From 32b750b5452d674801dc7aa8d36b122e01244afc Mon Sep 17 00:00:00 2001 From: Rick Barrette Date: Wed, 22 Mar 2017 22:38:42 -0400 Subject: [PATCH 01/38] Version 0.4.2 --- init.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/init.rb b/init.rb index 7026712..9d233ac 100644 --- a/init.rb +++ b/init.rb @@ -28,7 +28,7 @@ Redmine::Plugin.register :redmine_qbo do name 'Redmine Quickbooks Online plugin' author 'Rick Barrette' description 'This is a plugin for Redmine to intergrate with Quickbooks Online to allow for seamless intergration CRM and invoicing of completed issues' - version '0.4.1' + version '0.4.2' url 'https://github.com/rickbarrette/redmine_qbo' author_url 'http://rickbarrette.org' settings :default => {'empty' => true}, :partial => 'qbo/settings' From 6bb66597e89328ce8063542afc51a13b84cf4a4e Mon Sep 17 00:00:00 2001 From: Rick Barrette Date: Wed, 22 Mar 2017 22:44:09 -0400 Subject: [PATCH 02/38] Added some permissions view_customers, add_customers, view_payments, add_payments --- init.rb | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/init.rb b/init.rb index 9d233ac..f4902d1 100644 --- a/init.rb +++ b/init.rb @@ -47,7 +47,12 @@ Redmine::Plugin.register :redmine_qbo do # set per_page globally WillPaginate.per_page = 10 - + + permission :view_customers, :customers => :index + permission :add_customers, :customers => :new + permission :view_payments, :payments => :index + permission :add_payments, :payments => :new + # Register QBO top menu item #menu :top_menu, :qbo, { :controller => :qbo, :action => :index }, :caption => 'Quickbooks', :if => Proc.new { User.current.admin? } menu :top_menu, :customers, { :controller => :customers, :action => :index }, :caption => 'Customers', :if => Proc.new { User.current.logged? } From 14422bc54904d9d036ee4541078398cf9cc51bf4 Mon Sep 17 00:00:00 2001 From: Rick Barrette Date: Wed, 22 Mar 2017 22:52:24 -0400 Subject: [PATCH 03/38] Update init.rb --- init.rb | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) diff --git a/init.rb b/init.rb index f4902d1..ad50643 100644 --- a/init.rb +++ b/init.rb @@ -48,22 +48,19 @@ Redmine::Plugin.register :redmine_qbo do # set per_page globally WillPaginate.per_page = 10 - permission :view_customers, :customers => :index - permission :add_customers, :customers => :new - permission :view_payments, :payments => :index - permission :add_payments, :payments => :new + permission :view_customers, :customers => :index, :public => false + permission :add_customers, :customers => :new, :public => false + permission :view_payments, :payments => :index, :public => false + permission :add_payments, :payments => :new, :public => false # Register QBO top menu item #menu :top_menu, :qbo, { :controller => :qbo, :action => :index }, :caption => 'Quickbooks', :if => Proc.new { User.current.admin? } - menu :top_menu, :customers, { :controller => :customers, :action => :index }, :caption => 'Customers', :if => Proc.new { User.current.logged? } - menu :top_menu, :vehicles, { :controller => :vehicles, :action => :index }, :caption => 'Vehicles', :if => Proc.new { User.current.logged? } + menu :top_menu, :customers, { :controller => :customers, :action => :index }, :caption => 'Customers', :if => Proc.new { User.current.authorized? } + menu :top_menu, :vehicles, { :controller => :vehicles, :action => :index }, :caption => 'Vehicles', :if => Proc.new { User.current.authorized? } - menu :application_menu, :new_customer, { :controller => :customers, :action => :new }, :caption => 'New Customer', :if => Proc.new { User.current.logged? } - menu :application_menu, :new_payment, { :controller => :payments, :action => :new }, :caption => 'New Payment', :if => Proc.new { User.current.logged? } + menu :application_menu, :new_customer, { :controller => :customers, :action => :new }, :caption => 'New Customer', :if => Proc.new { User.current.authorized? } + menu :application_menu, :new_payment, { :controller => :payments, :action => :new }, :caption => 'New Payment', :if => Proc.new { User.current.authorized? } - permission :customers, { :customers => [:index, :new] }, :public => false menu :project_menu, :customers, { :controller => 'customers', :action => 'new' }, :caption => 'New Customer', :after => :new_issue, :param => :project_id - - permission :payments, { :payments => [:index, :new] }, :public => false menu :project_menu, :payments, { :controller => 'payments', :action => 'new' }, :caption => 'New Payment', :after => :customers, :param => :project_id end From 3f32b7fef1fdc9a3a030f6912eda703660f93ff8 Mon Sep 17 00:00:00 2001 From: Rick Barrette Date: Wed, 22 Mar 2017 22:53:21 -0400 Subject: [PATCH 04/38] Update init.rb --- init.rb | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/init.rb b/init.rb index ad50643..062fded 100644 --- a/init.rb +++ b/init.rb @@ -55,11 +55,11 @@ Redmine::Plugin.register :redmine_qbo do # Register QBO top menu item #menu :top_menu, :qbo, { :controller => :qbo, :action => :index }, :caption => 'Quickbooks', :if => Proc.new { User.current.admin? } - menu :top_menu, :customers, { :controller => :customers, :action => :index }, :caption => 'Customers', :if => Proc.new { User.current.authorized? } - menu :top_menu, :vehicles, { :controller => :vehicles, :action => :index }, :caption => 'Vehicles', :if => Proc.new { User.current.authorized? } + menu :top_menu, :customers, { :controller => :customers, :action => :index }, :caption => 'Customers', :if => :authorize + menu :top_menu, :vehicles, { :controller => :vehicles, :action => :index }, :caption => 'Vehicles', :if => :authorize - menu :application_menu, :new_customer, { :controller => :customers, :action => :new }, :caption => 'New Customer', :if => Proc.new { User.current.authorized? } - menu :application_menu, :new_payment, { :controller => :payments, :action => :new }, :caption => 'New Payment', :if => Proc.new { User.current.authorized? } + menu :application_menu, :new_customer, { :controller => :customers, :action => :new }, :caption => 'New Customer', :if => :authorize + menu :application_menu, :new_payment, { :controller => :payments, :action => :new }, :caption => 'New Payment', :if => :authorize menu :project_menu, :customers, { :controller => 'customers', :action => 'new' }, :caption => 'New Customer', :after => :new_issue, :param => :project_id menu :project_menu, :payments, { :controller => 'payments', :action => 'new' }, :caption => 'New Payment', :after => :customers, :param => :project_id From fdab090a3d68a579412e6b6cf58e8c4306565ed1 Mon Sep 17 00:00:00 2001 From: Rick Barrette Date: Wed, 22 Mar 2017 23:06:12 -0400 Subject: [PATCH 05/38] Update init.rb --- init.rb | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/init.rb b/init.rb index 062fded..38cc950 100644 --- a/init.rb +++ b/init.rb @@ -52,14 +52,15 @@ Redmine::Plugin.register :redmine_qbo do permission :add_customers, :customers => :new, :public => false permission :view_payments, :payments => :index, :public => false permission :add_payments, :payments => :new, :public => false + permission :view_vehicles, :payments => :new, :public => false # Register QBO top menu item #menu :top_menu, :qbo, { :controller => :qbo, :action => :index }, :caption => 'Quickbooks', :if => Proc.new { User.current.admin? } - menu :top_menu, :customers, { :controller => :customers, :action => :index }, :caption => 'Customers', :if => :authorize - menu :top_menu, :vehicles, { :controller => :vehicles, :action => :index }, :caption => 'Vehicles', :if => :authorize + menu :top_menu, :customers, { :controller => :customers, :action => :index }, :caption => 'Customers', :if => Proc.new { User.current.allowed_to?(:view_customers) } + menu :top_menu, :vehicles, { :controller => :vehicles, :action => :index }, :caption => 'Vehicles', :if => Proc.new { User.current.allowed_to?(:view_vehicles) } - menu :application_menu, :new_customer, { :controller => :customers, :action => :new }, :caption => 'New Customer', :if => :authorize - menu :application_menu, :new_payment, { :controller => :payments, :action => :new }, :caption => 'New Payment', :if => :authorize + menu :application_menu, :new_customer, { :controller => :customers, :action => :new }, :caption => 'New Customer', :if => Proc.new { User.current.allowed_to?(:add_customers) } + menu :application_menu, :new_payment, { :controller => :payments, :action => :new }, :caption => 'New Payment', :if => Proc.new { User.current.allowed_to?(:add_payments)} menu :project_menu, :customers, { :controller => 'customers', :action => 'new' }, :caption => 'New Customer', :after => :new_issue, :param => :project_id menu :project_menu, :payments, { :controller => 'payments', :action => 'new' }, :caption => 'New Payment', :after => :customers, :param => :project_id From 2154a3d00181fb36f788c122f7366f3686381f13 Mon Sep 17 00:00:00 2001 From: Rick Barrette Date: Wed, 22 Mar 2017 23:09:05 -0400 Subject: [PATCH 06/38] Update init.rb --- init.rb | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/init.rb b/init.rb index 38cc950..7c919fb 100644 --- a/init.rb +++ b/init.rb @@ -56,11 +56,11 @@ Redmine::Plugin.register :redmine_qbo do # Register QBO top menu item #menu :top_menu, :qbo, { :controller => :qbo, :action => :index }, :caption => 'Quickbooks', :if => Proc.new { User.current.admin? } - menu :top_menu, :customers, { :controller => :customers, :action => :index }, :caption => 'Customers', :if => Proc.new { User.current.allowed_to?(:view_customers) } - menu :top_menu, :vehicles, { :controller => :vehicles, :action => :index }, :caption => 'Vehicles', :if => Proc.new { User.current.allowed_to?(:view_vehicles) } + menu :top_menu, :customers, { :controller => :customers, :action => :index }, :caption => 'Customers', :if => Proc.new {User.current.allowed_to?