Merge branch 'szzh' of http://xianbo_trustie2@repository.trustie.net/xianbo/trustie2.git into szzh

Conflicts:
	app/models/user.rb
	app/views/account/login.html.erb

Gemfile.lock

@@ -125,6 +125,7 @@ GEM
     mocha (1.1.0)
       metaclass (~> 0.0.1)
     multi_json (1.10.1)
+    mysql2 (0.3.11)
     mysql2 (0.3.11-x86-mingw32)
     net-ldap (0.3.1)
     nokogiri (1.6.3)

app/controllers/account_controller.rb

@@ -312,8 +312,8 @@ class AccountController < ApplicationController
       else
       #by young
       #redirect_back_or_default my_page_path
-      #sredirect_back_or_default User.current
+      redirect_back_or_default User.current
-      redirect_to my_account_url
+      #redirect_to my_account_url
       #redirect_to User.current
       end
     end

app/controllers/attachments_controller.rb

@@ -64,7 +64,7 @@ class AttachmentsController < ApplicationController
     # modify by nwb
     # 下载添加权限设置
      candown = false
-    if (@attachment.container.has_attribute?(:project) || @attachment.container.has_attribute?(:project_id)) && @attachment.container.project
+    if @attachment.container.class.to_s != "HomeworkAttach" &&(@attachment.container.has_attribute?(:project) || @attachment.container.has_attribute?(:project_id)) && @attachment.container.project
       project = @attachment.container.project
       candown= User.current.member_of?(project) || (project.is_public && @attachment.is_public == 1)
     elsif  @attachment.container.is_a?(Project)
@@ -89,7 +89,6 @@ class AttachmentsController < ApplicationController
     elsif  @attachment.container_type == "Bid" && @attachment.container && @attachment.container.courses
       candown = User.current.member_of_course?(@attachment.container.courses.first) || (course.is_public == 1 && @attachment.is_public == 1)
     else
-
       candown = @attachment.is_public == 1
     end
     if candown || User.current.admin? || User.current.id == @attachment.author_id

public/javascripts/application.js

@@ -2,6 +2,8 @@
 /* Redmine - project management software
  Copyright (C) 2006-2013  Jean-Philippe Lang */
 
+
+
 function cleanArray (actual){
     var newArray = new Array();
     for (var i = 0; i< actual.length; i++){
@@ -389,6 +391,7 @@ function submitPreview(url, form, target) {
     $.ajax({
         url: url,
         type: 'post',
+        beforeSend: function(xhr) {xhr.setRequestHeader('X-CSRF-Token', $('meta[name="csrf-token"]').attr('content'))},
         data: $('#'+form).serialize(),
         success: function(data){
             $('#'+target).html(data);
@@ -454,6 +457,7 @@ function randomKey(size) {
 function updateIssueFrom(url) {
     $.ajax({
         url: url,
+        beforeSend: function(xhr) {xhr.setRequestHeader('X-CSRF-Token', $('meta[name="csrf-token"]').attr('content'))},
         type: 'post',
         data: $('#issue-form').serialize()
     });
@@ -462,6 +466,7 @@ function updateIssueFrom(url) {
 function updateBulkEditFrom(url) {
     $.ajax({
         url: url,
+        beforeSend: function(xhr) {xhr.setRequestHeader('X-CSRF-Token', $('meta[name="csrf-token"]').attr('content'))},
         type: 'post',
         data: $('#bulk_edit_form').serialize()
     });
@@ -540,6 +545,7 @@ function initMyPageSortable(list, url) {
             $.ajax({
                 url: url,
                 type: 'post',
+                beforeSend: function(xhr) {xhr.setRequestHeader('X-CSRF-Token', $('meta[name="csrf-token"]').attr('content'))},
                 data: {'blocks': $.map($('#list-'+list).children(), function(el){return $(el).attr('id');})}
             });
         }
@@ -621,6 +627,14 @@ function transpotUrl (scope) {
 $(document).ready(setupAjaxIndicator);
 $(document).ready(hideOnLoad);
 $(document).ready(addFormObserversForDoubleSubmit);
+$(document).ready(function(){
+        $.ajaxSetup({
+            headers: {
+                'X-CSRF-Token': $('meta[name="csrf-token"]').attr('content')
+            }
+        });
+    }
+)
 
 function img_thumbnails() {
     $('.thumbnails a').colorbox({rel:'nofollow'});