Class: ApplicationController

Inherits:
ActionController::Base
  • Object
show all
Includes:
Redmine::I18n, Redmine::MenuManager::MenuController, Redmine::Search::Controller
Defined in:
app/controllers/application_controller.rb

Direct Known Subclasses

AccountController, AdminController, AlphaPluginController, AppAndPluginController, AssetsController, AttachmentsController, AuthSourcesController, BoardsController, CustomFieldsController, DocumentsController, EnumerationsController, ExceptionNotificationCompatibilityTest::SimpleController, GroupsController, IssueCategoriesController, IssueRelationsController, IssueStatusesController, IssuesController, JournalsController, MembersController, MessagesController, MyController, Namespace::AlphaPluginController, Namespace::AppAndPluginController, Namespace::SharedPluginController, Namespace::TestRoutingController, NewsController, ProjectsController, QueriesController, ReportsController, RepositoriesController, RolesController, SearchController, SettingsController, SharedEngineController, SharedPluginController, TestRoutingController, TimelogController, TrackersController, UsersController, VersionsController, WatchersController, WelcomeController, WikiController, WikisController, WorkflowsController

Class Method Summary

Instance Method Summary

Methods included from Redmine::I18n

#current_language, #day_name, #find_language, #format_date, #format_time, included, #l, #l_hours, #l_or_humanize, #ll, #month_name, #set_language_if_valid, #valid_languages

Methods included from Redmine::Search::Controller

#default_search_scope, #default_search_scopes, included

Methods included from Redmine::MenuManager::MenuController

#current_menu_item, included, #menu_items, #redirect_to_project_menu_item

Class Method Details

+ (Object) accept_key_auth(*actions)



274
275
276
277
# File 'app/controllers/application_controller.rb', line 274

def self.accept_key_auth(*actions)
  actions = actions.flatten.map(&:to_s)
  write_inheritable_attribute('accept_key_auth_actions', actions)
end

+ (Object) model_object(model)



189
190
191
# File 'app/controllers/application_controller.rb', line 189

def self.model_object(model)
  write_inheritable_attribute('model_object', model)
end

Instance Method Details

- (Object) accept_key_auth_actions



279
280
281
# File 'app/controllers/application_controller.rb', line 279

def accept_key_auth_actions
  self.class.read_inheritable_attribute('accept_key_auth_actions') || []
end

- (Boolean) api_request?

Returns:

  • (Boolean)


324
325
326
# File 'app/controllers/application_controller.rb', line 324

def api_request?
  %w(xml json).include? params[:format]
end

- (Object) authorize(ctrl = params[:controller], action = params[:action], global = false)

Authorize the user for the requested action



153
154
155
156
# File 'app/controllers/application_controller.rb', line 153

def authorize(ctrl = params[:controller], action = params[:action], global = false)
  allowed = User.current.allowed_to?({:controller => ctrl, :action => action}, @project, :global => global)
  allowed ? true : deny_access
end

- (Object) authorize_global(ctrl = params[:controller], action = params[:action], global = true)

Authorize the user for the requested action outside a project



159
160
161
# File 'app/controllers/application_controller.rb', line 159

def authorize_global(ctrl = params[:controller], action = params[:action], global = true)
  authorize(ctrl, action, global)
end

- (Object) check_if_login_required

check if login is globally required to access the application



99
100
101
102
103
# File 'app/controllers/application_controller.rb', line 99

def 
  # no check needed if user is already logged in
  return true if User.current.logged?
   if Setting.
end

- (Object) check_project_privacy

make sure that the user is a member of the project (or admin) if project is private used as a before_filter for actions that do not require any particular permission on the project



195
196
197
198
199
200
201
202
203
204
205
206
207
# File 'app/controllers/application_controller.rb', line 195

def check_project_privacy
  if @project && @project.active?
    if @project.is_public? || User.current.member_of?(@project) || User.current.admin?
      true
    else
      User.current.logged? ? render_403 : 
    end
  else
    @project = nil
    render_404
    false
  end
end

- (Object) delete_broken_cookies



31
32
33
34
35
36
37
# File 'app/controllers/application_controller.rb', line 31

def delete_broken_cookies
  if cookies['_redmine_session'] && cookies['_redmine_session'] !~ /--/
    cookies.delete '_redmine_session'    
    redirect_to home_path
    return false
  end
end

