Class: ApplicationController
- Inherits:
-
ActionController::Base
- Object
- ActionController::Base
- ApplicationController
- Includes:
- Redmine::Hook::Helper, Redmine::I18n, Redmine::MenuManager::MenuController, Redmine::Pagination, Redmine::Search::Controller, Redmine::SudoMode::Controller, RoutesHelper
- Defined in:
- app/controllers/application_controller.rb
Overview
Direct Known Subclasses
AccountController, ActivitiesController, AdminController, AttachmentsController, AuthSourcesController, AutoCompletesController, BoardsController, CalendarsController, CommentsController, ContextMenusController, CustomFieldEnumerationsController, CustomFieldsController, DocumentsController, EmailAddressesController, EnumerationsController, FilesController, GanttsController, GroupsController, ImportsController, IssueCategoriesController, IssueRelationsController, IssueStatusesController, IssuesController, JournalsController, MembersController, MessagesController, MyController, NewsController, PreviewsController, PrincipalMembershipsController, ProjectEnumerationsController, ProjectsController, QueriesController, ReportsController, RepositoriesController, RolesController, SearchController, SettingsController, TimelogController, TrackersController, UsersController, VersionsController, WatchersController, WelcomeController, WikiController, WikisController, WorkflowsController
Class Method Summary collapse
- .accept_api_auth(*actions) ⇒ Object
- .accept_rss_auth(*actions) ⇒ Object
- .model_object(model) ⇒ Object
Instance Method Summary collapse
-
#_include_layout?(*args) ⇒ Boolean
Overrides #_include_layout? so that #render with no arguments doesn't use the layout for api requests.
- #accept_api_auth?(action = action_name) ⇒ Boolean
- #accept_rss_auth?(action = action_name) ⇒ Boolean
-
#api_key_from_request ⇒ Object
Returns the API key present in the request.
-
#api_offset_and_limit(options = params) ⇒ Object
Returns offset and limit used to retrieve objects for an API response based on offset, limit and page parameters.
- #api_request? ⇒ Boolean
-
#api_switch_user_from_request ⇒ Object
Returns the API 'switch user' value if present.
-
#authorize(ctrl = params[:controller], action = params[:action], global = false) ⇒ Object
Authorize the user for the requested action.
-
#authorize_global(ctrl = params[:controller], action = params[:action], global = true) ⇒ Object
Authorize the user for the requested action outside a project.
- #autologin_cookie_name ⇒ Object
- #back_url ⇒ Object
-
#check_if_login_required ⇒ Object
check if login is globally required to access the application.
- #check_password_change ⇒ Object
-
#check_project_privacy ⇒ Object
make sure that the user is a member of the project (or admin) if project is private used as a before_filter for actions that do not require any particular permission on the project.
- #deny_access ⇒ Object
-
#filename_for_content_disposition(name) ⇒ Object
Returns a string that can be used as filename value in Content-Disposition header.
- #find_attachments ⇒ Object
-
#find_current_user ⇒ Object
Returns the current user or nil if no user is logged in and starts a session if needed.
-
#find_issue ⇒ Object
Find the issue whose id is the :id parameter Raises a Unauthorized exception if the issue is not visible.
-
#find_issues ⇒ Object
Find issues with a single :id param or :ids array param Raises a Unauthorized exception if one of the issues is not visible.
- #find_model_object ⇒ Object
-
#find_optional_project ⇒ Object
Find a project based on params TODO: some subclasses override this, see about merging their logic.
-
#find_project ⇒ Object
Find project of id params.
-
#find_project_by_project_id ⇒ Object
Find project of id params.
-
#find_project_from_association ⇒ Object
Finds and sets @project based on @object.project.
- #handle_unverified_request ⇒ Object
-
#logged_user=(user) ⇒ Object
Sets the logged in user.
-
#logout_user ⇒ Object
Logs out current user.
-
#missing_template ⇒ Object
Handler for ActionView::MissingTemplate exception.
- #parse_params_for_bulk_update(params) ⇒ Object
-
#parse_qvalues(value) ⇒ Object
qvalues http header parser code taken from webrick.
