tagged version 0.6.4

git-svn-id: http://redmine.rubyforge.org/svn/tags/0.6.4@1251 e93f8b46-1217-0410-a6f0-8f06a7374b81
Docs updated for 0.6.4 release.
2008-03-15 07:43:51 +00:00 · 2008-03-12 18:06:43 +00:00 · 2008-03-12 17:57:46 +00:00 · 2008-03-12 17:54:50 +00:00 · 2008-02-22 17:28:17 +00:00 · 2008-02-12 21:14:58 +00:00
864 changed files with 34739 additions and 10344 deletions
--- a/app/apis/sys_api.rb
+++ b/app/apis/sys_api.rb
@@ -20,6 +20,6 @@ class SysApi < ActionWebService::API::Base
             :expects => [],
             :returns => [[Project]]
  api_method :repository_created,
-             :expects => [:int, :string],
+             :expects => [:string, :string],
             :returns => [:int]
 end
--- a/app/controllers/account_controller.rb
+++ b/app/controllers/account_controller.rb
@@ -21,17 +21,16 @@ class AccountController < ApplicationController
  include CustomFieldsHelper   
  
  # prevents login action to be filtered by check_if_login_required application scope filter
-  skip_before_filter :check_if_login_required, :only => [:login, :lost_password, :register]
-  before_filter :require_login, :only => :logout
+  skip_before_filter :check_if_login_required, :only => [:login, :lost_password, :register, :activate]

  # Show user's account
  def show
-    @user = User.find(params[:id])
+    @user = User.find_active(params[:id])
    @custom_values = @user.custom_values.find(:all, :include => :custom_field)
    
    # show only public projects and private projects that the logged in user is also a member of
    @memberships = @user.memberships.select do |membership|
-      membership.project.is_public? || (logged_in_user && logged_in_user.role_for_project(membership.project))
+      membership.project.is_public? || (User.current.member_of?(membership.project))
    end
  rescue ActiveRecord::RecordNotFound
    render_404
@@ -41,12 +40,12 @@ class AccountController < ApplicationController
  def login
    if request.get?
      # Logout user
-      self.logged_in_user = nil
+      self.logged_user = nil
    else
      # Authenticate user
      user = User.try_to_login(params[:login], params[:password])
      if user
-        self.logged_in_user = user
+        self.logged_user = user
        # generate a key and set cookie if autologin
        if params[:autologin] && Setting.autologin?
          token = Token.create(:user => user, :action => 'autologin')
@@ -54,7 +53,7 @@ class AccountController < ApplicationController
        end
        redirect_back_or_default :controller => 'my', :action => 'page'
      else
-        flash.now[:notice] = l(:notice_account_invalid_creditentials)
+        flash.now[:error] = l(:notice_account_invalid_creditentials)
      end
    end
  end
@@ -62,17 +61,17 @@ class AccountController < ApplicationController
  # Log out current user and redirect to welcome page
  def logout
    cookies.delete :autologin
-    Token.delete_all(["user_id = ? AND action = ?", logged_in_user.id, "autologin"]) if logged_in_user
-    self.logged_in_user = nil
-    redirect_to :controller => 'welcome'
+    Token.delete_all(["user_id = ? AND action = ?", User.current.id, 'autologin']) if User.current.logged?
+    self.logged_user = nil
+    redirect_to home_url
  end
  
  # Enable user to choose a new password
  def lost_password
-    redirect_to :controller => 'welcome' and return unless Setting.lost_password?
+    redirect_to(home_url) && return unless Setting.lost_password?
    if params[:token]
      @token = Token.find_by_action_and_value("recovery", params[:token])
-      redirect_to :controller => 'welcome' and return unless @token and !@token.expired?
+      redirect_to(home_url) && return unless @token and !@token.expired?
      @user = @token.user
      if request.post?
        @user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation]
@@ -89,9 +88,9 @@ class AccountController < ApplicationController
      if request.post?
        user = User.find_by_mail(params[:mail])
        # user not found in db
-        flash.now[:notice] = l(:notice_account_unknown_email) and return unless user
+        flash.now[:error] = l(:notice_account_unknown_email) and return unless user
        # user uses an external authentification
-        flash.now[:notice] = l(:notice_can_t_change_password) and return if user.auth_source_id
+        flash.now[:error] = l(:notice_can_t_change_password) and return if user.auth_source_id
        # create a new token for password recovery
        token = Token.new(:user => user, :action => "recovery")
        if token.save
@@ -106,38 +105,71 @@ class AccountController < ApplicationController
  
  # User self-registration
  def register
-    redirect_to :controller => 'welcome' and return unless Setting.self_registration?
-    if params[:token]
-      token = Token.find_by_action_and_value("register", params[:token])
-      redirect_to :controller => 'welcome' and return unless token and !token.expired?
-      user = token.user
-      redirect_to :controller => 'welcome' and return unless user.status == User::STATUS_REGISTERED
-      user.status = User::STATUS_ACTIVE
-      if user.save
-        token.destroy
-        flash[:notice] = l(:notice_account_activated)
-        redirect_to :action => 'login'
-        return
-      end      
+    redirect_to(home_url) && return unless Setting.self_registration?
+    if request.get?
+      @user = User.new(:language => Setting.default_language)
+      @custom_values = UserCustomField.find(:all).collect { |x| CustomValue.new(:custom_field => x, :customized => @user) }
    else
-      if request.get?
-        @user = User.new(:language => Setting.default_language)
-        @custom_values = UserCustomField.find(:all).collect { |x| CustomValue.new(:custom_field => x, :customized => @user) }
-      else
-        @user = User.new(params[:user])
-        @user.admin = false
-        @user.login = params[:user][:login]
-        @user.status = User::STATUS_REGISTERED
-        @user.password, @user.password_confirmation = params[:password], params[:password_confirmation]
-        @custom_values = UserCustomField.find(:all).collect { |x| CustomValue.new(:custom_field => x, :customized => @user, :value => params["custom_fields"][x.id.to_s]) }
-        @user.custom_values = @custom_values
+      @user = User.new(params[:user])
+      @user.admin = false
+      @user.login = params[:user][:login]
+      @user.status = User::STATUS_REGISTERED
+      @user.password, @user.password_confirmation = params[:password], params[:password_confirmation]
+      @custom_values = UserCustomField.find(:all).collect { |x| CustomValue.new(:custom_field => x, 
+                                                                                :customized => @user, 
+                                                                                :value => (params["custom_fields"] ? params["custom_fields"][x.id.to_s] : nil)) }
+      @user.custom_values = @custom_values
+      case Setting.self_registration
+      when '1'
+        # Email activation
        token = Token.new(:user => @user, :action => "register")
        if @user.save and token.save
          Mailer.deliver_register(token)
          flash[:notice] = l(:notice_account_register_done)
-          redirect_to :controller => 'welcome' and return
+          redirect_to :action => 'login'
+        end
+      when '3'
+        # Automatic activation
+        @user.status = User::STATUS_ACTIVE
+        if @user.save
+          flash[:notice] = l(:notice_account_activated)
+          redirect_to :action => 'login'
+        end
+      else
+        # Manual activation by the administrator
+        if @user.save
+          # Sends an email to the administrators
+          Mailer.deliver_account_activation_request(@user)
+          flash[:notice] = l(:notice_account_pending)
+          redirect_to :action => 'login'
        end
      end
    end
  end
+  
+  # Token based account activation
+  def activate
+    redirect_to(home_url) && return unless Setting.self_registration? && params[:token]
+    token = Token.find_by_action_and_value('register', params[:token])
+    redirect_to(home_url) && return unless token and !token.expired?
+    user = token.user
+    redirect_to(home_url) && return unless user.status == User::STATUS_REGISTERED
+    user.status = User::STATUS_ACTIVE
+    if user.save
+      token.destroy
+      flash[:notice] = l(:notice_account_activated)
+    end
+    redirect_to :action => 'login'
+  end
+  
+private
+  def logged_user=(user)
+    if user && user.is_a?(User)
+      User.current = user
+      session[:user_id] = user.id
+    else
+      User.current = User.anonymous
+      session[:user_id] = nil
+    end
+  end
 end
--- a/app/controllers/admin_controller.rb
+++ b/app/controllers/admin_controller.rb
@@ -46,21 +46,37 @@ class AdminController < ApplicationController
  end

  def mail_options
-    @actions = Permission.find(:all, :conditions => ["mail_option=?", true]) || []
+    @notifiables = %w(issue_added issue_updated news_added document_added file_added message_posted)
    if request.post?
-      @actions.each { |a|
-        a.mail_enabled = (params[:action_ids] || []).include? a.id.to_s 
-        a.save
-      }
-      flash.now[:notice] = l(:notice_successful_update)
+      settings = (params[:settings] || {}).dup.symbolize_keys
+      settings[:notified_events] ||= []
+      settings.each { |name, value| Setting[name] = value }
+      flash[:notice] = l(:notice_successful_update)
+      redirect_to :controller => 'admin', :action => 'mail_options'
    end
  end
  
+  def test_email
+    raise_delivery_errors = ActionMailer::Base.raise_delivery_errors
+    # Force ActionMailer to raise delivery errors so we can catch it
+    ActionMailer::Base.raise_delivery_errors = true
+    begin
+      @test = Mailer.deliver_test(User.current)
+      flash[:notice] = l(:notice_email_sent, User.current.mail)
+    rescue Exception => e
+      flash[:error] = l(:notice_email_error, e.message)
+    end
+    ActionMailer::Base.raise_delivery_errors = raise_delivery_errors
+    redirect_to :action => 'mail_options'
+  end
+  
  def info
    @db_adapter_name = ActiveRecord::Base.connection.adapter_name
-    @flags = Hash.new
-    @flags[:default_admin_changed] = User.find(:first, :conditions => ["login=? and hashed_password=?", 'admin', User.hash_password('admin')]).nil?
-    @flags[:file_repository_writable] = File.writable?(Attachment.storage_path)
-    @flags[:textile_available] = ActionView::Helpers::TextHelper.method_defined? "textilize"
+    @flags = {
+      :default_admin_changed => User.find(:first, :conditions => ["login=? and hashed_password=?", 'admin', User.hash_password('admin')]).nil?,
+      :file_repository_writable => File.writable?(Attachment.storage_path),
+      :rmagick_available => Object.const_defined?(:Magick)
+    }
+    @plugins = Redmine::Plugin.registered_plugins
  end  
 end
--- a/app/controllers/application.rb
+++ b/app/controllers/application.rb
@@ -16,48 +16,44 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class ApplicationController < ActionController::Base
-  before_filter :check_if_login_required, :set_localization
+  before_filter :user_setup, :check_if_login_required, :set_localization
  filter_parameter_logging :password
  
  REDMINE_SUPPORTED_SCM.each do |scm|
    require_dependency "repository/#{scm.underscore}"
  end
  
-  def logged_in_user=(user)
-    @logged_in_user = user
-    session[:user_id] = (user ? user.id : nil)
+  def current_role
+    @current_role ||= User.current.role_for_project(@project)
  end
  
-  def logged_in_user
+  def user_setup
+    Setting.check_cache
    if session[:user_id]
-      @logged_in_user ||= User.find(session[:user_id])
+      # existing session
+      User.current = User.find(session[:user_id])
+    elsif cookies[:autologin] && Setting.autologin?
+      # auto-login feature
+      User.current = User.find_by_autologin_key(cookies[:autologin])
+    elsif params[:key] && accept_key_auth_actions.include?(params[:action])
+      # RSS key authentication
+      User.current = User.find_by_rss_key(params[:key])
    else
-      nil
+      User.current = User.anonymous
    end
  end
  
-  # Returns the role that the logged in user has on the current project
-  # or nil if current user is not a member of the project
-  def logged_in_user_membership
-    @user_membership ||= logged_in_user.role_for_project(@project)
-  end
-  
  # check if login is globally required to access the application
  def check_if_login_required
    # no check needed if user is already logged in
-    return true if logged_in_user
-    # auto-login feature
-    autologin_key = cookies[:autologin]
-    if autologin_key && Setting.autologin?
-      self.logged_in_user = User.find_by_autologin_key(autologin_key)
-    end
+    return true if User.current.logged?
    require_login if Setting.login_required?
  end 
  
  def set_localization
    lang = begin
-      if self.logged_in_user and self.logged_in_user.language and !self.logged_in_user.language.empty? and GLoc.valid_languages.include? self.logged_in_user.language.to_sym
-        self.logged_in_user.language
+      if !User.current.language.blank? and GLoc.valid_languages.include? User.current.language.to_sym
+        User.current.language
      elsif request.env['HTTP_ACCEPT_LANGUAGE']
        accept_lang = parse_qvalues(request.env['HTTP_ACCEPT_LANGUAGE']).first.split('-').first
        if accept_lang and !accept_lang.empty? and GLoc.valid_languages.include? accept_lang.to_sym
@@ -71,7 +67,7 @@ class ApplicationController < ActionController::Base
  end
  
  def require_login
-    unless self.logged_in_user
+    if !User.current.logged?
      store_location
      redirect_to :controller => "account", :action => "login"
      return false
@@ -81,34 +77,17 @@ class ApplicationController < ActionController::Base

  def require_admin
    return unless require_login
-    unless self.logged_in_user.admin?
+    if !User.current.admin?
      render_403
      return false
    end
    true
  end

-  # authorizes the user for the requested action.
+  # Authorize the user for the requested action
  def authorize(ctrl = params[:controller], action = params[:action])
-    unless @project.active?
-      @project = nil
-      render_404
-      return false
-    end
-    # check if action is allowed on public projects
-    if @project.is_public? and Permission.allowed_to_public "%s/%s" % [ ctrl, action ]
-      return true
-    end    
-    # if action is not public, force login
-    return unless require_login    
-    # admin is always authorized
-    return true if self.logged_in_user.admin?
-    # if not admin, check membership permission    
-    if logged_in_user_membership and Permission.allowed_to_role( "%s/%s" % [ ctrl, action ], logged_in_user_membership )    
-      return true		
-    end		
-    render_403
-    false
+    allowed = User.current.allowed_to?({:controller => ctrl, :action => action}, @project)
+    allowed ? true : (User.current.logged? ? render_403 : require_login)
  end
  
  # make sure that the user is a member of the project (or admin) if project is private
@@ -119,11 +98,8 @@ class ApplicationController < ActionController::Base
      render_404
      return false
    end
-    return true if @project.is_public?
-    return false unless logged_in_user
-    return true if logged_in_user.admin? || logged_in_user_membership
-    render_403
-    false
+    return true if @project.is_public? || User.current.member_of?(@project) || User.current.admin?
+    User.current.logged? ? render_403 : require_login
  end

  # store current uri in session.
@@ -143,17 +119,44 @@ class ApplicationController < ActionController::Base
  end
  
  def render_403
-    @html_title = "403"
    @project = nil
-    render :template => "common/403", :layout => true, :status => 403
+    render :template => "common/403", :layout => !request.xhr?, :status => 403
    return false
  end
    
  def render_404
-    @html_title = "404"
-    render :template => "common/404", :layout => true, :status => 404
+    render :template => "common/404", :layout => !request.xhr?, :status => 404
    return false
  end
+  
+  def render_feed(items, options={})    
+    @items = items || []
+    @items.sort! {|x,y| y.event_datetime <=> x.event_datetime }
+    @title = options[:title] || Setting.app_title
+    render :template => "common/feed.atom.rxml", :layout => false, :content_type => 'application/atom+xml'
+  end
+  
+  def self.accept_key_auth(*actions)
+    actions = actions.flatten.map(&:to_s)
+    write_inheritable_attribute('accept_key_auth_actions', actions)
+  end
+  
+  def accept_key_auth_actions
+    self.class.read_inheritable_attribute('accept_key_auth_actions') || []
+  end
+  
+  # TODO: move to model
+  def attach_files(obj, files)
+    attachments = []
+    if files && files.is_a?(Array)
+      files.each do |file|
+        next unless file.size > 0
+        a = Attachment.create(:container => obj, :file => file, :author => User.current)
+        attachments << a unless a.new_record?
+      end
+    end
+    attachments
+  end

  # qvalues http header parser
  # code taken from webrick
@@ -173,4 +176,4 @@ class ApplicationController < ActionController::Base
    end
    return tmp
  end
-end
+end
--- a/app/controllers/attachments_controller.rb
+++ b/app/controllers/attachments_controller.rb
@@ -19,18 +19,13 @@ class AttachmentsController < ApplicationController
  layout 'base'
  before_filter :find_project, :check_project_privacy

-  # sends an attachment
  def download
-    send_file @attachment.diskfile, :filename => @attachment.filename
-  rescue
-    render_404
-  end
-    
-  # sends an image to be displayed inline
-  def show
-    render(:nothing => true, :status => 404) and return unless @attachment.diskfile =~ /\.(jpeg|jpg|gif|png)$/i
-    send_file @attachment.diskfile, :filename => @attachment.filename, :type => "image/#{$1}", :disposition => 'inline'
+    # images are sent inline
+    send_file @attachment.diskfile, :filename => @attachment.filename, 
+                                    :type => @attachment.content_type, 
+                                    :disposition => (@attachment.image? ? 'inline' : 'attachment')
  rescue
+    # in case the disk file was deleted
    render_404
  end
 
--- a/app/controllers/auth_sources_controller.rb
+++ b/app/controllers/auth_sources_controller.rb
@@ -65,10 +65,10 @@ class AuthSourcesController < ApplicationController
    @auth_method = AuthSource.find(params[:id])
    begin
      @auth_method.test_connection
+      flash[:notice] = l(:notice_successful_connection)
    rescue => text
-      flash[:notice] = text
+      flash[:error] = "Unable to connect (#{text})"
    end
-    flash[:notice] ||= l(:notice_successful_connection)
    redirect_to :action => 'list'
  end

--- a/app/controllers/boards_controller.rb
+++ b/app/controllers/boards_controller.rb
@@ -17,9 +17,7 @@

 class BoardsController < ApplicationController
  layout 'base'
-  before_filter :find_project
-  before_filter :authorize, :except => [:index, :show]
-  before_filter :check_project_privacy, :only => [:index, :show]
+  before_filter :find_project, :authorize

  helper :messages
  include MessagesHelper
@@ -34,7 +32,6 @@ class BoardsController < ApplicationController
    if @boards.size == 1
      @board = @boards.first
      show
-      render :action => 'show'
    end
  end

@@ -44,11 +41,11 @@ class BoardsController < ApplicationController
      
    @topic_count = @board.topics.count
    @topic_pages = Paginator.new self, @topic_count, 25, params['page']
-    @topics =  @board.topics.find :all, :order => sort_clause,
+    @topics =  @board.topics.find :all, :order => "#{Message.table_name}.sticky DESC, #{sort_clause}",
                                  :include => [:author, {:last_reply => :author}],
                                  :limit  =>  @topic_pages.items_per_page,
                                  :offset =>  @topic_pages.current.offset
-    render :action => 'show', :layout => false if request.xhr?
+    render :action => 'show', :layout => !request.xhr?
  end
  
  verify :method => :post, :only => [ :destroy ], :redirect_to => { :action => :index }
--- a/app/controllers/custom_fields_controller.rb
+++ b/app/controllers/custom_fields_controller.rb
@@ -25,7 +25,7 @@ class CustomFieldsController < ApplicationController
  end

  def list
-    @custom_fields_by_type = CustomField.find(:all).group_by {|f| f.type.to_s }
+    @custom_fields_by_type = CustomField.find(:all).group_by {|f| f.class.name }
    @tab = params[:tab] || 'IssueCustomField'
    render :action => "list", :layout => false if request.xhr?
  end
@@ -45,7 +45,7 @@ class CustomFieldsController < ApplicationController
    end  
    if request.post? and @custom_field.save
      flash[:notice] = l(:notice_successful_create)
-      redirect_to :action => 'list', :tab => @custom_field.type
+      redirect_to :action => 'list', :tab => @custom_field.class.name
    end
    @trackers = Tracker.find(:all, :order => 'position')
  end
@@ -57,16 +57,31 @@ class CustomFieldsController < ApplicationController
        @custom_field.trackers = params[:tracker_ids] ? Tracker.find(params[:tracker_ids]) : []
      end
      flash[:notice] = l(:notice_successful_update)
-      redirect_to :action => 'list', :tab => @custom_field.type
+      redirect_to :action => 'list', :tab => @custom_field.class.name
    end
    @trackers = Tracker.find(:all, :order => 'position')
  end

+  def move
+    @custom_field = CustomField.find(params[:id])
+    case params[:position]
+    when 'highest'
+      @custom_field.move_to_top
+    when 'higher'
+      @custom_field.move_higher
+    when 'lower'
+      @custom_field.move_lower
+    when 'lowest'
+      @custom_field.move_to_bottom
+    end if params[:position]
+    redirect_to :action => 'list', :tab => @custom_field.class.name
+  end
+  
  def destroy
    @custom_field = CustomField.find(params[:id]).destroy
-    redirect_to :action => 'list', :tab => @custom_field.type
+    redirect_to :action => 'list', :tab => @custom_field.class.name
  rescue
-    flash[:notice] = "Unable to delete custom field"
+    flash[:error] = "Unable to delete custom field"
    redirect_to :action => 'list'
  end
 end
--- a/app/controllers/documents_controller.rb
+++ b/app/controllers/documents_controller.rb
@@ -39,20 +39,14 @@ class DocumentsController < ApplicationController
  def download
    @attachment = @document.attachments.find(params[:attachment_id])
    @attachment.increment_download
-    send_file @attachment.diskfile, :filename => @attachment.filename
+    send_file @attachment.diskfile, :filename => @attachment.filename, :type => @attachment.content_type
  rescue
    render_404
  end 
  
  def add_attachment
-    # Save the attachments
-    @attachments = []
-    params[:attachments].each { |file|
-      next unless file.size > 0
-      a = Attachment.create(:container => @document, :file => file, :author => logged_in_user)
-      @attachments << a unless a.new_record?
-    } if params[:attachments] and params[:attachments].is_a? Array
-    Mailer.deliver_attachments_add(@attachments) if !@attachments.empty? and Permission.find_by_controller_and_action(params[:controller], params[:action]).mail_enabled?
+    attachments = attach_files(@document, params[:attachments])
+    Mailer.deliver_attachments_added(attachments) if !attachments.empty? && Setting.notified_events.include?('document_added')
    redirect_to :action => 'show', :id => @document
  end
  
--- a/app/controllers/enumerations_controller.rb
+++ b/app/controllers/enumerations_controller.rb
@@ -59,12 +59,27 @@ class EnumerationsController < ApplicationController
    end
  end

+  def move
+    @enumeration = Enumeration.find(params[:id])
+    case params[:position]
+    when 'highest'
+      @enumeration.move_to_top
+    when 'higher'
+      @enumeration.move_higher
+    when 'lower'
+      @enumeration.move_lower
+    when 'lowest'
+      @enumeration.move_to_bottom
+    end if params[:position]
+    redirect_to :action => 'index'
+  end
+  
  def destroy
    Enumeration.find(params[:id]).destroy
    flash[:notice] = l(:notice_successful_delete)
    redirect_to :action => 'list'
  rescue
-    flash[:notice] = "Unable to delete enumeration"
+    flash[:error] = "Unable to delete enumeration"
    redirect_to :action => 'list'
  end
 end
--- a/app/controllers/feeds_controller.rb
+++ b/app/controllers/feeds_controller.rb
@@ -1,98 +0,0 @@
-# redMine - project management software
-# Copyright (C) 2006-2007  Jean-Philippe Lang
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-# 
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-# 
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
-
-class FeedsController < ApplicationController
-  before_filter :find_scope
-  session :off
-
-  helper :issues
-  include IssuesHelper
-  helper :custom_fields
-  include CustomFieldsHelper
-    
-  # news feeds
-  def news
-    News.with_scope(:find => @find_options) do
-      @news = News.find :all, :order => "#{News.table_name}.created_on DESC", :include => [ :author, :project ]
-    end
-    headers["Content-Type"] = "application/rss+xml"
-    render :action => 'news_atom' if 'atom' == params[:format]
-  end
-  
-  # issue feeds
-  def issues
-    if @project && params[:query_id]
-      query = Query.find(params[:query_id])
-      query.executed_by = @user
-      # ignore query if it's not valid
-      query = nil unless query.valid?
-      # override with query conditions
-      @find_options[:conditions] = query.statement if query.valid? and @project == query.project
-    end
-
-    Issue.with_scope(:find => @find_options) do
-      @issues = Issue.find :all, :include => [:project, :author, :tracker, :status, :custom_values], 
-                                 :order => "#{Issue.table_name}.created_on DESC"
-    end
-    @title = (@project ? @project.name : Setting.app_title) + ": " + (query ? query.name : l(:label_reported_issues))
-    headers["Content-Type"] = "application/rss+xml"
-    render :action => 'issues_atom' if 'atom' == params[:format]
-  end
-  
-  # issue changes feeds
-  def history    
-    if @project && params[:query_id]
-      query = Query.find(params[:query_id])
-      query.executed_by = @user
-      # ignore query if it's not valid
-      query = nil unless query.valid?
-      # override with query conditions
-      @find_options[:conditions] = query.statement if query.valid? and @project == query.project
-    end
-
-    Journal.with_scope(:find => @find_options) do
-      @journals = Journal.find :all, :include => [ :details, :user, {:issue => [:project, :author, :tracker, :status, :custom_values]} ], 
-                                     :order => "#{Journal.table_name}.created_on DESC"
-    end
-    
-    @title = (@project ? @project.name : Setting.app_title) + ": " + (query ? query.name : l(:label_reported_issues))
-    headers["Content-Type"] = "application/rss+xml"
-    render :action => 'history_atom' if 'atom' == params[:format]
-  end
-   
-private
-  # override for feeds specific authentication
-  def check_if_login_required
-    @user = User.find_by_rss_key(params[:key])
-    render(:nothing => true, :status => 403) and return false if !@user && Setting.login_required?
-  end
-  
-  def find_scope
-    if params[:project_id]
-      # project feed
-      # check if project is public or if the user is a member
-      @project = Project.find(params[:project_id])
-      render(:nothing => true, :status => 403) and return false unless @project.is_public? || (@user && @user.role_for_project(@project))
-      scope = ["#{Project.table_name}.id=?", params[:project_id].to_i]
-    else
-      # global feed
-      scope = ["#{Project.table_name}.is_public=?", true]
-    end
-    @find_options = {:conditions => scope, :limit => Setting.feeds_limit.to_i}
-    return true
-  end
-end
--- a/app/controllers/help_controller.rb
+++ b/app/controllers/help_controller.rb
@@ -1,44 +0,0 @@
-# redMine - project management software
-# Copyright (C) 2006  Jean-Philippe Lang
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-# 
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-# 
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
-
-class HelpController < ApplicationController
-
-  skip_before_filter :check_if_login_required
-  before_filter :load_help_config
-
-  # displays help page for the requested controller/action
-  def index	
-    # select help page to display
-    if params[:ctrl] and @help_config['pages'][params[:ctrl]]
-      if params[:page] and @help_config['pages'][params[:ctrl]][params[:page]]
-        template = @help_config['pages'][params[:ctrl]][params[:page]]
-      else
-        template = @help_config['pages'][params[:ctrl]]['index']
-      end
-    end
-    # choose language according to available help translations
-    lang = (@help_config['langs'].include? current_language.to_s) ? current_language.to_s : @help_config['langs'].first
-	
-    url = "/manual/#{lang}/" + (template || "index.html")
-    redirect_to(request.relative_url_root + url)
-  end
-
-private
-  def load_help_config
-    @help_config = YAML::load(File.open("#{RAILS_ROOT}/config/help.yml"))
-  end	
-end
--- a/app/controllers/issue_categories_controller.rb
+++ b/app/controllers/issue_categories_controller.rb
@@ -18,6 +18,8 @@
 class IssueCategoriesController < ApplicationController
  layout 'base'
  before_filter :find_project, :authorize
+  
+  verify :method => :post, :only => :destroy

  def edit
    if request.post? and @category.update_attributes(params[:category])
@@ -27,11 +29,17 @@ class IssueCategoriesController < ApplicationController
  end

  def destroy
-    @category.destroy
-    redirect_to :controller => 'projects', :action => 'settings', :tab => 'categories', :id => @project
-  rescue
-    flash[:notice] = "Categorie can't be deleted"
-    redirect_to :controller => 'projects', :action => 'settings', :tab => 'categories', :id => @project
+    @issue_count = @category.issues.size
+    if @issue_count == 0
+      # No issue assigned to this category
+      @category.destroy
+      redirect_to :controller => 'projects', :action => 'settings', :id => @project, :tab => 'categories'
+    elsif params[:todo]
+      reassign_to = @project.issue_categories.find_by_id(params[:reassign_to_id]) if params[:todo] == 'reassign'
+      @category.destroy(reassign_to)
+      redirect_to :controller => 'projects', :action => 'settings', :id => @project, :tab => 'categories'
+    end
+    @categories = @project.issue_categories - [@category]
  end

 private
--- a/app/controllers/issue_statuses_controller.rb
+++ b/app/controllers/issue_statuses_controller.rb
@@ -79,7 +79,7 @@ class IssueStatusesController < ApplicationController
    IssueStatus.find(params[:id]).destroy
    redirect_to :action => 'list'
  rescue
-    flash[:notice] = "Unable to delete issue status"
+    flash[:error] = "Unable to delete issue status"
    redirect_to :action => 'list'
  end  	
 end
--- a/app/controllers/issues_controller.rb
+++ b/app/controllers/issues_controller.rb
@@ -16,8 +16,10 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class IssuesController < ApplicationController
-  layout 'base', :except => :export_pdf
-  before_filter :find_project, :authorize
+  layout 'base'
+  before_filter :find_project, :authorize, :except => [:index, :changes, :preview]
+  before_filter :find_optional_project, :only => [:index, :changes]
+  accept_key_auth :index, :changes
  
  cache_sweeper :issue_sweeper, :only => [ :edit, :change_status, :destroy ]

@@ -32,93 +34,123 @@ class IssuesController < ApplicationController
  helper :watchers
  include WatchersHelper
  helper :attachments
-  include AttachmentsHelper   
+  include AttachmentsHelper
+  helper :queries
+  helper :sort
+  include SortHelper
+  include IssuesHelper

