Anonymous users can now be allowed to create, edit, comment issues, comment news and post messages in the forums.

These permissions need to be explicitly given to the Anonymous role (Admin -> Roles & Permissions -> Anonymous).

git-svn-id: http://redmine.rubyforge.org/svn/trunk@919 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
Jean-Philippe Lang 2007-11-20 15:40:16 +00:00
parent 99f9aea80a
commit 987a5aa221
19 changed files with 88 additions and 79 deletions

View File

@ -23,10 +23,6 @@ class ApplicationController < ActionController::Base
require_dependency "repository/#{scm.underscore}" require_dependency "repository/#{scm.underscore}"
end end
def logged_in_user
User.current.logged? ? User.current : nil
end
def current_role def current_role
@current_role ||= User.current.role_for_project(@project) @current_role ||= User.current.role_for_project(@project)
end end

View File

@ -49,7 +49,7 @@ class DocumentsController < ApplicationController
@attachments = [] @attachments = []
params[:attachments].each { |file| params[:attachments].each { |file|
next unless file.size > 0 next unless file.size > 0
a = Attachment.create(:container => @document, :file => file, :author => logged_in_user) a = Attachment.create(:container => @document, :file => file, :author => User.current)
@attachments << a unless a.new_record? @attachments << a unless a.new_record?
} if params[:attachments] and params[:attachments].is_a? Array } if params[:attachments] and params[:attachments].is_a? Array
Mailer.deliver_attachments_added(@attachments) if !@attachments.empty? && Setting.notified_events.include?('document_added') Mailer.deliver_attachments_added(@attachments) if !@attachments.empty? && Setting.notified_events.include?('document_added')

