[:error] = l(:error_invalid_csv_file_or_settings)
else
flash.now[:error] = l(:error_invalid_file_encoding, :encoding => ERB::Util.h(@import.settings['encoding']))
end
rescue SystemCallError => e
flash.now[:error] = l(:error_can_not_read_import_file)
end
def mapping
@custom_fields = @import.mappable_custom_fields
if request.post?
respond_to do |format|
format.html {
if params[:previous]
redirect_to import_settings_path(@import)
else
redirect_to import_run_path(@import)
end
}
format.js # updates mapping form on project or tracker change
end
end
end
def run
if request.post?
@current = @import.run(
:max_items => max_items_per_request,
:max_time => 10.seconds
)
respond_to do |format|
format.html {
if @import.finished?
redirect_to import_path(@import)
else
redirect_to import_run_path(@import)
end
}
format.js
end
end
end
def current_menu(project)
if import_layout == 'admin'
nil
else
:application_menu
end
end
private
def find_import
@import = Import.where(:user_id => User.current.id, :filename => params[:id]).first
if @import.nil?
render_404
return
elsif @import.finished? && action_name != 'show'
redirect_to import_path(@import)
return
end
update_from_params if request.post?
end
def update_from_params
if params[:import_settings].present?
@import.settings ||= {}
@import.settings.merge!(params[:import_settings].to_unsafe_hash)
@import.save!
end
end
def max_items_per_request
5
end
def import_layout
import_type && import_type.layout || 'base'
end
def menu_items
menu_item = import_type ? import_type.menu_item : nil
{ self.controller_name.to_sym => { :actions => {}, :default => menu_item } }
end
def authorize_import
return render_404 unless import_type
return render_403 unless import_type.authorized?(User.current)
end
def import_type
return @import_type if defined? @import_type
@import_type =
if @import
@import.class
else
type = Object.const_get(params[:type]) rescue nil
type && type < Import ? type : nil
end
end
end
app/controllers/issue_categories_controller.rb 0 → 100644
# frozen_string_literal: true
# Redmine - project management software
# Copyright (C) 2006-2019 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class IssueCategoriesController < ApplicationController
menu_item :settings
model_object IssueCategory
before_action :find_model_object, :except => [:index, :new, :create]
before_action :find_project_from_association, :except => [:index, :new, :create]
before_action :find_project_by_project_id, :only => [:index, :new, :create]
before_action :authorize
accept_api_auth :index, :show, :create, :update, :destroy
def index
respond_to do |format|
format.html { redirect_to_settings_in_projects }
format.api { @categories = @project.issue_categories.to_a }
end
end
def show
respond_to do |format|
format.html { redirect_to_settings_in_projects }
format.api
end
end
def new
@category = @project.issue_categories.build
@category.safe_attributes = params[:issue_category]
respond_to do |format|
format.html
format.js
end
end
def create
@category = @project.issue_categories.build
@category.safe_attributes = params[:issue_category]
if @category.save
respond_to do |format|
format.html do
flash[:notice] = l(:notice_successful_create)
redirect_to_settings_in_projects
end
format.js
format.api { render :action => 'show', :status => :created, :location => issue_category_path(@category) }
end
else
respond_to do |format|
format.html { render :action => 'new'}
format.js { render :action => 'new'}
format.api { render_validation_errors(@category) }
end
end
end
def edit
end
def update
@category.safe_attributes = params[:issue_category]
if @category.save
respond_to do |format|
format.html {
flash[:notice] = l(:notice_successful_update)
redirect_to_settings_in_projects
}
format.api { render_api_ok }
end
else
respond_to do |format|
format.html { render :action => 'edit' }
format.api { render_validation_errors(@category) }
end
end
end
def destroy
@issue_count = @category.issues.size
if @issue_count == 0 || params[:todo] || api_request?
reassign_to = nil
if params[:reassign_to_id] && (params[:todo] == 'reassign' || params[:todo].blank?)
reassign_to = @project.issue_categories.find_by_id(params[:reassign_to_id])
end
@category.destroy(reassign_to)
respond_to do |format|
format.html { redirect_to_settings_in_projects }
format.api { render_api_ok }
end
return
end
@categories = @project.issue_categories - [@category]
end
private
def redirect_to_settings_in_projects
redirect_to settings_project_path(@project, :tab => 'categories')
end
# Wrap ApplicationController's find_model_object method to set
# @category instead of just @issue_category
def find_model_object
super
@category = @object
end
end
app/controllers/issue_relations_controller.rb 0 → 100644
# frozen_string_literal: true
# Redmine - project management software
# Copyright (C) 2006-2019 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class IssueRelationsController < ApplicationController
helper :issues
before_action :find_issue, :authorize, :only => [:index, :create]
before_action :find_relation, :only => [:show, :destroy]
accept_api_auth :index, :show, :create, :destroy
def index
@relations = @issue.relations
respond_to do |format|
format.html { head 200 }
format.api
end
end
def show
raise Unauthorized unless @relation.visible?
respond_to do |format|
format.html { head 200 }
format.api
end
end
def create
@relation = IssueRelation.new
@relation.issue_from = @issue
@relation.safe_attributes = params[:relation]
@relation.init_journals(User.current)
begin
saved = @relation.save
rescue ActiveRecord::RecordNotUnique
saved = false
@relation.errors.add :base, :taken
end
respond_to do |format|
format.html { redirect_to issue_path(@issue) }
format.js {
@relations = @issue.reload.relations.select {|r| r.other_issue(@issue) && r.other_issue(@issue).visible? }
}
format.api {
if saved
render :action => 'show', :status => :created, :location => relation_url(@relation)
else
render_validation_errors(@relation)
end
}
end
end
def destroy
raise Unauthorized unless @relation.deletable?
@relation.init_journals(User.current)
@relation.destroy
respond_to do |format|
format.html { redirect_to issue_path(@relation.issue_from) }
format.js
format.api { render_api_ok }
end
end
private
def find_issue
@issue = Issue.find(params[:issue_id])
@project = @issue.project
rescue ActiveRecord::RecordNotFound
render_404
end
def find_relation
@relation = IssueRelation.find(params[:id])
rescue ActiveRecord::RecordNotFound
render_404
end
end
app/controllers/issue_statuses_controller.rb 0 → 100644
# frozen_string_literal: true
# Redmine - project management software
# Copyright (C) 2006-2019 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class IssueStatusesController < ApplicationController
layout 'admin'
self.main_menu = false
before_action :require_admin, :except => :index
before_action :require_admin_or_api_request, :only => :index
accept_api_auth :index
def index
@issue_statuses = IssueStatus.sorted.to_a
respond_to do |format|
format.html { render :layout => false if request.xhr? }
format.api
end
end
def new
@issue_status = IssueStatus.new
end
def create
@issue_status = IssueStatus.new
@issue_status.safe_attributes = params[:issue_status]
if @issue_status.save
flash[:notice] = l(:notice_successful_create)
redirect_to issue_statuses_path
else
render :action => 'new'
end
end
def edit
@issue_status = IssueStatus.find(params[:id])
end
def update
@issue_status = IssueStatus.find(params[:id])
@issue_status.safe_attributes = params[:issue_status]
if @issue_status.save
respond_to do |format|
format.html {
flash[:notice] = l(:notice_successful_update)
redirect_to issue_statuses_path(:page => params[:page])
}
format.js { head 200 }
end
else
respond_to do |format|
format.html { render :action => 'edit' }
format.js { head 422 }
end
end
end
def destroy
IssueStatus.find(params[:id]).destroy
redirect_to issue_statuses_path
rescue => e
flash[:error] = l(:error_unable_delete_issue_status, ERB::Util.h(e.message))
redirect_to issue_statuses_path
end
def update_issue_done_ratio
if request.post? && IssueStatus.update_issue_done_ratios
flash[:notice] = l(:notice_issue_done_ratios_updated)
else
flash[:error] = l(:error_issue_done_ratios_not_updated)
end
redirect_to issue_statuses_path
end
end
app/controllers/journals_controller.rb 0 → 100644
# frozen_string_literal: true
# Redmine - project management software
# Copyright (C) 2006-2019 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class JournalsController < ApplicationController
before_action :find_journal, :only => [:edit, :update, :diff]
before_action :find_issue, :only => [:new]
before_action :find_optional_project, :only => [:index]
before_action :authorize, :only => [:new, :edit, :update, :diff]
accept_rss_auth :index
menu_item :issues
helper :issues
helper :custom_fields
helper :queries
include QueriesHelper
def index
retrieve_query
if @query.valid?