+  def index
+    sort_init "#{Issue.table_name}.id", "desc"
+    sort_update
+    retrieve_query
+    if @query.valid?
+      limit = %w(pdf csv).include?(params[:format]) ? Setting.issues_export_limit.to_i : 25
+      @issue_count = Issue.count(:include => [:status, :project], :conditions => @query.statement)
+      @issue_pages = Paginator.new self, @issue_count, limit, params['page']
+      @issues = Issue.find :all, :order => sort_clause,
+                           :include => [ :assigned_to, :status, :tracker, :project, :priority, :category, :fixed_version ],
+                           :conditions => @query.statement,
+                           :limit  =>  limit,
+                           :offset =>  @issue_pages.current.offset
+      respond_to do |format|
+        format.html { render :template => 'issues/index.rhtml', :layout => !request.xhr? }
+        format.atom { render_feed(@issues, :title => l(:label_issue_plural)) }
+        format.csv  { send_data(issues_to_csv(@issues, @project).read, :type => 'text/csv; header=present', :filename => 'export.csv') }
+        format.pdf  { send_data(render(:template => 'issues/index.rfpdf', :layout => false), :type => 'application/pdf', :filename => 'export.pdf') }
+      end
+    else
+      # Send html if the query is not valid
+      render(:template => 'issues/index.rhtml', :layout => !request.xhr?)
+    end
+  end
+  
+  def changes
+    sort_init "#{Issue.table_name}.id", "desc"
+    sort_update
+    retrieve_query
+    if @query.valid?
+      @changes = Journal.find :all, :include => [ :details, :user, {:issue => [:project, :author, :tracker, :status]} ],
+                                     :conditions => @query.statement,
+                                     :limit => 25,
+                                     :order => "#{Journal.table_name}.created_on DESC"
+    end
+    @title = (@project ? @project.name : Setting.app_title) + ": " + (@query.new_record? ? l(:label_changes_details) : @query.name)
+    render :layout => false, :content_type => 'application/atom+xml'
+  end
+  
  def show
-    @status_options = @issue.status.find_new_statuses_allowed_to(logged_in_user.role_for_project(@project), @issue.tracker) if logged_in_user
-    @custom_values = @issue.custom_values.find(:all, :include => :custom_field)
-    @journals_count = @issue.journals.count
-    @journals = @issue.journals.find(:all, :include => [:user, :details], :limit => 15, :order => "#{Journal.table_name}.created_on desc")
-  end
-  
-  def history
-    @journals = @issue.journals.find(:all, :include => [:user, :details], :order => "#{Journal.table_name}.created_on desc")
-    @journals_count = @journals.length  
-  end
-  
-  def export_pdf
-    @custom_values = @issue.custom_values.find(:all, :include => :custom_field)
-    @options_for_rfpdf ||= {}
-    @options_for_rfpdf[:file_name] = "#{@project.name}_#{@issue.id}.pdf"
+    @custom_values = @issue.custom_values.find(:all, :include => :custom_field, :order => "#{CustomField.table_name}.position")
+    @journals = @issue.journals.find(:all, :include => [:user, :details], :order => "#{Journal.table_name}.created_on ASC")
+    @status_options = @issue.status.find_new_statuses_allowed_to(User.current.role_for_project(@project), @issue.tracker)
+    respond_to do |format|
+      format.html { render :template => 'issues/show.rhtml' }
+      format.pdf  { send_data(render(:template => 'issues/show.rfpdf', :layout => false), :type => 'application/pdf', :filename => "#{@project.identifier}-#{@issue.id}.pdf") }
+    end
  end

  def edit
    @priorities = Enumeration::get_values('IPRI')
+    @custom_values = []
    if request.get?
      @custom_values = @project.custom_fields_for_issues(@issue.tracker).collect { |x| @issue.custom_values.find_by_custom_field_id(x.id) || CustomValue.new(:custom_field => x, :customized => @issue) }
    else
      begin
-        @issue.init_journal(self.logged_in_user)
+        @issue.init_journal(User.current)
        # Retrieve custom fields and values
-        @custom_values = @project.custom_fields_for_issues(@issue.tracker).collect { |x| CustomValue.new(:custom_field => x, :customized => @issue, :value => params["custom_fields"][x.id.to_s]) }
-        @issue.custom_values = @custom_values
+        if params["custom_fields"]
+          @custom_values = @project.custom_fields_for_issues(@issue.tracker).collect { |x| CustomValue.new(:custom_field => x, :customized => @issue, :value => params["custom_fields"][x.id.to_s]) }
+          @issue.custom_values = @custom_values
+        end
        @issue.attributes = params[:issue]
        if @issue.save
          flash[:notice] = l(:notice_successful_update)
-          redirect_to :action => 'show', :id => @issue
+          redirect_to(params[:back_to] || {:action => 'show', :id => @issue})
        end
      rescue ActiveRecord::StaleObjectError
        # Optimistic locking exception
-        flash[:notice] = l(:notice_locking_conflict)
+        flash[:error] = l(:notice_locking_conflict)
      end
    end		
  end
  
  def add_note
-    unless params[:notes].empty?
-      journal = @issue.init_journal(self.logged_in_user, params[:notes])
-      if @issue.save
-        flash[:notice] = l(:notice_successful_update)
-        Mailer.deliver_issue_edit(journal) if Permission.find_by_controller_and_action(params[:controller], params[:action]).mail_enabled?
-        redirect_to :action => 'show', :id => @issue
-        return
-      end
+    journal = @issue.init_journal(User.current, params[:notes])
+    attachments = attach_files(@issue, params[:attachments])
+    attachments.each {|a| journal.details << JournalDetail.new(:property => 'attachment', :prop_key => a.id, :value => a.filename)}
+    if journal.save
+      flash[:notice] = l(:notice_successful_update)
+      Mailer.deliver_issue_edit(journal) if Setting.notified_events.include?('issue_updated')
+      redirect_to :action => 'show', :id => @issue
+      return
    end
    show
-    render :action => 'show'
  end

  def change_status
-    @status_options = @issue.status.find_new_statuses_allowed_to(logged_in_user.role_for_project(@project), @issue.tracker) if logged_in_user
+    @status_options = @issue.status.find_new_statuses_allowed_to(User.current.role_for_project(@project), @issue.tracker)
    @new_status = IssueStatus.find(params[:new_status_id])
    if params[:confirm]
      begin
-        journal = @issue.init_journal(self.logged_in_user, params[:notes])
+        journal = @issue.init_journal(User.current, params[:notes])
        @issue.status = @new_status
        if @issue.update_attributes(params[:issue])
-          # Save attachments
-          params[:attachments].each { |file|
-            next unless file.size > 0
-            a = Attachment.create(:container => @issue, :file => file, :author => logged_in_user)            
-            journal.details << JournalDetail.new(:property => 'attachment',
-                                                 :prop_key => a.id,
-                                                 :value => a.filename) unless a.new_record?
-          } if params[:attachments] and params[:attachments].is_a? Array
-        
+          attachments = attach_files(@issue, params[:attachments])
+          attachments.each {|a| journal.details << JournalDetail.new(:property => 'attachment', :prop_key => a.id, :value => a.filename)}
          # Log time
-          if logged_in_user.authorized_to(@project, "timelog/edit")
-            @time_entry ||= TimeEntry.new(:project => @project, :issue => @issue, :user => logged_in_user, :spent_on => Date.today)
+          if current_role.allowed_to?(:log_time)
+            @time_entry ||= TimeEntry.new(:project => @project, :issue => @issue, :user => User.current, :spent_on => Date.today)
            @time_entry.attributes = params[:time_entry]
            @time_entry.save
          end
          
          flash[:notice] = l(:notice_successful_update)
-          Mailer.deliver_issue_edit(journal) if Permission.find_by_controller_and_action(params[:controller], params[:action]).mail_enabled?
+          Mailer.deliver_issue_edit(journal) if Setting.notified_events.include?('issue_updated')
          redirect_to :action => 'show', :id => @issue
        end
      rescue ActiveRecord::StaleObjectError
        # Optimistic locking exception
-        flash[:notice] = l(:notice_locking_conflict)
+        flash[:error] = l(:notice_locking_conflict)
      end
    end    
    @assignable_to = @project.members.find(:all, :include => :user).collect{ |m| m.user }
@@ -127,43 +159,81 @@ class IssuesController < ApplicationController

  def destroy
    @issue.destroy
-    redirect_to :controller => 'projects', :action => 'list_issues', :id => @project
-  end
-
-  def add_attachment
-    # Save the attachments
-    @attachments = []
-    journal = @issue.init_journal(self.logged_in_user)
-    params[:attachments].each { |file|
-      next unless file.size > 0
-      a = Attachment.create(:container => @issue, :file => file, :author => logged_in_user)
-      @attachments << a unless a.new_record?
-      journal.details << JournalDetail.new(:property => 'attachment',
-                                           :prop_key => a.id,
-                                           :value => a.filename) unless a.new_record?
-    } if params[:attachments] and params[:attachments].is_a? Array
-    journal.save if journal.details.any?
-    Mailer.deliver_attachments_add(@attachments) if !@attachments.empty? and Permission.find_by_controller_and_action(params[:controller], params[:action]).mail_enabled?
-    redirect_to :action => 'show', :id => @issue
+    redirect_to :action => 'index', :project_id => @project
  end

  def destroy_attachment
    a = @issue.attachments.find(params[:attachment_id])
    a.destroy
-    journal = @issue.init_journal(self.logged_in_user)
+    journal = @issue.init_journal(User.current)
    journal.details << JournalDetail.new(:property => 'attachment',
                                         :prop_key => a.id,
                                         :old_value => a.filename)
    journal.save
    redirect_to :action => 'show', :id => @issue
  end
+  
+  def context_menu
+    @priorities = Enumeration.get_values('IPRI').reverse
+    @statuses = IssueStatus.find(:all, :order => 'position')
+    @allowed_statuses = @issue.status.find_new_statuses_allowed_to(User.current.role_for_project(@project), @issue.tracker)
+    @assignables = @issue.assignable_users
+    @assignables << @issue.assigned_to if @issue.assigned_to && !@assignables.include?(@issue.assigned_to)
+    @can = {:edit => User.current.allowed_to?(:edit_issues, @project),
+            :change_status => User.current.allowed_to?(:change_issue_status, @project),
+            :add => User.current.allowed_to?(:add_issues, @project),
+            :move => User.current.allowed_to?(:move_issues, @project),
+            :copy => (@project.trackers.include?(@issue.tracker) && User.current.allowed_to?(:add_issues, @project)),
+            :delete => User.current.allowed_to?(:delete_issues, @project)}
+    render :layout => false
+  end

+  def preview
+    issue = Issue.find_by_id(params[:id])
+    @attachements = issue.attachments if issue
+    @text = params[:issue][:description]
+    render :partial => 'common/preview'
+  end
+  
 private
  def find_project
    @issue = Issue.find(params[:id], :include => [:project, :tracker, :status, :author, :priority, :category])
    @project = @issue.project
-    @html_title = "#{@project.name} - #{@issue.tracker.name} ##{@issue.id}"
  rescue ActiveRecord::RecordNotFound
    render_404
-  end  
+  end
+  
+  def find_optional_project
+    return true unless params[:project_id]
+    @project = Project.find(params[:project_id])
+    authorize
+  rescue ActiveRecord::RecordNotFound
+    render_404
+  end
+  
+  # Retrieve query from session or build a new query
+  def retrieve_query
+    if params[:query_id]
+      @query = Query.find(params[:query_id], :conditions => {:project_id => (@project ? @project.id : nil)})
+      session[:query] = @query
+    else
+      if params[:set_filter] or !session[:query] or session[:query].project != @project
+        # Give it a name, required to be valid
+        @query = Query.new(:name => "_")
+        @query.project = @project
+        if params[:fields] and params[:fields].is_a? Array
+          params[:fields].each do |field|
+            @query.add_filter(field, params[:operators][field], params[:values][field])
+          end
+        else
+          @query.available_filters.keys.each do |field|
+            @query.add_short_filter(field, params[field]) if params[field]
+          end
+        end
+        session[:query] = @query
+      else
+        @query = session[:query]
+      end
+    end
+  end
 end
--- a/app/controllers/members_controller.rb
+++ b/app/controllers/members_controller.rb
@@ -17,13 +17,23 @@

 class MembersController < ApplicationController
  layout 'base'
-  before_filter :find_project, :authorize
+  before_filter :find_member, :except => :new
+  before_filter :find_project, :only => :new
+  before_filter :authorize

+  def new
+    @project.members << Member.new(params[:member]) if request.post?
+    respond_to do |format|
+      format.html { redirect_to :action => 'settings', :tab => 'members', :id => @project }
+      format.js { render(:update) {|page| page.replace_html "tab-content-members", :partial => 'projects/settings/members'} }
+    end
+  end
+  
  def edit
    if request.post? and @member.update_attributes(params[:member])
  	 respond_to do |format|
        format.html { redirect_to :controller => 'projects', :action => 'settings', :tab => 'members', :id => @project }
-        format.js { render(:update) {|page| page.replace_html "tab-content-members", :partial => 'projects/members'} }
+        format.js { render(:update) {|page| page.replace_html "tab-content-members", :partial => 'projects/settings/members'} }
      end
    end
  end
@@ -32,12 +42,18 @@ class MembersController < ApplicationController
    @member.destroy
 	respond_to do |format|
      format.html { redirect_to :controller => 'projects', :action => 'settings', :tab => 'members', :id => @project }
-      format.js { render(:update) {|page| page.replace_html "tab-content-members", :partial => 'projects/members'} }
+      format.js { render(:update) {|page| page.replace_html "tab-content-members", :partial => 'projects/settings/members'} }
    end
  end

 private
  def find_project
+    @project = Project.find(params[:id])
+  rescue ActiveRecord::RecordNotFound
+    render_404
+  end
+  
+  def find_member
    @member = Member.find(params[:id]) 
    @project = @member.project
  rescue ActiveRecord::RecordNotFound
--- a/app/controllers/messages_controller.rb
+++ b/app/controllers/messages_controller.rb
@@ -17,45 +17,81 @@

 class MessagesController < ApplicationController
  layout 'base'
-  before_filter :find_project, :check_project_privacy
-  before_filter :require_login, :only => [:new, :reply]
+  before_filter :find_board, :only => :new
+  before_filter :find_message, :except => :new
+  before_filter :authorize

  verify :method => :post, :only => [ :reply, :destroy ], :redirect_to => { :action => :show }

  helper :attachments
  include AttachmentsHelper   

+  # Show a topic and its replies
  def show
    @reply = Message.new(:subject => "RE: #{@message.subject}")
    render :action => "show", :layout => false if request.xhr?
  end
  
+  # Create a new topic
  def new
    @message = Message.new(params[:message])
-    @message.author = logged_in_user
-    @message.board = @board 
+    @message.author = User.current
+    @message.board = @board
+    if params[:message] && User.current.allowed_to?(:edit_messages, @project)
+      @message.locked = params[:message]['locked']
+      @message.sticky = params[:message]['sticky']
+    end
    if request.post? && @message.save
-      params[:attachments].each { |file|
-        next unless file.size > 0
-        Attachment.create(:container => @message, :file => file, :author => logged_in_user)
-      } if params[:attachments] and params[:attachments].is_a? Array    
+      attach_files(@message, params[:attachments])
      redirect_to :action => 'show', :id => @message
    end
  end

+  # Reply to a topic
  def reply
    @reply = Message.new(params[:reply])
-    @reply.author = logged_in_user
+    @reply.author = User.current
    @reply.board = @board
-    @message.children << @reply
-    redirect_to :action => 'show', :id => @message
+    @topic.children << @reply
+    if !@reply.new_record?
+      attach_files(@reply, params[:attachments])
+    end
+    redirect_to :action => 'show', :id => @topic
+  end
+
+  # Edit a message
+  def edit
+    if params[:message] && User.current.allowed_to?(:edit_messages, @project)
+      @message.locked = params[:message]['locked']
+      @message.sticky = params[:message]['sticky']
+    end
+    if request.post? && @message.update_attributes(params[:message])
+      attach_files(@message, params[:attachments])
+      flash[:notice] = l(:notice_successful_update)
+      redirect_to :action => 'show', :id => @topic
+    end
+  end
+  
+  # Delete a messages
+  def destroy
+    @message.destroy
+    redirect_to @message.parent.nil? ?
+      { :controller => 'boards', :action => 'show', :project_id => @project, :id => @board } :
+      { :action => 'show', :id => @message.parent }
  end
  
 private
-  def find_project
+  def find_message
+    find_board
+    @message = @board.messages.find(params[:id], :include => :parent)
+    @topic = @message.root
+  rescue ActiveRecord::RecordNotFound
+    render_404
+  end
+  
+  def find_board
    @board = Board.find(params[:board_id], :include => :project)
    @project = @board.project
-    @message = @board.topics.find(params[:id]) if params[:id]
  rescue ActiveRecord::RecordNotFound
    render_404
  end
--- a/app/controllers/my_controller.rb
+++ b/app/controllers/my_controller.rb
@@ -16,6 +16,8 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class MyController < ApplicationController
+  helper :issues
+  
  layout 'base'
  before_filter :require_login

@@ -42,44 +44,65 @@ class MyController < ApplicationController

  # Show user's page
  def page
-    @user = self.logged_in_user
+    @user = User.current
    @blocks = @user.pref[:my_page_layout] || DEFAULT_LAYOUT
  end

  # Edit user's account
  def account
-    @user = self.logged_in_user
+    @user = User.current
    @pref = @user.pref
-    @user.attributes = params[:user]
-    @user.pref.attributes = params[:pref]
-    if request.post? and @user.save and @user.pref.save
-      set_localization
-      flash.now[:notice] = l(:notice_account_updated)
-      self.logged_in_user.reload
-    end
-  end
-
-  # Change user's password
-  def change_password
-    @user = self.logged_in_user
-    flash[:notice] = l(:notice_can_t_change_password) and redirect_to :action => 'account' and return if @user.auth_source_id
-    if @user.check_password?(params[:password])
-      @user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation]
+    if request.post?
+      @user.attributes = params[:user]
+      @user.mail_notification = (params[:notification_option] == 'all')
+      @user.pref.attributes = params[:pref]
+      @user.pref[:no_self_notified] = (params[:no_self_notified] == '1')
      if @user.save
-        flash[:notice] = l(:notice_account_password_updated)
-      else
-        render :action => 'account'
+        @user.pref.save
+        @user.notified_project_ids = (params[:notification_option] == 'selected' ? params[:notified_project_ids] : [])
+        set_language_if_valid @user.language
+        flash[:notice] = l(:notice_account_updated)
+        redirect_to :action => 'account'
        return
      end
-    else
-      flash[:notice] = l(:notice_account_wrong_password)
+    end
+    @notification_options = [[l(:label_user_mail_option_all), 'all'],
+                             [l(:label_user_mail_option_none), 'none']]
+    # Only users that belong to more than 1 project can select projects for which they are notified
+    # Note that @user.membership.size would fail since AR ignores :include association option when doing a count
+    @notification_options.insert 1, [l(:label_user_mail_option_selected), 'selected'] if @user.memberships.length > 1
+    @notification_option = @user.mail_notification? ? 'all' : (@user.notified_projects_ids.empty? ? 'none' : 'selected')    
+  end
+
+  # Manage user's password
+  def password
+    @user = User.current
+    flash[:error] = l(:notice_can_t_change_password) and redirect_to :action => 'account' and return if @user.auth_source_id
+    if request.post?
+      if @user.check_password?(params[:password])
+        @user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation]
+        if @user.save
+          flash[:notice] = l(:notice_account_password_updated)
+          redirect_to :action => 'account'
+        end
+      else
+        flash[:error] = l(:notice_account_wrong_password)
+      end
+    end
+  end
+  
+  # Create a new feeds key
+  def reset_rss_key
+    if request.post? && User.current.rss_token
+      User.current.rss_token.destroy
+      flash[:notice] = l(:notice_feeds_access_key_reseted)
    end
    redirect_to :action => 'account'
  end

  # User's page layout configuration
  def page_layout
-    @user = self.logged_in_user
+    @user = User.current
    @blocks = @user.pref[:my_page_layout] || DEFAULT_LAYOUT.dup
    session[:page_layout] = @blocks
    %w(top left right).each {|f| session[:page_layout][f] ||= [] }
@@ -93,7 +116,7 @@ class MyController < ApplicationController
  def add_block
    block = params[:block]
    render(:nothing => true) and return unless block && (BLOCKS.keys.include? block)
-    @user = self.logged_in_user
+    @user = User.current
    # remove if already present in a group
    %w(top left right).each {|f| (session[:page_layout][f] ||= []).delete block }
    # add it on top
@@ -128,7 +151,7 @@ class MyController < ApplicationController
  
  # Save user's page layout  
  def page_layout_save
-    @user = self.logged_in_user
+    @user = User.current
    @user.pref[:my_page_layout] = session[:page_layout] if session[:page_layout]
    @user.pref.save
    session[:page_layout] = nil
--- a/app/controllers/news_controller.rb
+++ b/app/controllers/news_controller.rb
@@ -17,8 +17,22 @@

 class NewsController < ApplicationController
  layout 'base'
-  before_filter :find_project, :authorize
-
+  before_filter :find_project, :authorize, :except => :index
+  before_filter :find_optional_project, :only => :index
+  accept_key_auth :index
+  
+  def index
+    @news_pages, @newss = paginate :news,
+                                   :per_page => 10,
+                                   :conditions => (@project ? {:project_id => @project.id} : Project.visible_by(User.current)),
+                                   :include => [:author, :project],
+                                   :order => "#{News.table_name}.created_on DESC"    
+    respond_to do |format|
+      format.html { render :layout => false if request.xhr? }
+      format.atom { render_feed(@newss, :title => (@project ? @project.name : Setting.app_title) + ": #{l(:label_news_plural)}") }
+    end
+  end
+  
  def show
  end

@@ -31,7 +45,7 @@ class NewsController < ApplicationController
  
  def add_comment
    @comment = Comment.new(params[:comment])
-    @comment.author = logged_in_user
+    @comment.author = User.current
    if @news.comments << @comment
      flash[:notice] = l(:label_comment_added)
      redirect_to :action => 'show', :id => @news
@@ -47,7 +61,7 @@ class NewsController < ApplicationController

  def destroy
    @news.destroy
-    redirect_to :controller => 'projects', :action => 'list_news', :id => @project
+    redirect_to :action => 'index', :project_id => @project
  end
  
 private
@@ -56,5 +70,13 @@ private
    @project = @news.project
  rescue ActiveRecord::RecordNotFound
    render_404
-  end  
+  end
+  
+  def find_optional_project
+    return true unless params[:project_id]
+    @project = Project.find(params[:project_id])
+    authorize
+  rescue ActiveRecord::RecordNotFound
+    render_404
+  end
 end
--- a/app/controllers/projects_controller.rb
+++ b/app/controllers/projects_controller.rb
@@ -15,16 +15,16 @@
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

-require 'csv'
-
 class ProjectsController < ApplicationController
  layout 'base'
  before_filter :find_project, :except => [ :index, :list, :add ]
  before_filter :authorize, :except => [ :index, :list, :add, :archive, :unarchive, :destroy ]
  before_filter :require_admin, :only => [ :add, :archive, :unarchive, :destroy ]
+  accept_key_auth :activity, :calendar
  
  cache_sweeper :project_sweeper, :only => [ :add, :edit, :archive, :unarchive, :destroy ]
  cache_sweeper :issue_sweeper, :only => [ :add_issue ]
+  cache_sweeper :version_sweeper, :only => [ :add_version ]

  helper :sort
  include SortHelper
@@ -32,54 +32,46 @@ class ProjectsController < ApplicationController
  include CustomFieldsHelper   
  helper :ifpdf
  include IfpdfHelper
+  helper :issues
  helper IssuesHelper
  helper :queries
  include QueriesHelper
  helper :repositories
  include RepositoriesHelper
+  include ProjectsHelper
  
  def index
    list
    render :action => 'list' unless request.xhr?
  end

-  # Lists public projects
+  # Lists visible projects
  def list
-    sort_init "#{Project.table_name}.name", "asc"
-    sort_update		
-    @project_count = Project.count(:all, :conditions => Project.visible_by(logged_in_user))		
-    @project_pages = Paginator.new self, @project_count,
-								15,
-								params['page']								
-    @projects = Project.find :all, :order => sort_clause,
-						:conditions => Project.visible_by(logged_in_user),
-						:include => :parent,
-						:limit  =>  @project_pages.items_per_page,
-						:offset =>  @project_pages.current.offset
-
-    render :action => "list", :layout => false if request.xhr?	
+    projects = Project.find :all,
+                            :conditions => Project.visible_by(User.current),
+                            :include => :parent
+    @project_tree = projects.group_by {|p| p.parent || p}
+    @project_tree.each_key {|p| @project_tree[p] -= [p]}
  end
-          
+  
  # Add a new project
  def add
-    @custom_fields = IssueCustomField.find(:all)
-    @root_projects = Project.find(:all, :conditions => "parent_id is null")
+    @custom_fields = IssueCustomField.find(:all, :order => "#{CustomField.table_name}.position")
+    @trackers = Tracker.all
+    @root_projects = Project.find(:all,
+                                  :conditions => "parent_id IS NULL AND status = #{Project::STATUS_ACTIVE}",
+                                  :order => 'name')
    @project = Project.new(params[:project])
+    @project.enabled_module_names = Redmine::AccessControl.available_project_modules
    if request.get?
-      @custom_values = ProjectCustomField.find(:all).collect { |x| CustomValue.new(:custom_field => x, :customized => @project) }
+      @custom_values = ProjectCustomField.find(:all, :order => "#{CustomField.table_name}.position").collect { |x| CustomValue.new(:custom_field => x, :customized => @project) }
+      @project.trackers = Tracker.all
    else
      @project.custom_fields = CustomField.find(params[:custom_field_ids]) if params[:custom_field_ids]
-      @custom_values = ProjectCustomField.find(:all).collect { |x| CustomValue.new(:custom_field => x, :customized => @project, :value => params["custom_fields"][x.id.to_s]) }
-      @project.custom_values = @custom_values			
-      if params[:repository_enabled] && params[:repository_enabled] == "1"
-        @project.repository = Repository.factory(params[:repository_scm])
-        @project.repository.attributes = params[:repository]
-      end
-      if "1" == params[:wiki_enabled]
-        @project.wiki = Wiki.new
-        @project.wiki.attributes = params[:wiki]
-      end
+      @custom_values = ProjectCustomField.find(:all, :order => "#{CustomField.table_name}.position").collect { |x| CustomValue.new(:custom_field => x, :customized => @project, :value => (params[:custom_fields] ? params["custom_fields"][x.id.to_s] : nil)) }
+      @project.custom_values = @custom_values
      if @project.save
+        @project.enabled_module_names = params[:enabled_modules]
        flash[:notice] = l(:notice_successful_create)
        redirect_to :controller => 'admin', :action => 'projects'
 	  end		
@@ -88,21 +80,28 @@ class ProjectsController < ApplicationController
 	
  # Show @project
  def show
-    @custom_values = @project.custom_values.find(:all, :include => :custom_field)
+    @custom_values = @project.custom_values.find(:all, :include => :custom_field, :order => "#{CustomField.table_name}.position")
    @members_by_role = @project.members.find(:all, :include => [:user, :role], :order => 'position').group_by {|m| m.role}
    @subprojects = @project.active_children
    @news = @project.news.find(:all, :limit => 5, :include => [ :author, :project ], :order => "#{News.table_name}.created_on DESC")
-    @trackers = Tracker.find(:all, :order => 'position')
+    @trackers = @project.trackers
    @open_issues_by_tracker = Issue.count(:group => :tracker, :joins => "INNER JOIN #{IssueStatus.table_name} ON #{IssueStatus.table_name}.id = #{Issue.table_name}.status_id", :conditions => ["project_id=? and #{IssueStatus.table_name}.is_closed=?", @project.id, false])
    @total_issues_by_tracker = Issue.count(:group => :tracker, :conditions => ["project_id=?", @project.id])
+    @total_hours = @project.time_entries.sum(:hours)
+    @key = User.current.rss_key
  end

  def settings
-    @root_projects = Project::find(:all, :conditions => ["parent_id is null and id <> ?", @project.id])
+    @root_projects = Project.find(:all,
+                                  :conditions => ["parent_id IS NULL AND status = #{Project::STATUS_ACTIVE} AND id <> ?", @project.id],
+                                  :order => 'name')
    @custom_fields = IssueCustomField.find(:all)
    @issue_category ||= IssueCategory.new
    @member ||= @project.members.new
-    @custom_values ||= ProjectCustomField.find(:all).collect { |x| @project.custom_values.find_by_custom_field_id(x.id) || CustomValue.new(:custom_field => x) }
+    @trackers = Tracker.all
+    @custom_values ||= ProjectCustomField.find(:all, :order => "#{CustomField.table_name}.position").collect { |x| @project.custom_values.find_by_custom_field_id(x.id) || CustomValue.new(:custom_field => x) }
+    @repository ||= @project.repository
+    @wiki ||= @project.wiki
  end
  
  # Edit @project
@@ -110,27 +109,9 @@ class ProjectsController < ApplicationController
    if request.post?
      @project.custom_fields = IssueCustomField.find(params[:custom_field_ids]) if params[:custom_field_ids]
      if params[:custom_fields]
-        @custom_values = ProjectCustomField.find(:all).collect { |x| CustomValue.new(:custom_field => x, :customized => @project, :value => params["custom_fields"][x.id.to_s]) }
+        @custom_values = ProjectCustomField.find(:all, :order => "#{CustomField.table_name}.position").collect { |x| CustomValue.new(:custom_field => x, :customized => @project, :value => params["custom_fields"][x.id.to_s]) }
        @project.custom_values = @custom_values
      end
-      if params[:repository_enabled]
-        case params[:repository_enabled]
-        when "0"
-          @project.repository = nil
-        when "1"
-          @project.repository ||= Repository.factory(params[:repository_scm])
-          @project.repository.update_attributes params[:repository] if @project.repository
-        end
-      end
-      if params[:wiki_enabled]
-        case params[:wiki_enabled]
-        when "0"
-          @project.wiki.destroy if @project.wiki
-        when "1"
-          @project.wiki ||= Wiki.new
-          @project.wiki.update_attributes params[:wiki]
-        end
-      end      
      @project.attributes = params[:project]
      if @project.save
        flash[:notice] = l(:notice_successful_update)
@@ -141,6 +122,11 @@ class ProjectsController < ApplicationController
      end
    end
  end
+  
+  def modules
+    @project.enabled_module_names = params[:enabled_modules]
+    redirect_to :action => 'settings', :id => @project, :tab => 'modules'
+  end

  def archive
    @project.archive if request.post? && @project.active?
@@ -167,8 +153,18 @@ class ProjectsController < ApplicationController
  def add_issue_category
    @category = @project.issue_categories.build(params[:category])
    if request.post? and @category.save
-      flash[:notice] = l(:notice_successful_create)
-      redirect_to :action => 'settings', :tab => 'categories', :id => @project
+  	  respond_to do |format|
+        format.html do
+          flash[:notice] = l(:notice_successful_create)
+          redirect_to :action => 'settings', :tab => 'categories', :id => @project
+        end
+        format.js do
+          # IE doesn't support the replace_html rjs method for select box options
+          render(:update) {|page| page.replace "issue_category_id",
+            content_tag('select', '<option></option>' + options_from_collection_for_select(@project.issue_categories, 'id', 'name', @category.id), :id => 'issue_category_id', :name => 'issue[category_id]')
+          }
+        end
+      end
    end
  end
 	
@@ -181,249 +177,170 @@ class ProjectsController < ApplicationController
  	end
  end

-  # Add a new member to @project
-  def add_member
-    @member = @project.members.build(params[:member])
-  	if request.post? && @member.save
-  	  respond_to do |format|
-        format.html { redirect_to :action => 'settings', :tab => 'members', :id => @project }
-        format.js { render(:update) {|page| page.replace_html "tab-content-members", :partial => 'members'} }
-      end
-    else		
-      settings
-      render :action => 'settings'
-    end
-  end
-
-  # Show members list of @project
-  def list_members
-    @members = @project.members.find(:all)
-  end
-
  # Add a new document to @project
  def add_document
-    @categories = Enumeration::get_values('DCAT')
    @document = @project.documents.build(params[:document])    
    if request.post? and @document.save	
-      # Save the attachments
-      params[:attachments].each { |a|
-        Attachment.create(:container => @document, :file => a, :author => logged_in_user) unless a.size == 0
-      } if params[:attachments] and params[:attachments].is_a? Array
+      attach_files(@document, params[:attachments])
      flash[:notice] = l(:notice_successful_create)
-      Mailer.deliver_document_add(@document) if Permission.find_by_controller_and_action(params[:controller], params[:action]).mail_enabled?
+      Mailer.deliver_document_added(@document) if Setting.notified_events.include?('document_added')
      redirect_to :action => 'list_documents', :id => @project
    end
  end
  
  # Show documents list of @project
  def list_documents
-    @documents = @project.documents.find :all, :include => :category
-  end
-
-  # Add a new issue to @project
-  def add_issue
-    @tracker = Tracker.find(params[:tracker_id])
-    @priorities = Enumeration::get_values('IPRI')
-    
-    default_status = IssueStatus.default
-    unless default_status
-      flash.now[:notice] = 'No default issue status defined. Please check your configuration.'
-      render :nothing => true, :layout => true
-      return
-    end
-    @issue = Issue.new(:project => @project, :tracker => @tracker)    
-    @issue.status = default_status
-    @allowed_statuses = ([default_status] + default_status.find_new_statuses_allowed_to(logged_in_user.role_for_project(@project), @issue.tracker))if logged_in_user
-    if request.get?
-      @issue.start_date = Date.today
-      @custom_values = @project.custom_fields_for_issues(@tracker).collect { |x| CustomValue.new(:custom_field => x, :customized => @issue) }
+    @sort_by = %w(category date title author).include?(params[:sort_by]) ? params[:sort_by] : 'category'
+    documents = @project.documents.find :all, :include => [:attachments, :category]
+    case @sort_by
+    when 'date'
+      @grouped = documents.group_by {|d| d.created_on.to_date }
+    when 'title'
+      @grouped = documents.group_by {|d| d.title.first.upcase}
+    when 'author'
+      @grouped = documents.select{|d| d.attachments.any?}.group_by {|d| d.attachments.last.author}
    else
-      @issue.attributes = params[:issue]
-      
-      requested_status = IssueStatus.find_by_id(params[:issue][:status_id])
-      @issue.status = (@allowed_statuses.include? requested_status) ? requested_status : default_status
-      
-      @issue.author_id = self.logged_in_user.id if self.logged_in_user
-      # Multiple file upload
-      @attachments = []
-      params[:attachments].each { |a|
-        @attachments << Attachment.new(:container => @issue, :file => a, :author => logged_in_user) unless a.size == 0
-      } if params[:attachments] and params[:attachments].is_a? Array
-      @custom_values = @project.custom_fields_for_issues(@tracker).collect { |x| CustomValue.new(:custom_field => x, :customized => @issue, :value => params["custom_fields"][x.id.to_s]) }
-      @issue.custom_values = @custom_values
-      if @issue.save
-        @attachments.each(&:save)
-        flash[:notice] = l(:notice_successful_create)
-        Mailer.deliver_issue_add(@issue) if Permission.find_by_controller_and_action(params[:controller], params[:action]).mail_enabled?
-        redirect_to :action => 'list_issues', :id => @project
-      end		
-    end	
-  end
-
-  # Show filtered/sorted issues list of @project
-  def list_issues
-    sort_init "#{Issue.table_name}.id", "desc"
-    sort_update
-
-    retrieve_query
-
-    @results_per_page_options = [ 15, 25, 50, 100 ]
-    if params[:per_page] and @results_per_page_options.include? params[:per_page].to_i
-      @results_per_page = params[:per_page].to_i
-      session[:results_per_page] = @results_per_page
-    else
-      @results_per_page = session[:results_per_page] || 25
-    end
-
-    if @query.valid?
-      @issue_count = Issue.count(:include => [:status, :project, :custom_values], :conditions => @query.statement)		
-      @issue_pages = Paginator.new self, @issue_count, @results_per_page, params['page']								
-      @issues = Issue.find :all, :order => sort_clause,
-  						:include => [ :assigned_to, :status, :tracker, :project, :priority, :custom_values ],
-  						:conditions => @query.statement,
-  						:limit  =>  @issue_pages.items_per_page,
-  						:offset =>  @issue_pages.current.offset						
+      @grouped = documents.group_by(&:category)
    end
    render :layout => false if request.xhr?
  end