View File

@ -82,7 +82,7 @@ class IssuesController < ApplicationController
def show def show
@custom_values = @issue.custom_values.find(:all, :include => :custom_field, :order => "#{CustomField.table_name}.position") @custom_values = @issue.custom_values.find(:all, :include => :custom_field, :order => "#{CustomField.table_name}.position")
@journals = @issue.journals.find(:all, :include => [:user, :details], :order => "#{Journal.table_name}.created_on ASC") @journals = @issue.journals.find(:all, :include => [:user, :details], :order => "#{Journal.table_name}.created_on ASC")
@status_options = @issue.status.find_new_statuses_allowed_to(logged_in_user.role_for_project(@project), @issue.tracker) if logged_in_user @status_options = @issue.status.find_new_statuses_allowed_to(User.current.role_for_project(@project), @issue.tracker)
respond_to do |format| respond_to do |format|
format.html { render :template => 'issues/show.rhtml' } format.html { render :template => 'issues/show.rhtml' }
format.pdf { send_data(render(:template => 'issues/show.rfpdf', :layout => false), :type => 'application/pdf', :filename => "#{@project.identifier}-#{@issue.id}.pdf") } format.pdf { send_data(render(:template => 'issues/show.rfpdf', :layout => false), :type => 'application/pdf', :filename => "#{@project.identifier}-#{@issue.id}.pdf") }
@ -95,7 +95,7 @@ class IssuesController < ApplicationController
@custom_values = @project.custom_fields_for_issues(@issue.tracker).collect { |x| @issue.custom_values.find_by_custom_field_id(x.id) || CustomValue.new(:custom_field => x, :customized => @issue) } @custom_values = @project.custom_fields_for_issues(@issue.tracker).collect { |x| @issue.custom_values.find_by_custom_field_id(x.id) || CustomValue.new(:custom_field => x, :customized => @issue) }
else else
begin begin
@issue.init_journal(self.logged_in_user) @issue.init_journal(User.current)
# Retrieve custom fields and values # Retrieve custom fields and values
if params["custom_fields"] if params["custom_fields"]
@custom_values = @project.custom_fields_for_issues(@issue.tracker).collect { |x| CustomValue.new(:custom_field => x, :customized => @issue, :value => params["custom_fields"][x.id.to_s]) } @custom_values = @project.custom_fields_for_issues(@issue.tracker).collect { |x| CustomValue.new(:custom_field => x, :customized => @issue, :value => params["custom_fields"][x.id.to_s]) }
@ -117,7 +117,7 @@ class IssuesController < ApplicationController
journal = @issue.init_journal(User.current, params[:notes]) journal = @issue.init_journal(User.current, params[:notes])
params[:attachments].each { |file| params[:attachments].each { |file|
next unless file.size > 0 next unless file.size > 0
a = Attachment.create(:container => @issue, :file => file, :author => logged_in_user) a = Attachment.create(:container => @issue, :file => file, :author => User.current)
journal.details << JournalDetail.new(:property => 'attachment', journal.details << JournalDetail.new(:property => 'attachment',
:prop_key => a.id, :prop_key => a.id,
:value => a.filename) unless a.new_record? :value => a.filename) unless a.new_record?
@ -132,17 +132,17 @@ class IssuesController < ApplicationController
end end
def change_status def change_status
@status_options = @issue.status.find_new_statuses_allowed_to(logged_in_user.role_for_project(@project), @issue.tracker) if logged_in_user @status_options = @issue.status.find_new_statuses_allowed_to(User.current.role_for_project(@project), @issue.tracker)
@new_status = IssueStatus.find(params[:new_status_id]) @new_status = IssueStatus.find(params[:new_status_id])
if params[:confirm] if params[:confirm]
begin begin
journal = @issue.init_journal(self.logged_in_user, params[:notes]) journal = @issue.init_journal(User.current, params[:notes])
@issue.status = @new_status @issue.status = @new_status
if @issue.update_attributes(params[:issue]) if @issue.update_attributes(params[:issue])
# Save attachments # Save attachments
params[:attachments].each { |file| params[:attachments].each { |file|
next unless file.size > 0 next unless file.size > 0
a = Attachment.create(:container => @issue, :file => file, :author => logged_in_user) a = Attachment.create(:container => @issue, :file => file, :author => User.current)
journal.details << JournalDetail.new(:property => 'attachment', journal.details << JournalDetail.new(:property => 'attachment',
:prop_key => a.id, :prop_key => a.id,
:value => a.filename) unless a.new_record? :value => a.filename) unless a.new_record?
@ -150,7 +150,7 @@ class IssuesController < ApplicationController
# Log time # Log time
if current_role.allowed_to?(:log_time) if current_role.allowed_to?(:log_time)
@time_entry ||= TimeEntry.new(:project => @project, :issue => @issue, :user => logged_in_user, :spent_on => Date.today) @time_entry ||= TimeEntry.new(:project => @project, :issue => @issue, :user => User.current, :spent_on => Date.today)
@time_entry.attributes = params[:time_entry] @time_entry.attributes = params[:time_entry]
@time_entry.save @time_entry.save
end end
@ -176,7 +176,7 @@ class IssuesController < ApplicationController
def destroy_attachment def destroy_attachment
a = @issue.attachments.find(params[:attachment_id]) a = @issue.attachments.find(params[:attachment_id])
a.destroy a.destroy
journal = @issue.init_journal(self.logged_in_user) journal = @issue.init_journal(User.current)
journal.details << JournalDetail.new(:property => 'attachment', journal.details << JournalDetail.new(:property => 'attachment',
:prop_key => a.id, :prop_key => a.id,
:old_value => a.filename) :old_value => a.filename)
@ -225,12 +225,11 @@ private
def retrieve_query def retrieve_query
if params[:query_id] if params[:query_id]
@query = Query.find(params[:query_id], :conditions => {:project_id => (@project ? @project.id : nil)}) @query = Query.find(params[:query_id], :conditions => {:project_id => (@project ? @project.id : nil)})
@query.executed_by = logged_in_user
session[:query] = @query session[:query] = @query
else else
if params[:set_filter] or !session[:query] or session[:query].project != @project if params[:set_filter] or !session[:query] or session[:query].project != @project
# Give it a name, required to be valid # Give it a name, required to be valid
@query = Query.new(:name => "_", :executed_by => logged_in_user) @query = Query.new(:name => "_")
@query.project = @project @query.project = @project
if params[:fields] and params[:fields].is_a? Array if params[:fields] and params[:fields].is_a? Array
params[:fields].each do |field| params[:fields].each do |field|