- (Object) deny_access



148
149
150
# File 'app/controllers/application_controller.rb', line 148

def deny_access
  User.current.logged? ? render_403 : 
end

- (Object) filename_for_content_disposition(name)

Returns a string that can be used as filename value in Content-Disposition header



320
321
322
# File 'app/controllers/application_controller.rb', line 320

def filename_for_content_disposition(name)
  request.env['HTTP_USER_AGENT'] =~ %r{MSIE} ? ERB::Util.url_encode(name) : name
end

- (Object) find_current_user

Returns the current user or nil if no user is logged in and starts a session if needed



62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
# File 'app/controllers/application_controller.rb', line 62

def find_current_user
  if session[:user_id]
    # existing session
    (User.active.find(session[:user_id]) rescue nil)
  elsif cookies[:autologin] && Setting.autologin?
    # auto-login feature starts a new session
    user = User.try_to_autologin(cookies[:autologin])
    session[:user_id] = user.id if user
    user
  elsif params[:format] == 'atom' && params[:key] && accept_key_auth_actions.include?(params[:action])
    # RSS key authentication does not start a session
    User.find_by_rss_key(params[:key])
  elsif Setting.rest_api_enabled? && ['xml', 'json'].include?(params[:format])
    if params[:key].present? && accept_key_auth_actions.include?(params[:action])
      # Use API key
      User.find_by_api_key(params[:key])
    else
      # HTTP Basic, either username/password or API key/random
      authenticate_with_http_basic do |username, password|
        User.(username, password) || User.find_by_api_key(username)
      end
    end
  end
end

- (Object) find_model_object



179
180
181
182
183
184
185
186
187
# File 'app/controllers/application_controller.rb', line 179

def find_model_object
  model = self.class.read_inheritable_attribute('model_object')
  if model
    @object = model.find(params[:id])
    self.instance_variable_set('@' + controller_name.singularize, @object) if @object
  end
rescue ActiveRecord::RecordNotFound
  render_404
end

- (Object) find_project

Find project of id params[:id]



164
165
166
167
168
# File 'app/controllers/application_controller.rb', line 164

def find_project
  @project = Project.find(params[:id])
rescue ActiveRecord::RecordNotFound
  render_404
end

- (Object) find_project_from_association

Finds and sets @project based on @object.project



171
172
173
174
175
176
177
# File 'app/controllers/application_controller.rb', line 171

def find_project_from_association
  render_404 unless @object.present?
  
  @project = @object.project
rescue ActiveRecord::RecordNotFound
  render_404
end

- (Object) invalid_authenticity_token



259
260
261
262
263
264
# File 'app/controllers/application_controller.rb', line 259

def invalid_authenticity_token
  if api_request?
    logger.error "Form authenticity token is missing or is invalid. API calls must include a proper Content-type header (text/xml or text/json)."
  end
  render_error "Invalid form authenticity token."
end

- (Object) logged_user=(user)

Sets the logged in user



88
89
90
91
92
93
94
95
96
# File 'app/controllers/application_controller.rb', line 88

def logged_user=(user)
  reset_session
  if user && user.is_a?(User)
    User.current = user
    session[:user_id] = user.id
  else
    User.current = User.anonymous
  end
end

- (Object) parse_qvalues(value)

qvalues http header parser code taken from webrick



300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
# File 'app/controllers/application_controller.rb', line 300

def parse_qvalues(value)
  tmp = []
  if value
    parts = value.split(/,\s*/)
    parts.each {|part|
      if m = %r{^([^\s,]+?)(?:;\s*q=(\d+(?:\.\d+)?))?$}.match(part)
        val = m[1]
        q = (m[2] or 1).to_f
        tmp.push([val, q])
      end
    }
    tmp = tmp.sort_by{|val, q| -q}
    tmp.collect!{|val, q| val}
  end
  return tmp
rescue
  nil
end

- (Object) per_page_option

Returns the number of objects that should be displayed on the paginated list



285
286
287
288
289
290
291
292
293
294
295
296
# File 'app/controllers/application_controller.rb', line 285

def per_page_option
  per_page = nil
  if params[:per_page] && Setting.per_page_options_array.include?(params[:per_page].to_s.to_i)
    per_page = params[:per_page].to_s.to_i
    session[:per_page] = per_page
  elsif session[:per_page]
    per_page = session[:per_page]
  else
    per_page = Setting.per_page_options_array.first || 25
  end
  per_page
end

