Skip to content
This repository has been archived by the owner. It is now read-only.
Permalink
Browse files

Merged opf/openproject/v7.4.4 into opf/openproject-ce/stable/7

  • Loading branch information...
oliverguenther committed May 7, 2018
2 parents fea7c3d + 3fc4f25 commit bba42cd6768b2811dec57ff29147b13d981cea25
Showing with 729 additions and 596 deletions.
  1. +21 −21 Gemfile.lock
  2. +3 −3 app/controllers/wiki_controller.rb
  3. +3 −1 app/controllers/work_packages/bulk_controller.rb
  4. +1 −1 app/models/mail_handler.rb
  5. +8 −0 app/models/queries/relations/filters/from_filter.rb
  6. +16 −8 app/models/queries/relations/filters/involved_filter.rb
  7. +4 −0 app/models/queries/relations/filters/relation_filter.rb
  8. +12 −0 app/models/queries/relations/filters/to_filter.rb
  9. +62 −0 app/models/queries/relations/filters/visibility_checking.rb
  10. +11 −1 app/models/queries/relations/relation_query.rb
  11. +1 −1 app/models/time_entry.rb
  12. +25 −0 app/models/work_package.rb
  13. +6 −2 app/policies/query_policy.rb
  14. +1 −1 app/views/my/access_token.html.erb
  15. +3 −2 ci/.travis.yml
  16. +28 −1 frontend/app/components/common/autocomplete/lazyloaded/lazyloaded-autocompleter.ts
  17. +9 −1 frontend/app/components/context-menus/settings-menu/settings-menu.controller.ts
  18. +2 −2 frontend/app/components/context-menus/settings-menu/settings-menu.service.html
  19. +0 −1 frontend/app/components/projects/project-menu-autocomplete/project-menu-autocomplete.component.ts
  20. +0 −411 frontend/tests/unit/tests/work_packages/controllers/menus/options-dropdown-menu-controller-test.js
  21. +13 −0 lib/api/v3/queries/form_representer.rb
  22. +0 −2 lib/api/v3/relations/relations_api.rb
  23. +5 −4 lib/api/v3/work_packages/work_package_relations_api.rb
  24. +1 −1 lib/api/v3/work_packages/work_package_representer.rb
  25. +10 −3 lib/open_project/text_formatting.rb
  26. +1 −1 lib/open_project/version.rb
  27. +5 −7 lib/redmine/imap.rb
  28. +12 −2 spec/controllers/work_packages/bulk_controller_spec.rb
  29. +32 −1 spec/features/projects/project_autocomplete_spec.rb
  30. +2 −2 spec/features/security/angular_xss_spec.rb
  31. +1 −1 spec/lib/api/v3/work_packages/work_package_representer_spec.rb
  32. +3 −3 spec/lib/open_project/text_formatting_spec.rb
  33. +84 −0 spec/models/queries/relations/filters/from_filter_spec.rb
  34. +84 −0 spec/models/queries/relations/filters/involved_filter_spec.rb
  35. +84 −0 spec/models/queries/relations/filters/to_filter_spec.rb
  36. +23 −2 spec/models/queries/relations/relation_query_spec.rb
  37. +1 −1 spec_legacy/functional/wiki_controller_spec.rb
  38. +1 −1 spec_legacy/unit/helpers/application_helper_spec.rb