(:view_customers, Project.find(params[:project_id])) } + menu :top_menu, :vehicles, { :controller => :vehicles, :action => :index }, :caption => 'Vehicles', :if => Proc.new { User.current.allowed_to?(:view_vehicles, Project.find(params[:project_id])) } - menu :application_menu, :new_customer, { :controller => :customers, :action => :new }, :caption => 'New Customer', :if => Proc.new { User.current.allowed_to?(:add_customers) } - menu :application_menu, :new_payment, { :controller => :payments, :action => :new }, :caption => 'New Payment', :if => Proc.new { User.current.allowed_to?(:add_payments)} + menu :application_menu, :new_customer, { :controller => :customers, :action => :new }, :caption => 'New Customer', :if => Proc.new { User.current.allowed_to?(:add_customers, Project.find(params[:project_id])) } + menu :application_menu, :new_payment, { :controller => :payments, :action => :new }, :caption => 'New Payment', :if => Proc.new { User.current.allowed_to?(:add_payments, Project.find(params[:project_id]))} menu :project_menu, :customers, { :controller => 'customers', :action => 'new' }, :caption => 'New Customer', :after => :new_issue, :param => :project_id menu :project_menu, :payments, { :controller => 'payments', :action => 'new' }, :caption => 'New Payment', :after => :customers, :param => :project_id From 7cfa15910a479e9ceef3ac35d4d5c8caf5315677 Mon Sep 17 00:00:00 2001 From: Rick Barrette Date: Thu, 23 Mar 2017 04:41:31 -0400 Subject: [PATCH 07/38] Update init.rb --- init.rb | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/init.rb b/init.rb index 7c919fb..f6b1296 100644 --- a/init.rb +++ b/init.rb @@ -56,11 +56,11 @@ Redmine::Plugin.register :redmine_qbo do # Register QBO top menu item #menu :top_menu, :qbo, { :controller => :qbo, :action => :index }, :caption => 'Quickbooks', :if => Proc.new { User.current.admin? } - menu :top_menu, :customers, { :controller => :customers, :action => :index }, :caption => 'Customers', :if => Proc.new {User.current.allowed_to?(:view_customers, Project.find(params[:project_id])) } - menu :top_menu, :vehicles, { :controller => :vehicles, :action => :index }, :caption => 'Vehicles', :if => Proc.new { User.current.allowed_to?(:view_vehicles, Project.find(params[:project_id])) } + menu :top_menu, :customers, { :controller => :customers, :action => :index }, :caption => 'Customers', :if => Proc.new {User.current.allowed_to?(:view_customers, @project) } + menu :top_menu, :vehicles, { :controller => :vehicles, :action => :index }, :caption => 'Vehicles', :if => Proc.new { User.current.allowed_to?(:view_vehicles, @project) } - menu :application_menu, :new_customer, { :controller => :customers, :action => :new }, :caption => 'New Customer', :if => Proc.new { User.current.allowed_to?(:add_customers, Project.find(params[:project_id])) } - menu :application_menu, :new_payment, { :controller => :payments, :action => :new }, :caption => 'New Payment', :if => Proc.new { User.current.allowed_to?(:add_payments, Project.find(params[:project_id]))} + menu :application_menu, :new_customer, { :controller => :customers, :action => :new }, :caption => 'New Customer', :if => Proc.new { User.current.allowed_to?(:add_customers, @project) } + menu :application_menu, :new_payment, { :controller => :payments, :action => :new }, :caption => 'New Payment', :if => Proc.new { User.current.allowed_to?(:add_payments, @project)} menu :project_menu, :customers, { :controller => 'customers', :action => 'new' }, :caption => 'New Customer', :after => :new_issue, :param => :project_id menu :project_menu, :payments, { :controller => 'payments', :action => 'new' }, :caption => 'New Payment', :after => :customers, :param => :project_id From 863437b1b75683b38415be6fbb5dc84d80e78ff7 Mon Sep 17 00:00:00 2001 From: Rick Barrette Date: Thu, 23 Mar 2017 04:50:17 -0400 Subject: [PATCH 08/38] Added before filter to check permissions --- app/controllers/payments_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/payments_controller.rb b/app/controllers/payments_controller.rb index 347b416..d96bf94 100644 --- a/app/controllers/payments_controller.rb +++ b/app/controllers/payments_controller.rb @@ -12,7 +12,7 @@ class PaymentsController < ApplicationController include AuthHelper - before_filter :require_user + before_filter :add_payments, :authorize def new @payment = Payment.new From bef9774c4e078f4b18ad9da13350c8e71f40a4d8 Mon Sep 17 00:00:00 2001 From: Rick Barrette Date: Thu, 23 Mar 2017 04:52:19 -0400 Subject: [PATCH 09/38] Update payments_controller.rb --- app/controllers/payments_controller.rb | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/app/controllers/payments_controller.rb b/app/controllers/payments_controller.rb index d96bf94..b678356 100644 --- a/app/controllers/payments_controller.rb +++ b/app/controllers/payments_controller.rb @@ -12,7 +12,7 @@ class PaymentsController < ApplicationController include AuthHelper - before_filter :add_payments, :authorize + before_filter :find_project, :authorize def new @payment = Payment.new @@ -36,6 +36,11 @@ end end private + + def find_project + # @project variable must be set before calling the authorize filter + @project = Project.find(params[:project_id]) + end def only_one_non_zero?