@journals = @query.journals(:order => "#{Journal.table_name}.created_on DESC",
:limit => 25)
end
@title = (@project ? @project.name : Setting.app_title) + ": " + (@query.new_record? ? l(:label_changes_details) : @query.name)
render :layout => false, :content_type => 'application/atom+xml'
rescue ActiveRecord::RecordNotFound
render_404
end
def diff
@issue = @journal.issue
if params[:detail_id].present?
@detail = @journal.details.find_by_id(params[:detail_id])
else
@detail = @journal.details.detect {|d| d.property == 'attr' && d.prop_key == 'description'}
end
unless @issue && @detail
render_404
return false
end
if @detail.property == 'cf'
unless @detail.custom_field && @detail.custom_field.visible_by?(@issue.project, User.current)
raise ::Unauthorized
end
end
@diff = Redmine::Helpers::Diff.new(@detail.value, @detail.old_value)
end
def new
@journal = Journal.visible.find(params[:journal_id]) if params[:journal_id]
if @journal
user = @journal.user
text = @journal.notes
@content = +"#{ll(Setting.default_language, :text_user_wrote_in, {:value => user, :link => "#note-#{params[:journal_indice]}"})}\n> "
else
user = @issue.author
text = @issue.description
@content = +"#{ll(Setting.default_language, :text_user_wrote, user)}\n> "
end
# Replaces pre blocks with [...]
text = text.to_s.strip.gsub(%r{<pre>(.*?)</pre>}m, '[...]')
@content << text.gsub(/(\r?\n|\r\n?)/, "\n> ") + "\n\n"
rescue ActiveRecord::RecordNotFound
render_404
end
def edit
(render_403; return false) unless @journal.editable_by?(User.current)
respond_to do |format|
# TODO: implement non-JS journal update
format.js
end
end
def update
(render_403; return false) unless @journal.editable_by?(User.current)
@journal.safe_attributes = params[:journal]
@journal.save
@journal.destroy if @journal.details.empty? && @journal.notes.blank?
call_hook(:controller_journals_edit_post, { :journal => @journal, :params => params})
respond_to do |format|
format.html { redirect_to issue_path(@journal.journalized) }
format.js
end
end
private
def find_journal
@journal = Journal.visible.find(params[:id])
@project = @journal.journalized.project
rescue ActiveRecord::RecordNotFound
render_404
end
end
app/controllers/mail_handler_controller.rb 0 → 100644
# frozen_string_literal: true
# Redmine - project management software
# Copyright (C) 2006-2019 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class MailHandlerController < ActionController::Base
before_action :check_credential
# Displays the email submission form
def new
end
# Submits an incoming email to MailHandler
def index
options = params.dup
email = options.delete(:email)
if MailHandler.safe_receive(email, options)
head :created
else
head :unprocessable_entity
end
end
private
def check_credential
User.current = nil
unless Setting.mail_handler_api_enabled? && params[:key].to_s == Setting.mail_handler_api_key
render :plain => 'Access denied. Incoming emails WS is disabled or key is invalid.', :status => 403
end
end
end
app/controllers/members_controller.rb 0 → 100644
# frozen_string_literal: true
# Redmine - project management software
# Copyright (C) 2006-2019 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class MembersController < ApplicationController
model_object Member
before_action :find_model_object, :except => [:index, :new, :create, :autocomplete]
before_action :find_project_from_association, :except => [:index, :new, :create, :autocomplete]
before_action :find_project_by_project_id, :only => [:index, :new, :create, :autocomplete]
before_action :authorize
accept_api_auth :index, :show, :create, :update, :destroy
require_sudo_mode :create, :update, :destroy
def index
scope = @project.memberships
@offset, @limit = api_offset_and_limit
@member_count = scope.count
@member_pages = Paginator.new @member_count, @limit, params['page']
@offset ||= @member_pages.offset
@members = scope.order(:id).limit(@limit).offset(@offset).to_a
respond_to do |format|
format.html { head 406 }
format.api
end
end
def show
respond_to do |format|
format.html { head 406 }
format.api
end
end
def new
@member = Member.new
end
def create
members = []
if params[:membership]
user_ids = Array.wrap(params[:membership][:user_id] || params[:membership][:user_ids])
user_ids << nil if user_ids.empty?
user_ids.each do |user_id|
member = Member.new(:project => @project, :user_id => user_id)
member.set_editable_role_ids(params[:membership][:role_ids])
members << member
end
@project.members << members
end
respond_to do |format|
format.html { redirect_to_settings_in_projects }
format.js {
@members = members
@member = Member.new
}
format.api {
@member = members.first
if @member.valid?
render :action => 'show', :status => :created, :location => membership_url(@member)
else
render_validation_errors(@member)
end
}
end
end
def edit
@roles = Role.givable.to_a
end
def update
if params[:membership]
@member.set_editable_role_ids(params[:membership][:role_ids])
end
saved = @member.save
respond_to do |format|
format.html { redirect_to_settings_in_projects }
format.js
format.api {
if saved
render_api_ok
else
render_validation_errors(@member)
end
}
end
end
def destroy
if @member.deletable?
@member.destroy
end
respond_to do |format|
format.html { redirect_to_settings_in_projects }
format.js
format.api {
if @member.destroyed?
render_api_ok
else
head :unprocessable_entity
end
}
end
end
def autocomplete
respond_to do |format|
format.js
end
end
private
def redirect_to_settings_in_projects
redirect_to settings_project_path(@project, :tab => 'members')
end
end
app/controllers/messages_controller.rb 0 → 100644
# frozen_string_literal: true
# Redmine - project management software
# Copyright (C) 2006-2019 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class MessagesController < ApplicationController
menu_item :boards
default_search_scope :messages
before_action :find_board, :only => [:new, :preview]
before_action :find_attachments, :only => [:preview]
before_action :find_message, :except => [:new, :preview]
before_action :authorize, :except => [:preview, :edit, :destroy]
helper :boards
helper :watchers
helper :attachments
include AttachmentsHelper
REPLIES_PER_PAGE = 25 unless const_defined?(:REPLIES_PER_PAGE)
# Show a topic and its replies
def show
page = params[:page]
# Find the page of the requested reply
if params[:r] && page.nil?
offset = @topic.children.where("#{Message.table_name}.id < ?", params[:r].to_i).count
page = 1 + offset / REPLIES_PER_PAGE
end
@reply_count = @topic.children.count
@reply_pages = Paginator.new @reply_count, REPLIES_PER_PAGE, page
@replies = @topic.children.
includes(:author, :attachments, {:board => :project}).
reorder("#{Message.table_name}.created_on ASC, #{Message.table_name}.id ASC").
limit(@reply_pages.per_page).
offset(@reply_pages.offset).
to_a
@reply = Message.new(:subject => "RE: #{@message.subject}")
render :action => "show", :layout => false if request.xhr?
end
# Create a new topic
def new
@message = Message.new
@message.author = User.current
@message.board = @board
@message.safe_attributes = params[:message]
if request.post?
