diff --git a/Gemfile b/Gemfile
index 6bb141404..6c2101345 100644
--- a/Gemfile
+++ b/Gemfile
@@ -1,4 +1,4 @@
-source 'http://ruby.taobao.org'
+source 'http://rubygems.org'
#source 'http://ruby.sdutlinux.org/'
unless RUBY_PLATFORM =~ /w32/
@@ -33,21 +33,21 @@ group :test do
gem 'selenium-webdriver', '~> 2.42.0'
- platforms :mri, :mingw do
- group :rmagick do
- # RMagick 2 supports ruby 1.9
- # RMagick 1 would be fine for ruby 1.8 but Bundler does not support
- # different requirements for the same gem on different platforms
- gem "rmagick", ">= 2.0.0"
- end
- end
+ # platforms :mri, :mingw do
+ # group :rmagick do
+ # # RMagick 2 supports ruby 1.9
+ # # RMagick 1 would be fine for ruby 1.8 but Bundler does not support
+ # # different requirements for the same gem on different platforms
+ # gem "rmagick", ">= 2.0.0"
+ # end
+ #end
end
group :development, :test do
- gem "guard-rails", '~> 0.5.3'
+ # gem "guard-rails", '~> 0.5.3'
gem 'spork-testunit', '~> 0.0.8'
- gem 'guard-spork', '~> 1.5.1'
- gem 'guard-test', '~> 1.0.0'
+ # gem 'guard-spork', '~> 1.5.1'
+ # gem 'guard-test', '~> 1.0.0'
gem 'ruby-prof', '~> 0.15.1' unless RUBY_PLATFORM =~ /w32/
gem 'pry'
gem 'pry-nav'
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 2721c57c7..fe9f6c1b6 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -156,7 +156,16 @@ class ApplicationController < ActionController::Base
user
end
end
+ def try_to_autologin1
+ # auto-login feature starts a new session
+ user = User.try_to_autologin(params[:token])
+ if user
+ start_user_session(user)
+ end
+ user
+
+ end
# Sets the logged in user
def logged_user=(user)
reset_session
@@ -248,6 +257,24 @@ class ApplicationController < ActionController::Base
end
end
end
+ def authorize1(ctrl = params[:controller], action = params[:action],token = params[:token], global = false)
+
+ if(!User.current.logged? && !token.nil?)
+
+ User.current =try_to_autologin1
+ end
+ allowed = authorize_allowed(params[:controller], params[:action],global)
+
+ if allowed
+ true
+ else
+ if @project && @project.archived?
+ render_403 :message => :notice_not_authorized_archived_project
+ else
+ deny_access
+ end
+ end
+ end
def authorize_allowed(ctrl = params[:controller], action = params[:action], global = false)
#modify by NWB
@@ -261,6 +288,7 @@ class ApplicationController < ActionController::Base
allowed
end
def authorize_attachment_download(ctrl = params[:controller], action = params[:action], global = false)
+
case @attachment.container_type
when "Memo"
allowed = User.current.allowed_to?(:memos_attachments_download,nil,:global => true)
@@ -289,6 +317,37 @@ class ApplicationController < ActionController::Base
end
end
+ def authorize_attachment_download1(ctrl = params[:controller], action = params[:action],token = params[:token], global = false)
+ if(!User.current.logged? && !token.nil?)
+ User.current = try_to_autologin1
+ end
+ case @attachment.container_type
+ when "Memo"
+ allowed = User.current.allowed_to?(:memos_attachments_download,nil,:global => true)
+ when "Message"
+ if @project
+ allowed = User.current.allowed_to?(:projects_attachments_download,@project,:global => false)
+ elsif @course
+ allowed = User.current.allowed_to?(:course_attachments_download, @course, :global => false)
+ end
+ when "contest"
+ return true
+ when "Course"
+ allowed = User.current.allowed_to?(:course_attachments_download, @course, :global => false)
+ else
+ return true
+ end
+
+ if allowed
+ true
+ else
+ if @project && @project.archived?