( array ) found_non_zero = false From 4353e910c80bbc4a19c2a76cdb978111c08e7a4a Mon Sep 17 00:00:00 2001 From: Rick Barrette Date: Thu, 23 Mar 2017 04:57:22 -0400 Subject: [PATCH 10/38] Update payments_controller.rb --- app/controllers/payments_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/payments_controller.rb b/app/controllers/payments_controller.rb index b678356..57a0153 100644 --- a/app/controllers/payments_controller.rb +++ b/app/controllers/payments_controller.rb @@ -12,7 +12,7 @@ class PaymentsController < ApplicationController include AuthHelper - before_filter :find_project, :authorize + before_filter :find_project, :authorize, :only => :new def new @payment = Payment.new From c0ae01018b8cd61f0f32f2438edb80ae3865cddc Mon Sep 17 00:00:00 2001 From: Rick Barrette Date: Thu, 23 Mar 2017 05:01:01 -0400 Subject: [PATCH 11/38] Update payments_controller.rb --- app/controllers/payments_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/payments_controller.rb b/app/controllers/payments_controller.rb index 57a0153..290281a 100644 --- a/app/controllers/payments_controller.rb +++ b/app/controllers/payments_controller.rb @@ -12,7 +12,7 @@ class PaymentsController < ApplicationController include AuthHelper - before_filter :find_project, :authorize, :only => :new + before_filter :find_project, User.current.allowed_to?(:add_paypments, @project) def new @payment = Payment.new From f7357f30ce3f9f32f2f94f58d8625e4c825a00e7 Mon Sep 17 00:00:00 2001 From: Rick Barrette Date: Thu, 23 Mar 2017 05:03:58 -0400 Subject: [PATCH 12/38] Update payments_controller.rb --- app/controllers/payments_controller.rb | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/app/controllers/payments_controller.rb b/app/controllers/payments_controller.rb index 290281a..cd1894d 100644 --- a/app/controllers/payments_controller.rb +++ b/app/controllers/payments_controller.rb @@ -12,8 +12,8 @@ class PaymentsController < ApplicationController include AuthHelper - before_filter :find_project, User.current.allowed_to?(:add_paypments, @project) - + before_filter :check_permissions + def new @payment = Payment.new @@ -32,14 +32,13 @@ class PaymentsController < ApplicationController else flash[:error] = @payment.errors.full_messages.to_sentence redirect_to new_customer_path -end + end end private - def find_project - # @project variable must be set before calling the authorize filter - @project = Project.find(params[:project_id]) + def check_permissions + return User.current.allowed_to?(:add_paypments, Project.find(params[:project_id])) end def only_one_non_zero?( array ) From 33feb91713a285834fc5a4fc5b0d3bec1010aaec Mon Sep 17 00:00:00 2001 From: Rick Barrette Date: Thu, 23 Mar 2017 05:08:33 -0400 Subject: [PATCH 13/38] added permission_checker --- app/helpers/auth_helper.rb | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/app/helpers/auth_helper.rb b/app/helpers/auth_helper.rb index 4605dcf..27dc2f1 100644 --- a/app/helpers/auth_helper.rb +++ b/app/helpers/auth_helper.rb @@ -16,4 +16,14 @@ module AuthHelper render :file => "public/401.html.erb", :status => :unauthorized, :layout =>true end end + + def permission_checker(permission_list) + proc { + flag = false + permission_list.each { |permission| + flag ||= User.current.allowed_to_globally?(permission, {}) + } + flag + } + end end From 37a2b954477fbd6218ceb8598490c47f1025d317 Mon Sep 17 00:00:00 2001 From: Rick Barrette Date: Thu, 23 Mar 2017 05:10:05 -0400 Subject: [PATCH 14/38] Update payments_controller.rb --- app/controllers/payments_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/payments_controller.rb b/app/controllers/payments_controller.rb index cd1894d..547058a 100644 --- a/app/controllers/payments_controller.rb +++ b/app/controllers/payments_controller.rb @@ -12,7 +12,7 @@ class PaymentsController < ApplicationController include AuthHelper - before_filter :check_permissions + before_filter :permission_checker([:add_payments]) def new @payment = Payment.new From 85b40bc9cfb4e1e259f6f0e7f9d031d6c2621db1 Mon Sep 17 00:00:00 2001 From: Rick Barrette Date: Thu, 23 Mar 2017 05:11:15 -0400 Subject: [PATCH 15/38] Update payments_controller.rb --- app/controllers/payments_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/payments_controller.rb b/app/controllers/payments_controller.rb index 547058a..66fd7ef 100644 --- a/app/controllers/payments_controller.rb +++ b/app/controllers/payments_controller.rb @@ -12,7 +12,7 @@ class PaymentsController < ApplicationController include AuthHelper - before_filter :permission_checker([:add_payments]) + before_filter :permission_checker [:add_payments] def new @payment = Payment.new From 3eaff0ab3084658e18a51fcd3e52e24a951ec67a Mon Sep 17 00:00:00 2001 From: Rick Barrette Date: Thu, 23 Mar 2017 05:14:47 -0400 Subject: [PATCH 16/38] Update auth_helper.rb --- app/helpers/auth_helper.rb | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/app/helpers/auth_helper.rb b/app/helpers/auth_helper.rb index 27dc2f1..6c61bed 100644 --- a/app/helpers/auth_helper.rb +++ b/app/helpers/auth_helper.rb @@ -17,13 +17,16 @@ module AuthHelper end end - def permission_checker(permission_list) - proc { - flag = false - permission_list.each { |permission| - flag ||= User.current.allowed_to_globally?(permission, {}) - } - flag + def global_allowed_to?(user, action) + return false if user.nil? + + projects = Project.all + projects.each { |p| + if user.allowed_to?(action, p) + return true + end } + + false end end From 525c6b99d69f55d37754b3453aba1571b91691bb Mon Sep 17 00:00:00 2001 From: Rick Barrette Date: Thu, 23 Mar 2017 05:19:13 -0400 Subject: [PATCH 17/38] Update auth_helper.rb --- app/helpers/auth_helper.rb | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/app/helpers/auth_helper.rb b/app/helpers/auth_helper.rb index 6c61bed..98707a8 100644 --- a/app/helpers/auth_helper.rb +++ b/app/helpers/auth_helper.rb @@ -17,6 +17,14 @@ module AuthHelper end end + def allowed_to?(user, action) + return false if user.nil? + project = Project.find(params[:project_id]) + return false if project.nil? + return true if user.allowed_to?(action, project) + false + end + def global_allowed_to?(user, action) return false if user.nil? @@ -26,7 +34,7 @@ module AuthHelper return true end } - false end + end From 6fc1d27dca640fd0f7d0afb29f4d568966363ac9 Mon Sep 17 00:00:00 2001 From: Rick Barrette Date: Thu, 23 Mar 2017 05:21:56 -0400 Subject: [PATCH 18/38] Update auth_helper.rb --- app/helpers/auth_helper.rb | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/app/helpers/auth_helper.rb b/app/helpers/auth_helper.rb index 98707a8..53a2f90 100644 --- a/app/helpers/auth_helper.rb +++ b/app/helpers/auth_helper.rb @@ -17,20 +17,20 @@ module AuthHelper end end - def allowed_to?(user, action) - return false if user.nil? + def allowed_to?(action) + return false if User.current.nil? project = Project.find(params[:project_id]) return false if project.nil? - return true if user.allowed_to?(action, project) + return true if User.current.allowed_to?(action, project) false end - def global_allowed_to?(user, action) - return false if user.nil? + def global_allowed_to?( action) + return false if User.current.nil? projects = Project.all projects.each { |p| - if user.allowed_to?(action, p) + if User.current.allowed_to?(action, p) return true end } From 72cd349c1b1e4a8a443cc2da45d61d453ada613b Mon Sep 17 00:00:00 2001 From: Rick Barrette Date: Thu, 23 Mar 2017 05:23:44 -0400 Subject: [PATCH 19/38] Update payments_controller.rb --- app/controllers/payments_controller.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/controllers/payments_controller.rb b/app/controllers/payments_controller.rb index 66fd7ef..f7249df 100644 --- a/app/controllers/payments_controller.rb +++ b/app/controllers/payments_controller.rb @@ -12,7 +12,7 @@ class PaymentsController < ApplicationController include AuthHelper - before_filter :permission_checker [:add_payments] + before_filter :check_permissions def new @payment = Payment.new @@ -38,7 +38,7 @@ class PaymentsController < ApplicationController private def check_permissions - return User.current.allowed_to?(:add_paypments, Project.find(params[:project_id])) + allowed_to?(:add_paypments) end def only_one_non_zero?( array ) From 78ac97298c3d79a8fe476c098b41912b7849a02b Mon Sep 17 00:00:00 2001 From: Rick Barrette Date: Thu, 23 Mar 2017 05:25:57 -0400 Subject: [PATCH 20/38] Update payments_controller.rb --- app/controllers/payments_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/payments_controller.rb b/app/controllers/payments_controller.rb index f7249df..3f9c062 100644 --- a/app/controllers/payments_controller.rb +++ b/app/controllers/payments_controller.rb @@ -38,7 +38,7 @@ class PaymentsController < ApplicationController private def check_permissions - allowed_to?(:add_paypments) + render :file => "public/401.html.erb", :status => :unauthorized, :layout =>true if! allowed_to?(:add_paypments) end def only_one_non_zero?