@message.save_attachments(params[:attachments])
if @message.save
call_hook(:controller_messages_new_after_save, { :params => params, :message => @message})
render_attachment_warning_if_needed(@message)
flash[:notice] = l(:notice_successful_create)
redirect_to board_message_path(@board, @message)
end
end
end
# Reply to a topic
def reply
@reply = Message.new
@reply.author = User.current
@reply.board = @board
@reply.safe_attributes = params[:reply]
@topic.children << @reply
if !@reply.new_record?
call_hook(:controller_messages_reply_after_save, { :params => params, :message => @reply})
attachments = Attachment.attach_files(@reply, params[:attachments])
render_attachment_warning_if_needed(@reply)
end
flash[:notice] = l(:notice_successful_update)
redirect_to board_message_path(@board, @topic, :r => @reply)
end
# Edit a message
def edit
(render_403; return false) unless @message.editable_by?(User.current)
@message.safe_attributes = params[:message]
if request.post? && @message.save
attachments = Attachment.attach_files(@message, params[:attachments])
render_attachment_warning_if_needed(@message)
flash[:notice] = l(:notice_successful_update)
@message.reload
redirect_to board_message_path(@message.board, @message.root, :r => (@message.parent_id && @message.id))
end
end
# Delete a messages
def destroy
(render_403; return false) unless @message.destroyable_by?(User.current)
r = @message.to_param
@message.destroy
flash[:notice] = l(:notice_successful_delete)
if @message.parent
redirect_to board_message_path(@board, @message.parent, :r => r)
else
redirect_to project_board_path(@project, @board)
end
end
def quote
@subject = @message.subject
@subject = "RE: #{@subject}" unless @subject.starts_with?('RE:')
if @message.root == @message
@content = +"#{ll(Setting.default_language, :text_user_wrote, @message.author)}\n> "
else
@content = +"#{ll(Setting.default_language, :text_user_wrote_in, {:value => @message.author, :link => "message##{@message.id}"})}\n> "
end
@content << @message.content.to_s.strip.gsub(%r{<pre>(.*?)</pre>}m, '[...]').gsub(/(\r?\n|\r\n?)/, "\n> ") + "\n\n"
end
def preview
message = @board.messages.find_by_id(params[:id])
@text = params[:text] ? params[:text] : nil
@previewed = message
render :partial => 'common/preview'
end
private
def find_message
return unless find_board
@message = @board.messages.includes(:parent).find(params[:id])
@topic = @message.root
rescue ActiveRecord::RecordNotFound
render_404
end
def find_board
@board = Board.includes(:project).find(params[:board_id])
@project = @board.project
rescue ActiveRecord::RecordNotFound
render_404
nil
end
end
app/controllers/my_controller.rb 0 → 100644
# frozen_string_literal: true
# Redmine - project management software
# Copyright (C) 2006-2019 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class MyController < ApplicationController
self.main_menu = false
before_action :require_login
# let user change user's password when user has to
skip_before_action :check_password_change, :only => :password
accept_api_auth :account
require_sudo_mode :account, only: :put
require_sudo_mode :reset_rss_key, :reset_api_key, :show_api_key, :destroy
helper :issues
helper :users
helper :custom_fields
helper :queries
helper :activities
helper :calendars
def index
page
render :action => 'page'
end
# Show user's page
def page
@user = User.current
@groups = @user.pref.my_page_groups
@blocks = @user.pref.my_page_layout
end
# Edit user's account
def account
@user = User.current
@pref = @user.pref
if request.put?
@user.safe_attributes = params[:user]
@user.pref.safe_attributes = params[:pref]
if @user.save
@user.pref.save
set_language_if_valid @user.language
respond_to do |format|
format.html {
flash[:notice] = l(:notice_account_updated)
redirect_to my_account_path
}
format.api { render_api_ok }
end
return
else
respond_to do |format|
format.html { render :action => :account }
format.api { render_validation_errors(@user) }
end
end
end
end
# Destroys user's account
def destroy
@user = User.current
unless @user.own_account_deletable?
redirect_to my_account_path
return
end
if request.post? && params[:confirm]
@user.destroy
if @user.destroyed?
logout_user
flash[:notice] = l(:notice_account_deleted)
end
redirect_to home_path
end
end
# Manage user's password
def password
@user = User.current
unless @user.change_password_allowed?
flash[:error] = l(:notice_can_t_change_password)
redirect_to my_account_path
return
end
if request.post?
if !@user.check_password?(params[:password])
flash.now[:error] = l(:notice_account_wrong_password)
elsif params[:password] == params[:new_password]
flash.now[:error] = l(:notice_new_password_must_be_different)
else
@user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation]
@user.must_change_passwd = false
if @user.save
# The session token was destroyed by the password change, generate a new one
session[:tk] = @user.generate_session_token
Mailer.deliver_password_updated(@user, User.current)
flash[:notice] = l(:notice_account_password_updated)
redirect_to my_account_path
end
end
end
end
# Create a new feeds key
def reset_rss_key
if request.post?
if User.current.rss_token
User.current.rss_token.destroy
User.current.reload
end
User.current.rss_key
flash[:notice] = l(:notice_feeds_access_key_reseted)
end
redirect_to my_account_path
end
def show_api_key
@user = User.current
end
# Create a new API key
def reset_api_key
if request.post?
if User.current.api_token
User.current.api_token.destroy
User.current.reload
end
User.current.api_key
flash[:notice] = l(:notice_api_access_key_reseted)
end
redirect_to my_account_path
end
def update_page
@user = User.current
block_settings = params[:settings] || {}
block_settings.each do |block, settings|
@user.pref.update_block_settings(block, settings.to_unsafe_hash)
end
@user.pref.save
@updated_blocks = block_settings.keys
end
# Add a block to user's page
# The block is added on top of the page
# params[:block] : id of the block to add
def add_block
@user = User.current
@block = params[:block]
if @user.pref.add_block @block
@user.pref.save
respond_to do |format|
format.html { redirect_to my_page_path }
format.js
end
else
render_error :status => 422
end
end
# Remove a block to user's page
# params[:block] : id of the block to remove
def remove_block
@user = User.current
@block = params[:block]
@user.pref.remove_block @block
@user.pref.save
respond_to do |format|
format.html { redirect_to my_page_path }
format.js
end
end
# Change blocks order on user's page
# params[:group] : group to order (top, left or right)
# params[:blocks] : array of block ids of the group
def order_blocks
@user = User.current
@user.pref.order_blocks params[:group], params[:blocks]
@user.pref.save
head 200
end
end
app/controllers/news_controller.rb 0 → 100644
# frozen_string_literal: true
# Redmine - project management software
# Copyright (C) 2006-2019 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class NewsController < ApplicationController
default_search_scope :news
model_object News
before_action :find_model_object, :except => [:new, :create, :index]
before_action :find_project_from_association, :except => [:new, :create, :index]
before_action :find_project_by_project_id, :only => [:new, :create]
before_action :authorize, :except => [:index]
before_action :find_optional_project, :only => :index
accept_rss_auth :index
accept_api_auth :index, :show, :create, :update, :destroy
helper :watchers
helper :attachments
def index
case params[:format]
when 'xml', 'json'
@offset, @limit = api_offset_and_limit
else
@limit = 10
end
scope = @project ? @project.news.visible : News.visible
@news_count = scope.count
@news_pages = Paginator.new @news_count, @limit, params['page']
@offset ||= @news_pages.offset
@newss = scope.includes([:author, :project]).
order("#{News.table_name}.created_on DESC").
limit(@limit).
offset(@offset).
to_a
respond_to do |format|
format.html {
@news = News.new # for adding news inline
render :layout => false if request.xhr?
}
format.api
format.atom { render_feed(@newss, :title => (@project ? @project.name : Setting.app_title) + ": #{l(:label_news_plural)}") }
end
end
def show
@comments = @news.comments.to_a
@comments.reverse! if User.current.wants_comments_in_reverse_order?
end
def new
@news = News.new(:project => @project, :author => User.current)
end
def create
@news = News.new(:project => @project, :author => User.current)
@news.safe_attributes = params[:news]
@news.save_attachments(params[:attachments] || (params[:news] && params[:news][:uploads]))
if @news.save
respond_to do |format|
format.html {
render_attachment_warning_if_needed(@news)
flash[:notice] = l(:notice_successful_create)
redirect_to project_news_index_path(@project)
}
format.api { render_api_ok }
end
else
respond_to do |format|
format.html { render :action => 'new' }
format.api { render_validation_errors(@news) }
end
end
end
def edit
end
def update
@news.safe_attributes = params[:news]
@news.save_attachments(params[:attachments] || (params[:news] && params[:news][:uploads]))
if @news.save
respond_to do |format|
format.html {
render_attachment_warning_if_needed(@news)
flash[:notice] = l(:notice_successful_update)
redirect_to news_path(@news)
}
format.api { render_api_ok }
end
else
respond_to do |format|
format.html { render :action => 'edit' }
format.api { render_validation_errors(@news) }
end
end
end
def destroy
@news.destroy
respond_to do |format|
format.html { redirect_to project_news_index_path(@project) }
format.api { render_api_ok }
end
end
end
app/controllers/previews_controller.rb 0 → 100644
# frozen_string_literal: true
# Redmine - project management software
# Copyright (C) 2006-2019 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class PreviewsController < ApplicationController
before_action :find_project, :except => :text
before_action :find_attachments
def issue
@issue = Issue.visible.find_by_id(params[:issue_id]) unless params[:issue_id].blank?
