Merged r3865 and r3866 from trunk.

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/branches/0.9-stable@3868 e93f8b46-1217-0410-a6f0-8f06a7374b81
Merged r3836 from trunk.
2010-07-25 09:34:13 +00:00 · 2010-07-08 03:54:53 +00:00 · 2010-07-08 03:54:48 +00:00 · 2010-07-08 03:48:40 +00:00 · 2010-07-08 03:48:35 +00:00 · 2010-06-28 02:48:12 +00:00
1134 changed files with 73356 additions and 46066 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1,19 @@
+/config/additional_environment.rb
+/config/database.yml
+/config/email.yml
+/config/initializers/session_store.rb
+/coverage
+/db/*.db
+/db/*.sqlite3
+/db/schema.rb
+/files/*
+/log/*.log*
+/log/mongrel_debug
+/public/dispatch.*
+/public/plugin_assets
+/tmp/*
+/tmp/cache/*
+/tmp/sessions/*
+/tmp/sockets/*
+/tmp/test/*
+/vendor/rails
--- a/README.rdoc
+++ b/README.rdoc
@@ -0,0 +1,5 @@
+= Redmine
+
+Redmine is a flexible project management web application written using Ruby on Rails framework.
+
+More details can be found at http://www.redmine.org
--- a/app/controllers/account_controller.rb
+++ b/app/controllers/account_controller.rb
@@ -1,5 +1,5 @@
 # Redmine - project management software
-# Copyright (C) 2006-2008  Jean-Philippe Lang
+# Copyright (C) 2006-2009  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -20,59 +20,25 @@ class AccountController < ApplicationController
  include CustomFieldsHelper   
  
  # prevents login action to be filtered by check_if_login_required application scope filter
-  skip_before_filter :check_if_login_required, :only => [:login, :lost_password, :register, :activate]
-
-  # Show user's account
-  def show
-    @user = User.active.find(params[:id])
-    @custom_values = @user.custom_values
-    
-    # show only public projects and private projects that the logged in user is also a member of
-    @memberships = @user.memberships.select do |membership|
-      membership.project.is_public? || (User.current.member_of?(membership.project))
-    end
-    
-    events = Redmine::Activity::Fetcher.new(User.current, :author => @user).events(nil, nil, :limit => 10)
-    @events_by_day = events.group_by(&:event_date)
-    
-  rescue ActiveRecord::RecordNotFound
-    render_404
-  end
+  skip_before_filter :check_if_login_required

  # Login request and validation
  def login
    if request.get?
-      # Logout user
-      self.logged_user = nil
+      logout_user
    else
      # Authenticate user
-      user = User.try_to_login(params[:username], params[:password])
-      if user.nil?
-        # Invalid credentials
-        flash.now[:error] = l(:notice_account_invalid_creditentials)
-      elsif user.new_record?
-        # Onthefly creation failed, display the registration form to fill/fix attributes
-        @user = user
-        session[:auth_source_registration] = {:login => user.login, :auth_source_id => user.auth_source_id }
-        render :action => 'register'
+      if Setting.openid? && using_open_id?
+        open_id_authenticate(params[:openid_url])
      else
-        # Valid user
-        self.logged_user = user
-        # generate a key and set cookie if autologin
-        if params[:autologin] && Setting.autologin?
-          token = Token.create(:user => user, :action => 'autologin')
-          cookies[:autologin] = { :value => token.value, :expires => 1.year.from_now }
-        end
-        redirect_back_or_default :controller => 'my', :action => 'page'
+        password_authentication
      end
    end
  end

  # Log out current user and redirect to welcome page
  def logout
-    cookies.delete :autologin
-    Token.delete_all(["user_id = ? AND action = ?", User.current.id, 'autologin']) if User.current.logged?
-    self.logged_user = nil
+    logout_user
    redirect_to home_url
  end
  