View File

@ -31,12 +31,12 @@ class MessagesController < ApplicationController
def new def new
@message = Message.new(params[:message]) @message = Message.new(params[:message])
@message.author = logged_in_user @message.author = User.current
@message.board = @board @message.board = @board
if request.post? && @message.save if request.post? && @message.save
params[:attachments].each { |file| params[:attachments].each { |file|
next unless file.size > 0 next unless file.size > 0
Attachment.create(:container => @message, :file => file, :author => logged_in_user) Attachment.create(:container => @message, :file => file, :author => User.current)
} if params[:attachments] and params[:attachments].is_a? Array } if params[:attachments] and params[:attachments].is_a? Array
redirect_to :action => 'show', :id => @message redirect_to :action => 'show', :id => @message
end end
@ -44,7 +44,7 @@ class MessagesController < ApplicationController
def reply def reply
@reply = Message.new(params[:reply]) @reply = Message.new(params[:reply])
@reply.author = logged_in_user @reply.author = User.current
@reply.board = @board @reply.board = @board
@message.children << @reply @message.children << @reply
redirect_to :action => 'show', :id => @message redirect_to :action => 'show', :id => @message

View File

@ -44,7 +44,7 @@ class MyController < ApplicationController
# Show user's page # Show user's page
def page def page
@user = self.logged_in_user @user = User.current
@blocks = @user.pref[:my_page_layout] || DEFAULT_LAYOUT @blocks = @user.pref[:my_page_layout] || DEFAULT_LAYOUT
end end
@ -76,7 +76,7 @@ class MyController < ApplicationController
# Manage user's password # Manage user's password
def password def password
@user = self.logged_in_user @user = User.current
flash[:error] = l(:notice_can_t_change_password) and redirect_to :action => 'account' and return if @user.auth_source_id flash[:error] = l(:notice_can_t_change_password) and redirect_to :action => 'account' and return if @user.auth_source_id
if request.post? if request.post?
if @user.check_password?(params[:password]) if @user.check_password?(params[:password])
@ -102,7 +102,7 @@ class MyController < ApplicationController
# User's page layout configuration # User's page layout configuration
def page_layout def page_layout
@user = self.logged_in_user @user = User.current
@blocks = @user.pref[:my_page_layout] || DEFAULT_LAYOUT.dup @blocks = @user.pref[:my_page_layout] || DEFAULT_LAYOUT.dup
session[:page_layout] = @blocks session[:page_layout] = @blocks
%w(top left right).each {|f| session[:page_layout][f] ||= [] } %w(top left right).each {|f| session[:page_layout][f] ||= [] }
@ -116,7 +116,7 @@ class MyController < ApplicationController
def add_block def add_block
block = params[:block] block = params[:block]
render(:nothing => true) and return unless block && (BLOCKS.keys.include? block) render(:nothing => true) and return unless block && (BLOCKS.keys.include? block)
@user = self.logged_in_user @user = User.current
# remove if already present in a group # remove if already present in a group
%w(top left right).each {|f| (session[:page_layout][f] ||= []).delete block } %w(top left right).each {|f| (session[:page_layout][f] ||= []).delete block }
# add it on top # add it on top
@ -151,7 +151,7 @@ class MyController < ApplicationController
# Save user's page layout # Save user's page layout
def page_layout_save def page_layout_save
@user = self.logged_in_user @user = User.current
@user.pref[:my_page_layout] = session[:page_layout] if session[:page_layout] @user.pref[:my_page_layout] = session[:page_layout] if session[:page_layout]
@user.pref.save @user.pref.save
session[:page_layout] = nil session[:page_layout] = nil