if @issue
@previewed = @issue
end
@text = params[:text] ? params[:text] : nil
render :partial => 'common/preview'
end
def news
if params[:id].present? && news = News.visible.find_by_id(params[:id])
@previewed = news
end
@text = params[:text] ? params[:text] : nil
render :partial => 'common/preview'
end
def text
@text = params[:text] ? params[:text] : nil
render :partial => 'common/preview'
end
private
def find_project
project_id = (params[:issue] && params[:issue][:project_id]) || params[:project_id]
@project = Project.find(project_id)
rescue ActiveRecord::RecordNotFound
render_404
end
end
app/controllers/principal_memberships_controller.rb 0 → 100644
# frozen_string_literal: true
# Redmine - project management software
# Copyright (C) 2006-2019 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class PrincipalMembershipsController < ApplicationController
layout 'admin'
self.main_menu = false
helper :members
before_action :require_admin
before_action :find_principal, :only => [:new, :create]
before_action :find_membership, :only => [:edit, :update, :destroy]
def new
@projects = Project.active.all
@roles = Role.find_all_givable
respond_to do |format|
format.html
format.js
end
end
def create
@members = Member.create_principal_memberships(@principal, params[:membership])
respond_to do |format|
format.html { redirect_to_principal @principal }
format.js
end
end
def edit
@roles = Role.givable.to_a
end
def update
@membership.attributes = params.require(:membership).permit(:role_ids => [])
@membership.save
respond_to do |format|
format.html { redirect_to_principal @principal }
format.js
end
end
def destroy
if @membership.deletable?
@membership.destroy
end
respond_to do |format|
format.html { redirect_to_principal @principal }
format.js
end
end
private
def find_principal
principal_id = params[:user_id] || params[:group_id]
@principal = Principal.find(principal_id)
rescue ActiveRecord::RecordNotFound
render_404
end
def find_membership
@membership = Member.find(params[:id])
@principal = @membership.principal
rescue ActiveRecord::RecordNotFound
render_404
end
def redirect_to_principal(principal)
redirect_to edit_polymorphic_path(principal, :tab => 'memberships')
end
end
app/controllers/project_enumerations_controller.rb 0 → 100644
# frozen_string_literal: true
# Redmine - project management software
# Copyright (C) 2006-2019 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class ProjectEnumerationsController < ApplicationController
before_action :find_project_by_project_id
before_action :authorize
def update
if @project.update_or_create_time_entry_activities(update_params)
flash[:notice] = l(:notice_successful_update)
end
redirect_to settings_project_path(@project, :tab => 'activities')
end
def destroy
@project.time_entry_activities.each do |time_entry_activity|
time_entry_activity.destroy(time_entry_activity.parent)
end
flash[:notice] = l(:notice_successful_update)
redirect_to settings_project_path(@project, :tab => 'activities')
end
private
def update_params
params.
permit(:enumerations => [:parent_id, :active, {:custom_field_values => {}}]).
require(:enumerations)
end
end
app/controllers/projects_controller.rb 0 → 100644
# frozen_string_literal: true
# Redmine - project management software
# Copyright (C) 2006-2019 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class ProjectsController < ApplicationController
menu_item :overview
menu_item :settings, :only => :settings
menu_item :projects, :only => [:index, :new, :copy, :create]
before_action :find_project, :except => [ :index, :autocomplete, :list, :new, :create, :copy ]
before_action :authorize, :except => [ :index, :autocomplete, :list, :new, :create, :copy, :archive, :unarchive, :destroy]
before_action :authorize_global, :only => [:new, :create]
before_action :require_admin, :only => [ :copy, :archive, :unarchive, :destroy ]
accept_rss_auth :index
accept_api_auth :index, :show, :create, :update, :destroy
require_sudo_mode :destroy
helper :custom_fields
helper :issues
helper :queries
include QueriesHelper
helper :projects_queries
include ProjectsQueriesHelper
helper :repositories
helper :members
helper :trackers
# Lists visible projects
def index
# try to redirect to the requested menu item
if params[:jump] && redirect_to_menu_item(params[:jump])
return
end
retrieve_project_query
scope = project_scope
respond_to do |format|
format.html {
# TODO: see what to do with the board view and pagination
if @query.display_type == 'board'
@entries = scope.to_a
else
@entry_count = scope.count
@entry_pages = Paginator.new @entry_count, per_page_option, params['page']
@entries = scope.offset(@entry_pages.offset).limit(@entry_pages.per_page).to_a
end
}
format.api {
@offset, @limit = api_offset_and_limit
@project_count = scope.count
@projects = scope.offset(@offset).limit(@limit).to_a
}
format.atom {
projects = scope.reorder(:created_on => :desc).limit(Setting.feeds_limit.to_i).to_a
render_feed(projects, :title => "#{Setting.app_title}: #{l(:label_project_latest)}")
}
format.csv {
# Export all entries
@entries = scope.to_a
send_data(query_to_csv(@entries, @query, params), :type => 'text/csv; header=present', :filename => 'projects.csv')
}
end
end
def autocomplete
respond_to do |format|
format.js {
if params[:q].present?
@projects = Project.visible.like(params[:q]).to_a
else
@projects = User.current.projects.to_a
end
}
end
end
def new
@issue_custom_fields = IssueCustomField.sorted.to_a
@trackers = Tracker.sorted.to_a
@project = Project.new
@project.safe_attributes = params[:project]
end
def create
@issue_custom_fields = IssueCustomField.sorted.to_a
@trackers = Tracker.sorted.to_a
@project = Project.new
@project.safe_attributes = params[:project]
if @project.save
unless User.current.admin?
@project.add_default_member(User.current)
end
respond_to do |format|
format.html {
flash[:notice] = l(:notice_successful_create)
if params[:continue]
attrs = {:parent_id => @project.parent_id}.reject {|k,v| v.nil?}
redirect_to new_project_path(attrs)
else
redirect_to settings_project_path(@project)
end
}
format.api { render :action => 'show', :status => :created, :location => url_for(:controller => 'projects', :action => 'show', :id => @project.id) }
end
else
respond_to do |format|
format.html { render :action => 'new' }
format.api { render_validation_errors(@project) }
end
end
end
def copy
@issue_custom_fields = IssueCustomField.sorted.to_a
@trackers = Tracker.sorted.to_a
@source_project = Project.find(params[:id])
if request.get?
@project = Project.copy_from(@source_project)
@project.identifier = Project.next_identifier if Setting.sequential_project_identifiers?
else
Mailer.with_deliveries(params[:notifications] == '1') do
@project = Project.new
@project.safe_attributes = params[:project]
if @project.copy(@source_project, :only => params[:only])
flash[:notice] = l(:notice_successful_create)
redirect_to settings_project_path(@project)
elsif !@project.new_record?
# Project was created
# But some objects were not copied due to validation failures
# (eg. issues from disabled trackers)
# TODO: inform about that
redirect_to settings_project_path(@project)
end
end
end
rescue ActiveRecord::RecordNotFound
# source_project not found
render_404
end
# Show @project
def show
# try to redirect to the requested menu item
if params[:jump] && redirect_to_project_menu_item(@project, params[:jump])
return
end
@users_by_role = @project.users_by_role
@subprojects = @project.children.visible.to_a
@news = @project.news.limit(5).includes(:author, :project).reorder("#{News.table_name}.created_on DESC").to_a
@trackers = @project.rolled_up_trackers.visible
cond = @project.project_condition(Setting.display_subprojects_issues?)