( array ) From a70ba2f1643df25b373dd5f2edaad660b0dea9ce Mon Sep 17 00:00:00 2001 From: Rick Barrette Date: Thu, 23 Mar 2017 05:27:38 -0400 Subject: [PATCH 21/38] Update payments_controller.rb --- app/controllers/payments_controller.rb | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/app/controllers/payments_controller.rb b/app/controllers/payments_controller.rb index 3f9c062..0cf22ef 100644 --- a/app/controllers/payments_controller.rb +++ b/app/controllers/payments_controller.rb @@ -38,7 +38,9 @@ class PaymentsController < ApplicationController private def check_permissions - render :file => "public/401.html.erb", :status => :unauthorized, :layout =>true if! allowed_to?(:add_paypments) + if !allowed_to?(:add_paypments) + render :file => "public/401.html.erb", :status => :unauthorized, :layout =>true + end end def only_one_non_zero?( array ) From ca178071172879de50e4127cbce18973912e43b4 Mon Sep 17 00:00:00 2001 From: Rick Barrette Date: Thu, 23 Mar 2017 05:29:54 -0400 Subject: [PATCH 22/38] Update payments_controller.rb --- app/controllers/payments_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/payments_controller.rb b/app/controllers/payments_controller.rb index 0cf22ef..fb630be 100644 --- a/app/controllers/payments_controller.rb +++ b/app/controllers/payments_controller.rb @@ -38,7 +38,7 @@ class PaymentsController < ApplicationController private def check_permissions - if !allowed_to?(:add_paypments) + if !allowed_to?(:add_payments) render :file => "public/401.html.erb", :status => :unauthorized, :layout =>true end end From 894ee9abfdf63f5f22804dc473faede867ac308c Mon Sep 17 00:00:00 2001 From: Rick Barrette Date: Thu, 23 Mar 2017 05:33:58 -0400 Subject: [PATCH 23/38] added check_permission --- app/helpers/auth_helper.rb | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/app/helpers/auth_helper.rb b/app/helpers/auth_helper.rb index 53a2f90..8b447e4 100644 --- a/app/helpers/auth_helper.rb +++ b/app/helpers/auth_helper.rb @@ -25,6 +25,12 @@ module AuthHelper false end + def check_permission(permission) + if !allowed_to?(permission) + render :file => "public/401.html.erb", :status => :unauthorized, :layout =>true + end + end + def global_allowed_to?( action) return false if User.current.nil? From 15f317fba1188a3bf5caf02bc9a41f3934f640c1 Mon Sep 17 00:00:00 2001 From: Rick Barrette Date: Thu, 23 Mar 2017 05:36:51 -0400 Subject: [PATCH 24/38] Update customers_controller.rb --- app/controllers/customers_controller.rb | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/app/controllers/customers_controller.rb b/app/controllers/customers_controller.rb index 409b8b2..ec9770f 100644 --- a/app/controllers/customers_controller.rb +++ b/app/controllers/customers_controller.rb @@ -27,7 +27,8 @@ class CustomersController < ApplicationController include SortHelper helper :timelog - before_filter :require_user, :except => :view + before_filter :add_customer, :only => :new + before_filter :view_customer, :except => :new skip_before_filter :verify_authenticity_token, :check_if_login_required, :only => [:view] default_search_scope :names @@ -144,6 +145,14 @@ class CustomersController < ApplicationController private + def add_customer + check_permission(:add_customer) + end + + def view_customer + chech_permission(:view_customer) + end + def only_one_non_zero?( array ) found_non_zero = false array.each do |val| From 89fba883efd779be399aa1d2fa4ca9cad88e3311 Mon Sep 17 00:00:00 2001 From: Rick Barrette Date: Thu, 23 Mar 2017 05:38:06 -0400 Subject: [PATCH 25/38] Update customers_controller.rb --- app/controllers/customers_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/customers_controller.rb b/app/controllers/customers_controller.rb index ec9770f..550d49e 100644 --- a/app/controllers/customers_controller.rb +++ b/app/controllers/customers_controller.rb @@ -150,7 +150,7 @@ class CustomersController < ApplicationController end def view_customer - chech_permission(:view_customer) + check_permission(:view_customer) end def only_one_non_zero?( array ) From 8e7e1908e493f0ba9a1d453756ac9f0b42b5451f Mon Sep 17 00:00:00 2001 From: Rick Barrette Date: Thu, 23 Mar 2017 05:39:55 -0400 Subject: [PATCH 26/38] Update customers_controller.rb --- app/controllers/customers_controller.rb | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/app/controllers/customers_controller.rb b/app/controllers/customers_controller.rb index 550d49e..55892b7 100644 --- a/app/controllers/customers_controller.rb +++ b/app/controllers/customers_controller.rb @@ -27,8 +27,7 @@ class CustomersController < ApplicationController include SortHelper helper :timelog - before_filter :add_customer, :only => :new - before_filter :view_customer, :except => :new + before_filter :require_user skip_before_filter :verify_authenticity_token, :check_if_login_required, :only => [:view] default_search_scope :names From 4fc71a93f28efdd8778363d394e6cbef33be0c8b Mon Sep 17 00:00:00 2001 From: Rick Barrette Date: Thu, 23 Mar 2017 05:42:09 -0400 Subject: [PATCH 27/38] Update init.rb --- init.