-
#per_page_option ⇒ Object
Returns the number of objects that should be displayed on the paginated list.
-
#query_statement_invalid(exception) ⇒ Object
Rescues an invalid query statement.
- #redirect_back_or_default(default, options = {}) ⇒ Object
-
#redirect_to_referer_or(*args, &block) ⇒ Object
Redirects to the request referer if present, redirects to args or call block otherwise.
- #render_403(options = {}) ⇒ Object
- #render_404(options = {}) ⇒ Object
- #render_api_errors(*messages) ⇒ Object
-
#render_api_head(status) ⇒ Object
Renders a head API response.
-
#render_api_ok ⇒ Object
Renders a 200 response for successfull updates or deletions via the API.
-
#render_attachment_warning_if_needed(obj) ⇒ Object
Renders a warning flash if obj has unsaved attachments.
-
#render_error(arg) ⇒ Object
Renders an error response.
- #render_feed(items, options = {}) ⇒ Object
-
#render_validation_errors(objects) ⇒ Object
Renders API response on validation failure for an object or an array of objects.
- #require_admin ⇒ Object
-
#require_admin_or_api_request ⇒ Object
Filter for actions that provide an API response but have no HTML representation for non admin users.
- #require_login ⇒ Object
- #session_expiration ⇒ Object
- #session_expired? ⇒ Boolean
- #set_localization(user = User.current) ⇒ Object
- #start_user_session(user) ⇒ Object
- #try_to_autologin ⇒ Object
-
#use_layout ⇒ boolean, string
Picks which layout to use based on the request.
- #user_setup ⇒ Object
- #verify_authenticity_token ⇒ Object
Methods included from Redmine::SudoMode::Controller
#process_sudo_form, #render_sudo_form, #require_sudo_mode, #sudo_mode, #sudo_timestamp_valid?, #update_sudo_timestamp!
Methods included from Redmine::MenuManager::MenuController
#current_menu_item, #menu_items, #redirect_to_project_menu_item
Methods included from Redmine::Search::Controller
#default_search_scope, #default_search_scopes
Methods included from RoutesHelper
#_new_project_issue_path, #_new_time_entry_path, #_project_calendar_path, #_project_gantt_path, #_project_issues_path, #_report_time_entries_path, #_time_entries_path, #board_path
Methods included from Redmine::Hook::Helper
Methods included from Redmine::Pagination
#deprecated_paginate, #paginate, #paginator
Methods included from Redmine::I18n
#current_language, #day_letter, #day_name, #find_language, #format_date, #format_time, #l, #l_hours, #l_hours_short, #l_or_humanize, #languages_options, #ll, #lu, #month_name, #set_language_if_valid, #valid_languages
Class Method Details
.accept_api_auth(*actions) ⇒ Object
542 543 544 545 546 547 548 |
# File 'app/controllers/application_controller.rb', line 542 def self.accept_api_auth(*actions) if actions.any? self.accept_api_auth_actions = actions else self.accept_api_auth_actions || [] end end |
.accept_rss_auth(*actions) ⇒ Object
530 531 532 533 534 535 536 |
# File 'app/controllers/application_controller.rb', line 530 def self.accept_rss_auth(*actions) if actions.any? self.accept_rss_auth_actions = actions else self.accept_rss_auth_actions || [] end end |
.model_object(model) ⇒ Object
314 315 316 |
# File 'app/controllers/application_controller.rb', line 314 def self.model_object(model) self.model_object = model end |
Instance Method Details
#_include_layout?(*args) ⇒ Boolean
Overrides #_include_layout? so that #render with no arguments doesn't use the layout for api requests
675 676 677 |
# File 'app/controllers/application_controller.rb', line 675 def _include_layout?(*args) api_request? ? false : super end |
#accept_api_auth?(action = action_name) ⇒ Boolean
550 551 552 |
# File 'app/controllers/application_controller.rb', line 550 def accept_api_auth?(action=action_name) self.class.accept_api_auth.include?(action.to_sym) end |
#accept_rss_auth?(action = action_name) ⇒ Boolean
538 539 540 |
# File 'app/controllers/application_controller.rb', line 538 def accept_rss_auth?(action=action_name) self.class.accept_rss_auth.include?(action.to_sym) end |
#api_key_from_request ⇒ Object
Returns the API key present in the request
624 625 626 627 628 629 630 |
# File 'app/controllers/application_controller.rb', line 624 def api_key_from_request if params[:key].present? params[:key].to_s elsif request.headers["X-Redmine-API-Key"].present? request.headers["X-Redmine-API-Key"].to_s end end |
#api_offset_and_limit(options = params) ⇒ Object