-  # Export filtered/sorted issues list to CSV
-  def export_issues_csv
-    sort_init "#{Issue.table_name}.id", "desc"
-    sort_update
-
-    retrieve_query
-    render :action => 'list_issues' and return unless @query.valid?
-					
-    @issues =  Issue.find :all, :order => sort_clause,
-						:include => [ :assigned_to, :author, :status, :tracker, :priority, :project, {:custom_values => :custom_field} ],
-						:conditions => @query.statement,
-						:limit => Setting.issues_export_limit.to_i
-
-    ic = Iconv.new(l(:general_csv_encoding), 'UTF-8')    
-    export = StringIO.new
-    CSV::Writer.generate(export, l(:general_csv_separator)) do |csv|
-      # csv header fields
-      headers = [ "#", l(:field_status), 
-                       l(:field_project),
-                       l(:field_tracker),
-                       l(:field_priority),
-                       l(:field_subject),
-                       l(:field_assigned_to),
-                       l(:field_author),
-                       l(:field_start_date),
-                       l(:field_due_date),
-                       l(:field_done_ratio),
-                       l(:field_created_on),
-                       l(:field_updated_on)
-                       ]
-      for custom_field in @project.all_custom_fields
-        headers << custom_field.name
-      end      
-      csv << headers.collect {|c| begin; ic.iconv(c.to_s); rescue; c.to_s; end }
-      # csv lines
-      @issues.each do |issue|
-        fields = [issue.id, issue.status.name, 
-                            issue.project.name,
-                            issue.tracker.name, 
-                            issue.priority.name,
-                            issue.subject,
-                            (issue.assigned_to ? issue.assigned_to.name : ""),
-                            issue.author.name,
-                            issue.start_date ? l_date(issue.start_date) : nil,
-                            issue.due_date ? l_date(issue.due_date) : nil,
-                            issue.done_ratio,
-                            l_datetime(issue.created_on),  
-                            l_datetime(issue.updated_on)
-                            ]
-        for custom_field in @project.all_custom_fields
-          fields << (show_value issue.custom_value_for(custom_field))
-        end
-        csv << fields.collect {|c| begin; ic.iconv(c.to_s); rescue; c.to_s; end }
-      end
-    end
-    export.rewind
-    send_data(export.read, :type => 'text/csv; header=present', :filename => 'export.csv')
+  # Add a new issue to @project
+  # The new issue will be created from an existing one if copy_from parameter is given
+  def add_issue
+    @issue = params[:copy_from] ? Issue.new.copy_from(params[:copy_from]) : Issue.new(params[:issue])
+    @issue.project = @project
+    @issue.author = User.current
+    @issue.tracker ||= @project.trackers.find(params[:tracker_id])
+    
+    default_status = IssueStatus.default
+    unless default_status
+      flash.now[:error] = 'No default issue status is defined. Please check your configuration (Go to "Administration -> Issue statuses").'
+      render :nothing => true, :layout => true
+      return
+    end    
+    @issue.status = default_status
+    @allowed_statuses = ([default_status] + default_status.find_new_statuses_allowed_to(User.current.role_for_project(@project), @issue.tracker))
+    
+    if request.get?
+      @issue.start_date ||= Date.today
+      @custom_values = @issue.custom_values.empty? ?
+        @project.custom_fields_for_issues(@issue.tracker).collect { |x| CustomValue.new(:custom_field => x, :customized => @issue) } :
+        @issue.custom_values
+    else
+      requested_status = IssueStatus.find_by_id(params[:issue][:status_id])
+      # Check that the user is allowed to apply the requested status
+      @issue.status = (@allowed_statuses.include? requested_status) ? requested_status : default_status
+      @custom_values = @project.custom_fields_for_issues(@issue.tracker).collect { |x| CustomValue.new(:custom_field => x, :customized => @issue, :value => params["custom_fields"][x.id.to_s]) }
+      @issue.custom_values = @custom_values
+      if @issue.save
+        attach_files(@issue, params[:attachments])
+        flash[:notice] = l(:notice_successful_create)
+        Mailer.deliver_issue_add(@issue) if Setting.notified_events.include?('issue_added')
+        redirect_to :controller => 'issues', :action => 'index', :project_id => @project
+        return
+      end		
+    end	
+    @priorities = Enumeration::get_values('IPRI')
  end
-  
-  # Export filtered/sorted issues to PDF
-  def export_issues_pdf
-    sort_init "#{Issue.table_name}.id", "desc"
-    sort_update

-    retrieve_query
-    render :action => 'list_issues' and return unless @query.valid?
-					
-    @issues =  Issue.find :all, :order => sort_clause,
-						:include => [ :author, :status, :tracker, :priority, :project, :custom_values ],
-						:conditions => @query.statement,
-						:limit => Setting.issues_export_limit.to_i
-											
-    @options_for_rfpdf ||= {}
-    @options_for_rfpdf[:file_name] = "export.pdf"
-    render :layout => false
+  # Bulk edit issues
+  def bulk_edit_issues
+    if request.post?
+      status = params[:status_id].blank? ? nil : IssueStatus.find_by_id(params[:status_id])
+      priority = params[:priority_id].blank? ? nil : Enumeration.find_by_id(params[:priority_id])
+      assigned_to = params[:assigned_to_id].blank? ? nil : User.find_by_id(params[:assigned_to_id])
+      category = params[:category_id].blank? ? nil : @project.issue_categories.find_by_id(params[:category_id])
+      fixed_version = params[:fixed_version_id].blank? ? nil : @project.versions.find_by_id(params[:fixed_version_id])
+      issues = @project.issues.find_all_by_id(params[:issue_ids])
+      unsaved_issue_ids = []      
+      issues.each do |issue|
+        journal = issue.init_journal(User.current, params[:notes])
+        issue.priority = priority if priority
+        issue.assigned_to = assigned_to if assigned_to || params[:assigned_to_id] == 'none'
+        issue.category = category if category
+        issue.fixed_version = fixed_version if fixed_version
+        issue.start_date = params[:start_date] unless params[:start_date].blank?
+        issue.due_date = params[:due_date] unless params[:due_date].blank?
+        issue.done_ratio = params[:done_ratio] unless params[:done_ratio].blank?
+        # Don't save any change to the issue if the user is not authorized to apply the requested status
+        if (status.nil? || (issue.status.new_status_allowed_to?(status, current_role, issue.tracker) && issue.status = status)) && issue.save
+          # Send notification for each issue (if changed)
+          Mailer.deliver_issue_edit(journal) if journal.details.any? && Setting.notified_events.include?('issue_updated')
+        else
+          # Keep unsaved issue ids to display them in flash error
+          unsaved_issue_ids << issue.id
+        end
+      end
+      if unsaved_issue_ids.empty?
+        flash[:notice] = l(:notice_successful_update) unless issues.empty?
+      else
+        flash[:error] = l(:notice_failed_to_save_issues, unsaved_issue_ids.size, issues.size, '#' + unsaved_issue_ids.join(', #'))
+      end
+      redirect_to :controller => 'issues', :action => 'index', :project_id => @project
+      return
+    end
+    if current_role && User.current.allowed_to?(:change_issue_status, @project)
+      # Find potential statuses the user could be allowed to switch issues to
+      @available_statuses = Workflow.find(:all, :include => :new_status,
+                                                :conditions => {:role_id => current_role.id}).collect(&:new_status).compact.uniq
+    end
+    render :update do |page|
+      page.hide 'query_form'
+      page.replace_html  'bulk-edit', :partial => 'issues/bulk_edit_form'
+    end
  end

  def move_issues
    @issues = @project.issues.find(params[:issue_ids]) if params[:issue_ids]
-    redirect_to :action => 'list_issues', :id => @project and return unless @issues
+    redirect_to :controller => 'issues', :action => 'index', :project_id => @project and return unless @issues
+    
    @projects = []
    # find projects to which the user is allowed to move the issue
-    @logged_in_user.memberships.each {|m| @projects << m.project if Permission.allowed_to_role("projects/move_issues", m.role)}
-    # issue can be moved to any tracker
-    @trackers = Tracker.find(:all)
-    if request.post? and params[:new_project_id] and params[:new_tracker_id]    
-      new_project = Project.find(params[:new_project_id])
-      new_tracker = Tracker.find(params[:new_tracker_id])
-      @issues.each { |i|
-        # project dependent properties
-        unless i.project_id == new_project.id
-          i.category = nil 
-          i.fixed_version = nil
-          # delete issue relations
-          i.relations_from.clear
-          i.relations_to.clear
-        end
-        # move the issue
-        i.project = new_project
-        i.tracker = new_tracker
-        i.save
-      }
-      flash[:notice] = l(:notice_successful_update)
-      redirect_to :action => 'list_issues', :id => @project
+    if User.current.admin?
+      # admin is allowed to move issues to any active (visible) project
+      @projects = Project.find(:all, :conditions => Project.visible_by(User.current), :order => 'name')
+    else
+      User.current.memberships.each {|m| @projects << m.project if m.role.allowed_to?(:move_issues)}
    end
+    @target_project = @projects.detect {|p| p.id.to_s == params[:new_project_id]} if params[:new_project_id]
+    @target_project ||= @project    
+    @trackers = @target_project.trackers
+    if request.post?
+      new_tracker = params[:new_tracker_id].blank? ? nil : @target_project.trackers.find_by_id(params[:new_tracker_id])
+      unsaved_issue_ids = []
+      @issues.each do |issue|
+        unsaved_issue_ids << issue.id unless issue.move_to(@target_project, new_tracker)
+      end
+      if unsaved_issue_ids.empty?
+        flash[:notice] = l(:notice_successful_update) unless @issues.empty?
+      else
+        flash[:error] = l(:notice_failed_to_save_issues, unsaved_issue_ids.size, @issues.size, '#' + unsaved_issue_ids.join(', #'))
+      end
+      redirect_to :controller => 'issues', :action => 'index', :project_id => @project
+      return
+    end
+    render :layout => false if request.xhr?
  end

  # Add a news to @project
  def add_news
-    @news = News.new(:project => @project)
+    @news = News.new(:project => @project, :author => User.current)
    if request.post?
      @news.attributes = params[:news]
-      @news.author_id = self.logged_in_user.id if self.logged_in_user
      if @news.save
        flash[:notice] = l(:notice_successful_create)
-        redirect_to :action => 'list_news', :id => @project
+        Mailer.deliver_news_added(@news) if Setting.notified_events.include?('news_added')
+        redirect_to :controller => 'news', :action => 'index', :project_id => @project
      end
    end
  end

-  # Show news list of @project
-  def list_news
-    @news_pages, @news = paginate :news, :per_page => 10, :conditions => ["project_id=?", @project.id], :include => :author, :order => "#{News.table_name}.created_on DESC"
-    render :action => "list_news", :layout => false if request.xhr?
-  end
-
  def add_file
    if request.post?
      @version = @project.versions.find_by_id(params[:version_id])
-      # Save the attachments
-      @attachments = []
-      params[:attachments].each { |file|
-        next unless file.size > 0
-        a = Attachment.create(:container => @version, :file => file, :author => logged_in_user)
-        @attachments << a unless a.new_record?
-      } if params[:attachments] and params[:attachments].is_a? Array
-      Mailer.deliver_attachments_add(@attachments) if !@attachments.empty? and Permission.find_by_controller_and_action(params[:controller], params[:action]).mail_enabled?
+      attachments = attach_files(@version, params[:attachments])
+      Mailer.deliver_attachments_added(attachments) if !attachments.empty? && Setting.notified_events.include?('file_added')
      redirect_to :controller => 'projects', :action => 'list_files', :id => @project
    end
    @versions = @project.versions.sort
@@ -435,16 +352,16 @@ class ProjectsController < ApplicationController
  
  # Show changelog for @project
  def changelog
-    @trackers = Tracker.find(:all, :conditions => ["is_in_chlog=?", true], :order => 'position')
+    @trackers = @project.trackers.find(:all, :conditions => ["is_in_chlog=?", true], :order => 'position')
    retrieve_selected_tracker_ids(@trackers)    
    @versions = @project.versions.sort
  end

  def roadmap
-    @trackers = Tracker.find(:all, :conditions => ["is_in_roadmap=?", true], :order => 'position')
+    @trackers = @project.trackers.find(:all, :conditions => ["is_in_roadmap=?", true])
    retrieve_selected_tracker_ids(@trackers)
-    conditions = ("1" == params[:completed] ? nil : [ "#{Version.table_name}.effective_date > ? OR #{Version.table_name}.effective_date IS NULL", Date.today])
-    @versions = @project.versions.find(:all, :conditions => conditions).sort
+    @versions = @project.versions.sort
+    @versions = @versions.select {|v| !v.completed? } unless params[:completed]
  end
  
  def activity
@@ -457,79 +374,77 @@ class ProjectsController < ApplicationController
    @year ||= Date.today.year
    @month ||= Date.today.month

-    @date_from = Date.civil(@year, @month, 1)
-    @date_to = @date_from >> 1
-    
-    @events_by_day = {}    
-    
-    unless params[:show_issues] == "0"
-      @project.issues.find(:all, :include => [:author], :conditions => ["#{Issue.table_name}.created_on>=? and #{Issue.table_name}.created_on<=?", @date_from, @date_to] ).each { |i|
-        @events_by_day[i.created_on.to_date] ||= []
-        @events_by_day[i.created_on.to_date] << i
-      }
-      @show_issues = 1
+    case params[:format]
+    when 'atom'
+      # 30 last days
+      @date_from = Date.today - 30
+      @date_to = Date.today + 1
+    else
+      # current month
+      @date_from = Date.civil(@year, @month, 1)
+      @date_to = @date_from >> 1
    end
    
-    unless params[:show_news] == "0"
-      @project.news.find(:all, :conditions => ["#{News.table_name}.created_on>=? and #{News.table_name}.created_on<=?", @date_from, @date_to], :include => :author ).each { |i|
-        @events_by_day[i.created_on.to_date] ||= []
-        @events_by_day[i.created_on.to_date] << i
-      }
-      @show_news = 1 
+    @event_types = %w(issues news files documents changesets wiki_pages messages)
+    @event_types.delete('wiki_pages') unless @project.wiki
+    @event_types.delete('changesets') unless @project.repository
+    @event_types.delete('messages') unless @project.boards.any?
+    # only show what the user is allowed to view
+    @event_types = @event_types.select {|o| User.current.allowed_to?("view_#{o}".to_sym, @project)}
+    
+    @scope = @event_types.select {|t| params["show_#{t}"]}
+    # default events if none is specified in parameters
+    @scope = (@event_types - %w(wiki_pages messages))if @scope.empty?
+    
+    @events = []    
+    
+    if @scope.include?('issues')
+      @events += @project.issues.find(:all, :include => [:author, :tracker], :conditions => ["#{Issue.table_name}.created_on>=? and #{Issue.table_name}.created_on<=?", @date_from, @date_to] )
+      @events += @project.issues_status_changes(@date_from, @date_to)
    end
    
-    unless params[:show_files] == "0"
-      Attachment.find(:all, :select => "#{Attachment.table_name}.*", :joins => "LEFT JOIN #{Version.table_name} ON #{Version.table_name}.id = #{Attachment.table_name}.container_id", :conditions => ["#{Attachment.table_name}.container_type='Version' and #{Version.table_name}.project_id=? and #{Attachment.table_name}.created_on>=? and #{Attachment.table_name}.created_on<=?", @project.id, @date_from, @date_to], :include => :author ).each { |i|
-        @events_by_day[i.created_on.to_date] ||= []
-        @events_by_day[i.created_on.to_date] << i
-      }
-      @show_files = 1 
+    if @scope.include?('news')
+      @events += @project.news.find(:all, :conditions => ["#{News.table_name}.created_on>=? and #{News.table_name}.created_on<=?", @date_from, @date_to], :include => :author )
    end
    
-    unless params[:show_documents] == "0"
-      @project.documents.find(:all, :conditions => ["#{Document.table_name}.created_on>=? and #{Document.table_name}.created_on<=?", @date_from, @date_to] ).each { |i|
-        @events_by_day[i.created_on.to_date] ||= []
-        @events_by_day[i.created_on.to_date] << i
-      }
-      Attachment.find(:all, :select => "attachments.*", :joins => "LEFT JOIN #{Document.table_name} ON #{Document.table_name}.id = #{Attachment.table_name}.container_id", :conditions => ["#{Attachment.table_name}.container_type='Document' and #{Document.table_name}.project_id=? and #{Attachment.table_name}.created_on>=? and #{Attachment.table_name}.created_on<=?", @project.id, @date_from, @date_to], :include => :author ).each { |i|
-        @events_by_day[i.created_on.to_date] ||= []
-        @events_by_day[i.created_on.to_date] << i
-      }
-      @show_documents = 1 
+    if @scope.include?('files')
+      @events += Attachment.find(:all, :select => "#{Attachment.table_name}.*", :joins => "LEFT JOIN #{Version.table_name} ON #{Version.table_name}.id = #{Attachment.table_name}.container_id", :conditions => ["#{Attachment.table_name}.container_type='Version' and #{Version.table_name}.project_id=? and #{Attachment.table_name}.created_on>=? and #{Attachment.table_name}.created_on<=?", @project.id, @date_from, @date_to], :include => :author )
    end
    
-    unless @project.wiki.nil? || params[:show_wiki_edits] == "0"
+    if @scope.include?('documents')
+      @events += @project.documents.find(:all, :conditions => ["#{Document.table_name}.created_on>=? and #{Document.table_name}.created_on<=?", @date_from, @date_to] )
+      @events += Attachment.find(:all, :select => "attachments.*", :joins => "LEFT JOIN #{Document.table_name} ON #{Document.table_name}.id = #{Attachment.table_name}.container_id", :conditions => ["#{Attachment.table_name}.container_type='Document' and #{Document.table_name}.project_id=? and #{Attachment.table_name}.created_on>=? and #{Attachment.table_name}.created_on<=?", @project.id, @date_from, @date_to], :include => :author )
+    end
+    
+    if @scope.include?('wiki_pages')
      select = "#{WikiContent.versioned_table_name}.updated_on, #{WikiContent.versioned_table_name}.comments, " +
-               "#{WikiContent.versioned_table_name}.#{WikiContent.version_column}, #{WikiPage.table_name}.title"
+               "#{WikiContent.versioned_table_name}.#{WikiContent.version_column}, #{WikiPage.table_name}.title, " +
+               "#{WikiContent.versioned_table_name}.page_id, #{WikiContent.versioned_table_name}.author_id, " +
+               "#{WikiContent.versioned_table_name}.id"
      joins = "LEFT JOIN #{WikiPage.table_name} ON #{WikiPage.table_name}.id = #{WikiContent.versioned_table_name}.page_id " +
              "LEFT JOIN #{Wiki.table_name} ON #{Wiki.table_name}.id = #{WikiPage.table_name}.wiki_id "
      conditions = ["#{Wiki.table_name}.project_id = ? AND #{WikiContent.versioned_table_name}.updated_on BETWEEN ? AND ?",
                    @project.id, @date_from, @date_to]

-      WikiContent.versioned_class.find(:all, :select => select, :joins => joins, :conditions => conditions).each { |i|
-        # We provide this alias so all events can be treated in the same manner
-        def i.created_on
-          self.updated_on
-        end
-
-        @events_by_day[i.created_on.to_date] ||= []
-        @events_by_day[i.created_on.to_date] << i
-      }
-      @show_wiki_edits = 1
+      @events += WikiContent.versioned_class.find(:all, :select => select, :joins => joins, :conditions => conditions)
    end

-    unless @project.repository.nil? || params[:show_changesets] == "0"
-      @project.repository.changesets.find(:all, :conditions => ["#{Changeset.table_name}.committed_on BETWEEN ? AND ?", @date_from, @date_to]).each { |i|
-        def i.created_on
-          self.committed_on
-        end
-        @events_by_day[i.created_on.to_date] ||= []
-        @events_by_day[i.created_on.to_date] << i
-      }
-      @show_changesets = 1 
+    if @scope.include?('changesets')
+      @events += Changeset.find(:all, :include => :repository, :conditions => ["#{Repository.table_name}.project_id = ? AND #{Changeset.table_name}.committed_on BETWEEN ? AND ?", @project.id, @date_from, @date_to])
    end
    
-    render :layout => false if request.xhr?
+    if @scope.include?('messages')
+      @events += Message.find(:all, 
+                              :include => [:board, :author], 
+                              :conditions => ["#{Board.table_name}.project_id=? AND #{Message.table_name}.parent_id IS NULL AND #{Message.table_name}.created_on BETWEEN ? AND ?", @project.id, @date_from, @date_to])
+    end
+    
+    @events_by_day = @events.group_by(&:event_date)
+    
+    respond_to do |format|
+      format.html { render :layout => false if request.xhr? }
+      format.atom { render_feed(@events, :title => "#{@project.name}: #{l(:label_activity)}") }
+    end
  end
  
  def calendar
@@ -543,26 +458,18 @@ class ProjectsController < ApplicationController
      end    
    end
    @year ||= Date.today.year
-    @month ||= Date.today.month
+    @month ||= Date.today.month    
+    @calendar = Redmine::Helpers::Calendar.new(Date.civil(@year, @month, 1), current_language, :month)
    
-    @date_from = Date.civil(@year, @month, 1)
-    @date_to = (@date_from >> 1)-1
-    # start on monday
-    @date_from = @date_from - (@date_from.cwday-1)
-    # finish on sunday
-    @date_to = @date_to + (7-@date_to.cwday)        
-    
-    @events = []
+    events = []
    @project.issues_with_subprojects(params[:with_subprojects]) do
-      @events += Issue.find(:all, 
+      events += Issue.find(:all, 
                           :include => [:tracker, :status, :assigned_to, :priority, :project], 
-                           :conditions => ["((start_date>=? and start_date<=?) or (due_date>=? and due_date<=?)) and #{Issue.table_name}.tracker_id in (#{@selected_tracker_ids.join(',')})", @date_from, @date_to, @date_from, @date_to]
+                           :conditions => ["((start_date BETWEEN ? AND ?) OR (due_date BETWEEN ? AND ?)) AND #{Issue.table_name}.tracker_id IN (#{@selected_tracker_ids.join(',')})", @calendar.startdt, @calendar.enddt, @calendar.startdt, @calendar.enddt]
                           ) unless @selected_tracker_ids.empty?
    end
-    @events += @project.versions.find(:all, :conditions => ["effective_date BETWEEN ? AND ?", @date_from, @date_to])
-    
-    @ending_events_by_days = @events.group_by {|event| event.due_date}
-    @starting_events_by_days = @events.group_by {|event| event.start_date}
+    events += @project.versions.find(:all, :conditions => ["effective_date BETWEEN ? AND ?", @calendar.startdt, @calendar.enddt])
+    @calendar.events = events
    
    render :layout => false if request.xhr?
  end  
@@ -579,12 +486,20 @@ class ProjectsController < ApplicationController
        @month_from = 1
      end
    else
-      @month_from ||= (Date.today << 1).month
-      @year_from ||= (Date.today << 1).year
+      @month_from ||= Date.today.month
+      @year_from ||= Date.today.year
    end
    
-    @zoom = (params[:zoom].to_i > 0 and params[:zoom].to_i < 5) ? params[:zoom].to_i : 2
-    @months = (params[:months].to_i > 0 and params[:months].to_i < 25) ? params[:months].to_i : 6
+    zoom = (params[:zoom] || User.current.pref[:gantt_zoom]).to_i
+    @zoom = (zoom > 0 && zoom < 5) ? zoom : 2    
+    months = (params[:months] || User.current.pref[:gantt_months]).to_i
+    @months = (months > 0 && months < 25) ? months : 6
+    
+    # Save gantt paramters as user preference (zoom and months count)
+    if (User.current.logged? && (@zoom != User.current.pref[:gantt_zoom] || @months != User.current.pref[:gantt_months]))
+      User.current.pref[:gantt_zoom], User.current.pref[:gantt_months] = @zoom, @months
+      User.current.preference.save
+    end
    
    @date_from = Date.civil(@year_from, @month_from, 1)
    @date_to = (@date_from >> @months) - 1
@@ -600,19 +515,18 @@ class ProjectsController < ApplicationController
    @events += @project.versions.find(:all, :conditions => ["effective_date BETWEEN ? AND ?", @date_from, @date_to])
    @events.sort! {|x,y| x.start_date <=> y.start_date }
    
-    if params[:output]=='pdf'
+    if params[:format]=='pdf'
      @options_for_rfpdf ||= {}
-      @options_for_rfpdf[:file_name] = "gantt.pdf"
+      @options_for_rfpdf[:file_name] = "#{@project.identifier}-gantt.pdf"
      render :template => "projects/gantt.rfpdf", :layout => false
+    elsif params[:format]=='png' && respond_to?('gantt_image')
+      image = gantt_image(@events, @date_from, @months, @zoom)
+      image.format = 'PNG'
+      send_data(image.to_blob, :disposition => 'inline', :type => 'image/png', :filename => "#{@project.identifier}-gantt.png")
    else
      render :template => "projects/gantt.rhtml"
    end
  end
-    
-  def feeds
-    @queries = @project.queries.find :all, :conditions => ["is_public=? or user_id=?", true, (logged_in_user ? logged_in_user.id : 0)]
-    @key = logged_in_user.get_or_create_rss_key.value if logged_in_user
-  end
  
 private
  # Find project of id params[:id]
@@ -620,7 +534,6 @@ private
  # Used as a before_filter
  def find_project
    @project = Project.find(params[:id])
-    @html_title = @project.name
  rescue ActiveRecord::RecordNotFound
    render_404
  end
@@ -632,31 +545,4 @@ private
      @selected_tracker_ids = selectable_trackers.collect {|t| t.id.to_s }
    end
  end
-  
-  # Retrieve query from session or build a new query
-  def retrieve_query
-    if params[:query_id]
-      @query = @project.queries.find(params[:query_id])
-      @query.executed_by = logged_in_user
-      session[:query] = @query
-    else
-      if params[:set_filter] or !session[:query] or session[:query].project_id != @project.id
-        # Give it a name, required to be valid
-        @query = Query.new(:name => "_", :executed_by => logged_in_user)
-        @query.project = @project
-        if params[:fields] and params[:fields].is_a? Array
-          params[:fields].each do |field|
-            @query.add_filter(field, params[:operators][field], params[:values][field])
-          end
-        else
-          @query.available_filters.keys.each do |field|
-            @query.add_short_filter(field, params[field]) if params[field]
-          end
-        end
-        session[:query] = @query
-      else
-        @query = session[:query]
-      end
-    end  
-  end
 end
--- a/app/controllers/queries_controller.rb
+++ b/app/controllers/queries_controller.rb
@@ -16,30 +16,29 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class QueriesController < ApplicationController
-  layout 'base'  
-  before_filter :require_login, :except => :index
-  before_filter :find_project, :check_project_privacy
+  layout 'base'
+  before_filter :find_project, :authorize

  def index
    @queries = @project.queries.find(:all, 
                                     :order => "name ASC",
-                                     :conditions => ["is_public = ? or user_id = ?", true, (logged_in_user ? logged_in_user.id : 0)])
+                                     :conditions => ["is_public = ? or user_id = ?", true, (User.current.logged? ? User.current.id : 0)])
  end
  
  def new
    @query = Query.new(params[:query])
    @query.project = @project
-    @query.user = logged_in_user
-    @query.executed_by = logged_in_user
-    @query.is_public = false unless logged_in_user.authorized_to(@project, 'projects/add_query')
+    @query.user = User.current
+    @query.is_public = false unless current_role.allowed_to?(:manage_public_queries)
+    @query.column_names = nil if params[:default_columns]
    
    params[:fields].each do |field|
      @query.add_filter(field, params[:operators][field], params[:values][field])
    end if params[:fields]
    
-    if request.post? and @query.save
+    if request.post? && params[:confirm] && @query.save
      flash[:notice] = l(:notice_successful_create)
-      redirect_to :controller => 'projects', :action => 'list_issues', :id => @project, :query_id => @query
+      redirect_to :controller => 'issues', :action => 'index', :project_id => @project, :query_id => @query
      return
    end
    render :layout => false if request.xhr?
@@ -52,11 +51,12 @@ class QueriesController < ApplicationController
        @query.add_filter(field, params[:operators][field], params[:values][field])
      end if params[:fields]
      @query.attributes = params[:query]
-      @query.is_public = false unless logged_in_user.authorized_to(@project, 'projects/add_query')
-          
+      @query.is_public = false unless current_role.allowed_to?(:manage_public_queries)
+      @query.column_names = nil if params[:default_columns]
+      
      if @query.save
        flash[:notice] = l(:notice_successful_update)
-        redirect_to :controller => 'projects', :action => 'list_issues', :id => @project, :query_id => @query
+        redirect_to :controller => 'issues', :action => 'index', :project_id => @project, :query_id => @query
      end
    end
  end
@@ -70,9 +70,8 @@ private
  def find_project
    if params[:id]
      @query = Query.find(params[:id])
-      @query.executed_by = logged_in_user
      @project = @query.project
-      render_403 unless @query.editable_by?(logged_in_user)
+      render_403 unless @query.editable_by?(User.current)
    else
      @project = Project.find(params[:project_id])
    end
--- a/app/controllers/reports_controller.rb
+++ b/app/controllers/reports_controller.rb
@@ -25,7 +25,7 @@ class ReportsController < ApplicationController
    case params[:detail]
    when "tracker"
      @field = "tracker_id"
-      @rows = Tracker.find :all, :order => 'position'
+      @rows = @project.trackers
      @data = issues_by_tracker
      @report_title = l(:field_tracker)
      render :template => "reports/issue_report_details"
@@ -60,7 +60,7 @@ class ReportsController < ApplicationController
      @report_title = l(:field_subproject)
      render :template => "reports/issue_report_details"  
    else
-      @trackers = Tracker.find(:all, :order => 'position')
+      @trackers = @project.trackers
      @versions = @project.versions.sort
      @priorities = Enumeration::get_values('IPRI')
      @categories = @project.issue_categories
@@ -72,7 +72,7 @@ class ReportsController < ApplicationController
      issues_by_category
      issues_by_author
      issues_by_subproject
-      @total_hours = @project.time_entries.sum(:hours)
+      
      render :template => "reports/issue_report"
    end
  end  
--- a/app/controllers/repositories_controller.rb
+++ b/app/controllers/repositories_controller.rb
@@ -19,11 +19,33 @@ require 'SVG/Graph/Bar'
 require 'SVG/Graph/BarHorizontal'
 require 'digest/sha1'

+class ChangesetNotFound < Exception
+end
+
 class RepositoriesController < ApplicationController
  layout 'base'
-  before_filter :find_project, :except => [:update_form]
-  before_filter :authorize, :except => [:update_form, :stats, :graph]
-  before_filter :check_project_privacy, :only => [:stats, :graph]
+  before_filter :find_repository, :except => :edit
+  before_filter :find_project, :only => :edit
+  before_filter :authorize
+  accept_key_auth :revisions
+  
+  def edit
+    @repository = @project.repository
+    if !@repository
+      @repository = Repository.factory(params[:repository_scm])
+      @repository.project = @project
+    end
+    if request.post?
+      @repository.attributes = params[:repository]
+      @repository.save
+    end
+    render(:update) {|page| page.replace_html "tab-content-repository", :partial => 'projects/settings/repository'}
+  end
+  
+  def destroy
+    @repository.destroy
+    redirect_to :controller => 'projects', :action => 'settings', :id => @project, :tab => 'repository'
+  end
  
  def show
    # check if new revisions have been committed in the repository
@@ -37,15 +59,17 @@ class RepositoriesController < ApplicationController
  
  def browse
    @entries = @repository.entries(@path, @rev)
-    show_error and return unless @entries    
+    if request.xhr?
+      @entries ? render(:partial => 'dir_list_content') : render(:nothing => true)
+    else
+      show_error unless @entries
+    end
  end
  
  def changes
    @entry = @repository.scm.entry(@path, @rev)
    show_error and return unless @entry
-    @changes = Change.find(:all, :include => :changeset, 
-                                 :conditions => ["repository_id = ? AND path = ?", @repository.id, @path.with_leading_slash],
-                                 :order => "committed_on DESC")
+    @changesets = @repository.changesets_for_path(@path)
  end
  
  def revisions
@@ -57,7 +81,10 @@ class RepositoriesController < ApplicationController
 						:limit  =>  @changeset_pages.items_per_page,
 						:offset =>  @changeset_pages.current.offset)

-    render :action => "revisions", :layout => false if request.xhr?
+    respond_to do |format|
+      format.html { render :layout => false if request.xhr? }
+      format.atom { render_feed(@changesets, :title => "#{@project.name}: #{l(:label_revision_plural)}") }
+    end
  end
  
  def entry
@@ -65,28 +92,48 @@ class RepositoriesController < ApplicationController
    show_error and return unless @content
    if 'raw' == params[:format]      
      send_data @content, :filename => @path.split('/').last
+    else
+      # Prevent empty lines when displaying a file with Windows style eol
+      @content.gsub!("\r\n", "\n")
    end
  end
  
+  def annotate
+    @annotate = @repository.scm.annotate(@path, @rev)
+    show_error and return if @annotate.nil? || @annotate.empty?
+  end
+  
  def revision
    @changeset = @repository.changesets.find_by_revision(@rev)
-    show_error and return unless @changeset
+    raise ChangesetNotFound unless @changeset
    @changes_count = @changeset.changes.size
    @changes_pages = Paginator.new self, @changes_count, 150, params['page']								
    @changes = @changeset.changes.find(:all,
  						:limit  =>  @changes_pages.items_per_page,
  						:offset =>  @changes_pages.current.offset)
-  	
-  	render :action => "revision", :layout => false if request.xhr?	
+
+    respond_to do |format|
+      format.html
+      format.js {render :layout => false}
+    end
+  rescue ChangesetNotFound
+    show_error
  end
  
  def diff
    @rev_to = params[:rev_to] ? params[:rev_to].to_i : (@rev - 1)
-    @diff_type = ('sbs' == params[:type]) ? 'sbs' : 'inline'
+    @diff_type = params[:type] || User.current.pref[:diff_type] || 'inline'
+    @diff_type = 'inline' unless %w(inline sbs).include?(@diff_type)
+    
+    # Save diff type as user preference
+    if User.current.logged? && @diff_type != User.current.pref[:diff_type]
+      User.current.pref[:diff_type] = @diff_type
+      User.current.preference.save
+    end
    
    @cache_key = "repositories/diff/#{@repository.id}/" + Digest::MD5.hexdigest("#{@path}-#{@rev}-#{@rev_to}-#{@diff_type}")    
    unless read_fragment(@cache_key)
-      @diff = @repository.diff(@path, @rev, @rev_to, type)
+      @diff = @repository.diff(@path, @rev, @rev_to, @diff_type)
      show_error and return unless @diff
    end
  end
@@ -110,17 +157,18 @@ class RepositoriesController < ApplicationController
    end
  end
  
