obsolete.ChilliProject/app/controllers/documents_controller.rb

99 lines
3.4 KiB
Ruby
Raw Normal View History

2011-10-29 16:19:11 +04:00
#-- encoding: UTF-8
#-- copyright
# ChiliProject is a project management system.
2011-05-30 22:52:25 +04:00
#
# Copyright (C) 2010-2012 the ChiliProject Team
2011-05-30 22:52:25 +04:00
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
2011-05-30 22:52:25 +04:00
#
# See doc/COPYRIGHT.rdoc for more details.
#++
class DocumentsController < ApplicationController
default_search_scope :documents
model_object Document
before_filter :find_project, :only => [:index, :new]
before_filter :find_model_object, :except => [:index, :new]
before_filter :find_project_from_association, :except => [:index, :new]
before_filter :authorize
2011-05-30 22:52:25 +04:00
def index
@sort_by = %w(category date title author).include?(params[:sort_by]) ? params[:sort_by] : 'category'
documents = @project.documents.find :all, :include => [:attachments, :category]
case @sort_by
when 'date'
@grouped = documents.group_by {|d| d.updated_on.to_date }
when 'title'
@grouped = documents.group_by {|d| d.title.first.upcase}
when 'author'
@grouped = documents.select{|d| d.attachments.any?}.group_by {|d| d.attachments.last.author}
else
@grouped = documents.group_by(&:category)
end
@document = @project.documents.build
render :layout => false if request.xhr?
end
2011-05-30 22:52:25 +04:00
def show
@attachments = @document.attachments.find(:all, :order => "created_on DESC")
end
def new
<<<<<<< HEAD
2011-05-30 22:52:25 +04:00
@document = @project.documents.build(params[:document])
if request.post? and @document.save
attachments = Attachment.attach_files(@document, params[:attachments])
render_attachment_warning_if_needed(@document)
flash[:notice] = l(:notice_successful_create)
redirect_to :action => 'index', :project_id => @project
=======
@document = @project.documents.build
@document.safe_attributes = params[:document]
if request.post?
if User.current.allowed_to?(:add_document_watchers, @project) && params[:document]['watcher_user_ids'].present?
@document.watcher_user_ids = params[:document]['watcher_user_ids']
end
if @document.save
attachments = Attachment.attach_files(@document, params[:attachments])
render_attachment_warning_if_needed(@document)
flash[:notice] = l(:notice_successful_create)
redirect_to :action => 'index', :project_id => @project
end
>>>>>>> edaf457... Prevent mass-assignment vulnerability when adding/updating a document (#922).
end
end
2011-05-30 22:52:25 +04:00
def edit
@categories = DocumentCategory.all
if request.post? and @document.update_attributes(params[:document])
flash[:notice] = l(:notice_successful_update)
redirect_to :action => 'show', :id => @document
end
2011-05-30 22:52:25 +04:00
end
def destroy
@document.destroy
redirect_to :controller => 'documents', :action => 'index', :project_id => @project
end
2011-05-30 22:52:25 +04:00
def add_attachment
attachments = Attachment.attach_files(@document, params[:attachments])
render_attachment_warning_if_needed(@document)
Mailer.deliver_attachments_added(attachments[:files]) if attachments.present? && attachments[:files].present? && Setting.notified_events.include?('document_added')
redirect_to :action => 'show', :id => @document
end
private
def find_project
@project = Project.find(params[:project_id])
rescue ActiveRecord::RecordNotFound
render_404
end
end