+ render_403 :message => :notice_not_authorized_archived_project
+ else
+ deny_access
+ end
+ end
+ end
def authorize_course(ctrl = params[:controller], action = params[:action], global = false)
allowed = User.current.allowed_to?({:controller => ctrl, :action => action}, @course || @course, :global => global)
if allowed
@@ -789,4 +848,29 @@ class ApplicationController < ActionController::Base
@organizer = WebFooterOranizer.first
@companies = WebFooterCompany.all
end
+
+
+
+
+ def password_authentication
+ user, last_login_on = User.try_to_login(params[:user_name], params[:password])
+
+
+ successful_authentication(user, last_login_on)
+
+ end
+
+
+ def successful_authentication(user, last_login_on)
+ logger.info "Successful authentication for '#{user.login}' from #{request.remote_ip} at #{Time.now.utc}"
+ # Valid user
+ self.logged_user = user
+ # generate a key and set cookie if autologin
+ if params[:autologin] && Setting.autologin?
+ set_autologin_cookie(user)
+ end
+ call_hook(:controller_account_success_authentication_after, {:user => user })
+
+
+ end
end
diff --git a/app/controllers/attachments_controller.rb b/app/controllers/attachments_controller.rb
index 952dcdf44..2c6a002b4 100644
--- a/app/controllers/attachments_controller.rb
+++ b/app/controllers/attachments_controller.rb
@@ -17,11 +17,12 @@
class AttachmentsController < ApplicationController
layout "users_base"
+
before_filter :find_project, :only => [:show, :download, :thumbnail, :destroy, :delete_homework]#, :except => [:upload, :autocomplete]
before_filter :file_readable, :read_authorize, :only => [:show, :thumbnail]#Modified by young
before_filter :delete_authorize, :only => :destroy
before_filter :authorize_global, :only => :upload
- before_filter :authorize_attachment_download, :only => :download
+ before_filter :authorize_attachment_download1, :only => :download
#before_filter :login_without_softapplication, only: [:download]
accept_api_auth :show, :download, :upload
require 'iconv'
diff --git a/app/controllers/courses_controller.rb b/app/controllers/courses_controller.rb
index e76fa31dc..9d35b9fb0 100644
--- a/app/controllers/courses_controller.rb
+++ b/app/controllers/courses_controller.rb
@@ -810,9 +810,9 @@ class CoursesController < ApplicationController
# modify by nwb
# 添加私密性判断
if User.current.member_of_course?(@course)|| User.current.admin?
- events = @activity.events(@date_from, @date_to)
+ events = @activity.events(@days, @course.created_at)
else
- events = @activity.events(@date_from, @date_to, :is_public => 1)
+ events = @activity.events(@days, @course.created_at, :is_public => 1)
end
# 无新动态时,显示老动态
diff --git a/app/controllers/issues_controller.rb b/app/controllers/issues_controller.rb
index f3c2b199c..c0d83fdcd 100644
--- a/app/controllers/issues_controller.rb
+++ b/app/controllers/issues_controller.rb
@@ -19,10 +19,13 @@ class IssuesController < ApplicationController
layout 'base_projects'#Added by young
default_search_scope :issues
+ before_filter :authorize1, :only => [:show]
before_filter :find_issue, :only => [:show, :edit, :update]
before_filter :find_issues, :only => [:bulk_edit, :bulk_update, :destroy]
before_filter :find_project, :only => [:new, :create, :update_form]
+ #before_filter :authorize, :except => [:index, :show]
before_filter :authorize, :except => [:index]
+
before_filter :find_optional_project, :only => [:index]
before_filter :check_for_default_issue_status, :only => [:new, :create]
before_filter :build_new_issue_from_params, :only => [:new, :create, :update_form]
@@ -107,7 +110,7 @@ class IssuesController < ApplicationController
end
def show
-
+
@journals = @issue.journals.includes(:user, :details).reorder("#{Journal.table_name}.id ASC").all
@journals.each_with_index {|j,i| j.indice = i+1}
@journals.reject!(&:private_notes?) unless User.current.allowed_to?(:view_private_notes, @issue.project)
diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb
index 0b7cbbb5f..5d43a4e20 100644
--- a/app/controllers/projects_controller.rb
+++ b/app/controllers/projects_controller.rb
@@ -597,8 +597,8 @@ class ProjectsController < ApplicationController
"show_wiki_edits"=>true,
"show_journals_for_messages" => true
}
- @date_to ||= Date.today + 1
- @date_from = @date_to - @days-1.years
+
+
@with_subprojects = params[:with_subprojects].nil? ? Setting.display_subprojects_issues? : (params[:with_subprojects] == '1')
@author = (params[:user_id].blank? ? nil : User.active.find(params[:user_id]))
# 决定显示所用用户或单个用户活动
@@ -612,9 +612,9 @@ class ProjectsController < ApplicationController
# modify by nwb
# 添加私密性判断
if User.current.member_of?(@project)|| User.current.admin?