  39. +1 −1 vendored-plugins/openproject-auth_plugins/lib/open_project/auth_plugins/version.rb
  40. +1 −1 vendored-plugins/openproject-avatars/lib/open_project/avatars/version.rb
  41. +1 −1 vendored-plugins/openproject-backlogs/lib/open_project/backlogs/version.rb
  42. +1 −1 vendored-plugins/openproject-costs/lib/open_project/costs/version.rb
  43. +0 −3 vendored-plugins/openproject-documents/app/assets/stylesheets/documents/documents.sass
  44. +3 −0 vendored-plugins/openproject-documents/lib/open_project/documents/engine.rb
  45. +1 −1 vendored-plugins/openproject-documents/lib/open_project/documents/version.rb
  46. +5 −5 vendored-plugins/openproject-github_integration/lib/open_project/github_integration/hook_handler.rb
  47. +10 −3 ...ugins/openproject-github_integration/lib/open_project/github_integration/notification_handlers.rb
  48. +1 −1 vendored-plugins/openproject-github_integration/lib/open_project/github_integration/version.rb
  49. +95 −70 vendored-plugins/openproject-github_integration/spec/lib/github_integration_spec.rb
  50. +7 −6 vendored-plugins/openproject-github_integration/spec/lib/hook_handler_spec.rb
  51. +1 −1 vendored-plugins/openproject-global_roles/lib/open_project/global_roles/version.rb
  52. +1 −1 vendored-plugins/openproject-ldap_groups/lib/open_project/ldap_groups/version.rb
  53. +2 −1 vendored-plugins/openproject-meeting/app/helpers/meeting_contents_helper.rb
  54. +1 −0 vendored-plugins/openproject-meeting/config/locales/en.yml
  55. +1 −0 vendored-plugins/openproject-meeting/features/meeting_close.feature
  56. +1 −1 vendored-plugins/openproject-meeting/lib/open_project/meeting/version.rb
  57. +1 −1 vendored-plugins/openproject-my_project_page/lib/open_project/my_project_page/version.rb
  58. +1 −1 vendored-plugins/openproject-openid_connect/lib/open_project/openid_connect/version.rb
  59. +1 −1 vendored-plugins/openproject-pdf_export/lib/open_project/pdf_export/version.rb
  60. +1 −1 vendored-plugins/openproject-reporting/lib/open_project/reporting/version.rb
  61. +1 −1 ...ugins/openproject-two_factor_authentication/lib/open_project/two_factor_authentication/version.rb
  62. +8 −1 vendored-plugins/openproject-webhooks/app/controllers/webhooks/incoming/hooks_controller.rb
  63. +2 −2 vendored-plugins/openproject-webhooks/lib/open_project/webhooks/hook.rb
  64. +1 −1 vendored-plugins/openproject-webhooks/lib/open_project/webhooks/version.rb
  65. +1 −1 vendored-plugins/openproject-xls_export/lib/open_project/xls_export/version.rb
  66. +1 −1 vendored-plugins/reporting_engine/lib/reporting_engine/version.rb
@@ -113,73 +113,73 @@ GIT
PATH
remote: vendored-plugins/openproject-auth_plugins
specs:
openproject-auth_plugins (7.4.3)
openproject-auth_plugins (7.4.4)
omniauth (~> 1.0)
rails (~> 5.0)

