Commit Graph

102 Commits

Author SHA1 Message Date
Toshi MARUYAMA 59849253dd remove trailing white-spaces from app/controllers/application_controller.rb.
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@6525 e93f8b46-1217-0410-a6f0-8f06a7374b81
2011-08-22 13:29:48 +00:00
Jean-Philippe Lang b81149fa47 Remove autologin cookie on unverified request.
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@6316 e93f8b46-1217-0410-a6f0-8f06a7374b81
2011-07-25 21:15:09 +00:00
Jean-Philippe Lang 130b71d121 Sets forgery protection filter first.
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@6315 e93f8b46-1217-0410-a6f0-8f06a7374b81
2011-07-25 21:02:27 +00:00
Jean-Philippe Lang 621850d5a0 Typo in api_key_auth deprecation code (#8773).
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@6208 e93f8b46-1217-0410-a6f0-8f06a7374b81
2011-07-09 18:48:34 +00:00
Jean-Philippe Lang 93c2b92a4b Separation of RSS/API auth actions.
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@6197 e93f8b46-1217-0410-a6f0-8f06a7374b81
2011-07-09 08:56:07 +00:00
Jean-Philippe Lang c8b627dfc7 Mitigates vulnerability in API authentication introduced in r3218.
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@6187 e93f8b46-1217-0410-a6f0-8f06a7374b81
2011-07-06 19:02:58 +00:00
Jean-Philippe Lang 8914d323ee Fixed: private queries should not be accessible to other users (#8729).
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@6163 e93f8b46-1217-0410-a6f0-8f06a7374b81
2011-07-03 11:01:08 +00:00
Toshi MARUYAMA 092cfc0229 remove trailing white-spaces from app/controllers/application_controller.rb.
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@5749 e93f8b46-1217-0410-a6f0-8f06a7374b81
2011-05-12 04:25:47 +00:00
Toshi MARUYAMA ed7091cda1 Fix potential Execution After Redirect bugs.
Execution After Redirect (EAR) happens when redirect in a controller is
triggered but there still is code that is executed in the action.

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@5611 e93f8b46-1217-0410-a6f0-8f06a7374b81
2011-05-01 23:15:03 +00:00
Jean-Philippe Lang aa0d01b3d9 Adds an issues visibility level on roles (#7412).
It can be set so that users only see their own issues (created or assigned).

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@5416 e93f8b46-1217-0410-a6f0-8f06a7374b81
2011-04-11 17:53:15 +00:00
Jean-Philippe Lang 07fe46e9df Makes the API accepts the X-Redmine-API-Key header to hold the API key.
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4573 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-12-23 14:49:14 +00:00
Jean-Philippe Lang d076c19822 Makes API accept offset/limit or page/limit parameters for retrieving collections.
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4571 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-12-23 13:33:01 +00:00
Jean-Philippe Lang 00d50157d3 Restores object count and adds offset/limit attributes to API responses for paginated collections (#6140).
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4489 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-12-11 13:13:49 +00:00
Jean-Philippe Lang 224921460a Adds a pseudo format to api template names and overrides ActionController#default_template so that api templates are chosen automatically.
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4466 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-12-04 17:43:39 +00:00
Jean-Philippe Lang d0a3aab2e7 Adds a reusable method to render API response on validation failure.
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4455 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-12-03 11:51:06 +00:00
Jean-Philippe Lang 96ce0f017c Adds a builder-like template system for rendering xml and json API responses.
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4452 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-12-03 11:25:21 +00:00
Jean-Philippe Lang 7824eca775 Refactor: merged error rendering methods.
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4286 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-10-23 11:07:04 +00:00
Jean-Philippe Lang eea456ed84 Improved error message when trying to access an archived project (#2995).
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4285 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-10-23 09:48:01 +00:00
Jean-Baptiste Barth b255b7760a Added ability to delete issues from different projects through contextual menu (#5332)
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4236 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-10-07 05:11:28 +00:00
Jean-Baptiste Barth 4853dd97fd Splitted #find_issues filter in ApplicationController to #find_issues and #check_project_uniqueness (#5332)
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4228 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-09-29 05:22:53 +00:00
Eric Davis 3a2efb4757 Refactor: convert ProjectEnumerations to a resource on a project.
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4075 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-09-10 16:00:49 +00:00
Eric Davis 73ba49a715 Use the base layout for all 403, 404, and 500 pages. #6172
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3949 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-08-19 01:01:35 +00:00
Eric Davis 13fe01a185 Refactor: pull up method to ApplicationController.
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3940 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-08-13 14:59:04 +00:00
Eric Davis f18b126fba Refactor: Pull up method to ApplicationController.
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3938 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-08-12 13:57:51 +00:00
Eric Davis 8c79385261 Refactor: extract back_url method to ApplicationController.
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3912 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-08-04 13:37:44 +00:00
Eric Davis 48a5460da4 Allow js formatted responses.
Otherwise they return the invalid format error (406) instead of 403, 404, or 500

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3827 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-07-05 18:00:50 +00:00
Eric Davis 345301284a Added JSON support to the issues API. #1214
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3766 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-06-05 03:52:59 +00:00
Eric Davis 306ca5e714 Refactor: Pull up #find_optional_project to ApplicationController.
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3716 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-04-30 17:24:11 +00:00
Jean-Philippe Lang 0d938dff59 Fixed: 500 internal error when browsing any Redmine page in Epiphany (#5401).
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3702 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-04-30 10:33:25 +00:00
Eric Davis 488879d9cf Refactor: pull #query_statement_invalid up to ApplicationController.
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3696 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-04-29 15:19:19 +00:00
Jean-Philippe Lang aa4d1fe816 Fixed: API 401 response does not include WWW-Authenticate header (#5322).
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3679 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-04-17 12:45:23 +00:00
Eric Davis 194dab8e96 Refactor: Change the different find_object filters to share a common method.
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3597 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-03-17 15:41:58 +00:00
Eric Davis e6c8760ad7 Refactor: Split the find_object methods to prep for a larger refactoring.
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3591 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-03-16 15:17:47 +00:00
Eric Davis fe1e3ccd18 Refactor: Decouple failed attachments and the flash messages
Attachment#attach_files will no longer need to return a flash message,
instead it will put unsaved attachments into object#unsaved_attachments
where the calling object can access them.