-  def update_form
-    @repository = Repository.factory(params[:repository_scm])
-    render :partial => 'projects/repository', :locals => {:repository => @repository}
-  end
-  
 private
  def find_project
    @project = Project.find(params[:id])
+  rescue ActiveRecord::RecordNotFound
+    render_404
+  end
+  
+  def find_repository
+    @project = Project.find(params[:id])
    @repository = @project.repository
    render_404 and return false unless @repository
-    @path = params[:path].squeeze('/') if params[:path]
+    @path = params[:path].join('/') unless params[:path].nil?
    @path ||= ''
    @rev = params[:rev].to_i if params[:rev]
  rescue ActiveRecord::RecordNotFound
@@ -128,18 +176,19 @@ private
  end

  def show_error
-    flash.now[:notice] = l(:notice_scm_error)
+    flash.now[:error] = l(:notice_scm_error)
    render :nothing => true, :layout => true
  end
  
  def graph_commits_per_month(repository)
    @date_to = Date.today
-    @date_from = @date_to << 12
+    @date_from = @date_to << 11
+    @date_from = Date.civil(@date_from.year, @date_from.month, 1)
    commits_by_day = repository.changesets.count(:all, :group => :commit_date, :conditions => ["commit_date BETWEEN ? AND ?", @date_from, @date_to])
    commits_by_month = [0] * 12
    commits_by_day.each {|c| commits_by_month[c.first.to_date.months_ago] += c.last }

-    changes_by_day = repository.changes.count(:all, :group => :commit_date)
+    changes_by_day = repository.changes.count(:all, :group => :commit_date, :conditions => ["commit_date BETWEEN ? AND ?", @date_from, @date_to])
    changes_by_month = [0] * 12
    changes_by_day.each {|c| changes_by_month[c.first.to_date.months_ago] += c.last }
   
--- a/app/controllers/roles_controller.rb
+++ b/app/controllers/roles_controller.rb
@@ -28,40 +28,36 @@ class RolesController < ApplicationController
  end

  def list
-    @role_pages, @roles = paginate :roles, :per_page => 25, :order => "position"
+    @role_pages, @roles = paginate :roles, :per_page => 25, :order => 'builtin, position'
    render :action => "list", :layout => false if request.xhr?
  end

  def new
-    @role = Role.new(params[:role])
-    if request.post?
-      @role.permissions = Permission.find(params[:permission_ids]) if params[:permission_ids]
-      if @role.save
-        flash[:notice] = l(:notice_successful_create)
-        redirect_to :action => 'list'
-      end
+    # Prefills the form with 'Non member' role permissions
+    @role = Role.new(params[:role] || {:permissions => Role.non_member.permissions})
+    if request.post? && @role.save
+      flash[:notice] = l(:notice_successful_create)
+      redirect_to :action => 'list'
    end
-    @permissions = Permission.find(:all, :conditions => ["is_public=?", false], :order => 'sort ASC')
+    @permissions = @role.setable_permissions
  end

  def edit
    @role = Role.find(params[:id])
    if request.post? and @role.update_attributes(params[:role])
-      @role.permissions = Permission.find(params[:permission_ids] || [])
-      Permission.allowed_to_role_expired
      flash[:notice] = l(:notice_successful_update)
      redirect_to :action => 'list'
    end
-    @permissions = Permission.find(:all, :conditions => ["is_public=?", false], :order => 'sort ASC')
+    @permissions = @role.setable_permissions
  end

  def destroy
    @role = Role.find(params[:id])
-    unless @role.members.empty?
-      flash[:notice] = 'Some members have this role. Can\'t delete it.'
-    else
+    #unless @role.members.empty?
+    #  flash[:error] = 'Some members have this role. Can\'t delete it.'
+    #else
      @role.destroy
-    end
+    #end
    redirect_to :action => 'list'
  end
  
@@ -93,21 +89,22 @@ class RolesController < ApplicationController
      }
      if @role.save
        flash[:notice] = l(:notice_successful_update)
+        redirect_to :action => 'workflow', :role_id => @role, :tracker_id => @tracker
      end
    end
-    @roles = Role.find(:all, :order => 'position')
+    @roles = Role.find(:all, :order => 'builtin, position')
    @trackers = Tracker.find(:all, :order => 'position')
-    @statuses = IssueStatus.find(:all, :include => :workflows, :order => 'position')
+    @statuses = IssueStatus.find(:all, :order => 'position')
  end
  
  def report    
-    @roles = Role.find(:all, :order => 'position')
-    @permissions = Permission.find :all, :conditions => ["is_public=?", false], :order => 'sort'
+    @roles = Role.find(:all, :order => 'builtin, position')
+    @permissions = Redmine::AccessControl.permissions.select { |p| !p.public? }
    if request.post?
      @roles.each do |role|
-        role.permissions = Permission.find(params[:permission_ids] ? (params[:permission_ids][role.id.to_s] || []) : [] )
+        role.permissions = params[:permissions][role.id.to_s]
+        role.save
      end
-      Permission.allowed_to_role_expired
      flash[:notice] = l(:notice_successful_update)
      redirect_to :action => 'list'
    end
--- a/app/controllers/search_controller.rb
+++ b/app/controllers/search_controller.rb
@@ -25,10 +25,13 @@ class SearchController < ApplicationController
    @question = params[:q] || ""
    @question.strip!
    @all_words = params[:all_words] || (params[:submit] ? false : true)
-    @scope = params[:scope] || (params[:submit] ? [] : %w(projects issues changesets news documents wiki messages) )
+    @titles_only = !params[:titles_only].nil?
+    
+    offset = nil
+    begin; offset = params[:offset].to_time if params[:offset]; rescue; end
    
    # quick jump to an issue
-    if @scope.include?('issues') && @question.match(/^#?(\d+)$/) && Issue.find_by_id($1, :include => :project, :conditions => Project.visible_by(logged_in_user))
+    if @question.match(/^#?(\d+)$/) && Issue.find_by_id($1, :include => :project, :conditions => Project.visible_by(User.current))
      redirect_to :controller => "issues", :action => "show", :id => $1
      return
    end
@@ -38,43 +41,71 @@ class SearchController < ApplicationController
      return unless check_project_privacy
    end
    
+    if @project
+      # only show what the user is allowed to view
+      @object_types = %w(issues news documents changesets wiki_pages messages)
+      @object_types = @object_types.select {|o| User.current.allowed_to?("view_#{o}".to_sym, @project)}
+      
+      @scope = @object_types.select {|t| params[t]}
+      @scope = @object_types if @scope.empty?
+    else
+      @object_types = @scope = %w(projects)
+    end
+    
+    # extract tokens from the question
+    # eg. hello "bye bye" => ["hello", "bye bye"]
+    @tokens = @question.scan(%r{((\s|^)"[\s\w]+"(\s|$)|\S+)}).collect {|m| m.first.gsub(%r{(^\s*"\s*|\s*"\s*$)}, '')}
    # tokens must be at least 3 character long
-    @tokens = @question.split.uniq.select {|w| w.length > 2 }
+    @tokens = @tokens.uniq.select {|w| w.length > 2 }
    
    if !@tokens.empty?
      # no more than 5 tokens to search for
      @tokens.slice! 5..-1 if @tokens.size > 5
      # strings used in sql like statement
-      like_tokens = @tokens.collect {|w| "%#{w.downcase}%"}
-      operator = @all_words ? " AND " : " OR "
-      limit = 10
+      like_tokens = @tokens.collect {|w| "%#{w.downcase}%"}      
      @results = []
-      if @project
-        @results += @project.issues.find(:all, :limit => limit, :include => :author, :conditions => [ (["(LOWER(subject) like ? OR LOWER(description) like ?)"] * like_tokens.size).join(operator), * (like_tokens * 2).sort] ) if @scope.include? 'issues'
-        @results += @project.news.find(:all, :limit => limit, :conditions => [ (["(LOWER(title) like ? OR LOWER(description) like ?)"] * like_tokens.size).join(operator), * (like_tokens * 2).sort], :include => :author ) if @scope.include? 'news'
-        @results += @project.documents.find(:all, :limit => limit, :conditions => [ (["(LOWER(title) like ? OR LOWER(description) like ?)"] * like_tokens.size).join(operator), * (like_tokens * 2).sort] ) if @scope.include? 'documents'
-        @results += @project.wiki.pages.find(:all, :limit => limit, :include => :content, :conditions => [ (["(LOWER(title) like ? OR LOWER(text) like ?)"] * like_tokens.size).join(operator), * (like_tokens * 2).sort] ) if @project.wiki && @scope.include?('wiki')
-        @results += @project.repository.changesets.find(:all, :limit => limit, :conditions => [ (["(LOWER(comments) like ?)"] * like_tokens.size).join(operator), * (like_tokens).sort] ) if @project.repository && @scope.include?('changesets')
-        Message.with_scope :find => {:conditions => ["#{Board.table_name}.project_id = ?", @project.id]} do
-          @results += Message.find(:all, :include => :board, :limit => limit, :conditions => [ (["(LOWER(subject) like ? OR LOWER(content) like ?)"] * like_tokens.size).join(operator), * (like_tokens * 2).sort] ) if @scope.include? 'messages'
+      limit = 10
+      if @project        
+        @scope.each do |s|
+          @results += s.singularize.camelcase.constantize.search(like_tokens, @project,
+            :all_words => @all_words,
+            :titles_only => @titles_only,
+            :limit => (limit+1),
+            :offset => offset,
+            :before => params[:previous].nil?)
+        end
+        @results = @results.sort {|a,b| b.event_datetime <=> a.event_datetime}
+        if params[:previous].nil?
+          @pagination_previous_date = @results[0].event_datetime if offset && @results[0]
+          if @results.size > limit
+            @pagination_next_date = @results[limit-1].event_datetime 
+            @results = @results[0, limit]
+          end
+        else
+          @pagination_next_date = @results[-1].event_datetime if offset && @results[-1]
+          if @results.size > limit
+            @pagination_previous_date = @results[-(limit)].event_datetime 
+            @results = @results[-(limit), limit]
+          end
        end
      else
-        Project.with_scope(:find => {:conditions => Project.visible_by(logged_in_user)}) do
-          @results += Project.find(:all, :limit => limit, :conditions => [ (["(LOWER(name) like ? OR LOWER(description) like ?)"] * like_tokens.size).join(operator), * (like_tokens * 2).sort] ) if @scope.include? 'projects'
-        end
+        operator = @all_words ? ' AND ' : ' OR '
+        @results += Project.find(:all, 
+                                 :limit => limit,
+                                 :conditions => [ (["(#{Project.visible_by(User.current)}) AND (LOWER(name) like ? OR LOWER(description) like ?)"] * like_tokens.size).join(operator), * (like_tokens * 2).sort]
+                                 ) if @scope.include? 'projects'
        # if only one project is found, user is redirected to its overview
        redirect_to :controller => 'projects', :action => 'show', :id => @results.first and return if @results.size == 1
      end
-      @question = @tokens.join(" ")
    else
      @question = ""
    end
+    render :layout => false if request.xhr?
  end

 private  
  def find_project
    @project = Project.find(params[:id])
-    @html_title = @project.name
  rescue ActiveRecord::RecordNotFound
    render_404
  end
--- a/app/controllers/settings_controller.rb
+++ b/app/controllers/settings_controller.rb
@@ -29,6 +29,17 @@ class SettingsController < ApplicationController
      params[:settings].each { |name, value| Setting[name] = value }
      redirect_to :action => 'edit' and return
    end
-    @textile_available = ActionView::Helpers::TextHelper.method_defined?("textilize")
+  end
+  
+  def plugin
+    plugin_id = params[:id].to_sym
+    @plugin = Redmine::Plugin.registered_plugins[plugin_id]
+    if request.post?
+      Setting["plugin_#{plugin_id}"] = params[:settings]
+      flash[:notice] = l(:notice_successful_update)
+      redirect_to :action => 'plugin', :id => params[:id]
+    end
+    @partial = "../../vendor/plugins/#{plugin_id}/app/views/" + @plugin.settings[:partial]
+    @settings = Setting["plugin_#{plugin_id}"]
  end
 end
--- a/app/controllers/sys_controller.rb
+++ b/app/controllers/sys_controller.rb
@@ -22,18 +22,21 @@ class SysController < ActionController::Base
  
  before_invocation :check_enabled
  
+  # Returns the projects list, with their repositories
  def projects
    Project.find(:all, :include => :repository)
  end

-  def repository_created(project_id, url)
-    project = Project.find_by_id(project_id)
+  # Registers a repository for the given project identifier
+  # (Subversion specific)
+  def repository_created(identifier, url)
+    project = Project.find_by_identifier(identifier)
+    # Do not create the repository if the project has already one
    return 0 unless project && project.repository.nil?
-    logger.debug "Repository for #{project.name} created"
-    repository = Repository.new(:project => project, :url => url)
-    repository.root_url = url
+    logger.debug "Repository for #{project.name} was created"
+    repository = Repository.factory('Subversion', :project => project, :url => url)
    repository.save
-    repository.id
+    repository.id || 0
  end

 protected
--- a/app/controllers/timelog_controller.rb
+++ b/app/controllers/timelog_controller.rb
@@ -16,14 +16,12 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class TimelogController < ApplicationController
-  layout 'base'
-  
-  before_filter :find_project
-  before_filter :authorize, :only => :edit
-  before_filter :check_project_privacy, :except => :edit
+  layout 'base'  
+  before_filter :find_project, :authorize

  helper :sort
  include SortHelper
+  helper :issues
  
  def report
    @available_criterias = { 'version' => {:sql => "#{Issue.table_name}.fixed_version_id",
@@ -56,7 +54,7 @@ class TimelogController < ApplicationController
      begin; @date_to = params[:date_to].to_date; rescue; end
    end
    @date_from ||= Date.civil(Date.today.year, 1, 1)
-    @date_to ||= Date.civil(Date.today.year, Date.today.month+1, 1) - 1
+    @date_to ||= (Date.civil(Date.today.year, Date.today.month, 1) >> 1) - 1
    
    unless @criterias.empty?
      sql_select = @criterias.collect{|criteria| @available_criterias[criteria][:sql] + " AS " + criteria}.join(', ')
@@ -109,15 +107,15 @@ class TimelogController < ApplicationController
    @entries = (@issue ? @issue : @project).time_entries.find(:all, :include => [:activity, :user, {:issue => [:tracker, :assigned_to, :priority]}], :order => sort_clause)

    @total_hours = @entries.inject(0) { |sum,entry| sum + entry.hours }
-    @owner_id = logged_in_user ? logged_in_user.id : 0
+    @owner_id = User.current.id
    
    send_csv and return if 'csv' == params[:export]    
    render :action => 'details', :layout => false if request.xhr?
  end
  
  def edit
-    render_404 and return if @time_entry && @time_entry.user != logged_in_user
-    @time_entry ||= TimeEntry.new(:project => @project, :issue => @issue, :user => logged_in_user, :spent_on => Date.today)
+    render_404 and return if @time_entry && @time_entry.user != User.current
+    @time_entry ||= TimeEntry.new(:project => @project, :issue => @issue, :user => User.current, :spent_on => Date.today)
    @time_entry.attributes = params[:time_entry]
    if request.post? and @time_entry.save
      flash[:notice] = l(:notice_successful_update)
--- a/app/controllers/trackers_controller.rb
+++ b/app/controllers/trackers_controller.rb
@@ -36,9 +36,11 @@ class TrackersController < ApplicationController
    @tracker = Tracker.new(params[:tracker])
    if request.post? and @tracker.save
      # workflow copy
-      if params[:copy_workflow_from] && (copy_from = Tracker.find_by_id(params[:copy_workflow_from]))
-        copy_from.workflows.each do |w|
-          @tracker.workflows << w.clone
+      if !params[:copy_workflow_from].blank? && (copy_from = Tracker.find_by_id(params[:copy_workflow_from]))
+        Workflow.transaction do
+          copy_from.workflows.find(:all, :include => [:role, :old_status, :new_status]).each do |w|
+            Workflow.create(:tracker_id => @tracker.id, :role => w.role, :old_status => w.old_status, :new_status => w.new_status)
+          end
        end
      end
      flash[:notice] = l(:notice_successful_create)
@@ -73,7 +75,7 @@ class TrackersController < ApplicationController
  def destroy
    @tracker = Tracker.find(params[:id])
    unless @tracker.issues.empty?
-      flash[:notice] = "This tracker contains issues and can\'t be deleted."
+      flash[:error] = "This tracker contains issues and can\'t be deleted."
    else
      @tracker.destroy
    end
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -52,13 +52,13 @@ class UsersController < ApplicationController
  def add
    if request.get?
      @user = User.new(:language => Setting.default_language)
-      @custom_values = UserCustomField.find(:all).collect { |x| CustomValue.new(:custom_field => x, :customized => @user) }
+      @custom_values = UserCustomField.find(:all, :order => "#{CustomField.table_name}.position").collect { |x| CustomValue.new(:custom_field => x, :customized => @user) }
    else
      @user = User.new(params[:user])
      @user.admin = params[:user][:admin] || false
      @user.login = params[:user][:login]
      @user.password, @user.password_confirmation = params[:password], params[:password_confirmation] unless @user.auth_source_id
-      @custom_values = UserCustomField.find(:all).collect { |x| CustomValue.new(:custom_field => x, :customized => @user, :value => params["custom_fields"][x.id.to_s]) }
+      @custom_values = UserCustomField.find(:all, :order => "#{CustomField.table_name}.position").collect { |x| CustomValue.new(:custom_field => x, :customized => @user, :value => (params[:custom_fields] ? params["custom_fields"][x.id.to_s] : nil)) }
      @user.custom_values = @custom_values			
      if @user.save
        Mailer.deliver_account_information(@user, params[:password]) if params[:send_information]
@@ -72,13 +72,13 @@ class UsersController < ApplicationController
  def edit
    @user = User.find(params[:id])
    if request.get?
-      @custom_values = UserCustomField.find(:all).collect { |x| @user.custom_values.find_by_custom_field_id(x.id) || CustomValue.new(:custom_field => x) }
+      @custom_values = UserCustomField.find(:all, :order => "#{CustomField.table_name}.position").collect { |x| @user.custom_values.find_by_custom_field_id(x.id) || CustomValue.new(:custom_field => x) }
    else
      @user.admin = params[:user][:admin] if params[:user][:admin]
      @user.login = params[:user][:login] if params[:user][:login]
      @user.password, @user.password_confirmation = params[:password], params[:password_confirmation] unless params[:password].nil? or params[:password].empty? or @user.auth_source_id
      if params[:custom_fields]
-        @custom_values = UserCustomField.find(:all).collect { |x| CustomValue.new(:custom_field => x, :customized => @user, :value => params["custom_fields"][x.id.to_s]) }
+        @custom_values = UserCustomField.find(:all, :order => "#{CustomField.table_name}.position").collect { |x| CustomValue.new(:custom_field => x, :customized => @user, :value => params["custom_fields"][x.id.to_s]) }
        @user.custom_values = @custom_values
      end
      if @user.update_attributes(params[:user])
@@ -87,7 +87,7 @@ class UsersController < ApplicationController
      end
    end
    @auth_sources = AuthSource.find(:all)
-    @roles = Role.find(:all, :order => 'position')
+    @roles = Role.find_all_givable
    @projects = Project.find(:all, :order => 'name', :conditions => "status=#{Project::STATUS_ACTIVE}") - @user.projects
    @membership ||= Member.new
  end
@@ -109,12 +109,4 @@ class UsersController < ApplicationController
    end
    redirect_to :action => 'edit', :id => @user and return
  end
-
-  def destroy
-    User.find(params[:id]).destroy
-    redirect_to :action => 'list'
-  rescue
-    flash[:notice] = "Unable to delete user"
-    redirect_to :action => 'list'
-  end  
 end
--- a/app/controllers/versions_controller.rb
+++ b/app/controllers/versions_controller.rb
@@ -19,6 +19,11 @@ class VersionsController < ApplicationController
  layout 'base'
  before_filter :find_project, :authorize

+  cache_sweeper :version_sweeper, :only => [ :edit, :destroy ]
+  
+  def show
+  end
+  
  def edit
    if request.post? and @version.update_attributes(params[:version])
      flash[:notice] = l(:notice_successful_update)
@@ -30,14 +35,14 @@ class VersionsController < ApplicationController
    @version.destroy
    redirect_to :controller => 'projects', :action => 'settings', :tab => 'versions', :id => @project
  rescue
-    flash[:notice] = "Unable to delete version"
+    flash[:error] = "Unable to delete version"
    redirect_to :controller => 'projects', :action => 'settings', :tab => 'versions', :id => @project
  end

  def download
    @attachment = @version.attachments.find(params[:attachment_id])
    @attachment.increment_download
-    send_file @attachment.diskfile, :filename => @attachment.filename
+    send_file @attachment.diskfile, :filename => @attachment.filename, :type => @attachment.content_type
  rescue
    render_404
  end 
@@ -47,6 +52,13 @@ class VersionsController < ApplicationController
    flash[:notice] = l(:notice_successful_delete)
    redirect_to :controller => 'projects', :action => 'list_files', :id => @project
  end
+  
+  def status_by
+    respond_to do |format|
+      format.html { render :action => 'show' }
+      format.js { render(:update) {|page| page.replace_html 'status_by', render_issue_status_by(@version, params[:status_by])} }
+    end
+  end

 private
  def find_project
--- a/app/controllers/watchers_controller.rb
+++ b/app/controllers/watchers_controller.rb
@@ -20,7 +20,7 @@ class WatchersController < ApplicationController
  before_filter :require_login, :find_project, :check_project_privacy
  
  def add
-    user = logged_in_user
+    user = User.current
    @watched.add_watcher(user)
    respond_to do |format|
      format.html { render :text => 'Watcher added.', :layout => true }
@@ -29,7 +29,7 @@ class WatchersController < ApplicationController
  end
  
  def remove
-    user = logged_in_user
+    user = User.current
    @watched.remove_watcher(user)
    respond_to do |format|
      format.html { render :text => 'Watcher removed.', :layout => true }
--- a/app/controllers/welcome_controller.rb
+++ b/app/controllers/welcome_controller.rb
@@ -19,7 +19,7 @@ class WelcomeController < ApplicationController
  layout 'base'

  def index
-    @news = News.latest logged_in_user
-    @projects = Project.latest logged_in_user
+    @news = News.latest User.current
+    @projects = Project.latest User.current
  end
 end
--- a/app/controllers/wiki_controller.rb
+++ b/app/controllers/wiki_controller.rb
@@ -19,8 +19,7 @@ require 'diff'

 class WikiController < ApplicationController
  layout 'base'
-  before_filter :find_wiki, :check_project_privacy
-  before_filter :authorize, :only => [:destroy, :add_attachment, :destroy_attachment]
+  before_filter :find_wiki, :authorize
  
  verify :method => :post, :only => [:destroy, :destroy_attachment], :redirect_to => { :action => :index }

@@ -32,8 +31,13 @@ class WikiController < ApplicationController
    page_title = params[:page]
    @page = @wiki.find_or_new_page(page_title)
    if @page.new_record?
-      edit
-      render :action => 'edit' and return
+      if User.current.allowed_to?(:edit_wiki_pages, @project)
+        edit
+        render :action => 'edit'
+      else
+        render_404
+      end
+      return
    end
    @content = @page.content_for_version(params[:version])
    if params[:export] == 'html'
@@ -57,7 +61,7 @@ class WikiController < ApplicationController
    # don't keep previous comment
    @content.comments = nil
    if request.post?      
-      if @content.text == params[:content][:text]
+      if !@page.new_record? && @content.text == params[:content][:text]
        # don't save if text wasn't changed
        redirect_to :action => 'index', :id => @project, :page => @page.title
        return
@@ -65,7 +69,7 @@ class WikiController < ApplicationController
      #@content.text = params[:content][:text]
      #@content.comments = params[:content][:comments]
      @content.attributes = params[:content]
-      @content.author = logged_in_user
+      @content.author = User.current
      # if page is new @page.save will also save content, but not if page isn't a new record
      if (@page.new_record? ? @page.save : @content.save)
        redirect_to :action => 'index', :id => @project, :page => @page.title
@@ -73,7 +77,19 @@ class WikiController < ApplicationController
    end
  rescue ActiveRecord::StaleObjectError
    # Optimistic locking exception
-    flash[:notice] = l(:notice_locking_conflict)
+    flash[:error] = l(:notice_locking_conflict)
+  end
+  
+  # rename a page
+  def rename
+    @page = @wiki.find_page(params[:page])    
+    @page.redirect_existing_links = true
+    # used to display the *original* title if some AR validation errors occur
+    @original_title = @page.pretty_title
+    if request.post? && @page.update_attributes(params[:wiki_page])
+      flash[:notice] = l(:notice_successful_update)
+      redirect_to :action => 'index', :id => @project, :page => @page.title
+    end
  end
  
  # show page history
@@ -110,11 +126,12 @@ class WikiController < ApplicationController
    page_title = params[:page].downcase
    case page_title
    # show pages index, sorted by title
-    when 'page_index'
+    when 'page_index', 'date_index'
      # eager load information about last updates, without loading text
      @pages = @wiki.pages.find :all, :select => "#{WikiPage.table_name}.*, #{WikiContent.table_name}.updated_on",
                                      :joins => "LEFT JOIN #{WikiContent.table_name} ON #{WikiContent.table_name}.page_id = #{WikiPage.table_name}.id",
                                      :order => 'title'
+      @pages_by_date = @pages.group_by {|p| p.updated_on.to_date}
    # export wiki to a single html file
    when 'export'
      @pages = @wiki.pages.find :all, :order => 'title'
@@ -132,16 +149,12 @@ class WikiController < ApplicationController
    page = @wiki.find_page(params[:page])
    @attachements = page.attachments if page
    @text = params[:content][:text]
-    render :partial => 'preview'
+    render :partial => 'common/preview'
  end

  def add_attachment
    @page = @wiki.find_page(params[:page])
-    # Save the attachments
-    params[:attachments].each { |file|
-      next unless file.size > 0
-      a = Attachment.create(:container => @page, :file => file, :author => logged_in_user)
-    } if params[:attachments] and params[:attachments].is_a? Array
+    attach_files(@page, params[:attachments])
    redirect_to :action => 'index', :page => @page.title
  end

--- a/app/controllers/wikis_controller.rb
+++ b/app/controllers/wikis_controller.rb
@@ -0,0 +1,44 @@
+# redMine - project management software
+# Copyright (C) 2006-2007  Jean-Philippe Lang
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+# 
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+
+class WikisController < ApplicationController
+  layout 'base'
+  before_filter :find_project, :authorize
+  
+  # Create or update a project's wiki
+  def edit
+    @wiki = @project.wiki || Wiki.new(:project => @project)
+    @wiki.attributes = params[:wiki]
+    @wiki.save if request.post?
+    render(:update) {|page| page.replace_html "tab-content-wiki", :partial => 'projects/settings/wiki'}
+  end
+
+  # Delete a project's wiki
+  def destroy
+    if request.post? && params[:confirm] && @project.wiki
+      @project.wiki.destroy
+      redirect_to :controller => 'projects', :action => 'settings', :id => @project, :tab => 'wiki'
+    end    
+  end
+  
+private
+  def find_project
+    @project = Project.find(params[:id])
+  rescue ActiveRecord::RecordNotFound
+    render_404
+  end
+end
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@@ -15,47 +15,26 @@
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

-class RedCloth
-  # Patch for RedCloth.  Fixed in RedCloth r128 but _why hasn't released it yet.
-  # <a href="http://code.whytheluckystiff.net/redcloth/changeset/128">http://code.whytheluckystiff.net/redcloth/changeset/128</a>
-  def hard_break( text ) 
-    text.gsub!( /(.)\n(?!\n|\Z| *([#*=]+(\s|$)|[{|]))/, "\\1<br />" ) if hard_breaks 
-  end 
-end
-
 module ApplicationHelper
+  include Redmine::WikiFormatting::Macros::Definitions

-  # Return current logged in user or nil
-  def loggedin?
-    @logged_in_user
+  def current_role
+    @current_role ||= User.current.role_for_project(@project)
  end
  
-  # Return true if user is logged in and is admin, otherwise false
-  def admin_loggedin?
-    @logged_in_user and @logged_in_user.admin?
-  end
-
  # Return true if user is authorized for controller/action, otherwise false
-  def authorize_for(controller, action)  
-    # check if action is allowed on public projects
-    if @project.is_public? and Permission.allowed_to_public "%s/%s" % [ controller, action ]
-      return true
-    end
-    # check if user is authorized    
-    if @logged_in_user and (@logged_in_user.admin? or Permission.allowed_to_role( "%s/%s" % [ controller, action ], @logged_in_user.role_for_project(@project)  )  )
-      return true
-    end
-    return false
+  def authorize_for(controller, action)
+    User.current.allowed_to?({:controller => controller, :action => action}, @project)
  end

  # Display a link if user is authorized
  def link_to_if_authorized(name, options = {}, html_options = nil, *parameters_for_method_reference)
-    link_to(name, options, html_options, *parameters_for_method_reference) if authorize_for(options[:controller], options[:action])
+    link_to(name, options, html_options, *parameters_for_method_reference) if authorize_for(options[:controller] || params[:controller], options[:action])
  end

  # Display a link to user's account page
  def link_to_user(user)
-    link_to user.name, :controller => 'account', :action => 'show', :id => user
+    user ? link_to(user, :controller => 'account', :action => 'show', :id => user) : 'Anonymous'
  end
  
  def link_to_issue(issue)
@@ -69,6 +48,14 @@ module ApplicationHelper
    link_to(name, "#", :onclick => onclick)
  end
  
+  def show_and_goto_link(name, id, options={})
+    onclick = "Element.show('#{id}'); "
+    onclick << (options[:focus] ? "Form.Element.focus('#{options[:focus]}'); " : "this.blur(); ")
+    onclick << "location.href='##{id}-anchor'; "
+    onclick << "return false;"
+    link_to(name, "#", options.merge(:onclick => onclick))
+  end
+  
  def image_to_function(name, function, html_options = {})
    html_options.symbolize_keys!
    tag(:input, html_options.merge({ 
@@ -77,17 +64,35 @@ module ApplicationHelper
        }))
  end
  
-  def format_date(date)
-    return nil unless date
-    @date_format_setting ||= Setting.date_format.to_i
-    @date_format_setting == 0 ? l_date(date) : date.strftime("%Y-%m-%d")
+  def prompt_to_remote(name, text, param, url, html_options = {})
+    html_options[:onclick] = "promptToRemote('#{text}', '#{param}', '#{url_for(url)}'); return false;"
+    link_to name, {}, html_options
  end
  
-  def format_time(time)
+  def format_date(date)
+    return nil unless date
+    # "Setting.date_format.size < 2" is a temporary fix (content of date_format setting changed)
+    @date_format ||= (Setting.date_format.blank? || Setting.date_format.size < 2 ? l(:general_fmt_date) : Setting.date_format)
+    date.strftime(@date_format)
+  end
+  
+  def format_time(time, include_date = true)
    return nil unless time
-    @date_format_setting ||= Setting.date_format.to_i
    time = time.to_time if time.is_a?(String)
-    @date_format_setting == 0 ? l_datetime(time) : (time.strftime("%Y-%m-%d") + ' ' + l_time(time))
+    zone = User.current.time_zone
+    if time.utc?
+      local = zone ? zone.adjust(time) : time.getlocal
+    else
+      local = zone ? zone.adjust(time.getutc) : time
+    end
+    @date_format ||= (Setting.date_format.blank? || Setting.date_format.size < 2 ? l(:general_fmt_date) : Setting.date_format)
+    @time_format ||= (Setting.time_format.blank? ? l(:general_fmt_time) : Setting.time_format)
+    include_date ? local.strftime("#{@date_format} #{@time_format}") : local.strftime(@time_format)
+  end
+  
+  def authoring(created, author)
+    time_tag = content_tag('acronym', distance_of_time_in_words(Time.now, created), :title => format_time(created))
+    l(:label_added_time_by, author || 'Anonymous', time_tag)
  end
  
  def day_name(day)
@@ -118,42 +123,45 @@ module ApplicationHelper
    html  
  end
  
-  # textilize text according to system settings and RedCloth availability
-  def textilizable(text, options = {})
-    return "" if text.blank?
-    
-    # different methods for formatting wiki links
-    case options[:wiki_links]
-    when :local
-      # used for local links to html files
-      format_wiki_link = Proc.new {|title| "#{title}.html" }
-    when :anchor
-      # used for single-file wiki export
-      format_wiki_link = Proc.new {|title| "##{title}" }
-    else
-      if @project
-        format_wiki_link = Proc.new {|title| url_for :controller => 'wiki', :action => 'index', :id => @project, :page => title }
-      else
-        format_wiki_link = Proc.new {|title| title }
-      end
-    end
-    
-    # turn wiki links into textile links: 
-    # example:
-    #   [[link]] -> "link":link
-    #   [[link|title]] -> "title":link
-    text = text.gsub(/\[\[([^\]\|]+)(\|([^\]\|]+))?\]\]/) {|m| "\"#{$3 || $1}\":" + format_wiki_link.call(Wiki.titleize($1)) }
+  def set_html_title(text)
+    @html_header_title = text
+  end
+  
+  def html_title
+    title = []
+    title << @project.name if @project
+    title << @html_header_title
+    title << Setting.app_title
+    title.compact.join(' - ')
+  end
+  
+  ACCESSKEYS = {:edit => 'e',
+                :preview => 'r',
+                :quick_search => 'f',
+                :search => '4',
+                }.freeze unless const_defined?(:ACCESSKEYS)
+
+  def accesskey(s)
+    ACCESSKEYS[s]
+  end
+
+  # Formats text according to system settings.
+  # 2 ways to call this method:
+  # * with a String: textilizable(text, options)
+  # * with an object and one of its attribute: textilizable(issue, :description, options)
+  def textilizable(*args)
+    options = args.last.is_a?(Hash) ? args.pop : {}
+    case args.size
+    when 1
+      obj = nil
+      text = args.shift || ''
+    when 2
+      obj = args.shift
+      text = obj.send(args.shift)
+    else
+      raise ArgumentError, 'invalid arguments to textilizable'
+    end