PATH
remote: vendored-plugins/openproject-avatars
specs:
openproject-avatars (7.4.3)
openproject-avatars (7.4.4)
fastimage (~> 2.1.0)
gravatar_image_tag (~> 1.2.0)
rails (~> 5.0)

PATH
remote: vendored-plugins/openproject-backlogs
specs:
openproject-backlogs (7.4.3)
openproject-backlogs (7.4.4)
acts_as_silent_list (~> 3.0.0)
openproject-pdf_export (= 7.4.3)
openproject-pdf_export (= 7.4.4)
rails (~> 5.0.0)

PATH
remote: vendored-plugins/openproject-costs
specs:
openproject-costs (7.4.3)
openproject-costs (7.4.4)
rails (~> 5.0.0)

PATH
remote: vendored-plugins/openproject-documents
specs:
openproject-documents (7.4.3)
openproject-documents (7.4.4)
rails (~> 5.0.0)

PATH
remote: vendored-plugins/openproject-github_integration
specs:
openproject-github_integration (7.4.3)
openproject-webhooks (~> 7.4.3)
openproject-github_integration (7.4.4)
openproject-webhooks (~> 7.4.4)
rails (~> 5.0)

PATH
remote: vendored-plugins/openproject-global_roles
specs:
openproject-global_roles (7.4.3)
openproject-global_roles (7.4.4)
rails (~> 5.0.0)

PATH
remote: vendored-plugins/openproject-ldap_groups
specs:
openproject-ldap_groups (7.4.3)
openproject-ldap_groups (7.4.4)

PATH
remote: vendored-plugins/openproject-meeting
specs:
openproject-meeting (7.4.3)
openproject-meeting (7.4.4)
icalendar (~> 2.3.0)
rails (~> 5.0.0)

PATH
remote: vendored-plugins/openproject-my_project_page
specs:
openproject-my_project_page (7.4.3)
openproject-my_project_page (7.4.4)
rails (~> 5.0.0)

PATH
remote: vendored-plugins/openproject-openid_connect
specs:
openproject-openid_connect (7.4.3)
openproject-openid_connect (7.4.4)
lobby_boy (~> 0.1)
omniauth-openid_connect-providers (~> 0.1)
openproject-auth_plugins (~> 7.0)
@@ -188,44 +188,44 @@ PATH
PATH
remote: vendored-plugins/openproject-pdf_export
specs:
openproject-pdf_export (7.4.3)
openproject-pdf_export (7.4.4)
pdf-inspector (~> 1.3.0)
prawn (~> 2.2)

PATH
remote: vendored-plugins/openproject-reporting
specs:
openproject-reporting (7.4.3)
openproject-reporting (7.4.4)
jquery-tablesorter (~> 1.22.3)
openproject-costs (= 7.4.3)
openproject-costs (= 7.4.4)
rails (~> 5.0.0)
reporting_engine (>= 1.1.0)

PATH
remote: vendored-plugins/openproject-two_factor_authentication
specs:
openproject-two_factor_authentication (7.4.3)
openproject-two_factor_authentication (7.4.4)
messagebird-rest (~> 1.3.2)
rails (~> 5)
rotp (~> 3.3)

PATH
remote: vendored-plugins/openproject-webhooks
specs:
openproject-webhooks (7.4.3)
openproject-webhooks (7.4.4)
rails (~> 5.0)

PATH
remote: vendored-plugins/openproject-xls_export
specs:
openproject-xls_export (7.4.3)
openproject-xls_export (7.4.4)
rails (~> 5.0.0)
spreadsheet (~> 0.8.9)

PATH
remote: vendored-plugins/reporting_engine
specs:
reporting_engine (7.4.3)
reporting_engine (7.4.4)
json
rails (~> 5.0.0)

@@ -432,7 +432,7 @@ GEM
railties (>= 3.0.0)
faker (1.8.4)
i18n (~> 0.5)
fastimage (2.1.1)
fastimage (2.1.3)
ffi (1.9.18)
fog-aws (0.11.0)
fog-core (~> 1.38)
@@ -135,7 +135,7 @@ def show
if @page.new_record?
if User.current.allowed_to?(:edit_wiki_pages, @project) && editable?
edit
render action: 'edit'
render action: 'new'
else
render_404
end
@@ -256,7 +256,7 @@ def project_menu_items

def wiki_root_menu_items
MenuItems::WikiMenuItem
.where(parent_id: nil)
.main_items(@wiki.id)
.map { |it| OpenStruct.new name: it.name, caption: it.title, item: it }
end

@@ -403,7 +403,7 @@ def parse_preview_data
private

def wiki_page_title
params[:id]
params[:title] || params[:id]
end

def find_wiki
@@ -99,7 +99,9 @@ def destroy
def destroy_work_packages(work_packages)
work_packages.each do |work_package|
begin
work_package.reload.destroy
WorkPackages::DestroyService
.new(user: current_user, work_package: work_package.reload)
.call
rescue ::ActiveRecord::RecordNotFound
# raised by #reload if work package no longer exists
# nothing to do, work package was already deleted (eg. by a parent)
@@ -141,7 +141,7 @@ def dispatch
# TODO: send a email to the user
logger.error e.message if logger
false
rescue MissingInformation
rescue MissingInformation => e
log "missing information from #{user}: #{e.message}", :error
false
rescue UnauthorizedAction
@@ -31,13 +31,21 @@ module Queries
module Relations
module Filters
class FromFilter < ::Queries::Relations::Filters::RelationFilter
include ::Queries::Relations::Filters::VisibilityChecking