@open_issues_by_tracker = Issue.visible.open.where(cond).group(:tracker).count
@total_issues_by_tracker = Issue.visible.where(cond).group(:tracker).count
if User.current.allowed_to_view_all_time_entries?(@project)
@total_hours = TimeEntry.visible.where(cond).sum(:hours).to_f
@total_estimated_hours = Issue.visible.where(cond).sum(:estimated_hours).to_f
end
@key = User.current.rss_key
respond_to do |format|
format.html
format.api
end
end
def settings
@issue_custom_fields = IssueCustomField.sorted.to_a
@issue_category ||= IssueCategory.new
@member ||= @project.members.new
@trackers = Tracker.sorted.to_a
@version_status = params[:version_status] || 'open'
@version_name = params[:version_name]
@versions = @project.shared_versions.status(@version_status).like(@version_name).sorted
end
def edit
end
def update
@project.safe_attributes = params[:project]
if @project.save
respond_to do |format|
format.html {
flash[:notice] = l(:notice_successful_update)
redirect_to settings_project_path(@project, params[:tab])
}
format.api { render_api_ok }
end
else
respond_to do |format|
format.html {
settings
render :action => 'settings'
}
format.api { render_validation_errors(@project) }
end
end
end
def archive
unless @project.archive
flash[:error] = l(:error_can_not_archive_project)
end
redirect_to_referer_or admin_projects_path(:status => params[:status])
end
def unarchive
unless @project.active?
@project.unarchive
end
redirect_to_referer_or admin_projects_path(:status => params[:status])
end
def bookmark
jump_box = Redmine::ProjectJumpBox.new User.current
if request.delete?
jump_box.delete_project_bookmark @project
elsif request.post?
jump_box.bookmark_project @project
end
respond_to do |format|
format.js
format.html { redirect_to project_path(@project) }
end
end
def close
@project.close
redirect_to project_path(@project)
end
def reopen
@project.reopen
redirect_to project_path(@project)
end
# Delete @project
def destroy
@project_to_destroy = @project
if api_request? || params[:confirm]
@project_to_destroy.destroy
respond_to do |format|
format.html { redirect_to admin_projects_path }
format.api { render_api_ok }
end
end
# hide project in layout
@project = nil
end
private
# Returns the ProjectEntry scope for index
def project_scope(options={})
@query.results_scope(options)
end
def retrieve_project_query
retrieve_query(ProjectQuery, false, :defaults => @default_columns_names)
end
end
app/controllers/queries_controller.rb 0 → 100644
# frozen_string_literal: true
# Redmine - project management software
# Copyright (C) 2006-2019 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class QueriesController < ApplicationController
menu_item :issues
before_action :find_query, :only => [:edit, :update, :destroy]
before_action :find_optional_project, :only => [:new, :create]
accept_api_auth :index
include QueriesHelper
def index
case params[:format]
when 'xml', 'json'
@offset, @limit = api_offset_and_limit
else
@limit = per_page_option
end
scope = query_class.visible
@query_count = scope.count
@query_pages = Paginator.new @query_count, @limit, params['page']
@queries = scope.
order("#{Query.table_name}.name").
limit(@limit).
offset(@offset).
to_a
respond_to do |format|
format.html {render_error :status => 406}
format.api
end
end
def new
@query = query_class.new
@query.user = User.current
@query.project = @project
@query.build_from_params(params)
end
def create
@query = query_class.new
@query.user = User.current
@query.project = @project
update_query_from_params
if @query.save
flash[:notice] = l(:notice_successful_create)
redirect_to_items(:query_id => @query)
else
render :action => 'new', :layout => !request.xhr?
end
end
def edit
end
def update
update_query_from_params
if @query.save
flash[:notice] = l(:notice_successful_update)
redirect_to_items(:query_id => @query)
else
render :action => 'edit'
end
end
def destroy
@query.destroy
redirect_to_items(:set_filter => 1)
end
# Returns the values for a query filter
def filter
q = query_class.new
if params[:project_id].present?
q.project = Project.find(params[:project_id])
end
unless User.current.allowed_to?(q.class.view_permission, q.project, :global => true)
raise Unauthorized
end
filter = q.available_filters[params[:name].to_s]
values = filter ? filter.values : []
render :json => values
rescue ActiveRecord::RecordNotFound
render_404
end
def current_menu_item
@query ? @query.queried_class.to_s.underscore.pluralize.to_sym : nil
end
private
def find_query
@query = Query.find(params[:id])
@project = @query.project
render_403 unless @query.editable_by?(User.current)
rescue ActiveRecord::RecordNotFound
render_404
end
def update_query_from_params
@query.project = params[:query_is_for_all] ? nil : @project
@query.build_from_params(params)
@query.column_names = nil if params[:default_columns]
@query.sort_criteria = (params[:query] && params[:query][:sort_criteria]) || @query.sort_criteria
@query.name = params[:query] && params[:query][:name]
if User.current.allowed_to?(:manage_public_queries, @query.project) || User.current.admin?
@query.visibility = (params[:query] && params[:query][:visibility]) || Query::VISIBILITY_PRIVATE
@query.role_ids = params[:query] && params[:query][:role_ids]
else
@query.visibility = Query::VISIBILITY_PRIVATE
end
@query
end
def redirect_to_items(options)
method = "redirect_to_#{@query.class.name.underscore}"
send method, options
end
def redirect_to_issue_query(options)
if params[:gantt]
if @project
redirect_to project_gantt_path(@project, options)
else
redirect_to issues_gantt_path(options)
end
else
redirect_to _project_issues_path(@project, options)
end
end
def redirect_to_time_entry_query(options)
redirect_to _time_entries_path(@project, nil, options)
end
def redirect_to_project_query(options)
redirect_to projects_path(options)
end
# Returns the Query subclass, IssueQuery by default
# for compatibility with previous behaviour
def query_class
Query.get_subclass(params[:type] || 'IssueQuery')
end
end
app/controllers/reports_controller.rb 0 → 100644
# frozen_string_literal: true
# Redmine - project management software
# Copyright (C) 2006-2019 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class ReportsController < ApplicationController
menu_item :issues
before_action :find_project, :authorize, :find_issue_statuses
def issue_report
@trackers = @project.rolled_up_trackers(false).visible
@versions = @project.shared_versions.sorted
@priorities = IssuePriority.all.reverse
@categories = @project.issue_categories
@assignees = (Setting.issue_group_assignment? ? @project.principals : @project.users).sorted
@authors = @project.users.sorted
@subprojects = @project.descendants.visible
with_subprojects = Setting.display_subprojects_issues?
@issues_by_tracker = Issue.by_tracker(@project, with_subprojects)
@issues_by_version = Issue.by_version(@project, with_subprojects)
@issues_by_priority = Issue.by_priority(@project, with_subprojects)
@issues_by_category = Issue.by_category(@project, with_subprojects)
@issues_by_assigned_to = Issue.by_assigned_to(@project, with_subprojects)
@issues_by_author = Issue.by_author(@project, with_subprojects)
@issues_by_subproject = Issue.by_subproject(@project) || []
render :template => "reports/issue_report"
end
def issue_report_details
with_subprojects = Setting.display_subprojects_issues?
case params[:detail]
when "tracker"
@field = "tracker_id"
@rows = @project.rolled_up_trackers(false).visible
@data = Issue.by_tracker(@project, with_subprojects)
@report_title = l(:field_tracker)
when "version"
@field = "fixed_version_id"
@rows = @project.shared_versions.sorted
@data = Issue.by_version(@project, with_subprojects)
@report_title = l(:field_version)
when "priority"
@field = "priority_id"
@rows = IssuePriority.all.reverse
@data = Issue.by_priority(@project, with_subprojects)
@report_title = l(:field_priority)
when "category"
@field = "category_id"
@rows = @project.issue_categories
@data = Issue.by_category(@project, with_subprojects)
@report_title = l(:field_category)
when "assigned_to"
@field = "assigned_to_id"
@rows = (Setting.issue_group_assignment? ? @project.principals : @project.users).sorted
@data = Issue.by_assigned_to(@project, with_subprojects)
@report_title = l(:field_assigned_to)
when "author"
@field = "author_id"
@rows = @project.users.sorted
@data = Issue.by_author(@project, with_subprojects)
@report_title = l(:field_author)
when "subproject"
@field = "project_id"
@rows = @project.descendants.visible
@data = Issue.by_subproject(@project) || []
@report_title = l(:field_subproject)
else
render_404
end
end
private
def find_issue_statuses
@statuses = @project.rolled_up_statuses.sorted.to_a
end
end
app/controllers/roles_controller.rb 0 → 100644
# frozen_string_literal: true
# Redmine - project management software
# Copyright (C) 2006-2019 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class RolesController < ApplicationController
layout 'admin'
self.main_menu = false
before_action :require_admin, :except => [:index, :show]
before_action :require_admin_or_api_request, :only => [:index, :show]
before_action :find_role, :only => [:show, :edit, :update, :destroy]
accept_api_auth :index, :show
require_sudo_mode :create, :update, :destroy
def index
respond_to do |format|
format.html {
@roles = Role.sorted.to_a
render :layout => false if request.xhr?