- events = @activity.events(@date_from, @date_to)
+ events = @activity.events(@days)
else
- events = @activity.events(@date_from, @date_to, :is_public => 1)
+ events = @activity.events(@days,nil, :is_public => 1)
end
@offset, @limit = api_offset_and_limit({:limit => 10})
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 0fcf35aff..7b4d488a9 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -41,7 +41,7 @@ class UsersController < ApplicationController
:activity_score_index, :influence_score_index, :score_index,:show_new_score, :topic_new_score_index, :project_new_score_index,
:activity_new_score_index, :influence_new_score_index, :score_new_index,:user_projects_index]
before_filter :auth_user_extension, only: :show
- before_filter :rest_user_score, only: :show
+ #before_filter :rest_user_score, only: :show
#before_filter :select_entry, only: :user_projects
accept_api_auth :index, :show, :create, :update, :destroy,:tag_save , :tag_saveEx
diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb
index cb88742ad..7efa02503 100644
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@@ -140,10 +140,12 @@ module ApplicationHelper
# * :text - Link text (default to attachment filename)
# * :download - Force download (default: false)
def link_to_attachment(attachment, options={})
+ token = options[:token] if options[:token]
text = options.delete(:text) || attachment.filename
route_method = options.delete(:download) ? :download_named_attachment_path : :named_attachment_path
html_options = options.slice!(:only_path)
url = send(route_method, attachment, attachment.filename, options)
+ url << "?token=#{token}" unless token.nil?
link_to text, url, html_options
end
diff --git a/app/helpers/issues_helper.rb b/app/helpers/issues_helper.rb
index 8390fc61c..6a708051a 100644
--- a/app/helpers/issues_helper.rb
+++ b/app/helpers/issues_helper.rb
@@ -224,6 +224,7 @@ module IssuesHelper
# as an array of strings
def details_to_strings(details, no_html=false, options={})
options[:only_path] = (options[:only_path] == false ? false : true)
+ options[:token] = options[:token] if options[:token]
strings = []
values_by_field = {}
details.each do |detail|
@@ -312,7 +313,11 @@ module IssuesHelper
old_value = content_tag("del", old_value) if detail.old_value and detail.value.blank?
if detail.property == 'attachment' && !value.blank? && atta = Attachment.find_by_id(detail.prop_key)
# Link to the attachment if it has not been removed
- value = link_to_attachment(atta, :download => true, :only_path => options[:only_path])
+ if options[:token].nil?