- (Object) redirect_back_or_default(default)



209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
# File 'app/controllers/application_controller.rb', line 209

def redirect_back_or_default(default)
  back_url = CGI.unescape(params[:back_url].to_s)
  if !back_url.blank?
    begin
      uri = URI.parse(back_url)
      # do not redirect user to another host or to the login or register page
      if (uri.relative? || (uri.host == request.host)) && !uri.path.match(%r{/(login|account/register)})
        redirect_to(back_url)
        return
      end
    rescue URI::InvalidURIError
      # redirect to default
    end
  end
  redirect_to default
end

- (Object) render_403



226
227
228
229
230
231
232
233
234
235
# File 'app/controllers/application_controller.rb', line 226

def render_403
  @project = nil
  respond_to do |format|
    format.html { render :template => "common/403", :layout => (request.xhr? ? false : 'base'), :status => 403 }
    format.atom { head 403 }
    format.xml { head 403 }
    format.json { head 403 }
  end
  return false
end

- (Object) render_404



237
238
239
240
241
242
243
244
245
# File 'app/controllers/application_controller.rb', line 237

def render_404
  respond_to do |format|
    format.html { render :template => "common/404", :layout => !request.xhr?, :status => 404 }
    format.atom { head 404 }
    format.xml { head 404 }
    format.json { head 404 }
  end
  return false
end

- (Object) render_attachment_warning_if_needed(obj)

Renders a warning flash if obj has unsaved attachments



329
330
331
# File 'app/controllers/application_controller.rb', line 329

def render_attachment_warning_if_needed(obj)
  flash[:warning] = l(:warning_attachments_not_saved, obj.unsaved_attachments.size) if obj.unsaved_attachments.present?
end

- (Object) render_error(msg)



247
248
249
250
251
252
253
254
255
256
257
# File 'app/controllers/application_controller.rb', line 247

def render_error(msg)
  respond_to do |format|
    format.html { 
      flash.now[:error] = msg
      render :text => '', :layout => !request.xhr?, :status => 500
    }
    format.atom { head 500 }
    format.xml { head 500 }
    format.json { head 500 }
  end
end

- (Object) render_feed(items, options = {})



266
267
268
269
270
271
272
# File 'app/controllers/application_controller.rb', line 266

def render_feed(items, options={})    
  @items = items || []
  @items.sort! {|x,y| y.event_datetime <=> x.event_datetime }
  @items = @items.slice(0, Setting.feeds_limit.to_i)
  @title = options[:title] || Setting.app_title
  render :template => "common/feed.atom.rxml", :layout => false, :content_type => 'application/atom+xml'
end

- (Object) require_admin



139
140
141
142
143
144
145
146
# File 'app/controllers/application_controller.rb', line 139

def require_admin
  return unless 
  if !User.current.admin?
    render_403
    return false
  end
  true
end

- (Object) require_login



120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
# File 'app/controllers/application_controller.rb', line 120

def 
  if !User.current.logged?
    # Extract only the basic url parameters on non-GET requests
    if request.get?
      url = url_for(params)
    else
      url = url_for(:controller => params[:controller], :action => params[:action], :id => params[:id], :project_id => params[:project_id])
    end
    respond_to do |format|
      format.html { redirect_to :controller => "account", :action => "login", :back_url => url }
      format.atom { redirect_to :controller => "account", :action => "login", :back_url => url }
      format.xml { head :unauthorized }
      format.json { head :unauthorized }
    end
    return false
  end
  true
end

- (Object) set_localization



105
106
107
108
109
110
111
112
113
114
115
116
117
118
# File 'app/controllers/application_controller.rb', line 105

def set_localization
  lang = nil
  if User.current.logged?
    lang = find_language(User.current.language)
  end
  if lang.nil? && request.env['HTTP_ACCEPT_LANGUAGE']
    accept_lang = parse_qvalues(request.env['HTTP_ACCEPT_LANGUAGE']).first.downcase
    if !accept_lang.blank?
      lang = find_language(accept_lang) || find_language(accept_lang.split('-').first)
    end
  end
  lang ||= Setting.default_language
  set_language_if_valid(lang)
end

- (Object) user_setup



53
54
55
56
57
58
# File 'app/controllers/application_controller.rb', line 53

def user_setup
  # Check the settings cache for each request
  Setting.check_cache
  # Find the current user
  User.current = find_current_user
end