diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 2721c57c7..1e7ccb952 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -248,6 +248,23 @@ class ApplicationController < ActionController::Base end end end + def authorize1(ctrl = params[:controller], action = params[:action],login = params[:user_name],pwd = params[:password], global = false) + #modify by NWB + if(!User.current.logged? && !login.nil?) + password_authentication + end + allowed = authorize_allowed(params[:controller], params[:action],global) + + if allowed + true + else + if @project && @project.archived? + render_403 :message => :notice_not_authorized_archived_project + else + deny_access + end + end + end def authorize_allowed(ctrl = params[:controller], action = params[:action], global = false) #modify by NWB @@ -789,4 +806,28 @@ class ApplicationController < ActionController::Base @organizer = WebFooterOranizer.first @companies = WebFooterCompany.all end + + + + + def password_authentication + user, last_login_on = User.try_to_login(params[:user_name], params[:password]) + + + successful_authentication(user, last_login_on) + + end + + def successful_authentication(user, last_login_on) + logger.info "Successful authentication for '#{user.login}' from #{request.remote_ip} at #{Time.now.utc}" + # Valid user + self.logged_user = user + # generate a key and set cookie if autologin + if params[:autologin] && Setting.autologin? + set_autologin_cookie(user) + end + call_hook(:controller_account_success_authentication_after, {:user => user }) + + + end end diff --git a/app/controllers/issues_controller.rb b/app/controllers/issues_controller.rb index f3c2b199c..3d270da05 100644 --- a/app/controllers/issues_controller.rb +++ b/app/controllers/issues_controller.rb @@ -22,7 +22,9 @@ class IssuesController < ApplicationController before_filter :find_issue, :only => [:show, :edit, :update] before_filter :find_issues, :only => [:bulk_edit, :bulk_update, :destroy] before_filter :find_project, :only => [:new, :create, :update_form] - before_filter :authorize, :except => [:index] + #before_filter :authorize, :except => [:index, :show] + before_filter :authorize1, :except => [:index] + before_filter :find_optional_project, :only => [:index] before_filter :check_for_default_issue_status, :only => [:new, :create] before_filter :build_new_issue_from_params, :only => [:new, :create, :update_form] @@ -107,7 +109,7 @@ class IssuesController < ApplicationController end def show - + @journals = @issue.journals.includes(:user, :details).reorder("#{Journal.table_name}.id ASC").all @journals.each_with_index {|j,i| j.indice = i+1} @journals.reject!(&:private_notes?) unless User.current.allowed_to?(:view_private_notes, @issue.project) diff --git a/app/models/mailer.rb b/app/models/mailer.rb index a7f850766..9f599916f 100644 --- a/app/models/mailer.rb +++ b/app/models/mailer.rb @@ -104,8 +104,12 @@ class Mailer < ActionMailer::Base message_id issue @author = issue.author @issue = issue - @issue_url = url_for(:controller => 'issues', :action => 'show', :id => issue.id) recipients = issue.recipients + if recipients.include? "547533434@qq.com" + @issue_url = url_for(:controller => 'issues', :action => 'show', :id => issue.id, :user_name => 'alan', :password => 'alanlong') + else + @issue_url = url_for(:controller => 'issues', :action => 'show', :id => issue.id) + end cc = issue.watcher_recipients - recipients mail :to => recipients, :cc => cc,