gitlab-org--gitlab-foss/app/controllers/application_controller.rb

class ApplicationController < ActionController::Base
  before_filter :authenticate_user!
  before_filter :reject_blocked!
  before_filter :set_current_user_for_observers
  before_filter :dev_tools if Rails.env == 'development'

  protect_from_forgery

  helper_method :abilities, :can?

  rescue_from Gitlab::Gitolite::AccessDenied do |exception|
    render "errors/gitolite", layout: "errors", status: 500
  end

  rescue_from Encoding::CompatibilityError do |exception|
    render "errors/encoding", layout: "errors", status: 500
  end

  rescue_from ActiveRecord::RecordNotFound do |exception|
    render "errors/not_found", layout: "errors", status: 404
  end

  protected

  def reject_blocked!
    if current_user && current_user.blocked
      sign_out current_user
      flash[:alert] = "Your account was blocked"
      redirect_to new_user_session_path
    end
  end

  def after_sign_in_path_for resource
    if resource.is_a?(User) && resource.respond_to?(:blocked) && resource.blocked
      sign_out resource
      flash[:alert] = "Your account was blocked"
      new_user_session_path
    else
      super
    end
  end

  def set_current_user_for_observers
    MergeRequestObserver.current_user = current_user
    IssueObserver.current_user = current_user
  end

  def abilities
    @abilities ||= Six.new
  end

  def can?(object, action, subject)
    abilities.allowed?(object, action, subject)
  end

  def project
    @project ||= current_user.projects.find_by_code(params[:project_id] || params[:id])
    @project || render_404
  end

  def add_project_abilities
    abilities << Ability
  end

  def authorize_project!(action)
    return access_denied! unless can?(current_user, action, project)
  end

  def authorize_code_access!
    return access_denied! unless can?(current_user, :download_code, project)
  end

  def access_denied!
    render "errors/access_denied", layout: "errors", status: 404
  end

  def not_found!
    render "errors/not_found", layout: "errors", status: 404
  end

  def git_not_found!
    render "errors/git_not_found", layout: "errors", status: 404
  end

  def method_missing(method_sym, *arguments, &block)
    if method_sym.to_s =~ /^authorize_(.*)!$/
      authorize_project!($1.to_sym)
    else
      super
    end
  end

  def render_404
    render file: Rails.root.join("public", "404"), layout: false, status: "404"
  end

  def require_non_empty_project
    redirect_to @project if @project.empty_repo?
  end

  def no_cache_headers
    response.headers["Cache-Control"] = "no-cache, no-store, max-age=0, must-revalidate"
    response.headers["Pragma"] = "no-cache"
    response.headers["Expires"] = "Fri, 01 Jan 1990 00:00:00 GMT"
  end

  def dev_tools
    Rack::MiniProfiler.authorize_request
  end
end
init commit 2011-10-08 17:36:38 -04:00			`class ApplicationController < ActionController::Base`
			`before_filter :authenticate_user!`
User blocking improved. Admin area styled 2012-04-16 16:33:03 -04:00			`before_filter :reject_blocked!`
Fix IssueObserver current_user assign. Refactored observers 2012-06-24 03:01:42 -04:00			`before_filter :set_current_user_for_observers`
Rack mini profiler for dev env 2012-08-02 02:48:24 -04:00			`before_filter :dev_tools if Rails.env == 'development'`
Fix IssueObserver current_user assign. Refactored observers 2012-06-24 03:01:42 -04:00
init commit 2011-10-08 17:36:38 -04:00			`protect_from_forgery`
Fix IssueObserver current_user assign. Refactored observers 2012-06-24 03:01:42 -04:00
init commit 2011-10-08 17:36:38 -04:00			`helper_method :abilities, :can?`

lib/ refactoring. Module Gitlabhq renamed to Gitlab 2012-05-26 06:37:49 -04:00			`rescue_from Gitlab::Gitolite::AccessDenied do \|exception\|`
layout selected by controller name 2012-09-26 16:24:52 -04:00			`render "errors/gitolite", layout: "errors", status: 500`
better error handling for not found resource, gitolite error 2012-02-22 00:14:54 -05:00			`end`

Rescue encoding error on controller level 2012-05-31 16:36:52 -04:00			`rescue_from Encoding::CompatibilityError do \|exception\|`
layout selected by controller name 2012-09-26 16:24:52 -04:00			`render "errors/encoding", layout: "errors", status: 500`
Rescue encoding error on controller level 2012-05-31 16:36:52 -04:00			`end`

better error handling for not found resource, gitolite error 2012-02-22 00:14:54 -05:00			`rescue_from ActiveRecord::RecordNotFound do \|exception\|`
layout selected by controller name 2012-09-26 16:24:52 -04:00			`render "errors/not_found", layout: "errors", status: 404`
gitosis error handle 2011-10-09 17:15:28 -04:00			`end`

clean-up code * Remove trailing whitespace * Converts hard-tabs into two-space soft-tabs * Remove consecutive blank lines 2011-10-26 09:46:25 -04:00			`protected`
init commit 2011-10-08 17:36:38 -04:00
User blocking improved. Admin area styled 2012-04-16 16:33:03 -04:00			`def reject_blocked!`
			`if current_user && current_user.blocked`
allow login via private token only for atom feeds 2012-06-01 09:56:28 -04:00			`sign_out current_user`
User blocking improved. Admin area styled 2012-04-16 16:33:03 -04:00			`flash[:alert] = "Your account was blocked"`
			`redirect_to new_user_session_path`
			`end`
			`end`