@@ -98,9 +64,9 @@ class AccountController < ApplicationController
      if request.post?
        user = User.find_by_mail(params[:mail])
        # user not found in db
-        flash.now[:error] = l(:notice_account_unknown_email) and return unless user
+        (flash.now[:error] = l(:notice_account_unknown_email); return) unless user
        # user uses an external authentification
-        flash.now[:error] = l(:notice_can_t_change_password) and return if user.auth_source_id
+        (flash.now[:error] = l(:notice_can_t_change_password); return) if user.auth_source_id
        # create a new token for password recovery
        token = Token.new(:user => user, :action => "recovery")
        if token.save
@@ -136,31 +102,14 @@ class AccountController < ApplicationController
      else
        @user.login = params[:user][:login]
        @user.password, @user.password_confirmation = params[:password], params[:password_confirmation]
+
        case Setting.self_registration
        when '1'
-          # Email activation
-          token = Token.new(:user => @user, :action => "register")
-          if @user.save and token.save
-            Mailer.deliver_register(token)
-            flash[:notice] = l(:notice_account_register_done)
-            redirect_to :action => 'login'
-          end
+          register_by_email_activation(@user)
        when '3'
-          # Automatic activation
-          @user.status = User::STATUS_ACTIVE
-          if @user.save
-            self.logged_user = @user
-            flash[:notice] = l(:notice_account_activated)
-            redirect_to :controller => 'my', :action => 'account'
-          end
+          register_automatically(@user)
        else
-          # Manual activation by the administrator
-          if @user.save
-            # Sends an email to the administrators
-            Mailer.deliver_account_activation_request(@user)
-            flash[:notice] = l(:notice_account_pending)
-            redirect_to :action => 'login'
-          end
+          register_manually_by_administrator(@user)
        end
      end
    end
@@ -181,14 +130,139 @@ class AccountController < ApplicationController
    redirect_to :action => 'login'
  end
  
-private
-  def logged_user=(user)
-    if user && user.is_a?(User)
-      User.current = user
-      session[:user_id] = user.id
-    else
-      User.current = User.anonymous
-      session[:user_id] = nil
+  private
+  
+  def logout_user
+    if User.current.logged?
+      cookies.delete :autologin
+      Token.delete_all(["user_id = ? AND action = ?", User.current.id, 'autologin'])
+      self.logged_user = nil
    end
  end
+  
+  def password_authentication
+    user = User.try_to_login(params[:username], params[:password])
+
+    if user.nil?
+      invalid_credentials
+    elsif user.new_record?
+      onthefly_creation_failed(user, {:login => user.login, :auth_source_id => user.auth_source_id })
+    else
+      # Valid user
+      successful_authentication(user)
+    end
+  end
+
+  
+  def open_id_authenticate(openid_url)
+    authenticate_with_open_id(openid_url, :required => [:nickname, :fullname, :email], :return_to => signin_url) do |result, identity_url, registration|
+      if result.successful?
+        user = User.find_or_initialize_by_identity_url(identity_url)
+        if user.new_record?
+          # Self-registration off
+          redirect_to(home_url) && return unless Setting.self_registration?
+
+          # Create on the fly
+          user.login = registration['nickname'] unless registration['nickname'].nil?
+          user.mail = registration['email'] unless registration['email'].nil?
+          user.firstname, user.lastname = registration['fullname'].split(' ') unless registration['fullname'].nil?
+          user.random_password
+          user.status = User::STATUS_REGISTERED
+
+          case Setting.self_registration
+          when '1'
+            register_by_email_activation(user) do
+              onthefly_creation_failed(user)
+            end
+          when '3'
+            register_automatically(user) do
+              onthefly_creation_failed(user)
+            end
+          else
+            register_manually_by_administrator(user) do
+              onthefly_creation_failed(user)
+            end
+          end          
+        else
+          # Existing record
+          if user.active?
+            successful_authentication(user)
+          else
+            account_pending
+          end
+        end
+      end
+    end
+  end
+  
+  def successful_authentication(user)
+    # Valid user
+    self.logged_user = user
+    # generate a key and set cookie if autologin
+    if params[:autologin] && Setting.autologin?
+      token = Token.create(:user => user, :action => 'autologin')
+      cookies[:autologin] = { :value => token.value, :expires => 1.year.from_now }
+    end
+    call_hook(:controller_account_success_authentication_after, {:user => user })
+    redirect_back_or_default :controller => 'my', :action => 'page'
+  end
+
+  # Onthefly creation failed, display the registration form to fill/fix attributes
+  def onthefly_creation_failed(user, auth_source_options = { })
+    @user = user
+    session[:auth_source_registration] = auth_source_options unless auth_source_options.empty?
+    render :action => 'register'
+  end
+
+  def invalid_credentials
+    flash.now[:error] = l(:notice_account_invalid_creditentials)
+  end
+
+  # Register a user for email activation.
+  #
+  # Pass a block for behavior when a user fails to save
+  def register_by_email_activation(user, &block)
+    token = Token.new(:user => user, :action => "register")
+    if user.save and token.save
+      Mailer.deliver_register(token)
+      flash[:notice] = l(:notice_account_register_done)
+      redirect_to :action => 'login'
+    else
+      yield if block_given?
+    end
+  end
+  
+  # Automatically register a user
+  #
+  # Pass a block for behavior when a user fails to save
+  def register_automatically(user, &block)
+    # Automatic activation
+    user.status = User::STATUS_ACTIVE
+    user.last_login_on = Time.now
+    if user.save
+      self.logged_user = user
+      flash[:notice] = l(:notice_account_activated)
+      redirect_to :controller => 'my', :action => 'account'
+    else
+      yield if block_given?
+    end
+  end
+  
+  # Manual activation by the administrator
+  #
+  # Pass a block for behavior when a user fails to save
+  def register_manually_by_administrator(user, &block)
+    if user.save
+      # Sends an email to the administrators
+      Mailer.deliver_account_activation_request(user)
+      account_pending
+    else
+      yield if block_given?
+    end
+  end
+
+  def account_pending
+    flash[:notice] = l(:notice_account_pending)
+    redirect_to :action => 'login'
+  end
 end
--- a/app/controllers/admin_controller.rb
+++ b/app/controllers/admin_controller.rb
@@ -16,6 +16,8 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class AdminController < ApplicationController
+  layout 'admin'
+  
  before_filter :require_admin

