Jean-Philippe Lang
b81149fa47
Remove autologin cookie on unverified request.
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@6316 e93f8b46-1217-0410-a6f0-8f06a7374b81
2011-07-25 21:15:09 +00:00
Jean-Philippe Lang
130b71d121
Sets forgery protection filter first.
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@6315 e93f8b46-1217-0410-a6f0-8f06a7374b81
2011-07-25 21:02:27 +00:00
Jean-Philippe Lang
621850d5a0
Typo in api_key_auth deprecation code ( #8773 ).
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@6208 e93f8b46-1217-0410-a6f0-8f06a7374b81
2011-07-09 18:48:34 +00:00
Jean-Philippe Lang
93c2b92a4b
Separation of RSS/API auth actions.
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@6197 e93f8b46-1217-0410-a6f0-8f06a7374b81
2011-07-09 08:56:07 +00:00
Jean-Philippe Lang
c8b627dfc7
Mitigates vulnerability in API authentication introduced in r3218.
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@6187 e93f8b46-1217-0410-a6f0-8f06a7374b81
2011-07-06 19:02:58 +00:00
Jean-Philippe Lang
8914d323ee
Fixed: private queries should not be accessible to other users ( #8729 ).
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@6163 e93f8b46-1217-0410-a6f0-8f06a7374b81
2011-07-03 11:01:08 +00:00
Toshi MARUYAMA
092cfc0229
remove trailing white-spaces from app/controllers/application_controller.rb.
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@5749 e93f8b46-1217-0410-a6f0-8f06a7374b81
2011-05-12 04:25:47 +00:00
Toshi MARUYAMA
ed7091cda1
Fix potential Execution After Redirect bugs.
...
Execution After Redirect (EAR) happens when redirect in a controller is
triggered but there still is code that is executed in the action.
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@5611 e93f8b46-1217-0410-a6f0-8f06a7374b81
2011-05-01 23:15:03 +00:00
Jean-Philippe Lang
aa0d01b3d9
Adds an issues visibility level on roles ( #7412 ).
...
It can be set so that users only see their own issues (created or assigned).
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@5416 e93f8b46-1217-0410-a6f0-8f06a7374b81
2011-04-11 17:53:15 +00:00
Jean-Philippe Lang
07fe46e9df
Makes the API accepts the X-Redmine-API-Key header to hold the API key.
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4573 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-12-23 14:49:14 +00:00
Jean-Philippe Lang
d076c19822
Makes API accept offset/limit or page/limit parameters for retrieving collections.
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4571 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-12-23 13:33:01 +00:00
Jean-Philippe Lang
00d50157d3
Restores object count and adds offset/limit attributes to API responses for paginated collections ( #6140 ).
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4489 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-12-11 13:13:49 +00:00
Jean-Philippe Lang
224921460a
Adds a pseudo format to api template names and overrides ActionController#default_template so that api templates are chosen automatically.
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4466 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-12-04 17:43:39 +00:00
Jean-Philippe Lang
d0a3aab2e7
Adds a reusable method to render API response on validation failure.
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4455 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-12-03 11:51:06 +00:00
Jean-Philippe Lang
96ce0f017c
Adds a builder-like template system for rendering xml and json API responses.
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4452 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-12-03 11:25:21 +00:00
Jean-Philippe Lang
7824eca775
Refactor: merged error rendering methods.
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4286 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-10-23 11:07:04 +00:00
Jean-Philippe Lang
eea456ed84
Improved error message when trying to access an archived project ( #2995 ).
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4285 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-10-23 09:48:01 +00:00
Jean-Baptiste Barth
b255b7760a
Added ability to delete issues from different projects through contextual menu ( #5332 )
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4236 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-10-07 05:11:28 +00:00
Jean-Baptiste Barth
4853dd97fd
Splitted #find_issues filter in ApplicationController to #find_issues and #check_project_uniqueness ( #5332 )
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4228 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-09-29 05:22:53 +00:00
Eric Davis
3a2efb4757
Refactor: convert ProjectEnumerations to a resource on a project.
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4075 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-09-10 16:00:49 +00:00
Eric Davis
73ba49a715
Use the base layout for all 403, 404, and 500 pages. #6172
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3949 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-08-19 01:01:35 +00:00
Eric Davis
13fe01a185
Refactor: pull up method to ApplicationController.
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3940 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-08-13 14:59:04 +00:00
Eric Davis
f18b126fba
Refactor: Pull up method to ApplicationController.
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3938 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-08-12 13:57:51 +00:00
Eric Davis
8c79385261
Refactor: extract back_url method to ApplicationController.
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3912 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-08-04 13:37:44 +00:00
Eric Davis
48a5460da4
Allow js formatted responses.
...
Otherwise they return the invalid format error (406) instead of 403, 404, or 500
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3827 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-07-05 18:00:50 +00:00
Eric Davis
345301284a
Added JSON support to the issues API. #1214
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3766 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-06-05 03:52:59 +00:00
Eric Davis
306ca5e714
Refactor: Pull up #find_optional_project to ApplicationController.
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3716 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-04-30 17:24:11 +00:00
Jean-Philippe Lang
0d938dff59
Fixed: 500 internal error when browsing any Redmine page in Epiphany ( #5401 ).
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3702 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-04-30 10:33:25 +00:00
Eric Davis
488879d9cf
Refactor: pull #query_statement_invalid up to ApplicationController.
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3696 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-04-29 15:19:19 +00:00
Jean-Philippe Lang
aa4d1fe816
Fixed: API 401 response does not include WWW-Authenticate header ( #5322 ).
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3679 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-04-17 12:45:23 +00:00
Eric Davis
194dab8e96
Refactor: Change the different find_object filters to share a common method.
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3597 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-03-17 15:41:58 +00:00
Eric Davis
e6c8760ad7
Refactor: Split the find_object methods to prep for a larger refactoring.
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3591 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-03-16 15:17:47 +00:00
Eric Davis
fe1e3ccd18
Refactor: Decouple failed attachments and the flash messages
...
Attachment#attach_files will no longer need to return a flash message,
instead it will put unsaved attachments into object#unsaved_attachments
where the calling object can access them.
A utility method #render_attachment_warning_if_needed is included for setting
the standard flash warning.
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3528 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-03-03 17:05:00 +00:00
Eric Davis
0fd7e2d696
Refactor: Moved ApplicationController#attach_files to the Attachment model
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3523 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-03-02 19:26:03 +00:00
Eric Davis
9e22faa640
Converted the REDMINE_SUPPORTED_SCM constant to a class
...
Now SCMs can be added or removed using a simple API, instead of being
hardcoded:
Redmine::Scm::Base.add('ScmName')
Redmine::Scm::Base.delete('ScmName')
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3440 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-02-16 22:41:59 +00:00
Eric Davis
e5d300af0a
Refactor: Pull up several #find_project methods to ApplicationController
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3370 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-02-05 16:57:02 +00:00
Jean-Philippe Lang
0ef9bc039d
Adds a log message when an API call raises an InvalidAuthenticityToken error.
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3332 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-01-17 20:23:06 +00:00
Jean-Philippe Lang
68a4cd38f5
XML REST API for Projects ( #296 ).
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3313 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-01-14 20:00:17 +00:00
Jean-Philippe Lang
3873388f9b
XML REST API for issues that provides CRUD operations for Issues ( #1214 ).
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3310 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-01-13 19:29:19 +00:00
Eric Davis
bfcd5039f2
Added an Admin setting to enable/disable the REST web service. ( #3920 )
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3220 e93f8b46-1217-0410-a6f0-8f06a7374b81
2009-12-23 06:27:44 +00:00
Eric Davis
e07e9d8bfe
Added support for HTTP Basic access to the API. ( #3920 )
...
A user can authenticate using either their:
* username/password
* api-key/random
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3219 e93f8b46-1217-0410-a6f0-8f06a7374b81
2009-12-23 06:27:38 +00:00
Eric Davis
baa1ad4256
Allow authenticating with an API token via XML or JSON. ( #3920 )
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3218 e93f8b46-1217-0410-a6f0-8f06a7374b81
2009-12-23 06:27:33 +00:00
Jean-Philippe Lang
488c192286
Removes "xxx and return" calls ( #4446 ).
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3185 e93f8b46-1217-0410-a6f0-8f06a7374b81
2009-12-18 14:22:18 +00:00
Jean-Philippe Lang
dfabadf4f7
Adds an admin layout that displays the admin menu in the sidebar.
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3176 e93f8b46-1217-0410-a6f0-8f06a7374b81
2009-12-17 18:21:02 +00:00
Jean-Philippe Lang
f3bcb705f7
Display an error when authenticity token is invalid.
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3094 e93f8b46-1217-0410-a6f0-8f06a7374b81
2009-11-25 20:45:16 +00:00
Jean-Philippe Lang
ebab5a0074
Remove broken cookies after upgrade from 0.8.x to prevent an error from Rails ( #4292 ).
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3093 e93f8b46-1217-0410-a6f0-8f06a7374b81
2009-11-25 20:28:56 +00:00
Jean-Philippe Lang
0485d3a524
Reset session on login/logout ( #4248 ).
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3080 e93f8b46-1217-0410-a6f0-8f06a7374b81
2009-11-21 10:02:39 +00:00
Eric Davis
ea0bc56a65
Protect controllers from potential CSRF attacks. #4216
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3051 e93f8b46-1217-0410-a6f0-8f06a7374b81
2009-11-14 19:41:07 +00:00
Eric Davis
93bf1df5d4
Fix 500 errors with a POST request that requires a login. #4216
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3050 e93f8b46-1217-0410-a6f0-8f06a7374b81
2009-11-14 19:41:02 +00:00
Jean-Philippe Lang
07aa3c55bd
Contextual quick search ( #3263 ).
...
Eg. when viewing issues, the quick search will search issues only.
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@2943 e93f8b46-1217-0410-a6f0-8f06a7374b81
2009-10-21 17:07:18 +00:00