View File

@ -45,7 +45,7 @@ class NewsController < ApplicationController
def add_comment def add_comment
@comment = Comment.new(params[:comment]) @comment = Comment.new(params[:comment])
@comment.author = logged_in_user @comment.author = User.current
if @news.comments << @comment if @news.comments << @comment
flash[:notice] = l(:label_comment_added) flash[:notice] = l(:label_comment_added)
redirect_to :action => 'show', :id => @news redirect_to :action => 'show', :id => @news

View File

@ -48,7 +48,7 @@ class ProjectsController < ApplicationController
# Lists visible projects # Lists visible projects
def list def list
projects = Project.find :all, projects = Project.find :all,
:conditions => Project.visible_by(logged_in_user), :conditions => Project.visible_by(User.current),
:include => :parent :include => :parent
@project_tree = projects.group_by {|p| p.parent || p} @project_tree = projects.group_by {|p| p.parent || p}
@project_tree.each_key {|p| @project_tree[p] -= [p]} @project_tree.each_key {|p| @project_tree[p] -= [p]}
@ -176,7 +176,7 @@ class ProjectsController < ApplicationController
if request.post? and @document.save if request.post? and @document.save
# Save the attachments # Save the attachments
params[:attachments].each { |a| params[:attachments].each { |a|
Attachment.create(:container => @document, :file => a, :author => logged_in_user) unless a.size == 0 Attachment.create(:container => @document, :file => a, :author => User.current) unless a.size == 0
} if params[:attachments] and params[:attachments].is_a? Array } if params[:attachments] and params[:attachments].is_a? Array
flash[:notice] = l(:notice_successful_create) flash[:notice] = l(:notice_successful_create)
Mailer.deliver_document_added(@document) if Setting.notified_events.include?('document_added') Mailer.deliver_document_added(@document) if Setting.notified_events.include?('document_added')
@ -216,7 +216,7 @@ class ProjectsController < ApplicationController
return return
end end
@issue.status = default_status @issue.status = default_status
@allowed_statuses = ([default_status] + default_status.find_new_statuses_allowed_to(logged_in_user.role_for_project(@project), @issue.tracker))if logged_in_user @allowed_statuses = ([default_status] + default_status.find_new_statuses_allowed_to(User.current.role_for_project(@project), @issue.tracker))
if request.get? if request.get?
@issue.start_date ||= Date.today @issue.start_date ||= Date.today
@ -321,10 +321,9 @@ class ProjectsController < ApplicationController
# Add a news to @project # Add a news to @project
def add_news def add_news
@news = News.new(:project => @project) @news = News.new(:project => @project, :author => User.current)
if request.post? if request.post?
@news.attributes = params[:news] @news.attributes = params[:news]
@news.author_id = self.logged_in_user.id if self.logged_in_user
if @news.save if @news.save
flash[:notice] = l(:notice_successful_create) flash[:notice] = l(:notice_successful_create)
Mailer.deliver_news_added(@news) if Setting.notified_events.include?('news_added') Mailer.deliver_news_added(@news) if Setting.notified_events.include?('news_added')
@ -340,7 +339,7 @@ class ProjectsController < ApplicationController
@attachments = [] @attachments = []
params[:attachments].each { |file| params[:attachments].each { |file|
next unless file.size > 0 next unless file.size > 0
a = Attachment.create(:container => @version, :file => file, :author => logged_in_user) a = Attachment.create(:container => @version, :file => file, :author => User.current)
@attachments << a unless a.new_record? @attachments << a unless a.new_record?
} if params[:attachments] and params[:attachments].is_a? Array } if params[:attachments] and params[:attachments].is_a? Array
Mailer.deliver_attachments_added(@attachments) if !@attachments.empty? && Setting.notified_events.include?('file_added') Mailer.deliver_attachments_added(@attachments) if !@attachments.empty? && Setting.notified_events.include?('file_added')

