Merge branch 'develop' into feature/ui2

Gemfile

@@ -1,11 +1,8 @@
 source 'http://rubygems.org'
 
-gem 'rails', '3.2.14'
-
-# preparation for rails 4
-#gem 'rails', '4.0.0.rc1'
-#gem 'rails-observers'
-#gem 'activerecord-session_store'
+gem 'rails', '4.0.0'
+gem 'rails-observers'
+gem 'activerecord-session_store'
 
 gem 'eco'
 
@@ -19,10 +16,8 @@ gem 'json'
 group :assets do
 
 # preparation for rails 4
-#  gem 'sass-rails',   '~> 4.0.0.rc1'
-#  gem 'coffee-rails', '~> 4.0.0.rc1'
-  gem 'sass-rails',   '~> 3.2.4'
-  gem 'coffee-rails', '~> 3.2.2'
+  gem 'sass-rails',   '~> 4.0.0'
+  gem 'coffee-rails', '~> 4.0.0'
   gem 'uglifier'
 end
 
@@ -76,6 +71,8 @@ gem 'em-websocket'
 # in production environments by default.
 group :development, :test do
 
+    gem 'test-unit'
+
     gem 'sqlite3'
 
     # code coverage
@@ -92,5 +89,4 @@ group :development, :test do
 #    gem 'em-websocket-client'
 end
 
-gem 'thin'
-#gem 'puma'
+gem 'puma'

app/controllers/application_controller.rb

@@ -14,8 +14,8 @@ class ApplicationController < ActionController::Base
   :mode_show_rendeder,
   :model_index_render
 
-  skip_filter :verify_authenticity_token
-  before_filter :log_request, :set_user, :session_update
+  skip_before_filter :verify_authenticity_token
+  before_filter :set_user, :session_update
   before_filter :cors_preflight_check
 
   after_filter  :set_access_control_headers
@@ -53,10 +53,6 @@ class ApplicationController < ActionController::Base
     Observer::Ticket::Notification.transaction
   end
 
-  def log_request
-    puts Time.now().to_s + ' ' + request.original_fullpath.to_s
-  end
-
   # Finds the User with the ID stored in the session with the key
   # :current_user_id This is a common way to handle user login in
   # a Rails application; logging in sets the session value and
@@ -99,7 +95,7 @@ class ApplicationController < ActionController::Base
 
   def authentication_check_only
 
-    puts 'authentication_check'
+    #puts 'authentication_check'
     session[:request_type] = 1
     #puts params.inspect
     #puts session.inspect
@@ -107,7 +103,7 @@ class ApplicationController < ActionController::Base
 
     # check http basic auth
     authenticate_with_http_basic do |username, password|
-      puts 'http basic auth check'
+      #puts 'http basic auth check'
       session[:request_type] = 2
 
       userdata = User.authenticate( username, password )
@@ -261,7 +257,7 @@ class ApplicationController < ActionController::Base
     begin
 
       # create object
-      generic_object = object.new( object.param_cleanup(params) )
+      generic_object = object.new( object.param_cleanup( params[object.to_app_model] ) )
 
       # save object
       generic_object.save!
@@ -270,6 +266,7 @@ class ApplicationController < ActionController::Base
     rescue Exception => e
       puts e.message.inspect
       logger.error e.message
+      logger.error e.backtrace.inspect
       render :json => { :error => e.message }, :status => :unprocessable_entity
     end
   end
@@ -284,10 +281,11 @@ class ApplicationController < ActionController::Base
       generic_object = object.find( params[:id] )
 
       # save object
-      generic_object.update_attributes!( object.param_cleanup(params) )
+      generic_object.update_attributes!( object.param_cleanup( params[object.to_app_model] ) )
       model_update_render_item(generic_object)
     rescue Exception => e
       logger.error e.message
+      logger.error e.backtrace.inspect
       render :json => { :error => e.message }, :status => :unprocessable_entity
     end
   end
@@ -302,6 +300,7 @@ class ApplicationController < ActionController::Base
       model_destory_render_item()
     rescue Exception => e
       logger.error e.message
+      logger.error e.backtrace.inspect
       render :json => { :error => e.message }, :status => :unprocessable_entity
     end
   end
@@ -315,6 +314,7 @@ class ApplicationController < ActionController::Base
       model_show_render_item(generic_object)
     rescue Exception => e
       logger.error e.message
+      logger.error e.backtrace.inspect
       render :json => { :error => e.message }, :status => :unprocessable_entity
     end
   end
@@ -328,6 +328,7 @@ class ApplicationController < ActionController::Base
       model_index_render_result( generic_object )
     rescue Exception => e
       logger.error e.message
+      logger.error e.backtrace.inspect
       render :json => { :error => e.message }, :status => :unprocessable_entity
     end
   end

app/controllers/taskbar_controller.rb

@@ -18,7 +18,6 @@ class TaskbarController < ApplicationController
   end
 
   def create
-    params[:user_id] = current_user.id
     model_create_render(Taskbar,params)
   end
 