}
format.api {
@roles = Role.givable.to_a
}
end
end
def show
respond_to do |format|
format.api
end
end
def new
# Prefills the form with 'Non member' role permissions by default
@role = Role.new
@role.safe_attributes = params[:role] || {:permissions => Role.non_member.permissions}
if params[:copy].present? && @copy_from = Role.find_by_id(params[:copy])
@role.copy_from(@copy_from)
end
@roles = Role.sorted.to_a
end
def create
@role = Role.new
@role.safe_attributes = params[:role]
if request.post? && @role.save
# workflow copy
if !params[:copy_workflow_from].blank? && (copy_from = Role.find_by_id(params[:copy_workflow_from]))
@role.copy_workflow_rules(copy_from)
end
flash[:notice] = l(:notice_successful_create)
redirect_to roles_path
else
@roles = Role.sorted.to_a
render :action => 'new'
end
end
def edit
end
def update
@role.safe_attributes = params[:role]
if @role.save
respond_to do |format|
format.html {
flash[:notice] = l(:notice_successful_update)
redirect_to roles_path(:page => params[:page])
}
format.js { head 200 }
end
else
respond_to do |format|
format.html { render :action => 'edit' }
format.js { head 422 }
end
end
end
def destroy
begin
@role.destroy
rescue
flash[:error] = l(:error_can_not_remove_role)
end
redirect_to roles_path
end
def permissions
scope = Role.sorted
if params[:ids].present?
scope = scope.where(:id => params[:ids])
end
@roles = scope.to_a
@permissions = Redmine::AccessControl.permissions.select { |p| !p.public? }
end
def update_permissions
@roles = Role.where(:id => params[:permissions].keys)
@roles.each do |role|
role.permissions = params[:permissions][role.id.to_s]
role.save
end
flash[:notice] = l(:notice_successful_update)
redirect_to roles_path
end
private
def find_role
@role = Role.find(params[:id])
rescue ActiveRecord::RecordNotFound
render_404
end
end
app/controllers/search_controller.rb 0 → 100644
# frozen_string_literal: true
# Redmine - project management software
# Copyright (C) 2006-2019 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class SearchController < ApplicationController
before_action :find_optional_project_by_id, :authorize_global
accept_api_auth :index
def index
@question = params[:q]&.strip || ""
@all_words = params[:all_words] ? params[:all_words].present? : true
@titles_only = params[:titles_only] ? params[:titles_only].present? : false
@search_attachments = params[:attachments].presence || '0'
@open_issues = params[:open_issues] ? params[:open_issues].present? : false
case params[:format]
when 'xml', 'json'
@offset, @limit = api_offset_and_limit
else
@offset = nil
@limit = Setting.search_results_per_page.to_i
@limit = 10 if @limit == 0
end
# quick jump to an issue
if !api_request? && (m = @question.match(/^#?(\d+)$/)) && (issue = Issue.visible.find_by_id(m[1].to_i))
redirect_to issue_path(issue)
return
end
projects_to_search =
case params[:scope]
when 'all'
nil
when 'my_projects'
User.current.projects
when 'subprojects'
@project ? (@project.self_and_descendants.to_a) : nil
else
@project
end
@object_types = Redmine::Search.available_search_types.dup
if projects_to_search.is_a? Project
# don't search projects
@object_types.delete('projects')
# only show what the user is allowed to view
@object_types = @object_types.select {|o| User.current.allowed_to?("view_#{o}".to_sym, projects_to_search)}
end
@scope = @object_types.select {|t| params[t]}
@scope = @object_types if @scope.empty?
fetcher = Redmine::Search::Fetcher.new(
@question, User.current, @scope, projects_to_search,
:all_words => @all_words, :titles_only => @titles_only, :attachments => @search_attachments, :open_issues => @open_issues,
:cache => params[:page].present?, :params => params.to_unsafe_hash
)
if fetcher.tokens.present?
@result_count = fetcher.result_count
@result_count_by_type = fetcher.result_count_by_type
@tokens = fetcher.tokens
@result_pages = Paginator.new @result_count, @limit, params['page']
@offset ||= @result_pages.offset
@results = fetcher.results(@offset, @result_pages.per_page)
else
@question = ""
end
respond_to do |format|
format.html { render :layout => false if request.xhr? }
format.api { @results ||= []; render :layout => false }
end
end
end
app/controllers/settings_controller.rb 0 → 100644
# frozen_string_literal: true
# Redmine - project management software
# Copyright (C) 2006-2019 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class SettingsController < ApplicationController
layout 'admin'
self.main_menu = false
menu_item :plugins, :only => :plugin
helper :queries
before_action :require_admin
require_sudo_mode :index, :edit, :plugin
def index
edit
render :action => 'edit'
end
def edit
@notifiables = Redmine::Notifiable.all
if request.post?
errors = Setting.set_all_from_params(params[:settings].to_unsafe_hash)
if errors.blank?
flash[:notice] = l(:notice_successful_update)
redirect_to settings_path(:tab => params[:tab])
return
else
@setting_errors = errors
# render the edit form with error messages
end
end
@options = {}
user_format = User::USER_FORMATS.collect{|key, value| [key, value[:setting_order]]}.sort_by{|f| f[1]}
@options[:user_format] = user_format.collect{|f| [User.current.name(f[0]), f[0].to_s]}
@deliveries = ActionMailer::Base.perform_deliveries
@guessed_host_and_path = request.host_with_port.dup
@guessed_host_and_path << ('/'+ Redmine::Utils.relative_url_root.gsub(%r{^\/}, '')) unless Redmine::Utils.relative_url_root.blank?
@commit_update_keywords = Setting.commit_update_keywords.dup
@commit_update_keywords = [{}] unless @commit_update_keywords.is_a?(Array) && @commit_update_keywords.any?
Redmine::Themes.rescan
end
def plugin
@plugin = Redmine::Plugin.find(params[:id])
unless @plugin.configurable?
render_404
return
end
if request.post?
setting = params[:settings] ? params[:settings].permit!.to_h : {}
Setting.send "plugin_#{@plugin.id}=", setting
flash[:notice] = l(:notice_successful_update)
redirect_to plugin_settings_path(@plugin)
else
@partial = @plugin.settings[:partial]
@settings = Setting.send "plugin_#{@plugin.id}"
end
rescue Redmine::PluginNotFound
render_404
end
end
app/controllers/sys_controller.rb 0 → 100644
# frozen_string_literal: true
# Redmine - project management software
# Copyright (C) 2006-2019 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class SysController < ActionController::Base
before_action :check_enabled
def projects
p = Project.active.has_module(:repository).
order("#{Project.table_name}.identifier").preload(:repository).to_a
# extra_info attribute from repository breaks activeresource client
render :json => p.to_json(
:only => [:id, :identifier, :name, :is_public, :status],
:include => {:repository => {:only => [:id, :url]}}
)
end
def create_project_repository
project = Project.find(params[:id])
if project.repository
head 409
else
logger.info "Repository for #{project.name} was reported to be created by #{request.remote_ip}."