Returns offset and limit used to retrieve objects for an API response based on offset, limit and page parameters
571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 |
# File 'app/controllers/application_controller.rb', line 571 def api_offset_and_limit(=params) if [:offset].present? offset = [:offset].to_i if offset < 0 offset = 0 end end limit = [:limit].to_i if limit < 1 limit = 25 elsif limit > 100 limit = 100 end if offset.nil? && [:page].present? offset = ([:page].to_i - 1) * limit offset = 0 if offset < 0 end offset ||= 0 [offset, limit] end |
#api_request? ⇒ Boolean
619 620 621 |
# File 'app/controllers/application_controller.rb', line 619 def api_request? %w(xml json).include? params[:format] end |
#api_switch_user_from_request ⇒ Object
Returns the API 'switch user' value if present
633 634 635 |
# File 'app/controllers/application_controller.rb', line 633 def api_switch_user_from_request request.headers["X-Redmine-Switch-User"].to_s.presence end |
#authorize(ctrl = params[:controller], action = params[:action], global = false) ⇒ Object
Authorize the user for the requested action
255 256 257 258 259 260 261 262 263 264 265 266 |
# File 'app/controllers/application_controller.rb', line 255 def (ctrl = params[:controller], action = params[:action], global = false) allowed = User.current.allowed_to?({:controller => ctrl, :action => action}, @project || @projects, :global => global) if allowed true else if @project && @project.archived? render_403 :message => :notice_not_authorized_archived_project else deny_access end end end |
#authorize_global(ctrl = params[:controller], action = params[:action], global = true) ⇒ Object
Authorize the user for the requested action outside a project
269 270 271 |
# File 'app/controllers/application_controller.rb', line 269 def (ctrl = params[:controller], action = params[:action], global = true) (ctrl, action, global) end |
#autologin_cookie_name ⇒ Object
141 142 143 |
# File 'app/controllers/application_controller.rb', line 141 def Redmine::Configuration['autologin_cookie_name'].presence || 'autologin' end |
#back_url ⇒ Object
387 388 389 390 391 392 393 |
# File 'app/controllers/application_controller.rb', line 387 def back_url url = params[:back_url] if url.nil? && referer = request.env['HTTP_REFERER'] url = CGI.unescape(referer.to_s) end url end |
#check_if_login_required ⇒ Object
check if login is globally required to access the application
179 180 181 182 183 |
# File 'app/controllers/application_controller.rb', line 179 def check_if_login_required # no check needed if user is already logged in return true if User.current.logged? require_login if Setting.login_required? end |
#check_password_change ⇒ Object
185 186 187 188 189 190 191 192 193 194 |
# File 'app/controllers/application_controller.rb', line 185 def check_password_change if session[:pwd] if User.current.must_change_password? flash[:error] = l(:error_password_expired) redirect_to my_password_path else session.delete(:pwd) end end end |
#check_project_privacy ⇒ Object
make sure that the user is a member of the project (or admin) if project is private used as a before_filter for actions that do not require any particular permission on the project
373 374 375 376 377 378 379 380 381 382 383 384 385 |
# File 'app/controllers/application_controller.rb', line 373 def check_project_privacy if @project && !@project.archived? if @project.visible? true else deny_access end else @project = nil render_404 false end end |
#deny_access ⇒ Object
250 251 252 |
# File 'app/controllers/application_controller.rb', line 250 def deny_access User.current.logged? ? render_403 : require_login end |
#filename_for_content_disposition(name) ⇒ Object
Returns a string that can be used as filename value in Content-Disposition header
615 616 617 |
# File 'app/controllers/application_controller.rb', line 615 def filename_for_content_disposition(name) request.env['HTTP_USER_AGENT'] =~ %r{(MSIE|Trident|Edge)} ? ERB::Util.url_encode(name) : name end |
#find_attachments ⇒ Object
345 346 347 348 349 350 351 352 353 |
# File 'app/controllers/application_controller.rb', line 345 def if ( = params[:attachments]).present? att = .values.collect do || Attachment.find_by_token( [:token] ) if [:token].present? end att.compact! end @attachments = att || [] end |
#find_current_user ⇒ Object
