Merge remote-tracking branch 'bennibu/rails3' into rails3

Conflicts:
	app/controllers/login_controller.rb
	app/models/message.rb
	app/views/sessions/new.html.haml
This commit is contained in:
wvengen 2013-04-04 00:29:50 +02:00
commit 0bb080526a
7 changed files with 29 additions and 19 deletions

View file

@ -10,6 +10,10 @@ class LoginController < ApplicationController
# Sends an email to a user with the token that allows setting a new password through action "password". # Sends an email to a user with the token that allows setting a new password through action "password".
def reset_password def reset_password
if request.get? || params[:user].nil? # Catch for get request and give better error message.
redirect_to forgot_password_url, alert: 'Ein Problem ist aufgetreten. Bitte erneut versuchen' and return
end
if (user = User.find_by_email(params[:user][:email])) if (user = User.find_by_email(params[:user][:email]))
user.reset_password_token = user.new_random_password(16) user.reset_password_token = user.new_random_password(16)
user.reset_password_expires = Time.now.advance(:days => 2) user.reset_password_expires = Time.now.advance(:days => 2)
@ -43,13 +47,11 @@ class LoginController < ApplicationController
# For invited users. # For invited users.
def accept_invitation def accept_invitation
@invite = Invite.find_by_token(params[:token]) @invite = Invite.find_by_token(params[:token])
if (@invite.nil? || @invite.expires_at < Time.now) if @invite.nil? || @invite.expires_at < Time.now
flash[:error] = I18n.t('login.errors.invite_invalid') redirect_to login_url, alert: I18n.t('login.errors.invite_invalid')
render :action => 'login'
elsif @invite.group.nil? elsif @invite.group.nil?
flash[:error] = I18n.t('login.errors.group_invalid') redirect_to login_url, alert: I18n.t('login.errors.group_invalid')
render :action => 'login' elsif request.post?
elsif (request.post?)
User.transaction do User.transaction do
@user = User.new(params[:user]) @user = User.new(params[:user])
@user.email = @invite.email @user.email = @invite.email
@ -62,8 +64,6 @@ class LoginController < ApplicationController
else else
@user = User.new(:email => @invite.email) @user = User.new(:email => @invite.email)
end end
rescue
flash[:error] = I18n.t('errors.general_again')
end end
protected protected
@ -71,8 +71,7 @@ class LoginController < ApplicationController
def validate_token def validate_token
@user = User.find_by_id_and_reset_password_token(params[:id], params[:token]) @user = User.find_by_id_and_reset_password_token(params[:id], params[:token])
if (@user.nil? || @user.reset_password_expires < Time.now) if (@user.nil? || @user.reset_password_expires < Time.now)
flash[:error] = I18n.t('login.errors.token_invalid') redirect_to forgot_password_url, alert: I18n.t('login.errors.token_invalid')
render :action => 'forgot_password'
end end
end end
end end

View file

@ -8,6 +8,9 @@ class MessagesController < ApplicationController
# Creates a new message object. # Creates a new message object.
def new def new
@message = Message.new(params[:message]) @message = Message.new(params[:message])
if @message.reply_to and not @message.reply_to.is_readable_for?(current_user)
redirect_to new_message_url, alert: 'Nachricht ist privat!'
end
end end
# Creates a new message. # Creates a new message.
@ -24,5 +27,8 @@ class MessagesController < ApplicationController
# Shows a single message. # Shows a single message.
def show def show
@message = Message.find(params[:id]) @message = Message.find(params[:id])
unless @message.is_readable_for?(current_user)
redirect_to messages_url, alert: 'Nachricht ist privat!'
end
end end
end end

View file

@ -7,7 +7,7 @@ class StockTakingsController < ApplicationController
def new def new
@stock_taking = StockTaking.new @stock_taking = StockTaking.new
StockArticle.all.each { |a| @stock_taking.stock_changes.build(:stock_article => a) } StockArticle.undeleted.each { |a| @stock_taking.stock_changes.build(:stock_article => a) }
end end
def create def create

View file

@ -11,7 +11,7 @@ module DeliveriesHelper
end end
def stock_articles_for_select(supplier) def stock_articles_for_select(supplier)
supplier.stock_articles.map {|a| ["#{a.name} (#{number_to_currency a.price}/#{a.unit})", a.id] } supplier.stock_articles.undeleted.map {|a| ["#{a.name} (#{number_to_currency a.price}/#{a.unit})", a.id] }
end end
end end

View file

@ -2,7 +2,7 @@ class Message < ActiveRecord::Base
belongs_to :sender, :class_name => "User", :foreign_key => "sender_id" belongs_to :sender, :class_name => "User", :foreign_key => "sender_id"
serialize :recipients_ids, Array serialize :recipients_ids, Array
attr_accessor :sent_to_all, :group_id, :recipient_tokens attr_accessor :sent_to_all, :group_id, :recipient_tokens, :reply_to
scope :pending, where(:email_state => 0) scope :pending, where(:email_state => 0)
scope :sent, where(:email_state => 1) scope :sent, where(:email_state => 1)
@ -46,11 +46,11 @@ class Message < ActiveRecord::Base
end end
def reply_to=(message_id) def reply_to=(message_id)
message = Message.find(message_id) @reply_to = Message.find(message_id)
add_recipients([message.sender]) add_recipients([@reply_to.sender])
self.subject = I18n.t('messages.model.reply_subject', :subject => message.subject) self.subject = I18n.t('messages.model.reply_subject', :subject => @reply_to.subject)
self.body = I18n.t('messages.model.reply_header', :user => message.sender.nick, :when => I18n.l(message.created_at, :format => :short)) + "\n" self.body = I18n.t('messages.model.reply_header', :user => @reply_to.sender.nick, :when => I18n.l(@reply_to.created_at, :format => :short)) + "\n"
message.body.each_line{ |l| self.body += I18n.t('messages.model.reply_indent', :line => l) } @reply_to.body.each_line{ |l| self.body += I18n.t('messages.model.reply_indent', :line => l) }
end end
def mail_to=(user_id) def mail_to=(user_id)
@ -83,6 +83,10 @@ class Message < ActiveRecord::Base
end end
update_attribute(:email_state, 1) update_attribute(:email_state, 1)
end end
def is_readable_for?(user)
!private || sender == user || recipients_ids.include?(user.id)
end
end end

View file

@ -24,4 +24,4 @@
.control-group .control-group
.controls .controls
= submit_tag t('.login'), class: 'btn' = submit_tag t('.login'), class: 'btn'
= link_to t('.forgot_password'), :controller => 'login', :action => 'forgot_password' = link_to t('.forgot_password'), forgot_password_path

View file

@ -17,6 +17,7 @@ Foodsoft::Application.routes.draw do
match '/login' => 'sessions#new', :as => 'login' match '/login' => 'sessions#new', :as => 'login'
match '/logout' => 'sessions#destroy', :as => 'logout' match '/logout' => 'sessions#destroy', :as => 'logout'
get '/login/forgot_password' => 'login#forgot_password', as: :forgot_password
get '/login/new_password' => 'login#new_password', as: :new_password get '/login/new_password' => 'login#new_password', as: :new_password
match '/login/accept_invitation/:token' => 'login#accept_invitation', as: :accept_invitation match '/login/accept_invitation/:token' => 'login#accept_invitation', as: :accept_invitation
resources :sessions, :only => [:new, :create, :destroy] resources :sessions, :only => [:new, :create, :destroy]