+ value = link_to_attachment(atta, :download => true, :only_path => options[:only_path])
+ else
+ value = link_to_attachment(atta, :download => true, :only_path => options[:only_path], :token => options[:token])
+ end
if options[:only_path] != false && atta.is_text?
value += link_to(
image_tag('magnifier.png'),
diff --git a/app/models/issue_observer.rb b/app/models/issue_observer.rb
index 3369387ee..50cbf2a42 100644
--- a/app/models/issue_observer.rb
+++ b/app/models/issue_observer.rb
@@ -18,8 +18,12 @@
class IssueObserver < ActiveRecord::Observer
def after_create(issue)
- thread1=Thread.new do
- Mailer.issue_add(issue).deliver if Setting.notified_events.include?('issue_added')
- end
+ Thread.start do
+ recipients = issue.recipients
+ recipients.each do |rec|
+ Mailer.issue_add(issue,rec).deliver if Setting.notified_events.include?('issue_added')
+ end
+ end
+
end
end
diff --git a/app/models/issue_overdue.rb b/app/models/issue_overdue.rb
index 5caec94c9..3002b74ef 100644
--- a/app/models/issue_overdue.rb
+++ b/app/models/issue_overdue.rb
@@ -20,7 +20,11 @@ class IssueOverdue < ActiveRecord::Base
#发邮件
#puts "11" + issue.id.to_s
#Mailer.issue_expire(issue).deliver
- Mailer.issue_add(issue).deliver
+ recipients = issue.recipients
+ recipients.each do |rec|
+
+ Mailer.issue_edit(issue,rec).deliver
+ end
break
end
end
diff --git a/app/models/journal_observer.rb b/app/models/journal_observer.rb
index 0357fb74d..10d3f7b4b 100644
--- a/app/models/journal_observer.rb
+++ b/app/models/journal_observer.rb
@@ -23,8 +23,12 @@ class JournalObserver < ActiveRecord::Observer
(Setting.notified_events.include?('issue_status_updated') && journal.new_status.present?) ||
(Setting.notified_events.include?('issue_priority_updated') && journal.new_value_for('priority_id').present?)
)
- Thread.new do
- Mailer.issue_edit(journal).deliver
+ Thread.start do
+ recipients = journal.recipients
+ recipients.each do |rec|
+
+ Mailer.issue_edit(journal,rec).deliver
+ end
end
end
end
diff --git a/app/models/mailer.rb b/app/models/mailer.rb
index a7f850766..b432461c7 100644
--- a/app/models/mailer.rb
+++ b/app/models/mailer.rb
@@ -95,29 +95,45 @@ class Mailer < ActionMailer::Base
# Example:
# issue_add(issue) => Mail::Message object
# Mailer.issue_add(issue).deliver => sends an email to issue recipients
- def issue_add(issue)
+ def issue_add(issue, recipients)
issue_id = issue.project_index
redmine_headers 'Project' => issue.project.identifier,
'Issue-Id' => issue_id,
'Issue-Author' => issue.author.login
redmine_headers 'Issue-Assignee' => issue.assigned_to.login if issue.assigned_to
message_id issue
+
@author = issue.author
@issue = issue
- @issue_url = url_for(:controller => 'issues', :action => 'show', :id => issue.id)
- recipients = issue.recipients
- cc = issue.watcher_recipients - recipients
- mail :to => recipients,
- :cc => cc,
- :subject => "[#{issue.project.name} - #{issue.tracker.name} ##{issue_id}] (#{issue.status.name}) #{issue.subject}"
+
+
+ token = Token.new(:user => User.find_by_mail(recipients), :action => 'autologin')
+ token.save
+ @token = token
+ @issue_url = url_for(:controller => 'issues', :action => 'show', :id => issue.id, :token => @token.value)
+
+
+ cc = issue.watcher_recipients - issue.recipients
+ subject = "[#{issue.project.name} - #{issue.tracker.name} ##{issue_id}] (#{issue.status.name}) #{issue.subject}"
+ mail(:to => recipients,
+ :cc => cc,
+ :subject => subject)
end
+ # issue.attachments.each do |attach|
+ # attachments["#{attach.filename}"] = File.read("#{attach.disk_filename}")
+ # end
+ # cc = issue.watcher_recipients - recipients
+ #mail.attachments['test'] = File.read("#{RAILS.root}/files/2015/01/150114094010_libegl.dll")