View File

@ -22,14 +22,13 @@ class QueriesController < ApplicationController
def index def index
@queries = @project.queries.find(:all, @queries = @project.queries.find(:all,
:order => "name ASC", :order => "name ASC",
:conditions => ["is_public = ? or user_id = ?", true, (logged_in_user ? logged_in_user.id : 0)]) :conditions => ["is_public = ? or user_id = ?", true, (User.current.logged? ? User.current.id : 0)])
end end
def new def new
@query = Query.new(params[:query]) @query = Query.new(params[:query])
@query.project = @project @query.project = @project
@query.user = logged_in_user @query.user = User.current
@query.executed_by = logged_in_user
@query.is_public = false unless current_role.allowed_to?(:manage_public_queries) @query.is_public = false unless current_role.allowed_to?(:manage_public_queries)
@query.column_names = nil if params[:default_columns] @query.column_names = nil if params[:default_columns]
@ -71,9 +70,8 @@ private
def find_project def find_project
if params[:id] if params[:id]
@query = Query.find(params[:id]) @query = Query.find(params[:id])
@query.executed_by = logged_in_user
@project = @query.project @project = @query.project
render_403 unless @query.editable_by?(logged_in_user) render_403 unless @query.editable_by?(User.current)
else else
@project = Project.find(params[:project_id]) @project = Project.find(params[:project_id])
end end

View File

@ -31,7 +31,7 @@ class SearchController < ApplicationController
begin; offset = params[:offset].to_time if params[:offset]; rescue; end begin; offset = params[:offset].to_time if params[:offset]; rescue; end
# quick jump to an issue # quick jump to an issue
if @question.match(/^#?(\d+)$/) && Issue.find_by_id($1, :include => :project, :conditions => Project.visible_by(logged_in_user)) if @question.match(/^#?(\d+)$/) && Issue.find_by_id($1, :include => :project, :conditions => Project.visible_by(User.current))
redirect_to :controller => "issues", :action => "show", :id => $1 redirect_to :controller => "issues", :action => "show", :id => $1
return return
end end
@ -87,7 +87,7 @@ class SearchController < ApplicationController
end end
else else
operator = @all_words ? ' AND ' : ' OR ' operator = @all_words ? ' AND ' : ' OR '
Project.with_scope(:find => {:conditions => Project.visible_by(logged_in_user)}) do Project.with_scope(:find => {:conditions => Project.visible_by(User.current)}) do
@results += Project.find(:all, :limit => limit, :conditions => [ (["(LOWER(name) like ? OR LOWER(description) like ?)"] * like_tokens.size).join(operator), * (like_tokens * 2).sort] ) if @scope.include? 'projects' @results += Project.find(:all, :limit => limit, :conditions => [ (["(LOWER(name) like ? OR LOWER(description) like ?)"] * like_tokens.size).join(operator), * (like_tokens * 2).sort] ) if @scope.include? 'projects'
end end
# if only one project is found, user is redirected to its overview # if only one project is found, user is redirected to its overview

View File

@ -107,15 +107,15 @@ class TimelogController < ApplicationController
@entries = (@issue ? @issue : @project).time_entries.find(:all, :include => [:activity, :user, {:issue => [:tracker, :assigned_to, :priority]}], :order => sort_clause) @entries = (@issue ? @issue : @project).time_entries.find(:all, :include => [:activity, :user, {:issue => [:tracker, :assigned_to, :priority]}], :order => sort_clause)
@total_hours = @entries.inject(0) { |sum,entry| sum + entry.hours } @total_hours = @entries.inject(0) { |sum,entry| sum + entry.hours }
@owner_id = logged_in_user ? logged_in_user.id : 0 @owner_id = User.current.id
send_csv and return if 'csv' == params[:export] send_csv and return if 'csv' == params[:export]
render :action => 'details', :layout => false if request.xhr? render :action => 'details', :layout => false if request.xhr?
end end
def edit def edit
render_404 and return if @time_entry && @time_entry.user != logged_in_user render_404 and return if @time_entry && @time_entry.user != User.current
@time_entry ||= TimeEntry.new(:project => @project, :issue => @issue, :user => logged_in_user, :spent_on => Date.today) @time_entry ||= TimeEntry.new(:project => @project, :issue => @issue, :user => User.current, :spent_on => Date.today)
@time_entry.attributes = params[:time_entry] @time_entry.attributes = params[:time_entry]
if request.post? and @time_entry.save if request.post? and @time_entry.save
flash[:notice] = l(:notice_successful_update) flash[:notice] = l(:notice_successful_update)