repository = Repository.factory(params[:vendor])
repository.safe_attributes = params[:repository]
repository.project = project
if repository.save
render :json => {repository.class.name.underscore.tr('/', '-') => {:id => repository.id, :url => repository.url}}, :status => 201
else
head 422
end
end
end
def fetch_changesets
projects = []
scope = Project.active.has_module(:repository)
if params[:id]
project = nil
if /^\d*$/.match?(params[:id].to_s)
project = scope.find(params[:id])
else
project = scope.find_by_identifier(params[:id])
end
raise ActiveRecord::RecordNotFound unless project
projects << project
else
projects = scope.to_a
end
projects.each do |project|
project.repositories.each do |repository|
repository.fetch_changesets
end
end
head 200
rescue ActiveRecord::RecordNotFound
head 404
end
protected
def check_enabled
User.current = nil
unless Setting.sys_api_enabled? && params[:key].to_s == Setting.sys_api_key
render :plain => 'Access denied. Repository management WS is disabled or key is invalid.', :status => 403
return false
end
end
end
app/controllers/timelog_controller.rb 0 → 100644
# frozen_string_literal: true
# Redmine - project management software
# Copyright (C) 2006-2019 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class TimelogController < ApplicationController
menu_item :time_entries
before_action :find_time_entry, :only => [:show, :edit, :update]
before_action :check_editability, :only => [:edit, :update]
before_action :find_time_entries, :only => [:bulk_edit, :bulk_update, :destroy]
before_action :authorize, :only => [:show, :edit, :update, :bulk_edit, :bulk_update, :destroy]
before_action :find_optional_issue, :only => [:new, :create]
before_action :find_optional_project, :only => [:index, :report]
accept_rss_auth :index
accept_api_auth :index, :show, :create, :update, :destroy
rescue_from Query::StatementInvalid, :with => :query_statement_invalid
helper :issues
include TimelogHelper
helper :custom_fields
include CustomFieldsHelper
helper :queries
include QueriesHelper
def index
retrieve_time_entry_query
scope = time_entry_scope.
preload(:issue => [:project, :tracker, :status, :assigned_to, :priority]).
preload(:project, :user)
respond_to do |format|
format.html {
@entry_count = scope.count
@entry_pages = Paginator.new @entry_count, per_page_option, params['page']
@entries = scope.offset(@entry_pages.offset).limit(@entry_pages.per_page).to_a
render :layout => !request.xhr?
}
format.api {
@entry_count = scope.count
@offset, @limit = api_offset_and_limit
@entries = scope.offset(@offset).limit(@limit).preload(:custom_values => :custom_field).to_a
}
format.atom {
entries = scope.limit(Setting.feeds_limit.to_i).reorder("#{TimeEntry.table_name}.created_on DESC").to_a
render_feed(entries, :title => l(:label_spent_time))
}
format.csv {
# Export all entries
@entries = scope.to_a
send_data(query_to_csv(@entries, @query, params), :type => 'text/csv; header=present', :filename => 'timelog.csv')
}
end
end
def report
retrieve_time_entry_query
scope = time_entry_scope
@report = Redmine::Helpers::TimeReport.new(@project, @issue, params[:criteria], params[:columns], scope)
respond_to do |format|
format.html { render :layout => !request.xhr? }
format.csv { send_data(report_to_csv(@report), :type => 'text/csv; header=present', :filename => 'timelog.csv') }
end
end
def show
respond_to do |format|
# TODO: Implement html response
format.html { head 406 }
format.api
end
end
def new
@time_entry ||= TimeEntry.new(:project => @project, :issue => @issue, :author => User.current, :spent_on => User.current.today)
@time_entry.safe_attributes = params[:time_entry]
end
def create
@time_entry ||= TimeEntry.new(:project => @project, :issue => @issue, :author => User.current, :user => User.current, :spent_on => User.current.today)
@time_entry.safe_attributes = params[:time_entry]
if @time_entry.project && !User.current.allowed_to?(:log_time, @time_entry.project)
render_403
return
end
call_hook(:controller_timelog_edit_before_save, { :params => params, :time_entry => @time_entry })
if @time_entry.save
respond_to do |format|
format.html {
flash[:notice] = l(:notice_successful_create)
if params[:continue]
options = {
:time_entry => {
:project_id => params[:time_entry][:project_id],
:issue_id => @time_entry.issue_id,
:spent_on => @time_entry.spent_on,
:activity_id => @time_entry.activity_id
},
:back_url => params[:back_url]
}
if params[:project_id] && @time_entry.project
redirect_to new_project_time_entry_path(@time_entry.project, options)
elsif params[:issue_id] && @time_entry.issue
redirect_to new_issue_time_entry_path(@time_entry.issue, options)
else
redirect_to new_time_entry_path(options)
end
else
redirect_back_or_default project_time_entries_path(@time_entry.project)
end
}
format.api { render :action => 'show', :status => :created, :location => time_entry_url(@time_entry) }
end
else
respond_to do |format|
format.html { render :action => 'new' }
format.api { render_validation_errors(@time_entry) }
end
end
end
def edit
@time_entry.safe_attributes = params[:time_entry]
end
def update
@time_entry.safe_attributes = params[:time_entry]
call_hook(:controller_timelog_edit_before_save, { :params => params, :time_entry => @time_entry })
if @time_entry.save
respond_to do |format|
format.html {
flash[:notice] = l(:notice_successful_update)
redirect_back_or_default project_time_entries_path(@time_entry.project)
}
format.api { render_api_ok }
end
else
respond_to do |format|
format.html { render :action => 'edit' }
format.api { render_validation_errors(@time_entry) }
end
end
end
def bulk_edit
@target_projects = Project.allowed_to(:log_time).to_a
@custom_fields = TimeEntry.first.available_custom_fields.select {|field| field.format.bulk_edit_supported}
if params[:time_entry]
@target_project = @target_projects.detect {|p| p.id.to_s == params[:time_entry][:project_id].to_s}
end
if @target_project
@available_activities = @target_project.activities
else
@available_activities = @projects.map(&:activities).reduce(:&)
end
@time_entry_params = params[:time_entry] || {}
@time_entry_params[:custom_field_values] ||= {}
end
def bulk_update
attributes = parse_params_for_bulk_update(params[:time_entry])
unsaved_time_entries = []
saved_time_entries = []
@time_entries.each do |time_entry|
time_entry.reload
time_entry.safe_attributes = attributes
call_hook(:controller_time_entries_bulk_edit_before_save, { :params => params, :time_entry => time_entry })
if time_entry.save
saved_time_entries << time_entry
else
unsaved_time_entries << time_entry
end
end
if unsaved_time_entries.empty?
flash[:notice] = l(:notice_successful_update) unless saved_time_entries.empty?
redirect_back_or_default project_time_entries_path(@projects.first)
else
@saved_time_entries = @time_entries
@unsaved_time_entries = unsaved_time_entries
@time_entries = TimeEntry.where(:id => unsaved_time_entries.map(&:id)).
preload(:project => :time_entry_activities).
preload(:user).to_a
bulk_edit
render :action => 'bulk_edit'
end
end
def destroy
destroyed = TimeEntry.transaction do
@time_entries.each do |t|
unless t.destroy && t.destroyed?
raise ActiveRecord::Rollback
end
end
end
respond_to do |format|
format.html {
if destroyed
flash[:notice] = l(:notice_successful_delete)
else
flash[:error] = l(:notice_unable_delete_time_entry)
end
redirect_back_or_default project_time_entries_path(@projects.first), :referer => true
}
format.api {
if destroyed
render_api_ok
else
render_validation_errors(@time_entries)
end
}
end
end
private
def find_time_entry
@time_entry = TimeEntry.find(params[:id])
@project = @time_entry.project
rescue ActiveRecord::RecordNotFound
render_404
end
def check_editability
unless @time_entry.editable_by?(User.current)
render_403
return false
end
end
def find_time_entries
@time_entries = TimeEntry.where(:id => params[:id] || params[:ids]).
preload(:project => :time_entry_activities).
preload(:user).to_a
raise ActiveRecord::RecordNotFound if @time_entries.empty?
raise Unauthorized unless @time_entries.all? {|t| t.editable_by?(User.current)}
@projects = @time_entries.collect(&:project).compact.uniq
@project = @projects.first if @projects.size == 1
rescue ActiveRecord::RecordNotFound
render_404
end
def find_optional_issue
if params[:issue_id].present?