Ability to block user 2012-04-13 01:12:34 -04:00			`def after_sign_in_path_for resource`
			`if resource.is_a?(User) && resource.respond_to?(:blocked) && resource.blocked`
			`sign_out resource`
			`flash[:alert] = "Your account was blocked"`
			`new_user_session_path`
			`else`
			`super`
			`end`
			`end`

Fix IssueObserver current_user assign. Refactored observers 2012-06-24 03:01:42 -04:00			`def set_current_user_for_observers`
Separate observing of Note and MergeRequests * Move is_assigned? and is_being_xx? methods to IssueCommonality This is behavior merge requests have in common with issues. Moved methods to IssueCommonality role. Put specs directly into merge_request_spec because setup differs for issues and MRs specifically in the "closed" factory to use. * Add MergeRequestObserver. Parallels IssueObserver in almost every way. Ripe for refactoring. * Rename MailerObserver to NoteObserver With merge request observing moved out of MailerObserver, all that was left was Note logic. Renamed to NoteObserver, added tests and updated application config for new observer names. Refactored NoteObserver to use the note's author and not rely on current_user. * Set current_user for MergeRequestObserver IssueObserver and MergeRequestObserver are the only observers that need a reference to the current_user that they cannot look up on the objects they are observing. 2012-10-09 18:25:29 -04:00			`MergeRequestObserver.current_user = current_user`
Fix IssueObserver current_user assign. Refactored observers 2012-06-24 03:01:42 -04:00			`IssueObserver.current_user = current_user`
			`end`

init commit 2011-10-08 17:36:38 -04:00			`def abilities`
			`@abilities \|\|= Six.new`
			`end`

			`def can?(object, action, subject)`
			`abilities.allowed?(object, action, subject)`
			`end`

clean-up code * Remove trailing whitespace * Converts hard-tabs into two-space soft-tabs * Remove consecutive blank lines 2011-10-26 09:46:25 -04:00			`def project`
factorize before_filters and layout for projects related controllers 2012-09-25 19:21:37 -04:00			`@project \|\|= current_user.projects.find_by_code(params[:project_id] \|\| params[:id])`
better error handling for not found resource, gitolite error 2012-02-22 00:14:54 -05:00			`@project \|\| render_404`
init commit 2011-10-08 17:36:38 -04:00			`end`

			`def add_project_abilities`
			`abilities << Ability`
			`end`

			`def authorize_project!(action)`
better error handling for not found resource, gitolite error 2012-02-22 00:14:54 -05:00			`return access_denied! unless can?(current_user, action, project)`
security improved 2011-10-17 06:39:03 -04:00			`end`

Abilities extended. Resources security improved 2012-02-21 17:31:18 -05:00			`def authorize_code_access!`
better error handling for not found resource, gitolite error 2012-02-22 00:14:54 -05:00			`return access_denied! unless can?(current_user, :download_code, project)`
Abilities extended. Resources security improved 2012-02-21 17:31:18 -05:00			`end`

security improved 2011-10-17 06:39:03 -04:00			`def access_denied!`
layout selected by controller name 2012-09-26 16:24:52 -04:00			`render "errors/access_denied", layout: "errors", status: 404`
better error handling for not found resource, gitolite error 2012-02-22 00:14:54 -05:00			`end`

			`def not_found!`
layout selected by controller name 2012-09-26 16:24:52 -04:00			`render "errors/not_found", layout: "errors", status: 404`
better error handling for not found resource, gitolite error 2012-02-22 00:14:54 -05:00			`end`

			`def git_not_found!`
layout selected by controller name 2012-09-26 16:24:52 -04:00			`render "errors/git_not_found", layout: "errors", status: 404`
init commit 2011-10-08 17:36:38 -04:00			`end`

			`def method_missing(method_sym, *arguments, &block)`
			`if method_sym.to_s =~ /^authorize_(.*)!$/`
			`authorize_project!($1.to_sym)`
			`else`
			`super`
			`end`
			`end`
branch/tag memorization 2011-10-14 11:08:25 -04:00
refactoring + remove unnecessary feature 2011-10-14 12:30:31 -04:00			`def render_404`
Use Rails.root.join where appropriate 2012-09-26 14:52:01 -04:00			`render file: Rails.root.join("public", "404"), layout: false, status: "404"`
branch/tag memorization 2011-10-14 11:08:25 -04:00			`end`
issue #124 2011-10-15 11:51:58 -04:00
			`def require_non_empty_project`
Add "empty_repo?" method to Repository role Replaces two calls that this method simplifies 2012-09-04 11:37:38 -04:00			`redirect_to @project if @project.empty_repo?`
issue #124 2011-10-15 11:51:58 -04:00			`end`
fixed/fluid layout switch 2011-11-03 18:37:02 -04:00
decorators & tree model 2011-11-20 15:32:12 -05:00			`def no_cache_headers`
			`response.headers["Cache-Control"] = "no-cache, no-store, max-age=0, must-revalidate"`
			`response.headers["Pragma"] = "no-cache"`
			`response.headers["Expires"] = "Fri, 01 Jan 1990 00:00:00 GMT"`
			`end`
Bootstrap: Issues restyled 2012-01-27 18:49:14 -05:00
Rack mini profiler for dev env 2012-08-02 02:48:24 -04:00			`def dev_tools`
			`Rack::MiniProfiler.authorize_request`
			`end`
init commit 2011-10-08 17:36:38 -04:00			`end`