View File

@ -19,7 +19,7 @@ class WelcomeController < ApplicationController
layout 'base' layout 'base'
def index def index
@news = News.latest logged_in_user @news = News.latest User.current
@projects = Project.latest logged_in_user @projects = Project.latest User.current
end end
end end

View File

@ -69,7 +69,7 @@ class WikiController < ApplicationController
#@content.text = params[:content][:text] #@content.text = params[:content][:text]
#@content.comments = params[:content][:comments] #@content.comments = params[:content][:comments]
@content.attributes = params[:content] @content.attributes = params[:content]
@content.author = logged_in_user @content.author = User.current
# if page is new @page.save will also save content, but not if page isn't a new record # if page is new @page.save will also save content, but not if page isn't a new record
if (@page.new_record? ? @page.save : @content.save) if (@page.new_record? ? @page.save : @content.save)
redirect_to :action => 'index', :id => @project, :page => @page.title redirect_to :action => 'index', :id => @project, :page => @page.title
@ -157,7 +157,7 @@ class WikiController < ApplicationController
# Save the attachments # Save the attachments
params[:attachments].each { |file| params[:attachments].each { |file|
next unless file.size > 0 next unless file.size > 0
a = Attachment.create(:container => @page, :file => file, :author => logged_in_user) a = Attachment.create(:container => @page, :file => file, :author => User.current)
} if params[:attachments] and params[:attachments].is_a? Array } if params[:attachments] and params[:attachments].is_a? Array
redirect_to :action => 'index', :page => @page.title redirect_to :action => 'index', :page => @page.title
end end

View File

@ -21,7 +21,7 @@ class Attachment < ActiveRecord::Base
belongs_to :container, :polymorphic => true belongs_to :container, :polymorphic => true
belongs_to :author, :class_name => "User", :foreign_key => "author_id" belongs_to :author, :class_name => "User", :foreign_key => "author_id"
validates_presence_of :container, :filename validates_presence_of :container, :filename, :author
validates_length_of :filename, :maximum => 255 validates_length_of :filename, :maximum => 255
validates_length_of :disk_filename, :maximum => 255 validates_length_of :disk_filename, :maximum => 255
@ -83,11 +83,6 @@ class Attachment < ActiveRecord::Base
increment!(:downloads) increment!(:downloads)
end end
# returns last created projects
def self.most_downloaded
find(:all, :limit => 5, :order => "downloads DESC")
end
def project def project
container.is_a?(Project) ? container : container.project container.is_a?(Project) ? container : container.project
end end

View File

@ -112,11 +112,8 @@ class Query < ActiveRecord::Base
def initialize(attributes = nil) def initialize(attributes = nil)
super attributes super attributes
self.filters ||= { 'status_id' => {:operator => "o", :values => [""]} } self.filters ||= { 'status_id' => {:operator => "o", :values => [""]} }
end @executed_by = User.current.logged? ? User.current : nil
set_language_if_valid(executed_by.language) if executed_by
def executed_by=(user)
@executed_by = user
set_language_if_valid(user.language) if user
end end
def validate def validate