@issue = Issue.find(params[:issue_id])
@project = @issue.project
authorize
else
find_optional_project
end
end
# Returns the TimeEntry scope for index and report actions
def time_entry_scope(options={})
@query.results_scope(options)
end
def retrieve_time_entry_query
retrieve_query(TimeEntryQuery, false, :defaults => @default_columns_names)
end
end
app/controllers/trackers_controller.rb 0 → 100644
# frozen_string_literal: true
# Redmine - project management software
# Copyright (C) 2006-2019 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class TrackersController < ApplicationController
layout 'admin'
self.main_menu = false
before_action :require_admin, :except => :index
before_action :require_admin_or_api_request, :only => :index
accept_api_auth :index
def index
@trackers = Tracker.sorted.to_a
respond_to do |format|
format.html { render :layout => false if request.xhr? }
format.api
end
end
def new
@tracker ||= Tracker.new(:default_status => IssueStatus.sorted.first)
@tracker.safe_attributes = params[:tracker]
@trackers = Tracker.sorted.to_a
@projects = Project.all
end
def create
@tracker = Tracker.new
@tracker.safe_attributes = params[:tracker]
if @tracker.save
# workflow copy
if !params[:copy_workflow_from].blank? && (copy_from = Tracker.find_by_id(params[:copy_workflow_from]))
@tracker.copy_workflow_rules(copy_from)
end
flash[:notice] = l(:notice_successful_create)
redirect_to trackers_path
return
end
new
render :action => 'new'
end
def edit
@tracker ||= Tracker.find(params[:id])
@projects = Project.all
end
def update
@tracker = Tracker.find(params[:id])
@tracker.safe_attributes = params[:tracker]
if @tracker.save
respond_to do |format|
format.html {
flash[:notice] = l(:notice_successful_update)
redirect_to trackers_path(:page => params[:page])
}
format.js { head 200 }
end
else
respond_to do |format|
format.html {
edit
render :action => 'edit'
}
format.js { head 422 }
end
end
end
def destroy
@tracker = Tracker.find(params[:id])
unless @tracker.issues.empty?
flash[:error] = l(:error_can_not_delete_tracker)
else
@tracker.destroy
end
redirect_to trackers_path
end
def fields
if request.post? && params[:trackers]
params[:trackers].each do |tracker_id, tracker_params|
tracker = Tracker.find_by_id(tracker_id)
if tracker
tracker.core_fields = tracker_params[:core_fields]
tracker.custom_field_ids = tracker_params[:custom_field_ids]
tracker.save
end
end
flash[:notice] = l(:notice_successful_update)
redirect_to fields_trackers_path
return
end
@trackers = Tracker.sorted.to_a
@custom_fields = IssueCustomField.sorted
end
end
app/controllers/users_controller.rb 0 → 100644
# frozen_string_literal: true
# Redmine - project management software
# Copyright (C) 2006-2019 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class UsersController < ApplicationController
layout 'admin'
self.main_menu = false
before_action :require_admin, :except => :show
before_action ->{ find_user(false) }, :only => :show
before_action :find_user, :only => [:edit, :update, :destroy]
accept_api_auth :index, :show, :create, :update, :destroy
helper :sort
include SortHelper
helper :custom_fields
include CustomFieldsHelper
include UsersHelper
helper :principal_memberships
helper :activities
include ActivitiesHelper
require_sudo_mode :create, :update, :destroy
def index
sort_init 'login', 'asc'
sort_update %w(login firstname lastname admin created_on last_login_on)
case params[:format]
when 'xml', 'json'
@offset, @limit = api_offset_and_limit
else
@limit = per_page_option
end
@status = params[:status] || 1
scope = User.logged.status(@status).preload(:email_address)
scope = scope.like(params[:name]) if params[:name].present?
scope = scope.in_group(params[:group_id]) if params[:group_id].present?
@user_count = scope.count
@user_pages = Paginator.new @user_count, @limit, params['page']
@offset ||= @user_pages.offset
@users = scope.order(sort_clause).limit(@limit).offset(@offset).to_a
respond_to do |format|
format.html {
@groups = Group.givable.sort
render :layout => !request.xhr?
}
format.csv {
send_data(users_to_csv(scope.order(sort_clause)), :type => 'text/csv; header=present', :filename => 'users.csv')
}
format.api
end
end
def show
unless @user.visible?
render_404
return
end
# show projects based on current user visibility
@memberships = @user.memberships.preload(:roles, :project).where(Project.visible_condition(User.current)).to_a
@issue_counts = {}
@issue_counts[:assigned] = {
:total => Issue.visible.assigned_to(@user).count,
:open => Issue.visible.open.assigned_to(@user).count
}
@issue_counts[:reported] = {
:total => Issue.visible.where(:author_id => @user.id).count,
:open => Issue.visible.open.where(:author_id => @user.id).count
}
respond_to do |format|
format.html {
events = Redmine::Activity::Fetcher.new(User.current, :author => @user).events(nil, nil, :limit => 10)
@events_by_day = events.group_by {|event| User.current.time_to_date(event.event_datetime)}
render :layout => 'base'
}
format.api
end
end
def new
@user = User.new(:language => Setting.default_language, :mail_notification => Setting.default_notification_option)
@user.safe_attributes = params[:user]
@auth_sources = AuthSource.all
end
def create
@user = User.new(:language => Setting.default_language, :mail_notification => Setting.default_notification_option, :admin => false)
@user.safe_attributes = params[:user]
@user.password, @user.password_confirmation = params[:user][:password], params[:user][:password_confirmation] unless @user.auth_source_id
@user.pref.safe_attributes = params[:pref]
if @user.save
Mailer.deliver_account_information(@user, @user.password) if params[:send_information]
respond_to do |format|
format.html {
flash[:notice] = l(:notice_user_successful_create, :id => view_context.link_to(@user.login, user_path(@user)))
if params[:continue]
attrs = {:generate_password => @user.generate_password }
redirect_to new_user_path(:user => attrs)
else
redirect_to edit_user_path(@user)
end
}
format.api { render :action => 'show', :status => :created, :location => user_url(@user) }
end
else
@auth_sources = AuthSource.all
# Clear password input
@user.password = @user.password_confirmation = nil
respond_to do |format|
format.html { render :action => 'new' }
format.api { render_validation_errors(@user) }
end
end
end
def edit
@auth_sources = AuthSource.all
@membership ||= Member.new
end
def update
if params[:user][:password].present? && (@user.auth_source_id.nil? || params[:user][:auth_source_id].blank?)
@user.password, @user.password_confirmation = params[:user][:password], params[:user][:password_confirmation]
end
@user.safe_attributes = params[:user]
# Was the account actived ? (do it before User#save clears the change)
was_activated = (@user.status_change == [User::STATUS_REGISTERED, User::STATUS_ACTIVE])
# TODO: Similar to My#account
@user.pref.safe_attributes = params[:pref]
if @user.save
@user.pref.save
if was_activated
Mailer.deliver_account_activated(@user)
elsif @user.active? && params[:send_information] && @user != User.current
Mailer.deliver_account_information(@user, @user.password)
end
respond_to do |format|
format.html {
flash[:notice] = l(:notice_successful_update)
redirect_to_referer_or edit_user_path(@user)
}
format.api { render_api_ok }
end
else
@auth_sources = AuthSource.all
@membership ||= Member.new
# Clear password input
@user.password = @user.password_confirmation = nil
respond_to do |format|
format.html { render :action => :edit }
format.api { render_validation_errors(@user) }
end
end
end
def destroy
@user.destroy
respond_to do |format|
format.html { redirect_back_or_default(users_path) }
format.api { render_api_ok }
end
end
private
def find_user(logged = true)
if params[:id] == 'current'
require_login || return
@user = User.current
elsif logged
@user = User.logged.find(params[:id])
else
@user = User.find(params[:id])
end
rescue ActiveRecord::RecordNotFound
render_404
end
end
appveyor.yml 0 → 100644
This diff is collapsed. Click to expand it.
bin/about 0 → 100755
This diff is collapsed. Click to expand it.
bin/bundle 0 → 100755
This diff is collapsed. Click to expand it.
bin/rails 0 → 100755
This diff is collapsed. Click to expand it.
bin/rake 0 → 100755
This diff is collapsed. Click to expand it.
config.ru 0 → 100644
This diff is collapsed. Click to expand it.
config/boot.rb 0 → 100644
This diff is collapsed. Click to expand it.
doc/CHANGELOG 0 → 100644
This source diff could not be displayed because it is too large. You can view the blob instead.
doc/COPYING 0 → 100644
This diff is collapsed. Click to expand it.
doc/INSTALL 0 → 100644
This diff is collapsed. Click to expand it.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment