Toshi MARUYAMA
59849253dd
remove trailing white-spaces from app/controllers/application_controller.rb.
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@6525 e93f8b46-1217-0410-a6f0-8f06a7374b81
2011-08-22 13:29:48 +00:00
Jean-Philippe Lang
b81149fa47
Remove autologin cookie on unverified request.
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@6316 e93f8b46-1217-0410-a6f0-8f06a7374b81
2011-07-25 21:15:09 +00:00
Jean-Philippe Lang
130b71d121
Sets forgery protection filter first.
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@6315 e93f8b46-1217-0410-a6f0-8f06a7374b81
2011-07-25 21:02:27 +00:00
Jean-Philippe Lang
621850d5a0
Typo in api_key_auth deprecation code ( #8773 ).
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@6208 e93f8b46-1217-0410-a6f0-8f06a7374b81
2011-07-09 18:48:34 +00:00
Jean-Philippe Lang
93c2b92a4b
Separation of RSS/API auth actions.
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@6197 e93f8b46-1217-0410-a6f0-8f06a7374b81
2011-07-09 08:56:07 +00:00
Jean-Philippe Lang
c8b627dfc7
Mitigates vulnerability in API authentication introduced in r3218.
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@6187 e93f8b46-1217-0410-a6f0-8f06a7374b81
2011-07-06 19:02:58 +00:00
Jean-Philippe Lang
8914d323ee
Fixed: private queries should not be accessible to other users ( #8729 ).
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@6163 e93f8b46-1217-0410-a6f0-8f06a7374b81
2011-07-03 11:01:08 +00:00
Toshi MARUYAMA
092cfc0229
remove trailing white-spaces from app/controllers/application_controller.rb.
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@5749 e93f8b46-1217-0410-a6f0-8f06a7374b81
2011-05-12 04:25:47 +00:00
Toshi MARUYAMA
ed7091cda1
Fix potential Execution After Redirect bugs.
...
Execution After Redirect (EAR) happens when redirect in a controller is
triggered but there still is code that is executed in the action.
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@5611 e93f8b46-1217-0410-a6f0-8f06a7374b81
2011-05-01 23:15:03 +00:00
Jean-Philippe Lang
aa0d01b3d9
Adds an issues visibility level on roles ( #7412 ).
...
It can be set so that users only see their own issues (created or assigned).
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@5416 e93f8b46-1217-0410-a6f0-8f06a7374b81
2011-04-11 17:53:15 +00:00
Jean-Philippe Lang
07fe46e9df
Makes the API accepts the X-Redmine-API-Key header to hold the API key.
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4573 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-12-23 14:49:14 +00:00
Jean-Philippe Lang
d076c19822
Makes API accept offset/limit or page/limit parameters for retrieving collections.
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4571 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-12-23 13:33:01 +00:00
Jean-Philippe Lang
00d50157d3
Restores object count and adds offset/limit attributes to API responses for paginated collections ( #6140 ).
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4489 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-12-11 13:13:49 +00:00
Jean-Philippe Lang
224921460a
Adds a pseudo format to api template names and overrides ActionController#default_template so that api templates are chosen automatically.
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4466 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-12-04 17:43:39 +00:00
Jean-Philippe Lang
d0a3aab2e7
Adds a reusable method to render API response on validation failure.
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4455 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-12-03 11:51:06 +00:00
Jean-Philippe Lang
96ce0f017c
Adds a builder-like template system for rendering xml and json API responses.
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4452 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-12-03 11:25:21 +00:00
Jean-Philippe Lang
7824eca775
Refactor: merged error rendering methods.
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4286 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-10-23 11:07:04 +00:00
Jean-Philippe Lang
eea456ed84
Improved error message when trying to access an archived project ( #2995 ).
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4285 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-10-23 09:48:01 +00:00
Jean-Baptiste Barth
b255b7760a
Added ability to delete issues from different projects through contextual menu ( #5332 )
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4236 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-10-07 05:11:28 +00:00
Jean-Baptiste Barth
4853dd97fd
Splitted #find_issues filter in ApplicationController to #find_issues and #check_project_uniqueness ( #5332 )
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4228 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-09-29 05:22:53 +00:00
Eric Davis
3a2efb4757
Refactor: convert ProjectEnumerations to a resource on a project.
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4075 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-09-10 16:00:49 +00:00
Eric Davis
73ba49a715
Use the base layout for all 403, 404, and 500 pages. #6172
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3949 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-08-19 01:01:35 +00:00
Eric Davis
13fe01a185
Refactor: pull up method to ApplicationController.
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3940 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-08-13 14:59:04 +00:00
Eric Davis
f18b126fba
Refactor: Pull up method to ApplicationController.
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3938 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-08-12 13:57:51 +00:00
Eric Davis
8c79385261
Refactor: extract back_url method to ApplicationController.
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3912 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-08-04 13:37:44 +00:00
Eric Davis
48a5460da4
Allow js formatted responses.
...
Otherwise they return the invalid format error (406) instead of 403, 404, or 500
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3827 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-07-05 18:00:50 +00:00
Eric Davis
345301284a
Added JSON support to the issues API. #1214
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3766 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-06-05 03:52:59 +00:00
Eric Davis
306ca5e714
Refactor: Pull up #find_optional_project to ApplicationController.
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3716 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-04-30 17:24:11 +00:00
Jean-Philippe Lang
0d938dff59
Fixed: 500 internal error when browsing any Redmine page in Epiphany ( #5401 ).
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3702 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-04-30 10:33:25 +00:00
Eric Davis
488879d9cf
Refactor: pull #query_statement_invalid up to ApplicationController.
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3696 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-04-29 15:19:19 +00:00
Jean-Philippe Lang
aa4d1fe816
Fixed: API 401 response does not include WWW-Authenticate header ( #5322 ).
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3679 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-04-17 12:45:23 +00:00
Eric Davis
194dab8e96
Refactor: Change the different find_object filters to share a common method.
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3597 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-03-17 15:41:58 +00:00
Eric Davis
e6c8760ad7
Refactor: Split the find_object methods to prep for a larger refactoring.
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3591 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-03-16 15:17:47 +00:00
Eric Davis
fe1e3ccd18
Refactor: Decouple failed attachments and the flash messages
...
Attachment#attach_files will no longer need to return a flash message,
instead it will put unsaved attachments into object#unsaved_attachments
where the calling object can access them.
A utility method #render_attachment_warning_if_needed is included for setting
the standard flash warning.
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3528 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-03-03 17:05:00 +00:00
Eric Davis
0fd7e2d696
Refactor: Moved ApplicationController#attach_files to the Attachment model
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3523 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-03-02 19:26:03 +00:00
Eric Davis
9e22faa640
Converted the REDMINE_SUPPORTED_SCM constant to a class
...
Now SCMs can be added or removed using a simple API, instead of being
hardcoded:
Redmine::Scm::Base.add('ScmName')
Redmine::Scm::Base.delete('ScmName')
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3440 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-02-16 22:41:59 +00:00
Eric Davis
e5d300af0a
Refactor: Pull up several #find_project methods to ApplicationController
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3370 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-02-05 16:57:02 +00:00
Jean-Philippe Lang
0ef9bc039d
Adds a log message when an API call raises an InvalidAuthenticityToken error.
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3332 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-01-17 20:23:06 +00:00
Jean-Philippe Lang
68a4cd38f5
XML REST API for Projects ( #296 ).
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3313 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-01-14 20:00:17 +00:00
Jean-Philippe Lang
3873388f9b
XML REST API for issues that provides CRUD operations for Issues ( #1214 ).
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3310 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-01-13 19:29:19 +00:00
Eric Davis
bfcd5039f2
Added an Admin setting to enable/disable the REST web service. ( #3920 )
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3220 e93f8b46-1217-0410-a6f0-8f06a7374b81
2009-12-23 06:27:44 +00:00
Eric Davis
e07e9d8bfe
Added support for HTTP Basic access to the API. ( #3920 )
...
A user can authenticate using either their:
* username/password
* api-key/random
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3219 e93f8b46-1217-0410-a6f0-8f06a7374b81
2009-12-23 06:27:38 +00:00
Eric Davis
baa1ad4256
Allow authenticating with an API token via XML or JSON. ( #3920 )
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3218 e93f8b46-1217-0410-a6f0-8f06a7374b81
2009-12-23 06:27:33 +00:00
Jean-Philippe Lang
488c192286
Removes "xxx and return" calls ( #4446 ).
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3185 e93f8b46-1217-0410-a6f0-8f06a7374b81
2009-12-18 14:22:18 +00:00
Jean-Philippe Lang
dfabadf4f7
Adds an admin layout that displays the admin menu in the sidebar.
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3176 e93f8b46-1217-0410-a6f0-8f06a7374b81
2009-12-17 18:21:02 +00:00
Jean-Philippe Lang
f3bcb705f7
Display an error when authenticity token is invalid.
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3094 e93f8b46-1217-0410-a6f0-8f06a7374b81
2009-11-25 20:45:16 +00:00
Jean-Philippe Lang
ebab5a0074
Remove broken cookies after upgrade from 0.8.x to prevent an error from Rails ( #4292 ).
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3093 e93f8b46-1217-0410-a6f0-8f06a7374b81
2009-11-25 20:28:56 +00:00
Jean-Philippe Lang
0485d3a524
Reset session on login/logout ( #4248 ).
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3080 e93f8b46-1217-0410-a6f0-8f06a7374b81
2009-11-21 10:02:39 +00:00
Eric Davis
ea0bc56a65
Protect controllers from potential CSRF attacks. #4216
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3051 e93f8b46-1217-0410-a6f0-8f06a7374b81
2009-11-14 19:41:07 +00:00
Eric Davis
93bf1df5d4
Fix 500 errors with a POST request that requires a login. #4216
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3050 e93f8b46-1217-0410-a6f0-8f06a7374b81
2009-11-14 19:41:02 +00:00
Jean-Philippe Lang
07aa3c55bd
Contextual quick search ( #3263 ).
...
Eg. when viewing issues, the quick search will search issues only.
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@2943 e93f8b46-1217-0410-a6f0-8f06a7374b81
2009-10-21 17:07:18 +00:00
Eric Davis
7b0cb6aba8
Upgraded to Rails 2.3.4 ( #3597 )
...
* Ran the Rails upgrade
* Upgraded to Rails Engines 2.3.2
* Added a plugin to let Engines override application views.
* Converted tests to use the new classes:
** ActionController::TestCase for functional
** ActiveSupport::TestCase for units
* Converted ActiveRecord::Error message to a string.
* ActiveRecord grouping returns an ordered hash which doesn't have #sort!
* Updated the I18n storage_units format.
* Added some default initializers from a fresh rails app
* Changed the order of check_box_tags and hidden_field_tags. The hidden tag
needs to appear first in Rails 2.3, otherwise it will override any value in
the check_box_tag.
* Removed the custom handler for when the cookie store is tampered with.
Rails 2.3 removed the TamperedWithCookie exception and instead Rails will not
load the data from it when it's been tampered with (e.g. no user login).
* Fixed mail layouts, 2.3 has problems with implicit multipart emails that
use layouts. Also removed some custom Redmine mailer code.
* Fixed a bug that occurred in tests where the "required" span tag would be
added to the :field_status translation. This resulted in an email string of:
<li>Status<span class="required"> *</span><span class="required"> *</span>
Instead of:
<li>Status: New</li>
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@2887 e93f8b46-1217-0410-a6f0-8f06a7374b81
2009-09-13 17:14:35 +00:00