def type
:integer
end

def self.key
:from_id
end

private

def visibility_checked_sql(operator, values, visible_sql)
["from_id #{operator} (?) AND to_id IN (#{visible_sql})", values]
end
end
end
end
@@ -36,6 +36,8 @@ module Filters
# Given relations [{ from_id: 3, to_id: 7 }, { from_id: 8, to_id: 3}]
# filtering by involved=3 would yield both these relations.
class InvolvedFilter < ::Queries::Relations::Filters::RelationFilter
include ::Queries::Relations::Filters::VisibilityChecking

def type
:integer
end
@@ -44,15 +46,21 @@ def self.key
:involved
end

def where
integer_values = values.map(&:to_i)
private

def visibility_checked_sql(operator_string, values, visible_sql)
concatenation = if operator == '='
"OR"
else
"AND"
end

sql = <<-SQL.strip_heredoc
(from_id #{operator_string} (?) AND to_id IN (#{visible_sql}))
#{concatenation} (to_id #{operator_string} (?) AND from_id IN (#{visible_sql}))
SQL

case operator
when "="
["from_id IN (?) OR to_id IN (?)", integer_values, integer_values]
when "!"
["from_id NOT IN (?) AND to_id NOT IN (?)", integer_values, integer_values]
end
[sql, values, values]
end
end
end
@@ -36,6 +36,10 @@ class RelationFilter < ::Queries::Filters::Base
def human_name
Relation.human_attribute_name(name)
end

def visibility_checked?
false
end
end
end
end
@@ -31,13 +31,25 @@ module Queries
module Relations
module Filters
class ToFilter < ::Queries::Relations::Filters::RelationFilter
include ::Queries::Relations::Filters::VisibilityChecking

def type
:integer
end

def self.key
:to_id
end

def visibility_checked?
true
end

private

def visibility_checked_sql(operator, values, visible_sql)
["to_id #{operator} (?) AND from_id IN (#{visible_sql})", values]
end
end
end
end
@@ -0,0 +1,62 @@
#-- encoding: UTF-8

#-- copyright
# OpenProject is a project management system.
# Copyright (C) 2012-2018 the OpenProject Foundation (OPF)
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License version 3.
#
# OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows:
# Copyright (C) 2006-2017 Jean-Philippe Lang
# Copyright (C) 2010-2013 the ChiliProject Team
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
#
# See docs/COPYRIGHT.rdoc for more details.
#++

module Queries
module Relations
module Filters
module VisibilityChecking
def visibility_checked?
true
end

def where
integer_values = values.map(&:to_i)

visible_sql = WorkPackage.visible(User.current).select(:id).to_sql

operator_string = case operator
when "="
"IN"
when "!"
"NOT IN"
end

visibility_checked_sql(operator_string, values, visible_sql)
end

private

def visibility_checked_sql(_operator, _values, _visible_sql)
raise NotImplementedError
end
end
end
end
end
@@ -35,9 +35,19 @@ def self.model

def default_scope
Relation
.visible
.direct
end

def results
# Filters marked to already check visibility free us from the need
# to check it here.

if filters.any?(&:visibility_checked?)
super
else
super.visible
end
end
end
end
end
@@ -126,7 +126,7 @@ def authoritativ_activity
private

def validate_hours_are_in_range
errors.add :hours, :invalid if hours && (hours < 0 || hours >= 1000)
errors.add :hours, :invalid if hours && hours < 0
end

def validate_project_is_set

0 comments on commit bba42cd

Please sign in to comment.
You can’t perform that action at this time.