@@ -26,7 +25,6 @@ class TaskbarController < ApplicationController
     taskbar = Taskbar.find( params[:id] )
     return if !access(taskbar)
 
-    params[:user_id] = current_user.id
     taskbar.update_attributes!( Taskbar.param_cleanup(params) )
     model_update_render_item(taskbar)
   end

app/controllers/tickets_controller.rb

@@ -53,7 +53,7 @@ class TicketsController < ApplicationController
     if params[:article]
       form_id  = params[:article][:form_id]
       params[:article].delete(:form_id)
-      @article = Ticket::Article.new( params[:article] )
+      @article = Ticket::Article.new( Ticket::Article.param_validation( params[:article] ) )
       @article.ticket_id     = @ticket.id
 
       # find attachments in upload cache

app/models/application_model.rb

@@ -1,12 +1,9 @@
 # Copyright (C) 2013-2013 Zammad Foundation, http://zammad-foundation.org/
 
-require 'cache'
-require 'user_info'
-require 'sessions'
-
 class ApplicationModel < ActiveRecord::Base
   self.abstract_class = true
 
+  before_create  :check_attributes_protected, :cache_delete, :fill_up_user_create
   before_create  :cache_delete, :fill_up_user_create
   before_update  :cache_delete_before, :fill_up_user_update
   before_destroy :cache_delete_before
@@ -16,12 +13,11 @@ class ApplicationModel < ActiveRecord::Base
 
   @@import_class_list = ['Ticket', 'Ticket::Article', 'History', 'Ticket::State', 'Ticket::Priority', 'Group', 'User' ]
 
-  # for import of other objects, remove 'id'
-  def self.attributes_protected_by_default
+  def check_attributes_protected
     if Setting.get('import_mode') && @@import_class_list.include?( self.name.to_s )
-      ['type']
+      # do noting, use id as it is
     else
-      ['id','type']
+      self[:id] = nil
     end
   end
 
@@ -39,6 +35,10 @@ returns
 
   def self.param_cleanup(params)
 
+    if params == nil
+      raise "No params for #{self.to_s}!"
+    end
+
     # only use object attributes
     data = {}
     self.new.attributes.each {|item|
@@ -71,7 +71,9 @@ returns
     data.delete( :created_at )
     data.delete( :updated_by_id )
     data.delete( :created_by_id )
-
+    if data.respond_to?('permit!')
+      data.permit!
+    end
     data
   end
 

app/models/sla.rb

@@ -1,7 +1,5 @@
 # Copyright (C) 2012-2013 Zammad Foundation, http://zammad-foundation.org/
 
-require 'cache'
-
 class Sla < ApplicationModel
   store     :condition
   store     :data

app/models/taskbar.rb

@@ -3,11 +3,14 @@
 class Taskbar < ApplicationModel
   store           :state
   store           :params
-  before_create   :update_last_contact
-  before_update   :update_last_contact
+  before_create   :update_last_contact, :set_user
+  before_update   :update_last_contact, :set_user
 
   private
   def update_last_contact
     self.last_contact = Time.now
   end
+  def set_user
+    self.user_id = UserInfo.current_user_id
+  end
 end

app/models/ticket.rb

@@ -1,8 +1,5 @@
 # Copyright (C) 2012-2013 Zammad Foundation, http://zammad-foundation.org/
 
-require 'time_calculation'
-require 'sla'
-
 class Ticket < ApplicationModel
   before_create   :check_generate, :check_defaults
   before_update   :check_defaults

app/models/user.rb

@@ -1,9 +1,5 @@
 # Copyright (C) 2012-2013 Zammad Foundation, http://zammad-foundation.org/
 
-require 'sso'
-require 'digest/sha2'
-require 'organization'
-
 class User < ApplicationModel
   include User::Assets
   extend User::Search

config/application.rb

@@ -16,7 +16,7 @@ module Zammad
     # -- all .rb files in that directory are automatically loaded.
 
     # Custom directories with classes and modules you want to be autoloadable.
-    config.autoload_paths += Dir["#{config.root}/lib/**/"]
+    config.autoload_paths += Dir["#{config.root}/lib/*", "#{config.root}/lib/**/"]
 #    config.autoload_paths += %W(#{config.root}/lib)
 
     # Only load the plugins named here, in the order given (default is alphabetical).
@@ -61,12 +61,6 @@ module Zammad
     # like if you have constraints or database-specific column types
     # config.active_record.schema_format = :sql
 
-    # Enforce whitelist mode for mass assignment.
-    # This will create an empty whitelist of attributes available for mass-assignment for all models
-    # in your app. As such, your models will need to explicitly whitelist or blacklist accessible
-    # parameters by using an attr_accessible or attr_protected declaration.
-    # config.active_record.whitelist_attributes = true
-
     # Enable the asset pipeline
     config.assets.enabled = true
 
@@ -79,11 +73,5 @@ module Zammad
     # REST api path
     config.api_path = '/api/v1'
 
-    # Enable threaded mode
-    config.threadsafe!
-
-    # catch all router files
-    config.paths['config/routes'] += Dir[Rails.root.join("config/routes/*.rb")]
-
   end
 end