-    # turn issue ids into links
-    # example:
-    #   #52 -> <a href="/issues/show/52">#52</a>
-    text = text.gsub(/#(\d+)(?=\b)/) {|m| link_to "##{$1}", :controller => 'issues', :action => 'show', :id => $1}
-       
-    # turn revision ids into links (@project needed)
-    # example:
-    #   r52 -> <a href="/repositories/revision/6?rev=52">r52</a> (@project.id is 6)
-    text = text.gsub(/(?=\b)r(\d+)(?=\b)/) {|m| link_to "r#{$1}", :controller => 'repositories', :action => 'revision', :id => @project.id, :rev => $1} if @project
-    
    # when using an image link, try to use an attachment, if possible
    attachments = options[:attachments]
    if attachments
@@ -163,17 +171,85 @@ module ApplicationHelper
        rf = Regexp.new(filename,  Regexp::IGNORECASE)
        # search for the picture in attachments
        if found = attachments.detect { |att| att.filename =~ rf }
-          image_url = url_for :controller => 'attachments', :action => 'show', :id => found.id
+          image_url = url_for :controller => 'attachments', :action => 'download', :id => found.id
          "!#{align}#{image_url}!"
        else
          "!#{align}#{filename}!"
        end
      end
    end
+    
+    text = (Setting.text_formatting == 'textile') ?
+      Redmine::WikiFormatting.to_html(text) { |macro, args| exec_macro(macro, obj, args) } :
+      simple_format(auto_link(h(text)))

-    # finally textilize text
-    @do_textilize ||= (Setting.text_formatting == 'textile') && (ActionView::Helpers::TextHelper.method_defined? "textilize")
-    text = @do_textilize ? auto_link(RedCloth.new(text, [:hard_breaks]).to_html) : simple_format(auto_link(h(text)))
+    # different methods for formatting wiki links
+    case options[:wiki_links]
+    when :local
+      # used for local links to html files
+      format_wiki_link = Proc.new {|project, title| "#{title}.html" }
+    when :anchor
+      # used for single-file wiki export
+      format_wiki_link = Proc.new {|project, title| "##{title}" }
+    else
+      format_wiki_link = Proc.new {|project, title| url_for :controller => 'wiki', :action => 'index', :id => project, :page => title }
+    end
+    
+    project = options[:project] || @project
+    
+    # turn wiki links into html links
+    # example:
+    #   [[mypage]]
+    #   [[mypage|mytext]]
+    # wiki links can refer other project wikis, using project name or identifier:
+    #   [[project:]] -> wiki starting page
+    #   [[project:|mytext]]
+    #   [[project:mypage]]
+    #   [[project:mypage|mytext]]
+    text = text.gsub(/\[\[([^\]\|]+)(\|([^\]\|]+))?\]\]/) do |m|
+      link_project = project
+      page = $1
+      title = $3
+      if page =~ /^([^\:]+)\:(.*)$/
+        link_project = Project.find_by_name($1) || Project.find_by_identifier($1)
+        page = title || $2
+        title = $1 if page.blank?
+      end
+      
+      if link_project && link_project.wiki
+        # check if page exists
+        wiki_page = link_project.wiki.find_page(page)
+        link_to((title || page), format_wiki_link.call(link_project, Wiki.titleize(page)),
+                                 :class => ('wiki-page' + (wiki_page ? '' : ' new')))
+      else
+        # project or wiki doesn't exist
+        title || page
+      end
+    end
+
+    # turn issue and revision ids into links
+    # example:
+    #   #52 -> <a href="/issues/show/52">#52</a>
+    #   r52 -> <a href="/repositories/revision/6?rev=52">r52</a> (project.id is 6)
+    text = text.gsub(%r{([\s\(,-^])(#|r)(\d+)(?=[[:punct:]]|\s|<|$)}) do |m|
+      leading, otype, oid = $1, $2, $3
+      link = nil
+      if otype == 'r'
+        if project && (changeset = project.changesets.find_by_revision(oid))
+          link = link_to("r#{oid}", {:controller => 'repositories', :action => 'revision', :id => project.id, :rev => oid}, :class => 'changeset',
+                                    :title => truncate(changeset.comments, 100))
+        end
+      else
+        if issue = Issue.find_by_id(oid.to_i, :include => [:project, :status], :conditions => Project.visible_by(User.current))        
+          link = link_to("##{oid}", {:controller => 'issues', :action => 'show', :id => oid}, :class => 'issue',
+                                    :title => "#{truncate(issue.subject, 100)} (#{issue.status.name})")
+          link = content_tag('del', link) if issue.closed?
+        end
+      end
+      leading + (link || "#{otype}#{oid}")
+    end
+    
+    text
  end
  
  # Same as Rails' simple_format helper without using paragraphs
@@ -211,7 +287,7 @@ module ApplicationHelper
      end      
      content_tag("div",
        content_tag(
-          options[:header_tag] || "h2", lwr(:gui_validation_error, full_messages.length) + " :"
+          options[:header_tag] || "span", lwr(:gui_validation_error, full_messages.length) + ":"
        ) +
        content_tag("ul", full_messages.collect { |msg| content_tag("li", msg) }),
        "id" => options[:id] || "errorExplanation", "class" => options[:class] || "errorExplanation"
@@ -223,7 +299,7 @@ module ApplicationHelper
  
  def lang_options_for_select(blank=true)
    (blank ? [["(auto)", ""]] : []) + 
-      GLoc.valid_languages.collect{|lang| [ ll(lang.to_s, :general_lang_name), lang.to_s]}.sort{|x,y| x.first <=> y.first }
+      GLoc.valid_languages.collect{|lang| [ ll(lang.to_s, :general_lang_name), lang.to_s]}.sort{|x,y| x.last <=> y.last }
  end
  
  def label_tag_for(name, option_tags = nil, options = {})
@@ -243,6 +319,37 @@ module ApplicationHelper
    link_to_function(l(:button_uncheck_all), "checkAll('#{form_name}', false)")   
  end
  
+  def progress_bar(pcts, options={})
+    pcts = [pcts, pcts] unless pcts.is_a?(Array)
+    pcts[1] = pcts[1] - pcts[0]
+    pcts << (100 - pcts[1] - pcts[0])
+    width = options[:width] || '100px;'
+    legend = options[:legend] || ''
+    content_tag('table',
+      content_tag('tr',
+        (pcts[0] > 0 ? content_tag('td', '', :width => "#{pcts[0].floor}%;", :class => 'closed') : '') +
+        (pcts[1] > 0 ? content_tag('td', '', :width => "#{pcts[1].floor}%;", :class => 'done') : '') +
+        (pcts[2] > 0 ? content_tag('td', '', :width => "#{pcts[2].floor}%;", :class => 'todo') : '')
+      ), :class => 'progress', :style => "width: #{width};") +
+      content_tag('p', legend, :class => 'pourcent')
+  end
+  
+  def context_menu_link(name, url, options={})
+    options[:class] ||= ''
+    if options.delete(:selected)
+      options[:class] << ' icon-checked disabled'
+      options[:disabled] = true
+    end
+    if options.delete(:disabled)
+      options.delete(:method)
+      options.delete(:confirm)
+      options.delete(:onclick)
+      options[:class] << ' disabled'
+      url = '#'
+    end
+    link_to name, url, options
+  end
+  
  def calendar_for(field_id)
    image_tag("calendar.png", {:id => "#{field_id}_trigger",:class => "calendar-trigger"}) +
    javascript_tag("Calendar.setup({inputField : '#{field_id}', ifFormat : '%Y-%m-%d', button : '#{field_id}_trigger' });")
@@ -252,6 +359,16 @@ module ApplicationHelper
    return '' unless Setting.text_formatting == 'textile'
    javascript_include_tag('jstoolbar') + javascript_tag("var toolbar = new jsToolBar($('#{field_id}')); toolbar.draw();")
  end
+  
+  def content_for(name, content = nil, &block)
+    @has_content ||= {}
+    @has_content[name] = true
+    super(name, content, &block)
+  end
+  
+  def has_content?(name)
+    (@has_content && @has_content[name]) || false
+  end
 end

 class TabularFormBuilder < ActionView::Helpers::FormBuilder
--- a/app/helpers/custom_fields_helper.rb
+++ b/app/helpers/custom_fields_helper.rb
@@ -24,8 +24,6 @@ module CustomFieldsHelper
    field_id = "custom_fields_#{custom_field.id}"
    
    case custom_field.field_format
-    when "string", "int"
-      text_field 'custom_value', 'value', :name => field_name, :id => field_id
    when "date"
      text_field('custom_value', 'value', :name => field_name, :id => field_id, :size => 10) + 
      calendar_for(field_id)
@@ -35,6 +33,8 @@ module CustomFieldsHelper
      check_box 'custom_value', 'value', :name => field_name, :id => field_id
    when "list"
      select 'custom_value', 'value', custom_field.possible_values, { :include_blank => true }, :name => field_name, :id => field_id
+    else
+      text_field 'custom_value', 'value', :name => field_name, :id => field_id
    end
  end
  
--- a/app/helpers/ifpdf_helper.rb
+++ b/app/helpers/ifpdf_helper.rb
@@ -52,11 +52,16 @@ module IfpdfHelper
      
    def Cell(w,h=0,txt='',border=0,ln=0,align='',fill=0,link='')
      @ic ||= Iconv.new(l(:general_pdf_encoding), 'UTF-8')
+      # these quotation marks are not correctly rendered in the pdf
+      txt = txt.gsub(/[“”]/, '"') if txt
      txt = begin
-        @ic.iconv(txt)
+        # 0x5c char handling
+        txtar = txt.split('\\')
+        txtar << '' if txt[-1] == ?\\
+        txtar.collect {|x| @ic.iconv(x)}.join('\\').gsub(/\\/, "\\\\\\\\")
      rescue
        txt
-      end
+      end || ''
      super w,h,txt,border,ln,align,fill,link
    end
    
--- a/app/helpers/issues_helper.rb
+++ b/app/helpers/issues_helper.rb
@@ -15,7 +15,23 @@
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

+require 'csv'
+
 module IssuesHelper
+  include ApplicationHelper
+
+  def render_issue_tooltip(issue)
+    @cached_label_start_date ||= l(:field_start_date)
+    @cached_label_due_date ||= l(:field_due_date)
+    @cached_label_assigned_to ||= l(:field_assigned_to)
+    @cached_label_priority ||= l(:field_priority)
+    
+    link_to_issue(issue) + ": #{h(issue.subject)}<br /><br />" +
+      "<strong>#{@cached_label_start_date}</strong>: #{format_date(issue.start_date)}<br />" +
+      "<strong>#{@cached_label_due_date}</strong>: #{format_date(issue.due_date)}<br />" +
+      "<strong>#{@cached_label_assigned_to}</strong>: #{issue.assigned_to}<br />" +
+      "<strong>#{@cached_label_priority}</strong>: #{issue.priority.name}"
+  end

  def show_detail(detail, no_html=false)
    case detail.property
@@ -60,13 +76,18 @@ module IssuesHelper
      label = content_tag('strong', label)
      old_value = content_tag("i", h(old_value)) if detail.old_value
      old_value = content_tag("strike", old_value) if detail.old_value and (!detail.value or detail.value.empty?)
-      value = content_tag("i", h(value)) if value
+      if detail.property == 'attachment' && !value.blank? && Attachment.find_by_id(detail.prop_key)
+        # Link to the attachment if it has not been removed
+        value = link_to(value, :controller => 'attachments', :action => 'download', :id => detail.prop_key)
+      else
+        value = content_tag("i", h(value)) if value
+      end
    end
    
-    if detail.value and !detail.value.to_s.empty?
+    if !detail.value.blank?
      case detail.property
      when 'attr', 'cf'
-        if old_value
+        if !detail.old_value.blank?
          label + " " + l(:text_journal_changed, old_value, value)
        else
          label + " " + l(:text_journal_set_to, value)
@@ -83,4 +104,56 @@ module IssuesHelper
      end
    end
  end
+  
+  def issues_to_csv(issues, project = nil)
+    ic = Iconv.new(l(:general_csv_encoding), 'UTF-8')    
+    export = StringIO.new
+    CSV::Writer.generate(export, l(:general_csv_separator)) do |csv|
+      # csv header fields
+      headers = [ "#",
+                  l(:field_status), 
+                  l(:field_project),
+                  l(:field_tracker),
+                  l(:field_priority),
+                  l(:field_subject),
+                  l(:field_assigned_to),
+                  l(:field_category),
+                  l(:field_fixed_version),
+                  l(:field_author),
+                  l(:field_start_date),
+                  l(:field_due_date),
+                  l(:field_done_ratio),
+                  l(:field_created_on),
+                  l(:field_updated_on)
+                  ]
+      # Export project custom fields if project is given
+      # otherwise export custom fields marked as "For all projects"
+      custom_fields = project.nil? ? IssueCustomField.for_all : project.all_custom_fields
+      custom_fields.each {|f| headers << f.name}
+      csv << headers.collect {|c| begin; ic.iconv(c.to_s); rescue; c.to_s; end }
+      # csv lines
+      issues.each do |issue|
+        fields = [issue.id,
+                  issue.status.name, 
+                  issue.project.name,
+                  issue.tracker.name, 
+                  issue.priority.name,
+                  issue.subject,
+                  issue.assigned_to,
+                  issue.category,
+                  issue.fixed_version,
+                  issue.author.name,
+                  format_date(issue.start_date),
+                  format_date(issue.due_date),
+                  issue.done_ratio,
+                  format_time(issue.created_on),  
+                  format_time(issue.updated_on)
+                  ]
+        custom_fields.each {|f| fields << show_value(issue.custom_value_for(f)) }
+        csv << fields.collect {|c| begin; ic.iconv(c.to_s); rescue; c.to_s; end }
+      end
+    end
+    export.rewind
+    export
+  end
 end
--- a/app/helpers/projects_helper.rb
+++ b/app/helpers/projects_helper.rb
@@ -25,4 +25,175 @@ module ProjectsHelper
                           :anchor => version.name
                          }, options
  end
+  
+  def project_settings_tabs
+    tabs = [{:name => 'info', :action => :edit_project, :partial => 'projects/edit', :label => :label_information_plural},
+            {:name => 'modules', :action => :select_project_modules, :partial => 'projects/settings/modules', :label => :label_module_plural},
+            {:name => 'members', :action => :manage_members, :partial => 'projects/settings/members', :label => :label_member_plural},
+            {:name => 'versions', :action => :manage_versions, :partial => 'projects/settings/versions', :label => :label_version_plural},
+            {:name => 'categories', :action => :manage_categories, :partial => 'projects/settings/issue_categories', :label => :label_issue_category_plural},
+            {:name => 'wiki', :action => :manage_wiki, :partial => 'projects/settings/wiki', :label => :label_wiki},
+            {:name => 'repository', :action => :manage_repository, :partial => 'projects/settings/repository', :label => :label_repository},
+            {:name => 'boards', :action => :manage_boards, :partial => 'projects/settings/boards', :label => :label_board_plural}
+            ]
+    tabs.select {|tab| User.current.allowed_to?(tab[:action], @project)}     
+  end
+  
+  # Generates a gantt image
+  # Only defined if RMagick is avalaible
+  def gantt_image(events, date_from, months, zoom)
+    date_to = (date_from >> months)-1    
+    show_weeks = zoom > 1
+    show_days = zoom > 2
+    
+    subject_width = 320
+    header_heigth = 18
+    # width of one day in pixels
+    zoom = zoom*2
+    g_width = (date_to - date_from + 1)*zoom
+    g_height = 20 * events.length + 20
+    headers_heigth = (show_weeks ? 2*header_heigth : header_heigth)
+    height = g_height + headers_heigth
+        
+    imgl = Magick::ImageList.new
+    imgl.new_image(subject_width+g_width+1, height)
+    gc = Magick::Draw.new
+    
+    # Subjects
+    top = headers_heigth + 20
+    gc.fill('black')
+    gc.stroke('transparent')
+    gc.stroke_width(1)
+    events.each do |i|
+      gc.text(4, top + 2, (i.is_a?(Issue) ? i.subject : i.name))
+      top = top + 20
+    end
+
+    # Months headers
+    month_f = date_from
+    left = subject_width
+    months.times do 
+      width = ((month_f >> 1) - month_f) * zoom
+      gc.fill('white')
+      gc.stroke('grey')
+      gc.stroke_width(1)
+      gc.rectangle(left, 0, left + width, height)
+      gc.fill('black')
+      gc.stroke('transparent')
+      gc.stroke_width(1)
+      gc.text(left.round + 8, 14, "#{month_f.year}-#{month_f.month}")
+      left = left + width
+      month_f = month_f >> 1
+    end
+    
+    # Weeks headers
+    if show_weeks
+    	left = subject_width
+    	height = header_heigth
+    	if date_from.cwday == 1
+    	    # date_from is monday
+            week_f = date_from
+    	else
+    	    # find next monday after date_from
+    		week_f = date_from + (7 - date_from.cwday + 1)
+    		width = (7 - date_from.cwday + 1) * zoom
+            gc.fill('white')
+            gc.stroke('grey')
+            gc.stroke_width(1)
+            gc.rectangle(left, header_heigth, left + width, 2*header_heigth + g_height-1)
+    		left = left + width
+    	end
+    	while week_f <= date_to
+    		width = (week_f + 6 <= date_to) ? 7 * zoom : (date_to - week_f + 1) * zoom
+            gc.fill('white')
+            gc.stroke('grey')
+            gc.stroke_width(1)
+            gc.rectangle(left.round, header_heigth, left.round + width, 2*header_heigth + g_height-1)
+            gc.fill('black')
+            gc.stroke('transparent')
+            gc.stroke_width(1)
+            gc.text(left.round + 2, header_heigth + 14, week_f.cweek.to_s)
+    		left = left + width
+    		week_f = week_f+7
+    	end
+    end
+    
+    # Days details (week-end in grey)
+    if show_days
+    	left = subject_width
+    	height = g_height + header_heigth - 1
+    	wday = date_from.cwday
+    	(date_to - date_from + 1).to_i.times do 
+          width =  zoom
+          gc.fill(wday == 6 || wday == 7 ? '#eee' : 'white')
+          gc.stroke('grey')
+          gc.stroke_width(1)
+          gc.rectangle(left, 2*header_heigth, left + width, 2*header_heigth + g_height-1)
+          left = left + width
+          wday = wday + 1
+          wday = 1 if wday > 7
+    	end
+    end
+
+    # border
+    gc.fill('transparent')
+    gc.stroke('grey')
+    gc.stroke_width(1)
+    gc.rectangle(0, 0, subject_width+g_width, headers_heigth)
+    gc.stroke('black')
+    gc.rectangle(0, 0, subject_width+g_width, g_height+ headers_heigth-1)
+        
+    # content
+    top = headers_heigth + 20
+    gc.stroke('transparent')
+    events.each do |i|      
+      if i.is_a?(Issue)       
+        i_start_date = (i.start_date >= date_from ? i.start_date : date_from )
+        i_end_date = (i.due_date <= date_to ? i.due_date : date_to )        
+        i_done_date = i.start_date + ((i.due_date - i.start_date+1)*i.done_ratio/100).floor
+        i_done_date = (i_done_date <= date_from ? date_from : i_done_date )
+        i_done_date = (i_done_date >= date_to ? date_to : i_done_date )        
+        i_late_date = [i_end_date, Date.today].min if i_start_date < Date.today
+        
+        i_left = subject_width + ((i_start_date - date_from)*zoom).floor 	
+        i_width = ((i_end_date - i_start_date + 1)*zoom).floor                  # total width of the issue
+        d_width = ((i_done_date - i_start_date)*zoom).floor                     # done width
+        l_width = i_late_date ? ((i_late_date - i_start_date+1)*zoom).floor : 0 # delay width
+  
+        gc.fill('grey')
+        gc.rectangle(i_left, top, i_left + i_width, top - 6)
+        gc.fill('red')
+        gc.rectangle(i_left, top, i_left + l_width, top - 6) if l_width > 0
+        gc.fill('blue')
+        gc.rectangle(i_left, top, i_left + d_width, top - 6) if d_width > 0
+        gc.fill('black')
+        gc.text(i_left + i_width + 5,top + 1, "#{i.status.name} #{i.done_ratio}%")
+      else
+        i_left = subject_width + ((i.start_date - date_from)*zoom).floor
+        gc.fill('green')
+        gc.rectangle(i_left, top, i_left + 6, top - 6)        
+        gc.fill('black')
+        gc.text(i_left + 11, top + 1, i.name)
+      end
+      top = top + 20
+    end
+    
+    # today red line
+    if Date.today >= date_from and Date.today <= date_to
+      gc.stroke('red')
+      x = (Date.today-date_from+1)*zoom + subject_width
+      gc.line(x, headers_heigth, x, headers_heigth + g_height-1)      
+    end    
+    
+    gc.draw(imgl)
+    imgl
+  end if Object.const_defined?(:Magick)
+  
+  def new_issue_selector
+    trackers = @project.trackers
+    # can't use form tag inside helper
+    content_tag('form',
+      select_tag('tracker_id', '<option></option>' + options_from_collection_for_select(trackers, 'id', 'name'), :onchange => "if (this.value != '') {this.form.submit()}"),
+      :action => url_for(:controller => 'projects', :action => 'add_issue', :id => @project), :method => 'get')
+  end
 end
--- a/app/helpers/queries_helper.rb
+++ b/app/helpers/queries_helper.rb
@@ -1,6 +1,51 @@
-module QueriesHelper
+# redMine - project management software
+# Copyright (C) 2006-2007  Jean-Philippe Lang
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+# 
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

+module QueriesHelper
+  
  def operators_for_select(filter_type)
    Query.operators_by_filter_type[filter_type].collect {|o| [l(Query.operators[o]), o]}
  end
+  
+  def column_header(column)
+    column.sortable ? sort_header_tag(column.sortable, :caption => column.caption) : content_tag('th', column.caption)
+  end
+  
+  def column_content(column, issue)
+    if column.is_a?(QueryCustomFieldColumn)
+      cv = issue.custom_values.detect {|v| v.custom_field_id == column.custom_field.id}
+      show_value(cv)
+    else
+      value = issue.send(column.name)
+      if value.is_a?(Date)
+        format_date(value)
+      elsif value.is_a?(Time)
+        format_time(value)
+      else
+        case column.name
+        when :subject
+        h((@project.nil? || @project != issue.project) ? "#{issue.project.name} - " : '') +
+          link_to(h(value), :controller => 'issues', :action => 'show', :id => issue)
+        when :done_ratio
+          progress_bar(value, :width => '80px')
+        else
+          h(value)
+        end
+      end
+    end
+  end
 end
--- a/app/helpers/reports_helper.rb
+++ b/app/helpers/reports_helper.rb
@@ -29,4 +29,8 @@ module ReportsHelper
    a
  end
  
+  def aggregate_link(data, criteria, *args)
+    a = aggregate data, criteria
+    a > 0 ? link_to(a, *args) : '-'
+  end  
 end
--- a/app/helpers/repositories_helper.rb
+++ b/app/helpers/repositories_helper.rb
@@ -15,19 +15,41 @@
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

+require 'coderay'
+require 'coderay/helpers/file_type'
+require 'iconv'
+
 module RepositoriesHelper
+  def syntax_highlight(name, content)
+    type = CodeRay::FileType[name]
+    type ? CodeRay.scan(content, type).html : h(content)
+  end
+  
+  def to_utf8(str)
+    return str if /\A[\r\n\t\x20-\x7e]*\Z/n.match(str) # for us-ascii
+    @encodings ||= Setting.repositories_encodings.split(',').collect(&:strip)
+    @encodings.each do |encoding|
+      begin
+        return Iconv.conv('UTF-8', encoding, str)
+      rescue Iconv::Failure
+        # do nothing here and try the next encoding
+      end
+    end
+    str
+  end
+  
  def repository_field_tags(form, repository)    
    method = repository.class.name.demodulize.underscore + "_field_tags"
    send(method, form, repository) if repository.is_a?(Repository) && respond_to?(method)
  end
  
-  def scm_select_tag
+  def scm_select_tag(repository)
    container = [[]]
    REDMINE_SUPPORTED_SCM.each {|scm| container << ["Repository::#{scm}".constantize.scm_name, scm]}
    select_tag('repository_scm', 
-               options_for_select(container, @project.repository.class.name.demodulize),
-               :disabled => (@project.repository && !@project.repository.new_record?),
-               :onchange => remote_function(:update => "repository_fields", :url => { :controller => 'repositories', :action => 'update_form', :id => @project }, :with => "Form.serialize(this.form)")
+               options_for_select(container, repository.class.name.demodulize),
+               :disabled => (repository && !repository.new_record?),
+               :onchange => remote_function(:url => { :controller => 'repositories', :action => 'edit', :id => @project }, :method => :get, :with => "Form.serialize(this.form)")
               )
  end
  
@@ -40,7 +62,10 @@ module RepositoriesHelper
      content_tag('p', form.text_field(:url, :size => 60, :required => true, :disabled => (repository && !repository.root_url.blank?)) +
                       '<br />(http://, https://, svn://, file:///)') +
      content_tag('p', form.text_field(:login, :size => 30)) +
-      content_tag('p', form.password_field(:password, :size => 30))
+      content_tag('p', form.password_field(:password, :size => 30, :name => 'ignore',
+                                           :value => ((repository.new_record? || repository.password.blank?) ? '' : ('x'*15)),
+                                           :onfocus => "this.value=''; this.name='repository[password]';",
+                                           :onchange => "this.name='repository[password]';"))
  end

  def darcs_field_tags(form, repository)
@@ -55,4 +80,8 @@ module RepositoriesHelper
      content_tag('p', form.text_field(:root_url, :label => 'CVSROOT', :size => 60, :required => true, :disabled => !repository.new_record?)) +
      content_tag('p', form.text_field(:url, :label => 'Module', :size => 30, :required => true, :disabled => !repository.new_record?))
  end
+
+  def bazaar_field_tags(form, repository)
+      content_tag('p', form.text_field(:url, :label => 'Root directory', :size => 60, :required => true, :disabled => (repository && !repository.new_record?)))
+  end
 end
--- a/app/helpers/search_helper.rb
+++ b/app/helpers/search_helper.rb
@@ -17,11 +17,21 @@

 module SearchHelper
  def highlight_tokens(text, tokens)
-    return text unless tokens && !tokens.empty?
+    return text unless text && tokens && !tokens.empty?
    regexp = Regexp.new "(#{tokens.join('|')})", Regexp::IGNORECASE    
    result = ''
    text.split(regexp).each_with_index do |words, i|
-      result << (i.even? ? (words.length > 100 ? "#{words[0..44]} ... #{words[-45..-1]}" : words) : content_tag('span', words, :class => 'highlight'))
+      if result.length > 1200
+        # maximum length of the preview reached
+        result << '...'
+        break
+      end
+      if i.even?
+        result << h(words.length > 100 ? "#{words[0..44]} ... #{words[-45..-1]}" : words)
+      else
+        t = (tokens.index(words.downcase) || 0) % 4
+        result << content_tag('span', h(words), :class => "highlight token-#{t}")
+      end
    end
    result
  end
--- a/app/helpers/sort_helper.rb
+++ b/app/helpers/sort_helper.rb
@@ -137,13 +137,8 @@ module SortHelper
  #   </th>
  #
  def sort_header_tag(column, options = {})
-    if options[:caption]
-      caption = options[:caption]
-      options.delete(:caption)
-    else
-      caption = titleize(Inflector::humanize(column))
-    end
-    options[:title]= "Sort by #{caption}" unless options[:title]
+    caption = options.delete(:caption) || titleize(Inflector::humanize(column))
+    options[:title]= l(:label_sort_by, "\"#{caption}\"") unless options[:title]
    content_tag('th', sort_link(column, caption), options)
  end

--- a/app/helpers/versions_helper.rb
+++ b/app/helpers/versions_helper.rb
@@ -16,4 +16,32 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 module VersionsHelper
+
+  STATUS_BY_CRITERIAS = %w(category tracker priority author assigned_to)
+  
+  def render_issue_status_by(version, criteria)
+    criteria ||= 'category'
+    raise 'Unknown criteria' unless STATUS_BY_CRITERIAS.include?(criteria)
+    
+    h = Hash.new {|k,v| k[v] = [0, 0]}
+    begin
+      # Total issue count
+      Issue.count(:group => criteria,
+                  :conditions => ["#{Issue.table_name}.fixed_version_id = ?", version.id]).each {|c,s| h[c][0] = s}
+      # Open issues count
+      Issue.count(:group => criteria,
+                  :include => :status,
+                  :conditions => ["#{Issue.table_name}.fixed_version_id = ? AND #{IssueStatus.table_name}.is_closed = ?", version.id, false]).each {|c,s| h[c][1] = s}
+    rescue ActiveRecord::RecordNotFound
+    # When grouping by an association, Rails throws this exception if there's no result (bug)
+    end
+    counts = h.keys.compact.sort.collect {|k| {:group => k, :total => h[k][0], :open => h[k][1], :closed => (h[k][0] - h[k][1])}}
+    max = counts.collect {|c| c[:total]}.max
+    
+    render :partial => 'issue_counts', :locals => {:version => version, :criteria => criteria, :counts => counts, :max => max}
+  end
+  
+  def status_by_options_for_select(value)
+    options_for_select(STATUS_BY_CRITERIAS.collect {|criteria| [l("field_#{criteria}".to_sym), criteria]}, value)
+  end
 end
--- a/app/helpers/watchers_helper.rb
+++ b/app/helpers/watchers_helper.rb
@@ -21,7 +21,7 @@ module WatchersHelper
  end
  
  def watcher_link(object, user)
-    return '' unless user && object.respond_to?('watched_by?')
+    return '' unless user && user.logged? && object.respond_to?('watched_by?')
    watched = object.watched_by?(user)
    url = {:controller => 'watchers',
           :action => (watched ? 'remove' : 'add'),
--- a/app/models/attachment.rb
+++ b/app/models/attachment.rb
@@ -21,8 +21,14 @@ class Attachment < ActiveRecord::Base
  belongs_to :container, :polymorphic => true
  belongs_to :author, :class_name => "User", :foreign_key => "author_id"
  
-  validates_presence_of :container, :filename
-  
+  validates_presence_of :container, :filename, :author
+  validates_length_of :filename, :maximum => 255
+  validates_length_of :disk_filename, :maximum => 255
+
+  acts_as_event :title => :filename,
+                :description => :filename,
+                :url => Proc.new {|o| {:controller => 'attachments', :action => 'download', :id => o.id}}
+
  cattr_accessor :storage_path
  @@storage_path = "#{RAILS_ROOT}/files"
  
@@ -36,7 +42,7 @@ class Attachment < ActiveRecord::Base
 			if @temp_file.size > 0
 				self.filename = sanitize_filename(@temp_file.original_filename)
 				self.disk_filename = DateTime.now.strftime("%y%m%d%H%M%S") + "_" + self.filename
-				self.content_type = @temp_file.content_type
+				self.content_type = @temp_file.content_type.chomp
 				self.filesize = @temp_file.size
 			end
 		end
@@ -55,6 +61,10 @@ class Attachment < ActiveRecord::Base
 			end
 			self.digest = Digest::MD5.hexdigest(File.read(diskfile))
 		end
+		# Don't save the content type if it's longer than the authorized length
+		if self.content_type && self.content_type.length > 255
+		  self.content_type = nil
+		end
 	end
 	
 	# Deletes file on the disk
@@ -72,14 +82,13 @@ class Attachment < ActiveRecord::Base
  def increment_download
    increment!(:downloads)
  end
-	
-	# returns last created projects
-	def self.most_downloaded
-		find(:all, :limit => 5, :order => "downloads DESC")	
-	end

  def project
-    container.is_a?(Project) ? container : container.project
+    container.project
+  end
+  
+  def image?
+    self.filename =~ /\.(jpeg|jpg|gif|png)$/i
  end
  
 private
--- a/app/models/auth_source.rb
+++ b/app/models/auth_source.rb
@@ -20,6 +20,10 @@ class AuthSource < ActiveRecord::Base
  
  validates_presence_of :name
  validates_uniqueness_of :name
+  validates_length_of :name, :host, :maximum => 60
+  validates_length_of :account_password, :maximum => 60, :allow_nil => true
+  validates_length_of :account, :base_dn, :maximum => 255
+  validates_length_of :attr_login, :attr_firstname, :attr_lastname, :attr_mail, :maximum => 30

  def authenticate(login, password)
  end
--- a/app/models/auth_source_ldap.rb
+++ b/app/models/auth_source_ldap.rb
@@ -20,12 +20,14 @@ require 'iconv'

 class AuthSourceLdap < AuthSource 
  validates_presence_of :host, :port, :attr_login
-
+  validates_presence_of :attr_firstname, :attr_lastname, :attr_mail, :if => Proc.new { |a| a.onthefly_register? }
+  
  def after_initialize
    self.port = 389 if self.port == 0
  end
  
  def authenticate(login, password)
+    return nil if login.blank? || password.blank?
    attrs = []
    # get user's DN
    ldap_con = initialize_ldap_con(self.account, self.account_password)
@@ -34,12 +36,13 @@ class AuthSourceLdap < AuthSource
    dn = String.new
    ldap_con.search( :base => self.base_dn, 
                     :filter => object_filter & login_filter, 
-                     :attributes=> ['dn', self.attr_firstname, self.attr_lastname, self.attr_mail]) do |entry|
+                     # only ask for the DN if on-the-fly registration is disabled
+                     :attributes=> (onthefly_register? ? ['dn', self.attr_firstname, self.attr_lastname, self.attr_mail] : ['dn'])) do |entry|
      dn = entry.dn
      attrs = [:firstname => AuthSourceLdap.get_attr(entry, self.attr_firstname),
               :lastname => AuthSourceLdap.get_attr(entry, self.attr_lastname),
               :mail => AuthSourceLdap.get_attr(entry, self.attr_mail),
-               :auth_source_id => self.id ]
+               :auth_source_id => self.id ] if onthefly_register?
    end
    return nil if dn.empty?
    logger.debug "DN found for #{login}: #{dn}" if logger && logger.debug?
@@ -69,7 +72,8 @@ private
  def initialize_ldap_con(ldap_user, ldap_password)
    Net::LDAP.new( {:host => self.host, 
                    :port => self.port, 
-                    :auth => { :method => :simple, :username => Iconv.new('iso-8859-15', 'utf-8').iconv(ldap_user), :password => Iconv.new('iso-8859-15', 'utf-8').iconv(ldap_password) }} 
+                    :auth => { :method => :simple, :username => ldap_user, :password => ldap_password },
+                    :encryption => (self.tls ? :simple_tls : nil)} 
    ) 
  end
  
--- a/app/models/changeset.rb
+++ b/app/models/changeset.rb
@@ -19,12 +19,27 @@ class Changeset < ActiveRecord::Base
  belongs_to :repository
  has_many :changes, :dependent => :delete_all
  has_and_belongs_to_many :issues
+
+  acts_as_event :title => Proc.new {|o| "#{l(:label_revision)} #{o.revision}" + (o.comments.blank? ? '' : (': ' + o.comments))},
+                :description => :comments,
+                :datetime => :committed_on,
+                :author => :committer,
+                :url => Proc.new {|o| {:controller => 'repositories', :action => 'revision', :id => o.repository.project_id, :rev => o.revision}}
+                
+  acts_as_searchable :columns => 'comments',
+                     :include => :repository,
+                     :project_key => "#{Repository.table_name}.project_id",
+                     :date_column => 'committed_on'
  
  validates_presence_of :repository_id, :revision, :committed_on, :commit_date
  validates_numericality_of :revision, :only_integer => true
  validates_uniqueness_of :revision, :scope => :repository_id
  validates_uniqueness_of :scmid, :scope => :repository_id, :allow_nil => true
  
+  def comments=(comment)
+    write_attribute(:comments, comment.strip)
+  end
+
  def committed_on=(date)
    self.commit_date = date
    super
@@ -37,17 +52,24 @@ class Changeset < ActiveRecord::Base
  def scan_comment_for_issue_ids
    return if comments.blank?
    # keywords used to reference issues
-    ref_keywords = Setting.commit_ref_keywords.downcase.split(",")
+    ref_keywords = Setting.commit_ref_keywords.downcase.split(",").collect(&:strip)
    # keywords used to fix issues
-    fix_keywords = Setting.commit_fix_keywords.downcase.split(",")
-    # status applied
+    fix_keywords = Setting.commit_fix_keywords.downcase.split(",").collect(&:strip)
+    # status and optional done ratio applied
    fix_status = IssueStatus.find_by_id(Setting.commit_fix_status_id)
+    done_ratio = Setting.commit_fix_done_ratio.blank? ? nil : Setting.commit_fix_done_ratio.to_i
    
-    kw_regexp = (ref_keywords + fix_keywords).collect{|kw| Regexp.escape(kw.strip)}.join("|")
+    kw_regexp = (ref_keywords + fix_keywords).collect{|kw| Regexp.escape(kw)}.join("|")
    return if kw_regexp.blank?
    