Returns the current user or nil if no user is logged in and starts a session if needed
98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 |
# File 'app/controllers/application_controller.rb', line 98 def find_current_user user = nil unless api_request? if session[:user_id] # existing session user = (User.active.find(session[:user_id]) rescue nil) elsif autologin_user = try_to_autologin user = autologin_user elsif params[:format] == 'atom' && params[:key] && request.get? && accept_rss_auth? # RSS key authentication does not start a session user = User.find_by_rss_key(params[:key]) end end if user.nil? && Setting.rest_api_enabled? && accept_api_auth? if (key = api_key_from_request) # Use API key user = User.find_by_api_key(key) elsif request..to_s =~ /\ABasic /i # HTTP Basic, either username/password or API key/random authenticate_with_http_basic do |username, password| user = User.try_to_login(username, password) || User.find_by_api_key(username) end if user && user.must_change_password? render_error :message => 'You must change your password', :status => 403 return end end # Switch user if requested by an admin user if user && user.admin? && (username = api_switch_user_from_request) su = User.find_by_login(username) if su && su.active? logger.info(" User switched by: #{user.login} (id=#{user.id})") if logger user = su else render_error :message => 'Invalid X-Redmine-Switch-User header', :status => 412 end end end # store current ip address in user object ephemerally user.remote_ip = request.remote_ip if user user end |
#find_issue ⇒ Object
Find the issue whose id is the :id parameter Raises a Unauthorized exception if the issue is not visible
320 321 322 323 324 325 326 327 328 |
# File 'app/controllers/application_controller.rb', line 320 def find_issue # Issue.visible.find(...) can not be used to redirect user to the login form # if the issue actually exists but requires authentication @issue = Issue.find(params[:id]) raise Unauthorized unless @issue.visible? @project = @issue.project rescue ActiveRecord::RecordNotFound render_404 end |
#find_issues ⇒ Object
Find issues with a single :id param or :ids array param Raises a Unauthorized exception if one of the issues is not visible
332 333 334 335 336 337 338 339 340 341 342 343 |
# File 'app/controllers/application_controller.rb', line 332 def find_issues @issues = Issue. where(:id => (params[:id] || params[:ids])). preload(:project, :status, :tracker, :priority, :author, :assigned_to, :relations_to, {:custom_values => :custom_field}). to_a raise ActiveRecord::RecordNotFound if @issues.empty? raise Unauthorized unless @issues.all?(&:visible?) @projects = @issues.collect(&:project).compact.uniq @project = @projects.first if @projects.size == 1 rescue ActiveRecord::RecordNotFound render_404 end |
#find_model_object ⇒ Object
304 305 306 307 308 309 310 311 312 |
# File 'app/controllers/application_controller.rb', line 304 def find_model_object model = self.class.model_object if model @object = model.find(params[:id]) self.instance_variable_set('@' + controller_name.singularize, @object) if @object end rescue ActiveRecord::RecordNotFound render_404 end |
#find_optional_project ⇒ Object
Find a project based on params TODO: some subclasses override this, see about merging their logic
289 290 291 292 293 294 295 |
# File 'app/controllers/application_controller.rb', line 289 def find_optional_project @project = Project.find(params[:project_id]) unless params[:project_id].blank? allowed = User.current.allowed_to?({:controller => params[:controller], :action => params[:action]}, @project, :global => true) allowed ? true : deny_access rescue ActiveRecord::RecordNotFound render_404 end |
#find_project ⇒ Object
Find project of id params
274 275 276 277 278 |
# File 'app/controllers/application_controller.rb', line 274 def find_project @project = Project.find(params[:id]) rescue ActiveRecord::RecordNotFound render_404 end |
#find_project_by_project_id ⇒ Object
Find project of id params
281 282 283 284 285 |
# File 'app/controllers/application_controller.rb', line 281 def find_project_by_project_id @project = Project.find(params[:project_id]) rescue ActiveRecord::RecordNotFound render_404 end |
#find_project_from_association ⇒ Object