View File

@ -19,6 +19,7 @@ require "digest/sha1"
class User < ActiveRecord::Base class User < ActiveRecord::Base
# Account statuses # Account statuses
STATUS_ANONYMOUS = 0
STATUS_ACTIVE = 1 STATUS_ACTIVE = 1
STATUS_REGISTERED = 2 STATUS_REGISTERED = 2
STATUS_LOCKED = 3 STATUS_LOCKED = 3
@ -36,15 +37,15 @@ class User < ActiveRecord::Base
# Prevents unauthorized assignments # Prevents unauthorized assignments
attr_protected :login, :admin, :password, :password_confirmation, :hashed_password attr_protected :login, :admin, :password, :password_confirmation, :hashed_password
validates_presence_of :login, :firstname, :lastname, :mail validates_presence_of :login, :firstname, :lastname, :mail, :if => Proc.new { |user| !user.is_a?(AnonymousUser) }
validates_uniqueness_of :login, :mail validates_uniqueness_of :login, :mail
# Login must contain lettres, numbers, underscores only # Login must contain lettres, numbers, underscores only
validates_format_of :login, :with => /^[a-z0-9_\-@\.]+$/i validates_format_of :login, :with => /^[a-z0-9_\-@\.]*$/i
validates_length_of :login, :maximum => 30 validates_length_of :login, :maximum => 30
validates_format_of :firstname, :lastname, :with => /^[\w\s\'\-]*$/i validates_format_of :firstname, :lastname, :with => /^[\w\s\'\-]*$/i
validates_length_of :firstname, :lastname, :maximum => 30 validates_length_of :firstname, :lastname, :maximum => 30
validates_format_of :mail, :with => /^([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})$/i validates_format_of :mail, :with => /^([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})$/i, :allow_nil => true
validates_length_of :mail, :maximum => 60 validates_length_of :mail, :maximum => 60, :allow_nil => true
# Password length between 4 and 12 # Password length between 4 and 12
validates_length_of :password, :in => 4..12, :allow_nil => true validates_length_of :password, :in => 4..12, :allow_nil => true
validates_confirmation_of :password, :allow_nil => true validates_confirmation_of :password, :allow_nil => true
@ -216,11 +217,17 @@ class User < ActiveRecord::Base
end end
def self.current def self.current
@current_user ||= AnonymousUser.new @current_user ||= User.anonymous
end end
def self.anonymous def self.anonymous
AnonymousUser.new return @anonymous_user if @anonymous_user
anonymous_user = AnonymousUser.find(:first)
if anonymous_user.nil?
anonymous_user = AnonymousUser.create(:lastname => 'Anonymous', :firstname => '', :mail => '', :login => '', :status => 0)
raise 'Unable to create the anonymous user.' if anonymous_user.new_record?
end
@anonymous_user = anonymous_user
end end
private private
@ -231,16 +238,17 @@ private
end end
class AnonymousUser < User class AnonymousUser < User
def logged?
false def validate_on_create
# There should be only one AnonymousUser in the database
errors.add_to_base 'An anonymous user already exists.' if AnonymousUser.find(:first)
end end
def time_zone # Overrides a few properties
nil def logged?; false end
end def admin; false end
def name; 'Anonymous' end
# Anonymous user has no RSS key def mail; nil end
def rss_key def time_zone; nil end
nil def rss_key; nil end
end
end end

View File

@ -26,7 +26,7 @@
<h3 class="icon22 icon22-comment"><%= l(:label_comment_plural) %></h3> <h3 class="icon22 icon22-comment"><%= l(:label_comment_plural) %></h3>
<% @news.comments.each do |comment| %> <% @news.comments.each do |comment| %>
<% next if comment.new_record? %> <% next if comment.new_record? %>
<h4><%= format_time(comment.created_on) %> - <%= comment.author.name %></h4> <h4><%= authoring comment.created_on, comment.author %></h4>
<div class="contextual"> <div class="contextual">
<%= link_to_if_authorized l(:button_delete), {:controller => 'news', :action => 'destroy_comment', :id => @news, :comment_id => comment}, :confirm => l(:text_are_you_sure), :method => :post, :class => 'icon icon-del' %> <%= link_to_if_authorized l(:button_delete), {:controller => 'news', :action => 'destroy_comment', :id => @news, :comment_id => comment}, :confirm => l(:text_are_you_sure), :method => :post, :class => 'icon icon-del' %>
</div> </div>