-    # remove any associated issues
-    self.issues.clear
+    referenced_issues = []
+    
+    if ref_keywords.delete('*')
+      # find any issue ID in the comments
+      target_issue_ids = []
+      comments.scan(%r{([\s\(,-^])#(\d+)(?=[[:punct:]]|\s|<|$)}).each { |m| target_issue_ids << m[1] }
+      referenced_issues += repository.project.issues.find_all_by_id(target_issue_ids)
+    end
    
    comments.scan(Regexp.new("(#{kw_regexp})[\s:]+(([\s,;&]*#?\\d+)+)", Regexp::IGNORECASE)).each do |match|
      action = match[0]
@@ -60,10 +82,23 @@ class Changeset < ActiveRecord::Base
          # don't change the status is the issue is already closed
          next if issue.status.is_closed?
          issue.status = fix_status
+          issue.done_ratio = done_ratio if done_ratio
          issue.save
        end
      end
-      self.issues << target_issues
+      referenced_issues += target_issues
    end
+    
+    self.issues = referenced_issues.uniq
+  end
+
+  # Returns the previous changeset
+  def previous
+    @previous ||= Changeset.find(:first, :conditions => ['revision < ? AND repository_id = ?', self.revision, self.repository_id], :order => 'revision DESC')
+  end
+
+  # Returns the next changeset
+  def next
+    @next ||= Changeset.find(:first, :conditions => ['revision > ? AND repository_id = ?', self.revision, self.repository_id], :order => 'revision ASC')
  end
 end
--- a/app/models/custom_field.rb
+++ b/app/models/custom_field.rb
@@ -17,18 +17,21 @@

 class CustomField < ActiveRecord::Base
  has_many :custom_values, :dependent => :delete_all
+  acts_as_list :scope => 'type = \'#{self.class}\''
  serialize :possible_values
  
  FIELD_FORMATS = { "string" => { :name => :label_string, :order => 1 },
                    "text" => { :name => :label_text, :order => 2 },
                    "int" => { :name => :label_integer, :order => 3 },
-                    "list" => { :name => :label_list, :order => 4 },
-			        "date" => { :name => :label_date, :order => 5 },
-			        "bool" => { :name => :label_boolean, :order => 6 }
+                    "float" => { :name => :label_float, :order => 4 },
+                    "list" => { :name => :label_list, :order => 5 },
+			        "date" => { :name => :label_date, :order => 6 },
+			        "bool" => { :name => :label_boolean, :order => 7 }
  }.freeze

  validates_presence_of :name, :field_format
  validates_uniqueness_of :name
+  validates_length_of :name, :maximum => 30
  validates_format_of :name, :with => /^[\w\s\'\-]*$/i
  validates_inclusion_of :field_format, :in => FIELD_FORMATS.keys

@@ -40,6 +43,9 @@ class CustomField < ActiveRecord::Base
  def before_validation
    # remove empty values
    self.possible_values = self.possible_values.collect{|v| v unless v.empty?}.compact
+    # make sure these fields are not searchable
+    self.searchable = false if %w(int float date bool).include?(field_format)
+    true
  end
  
  def validate
@@ -49,6 +55,10 @@ class CustomField < ActiveRecord::Base
    end
  end

+  def <=>(field)
+    position <=> field.position
+  end
+  
  # to move in project_custom_field
  def self.for_all
    find(:all, :conditions => ["is_for_all=?", true])
--- a/app/models/custom_value.rb
+++ b/app/models/custom_value.rb
@@ -21,18 +21,19 @@ class CustomValue < ActiveRecord::Base

 protected
  def validate
-    errors.add(:value, :activerecord_error_blank) and return if custom_field.is_required? and value.empty?    
+    errors.add(:value, :activerecord_error_blank) and return if custom_field.is_required? and value.blank?    
    errors.add(:value, :activerecord_error_invalid) unless custom_field.regexp.blank? or value =~ Regexp.new(custom_field.regexp)
    errors.add(:value, :activerecord_error_too_short) if custom_field.min_length > 0 and value.length < custom_field.min_length and value.length > 0
    errors.add(:value, :activerecord_error_too_long) if custom_field.max_length > 0 and value.length > custom_field.max_length
    case custom_field.field_format
-    when "int"
-      errors.add(:value, :activerecord_error_not_a_number) unless value =~ /^[0-9]*$/	
-    when "date"
-      errors.add(:value, :activerecord_error_not_a_date) unless value =~ /^\d{4}-\d{2}-\d{2}$/ or value.empty?
-    when "list"
-      errors.add(:value, :activerecord_error_inclusion) unless custom_field.possible_values.include? value or value.empty?
+    when 'int'
+      errors.add(:value, :activerecord_error_not_a_number) unless value.blank? || value =~ /^[+-]?\d+$/	
+    when 'float'
+      begin; !value.blank? && Kernel.Float(value); rescue; errors.add(:value, :activerecord_error_invalid) end
+    when 'date'
+      errors.add(:value, :activerecord_error_not_a_date) unless value =~ /^\d{4}-\d{2}-\d{2}$/ or value.blank?
+    when 'list'
+      errors.add(:value, :activerecord_error_inclusion) unless custom_field.possible_values.include?(value) or value.blank?
    end
  end
 end
-
--- a/app/models/document.rb
+++ b/app/models/document.rb
@@ -20,5 +20,11 @@ class Document < ActiveRecord::Base
  belongs_to :category, :class_name => "Enumeration", :foreign_key => "category_id"
  has_many :attachments, :as => :container, :dependent => :destroy

+  acts_as_searchable :columns => ['title', 'description']
+  acts_as_event :title => Proc.new {|o| "#{l(:label_document)}: #{o.title}"},
+                :author => Proc.new {|o| (a = o.attachments.find(:first, :order => "#{Attachment.table_name}.created_on ASC")) ? a.author : nil },
+                :url => Proc.new {|o| {:controller => 'documents', :action => 'show', :id => o.id}}
+
  validates_presence_of :project, :title, :category
+  validates_length_of :title, :maximum => 60
 end
--- a/app/models/enabled_module.rb
+++ b/app/models/enabled_module.rb
@@ -1,5 +1,5 @@
 # redMine - project management software
-# Copyright (C) 2006  Jean-Philippe Lang
+# Copyright (C) 2006-2007  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -15,5 +15,9 @@
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

-module FeedsHelper
+class EnabledModule < ActiveRecord::Base
+  belongs_to :project
+  
+  validates_presence_of :name
+  validates_uniqueness_of :name, :scope => :project_id
 end
--- a/app/models/enumeration.rb
+++ b/app/models/enumeration.rb
@@ -16,25 +16,42 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class Enumeration < ActiveRecord::Base
+  acts_as_list :scope => 'opt = \'#{opt}\''
+
  before_destroy :check_integrity
  
  validates_presence_of :opt, :name
  validates_uniqueness_of :name, :scope => [:opt]
+  validates_length_of :name, :maximum => 30
  validates_format_of :name, :with => /^[\w\s\'\-]*$/i
-	
-	OPTIONS = {
-	  "IPRI" => :enumeration_issue_priorities,
-      "DCAT" => :enumeration_doc_categories,
-      "ACTI" => :enumeration_activities
-	}.freeze
-	
-	def self.get_values(option)
-		find(:all, :conditions => ['opt=?', option])
-	end
-	
+
+  OPTIONS = {
+    "IPRI" => :enumeration_issue_priorities,
+    "DCAT" => :enumeration_doc_categories,
+    "ACTI" => :enumeration_activities
+  }.freeze
+  
+  def self.get_values(option)
+    find(:all, :conditions => {:opt => option}, :order => 'position')
+  end
+  
+  def self.default(option)  
+    find(:first, :conditions => {:opt => option, :is_default => true}, :order => 'position')
+  end
+
  def option_name
    OPTIONS[self.opt]
  end
+
+  def before_save
+    Enumeration.update_all("is_default = #{connection.quoted_false}", {:opt => opt}) if is_default?
+  end
+  
+  def <=>(enumeration)
+    position <=> enumeration.position
+  end
+  
+  def to_s; name end
  
 private
  def check_integrity
--- a/app/models/issue.rb
+++ b/app/models/issue.rb
@@ -36,14 +36,60 @@ class Issue < ActiveRecord::Base
  has_many :relations_to, :class_name => 'IssueRelation', :foreign_key => 'issue_to_id', :dependent => :delete_all
  
  acts_as_watchable
+  acts_as_searchable :columns => ['subject', 'description'], :with => {:journal => :issue}
+  acts_as_event :title => Proc.new {|o| "#{o.tracker.name} ##{o.id}: #{o.subject}"},
+                :url => Proc.new {|o| {:controller => 'issues', :action => 'show', :id => o.id}}                
  
-  validates_presence_of :subject, :description, :priority, :tracker, :author, :status
+  validates_presence_of :subject, :description, :priority, :project, :tracker, :author, :status
+  validates_length_of :subject, :maximum => 255
  validates_inclusion_of :done_ratio, :in => 0..100
+  validates_numericality_of :estimated_hours, :allow_nil => true
  validates_associated :custom_values, :on => :update

-  # set default status for new issues
-  def before_validation
-    self.status = IssueStatus.default if status.nil?
+  def after_initialize
+    if new_record?
+      # set default values for new records only
+      self.status ||= IssueStatus.default
+      self.priority ||= Enumeration.default('IPRI')
+    end
+  end
+  
+  def copy_from(arg)
+    issue = arg.is_a?(Issue) ? arg : Issue.find(arg)
+    self.attributes = issue.attributes.dup
+    self.custom_values = issue.custom_values.collect {|v| v.clone}
+    self
+  end
+  
+  # Move an issue to a new project and tracker
+  def move_to(new_project, new_tracker = nil)
+    transaction do
+      if new_project && project_id != new_project.id
+        # delete issue relations
+        self.relations_from.clear
+        self.relations_to.clear
+        # issue is moved to another project
+        self.category = nil 
+        self.fixed_version = nil
+        self.project = new_project
+      end
+      if new_tracker
+        self.tracker = new_tracker
+      end
+      if save
+        # Manually update project_id on related time entries
+        TimeEntry.update_all("project_id = #{new_project.id}", {:issue_id => id})
+      else
+        rollback_db_transaction
+        return false
+      end
+    end
+    return true
+  end
+  
+  def priority_id=(pid)
+    self.priority = nil
+    write_attribute(:priority_id, pid)
  end

  def validate
@@ -60,6 +106,10 @@ class Issue < ActiveRecord::Base
    end
  end
  
+  def validate_on_create
+    errors.add :tracker_id, :activerecord_error_invalid unless project.trackers.include?(tracker)
+  end
+  
  def before_create
    # default assignment based on category
    if assigned_to.nil? && category && category.assigned_to
@@ -78,17 +128,33 @@ class Issue < ActiveRecord::Base
      }
      # custom fields changes
      custom_values.each {|c|
+        next if (@custom_values_before_change[c.custom_field_id]==c.value ||
+                  (@custom_values_before_change[c.custom_field_id].blank? && c.value.blank?))
        @current_journal.details << JournalDetail.new(:property => 'cf', 
                                                      :prop_key => c.custom_field_id,
                                                      :old_value => @custom_values_before_change[c.custom_field_id],
-                                                      :value => c.value) unless @custom_values_before_change[c.custom_field_id]==c.value
+                                                      :value => c.value)
      }      
-      @current_journal.save unless @current_journal.details.empty? and @current_journal.notes.empty?
+      @current_journal.save
    end
+    # Save the issue even if the journal is not saved (because empty)
+    true
  end
  
  def after_save
+    # Update start/due dates of following issues
    relations_from.each(&:set_issue_to_dates)
+    
+    # Close duplicates if the issue was closed
+    if @issue_before_change && !@issue_before_change.closed? && self.closed?
+      duplicates.each do |duplicate|
+        # Don't re-close it if it's already closed
+        next if duplicate.closed?
+        # Same user and notes
+        duplicate.init_journal(@current_journal.user, @current_journal.notes)
+        duplicate.update_attribute :status, self.status
+      end
+    end
  end
  
  def custom_value_for(custom_field)
@@ -104,6 +170,25 @@ class Issue < ActiveRecord::Base
    @current_journal
  end
  
+  # Return true if the issue is closed, otherwise false
+  def closed?
+    self.status.is_closed?
+  end
+  
+  # Users the issue can be assigned to
+  def assignable_users
+    project.assignable_users
+  end
+  
+  # Returns the mail adresses of users that should be notified for the issue
+  def recipients
+    recipients = project.recipients
+    # Author and assignee are always notified
+    recipients << author.mail if author
+    recipients << assigned_to.mail if assigned_to
+    recipients.compact.uniq
+  end
+  
  def spent_hours
    @spent_hours ||= time_entries.sum(:hours) || 0
  end
@@ -121,6 +206,11 @@ class Issue < ActiveRecord::Base
    dependencies
  end
  
+  # Returns an array of the duplicate issues
+  def duplicates
+    relations.select {|r| r.relation_type == IssueRelation::TYPE_DUPLICATES}.collect {|r| r.other_issue(self)}
+  end
+  
  def duration
    (start_date && due_date) ? due_date - start_date : 0
  end
--- a/app/models/issue_category.rb
+++ b/app/models/issue_category.rb
@@ -16,15 +16,28 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class IssueCategory < ActiveRecord::Base
-  before_destroy :check_integrity  
  belongs_to :project
  belongs_to :assigned_to, :class_name => 'User', :foreign_key => 'assigned_to_id'
-
+  has_many :issues, :foreign_key => 'category_id', :dependent => :nullify
+  
  validates_presence_of :name
  validates_uniqueness_of :name, :scope => [:project_id]
+  validates_length_of :name, :maximum => 30
  
-private
-  def check_integrity
-    raise "Can't delete category" if Issue.find(:first, :conditions => ["category_id=?", self.id])
+  alias :destroy_without_reassign :destroy
+  
+  # Destroy the category
+  # If a category is specified, issues are reassigned to this category
+  def destroy(reassign_to = nil)
+    if reassign_to && reassign_to.is_a?(IssueCategory) && reassign_to.project == self.project
+      Issue.update_all("category_id = #{reassign_to.id}", "category_id = #{id}")
+    end
+    destroy_without_reassign
  end
+  
+  def <=>(category)
+    name <=> category.name
+  end
+  
+  def to_s; name end
 end
--- a/app/models/issue_relation.rb
+++ b/app/models/issue_relation.rb
@@ -38,7 +38,7 @@ class IssueRelation < ActiveRecord::Base
  def validate
    if issue_from && issue_to
      errors.add :issue_to_id, :activerecord_error_invalid if issue_from_id == issue_to_id
-      errors.add :issue_to_id, :activerecord_error_not_same_project unless issue_from.project_id == issue_to.project_id
+      errors.add :issue_to_id, :activerecord_error_not_same_project unless issue_from.project_id == issue_to.project_id || Setting.cross_project_issue_relations?
      errors.add_to_base :activerecord_error_circular_dependency if issue_to.all_dependent_issues.include? issue_from
    end
  end
--- a/app/models/issue_status.rb
+++ b/app/models/issue_status.rb
@@ -22,9 +22,8 @@ class IssueStatus < ActiveRecord::Base

  validates_presence_of :name
  validates_uniqueness_of :name
+  validates_length_of :name, :maximum => 30
  validates_format_of :name, :with => /^[\w\s\'\-]*$/i
-  validates_length_of :html_color, :is => 6
-  validates_format_of :html_color, :with => /^[a-f0-9]*$/i

  def before_save
    IssueStatus.update_all "is_default=#{connection.quoted_false}" if self.is_default?
@@ -51,6 +50,14 @@ class IssueStatus < ActiveRecord::Base
    new_statuses ? new_statuses.sort{|x, y| x.position <=> y.position } : []
  end
  
+  def new_status_allowed_to?(status, role, tracker)
+    status && role && tracker ?
+      !workflows.find(:first, :conditions => {:new_status_id => status.id, :role_id => role.id, :tracker_id => tracker.id}).nil? :
+      false
+  end
+
+  def to_s; name end
+
 private
  def check_integrity
    raise "Can't delete status" if Issue.find(:first, :conditions => ["status_id=?", self.id])
--- a/app/models/journal.rb
+++ b/app/models/journal.rb
@@ -23,4 +23,25 @@ class Journal < ActiveRecord::Base
  
  belongs_to :user
  has_many :details, :class_name => "JournalDetail", :dependent => :delete_all
+  
+  acts_as_searchable :columns => 'notes',
+                     :include => :issue,
+                     :project_key => "#{Issue.table_name}.project_id",
+                     :date_column => "#{Issue.table_name}.created_on"
+  
+  acts_as_event :title => Proc.new {|o| "#{o.issue.tracker.name} ##{o.issue.id}: #{o.issue.subject}" + ((s = o.new_status) ? " (#{s})" : '') },
+                :description => :notes,
+                :author => :user,
+                :url => Proc.new {|o| {:controller => 'issues', :action => 'show', :id => o.issue.id}}
+
+  def save
+    # Do not save an empty journal
+    (details.empty? && notes.blank?) ? false : super
+  end
+  
+  # Returns the new status if the journal contains a status change, otherwise nil
+  def new_status
+    c = details.detect {|detail| detail.prop_key == 'status_id'}
+    (c && c.value) ? IssueStatus.find_by_id(c.value.to_i) : nil
+  end
 end
--- a/app/models/mail_handler.rb
+++ b/app/models/mail_handler.rb
@@ -31,7 +31,7 @@ class MailHandler < ActionMailer::Base
    user = User.find_active(:first, :conditions => {:mail => email.from.first})
    return unless user
    # check permission
-    return unless Permission.allowed_to_role("issues/add_note", user.role_for_project(issue.project))
+    return unless user.allowed_to?(:add_issue_notes, issue.project)
    
    # add the note
    issue.init_journal(user, email.body.chomp)
--- a/app/models/mailer.rb
+++ b/app/models/mailer.rb
@@ -16,101 +16,145 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class Mailer < ActionMailer::Base
+  helper ApplicationHelper
  helper IssuesHelper
+  helper CustomFieldsHelper
  
-  def account_information(user, password)
-    set_language_if_valid user.language
-    recipients user.mail
-    from Setting.mail_from
-    subject l(:mail_subject_register)
-    body :user => user, :password => password
-  end
-
-  def issue_add(issue)
-    set_language_if_valid(Setting.default_language)
-    # Sends to all project members
-    @recipients     = issue.project.members.collect { |m| m.user.mail if m.user.mail_notification }.compact
-    # Sends to author and assignee (even if they turned off mail notification)
-    @recipients     << issue.author.mail if issue.author
-    @recipients     << issue.assigned_to.mail if issue.assigned_to
-    @recipients.compact!
-    @recipients.uniq!
-    @from           = Setting.mail_from
-    @subject        = "[#{issue.project.name} - #{issue.tracker.name} ##{issue.id}] #{issue.status.name} - #{issue.subject}"
-    @body['issue']  = issue
+  include ActionController::UrlWriter
+  
+  def issue_add(issue)    
+    recipients issue.recipients    
+    subject "[#{issue.project.name} - #{issue.tracker.name} ##{issue.id}] #{issue.status.name} - #{issue.subject}"
+    body :issue => issue,
+         :issue_url => url_for(:controller => 'issues', :action => 'show', :id => issue)
  end

  def issue_edit(journal)
-    set_language_if_valid(Setting.default_language)
-    # Sends to all project members
    issue = journal.journalized
-    @recipients     = issue.project.members.collect { |m| m.user.mail if m.user.mail_notification }
-    # Sends to author and assignee (even if they turned off mail notification)
-    @recipients     << issue.author.mail if issue.author
-    @recipients     << issue.assigned_to.mail if issue.assigned_to
-    @recipients.compact!
-    @recipients.uniq!
+    recipients issue.recipients
    # Watchers in cc
-    @cc             = issue.watcher_recipients - @recipients
-    @from           = Setting.mail_from
-    @subject        = "[#{issue.project.name} - #{issue.tracker.name} ##{issue.id}] #{issue.status.name} - #{issue.subject}"
-    @body['issue']  = issue
-    @body['journal']= journal
+    cc(issue.watcher_recipients - @recipients)
+    subject "[#{issue.project.name} - #{issue.tracker.name} ##{issue.id}] #{issue.status.name} - #{issue.subject}"
+    body :issue => issue,
+         :journal => journal,
+         :issue_url => url_for(:controller => 'issues', :action => 'show', :id => issue)
  end
  
-  def document_add(document)
-    set_language_if_valid(Setting.default_language)
-    @recipients     = document.project.users.collect { |u| u.mail if u.mail_notification }.compact
-    @from           = Setting.mail_from
-    @subject        = "[#{document.project.name}] #{l(:label_document_new)}: #{document.title}"
-    @body['document'] = document
+  def document_added(document)
+    recipients document.project.recipients
+    subject "[#{document.project.name}] #{l(:label_document_new)}: #{document.title}"
+    body :document => document,
+         :document_url => url_for(:controller => 'documents', :action => 'show', :id => document)
  end
  
-  def attachments_add(attachments)
-    set_language_if_valid(Setting.default_language)
+  def attachments_added(attachments)
    container = attachments.first.container
-    url = "http://#{Setting.host_name}/"
-    added_to = ""
-    case container.class.to_s
+    added_to = ''
+    added_to_url = ''
+    case container.class.name
    when 'Version'
-      url << "projects/list_files/#{container.project_id}"
+      added_to_url = url_for(:controller => 'projects', :action => 'list_files', :id => container.project_id)
      added_to = "#{l(:label_version)}: #{container.name}"
    when 'Document'
-      url << "documents/show/#{container.id}"
+      added_to_url = url_for(:controller => 'documents', :action => 'show', :id => container.id)
      added_to = "#{l(:label_document)}: #{container.title}"
-    when 'Issue'
-      url << "issues/show/#{container.id}"
-      added_to = "#{container.tracker.name} ##{container.id}: #{container.subject}"
    end
-    @recipients     = container.project.users.collect { |u| u.mail if u.mail_notification }.compact
-    @from           = Setting.mail_from
-    @subject        = "[#{container.project.name}] #{l(:label_attachment_new)}"
-    @body['attachments'] = attachments
-    @body['url']    = url
-    @body['added_to'] = added_to
+    recipients container.project.recipients
+    subject "[#{container.project.name}] #{l(:label_attachment_new)}"
+    body :attachments => attachments,
+         :added_to => added_to,
+         :added_to_url => added_to_url
+  end
+
+  def news_added(news)
+    recipients news.project.recipients
+    subject "[#{news.project.name}] #{l(:label_news)}: #{news.title}"
+    body :news => news,
+         :news_url => url_for(:controller => 'news', :action => 'show', :id => news)
+  end
+
+  def message_posted(message, recipients)
+    recipients(recipients)
+    subject "[#{message.board.project.name} - #{message.board.name}] #{message.subject}"
+    body :message => message,
+         :message_url => url_for(:controller => 'messages', :action => 'show', :board_id => message.board_id, :id => message.root)
+  end
+   
+  def account_information(user, password)
+    set_language_if_valid user.language
+    recipients user.mail
+    subject l(:mail_subject_register)
+    body :user => user,
+         :password => password,
+         :login_url => url_for(:controller => 'account', :action => 'login')
  end
  
+  def account_activation_request(user)
+    # Send the email to all active administrators
+    recipients User.find_active(:all, :conditions => {:admin => true}).collect { |u| u.mail }.compact
+    subject l(:mail_subject_account_activation_request)
+    body :user => user,
+         :url => url_for(:controller => 'users', :action => 'index', :status => User::STATUS_REGISTERED, :sort_key => 'created_on', :sort_order => 'desc')
+  end
+
  def lost_password(token)
    set_language_if_valid(token.user.language)
-    @recipients     = token.user.mail
-    @from           = Setting.mail_from
-    @subject        = l(:mail_subject_lost_password)
-    @body['token']  = token
+    recipients token.user.mail
+    subject l(:mail_subject_lost_password)
+    body :token => token,
+         :url => url_for(:controller => 'account', :action => 'lost_password', :token => token.value)
  end  

  def register(token)
    set_language_if_valid(token.user.language)
-    @recipients     = token.user.mail
-    @from           = Setting.mail_from
-    @subject        = l(:mail_subject_register)
-    @body['token']  = token
+    recipients token.user.mail
+    subject l(:mail_subject_register)
+    body :token => token,
+         :url => url_for(:controller => 'account', :action => 'activate', :token => token.value)
  end
  
-  def message_posted(message, recipients)
-    set_language_if_valid(Setting.default_language)
-    @recipients     = recipients
-    @from           = Setting.mail_from
-    @subject        = "[#{message.board.project.name} - #{message.board.name}] #{message.subject}"
-    @body['message'] = message
+  def test(user)
+    set_language_if_valid(user.language)
+    recipients user.mail
+    subject 'Redmine test'
+    body :url => url_for(:controller => 'welcome')
  end
+  
+  private
+  def initialize_defaults(method_name)
+    super
+    set_language_if_valid Setting.default_language
+    from Setting.mail_from
+    default_url_options[:host] = Setting.host_name
+    default_url_options[:protocol] = Setting.protocol
+  end
+  
+  # Overrides the create_mail method
+  def create_mail
+    # Removes the current user from the recipients and cc
+    # if he doesn't want to receive notifications about what he does
+    if User.current.pref[:no_self_notified]
+      recipients.delete(User.current.mail) if recipients
+      cc.delete(User.current.mail) if cc
+    end
+    # Blind carbon copy recipients
+    if Setting.bcc_recipients?
+      bcc([recipients, cc].flatten.compact.uniq)
+      recipients []
+      cc []
+    end    
+    super
+  end
+  
+  # Renders a message with the corresponding layout
+  def render_message(method_name, body)
+    layout = method_name.match(%r{text\.html\.(rhtml|rxml)}) ? 'layout.text.html.rhtml' : 'layout.text.plain.rhtml'
+    body[:content_for_layout] = render(:file => method_name, :body => body)
+    ActionView::Base.new(template_root, body, self).render(:file => "mailer/#{layout}")
+  end
+  
+  # Makes partial rendering work with Rails 1.2 (retro-compatibility)
+  def self.controller_path
+    ''
+  end unless respond_to?('controller_path')
 end
--- a/app/models/member.rb
+++ b/app/models/member.rb
@@ -23,6 +23,10 @@ class Member < ActiveRecord::Base
  validates_presence_of :role, :user, :project
  validates_uniqueness_of :user_id, :scope => :project_id

+  def validate
+    errors.add :role_id, :activerecord_error_invalid if role && !role.member?
+  end
+  
  def name
    self.user.name
  end
--- a/app/models/message.rb
+++ b/app/models/message.rb
@@ -22,9 +22,23 @@ class Message < ActiveRecord::Base
  has_many :attachments, :as => :container, :dependent => :destroy
  belongs_to :last_reply, :class_name => 'Message', :foreign_key => 'last_reply_id'
  
+  acts_as_searchable :columns => ['subject', 'content'],
+                     :include => :board,
+                     :project_key => 'project_id',
+                     :date_column => 'created_on'
+  acts_as_event :title => Proc.new {|o| "#{o.board.name}: #{o.subject}"},
+                :description => :content,
+                :url => Proc.new {|o| {:controller => 'messages', :action => 'show', :board_id => o.board_id, :id => o.id}}
+  
+  attr_protected :locked, :sticky
  validates_presence_of :subject, :content
  validates_length_of :subject, :maximum => 255
  
+  def validate_on_create
+    # Can not reply to a locked topic
+    errors.add_to_base 'Topic is locked' if root.locked?
+  end
+  
  def after_create
    board.update_attribute(:last_message_id, self.id)
    board.increment! :messages_count
@@ -35,6 +49,18 @@ class Message < ActiveRecord::Base
    end
  end
  
+  def after_destroy
+    # The following line is required so that the previous counter
+    # updates (due to children removal) are not overwritten
+    board.reload
+    board.decrement! :messages_count
+    board.decrement! :topics_count unless parent
+  end
+  
+  def sticky?
+    sticky == 1
+  end
+  
  def project
    board.project
  end
--- a/app/models/message_observer.rb
+++ b/app/models/message_observer.rb
@@ -17,8 +17,11 @@

 class MessageObserver < ActiveRecord::Observer
  def after_create(message)
-    # send notification to board watchers
-    recipients = message.board.watcher_recipients
-    Mailer.deliver_message_posted(message, recipients) unless recipients.empty?
+    # send notification to the authors of the thread
+    recipients = ([message.root] + message.root.children).collect {|m| m.author.mail if m.author}
+    # send notification to the board watchers
+    recipients += message.board.watcher_recipients
+    recipients = recipients.compact.uniq
+    Mailer.deliver_message_posted(message, recipients) if !recipients.empty? && Setting.notified_events.include?('message_posted')
  end
 end
--- a/app/models/news.rb
+++ b/app/models/news.rb
@@ -21,7 +21,12 @@ class News < ActiveRecord::Base
  has_many :comments, :as => :commented, :dependent => :delete_all, :order => "created_on"
  
  validates_presence_of :title, :description
-  
+  validates_length_of :title, :maximum => 60
+  validates_length_of :summary, :maximum => 255
+
+  acts_as_searchable :columns => ['title', 'description']
+  acts_as_event :url => Proc.new {|o| {:controller => 'news', :action => 'show', :id => o.id}}
+
  # returns latest news for projects visible by user
  def self.latest(user=nil, count=5)
    find(:all, :limit => count, :conditions => Project.visible_by(user), :include => [ :author, :project ], :order => "#{News.table_name}.created_on DESC")	
--- a/app/models/permission.rb
+++ b/app/models/permission.rb
@@ -1,68 +0,0 @@
-# redMine - project management software
-# Copyright (C) 2006  Jean-Philippe Lang
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-# 
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-# 
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
-
-class Permission < ActiveRecord::Base
-  has_and_belongs_to_many :roles
-
-  validates_presence_of :controller, :action, :description
-
-  GROUPS = {
-    100 => :label_project,
-    200 => :label_member_plural,
-    300 => :label_version_plural,
-    400 => :label_issue_category_plural,
-    600 => :label_query_plural,
-    1000 => :label_issue_plural,
-    1100 => :label_news_plural,
-    1200 => :label_document_plural,
-    1300 => :label_attachment_plural,
-    1400 => :label_repository,
-    1500 => :label_time_tracking,
-    1700 => :label_wiki_page_plural,
-    2000 => :label_board_plural
-  }.freeze
-  
-  @@cached_perms_for_public = nil
-  @@cached_perms_for_roles = nil
-  
-  def name
-    self.controller + "/" + self.action
-  end
-  
-  def group_id
-    (self.sort / 100)*100
-  end
-  
-  def self.allowed_to_public(action)
-    @@cached_perms_for_public ||= find(:all, :conditions => ["is_public=?", true]).collect {|p| "#{p.controller}/#{p.action}"}
-    @@cached_perms_for_public.include? action
-  end
-  
-  def self.allowed_to_role(action, role)
-    @@cached_perms_for_roles ||=
-      begin
-        perms = {}
-        find(:all, :include => :roles).each {|p| perms.store "#{p.controller}/#{p.action}", p.roles.collect {|r| r.id } }
-        perms
-      end
-    allowed_to_public(action) or (role && @@cached_perms_for_roles[action] && @@cached_perms_for_roles[action].include?(role.id))
-  end
-  
-  def self.allowed_to_role_expired
-    @@cached_perms_for_roles = nil
-  end
-end
--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -20,10 +20,13 @@ class Project < ActiveRecord::Base
  STATUS_ACTIVE     = 1
  STATUS_ARCHIVED   = 9
  