A utility method #render_attachment_warning_if_needed is included for setting
the standard flash warning.

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3528 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-03-03 17:05:00 +00:00
Eric Davis 0fd7e2d696 Refactor: Moved ApplicationController#attach_files to the Attachment model
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3523 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-03-02 19:26:03 +00:00
Eric Davis 9e22faa640 Converted the REDMINE_SUPPORTED_SCM constant to a class
Now SCMs can be added or removed using a simple API, instead of being
hardcoded:

  Redmine::Scm::Base.add('ScmName')
  Redmine::Scm::Base.delete('ScmName')

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3440 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-02-16 22:41:59 +00:00
Eric Davis e5d300af0a Refactor: Pull up several #find_project methods to ApplicationController
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3370 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-02-05 16:57:02 +00:00
Jean-Philippe Lang 0ef9bc039d Adds a log message when an API call raises an InvalidAuthenticityToken error.
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3332 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-01-17 20:23:06 +00:00
Jean-Philippe Lang 68a4cd38f5 XML REST API for Projects (#296).
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3313 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-01-14 20:00:17 +00:00
Jean-Philippe Lang 3873388f9b XML REST API for issues that provides CRUD operations for Issues (#1214).
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3310 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-01-13 19:29:19 +00:00
Eric Davis bfcd5039f2 Added an Admin setting to enable/disable the REST web service. (#3920)
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3220 e93f8b46-1217-0410-a6f0-8f06a7374b81
2009-12-23 06:27:44 +00:00
Eric Davis e07e9d8bfe Added support for HTTP Basic access to the API. (#3920)
A user can authenticate using either their:

* username/password
* api-key/random

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3219 e93f8b46-1217-0410-a6f0-8f06a7374b81
2009-12-23 06:27:38 +00:00
Eric Davis baa1ad4256 Allow authenticating with an API token via XML or JSON. (#3920)
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3218 e93f8b46-1217-0410-a6f0-8f06a7374b81
2009-12-23 06:27:33 +00:00
Jean-Philippe Lang 488c192286 Removes "xxx and return" calls (#4446).
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3185 e93f8b46-1217-0410-a6f0-8f06a7374b81
2009-12-18 14:22:18 +00:00
Jean-Philippe Lang dfabadf4f7 Adds an admin layout that displays the admin menu in the sidebar.
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3176 e93f8b46-1217-0410-a6f0-8f06a7374b81
2009-12-17 18:21:02 +00:00
Jean-Philippe Lang f3bcb705f7 Display an error when authenticity token is invalid.
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3094 e93f8b46-1217-0410-a6f0-8f06a7374b81
2009-11-25 20:45:16 +00:00
Jean-Philippe Lang ebab5a0074 Remove broken cookies after upgrade from 0.8.x to prevent an error from Rails (#4292).
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3093 e93f8b46-1217-0410-a6f0-8f06a7374b81
2009-11-25 20:28:56 +00:00
Jean-Philippe Lang 0485d3a524 Reset session on login/logout (#4248).
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3080 e93f8b46-1217-0410-a6f0-8f06a7374b81
2009-11-21 10:02:39 +00:00
Eric Davis ea0bc56a65 Protect controllers from potential CSRF attacks. #4216
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3051 e93f8b46-1217-0410-a6f0-8f06a7374b81
2009-11-14 19:41:07 +00:00
Eric Davis 93bf1df5d4 Fix 500 errors with a POST request that requires a login. #4216
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3050 e93f8b46-1217-0410-a6f0-8f06a7374b81
2009-11-14 19:41:02 +00:00
Jean-Philippe Lang 07aa3c55bd Contextual quick search (#3263).
Eg. when viewing issues, the quick search will search issues only.

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@2943 e93f8b46-1217-0410-a6f0-8f06a7374b81
2009-10-21 17:07:18 +00:00
Eric Davis 7b0cb6aba8 Upgraded to Rails 2.3.4 (#3597)
* Ran the Rails upgrade
* Upgraded to Rails Engines 2.3.2
* Added a plugin to let Engines override application views.
* Converted tests to use the new classes:
** ActionController::TestCase for functional
** ActiveSupport::TestCase for units
* Converted ActiveRecord::Error message to a string.
* ActiveRecord grouping returns an ordered hash which doesn't have #sort!
* Updated the I18n storage_units format.
* Added some default initializers from a fresh rails app
* Changed the order of check_box_tags and hidden_field_tags.  The hidden tag
  needs to appear first in Rails 2.3, otherwise it will override any value in
  the check_box_tag.
* Removed the custom handler for when the cookie store is tampered with.
  Rails 2.3 removed the TamperedWithCookie exception and instead Rails will not
  load the data from it when it's been tampered with (e.g. no user login).
* Fixed mail layouts, 2.3 has problems with implicit multipart emails that
  use layouts.  Also removed some custom Redmine mailer code.
* Fixed a bug that occurred in tests where the "required" span tag would be
  added to the :field_status translation.  This resulted in an email string of:

    <li>Status<span class="required"> *</span><span class="required"> *</span>

  Instead of:

    <li>Status: New</li>

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@2887 e93f8b46-1217-0410-a6f0-8f06a7374b81
2009-09-13 17:14:35 +00:00