+
+
+
# Builds a Mail::Message object used to email recipients of the edited issue.
#
# Example:
# issue_edit(journal) => Mail::Message object
# Mailer.issue_edit(journal).deliver => sends an email to issue recipients
- def issue_edit(journal)
+ def issue_edit(journal,recipients)
issue = journal.journalized.reload
issue_id = issue.project_index
redmine_headers 'Project' => issue.project.identifier,
@@ -127,18 +143,34 @@ class Mailer < ActionMailer::Base
message_id journal
references issue
@author = journal.user
- recipients = journal.recipients
+
+
+ token = Token.new(:user => User.find_by_mail(recipients), :action => 'autologin')
+ token.save
+ @token = token
+ @issue_url = url_for(:controller => 'issues', :action => 'show', :id => issue.id, :anchor => "change-#{journal.id}", :token => @token.value)
+
+
+
+
# Watchers in cc
- cc = journal.watcher_recipients - recipients
+
+ cc = journal.watcher_recipients - journal.recipients
s = "[#{issue.project.name} - #{issue.tracker.name} ##{issue_id}] "
s << "(#{issue.status.name}) " if journal.new_value_for('status_id')
s << issue.subject
@issue = issue
@journal = journal
- @issue_url = url_for(:controller => 'issues', :action => 'show', :id => issue, :anchor => "change-#{journal.id}")
- mail :to => recipients,
- :cc => cc,
- :subject => s
+ # @issue_url = url_for(:controller => 'issues', :action => 'show', :id => issue, :anchor => "change-#{journal.id}")
+ mail(:to => recipients,
+ :cc => cc,
+ :subject => s)
+ end
+
+ def self.deliver_mailer(to,cc, subject)
+ mail :to => to,
+ :cc => cc,
+ :subject => subject
end
# 用户申请加入项目邮件通知
@@ -615,5 +647,15 @@ class Mailer < ActionMailer::Base
Rails.logger
end
-
+ def add_attachments(obj)
+ if email.attachments && email.attachments.any?
+ email.attachments.each do |attachment|
+ obj.attachments << Attachment.create(:container => obj,
+ :file => attachment.decoded,
+ :filename => attachment.filename,
+ :author => user,
+ :content_type => attachment.mime_type)
+ end
+ end
+ end
end
diff --git a/app/models/user.rb b/app/models/user.rb
index 735b80762..52619b038 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -380,7 +380,7 @@ class User < Principal
raise text
end
- # Returns the user who matches the given autologin +key+ or nil
+
def self.try_to_autologin(key)
user = Token.find_active_user('autologin', key, Setting.autologin.to_i)
if user
@@ -466,7 +466,11 @@ class User < Principal
User.hash_password("#{salt}#{User.hash_password clear_password}") == hashed_password
end
end
+ def check_password1?(clear_password)
+ clear_password == hashed_password
+
+ end
# Generates a random salt and computes hashed_password for +clear_password+
# The hashed password is stored in the following form: SHA1(salt + SHA1(password))
def salt_password(clear_password)
diff --git a/app/views/bids/_homework.html.erb b/app/views/bids/_homework.html.erb
index db1f555d3..e107e50b3 100644
--- a/app/views/bids/_homework.html.erb
+++ b/app/views/bids/_homework.html.erb
@@ -36,6 +36,7 @@
$('#ajax-modal').html('<%= escape_javascript(render :partial => 'homework_attach/praise_alert') %>');
showModal('ajax-modal', '480px');
$('#ajax-modal').css('height','240px');
+ $('#ajax-modal').siblings().remove();
$('#ajax-modal').before("" +
"
");
$('#ajax-modal').parent().css("top","").css("left","").css("width","511");
diff --git a/app/views/layouts/_base_feedback.html.erb b/app/views/layouts/_base_feedback.html.erb
index 859ed0361..62b3a01e3 100644
--- a/app/views/layouts/_base_feedback.html.erb
+++ b/app/views/layouts/_base_feedback.html.erb
@@ -62,7 +62,7 @@ function f_submit()