Commit Graph

51 Commits

Author SHA1 Message Date
Jean-Philippe Lang b81149fa47 Remove autologin cookie on unverified request.
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@6316 e93f8b46-1217-0410-a6f0-8f06a7374b81
2011-07-25 21:15:09 +00:00
Jean-Philippe Lang 130b71d121 Sets forgery protection filter first.
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@6315 e93f8b46-1217-0410-a6f0-8f06a7374b81
2011-07-25 21:02:27 +00:00
Jean-Philippe Lang 621850d5a0 Typo in api_key_auth deprecation code (#8773).
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@6208 e93f8b46-1217-0410-a6f0-8f06a7374b81
2011-07-09 18:48:34 +00:00
Jean-Philippe Lang 93c2b92a4b Separation of RSS/API auth actions.
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@6197 e93f8b46-1217-0410-a6f0-8f06a7374b81
2011-07-09 08:56:07 +00:00
Jean-Philippe Lang c8b627dfc7 Mitigates vulnerability in API authentication introduced in r3218.
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@6187 e93f8b46-1217-0410-a6f0-8f06a7374b81
2011-07-06 19:02:58 +00:00
Jean-Philippe Lang 8914d323ee Fixed: private queries should not be accessible to other users (#8729).
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@6163 e93f8b46-1217-0410-a6f0-8f06a7374b81
2011-07-03 11:01:08 +00:00
Toshi MARUYAMA 092cfc0229 remove trailing white-spaces from app/controllers/application_controller.rb.
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@5749 e93f8b46-1217-0410-a6f0-8f06a7374b81
2011-05-12 04:25:47 +00:00
Toshi MARUYAMA ed7091cda1 Fix potential Execution After Redirect bugs.
Execution After Redirect (EAR) happens when redirect in a controller is
triggered but there still is code that is executed in the action.

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@5611 e93f8b46-1217-0410-a6f0-8f06a7374b81
2011-05-01 23:15:03 +00:00
Jean-Philippe Lang aa0d01b3d9 Adds an issues visibility level on roles (#7412).
It can be set so that users only see their own issues (created or assigned).

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@5416 e93f8b46-1217-0410-a6f0-8f06a7374b81
2011-04-11 17:53:15 +00:00
Jean-Philippe Lang 07fe46e9df Makes the API accepts the X-Redmine-API-Key header to hold the API key.
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4573 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-12-23 14:49:14 +00:00
Jean-Philippe Lang d076c19822 Makes API accept offset/limit or page/limit parameters for retrieving collections.
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4571 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-12-23 13:33:01 +00:00
Jean-Philippe Lang 00d50157d3 Restores object count and adds offset/limit attributes to API responses for paginated collections (#6140).
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4489 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-12-11 13:13:49 +00:00
Jean-Philippe Lang 224921460a Adds a pseudo format to api template names and overrides ActionController#default_template so that api templates are chosen automatically.
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4466 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-12-04 17:43:39 +00:00
Jean-Philippe Lang d0a3aab2e7 Adds a reusable method to render API response on validation failure.
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4455 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-12-03 11:51:06 +00:00
Jean-Philippe Lang 96ce0f017c Adds a builder-like template system for rendering xml and json API responses.
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4452 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-12-03 11:25:21 +00:00
Jean-Philippe Lang 7824eca775 Refactor: merged error rendering methods.
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4286 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-10-23 11:07:04 +00:00
Jean-Philippe Lang eea456ed84 Improved error message when trying to access an archived project (#2995).
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4285 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-10-23 09:48:01 +00:00
Jean-Baptiste Barth b255b7760a Added ability to delete issues from different projects through contextual menu (#5332)
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4236 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-10-07 05:11:28 +00:00
Jean-Baptiste Barth 4853dd97fd Splitted #find_issues filter in ApplicationController to #find_issues and #check_project_uniqueness (#5332)
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4228 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-09-29 05:22:53 +00:00
Eric Davis 3a2efb4757 Refactor: convert ProjectEnumerations to a resource on a project.
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4075 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-09-10 16:00:49 +00:00
Eric Davis 73ba49a715 Use the base layout for all 403, 404, and 500 pages. #6172
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3949 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-08-19 01:01:35 +00:00
Eric Davis 13fe01a185 Refactor: pull up method to ApplicationController.
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3940 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-08-13 14:59:04 +00:00
Eric Davis f18b126fba Refactor: Pull up method to ApplicationController.
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3938 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-08-12 13:57:51 +00:00
Eric Davis 8c79385261 Refactor: extract back_url method to ApplicationController.
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3912 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-08-04 13:37:44 +00:00
Eric Davis 48a5460da4 Allow js formatted responses.
Otherwise they return the invalid format error (406) instead of 403, 404, or 500