-  has_many :members, :dependent => :delete_all, :include => :user, :conditions => "#{User.table_name}.status=#{User::STATUS_ACTIVE}"
+  has_many :members, :include => :user, :conditions => "#{User.table_name}.status=#{User::STATUS_ACTIVE}"
  has_many :users, :through => :members
  has_many :custom_values, :dependent => :delete_all, :as => :customized
+  has_many :enabled_modules, :dependent => :delete_all
+  has_and_belongs_to_many :trackers, :order => "#{Tracker.table_name}.position"
  has_many :issues, :dependent => :destroy, :order => "#{Issue.table_name}.created_on DESC", :include => [:status, :tracker]
+  has_many :issue_changes, :through => :issues, :source => :journals
  has_many :versions, :dependent => :destroy, :order => "#{Version.table_name}.effective_date DESC, #{Version.table_name}.name DESC"
  has_many :time_entries, :dependent => :delete_all
  has_many :queries, :dependent => :delete_all
@@ -32,22 +35,35 @@ class Project < ActiveRecord::Base
  has_many :issue_categories, :dependent => :delete_all, :order => "#{IssueCategory.table_name}.name"
  has_many :boards, :order => "position ASC"
  has_one :repository, :dependent => :destroy
+  has_many :changesets, :through => :repository
  has_one :wiki, :dependent => :destroy
-  has_and_belongs_to_many :custom_fields, :class_name => 'IssueCustomField', :join_table => "#{table_name_prefix}custom_fields_projects#{table_name_suffix}", :association_foreign_key => 'custom_field_id'
+  # Custom field for the project issues
+  has_and_belongs_to_many :custom_fields, 
+                          :class_name => 'IssueCustomField',
+                          :order => "#{CustomField.table_name}.position",
+                          :join_table => "#{table_name_prefix}custom_fields_projects#{table_name_suffix}",
+                          :association_foreign_key => 'custom_field_id'
+                          
  acts_as_tree :order => "name", :counter_cache => true
-  
-  attr_protected :status
+
+  acts_as_searchable :columns => ['name', 'description'], :project_key => 'id'
+  acts_as_event :title => Proc.new {|o| "#{l(:label_project)}: #{o.name}"},
+                :url => Proc.new {|o| {:controller => 'projects', :action => 'show', :id => o.id}}
+
+  attr_protected :status, :enabled_module_names
  
  validates_presence_of :name, :description, :identifier
  validates_uniqueness_of :name, :identifier
  validates_associated :custom_values, :on => :update
  validates_associated :repository, :wiki
  validates_length_of :name, :maximum => 30
-  validates_format_of :name, :with => /^[\w\s\'\-]*$/i
  validates_length_of :description, :maximum => 255
-  validates_length_of :identifier, :in => 3..12
+  validates_length_of :homepage, :maximum => 60
+  validates_length_of :identifier, :in => 3..20
  validates_format_of :identifier, :with => /^[a-z0-9\-]*$/
  
+  before_destroy :delete_all_members
+  
  def identifier=(identifier)
    super unless identifier_frozen?
  end
@@ -63,11 +79,22 @@ class Project < ActiveRecord::Base
      conditions = ["#{Issue.table_name}.project_id IN (#{ids.join(',')})"]
    end
    conditions ||= ["#{Issue.table_name}.project_id = ?", id]
-    Issue.with_scope :find => { :conditions => conditions } do 
+    # Quick and dirty fix for Rails 2 compatibility
+    Issue.send(:with_scope, :find => { :conditions => conditions }) do 
      yield
    end 
  end
-  
+
+  # Return all issues status changes for the project between the 2 given dates
+  def issues_status_changes(from, to)
+    Journal.find(:all, :include => [:issue, :details, :user],
+                       :conditions => ["#{Journal.table_name}.journalized_type = 'Issue'" +
+                                       " AND #{Issue.table_name}.project_id = ?" +
+                                       " AND #{JournalDetail.table_name}.prop_key = 'status_id'" +
+                                       " AND #{Journal.table_name}.created_on BETWEEN ? AND ?",
+                                       id, from, to+1])
+  end
+
  # returns latest created projects
  # non public projects will be returned only if user is a member of those
  def self.latest(user=nil, count=5)
@@ -76,11 +103,11 @@ class Project < ActiveRecord::Base

  def self.visible_by(user=nil)
    if user && user.admin?
-      return ["#{Project.table_name}.status=#{Project::STATUS_ACTIVE}"]
+      return "#{Project.table_name}.status=#{Project::STATUS_ACTIVE}"
    elsif user && user.memberships.any?
-      return ["#{Project.table_name}.status=#{Project::STATUS_ACTIVE} AND (#{Project.table_name}.is_public = ? or #{Project.table_name}.id IN (#{user.memberships.collect{|m| m.project_id}.join(',')}))", true]
+      return "#{Project.table_name}.status=#{Project::STATUS_ACTIVE} AND (#{Project.table_name}.is_public = #{connection.quoted_true} or #{Project.table_name}.id IN (#{user.memberships.collect{|m| m.project_id}.join(',')}))"
    else
-      return ["#{Project.table_name}.status=#{Project::STATUS_ACTIVE} AND #{Project.table_name}.is_public = ?", true]
+      return "#{Project.table_name}.status=#{Project::STATUS_ACTIVE} AND #{Project.table_name}.is_public = #{connection.quoted_true}"
    end
  end
  
@@ -105,6 +132,21 @@ class Project < ActiveRecord::Base
    children.select {|child| child.active?}
  end
  
+  # Deletes all project's members
+  def delete_all_members
+    Member.delete_all(['project_id = ?', id])
+  end
+  
+  # Users issues can be assigned to
+  def assignable_users
+    members.select {|m| m.role.assignable?}.collect {|m| m.user}.sort
+  end
+  
+  # Returns the mail adresses of users that should be always notified on project events
+  def recipients
+    members.select {|m| m.mail_notification? || m.user.mail_notification?}.collect {|m| m.user.mail}
+  end
+  
  # Returns an array of all custom fields enabled for project issues
  # (explictly associated custom fields and custom fields enabled for all projects)
  def custom_fields_for_issues(tracker)
@@ -114,10 +156,47 @@ class Project < ActiveRecord::Base
  def all_custom_fields
    @all_custom_fields ||= (IssueCustomField.for_all + custom_fields).uniq
  end
+  
+  def <=>(project)
+    name.downcase <=> project.name.downcase
+  end
+  
+  def allows_to?(action)
+    if action.is_a? Hash
+      allowed_actions.include? "#{action[:controller]}/#{action[:action]}"
+    else
+      allowed_permissions.include? action
+    end
+  end
+  
+  def module_enabled?(module_name)
+    module_name = module_name.to_s
+    enabled_modules.detect {|m| m.name == module_name}
+  end
+  
+  def enabled_module_names=(module_names)
+    enabled_modules.clear
+    module_names = [] unless module_names && module_names.is_a?(Array)
+    module_names.each do |name|
+      enabled_modules << EnabledModule.new(:name => name.to_s)
+    end
+  end

 protected
  def validate
    errors.add(parent_id, " must be a root project") if parent and parent.parent
    errors.add_to_base("A project with subprojects can't be a subproject") if parent and children.size > 0
  end
+  
+private
+  def allowed_permissions
+    @allowed_permissions ||= begin
+      module_names = enabled_modules.collect {|m| m.name}
+      Redmine::AccessControl.modules_permissions(module_names).collect {|p| p.name}
+    end
+  end
+
+  def allowed_actions
+    @actions_allowed ||= allowed_permissions.inject([]) { |actions, permission| actions += Redmine::AccessControl.allowed_actions(permission) }.flatten
+  end
 end
--- a/app/models/query.rb
+++ b/app/models/query.rb
@@ -15,15 +15,48 @@
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

+class QueryColumn  
+  attr_accessor :name, :sortable
+  include GLoc
+  
+  def initialize(name, options={})
+    self.name = name
+    self.sortable = options[:sortable]
+  end
+  
+  def caption
+    set_language_if_valid(User.current.language)
+    l("field_#{name}")
+  end
+end
+
+class QueryCustomFieldColumn < QueryColumn
+
+  def initialize(custom_field)
+    self.name = "cf_#{custom_field.id}".to_sym
+    self.sortable = false
+    @cf = custom_field
+  end
+  
+  def caption
+    @cf.name
+  end
+  
+  def custom_field
+    @cf
+  end
+end
+
 class Query < ActiveRecord::Base
  belongs_to :project
  belongs_to :user
  serialize :filters
+  serialize :column_names
  
  attr_protected :project, :user
-  attr_accessor :executed_by
  
  validates_presence_of :name, :on => :save
+  validates_length_of :name, :maximum => 255
    
  @@operators = { "="   => :label_equals, 
                  "!"   => :label_not_equals,
@@ -31,10 +64,13 @@ class Query < ActiveRecord::Base
                  "c"   => :label_closed_issues,
                  "!*"  => :label_none,
                  "*"   => :label_all,
+                  ">="   => '>=',
+                  "<="   => '<=',
                  "<t+" => :label_in_less_than,
                  ">t+" => :label_in_more_than,
                  "t+"  => :label_in,
                  "t"   => :label_today,
+                  "w"   => :label_this_week,
                  ">t-" => :label_less_than_ago,
                  "<t-" => :label_more_than_ago,
                  "t-"  => :label_ago,
@@ -47,21 +83,35 @@ class Query < ActiveRecord::Base
                                 :list_status => [ "o", "=", "!", "c", "*" ],
                                 :list_optional => [ "=", "!", "!*", "*" ],
                                 :list_one_or_more => [ "*", "=" ],
-                                 :date => [ "<t+", ">t+", "t+", "t", ">t-", "<t-", "t-" ],
-                                 :date_past => [ ">t-", "<t-", "t-", "t" ],
+                                 :date => [ "<t+", ">t+", "t+", "t", "w", ">t-", "<t-", "t-" ],
+                                 :date_past => [ ">t-", "<t-", "t-", "t", "w" ],
                                 :string => [ "=", "~", "!", "!~" ],
-                                 :text => [  "~", "!~" ] }
+                                 :text => [  "~", "!~" ],
+                                 :integer => [ "=", ">=", "<=" ] }

  cattr_reader :operators_by_filter_type

+  @@available_columns = [
+    QueryColumn.new(:tracker, :sortable => "#{Tracker.table_name}.position"),
+    QueryColumn.new(:status, :sortable => "#{IssueStatus.table_name}.position"),
+    QueryColumn.new(:priority, :sortable => "#{Enumeration.table_name}.position"),
+    QueryColumn.new(:subject),
+    QueryColumn.new(:assigned_to, :sortable => "#{User.table_name}.lastname"),
+    QueryColumn.new(:updated_on, :sortable => "#{Issue.table_name}.updated_on"),
+    QueryColumn.new(:category, :sortable => "#{IssueCategory.table_name}.name"),
+    QueryColumn.new(:fixed_version),
+    QueryColumn.new(:start_date, :sortable => "#{Issue.table_name}.start_date"),
+    QueryColumn.new(:due_date, :sortable => "#{Issue.table_name}.due_date"),
+    QueryColumn.new(:estimated_hours, :sortable => "#{Issue.table_name}.estimated_hours"),
+    QueryColumn.new(:done_ratio, :sortable => "#{Issue.table_name}.done_ratio"),
+    QueryColumn.new(:created_on, :sortable => "#{Issue.table_name}.created_on"),
+  ]
+  cattr_reader :available_columns
+  
  def initialize(attributes = nil)
    super attributes
    self.filters ||= { 'status_id' => {:operator => "o", :values => [""]} }
-  end
-  
-  def executed_by=(user)
-    @executed_by = user
-    set_language_if_valid(user.language) if user
+    set_language_if_valid(User.current.language)
  end
  
  def validate
@@ -70,14 +120,14 @@ class Query < ActiveRecord::Base
          # filter requires one or more values
          (values_for(field) and !values_for(field).first.empty?) or 
          # filter doesn't require any value
-          ["o", "c", "!*", "*", "t"].include? operator_for(field)
+          ["o", "c", "!*", "*", "t", "w"].include? operator_for(field)
    end if filters
  end
  
  def editable_by?(user)
    return false unless user
    return true if !is_public && self.user_id == user.id
-    is_public && user.authorized_to(project, "projects/add_query")
+    is_public && user.allowed_to?(:manage_public_queries, project)
  end
  
  def available_filters
@@ -89,15 +139,22 @@ class Query < ActiveRecord::Base
                           "created_on" => { :type => :date_past, :order => 9 },                        
                           "updated_on" => { :type => :date_past, :order => 10 },
                           "start_date" => { :type => :date, :order => 11 },
-                           "due_date" => { :type => :date, :order => 12 } }                          
-    unless project.nil?
-      # project specific filters
-      user_values = []
-      user_values << ["<< #{l(:label_me)} >>", "me"] if executed_by
-      user_values += @project.users.collect{|s| [s.name, s.id.to_s] }
-      
-      @available_filters["assigned_to_id"] = { :type => :list_optional, :order => 4, :values => user_values }  
-      @available_filters["author_id"] = { :type => :list, :order => 5, :values => user_values }  
+                           "due_date" => { :type => :date, :order => 12 },
+                           "done_ratio" =>  { :type => :integer, :order => 13 }}                          
+    
+    user_values = []
+    user_values << ["<< #{l(:label_me)} >>", "me"] if User.current.logged?
+    if project
+      user_values += project.users.sort.collect{|s| [s.name, s.id.to_s] }
+    else
+      # members of the user's projects
+      user_values += User.current.projects.collect(&:users).flatten.uniq.sort.collect{|s| [s.name, s.id.to_s] }
+    end
+    @available_filters["assigned_to_id"] = { :type => :list_optional, :order => 4, :values => user_values } unless user_values.empty?
+    @available_filters["author_id"] = { :type => :list, :order => 5, :values => user_values } unless user_values.empty?
+  
+    if project
+      # project specific filters      
      @available_filters["category_id"] = { :type => :list_optional, :order => 6, :values => @project.issue_categories.collect{|s| [s.name, s.id.to_s] } }
      @available_filters["fixed_version_id"] = { :type => :list_optional, :order => 7, :values => @project.versions.sort.collect{|s| [s.name, s.id.to_s] } }
      unless @project.active_children.empty?
@@ -105,8 +162,6 @@ class Query < ActiveRecord::Base
      end
      @project.all_custom_fields.select(&:is_filter?).each do |field|
        case field.field_format
-        when "string", "int"
-          options = { :type => :string, :order => 20 }
        when "text"
          options = { :type => :text, :order => 20 }
        when "list"
@@ -115,6 +170,8 @@ class Query < ActiveRecord::Base
          options = { :type => :date, :order => 20 }
        when "bool"
          options = { :type => :list, :values => [[l(:general_text_yes), "1"], [l(:general_text_no), "0"]], :order => 20 }
+        else
+          options = { :type => :string, :order => 20 }
        end          
        @available_filters["cf_#{field.id}"] = options.merge({ :name => field.name })
      end
@@ -161,42 +218,79 @@ class Query < ActiveRecord::Base
    label = @available_filters[field][:name] if @available_filters.has_key?(field)
    label ||= field.gsub(/\_id$/, "")
  end
+
+  def available_columns
+    return @available_columns if @available_columns
+    @available_columns = Query.available_columns
+    @available_columns += (project ? 
+                            project.custom_fields :
+                            IssueCustomField.find(:all, :conditions => {:is_for_all => true})
+                           ).collect {|cf| QueryCustomFieldColumn.new(cf) }      
+  end
  
+  def columns
+    if has_default_columns?
+      available_columns.select {|c| Setting.issue_list_default_columns.include?(c.name.to_s) }
+    else
+      # preserve the column_names order
+      column_names.collect {|name| available_columns.find {|col| col.name == name}}.compact
+    end
+  end
+  
+  def column_names=(names)
+    names = names.select {|n| n.is_a?(Symbol) || !n.blank? } if names
+    names = names.collect {|n| n.is_a?(Symbol) ? n : n.to_sym } if names
+    write_attribute(:column_names, names)
+  end
+  
+  def has_column?(column)
+    column_names && column_names.include?(column.name)
+  end
+  
+  def has_default_columns?
+    column_names.nil? || column_names.empty?
+  end
+
  def statement
-    sql = "1=1"
-    if has_filter?("subproject_id")
+    # project/subprojects clause
+    clause = ''
+    if project && has_filter?("subproject_id")
      subproject_ids = []
      if operator_for("subproject_id") == "="
        subproject_ids = values_for("subproject_id").each(&:to_i)
      else
        subproject_ids = project.active_children.collect{|p| p.id}
      end
-      sql << " AND #{Issue.table_name}.project_id IN (%d,%s)" % [project.id, subproject_ids.join(",")] if project
+      clause << "#{Issue.table_name}.project_id IN (%d,%s)" % [project.id, subproject_ids.join(",")] if project
+    elsif project
+      clause << "#{Issue.table_name}.project_id=%d" % project.id
    else
-      sql << " AND #{Issue.table_name}.project_id=%d" % project.id if project
+      clause << Project.visible_by(User.current)
    end
+    
+    # filters clauses
+    filters_clauses = []
    filters.each_key do |field|
      next if field == "subproject_id"
      v = values_for(field).clone
      next unless v and !v.empty?
-        
-      sql = sql + " AND " unless sql.empty?      
-      sql << "("
-      
+            
+      sql = ''      
      if field =~ /^cf_(\d+)$/
        # custom field
        db_table = CustomValue.table_name
-        db_field = "value"
-        sql << "#{db_table}.custom_field_id = #{$1} AND "
+        db_field = 'value'
+        sql << "#{Issue.table_name}.id IN (SELECT #{db_table}.customized_id FROM #{db_table} where #{db_table}.customized_type='Issue' AND #{db_table}.customized_id=#{Issue.table_name}.id AND #{db_table}.custom_field_id=#{$1} AND "
      else
        # regular field
        db_table = Issue.table_name
        db_field = field
+        sql << '('
      end
      
      # "me" value subsitution
      if %w(assigned_to_id author_id).include?(field)
-        v.push(executed_by ? executed_by.id.to_s : "0") if v.delete("me")
+        v.push(User.current.logged? ? User.current.id.to_s : "0") if v.delete("me")
      end
      
      case operator_for field
@@ -208,6 +302,10 @@ class Query < ActiveRecord::Base
        sql = sql + "#{db_table}.#{db_field} IS NULL"
      when "*"
        sql = sql + "#{db_table}.#{db_field} IS NOT NULL"
+      when ">="
+        sql = sql + "#{db_table}.#{db_field} >= #{v.first.to_i}"
+      when "<="
+        sql = sql + "#{db_table}.#{db_field} <= #{v.first.to_i}"
      when "o"
        sql = sql + "#{IssueStatus.table_name}.is_closed=#{connection.quoted_false}" if field == "status_id"
      when "c"
@@ -226,14 +324,19 @@ class Query < ActiveRecord::Base
        sql = sql + "#{db_table}.#{db_field} BETWEEN '%s' AND '%s'" % [connection.quoted_date((Date.today + v.first.to_i).to_time), connection.quoted_date((Date.today + v.first.to_i + 1).to_time)]
      when "t"
        sql = sql + "#{db_table}.#{db_field} BETWEEN '%s' AND '%s'" % [connection.quoted_date(Date.today.to_time), connection.quoted_date((Date.today+1).to_time)]
+      when "w"
+        sql = sql + "#{db_table}.#{db_field} BETWEEN '%s' AND '%s'" % [connection.quoted_date(Time.now.at_beginning_of_week), connection.quoted_date(Time.now.next_week.yesterday)]
      when "~"
        sql = sql + "#{db_table}.#{db_field} LIKE '%#{connection.quote_string(v.first)}%'"
      when "!~"
        sql = sql + "#{db_table}.#{db_field} NOT LIKE '%#{connection.quote_string(v.first)}%'"
      end
-      sql << ")"
-      
+      sql << ')'
+      filters_clauses << sql
    end if filters and valid?
-    sql
+    
+    clause << ' AND ' unless clause.empty?
+    clause << filters_clauses.join(' AND ') unless filters_clauses.empty?
+    clause
  end
 end
--- a/app/models/repository.rb
+++ b/app/models/repository.rb
@@ -33,6 +33,10 @@ class Repository < ActiveRecord::Base
  def supports_cat?
    scm.supports_cat?
  end
+
+  def supports_annotate?
+    scm.supports_annotate?
+  end
  
  def entries(path=nil, identifier=nil)
    scm.entries(path, identifier)
@@ -42,6 +46,14 @@ class Repository < ActiveRecord::Base
    scm.diff(path, rev, rev_to, type)
  end
  
+  # Default behaviour: we search in cached changesets
+  def changesets_for_path(path)
+    path = "/#{path}" unless path.starts_with?('/')
+    Change.find(:all, :include => :changeset, 
+      :conditions => ["repository_id = ? AND path = ?", id, path],
+      :order => "committed_on DESC, #{Changeset.table_name}.revision DESC").collect(&:changeset)
+  end
+  
  def latest_changeset
    @latest_changeset ||= changesets.find(:first)
  end
--- a/app/models/repository/bazaar.rb
+++ b/app/models/repository/bazaar.rb
@@ -0,0 +1,86 @@
+# redMine - project management software
+# Copyright (C) 2006-2007  Jean-Philippe Lang
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+# 
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+
+require 'redmine/scm/adapters/bazaar_adapter'
+
+class Repository::Bazaar < Repository
+  attr_protected :root_url
+  validates_presence_of :url
+
+  def scm_adapter
+    Redmine::Scm::Adapters::BazaarAdapter
+  end
+  
+  def self.scm_name
+    'Bazaar'
+  end
+  
+  def entries(path=nil, identifier=nil)
+    entries = scm.entries(path, identifier)
+    if entries
+      entries.each do |e|
+        next if e.lastrev.revision.blank?
+        c = Change.find(:first,
+                        :include => :changeset,
+                        :conditions => ["#{Change.table_name}.revision = ? and #{Changeset.table_name}.repository_id = ?", e.lastrev.revision, id],
+                        :order => "#{Changeset.table_name}.revision DESC")
+        if c
+          e.lastrev.identifier = c.changeset.revision
+          e.lastrev.name = c.changeset.revision
+          e.lastrev.author = c.changeset.committer
+        end
+      end
+    end
+  end
+  
+  def fetch_changesets
+    scm_info = scm.info
+    if scm_info
+      # latest revision found in database
+      db_revision = latest_changeset ? latest_changeset.revision : 0
+      # latest revision in the repository
+      scm_revision = scm_info.lastrev.identifier.to_i
+      if db_revision < scm_revision
+        logger.debug "Fetching changesets for repository #{url}" if logger && logger.debug?
+        identifier_from = db_revision + 1
+        while (identifier_from <= scm_revision)
+          # loads changesets by batches of 200
+          identifier_to = [identifier_from + 199, scm_revision].min
+          revisions = scm.revisions('', identifier_to, identifier_from, :with_paths => true)
+          transaction do
+            revisions.reverse_each do |revision|
+              changeset = Changeset.create(:repository => self,
+                                           :revision => revision.identifier, 
+                                           :committer => revision.author, 
+                                           :committed_on => revision.time,
+                                           :scmid => revision.scmid,
+                                           :comments => revision.message)
+              
+              revision.paths.each do |change|
+                Change.create(:changeset => changeset,
+                              :action => change[:action],
+                              :path => change[:path],
+                              :revision => change[:revision])
+              end
+            end
+          end unless revisions.nil?
+          identifier_from = identifier_to + 1
+        end
+      end
+    end
+  end
+end
--- a/app/models/repository/cvs.rb
+++ b/app/models/repository/cvs.rb
@@ -100,7 +100,7 @@ class Repository::Cvs < Repository
        # is not exclusive at all. 
        unless changes.find_by_path_and_revision(scm.with_leading_slash(revision.paths[0][:path]), revision.paths[0][:revision])
          revision
-          cs=Changeset.find(:first, :conditions=>{
+          cs = changesets.find(:first, :conditions=>{
            :committed_on=>revision.time-time_delta..revision.time+time_delta,
            :committer=>revision.author,
            :comments=>revision.message
--- a/app/models/repository/subversion.rb
+++ b/app/models/repository/subversion.rb
@@ -20,7 +20,7 @@ require 'redmine/scm/adapters/subversion_adapter'
 class Repository::Subversion < Repository
  attr_protected :root_url
  validates_presence_of :url
-  validates_format_of :url, :with => /^(http|https|svn|file):\/\/.+/i
+  validates_format_of :url, :with => /^(http|https|svn|svn\+ssh|file):\/\/.+/i

  def scm_adapter
    Redmine::Scm::Adapters::SubversionAdapter
@@ -30,6 +30,11 @@ class Repository::Subversion < Repository
    'Subversion'
  end

+  def changesets_for_path(path)
+    revisions = scm.revisions(path)
+    revisions ? changesets.find_all_by_revision(revisions.collect(&:identifier), :order => "committed_on DESC") : []
+  end
+  
  def fetch_changesets
    scm_info = scm.info
    if scm_info
--- a/app/models/role.rb
+++ b/app/models/role.rb
@@ -16,22 +16,93 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class Role < ActiveRecord::Base
-  before_destroy :check_integrity  
-  has_and_belongs_to_many :permissions
+  # Built-in roles
+  BUILTIN_NON_MEMBER = 1
+  BUILTIN_ANONYMOUS  = 2
+  
+  before_destroy :check_deletable
  has_many :workflows, :dependent => :delete_all
  has_many :members
  acts_as_list
+  
+  serialize :permissions
+  attr_protected :builtin

  validates_presence_of :name
  validates_uniqueness_of :name
+  validates_length_of :name, :maximum => 30
  validates_format_of :name, :with => /^[\w\s\'\-]*$/i

+  def permissions
+    read_attribute(:permissions) || []
+  end
+  
+  def permissions=(perms)
+    perms = perms.collect {|p| p.to_sym unless p.blank? }.compact if perms
+    write_attribute(:permissions, perms)
+  end
+  
  def <=>(role)
    position <=> role.position
  end
  
+  # Return true if the role is a builtin role
+  def builtin?
+    self.builtin != 0
+  end
+  
+  # Return true if the role is a project member role
+  def member?
+    !self.builtin?
+  end
+  
+  # Return true if role is allowed to do the specified action
+  # action can be:
+  # * a parameter-like Hash (eg. :controller => 'projects', :action => 'edit')
+  # * a permission Symbol (eg. :edit_project)
+  def allowed_to?(action)
+    if action.is_a? Hash
+      allowed_actions.include? "#{action[:controller]}/#{action[:action]}"
+    else
+      allowed_permissions.include? action
+    end
+  end
+  
+  # Return all the permissions that can be given to the role
+  def setable_permissions
+    setable_permissions = Redmine::AccessControl.permissions - Redmine::AccessControl.public_permissions
+    setable_permissions -= Redmine::AccessControl.members_only_permissions if self.builtin == BUILTIN_NON_MEMBER
+    setable_permissions -= Redmine::AccessControl.loggedin_only_permissions if self.builtin == BUILTIN_ANONYMOUS
+    setable_permissions
+  end
+
+  # Find all the roles that can be given to a project member
+  def self.find_all_givable
+    find(:all, :conditions => {:builtin => 0}, :order => 'position')
+  end
+
+  # Return the builtin 'non member' role
+  def self.non_member
+    find(:first, :conditions => {:builtin => BUILTIN_NON_MEMBER}) || raise('Missing non-member builtin role.')
+  end
+
+  # Return the builtin 'anonymous' role 
+  def self.anonymous
+    find(:first, :conditions => {:builtin => BUILTIN_ANONYMOUS}) || raise('Missing anonymous builtin role.')
+  end
+
+  
 private
-  def check_integrity
-    raise "Can't delete role" if Member.find(:first, :conditions =>["role_id=?", self.id])
+  def allowed_permissions
+    @allowed_permissions ||= permissions + Redmine::AccessControl.public_permissions.collect {|p| p.name}
+  end
+
+  def allowed_actions
+    @actions_allowed ||= allowed_permissions.inject([]) { |actions, permission| actions += Redmine::AccessControl.allowed_actions(permission) }.flatten
+  end
+    
+  def check_deletable
+    raise "Can't delete role" if members.any?
+    raise "Can't delete builtin role" if builtin?
  end
 end
--- a/app/models/setting.rb
+++ b/app/models/setting.rb
@@ -17,31 +17,67 @@

 class Setting < ActiveRecord::Base

+  DATE_FORMATS = [
+	'%Y-%m-%d',
+	'%d/%m/%Y',
+	'%d.%m.%Y',
+	'%d-%m-%Y',
+	'%m/%d/%Y',
+	'%d %b %Y',
+	'%d %B %Y',
+	'%b %d, %Y',
+	'%B %d, %Y'
+    ]
+    
+  TIME_FORMATS = [
+    '%H:%M',
+    '%I:%M %p'
+    ]
+  
  cattr_accessor :available_settings
  @@available_settings = YAML::load(File.open("#{RAILS_ROOT}/config/settings.yml"))
-
+  Redmine::Plugin.registered_plugins.each do |id, plugin|
+    next unless plugin.settings
+    @@available_settings["plugin_#{id}"] = {'default' => plugin.settings[:default], 'serialized' => true}    
+  end
+  
  validates_uniqueness_of :name
  validates_inclusion_of :name, :in => @@available_settings.keys
  validates_numericality_of :value, :only_integer => true, :if => Proc.new { |setting| @@available_settings[setting.name]['format'] == 'int' }  
+
+  # Hash used to cache setting values
+  @cached_settings = {}
+  @cached_cleared_on = Time.now
  
-  def self.get(name)
-    name = name.to_s
-    setting = find_by_name(name)
-    setting ||= new(:name => name, :value => @@available_settings[name]['default']) if @@available_settings.has_key? name
-    setting
+  def value
+    v = read_attribute(:value)
+    # Unserialize serialized settings
+    v = YAML::load(v) if @@available_settings[name]['serialized'] && v.is_a?(String)
+    v
  end
  
+  def value=(v)
+    v = v.to_yaml if v && @@available_settings[name]['serialized']
+    write_attribute(:value, v)
+  end
+  
+  # Returns the value of the setting named name
  def self.[](name)
-    get(name).value
+    v = @cached_settings[name]
+    v ? v : (@cached_settings[name] = find_or_default(name).value)
  end
  
-  def self.[]=(name, value)
-    setting = get(name)
-    setting.value = (value ? value.to_s : "")
+  def self.[]=(name, v)
+    setting = find_or_default(name)
+    setting.value = (v ? v : "")
+    @cached_settings[name] = nil
    setting.save
    setting.value
  end
  
+  # Defines getter and setter for each setting
+  # Then setting values can be read using: Setting.some_setting_name
+  # or set using Setting.some_setting_name = "some value"
  @@available_settings.each do |name, params|
    src = <<-END_SRC
    def self.#{name}
@@ -58,4 +94,26 @@ class Setting < ActiveRecord::Base
    END_SRC
    class_eval src, __FILE__, __LINE__
  end
+  
+  # Checks if settings have changed since the values were read
+  # and clears the cache hash if it's the case
+  # Called once per request
+  def self.check_cache
+    settings_updated_on = Setting.maximum(:updated_on)
+    if settings_updated_on && @cached_cleared_on <= settings_updated_on
+      @cached_settings.clear
+      @cached_cleared_on = Time.now
+      logger.info "Settings cache cleared." if logger
+    end
+  end
+  
+private
+  # Returns the Setting instance for the setting named name
+  # (record found in database or new record with default value)
+  def self.find_or_default(name)
+    name = name.to_s
+    raise "There's no setting named #{name}" unless @@available_settings.has_key?(name)    
+    setting = find_by_name(name)
+    setting ||= new(:name => name, :value => @@available_settings[name]['default']) if @@available_settings.has_key? name
+  end
 end
--- a/app/models/tracker.rb
+++ b/app/models/tracker.rb
@@ -24,8 +24,19 @@ class Tracker < ActiveRecord::Base

  validates_presence_of :name
  validates_uniqueness_of :name
+  validates_length_of :name, :maximum => 30
  validates_format_of :name, :with => /^[\w\s\'\-]*$/i

+  def to_s; name end
+  
+  def <=>(tracker)
+    name <=> tracker.name
+  end
+
+  def self.all
+    find(:all, :order => 'position')
+  end
+  
 private
  def check_integrity
    raise "Can't delete tracker" if Issue.find(:first, :conditions => ["tracker_id=?", self.id])
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -19,6 +19,7 @@ require "digest/sha1"

 class User < ActiveRecord::Base
  # Account statuses
+  STATUS_ANONYMOUS  = 0
  STATUS_ACTIVE     = 1
  STATUS_REGISTERED = 2
  STATUS_LOCKED     = 3
@@ -28,7 +29,7 @@ class User < ActiveRecord::Base
  has_many :custom_values, :dependent => :delete_all, :as => :customized
  has_many :issue_categories, :foreign_key => 'assigned_to_id', :dependent => :nullify
  has_one :preference, :dependent => :destroy, :class_name => 'UserPreference'
-  has_one :rss_key, :dependent => :destroy, :class_name => 'Token', :conditions => "action='feeds'"
+  has_one :rss_token, :dependent => :destroy, :class_name => 'Token', :conditions => "action='feeds'"
  belongs_to :auth_source
  
  attr_accessor :password, :password_confirmation
@@ -36,20 +37,24 @@ class User < ActiveRecord::Base
  # Prevents unauthorized assignments
  attr_protected :login, :admin, :password, :password_confirmation, :hashed_password
 	