Finds and sets @project based on @object.project
298 299 300 301 302 |
# File 'app/controllers/application_controller.rb', line 298 def find_project_from_association render_404 unless @object.present? @project = @object.project end |
#handle_unverified_request ⇒ Object
44 45 46 47 48 49 50 51 52 |
# File 'app/controllers/application_controller.rb', line 44 def handle_unverified_request unless api_request? super .delete() self.logged_user = nil set_localization render_error :status => 422, :message => "Invalid form authenticity token." end end |
#logged_user=(user) ⇒ Object
Sets the logged in user
158 159 160 161 162 163 164 165 166 |
# File 'app/controllers/application_controller.rb', line 158 def logged_user=(user) reset_session if user && user.is_a?(User) User.current = user start_user_session(user) else User.current = User.anonymous end end |
#logout_user ⇒ Object
Logs out current user
169 170 171 172 173 174 175 176 |
# File 'app/controllers/application_controller.rb', line 169 def logout_user if User.current.logged? .delete() Token.delete_all(["user_id = ? AND action = ?", User.current.id, 'autologin']) Token.delete_all(["user_id = ? AND action = ? AND value = ?", User.current.id, 'session', session[:tk]]) self.logged_user = nil end end |
#missing_template ⇒ Object
Handler for ActionView::MissingTemplate exception
495 496 497 498 499 |
# File 'app/controllers/application_controller.rb', line 495 def missing_template logger.warn "Missing template, responding with 404" @project = nil render_404 end |
#parse_params_for_bulk_update(params) ⇒ Object
355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 |
# File 'app/controllers/application_controller.rb', line 355 def parse_params_for_bulk_update(params) attributes = (params || {}).reject {|k,v| v.blank?} attributes.keys.each {|k| attributes[k] = '' if attributes[k] == 'none'} if custom = attributes[:custom_field_values] custom.reject! {|k,v| v.blank?} custom.keys.each do |k| if custom[k].is_a?(Array) custom[k] << '' if custom[k].delete('__none__') else custom[k] = '' if custom[k] == '__none__' end end end attributes end |
#parse_qvalues(value) ⇒ Object
qvalues http header parser code taken from webrick
595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 |
# File 'app/controllers/application_controller.rb', line 595 def parse_qvalues(value) tmp = [] if value parts = value.split(/,\s*/) parts.each {|part| if m = %r{^([^\s,]+?)(?:;\s*q=(\d+(?:\.\d+)?))?$}.match(part) val = m[1] q = (m[2] or 1).to_f tmp.push([val, q]) end } tmp = tmp.sort_by{|val, q| -q} tmp.collect!{|val, q| val} end return tmp rescue nil end |
#per_page_option ⇒ Object
Returns the number of objects that should be displayed on the paginated list
556 557 558 559 560 561 562 563 564 565 566 567 |
# File 'app/controllers/application_controller.rb', line 556 def per_page_option per_page = nil if params[:per_page] && Setting..include?(params[:per_page].to_s.to_i) per_page = params[:per_page].to_s.to_i session[:per_page] = per_page elsif session[:per_page] per_page = session[:per_page] else per_page = Setting..first || 25 end per_page end |
#query_statement_invalid(exception) ⇒ Object
Rescues an invalid query statement. Just in caseā¦
643 644 645 646 647 648 |
# File 'app/controllers/application_controller.rb', line 643 def query_statement_invalid(exception) logger.error "Query::StatementInvalid: #{exception.}" if logger session.delete(:query) sort_clear if respond_to?(:sort_clear) render_error "An error occurred while executing the query and has been logged. Please report this error to your Redmine administrator." end |
#redirect_back_or_default(default, options = {}) ⇒ Object
395 396 397 398 399 400 401 402 403 404 405 406 |
# File 'app/controllers/application_controller.rb', line 395 def redirect_back_or_default(default, ={}) back_url = params[:back_url].to_s if back_url.present? && valid_url = validate_back_url(back_url) redirect_to(valid_url) return elsif [:referer] redirect_to_referer_or default return end redirect_to default false end |
#redirect_to_referer_or(*args, &block) ⇒ Object
Redirects to the request referer if present, redirects to args or call block otherwise.