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3827 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-07-05 18:00:50 +00:00
Eric Davis 345301284a Added JSON support to the issues API. #1214
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3766 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-06-05 03:52:59 +00:00
Eric Davis 306ca5e714 Refactor: Pull up #find_optional_project to ApplicationController.
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3716 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-04-30 17:24:11 +00:00
Jean-Philippe Lang 0d938dff59 Fixed: 500 internal error when browsing any Redmine page in Epiphany (#5401).
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3702 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-04-30 10:33:25 +00:00
Eric Davis 488879d9cf Refactor: pull #query_statement_invalid up to ApplicationController.
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3696 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-04-29 15:19:19 +00:00
Jean-Philippe Lang aa4d1fe816 Fixed: API 401 response does not include WWW-Authenticate header (#5322).
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3679 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-04-17 12:45:23 +00:00
Eric Davis 194dab8e96 Refactor: Change the different find_object filters to share a common method.
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3597 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-03-17 15:41:58 +00:00
Eric Davis e6c8760ad7 Refactor: Split the find_object methods to prep for a larger refactoring.
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3591 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-03-16 15:17:47 +00:00
Eric Davis fe1e3ccd18 Refactor: Decouple failed attachments and the flash messages
Attachment#attach_files will no longer need to return a flash message,
instead it will put unsaved attachments into object#unsaved_attachments
where the calling object can access them.

A utility method #render_attachment_warning_if_needed is included for setting
the standard flash warning.

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3528 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-03-03 17:05:00 +00:00
Eric Davis 0fd7e2d696 Refactor: Moved ApplicationController#attach_files to the Attachment model
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3523 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-03-02 19:26:03 +00:00
Eric Davis 9e22faa640 Converted the REDMINE_SUPPORTED_SCM constant to a class
Now SCMs can be added or removed using a simple API, instead of being
hardcoded:

  Redmine::Scm::Base.add('ScmName')
  Redmine::Scm::Base.delete('ScmName')

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3440 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-02-16 22:41:59 +00:00
Eric Davis e5d300af0a Refactor: Pull up several #find_project methods to ApplicationController
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3370 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-02-05 16:57:02 +00:00
Jean-Philippe Lang 0ef9bc039d Adds a log message when an API call raises an InvalidAuthenticityToken error.
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3332 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-01-17 20:23:06 +00:00
Jean-Philippe Lang 68a4cd38f5 XML REST API for Projects (#296).
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3313 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-01-14 20:00:17 +00:00
Jean-Philippe Lang 3873388f9b XML REST API for issues that provides CRUD operations for Issues (#1214).
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3310 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-01-13 19:29:19 +00:00
Eric Davis bfcd5039f2 Added an Admin setting to enable/disable the REST web service. (#3920)
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3220 e93f8b46-1217-0410-a6f0-8f06a7374b81
2009-12-23 06:27:44 +00:00
Eric Davis e07e9d8bfe Added support for HTTP Basic access to the API. (#3920)
A user can authenticate using either their:

* username/password
* api-key/random

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3219 e93f8b46-1217-0410-a6f0-8f06a7374b81
2009-12-23 06:27:38 +00:00
Eric Davis baa1ad4256 Allow authenticating with an API token via XML or JSON. (#3920)
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3218 e93f8b46-1217-0410-a6f0-8f06a7374b81
2009-12-23 06:27:33 +00:00
Jean-Philippe Lang 488c192286 Removes "xxx and return" calls (#4446).
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3185 e93f8b46-1217-0410-a6f0-8f06a7374b81
2009-12-18 14:22:18 +00:00
Jean-Philippe Lang dfabadf4f7 Adds an admin layout that displays the admin menu in the sidebar.
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3176 e93f8b46-1217-0410-a6f0-8f06a7374b81
2009-12-17 18:21:02 +00:00
Jean-Philippe Lang f3bcb705f7 Display an error when authenticity token is invalid.
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3094 e93f8b46-1217-0410-a6f0-8f06a7374b81
2009-11-25 20:45:16 +00:00
Jean-Philippe Lang ebab5a0074 Remove broken cookies after upgrade from 0.8.x to prevent an error from Rails (#4292).
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3093 e93f8b46-1217-0410-a6f0-8f06a7374b81
2009-11-25 20:28:56 +00:00
Jean-Philippe Lang 0485d3a524 Reset session on login/logout (#4248).
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3080 e93f8b46-1217-0410-a6f0-8f06a7374b81
2009-11-21 10:02:39 +00:00
Eric Davis ea0bc56a65 Protect controllers from potential CSRF attacks. #4216
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3051 e93f8b46-1217-0410-a6f0-8f06a7374b81
2009-11-14 19:41:07 +00:00
Eric Davis 93bf1df5d4 Fix 500 errors with a POST request that requires a login. #4216
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3050 e93f8b46-1217-0410-a6f0-8f06a7374b81
2009-11-14 19:41:02 +00:00
Jean-Philippe Lang 07aa3c55bd Contextual quick search (#3263).
Eg. when viewing issues, the quick search will search issues only.

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@2943 e93f8b46-1217-0410-a6f0-8f06a7374b81
2009-10-21 17:07:18 +00:00