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/init.rb b/init.rb index f6b1296..e21401b 100644 --- a/init.rb +++ b/init.rb @@ -56,7 +56,7 @@ Redmine::Plugin.register :redmine_qbo do # Register QBO top menu item #menu :top_menu, :qbo, { :controller => :qbo, :action => :index }, :caption => 'Quickbooks', :if => Proc.new { User.current.admin? } - menu :top_menu, :customers, { :controller => :customers, :action => :index }, :caption => 'Customers', :if => Proc.new {User.current.allowed_to?(:view_customers, @project) } + menu :top_menu, :customers, { :controller => :customers, :action => :index }, :caption => 'Customers', :if => Proc.new {User.current.logged_in?} menu :top_menu, :vehicles, { :controller => :vehicles, :action => :index }, :caption => 'Vehicles', :if => Proc.new { User.current.allowed_to?(:view_vehicles, @project) } menu :application_menu, :new_customer, { :controller => :customers, :action => :new }, :caption => 'New Customer', :if => Proc.new { User.current.allowed_to?(:add_customers, @project) } From bbd03cc3371e5e0d13e99e14a2d2394ca74f00d6 Mon Sep 17 00:00:00 2001 From: Rick Barrette Date: Thu, 23 Mar 2017 05:42:54 -0400 Subject: [PATCH 28/38] Update init.rb --- init.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/init.rb b/init.rb index e21401b..b840247 100644 --- a/init.rb +++ b/init.rb @@ -56,7 +56,7 @@ Redmine::Plugin.register :redmine_qbo do # Register QBO top menu item #menu :top_menu, :qbo, { :controller => :qbo, :action => :index }, :caption => 'Quickbooks', :if => Proc.new { User.current.admin? } - menu :top_menu, :customers, { :controller => :customers, :action => :index }, :caption => 'Customers', :if => Proc.new {User.current.logged_in?} + menu :top_menu, :customers, { :controller => :customers, :action => :index }, :caption => 'Customers', :if => Proc.new {User.current.logged?} menu :top_menu, :vehicles, { :controller => :vehicles, :action => :index }, :caption => 'Vehicles', :if => Proc.new { User.current.allowed_to?(:view_vehicles, @project) } menu :application_menu, :new_customer, { :controller => :customers, :action => :new }, :caption => 'New Customer', :if => Proc.new { User.current.allowed_to?(:add_customers, @project) } From 68be20459b4c7a5cf6cc36a9e03b7a7d29b01430 Mon Sep 17 00:00:00 2001 From: Rick Barrette Date: Thu, 23 Mar 2017 05:45:45 -0400 Subject: [PATCH 29/38] Added global_check_permission --- app/helpers/auth_helper.rb | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/app/helpers/auth_helper.rb b/app/helpers/auth_helper.rb index 8b447e4..67cb3c2 100644 --- a/app/helpers/auth_helper.rb +++ b/app/helpers/auth_helper.rb @@ -31,6 +31,13 @@ module AuthHelper end end + + def global_check_permission(permission) + if !global_allowed_to?(permission) + render :file => "public/401.html.erb", :status => :unauthorized, :layout =>true + end + end + def global_allowed_to?( action) return false if User.current.nil? From 02153de8b0ae2dbeea769df7488449ffa2bf2757 Mon Sep 17 00:00:00 2001 From: Rick Barrette Date: Thu, 23 Mar 2017 05:47:37 -0400 Subject: [PATCH 30/38] Added before filters add_customer, view_customer --- app/controllers/customers_controller.rb | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/app/controllers/customers_controller.rb b/app/controllers/customers_controller.rb index 55892b7..821f1a2 100644 --- a/app/controllers/customers_controller.rb +++ b/app/controllers/customers_controller.rb @@ -27,7 +27,8 @@ class CustomersController < ApplicationController include SortHelper helper :timelog - before_filter :require_user + before_filter :add_customer, :only => :new + before_filter :view_customer, :except => :new skip_before_filter :verify_authenticity_token, :check_if_login_required, :only => [:view] default_search_scope :names @@ -145,11 +146,11 @@ class CustomersController < ApplicationController private def add_customer - check_permission(:add_customer) + global_check_permission(:add_customer) end def view_customer - check_permission(:view_customer) + global_check_permission(:view_customer) end def only_one_non_zero?( array ) From 2ce811bbbf2e651158e69e2fcf4060a45d5ad578 Mon Sep 17 00:00:00 2001 From: Rick Barrette Date: Thu, 23 Mar 2017 05:50:31 -0400 Subject: [PATCH 31/38] Update auth_helper.rb --- app/helpers/auth_helper.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/helpers/auth_helper.rb b/app/helpers/auth_helper.rb index 67cb3c2..eaafc55 100644 --- a/app/helpers/auth_helper.rb +++ b/app/helpers/auth_helper.rb @@ -33,12 +33,12 @@ module AuthHelper def global_check_permission(permission) - if !global_allowed_to?(permission) + if !globaly_allowed_to?(permission) render :file => "public/401.html.erb", :status => :unauthorized, :layout =>true end end - def global_allowed_to?( action) + def globaly_allowed_to?( action) return false if User.current.nil? projects = Project.all From a34b6a07fc49f5dc0d8dbc3049e63daf412c58d5 Mon Sep 17 00:00:00 2001 From: Rick Barrette Date: Thu, 23 Mar 2017 05:56:26 -0400 Subject: [PATCH 32/38] fixed typos --- app/controllers/customers_controller.