455 456 457 458 459 460 461 462 463 464 465 |
# File 'app/controllers/application_controller.rb', line 455 def redirect_to_referer_or(*args, &block) redirect_to :back rescue ::ActionController::RedirectBackError if args.any? redirect_to *args elsif block_given? block.call else raise "#redirect_to_referer_or takes arguments or a block" end end |
#render_403(options = {}) ⇒ Object
467 468 469 470 471 |
# File 'app/controllers/application_controller.rb', line 467 def render_403(={}) @project = nil render_error({:message => :notice_not_authorized, :status => 403}.merge()) return false end |
#render_404(options = {}) ⇒ Object
473 474 475 476 |
# File 'app/controllers/application_controller.rb', line 473 def render_404(={}) render_error({:message => :notice_file_not_found, :status => 404}.merge()) return false end |
#render_api_errors(*messages) ⇒ Object
668 669 670 671 |
# File 'app/controllers/application_controller.rb', line 668 def render_api_errors(*) @error_messages = .flatten render :template => 'common/error_messages.api', :status => :unprocessable_entity, :layout => nil end |
#render_api_head(status) ⇒ Object
Renders a head API response
656 657 658 659 |
# File 'app/controllers/application_controller.rb', line 656 def render_api_head(status) # #head would return a response body with one space render :text => '', :status => status, :layout => nil end |
#render_api_ok ⇒ Object
Renders a 200 response for successfull updates or deletions via the API
651 652 653 |
# File 'app/controllers/application_controller.rb', line 651 def render_api_ok render_api_head :ok end |
#render_attachment_warning_if_needed(obj) ⇒ Object
Renders a warning flash if obj has unsaved attachments
638 639 640 |
# File 'app/controllers/application_controller.rb', line 638 def (obj) flash[:warning] = l(:warning_attachments_not_saved, obj..size) if obj..present? end |
#render_error(arg) ⇒ Object
Renders an error response
479 480 481 482 483 484 485 486 487 488 489 490 491 492 |
# File 'app/controllers/application_controller.rb', line 479 def render_error(arg) arg = {:message => arg} unless arg.is_a?(Hash) @message = arg[:message] @message = l(@message) if @message.is_a?(Symbol) @status = arg[:status] || 500 respond_to do |format| format.html { render :template => 'common/error', :layout => use_layout, :status => @status } format.any { head @status } end end |
#render_feed(items, options = {}) ⇒ Object
521 522 523 524 525 526 527 528 |
# File 'app/controllers/application_controller.rb', line 521 def render_feed(items, ={}) @items = (items || []).to_a @items.sort! {|x,y| y.event_datetime <=> x.event_datetime } @items = @items.slice(0, Setting.feeds_limit.to_i) @title = [:title] || Setting.app_title render :template => "common/feed", :formats => [:atom], :layout => false, :content_type => 'application/atom+xml' end |
#render_validation_errors(objects) ⇒ Object
Renders API response on validation failure for an object or an array of objects
663 664 665 666 |
# File 'app/controllers/application_controller.rb', line 663 def render_validation_errors(objects) = Array.wrap(objects).map {|object| object.errors.}.flatten render_api_errors() end |
#require_admin ⇒ Object
241 242 243 244 245 246 247 248 |
# File 'app/controllers/application_controller.rb', line 241 def require_admin return unless require_login if !User.current.admin? render_403 return false end true end |
#require_admin_or_api_request ⇒ Object
Filter for actions that provide an API response but have no HTML representation for non admin users
503 504 505 506 507 508 509 510 511 512 |