-  validates_presence_of :login, :firstname, :lastname, :mail
+  validates_presence_of :login, :firstname, :lastname, :mail, :if => Proc.new { |user| !user.is_a?(AnonymousUser) }
  validates_uniqueness_of :login, :mail	
  # Login must contain lettres, numbers, underscores only
-  validates_format_of :login, :with => /^[a-z0-9_\-@\.]+$/i
+  validates_format_of :login, :with => /^[a-z0-9_\-@\.]*$/i
  validates_length_of :login, :maximum => 30
  validates_format_of :firstname, :lastname, :with => /^[\w\s\'\-]*$/i
  validates_length_of :firstname, :lastname, :maximum => 30
-  validates_format_of :mail, :with => /^([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})$/i
-  validates_length_of :mail, :maximum => 60
-  # Password length between 4 and 12
-  validates_length_of :password, :in => 4..12, :allow_nil => true
+  validates_format_of :mail, :with => /^([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})$/i, :allow_nil => true
+  validates_length_of :mail, :maximum => 60, :allow_nil => true
+  validates_length_of :password, :minimum => 4, :allow_nil => true
  validates_confirmation_of :password, :allow_nil => true
  validates_associated :custom_values, :on => :update

+  def before_create
+    self.mail_notification = false
+    true
+  end
+  
  def before_save
    # update hashed_password if password was set
    self.hashed_password = User.hash_password(self.password) if self.password
@@ -69,6 +74,8 @@ class User < ActiveRecord::Base
  
  # Returns the user that matches provided login and password, or nil
  def self.try_to_login(login, password)
+    # Make sure no one can sign in with an empty password
+    return nil if password.to_s.empty?
    user = find(:first, :conditions => ["login=?", login])
    if user
      # user is already in local database
@@ -121,24 +128,30 @@ class User < ActiveRecord::Base
    User.hash_password(clear_password) == self.hashed_password
  end
  
-  def role_for_project(project)
-    return nil unless project
-    member = memberships.detect {|m| m.project_id == project.id}
-    member ? member.role : nil 
-  end
-  
-  def authorized_to(project, action)
-    return true if self.admin?
-    role = role_for_project(project)
-    role && Permission.allowed_to_role(action, role)
-  end
-  
  def pref
    self.preference ||= UserPreference.new(:user => self)
  end
  
-  def get_or_create_rss_key
-    self.rss_key || Token.create(:user => self, :action => 'feeds')
+  def time_zone
+    self.pref.time_zone.nil? ? nil : TimeZone[self.pref.time_zone]
+  end
+  
+  # Return user's RSS key (a 40 chars long string), used to access feeds
+  def rss_key
+    token = self.rss_token || Token.create(:user => self, :action => 'feeds')
+    token.value
+  end
+  
+  # Return an array of project ids for which the user has explicitly turned mail notifications on
+  def notified_projects_ids
+    @notified_projects_ids ||= memberships.select {|m| m.mail_notification?}.collect(&:project_id)
+  end
+  
+  def notified_project_ids=(ids)
+    Member.update_all("mail_notification = #{connection.quoted_false}", ['user_id = ?', id])
+    Member.update_all("mail_notification = #{connection.quoted_true}", ['user_id = ? AND project_id IN (?)', id, ids]) if ids && !ids.empty?
+    @notified_projects_ids = nil
+    notified_projects_ids
  end
  
  def self.find_by_rss_key(key)
@@ -152,7 +165,72 @@ class User < ActiveRecord::Base
  end

  def <=>(user)
-    lastname == user.lastname ? firstname <=> user.firstname : lastname <=> user.lastname
+    user.nil? ? -1 : (lastname == user.lastname ? firstname <=> user.firstname : lastname <=> user.lastname)
+  end
+  
+  def to_s
+    name
+  end
+  
+  def logged?
+    true
+  end
+  
+  # Return user's role for project
+  def role_for_project(project)
+    # No role on archived projects
+    return nil unless project && project.active?
+    if logged?
+      # Find project membership
+      membership = memberships.detect {|m| m.project_id == project.id}
+      if membership
+        membership.role
+      else
+        @role_non_member ||= Role.non_member
+      end
+    else
+      @role_anonymous ||= Role.anonymous
+    end
+  end
+  
+  # Return true if the user is a member of project
+  def member_of?(project)
+    role_for_project(project).member?
+  end
+  
+  # Return true if the user is allowed to do the specified action on project
+  # action can be:
+  # * a parameter-like Hash (eg. :controller => 'projects', :action => 'edit')
+  # * a permission Symbol (eg. :edit_project)
+  def allowed_to?(action, project)
+    # No action allowed on archived projects
+    return false unless project.active?
+    # No action allowed on disabled modules
+    return false unless project.allows_to?(action)
+    # Admin users are authorized for anything else
+    return true if admin?
+    
+    role = role_for_project(project)
+    return false unless role
+    role.allowed_to?(action) && (project.is_public? || role.member?)
+  end
+  
+  def self.current=(user)
+    @current_user = user
+  end
+  
+  def self.current
+    @current_user ||= User.anonymous
+  end
+  
+  def self.anonymous
+    return @anonymous_user if @anonymous_user
+    anonymous_user = AnonymousUser.find(:first)
+    if anonymous_user.nil?
+      anonymous_user = AnonymousUser.create(:lastname => 'Anonymous', :firstname => '', :mail => '', :login => '', :status => 0)
+      raise 'Unable to create the anonymous user.' if anonymous_user.new_record?
+    end
+    @anonymous_user = anonymous_user
  end
  
 private
@@ -161,3 +239,19 @@ private
    Digest::SHA1.hexdigest(clear_password || "")
  end
 end
+
+class AnonymousUser < User
+  
+  def validate_on_create
+    # There should be only one AnonymousUser in the database
+    errors.add_to_base 'An anonymous user already exists.' if AnonymousUser.find(:first)
+  end
+  
+  # Overrides a few properties
+  def logged?; false end
+  def admin; false end
+  def name; 'Anonymous' end
+  def mail; nil end
+  def time_zone; nil end
+  def rss_key; nil end
+end
--- a/app/models/version.rb
+++ b/app/models/version.rb
@@ -23,6 +23,7 @@ class Version < ActiveRecord::Base

  validates_presence_of :name
  validates_uniqueness_of :name, :scope => [:project_id]
+  validates_length_of :name, :maximum => 30
  validates_format_of :effective_date, :with => /^\d{4}-\d{2}-\d{2}$/, :message => :activerecord_error_not_a_date, :allow_nil => true
  
  def start_date
@@ -33,8 +34,40 @@ class Version < ActiveRecord::Base
    effective_date
  end
  
+  # Returns true if the version is completed: due date reached and no open issues
  def completed?
-    effective_date && effective_date <= Date.today
+    effective_date && (effective_date <= Date.today) && (open_issues_count == 0)
+  end
+  
+  def completed_pourcent
+    if fixed_issues.count == 0
+      0
+    elsif open_issues_count == 0
+      100
+    else
+      (closed_issues_count * 100 + Issue.sum('done_ratio', :include => 'status', :conditions => ["fixed_version_id = ? AND is_closed = ?", id, false]).to_f) / fixed_issues.count
+    end
+  end
+  
+  def closed_pourcent
+    if fixed_issues.count == 0
+      0
+    else
+      closed_issues_count * 100.0 / fixed_issues.count
+    end
+  end
+  
+  # Returns true if the version is overdue: due date reached and some open issues
+  def overdue?
+    effective_date && (effective_date < Date.today) && (open_issues_count > 0)
+  end
+  
+  def open_issues_count
+    @open_issues_count ||= Issue.count(:all, :conditions => ["fixed_version_id = ? AND is_closed = ?", self.id, false], :include => :status)
+  end
+
+  def closed_issues_count
+    @closed_issues_count ||= Issue.count(:all, :conditions => ["fixed_version_id = ? AND is_closed = ?", self.id, true], :include => :status)
  end
  
  def wiki_page
@@ -44,6 +77,8 @@ class Version < ActiveRecord::Base
    @wiki_page
  end
  
+  def to_s; name end
+  
  # Versions are sorted by effective_date 
  # Those with no effective_date are at the end, sorted by name
  def <=>(version)
--- a/app/models/wiki.rb
+++ b/app/models/wiki.rb
@@ -18,29 +18,37 @@
 class Wiki < ActiveRecord::Base
  belongs_to :project
  has_many :pages, :class_name => 'WikiPage', :dependent => :destroy
+  has_many :redirects, :class_name => 'WikiRedirect', :dependent => :delete_all
  
  validates_presence_of :start_page
-  validates_format_of :start_page, :with => /^[^,\.\/\?\;\|]*$/
+  validates_format_of :start_page, :with => /^[^,\.\/\?\;\|\:]*$/
  
  # find the page with the given title
  # if page doesn't exist, return a new page
  def find_or_new_page(title)
-    title = Wiki.titleize(title || start_page)
-    find_page(title) || WikiPage.new(:wiki => self, :title => title)  
+    title = start_page if title.blank?
+    find_page(title) || WikiPage.new(:wiki => self, :title => Wiki.titleize(title))
  end
  
  # find the page with the given title
-  def find_page(title)
+  def find_page(title, options = {})
    title = start_page if title.blank?
-    pages.find_by_title(Wiki.titleize(title))
+    title = Wiki.titleize(title)
+    page = pages.find_by_title(title)
+    if !page && !(options[:with_redirect] == false)
+      # search for a redirect
+      redirect = redirects.find_by_title(title)
+      page = find_page(redirect.redirects_to, :with_redirect => false) if redirect
+    end
+    page
  end
  
  # turn a string into a valid page title
  def self.titleize(title)
    # replace spaces with _ and remove unwanted caracters
-    title = title.gsub(/\s+/, '_').delete(',./?;|') if title
+    title = title.gsub(/\s+/, '_').delete(',./?;|:') if title
    # upcase the first letter
-    title = title[0..0].upcase + title[1..-1] if title
+    title = (title.slice(0..0).upcase + (title.slice(1..-1) || '')) if title
    title
  end  
 end
--- a/app/models/wiki_content.rb
+++ b/app/models/wiki_content.rb
@@ -25,10 +25,15 @@ class WikiContent < ActiveRecord::Base
  
  acts_as_versioned
  class Version
-    belongs_to :page, :class_name => 'WikiPage', :foreign_key => 'page_id'
-    belongs_to :author, :class_name => 'User', :foreign_key => 'author_id'
+    belongs_to :page, :class_name => '::WikiPage', :foreign_key => 'page_id'
+    belongs_to :author, :class_name => '::User', :foreign_key => 'author_id'
    attr_protected :data
-    
+
+    acts_as_event :title => Proc.new {|o| "#{l(:label_wiki_edit)}: #{o.page.title} (##{o.version})"},
+                  :description => :comments,
+                  :datetime => :updated_on,
+                  :url => Proc.new {|o| {:controller => 'wiki', :id => o.page.wiki.project_id, :page => o.page.title, :version => o.version}}
+
    def text=(plain)
      case Setting.wiki_compression
      when 'gzip'
--- a/app/models/wiki_page.rb
+++ b/app/models/wiki_page.rb
@@ -21,14 +21,49 @@ class WikiPage < ActiveRecord::Base
  belongs_to :wiki
  has_one :content, :class_name => 'WikiContent', :foreign_key => 'page_id', :dependent => :destroy
  has_many :attachments, :as => :container, :dependent => :destroy
+
+  acts_as_event :title => Proc.new {|o| "#{l(:label_wiki)}: #{o.title}"},
+                :description => :text,
+                :datetime => :created_on,
+                :url => Proc.new {|o| {:controller => 'wiki', :id => o.wiki.project_id, :page => o.title}}
+
+  acts_as_searchable :columns => ['title', 'text'],
+                     :include => [:wiki, :content],
+                     :project_key => "#{Wiki.table_name}.project_id"
+
+  attr_accessor :redirect_existing_links
  
  validates_presence_of :title
  validates_format_of :title, :with => /^[^,\.\/\?\;\|\s]*$/
  validates_uniqueness_of :title, :scope => :wiki_id, :case_sensitive => false
  validates_associated :content
-  
+
+  def title=(value)
+    value = Wiki.titleize(value)
+    @previous_title = read_attribute(:title) if @previous_title.blank?
+    write_attribute(:title, value)
+  end
+
  def before_save
-    self.title = Wiki.titleize(title)
+    self.title = Wiki.titleize(title)    
+    # Manage redirects if the title has changed
+    if !@previous_title.blank? && (@previous_title != title) && !new_record?
+      # Update redirects that point to the old title
+      wiki.redirects.find_all_by_redirects_to(@previous_title).each do |r|
+        r.redirects_to = title
+        r.title == r.redirects_to ? r.destroy : r.save
+      end
+      # Remove redirects for the new title
+      wiki.redirects.find_all_by_title(title).each(&:destroy)
+      # Create a redirect to the new title
+      wiki.redirects << WikiRedirect.new(:title => @previous_title, :redirects_to => title) unless redirect_existing_links == "0"
+      @previous_title = nil
+    end
+  end
+  
+  def before_destroy
+    # Remove redirects to this page
+    wiki.redirects.find_all_by_redirects_to(title).each(&:destroy)
  end
  
  def pretty_title
@@ -59,6 +94,10 @@ class WikiPage < ActiveRecord::Base
  def project
    wiki.project
  end
+  
+  def text
+    content.text if content
+  end
 end

 class WikiDiff
--- a/app/models/wiki_redirect.rb
+++ b/app/models/wiki_redirect.rb
@@ -1,5 +1,5 @@
 # redMine - project management software
-# Copyright (C) 2006  Jean-Philippe Lang
+# Copyright (C) 2006-2007  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -15,5 +15,9 @@
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

-module HelpHelper
+class WikiRedirect < ActiveRecord::Base
+  belongs_to :wiki
+  
+  validates_presence_of :title, :redirects_to
+  validates_length_of :title, :redirects_to, :maximum => 255
 end
--- a/app/sweepers/version_sweeper.rb
+++ b/app/sweepers/version_sweeper.rb
@@ -0,0 +1,34 @@
+# redMine - project management software
+# Copyright (C) 2006-2007  Jean-Philippe Lang
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+# 
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+
+class VersionSweeper < ActionController::Caching::Sweeper
+  observe Version
+
+  def after_save(version)
+    expire_cache_for(version)
+  end
+  
+  def after_destroy(version)
+    expire_cache_for(version)
+  end
+          
+private
+  def expire_cache_for(version)
+    # calendar and gantt fragments of the project
+    expire_fragment(Regexp.new("projects/(calendar|gantt)/#{version.project_id}\\."))
+  end
+end
--- a/app/views/account/login.rhtml
+++ b/app/views/account/login.rhtml
@@ -1,28 +1,33 @@
-<center>
-<div class="box login">
-<h2 class="icon22 icon22-authent"><%=l(:label_please_login)%></h2>
-
-<% form_tag({:action=> "login"}, :class => "tabular") do %>
-
-<p><label for="login"><%=l(:field_login)%>:</label>
-<%= text_field_tag 'login', nil, :size => 25 %></p>
-
-<p><label for="password"><%=l(:field_password)%>:</label>
-<%= password_field_tag 'password', nil, :size => 25 %></p>
-
-<% if Setting.autologin? %>
-<p><label for="autologin"><%= check_box_tag 'autologin' %> <%= l(:label_stay_logged_in) %></label></p>
-<% end %>
-
-<p><input type="submit" name="login" value="<%=l(:button_login)%> &#187;" class="primary" /></p>
-<% end %>
+<div id="login-form">
+<% form_tag({:action=> "login"}) do %>
+<table>
+<tr>
+    <td align="right"><label for="login"><%=l(:field_login)%>:</label></td>
+    <td align="left"><p><%= text_field_tag 'login', nil, :size => 40 %></p></td>
+</tr>
+<tr>
+    <td align="right"><label for="password"><%=l(:field_password)%>:</label></td>
+    <td align="left"><%= password_field_tag 'password', nil, :size => 40 %></td>
+</tr>
+<tr>
+    <td></td>
+    <td align="left">
+        <% if Setting.autologin? %>
+        <label for="autologin"><%= check_box_tag 'autologin' %> <%= l(:label_stay_logged_in) %></label>
+        <% end %>
+    </td>
+</tr>
+<tr>
+    <td align="left">
+        <% if Setting.lost_password? %>
+            <%= link_to l(:label_password_lost), :controller => 'account', :action => 'lost_password' %>
+        <% end %>
+    </td>
+    <td align="right">
+        <input type="submit" name="login" value="<%=l(:button_login)%> &#187;" />
+    </td>
+</tr>
+</table>
 <%= javascript_tag "Form.Element.focus('login');" %>
-
-<% links = []
-   links << link_to(l(:label_register), :action => 'register') if Setting.self_registration?
-   links << link_to(l(:label_password_lost), :action => 'lost_password') if Setting.lost_password?
-%>
-<%= links.join(" | ") %>
-
+<% end %>
 </div>
-</center>
--- a/app/views/account/lost_password.rhtml
+++ b/app/views/account/lost_password.rhtml
@@ -1,14 +1,11 @@
-<center>
-<div class="box login">
 <h2><%=l(:label_password_lost)%></h2>

+<div class="box">
 <% form_tag({:action=> "lost_password"}, :class => "tabular") do %>

 <p><label for="mail"><%=l(:field_mail)%> <span class="required">*</span></label>
-<%= text_field_tag 'mail', nil, :size => 40 %></p>
-
-<p><center><%= submit_tag l(:button_submit) %></center></p>
+<%= text_field_tag 'mail', nil, :size => 40 %>
+<%= submit_tag l(:button_submit) %></p>

 <% end %>
 </div>
-</center>
--- a/app/views/account/password_recovery.rhtml
+++ b/app/views/account/password_recovery.rhtml
@@ -1,22 +1,15 @@
-<center>
-<div class="box login">
 <h2><%=l(:label_password_lost)%></h2>

-<p><%=l(:field_login)%>: <strong><%= @user.login %></strong><br />
-
 <%= error_messages_for 'user' %>

-  <% form_tag({:token => @token.value}, :class => "tabular") do %>
+<% form_tag({:token => @token.value}) do %>
+<div class="box tabular">
+<p><label for="new_password"><%=l(:field_new_password)%> <span class="required">*</span></label>
+<%= password_field_tag 'new_password', nil, :size => 25 %><br />
+<em><%= l(:text_caracters_minimum, 4) %></em></p>

-  <p><label for="new_password"><%=l(:field_new_password)%> <span class="required">*</span></label>
-  <%= password_field_tag 'new_password', nil, :size => 25 %><br />
-  <em><%= l(:text_length_between, 4, 12) %></em></p>
-
-  <p><label for="new_password_confirmation"><%=l(:field_password_confirmation)%> <span class="required">*</span></label>
-  <%= password_field_tag 'new_password_confirmation', nil, :size => 25 %></p>
-
-  <p><center><%= submit_tag l(:button_save) %></center></p>
-  <% end %>
-  
+<p><label for="new_password_confirmation"><%=l(:field_password_confirmation)%> <span class="required">*</span></label>
+<%= password_field_tag 'new_password_confirmation', nil, :size => 25 %></p>
 </div>
-</center>
+<p><%= submit_tag l(:button_save) %></p>
+<% end %>  
--- a/app/views/account/register.rhtml
+++ b/app/views/account/register.rhtml
@@ -9,7 +9,8 @@
 <%= text_field 'user', 'login', :size => 25  %></p>

 <p><label for="password"><%=l(:field_password)%> <span class="required">*</span></label>
-<%= password_field_tag 'password', nil, :size => 25  %></p>
+<%= password_field_tag 'password', nil, :size => 25  %><br />
+<em><%= l(:text_caracters_minimum, 4) %></em></p>

 <p><label for="password_confirmation"><%=l(:field_password_confirmation)%> <span class="required">*</span></label>
 <%= password_field_tag 'password_confirmation', nil, :size => 25  %></p>
@@ -29,9 +30,6 @@
 <% for @custom_value in @custom_values %>
 	<p><%= custom_field_tag_with_label @custom_value %></p>
 <% end %>
-
-<p><label for="user_mail_notification"><%=l(:field_mail_notification)%></label>
-<%= check_box 'user', 'mail_notification' %></p>
 <!--[eoform:user]-->
 </div>

--- a/app/views/account/show.rhtml
+++ b/app/views/account/show.rhtml
@@ -24,5 +24,5 @@

 <h3><%=l(:label_activity)%></h3>
 <p>
-<%=l(:label_reported_issues)%>: <%= Issue.count(["author_id=?", @user.id]) %>
+<%=l(:label_reported_issues)%>: <%= Issue.count(:conditions => ["author_id=?", @user.id]) %>
 </p>
--- a/app/views/admin/index.rhtml
+++ b/app/views/admin/index.rhtml
@@ -42,4 +42,6 @@

 <p class="icon22 icon22-info">
 <%= link_to l(:label_information_plural), :controller => 'admin', :action => 'info' %>
-</p>
+</p>
+
+<% set_html_title l(:label_administration) -%>
--- a/app/views/admin/info.rhtml
+++ b/app/views/admin/info.rhtml
@@ -1,9 +1,27 @@
 <h2><%=l(:label_information_plural)%></h2>

-<p><%=l(:field_version)%>: <strong>redMine <%= Redmine::VERSION %></strong> (<%= @db_adapter_name %>)</p>
+<p><%=l(:field_version)%>: <strong><%= Redmine::Info.versioned_name %></strong> (<%= @db_adapter_name %>)</p>

 <table class="list">
-<tr class="odd"><td>File repository writable</td><td><%= image_tag (@flags[:file_repository_writable] ? 'true.png' : 'false.png'), :style => "vertical-align:bottom;" %></td></tr>
-<tr class="even"><td>Default administrator account changed</td><td><%= image_tag (@flags[:default_admin_changed] ? 'true.png' : 'false.png'), :style => "vertical-align:bottom;" %></td></tr>
-<tr class="odd"><td>Textile available</td><td><%= image_tag (@flags[:textile_available] ? 'true.png' : 'false.png'), :style => "vertical-align:bottom;" %></td></tr>
+<tr class="odd"><td>Default administrator account changed</td><td><%= image_tag (@flags[:default_admin_changed] ? 'true.png' : 'false.png'), :style => "vertical-align:bottom;" %></td></tr>
+<tr class="even"><td>File repository writable</td><td><%= image_tag (@flags[:file_repository_writable] ? 'true.png' : 'false.png'), :style => "vertical-align:bottom;" %></td></tr>
+<tr class="odd"><td>RMagick available</td><td><%= image_tag (@flags[:rmagick_available] ? 'true.png' : 'false.png'), :style => "vertical-align:bottom;" %></td></tr>
 </table>
+
+<% if @plugins.any? %>
+&nbsp;
+<h3 class="icon22 icon22-plugin">Plugins</h3>
+<table class="list">
+    <% @plugins.keys.sort {|x,y| x.to_s <=> y.to_s}.each do |plugin| %>
+        <tr class="<%= cycle('odd', 'even') %>">
+        <td><%=h @plugins[plugin].name %></td>
+        <td><%=h @plugins[plugin].description %></td>
+        <td><%=h @plugins[plugin].author %></td>
+        <td><%=h @plugins[plugin].version %></td>
+        <td><%= link_to('Configure', :controller => 'settings', :action => 'plugin', :id => plugin.to_s) if @plugins[plugin].configurable? %></td>
+        </tr>
+    <% end %>
+</table>
+<% end %>
+
+<% set_html_title(l(:label_information_plural)) -%>
--- a/app/views/admin/mail_options.rhtml
+++ b/app/views/admin/mail_options.rhtml
@@ -1,25 +1,33 @@
+<div class="contextual">
+<%= link_to l(:label_send_test_email), :action => 'test_email' %>
+</div>
+
 <h2><%=l(:field_mail_notification)%></h2>

-<% form_tag({:action => 'mail_options'}, :id => 'mail_options_form') do %>
+<% form_tag({:action => 'mail_options'}, :id => 'mail-options-form') do %>

-<div class="box">
-<p><%=l(:text_select_mail_notifications)%></p>
+<fieldset class="box tabular settings"><legend><%=l(:label_settings)%></legend>
+<p><label><%= l(:setting_mail_from) %></label>
+<%= text_field_tag 'settings[mail_from]', Setting.mail_from, :size => 60 %></p>

-<% actions = @actions.group_by {|p| p.group_id } %>
-<% actions.keys.sort.each do |group_id| %>
-<fieldset style="margin-top: 6px;"><legend><strong><%= l(Permission::GROUPS[group_id]) %></strong></legend>
-<% actions[group_id].each do |p| %>
-  <div style="width:170px;float:left;"><%= check_box_tag "action_ids[]", p.id, p.mail_enabled? %>
-  <%= l(p.description.to_sym) %>
-  </div>
-<% end %>
-<div class="clear"></div>
+<p><label><%= l(:setting_bcc_recipients) %></label>
+<%= check_box_tag 'settings[bcc_recipients]', 1, Setting.bcc_recipients? %>
+<%= hidden_field_tag 'settings[bcc_recipients]', 0 %></p>
 </fieldset>
-<% end %>

-<br />
-<p><%= check_all_links('mail_options_form') %></p>
-</div>
+<fieldset class="box"><legend><%=l(:text_select_mail_notifications)%></legend>
+<% @notifiables.each do |notifiable| %>
+  <label><%= check_box_tag 'settings[notified_events][]', notifiable, Setting.notified_events.include?(notifiable) %>
+  <%= notifiable.humanize %></label><br />
+<% end %>
+<p><%= check_all_links('mail-options-form') %></p>
+</fieldset>
+
+<fieldset class="box"><legend><%= l(:setting_emails_footer) %></legend>
+<%= text_area_tag 'settings[emails_footer]', Setting.emails_footer, :class => 'wiki-edit', :rows => 5 %>
+</fieldset>

 <%= submit_tag l(:button_save) %>
 <% end %>
+
+<% set_html_title(l(:field_mail_notification)) -%>
--- a/app/views/admin/projects.rhtml
+++ b/app/views/admin/projects.rhtml
@@ -26,14 +26,14 @@
  <tbody>
 <% for project in @projects %>
  <tr class="<%= cycle("odd", "even") %>">
-	<td><%= project.active? ? link_to(project.name, :controller => 'projects', :action => 'settings', :id => project) : h(project.name) %>
-	<td><%=h project.description %>
+	<td><%= project.active? ? link_to(h(project.name), :controller => 'projects', :action => 'settings', :id => project) : h(project.name) %>
+	<td><%= textilizable project.description, :project => project %>
 	<td align="center"><%= image_tag 'true.png' if project.is_public? %>
 	<td align="center"><%= project.children.size %>
 	<td align="center"><%= format_date(project.created_on) %>
  <td align="center" style="width:10%">
    <small>
-    <%= link_to(l(:button_archive), { :controller => 'projects', :action => 'archive', :id => project }, :method => :post, :class => 'icon icon-lock') if project.active? %>
+    <%= link_to(l(:button_archive), { :controller => 'projects', :action => 'archive', :id => project }, :confirm => l(:text_are_you_sure), :method => :post, :class => 'icon icon-lock') if project.active? %>
    <%= link_to(l(:button_unarchive), { :controller => 'projects', :action => 'unarchive', :id => project }, :method => :post, :class => 'icon icon-unlock') if !project.active? && (project.parent.nil? || project.parent.active?) %>
    </small>
  </td>
@@ -47,3 +47,5 @@

 <p><%= pagination_links_full @project_pages, :status => @status %>
 [ <%= @project_pages.current.first_item %> - <%= @project_pages.current.last_item %> / <%= @project_count %> ]</p>
+
+<% set_html_title l(:label_project_plural) -%>
--- a/app/views/attachments/_links.rhtml
+++ b/app/views/attachments/_links.rhtml
@@ -3,7 +3,7 @@
  <p><%= link_to attachment.filename, {:controller => 'attachments', :action => 'download', :id => attachment }, :class => 'icon icon-attachment' %>
  (<%= number_to_human_size attachment.filesize %>)
  <% unless options[:no_author] %>
-    <em><%= attachment.author.name %>, <%= format_date(attachment.created_on) %></em>
+    <span class="author"><%= attachment.author.name %>, <%= format_date(attachment.created_on) %></span>
  <% end %>
  <% if options[:delete_url] %>
    <%= link_to image_tag('delete.png'), options[:delete_url].update({:attachment_id => attachment}), :confirm => l(:text_are_you_sure), :method => :post %>
--- a/app/views/auth_sources/_form.rhtml
+++ b/app/views/auth_sources/_form.rhtml
@@ -9,13 +9,16 @@
 <%= text_field 'auth_source', 'host'  %></p>

 <p><label for="auth_source_port"><%=l(:field_port)%> <span class="required">*</span></label>
-<%= text_field 'auth_source', 'port', :size => 6 %></p>
+<%= text_field 'auth_source', 'port', :size => 6 %> <%= check_box 'auth_source', 'tls'  %> LDAPS</p>

 <p><label for="auth_source_account"><%=l(:field_account)%></label>
 <%= text_field 'auth_source', 'account'  %></p>

 <p><label for="auth_source_account_password"><%=l(:field_password)%></label>
-<%= password_field 'auth_source', 'account_password'  %></p>
+<%= password_field 'auth_source', 'account_password', :name => 'ignore',
+                                           :value => ((@auth_source.new_record? || @auth_source.account_password.blank?) ? '' : ('x'*15)),
+                                           :onfocus => "this.value=''; this.name='auth_source[account_password]';",
+                                           :onchange => "this.name='auth_source[account_password]';" %></p>

 <p><label for="auth_source_base_dn"><%=l(:field_base_dn)%> <span class="required">*</span></label>
 <%= text_field 'auth_source', 'base_dn', :size => 60 %></p>
--- a/app/views/boards/index.rhtml
+++ b/app/views/boards/index.rhtml
@@ -19,7 +19,7 @@
    <td>
    <small>
      <% if board.last_message %>
-      <%= board.last_message.author.name %>, <%= format_time(board.last_message.created_on) %><br />
+      <%= authoring board.last_message.created_on, board.last_message.author %><br />
      <%= link_to_message board.last_message %>  
      <% end %>
    </small>
--- a/app/views/boards/show.rhtml
+++ b/app/views/boards/show.rhtml
@@ -1,11 +1,24 @@
 <div class="contextual">
-<%= link_to l(:label_message_new), {:controller => 'messages', :action => 'new', :board_id => @board}, :class => "icon icon-add" %>
-<%= watcher_tag(@board, @logged_in_user) %>
+<%= link_to_if_authorized l(:label_message_new),
+                          {:controller => 'messages', :action => 'new', :board_id => @board},
+                          :class => 'icon icon-add',
+                          :onclick => 'Element.show("add-message"); return false;' %>
+<%= watcher_tag(@board, User.current) %>
+</div>
+
+<div id="add-message" style="display:none;">
+<h2><%= link_to h(@board.name), :controller => 'boards', :action => 'show', :project_id => @project, :id => @board %> &#187; <%= l(:label_message_new) %></h2>
+<% form_for :message, @message, :url => {:controller => 'messages', :action => 'new', :board_id => @board}, :html => {:multipart => true} do |f| %>
+  <%= render :partial => 'messages/form', :locals => {:f => f} %>
+  <p><%= submit_tag l(:button_create) %>
+  <%= link_to l(:button_cancel), "#", :onclick => 'Element.hide("add-message")' %></p>
+<% end %>
 </div>

 <h2><%=h @board.name %></h2>

-<table class="list">
+<% if @topics.any? %>
+<table class="list messages">
  <thead><tr>
    <th><%= l(:field_subject) %></th>
    <th><%= l(:field_author) %></th>
@@ -15,23 +28,23 @@
  </tr></thead>  
  <tbody>
  <% @topics.each do |topic| %>
-    <tr class="<%= cycle 'odd', 'even' %>">
-      <td><%= link_to h(topic.subject), :controller => 'messages', :action => 'show', :board_id => @board, :id => topic %></td>
-      <td align="center"><%= link_to_user topic.author %></td>
-      <td align="center"><%= format_time(topic.created_on) %></td>
-      <td align="center"><%= topic.replies_count %></td>
-      <td>
-      <small>
+    <tr class="message <%= cycle 'odd', 'even' %> <%= topic.sticky? ? 'sticky' : '' %> <%= topic.locked? ? 'locked' : '' %>">
+      <td class="subject"><%= link_to h(topic.subject), { :controller => 'messages', :action => 'show', :board_id => @board, :id => topic }, :class => 'icon' %></td>
+      <td class="author" align="center"><%= topic.author %></td>
+      <td class="created_on" align="center"><%= format_time(topic.created_on) %></td>
+      <td class="replies" align="center"><%= topic.replies_count %></td>
+      <td class="last_message">
        <% if topic.last_reply %>
-        <%= topic.last_reply.author.name %>, <%= format_time(topic.last_reply.created_on) %><br />
+        <%= authoring topic.last_reply.created_on, topic.last_reply.author %><br />
        <%= link_to_message topic.last_reply %>
        <% end %>
-      </small>
      </td>
    </tr>
  <% end %>
  </tbody>
 </table>
-
 <p><%= pagination_links_full @topic_pages %>
 [ <%= @topic_pages.current.first_item %> - <%= @topic_pages.current.last_item %> / <%= @topic_count %> ]</p>
+<% else %>
+<p class="nodata"><%= l(:label_no_data) %></p>
+<% end %>
--- a/app/views/common/403.rhtml
+++ b/app/views/common/403.rhtml
@@ -2,3 +2,5 @@

 <p><%= l(:notice_not_authorized) %></p>
 <p><a href="javascript:history.back()">Back</a></p>
+
+<% set_html_title '403' %>
--- a/app/views/common/404.rhtml
+++ b/app/views/common/404.rhtml
@@ -2,3 +2,5 @@

 <p><%= l(:notice_file_not_found) %></p>
 <p><a href="javascript:history.back()">Back</a></p>
+
+<% set_html_title '404' %>
--- a/app/views/common/_attachments_form.rhtml
+++ b/app/views/common/_attachments_form.rhtml
@@ -0,0 +1,6 @@
+<p id="attachments_p">
+<label for="attachment_file"><%=l(:label_attachment)%>
+<%= image_to_function "add.png", "addFileField();return false" %></label>
+<%= file_field_tag 'attachments[]', :size => 30  %>
+<em>(<%= l(:label_max_size) %>: <%= number_to_human_size(Setting.attachment_max_size.to_i.kilobytes) %>)</em>
+</p>
--- a/Show More
+++ b/Show More