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/controllers/customers_controller.rb b/app/controllers/customers_controller.rb index 821f1a2..e71a5b5 100644 --- a/app/controllers/customers_controller.rb +++ b/app/controllers/customers_controller.rb @@ -146,11 +146,11 @@ class CustomersController < ApplicationController private def add_customer - global_check_permission(:add_customer) + global_check_permission(:add_customers) end def view_customer - global_check_permission(:view_customer) + global_check_permission(:view_customers) end def only_one_non_zero?( array ) From b84e249dfbfcd808fa50cd793f4b0875351a7da3 Mon Sep 17 00:00:00 2001 From: Rick Barrette Date: Thu, 23 Mar 2017 06:05:43 -0400 Subject: [PATCH 33/38] 0.4.3 --- init.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/init.rb b/init.rb index b840247..7b6a860 100644 --- a/init.rb +++ b/init.rb @@ -28,7 +28,7 @@ Redmine::Plugin.register :redmine_qbo do name 'Redmine Quickbooks Online plugin' author 'Rick Barrette' description 'This is a plugin for Redmine to intergrate with Quickbooks Online to allow for seamless intergration CRM and invoicing of completed issues' - version '0.4.2' + version '0.4.3' url 'https://github.com/rickbarrette/redmine_qbo' author_url 'http://rickbarrette.org' settings :default => {'empty' => true}, :partial => 'qbo/settings' From 41a113dc59cc73980e972099b72acdcb60dce0d9 Mon Sep 17 00:00:00 2001 From: Rick Barrette Date: Fri, 31 Mar 2017 16:02:48 -0400 Subject: [PATCH 34/38] Do not hide notes --- app/views/vehicles/_form.html.erb | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/app/views/vehicles/_form.html.erb b/app/views/vehicles/_form.html.erb index e156ed1..5da0ff3 100644 --- a/app/views/vehicles/_form.html.erb +++ b/app/views/vehicles/_form.html.erb @@ -41,14 +41,7 @@
Notes:
-

- <%= content_tag 'span', :id => "issue_description_and_toolbar", :style => (@vehicle.new_record? ? nil : 'display:none') do %> - <%= f.text_area :notes, - :cols => 60, - :rows => 10, - :no_label => true %> - <% end %> -

+ <%= f.text_area :notes, :cols => 60, :rows => 10, :no_label => true %>
From 7782627286ac989c5b47e833da3518fa38225c5e Mon Sep 17 00:00:00 2001 From: Rick Barrette Date: Fri, 31 Mar 2017 16:07:09 -0400 Subject: [PATCH 35/38] Split the VIN --- app/controllers/vehicles_controller.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/app/controllers/vehicles_controller.rb b/app/controllers/vehicles_controller.rb index cd7ad16..9b52091 100644 --- a/app/controllers/vehicles_controller.rb +++ b/app/controllers/vehicles_controller.rb @@ -57,6 +57,7 @@ class VehiclesController < ApplicationController def show begin @vehicle = Vehicle.find_by_id(params[:id]) + @vin = @vehicle.vin.scan(/.{1,9}/) if @vehicle.vin rescue ActiveRecord::RecordNotFound render_404 end From 9b9aabee115b256874eb96dd0a9c7a43bdf5564d Mon Sep 17 00:00:00 2001 From: Rick Barrette Date: Fri, 31 Mar 2017 16:11:19 -0400 Subject: [PATCH 36/38] Format the VIN --- app/views/vehicles/_details.html.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/views/vehicles/_details.html.erb b/app/views/vehicles/_details.html.erb index 88b407b..9d59991 100644 --- a/app/views/vehicles/_details.html.erb +++ b/app/views/vehicles/_details.html.erb @@ -13,7 +13,7 @@ VIN - <%= vehicle.vin %> + <%= @vin[0] if split_vin %><%=@vin[1] if @vin%> From a48840ddfbd2eb9f6dcec877489cc5fb0520b64b Mon Sep 17 00:00:00 2001 From: Rick Barrette Date: Fri, 31 Mar 2017 16:12:21 -0400 Subject: [PATCH 37/38] Fixed typo --- app/views/vehicles/_details.html.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/views/vehicles/_details.html.erb b/app/views/vehicles/_details.html.erb index 9d59991..058eb0b 100644 --- a/app/views/vehicles/_details.html.erb +++ b/app/views/vehicles/_details.html.erb @@ -13,7 +13,7 @@ VIN - <%= @vin[0] if split_vin %><%=@vin[1] if @vin%> + <%= @vin[0] if @vin %><%=@vin[1] if @vin%> From 06050bd1395bf4db60367b39ddda1953017526fd Mon Sep 17 00:00:00 2001 From: Rick Barrette Date: Fri, 31 Mar 2017 16:23:42 -0400 Subject: [PATCH 38/38] Removed unused method update_vehicles --- app/controllers/vehicles_controller.rb | 9 --------- 1 file changed, 9 deletions(-) diff --git a/app/controllers/vehicles_controller.rb b/app/controllers/vehicles_controller.rb index 9b52091..105159b 100644 --- a/app/controllers/vehicles_controller.rb +++ b/app/controllers/vehicles_controller.rb @@ -102,15 +102,6 @@ class VehiclesController < ApplicationController end end - # returns a dynamic list of vehicles owned by a customer - def update_vehicles - @vehicles = Customer.find_by(customer_id: params[:customer_id].to_i).vehicles - respond_to do |format| - format.html { render(:text => "not implemented") } - format.js - end - end - private def only_one_non_zero?( array )