# File 'app/controllers/application_controller.rb', line 503 def require_admin_or_api_request return true if api_request? if User.current.admin? true elsif User.current.logged? render_error(:status => 406) else deny_access end end |
#require_login ⇒ Object
212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 |
# File 'app/controllers/application_controller.rb', line 212 def require_login if !User.current.logged? # Extract only the basic url parameters on non-GET requests if request.get? url = url_for(params) else url = url_for(:controller => params[:controller], :action => params[:action], :id => params[:id], :project_id => params[:project_id]) end respond_to do |format| format.html { if request.xhr? head :unauthorized else redirect_to signin_path(:back_url => url) end } format.any(:atom, :pdf, :csv) { redirect_to signin_path(:back_url => url) } format.xml { head :unauthorized, 'WWW-Authenticate' => 'Basic realm="Redmine API"' } format.js { head :unauthorized, 'WWW-Authenticate' => 'Basic realm="Redmine API"' } format.json { head :unauthorized, 'WWW-Authenticate' => 'Basic realm="Redmine API"' } format.any { head :unauthorized } end return false end true end |
#session_expiration ⇒ Object
65 66 67 68 69 70 71 72 73 74 |
# File 'app/controllers/application_controller.rb', line 65 def session_expiration if session[:user_id] && Rails.application.config.redmine_verify_sessions != false if session_expired? && !try_to_autologin set_localization(User.active.find_by_id(session[:user_id])) self.logged_user = nil flash[:error] = l(:error_session_expired) require_login end end end |
#session_expired? ⇒ Boolean
76 77 78 |
# File 'app/controllers/application_controller.rb', line 76 def session_expired? ! User.verify_session_token(session[:user_id], session[:tk]) end |
#set_localization(user = User.current) ⇒ Object
196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 |
# File 'app/controllers/application_controller.rb', line 196 def set_localization(user=User.current) lang = nil if user && user.logged? lang = find_language(user.language) end if lang.nil? && !Setting.force_default_language_for_anonymous? && request.env['HTTP_ACCEPT_LANGUAGE'] accept_lang = parse_qvalues(request.env['HTTP_ACCEPT_LANGUAGE']).first if !accept_lang.blank? accept_lang = accept_lang.downcase lang = find_language(accept_lang) || find_language(accept_lang.split('-').first) end end lang ||= Setting.default_language set_language_if_valid(lang) end |
#start_user_session(user) ⇒ Object
80 81 82 83 84 85 86 |
# File 'app/controllers/application_controller.rb', line 80 def start_user_session(user) session[:user_id] = user.id session[:tk] = user.generate_session_token if user.must_change_password? session[:pwd] = '1' end end |
#try_to_autologin ⇒ Object
145 146 147 148 149 150 151 152 153 154 155 |
# File 'app/controllers/application_controller.rb', line 145 def try_to_autologin if [] && Setting.autologin? # auto-login feature starts a new session user = User.try_to_autologin([]) if user reset_session start_user_session(user) end user end end |
#use_layout ⇒ boolean, string
Picks which layout to use based on the request
517 518 519 |
# File 'app/controllers/application_controller.rb', line 517 def use_layout request.xhr? ? false : 'base' end |
#user_setup ⇒ Object
88 89 90 91 92 93 94 |
# File 'app/controllers/application_controller.rb', line 88 def user_setup # Check the settings cache for each request Setting.check_cache # Find the current user User.current = find_current_user logger.info(" Current user: " + (User.current.logged? ? "#{User.current.login} (id=#{User.current.id})" : "anonymous")) if logger end |
#verify_authenticity_token ⇒ Object
38 39 40 41 42 |
# File 'app/controllers/application_controller.rb', line 38 def verify_authenticity_token unless api_request? super end end |