Merge remote-tracking branch 'bennibu/rails3' into rails3

Conflicts:
	app/controllers/login_controller.rb
	app/models/message.rb
	app/views/sessions/new.html.haml

app/controllers/login_controller.rb

@@ -10,6 +10,10 @@ class LoginController < ApplicationController
   
   # Sends an email to a user with the token that allows setting a new password through action "password".
   def reset_password
+    if request.get? || params[:user].nil? # Catch for get request and give better error message.
+      redirect_to forgot_password_url, alert: 'Ein Problem ist aufgetreten. Bitte erneut versuchen' and return
+    end
+
     if (user = User.find_by_email(params[:user][:email]))
       user.reset_password_token = user.new_random_password(16)
       user.reset_password_expires = Time.now.advance(:days => 2)
@@ -43,13 +47,11 @@ class LoginController < ApplicationController
   # For invited users.
   def accept_invitation
     @invite = Invite.find_by_token(params[:token])
-    if (@invite.nil? || @invite.expires_at < Time.now)
-      flash[:error] = I18n.t('login.errors.invite_invalid')
-      render :action => 'login'
+    if @invite.nil? || @invite.expires_at < Time.now
+      redirect_to login_url, alert: I18n.t('login.errors.invite_invalid')
     elsif @invite.group.nil?
-      flash[:error] = I18n.t('login.errors.group_invalid')
-      render :action => 'login'
-    elsif (request.post?)
+      redirect_to login_url, alert: I18n.t('login.errors.group_invalid')
+    elsif request.post?
       User.transaction do
         @user = User.new(params[:user])
         @user.email = @invite.email
@@ -62,8 +64,6 @@ class LoginController < ApplicationController
     else
       @user = User.new(:email => @invite.email)
     end
-  rescue
-    flash[:error] = I18n.t('errors.general_again')
   end
 
   protected
@@ -71,8 +71,7 @@ class LoginController < ApplicationController
   def validate_token
     @user = User.find_by_id_and_reset_password_token(params[:id], params[:token])
     if (@user.nil? || @user.reset_password_expires < Time.now)
-      flash[:error] = I18n.t('login.errors.token_invalid')
-      render :action => 'forgot_password'
+      redirect_to forgot_password_url, alert: I18n.t('login.errors.token_invalid')
     end
   end
 end

app/controllers/messages_controller.rb

@@ -8,6 +8,9 @@ class MessagesController < ApplicationController
   # Creates a new message object.
   def new
     @message = Message.new(params[:message])
+    if @message.reply_to and not @message.reply_to.is_readable_for?(current_user)
+      redirect_to new_message_url, alert: 'Nachricht ist privat!'
+    end
   end
 
   # Creates a new message.
@@ -24,5 +27,8 @@ class MessagesController < ApplicationController
   # Shows a single message.
   def show
     @message = Message.find(params[:id])
+    unless @message.is_readable_for?(current_user)
+      redirect_to messages_url, alert: 'Nachricht ist privat!'
+    end
   end
 end

app/controllers/stock_takings_controller.rb

@@ -7,7 +7,7 @@ class StockTakingsController < ApplicationController
 
   def new
     @stock_taking = StockTaking.new
-    StockArticle.all.each { |a| @stock_taking.stock_changes.build(:stock_article => a) }
+    StockArticle.undeleted.each { |a| @stock_taking.stock_changes.build(:stock_article => a) }
   end
 
   def create

app/helpers/deliveries_helper.rb

@@ -11,7 +11,7 @@ module DeliveriesHelper
   end
 
   def stock_articles_for_select(supplier)
-    supplier.stock_articles.map {|a| ["#{a.name} (#{number_to_currency a.price}/#{a.unit})", a.id] }
+    supplier.stock_articles.undeleted.map {|a| ["#{a.name} (#{number_to_currency a.price}/#{a.unit})", a.id] }
   end
 
 end

app/models/message.rb

@@ -2,7 +2,7 @@ class Message < ActiveRecord::Base
   belongs_to :sender, :class_name => "User", :foreign_key => "sender_id"
 
   serialize :recipients_ids, Array
-  attr_accessor :sent_to_all, :group_id, :recipient_tokens
+  attr_accessor :sent_to_all, :group_id, :recipient_tokens, :reply_to
   
   scope :pending, where(:email_state => 0)
   scope :sent, where(:email_state => 1)
@@ -46,11 +46,11 @@ class Message < ActiveRecord::Base
   end
 
   def reply_to=(message_id)
-    message = Message.find(message_id)
-    add_recipients([message.sender])
-    self.subject = I18n.t('messages.model.reply_subject', :subject => message.subject)
-    self.body = I18n.t('messages.model.reply_header', :user => message.sender.nick, :when => I18n.l(message.created_at, :format => :short)) + "\n"
-    message.body.each_line{ |l| self.body += I18n.t('messages.model.reply_indent', :line => l) }
+    @reply_to = Message.find(message_id)
+    add_recipients([@reply_to.sender])
+    self.subject = I18n.t('messages.model.reply_subject', :subject => @reply_to.subject)
+    self.body = I18n.t('messages.model.reply_header', :user => @reply_to.sender.nick, :when => I18n.l(@reply_to.created_at, :format => :short)) + "\n"
+    @reply_to.body.each_line{ |l| self.body += I18n.t('messages.model.reply_indent', :line => l) }
   end
 
   def mail_to=(user_id)
@@ -83,6 +83,10 @@ class Message < ActiveRecord::Base
     end
     update_attribute(:email_state, 1)
   end
+
+  def is_readable_for?(user)
+    !private || sender == user || recipients_ids.include?(user.id)
+  end
 end
 
 

app/views/sessions/new.html.haml

@@ -24,4 +24,4 @@
   .control-group
     .controls
       = submit_tag t('.login'), class: 'btn'
-      = link_to t('.forgot_password'), :controller => 'login', :action => 'forgot_password'
+      = link_to t('.forgot_password'), forgot_password_path

config/routes.rb

@@ -17,6 +17,7 @@ Foodsoft::Application.routes.draw do
 
     match '/login' => 'sessions#new', :as => 'login'
     match '/logout' => 'sessions#destroy', :as => 'logout'
+    get '/login/forgot_password' => 'login#forgot_password', as: :forgot_password
     get '/login/new_password' => 'login#new_password', as: :new_password
     match '/login/accept_invitation/:token' => 'login#accept_invitation', as: :accept_invitation
     resources :sessions, :only => [:new, :create, :destroy]