View File

@ -0,0 +1,10 @@
class AddUsersType < ActiveRecord::Migration
def self.up
add_column :users, :type, :string
User.update_all "type = 'User'"
end
def self.down
remove_column :users, :type
end
end

View File

@ -29,11 +29,11 @@ Redmine::AccessControl.map do |map|
:issues => [:index, :changes, :show, :context_menu], :issues => [:index, :changes, :show, :context_menu],
:queries => :index, :queries => :index,
:reports => :issue_report}, :public => true :reports => :issue_report}, :public => true
map.permission :add_issues, {:projects => :add_issue}, :require => :loggedin map.permission :add_issues, {:projects => :add_issue}
map.permission :edit_issues, {:projects => :bulk_edit_issues, map.permission :edit_issues, {:projects => :bulk_edit_issues,
:issues => [:edit, :destroy_attachment]}, :require => :loggedin :issues => [:edit, :destroy_attachment]}
map.permission :manage_issue_relations, {:issue_relations => [:new, :destroy]}, :require => :loggedin map.permission :manage_issue_relations, {:issue_relations => [:new, :destroy]}
map.permission :add_issue_notes, {:issues => :add_note}, :require => :loggedin map.permission :add_issue_notes, {:issues => :add_note}
map.permission :change_issue_status, {:issues => :change_status}, :require => :loggedin map.permission :change_issue_status, {:issues => :change_status}, :require => :loggedin
map.permission :move_issues, {:projects => :move_issues}, :require => :loggedin map.permission :move_issues, {:projects => :move_issues}, :require => :loggedin
map.permission :delete_issues, {:issues => :destroy}, :require => :member map.permission :delete_issues, {:issues => :destroy}, :require => :member
@ -53,7 +53,7 @@ Redmine::AccessControl.map do |map|
map.project_module :news do |map| map.project_module :news do |map|
map.permission :manage_news, {:projects => :add_news, :news => [:edit, :destroy, :destroy_comment]}, :require => :member map.permission :manage_news, {:projects => :add_news, :news => [:edit, :destroy, :destroy_comment]}, :require => :member
map.permission :view_news, {:news => [:index, :show]}, :public => true map.permission :view_news, {:news => [:index, :show]}, :public => true
map.permission :comment_news, {:news => :add_comment}, :require => :loggedin map.permission :comment_news, {:news => :add_comment}
end end
map.project_module :documents do |map| map.project_module :documents do |map|
@ -83,7 +83,7 @@ Redmine::AccessControl.map do |map|
map.project_module :boards do |map| map.project_module :boards do |map|
map.permission :manage_boards, {:boards => [:new, :edit, :destroy]}, :require => :member map.permission :manage_boards, {:boards => [:new, :edit, :destroy]}, :require => :member
map.permission :view_messages, {:boards => [:index, :show], :messages => [:show]}, :public => true map.permission :view_messages, {:boards => [:index, :show], :messages => [:show]}, :public => true
map.permission :add_messages, {:messages => [:new, :reply]}, :require => :loggedin map.permission :add_messages, {:messages => [:new, :reply]}
end end
end end

View File

@ -60,7 +60,7 @@ class UserTest < Test::Unit::TestCase
def test_validate def test_validate
@admin.login = "" @admin.login = ""
assert !@admin.save assert !@admin.save
assert_equal 2, @admin.errors.count assert_equal 1, @admin.errors.count
end end
def test_password def test_password
@ -87,6 +87,13 @@ class UserTest < Test::Unit::TestCase
assert_equal nil, user assert_equal nil, user
end end
def test_create_anonymous
AnonymousUser.delete_all
anon = User.anonymous
assert !anon.new_record?
assert_kind_of AnonymousUser, anon
end
def test_rss_key def test_rss_key
assert_nil @jsmith.rss_token assert_nil @jsmith.rss_token
key = @jsmith.rss_key key = @jsmith.rss_key