  helper :sort
@@ -26,9 +28,6 @@ class AdminController < ApplicationController
  end
 	
  def projects
-    sort_init 'name', 'asc'
-    sort_update
-    
    @status = params[:status] ? params[:status].to_i : 1
    c = ARCondition.new(@status == 0 ? "status <> 0" : ["status = ?", @status])
    
@@ -37,14 +36,8 @@ class AdminController < ApplicationController
      c << ["LOWER(identifier) LIKE ? OR LOWER(name) LIKE ?", name, name]
    end
    
-    @project_count = Project.count(:conditions => c.conditions)
-    @project_pages = Paginator.new self, @project_count,
-								per_page_option,
-								params['page']								
-    @projects = Project.find :all, :order => sort_clause,
-                        :conditions => c.conditions,
-						:limit  =>  @project_pages.items_per_page,
-						:offset =>  @project_pages.current.offset
+    @projects = Project.find :all, :order => 'lft',
+                                   :conditions => c.conditions

    render :action => "projects", :layout => false if request.xhr?
  end
@@ -83,10 +76,11 @@ class AdminController < ApplicationController
  
  def info
    @db_adapter_name = ActiveRecord::Base.connection.adapter_name
-    @flags = {
-      :default_admin_changed => User.find(:first, :conditions => ["login=? and hashed_password=?", 'admin', User.hash_password('admin')]).nil?,
-      :file_repository_writable => File.writable?(Attachment.storage_path),
-      :rmagick_available => Object.const_defined?(:Magick)
-    }
+    @checklist = [
+      [:text_default_administrator_account_changed, User.find(:first, :conditions => ["login=? and hashed_password=?", 'admin', User.hash_password('admin')]).nil?],
+      [:text_file_repository_writable, File.writable?(Attachment.storage_path)],
+      [:text_plugin_assets_writable, File.writable?(Engines.public_directory)],
+      [:text_rmagick_available, Object.const_defined?(:Magick)]
+    ]
  end  
 end
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -19,22 +19,36 @@ require 'uri'
 require 'cgi'

 class ApplicationController < ActionController::Base
+  include Redmine::I18n
+
  layout 'base'
  
+  # Remove broken cookie after upgrade from 0.8.x (#4292)
+  # See https://rails.lighthouseapp.com/projects/8994/tickets/3360
+  # TODO: remove it when Rails is fixed
+  before_filter :delete_broken_cookies
+  def delete_broken_cookies
+    if cookies['_redmine_session'] && cookies['_redmine_session'] !~ /--/
+      cookies.delete '_redmine_session'    
+      redirect_to home_path
+      return false
+    end
+  end
+  
  before_filter :user_setup, :check_if_login_required, :set_localization
  filter_parameter_logging :password
+  protect_from_forgery
  
+  rescue_from ActionController::InvalidAuthenticityToken, :with => :invalid_authenticity_token
+  
+  include Redmine::Search::Controller
  include Redmine::MenuManager::MenuController
  helper Redmine::MenuManager::MenuHelper
  
  REDMINE_SUPPORTED_SCM.each do |scm|
    require_dependency "repository/#{scm.underscore}"
  end
-  
-  def current_role
-    @current_role ||= User.current.role_for_project(@project)
-  end
-  
+
  def user_setup
    # Check the settings cache for each request
    Setting.check_cache
@@ -43,16 +57,40 @@ class ApplicationController < ActionController::Base
  end
  
  # Returns the current user or nil if no user is logged in
+  # and starts a session if needed
  def find_current_user
    if session[:user_id]
      # existing session
      (User.active.find(session[:user_id]) rescue nil)
    elsif cookies[:autologin] && Setting.autologin?
-      # auto-login feature
-      User.find_by_autologin_key(cookies[:autologin])
-    elsif params[:key] && accept_key_auth_actions.include?(params[:action])
-      # RSS key authentication
+      # auto-login feature starts a new session
+      user = User.try_to_autologin(cookies[:autologin])
+      session[:user_id] = user.id if user
+      user
+    elsif params[:format] == 'atom' && params[:key] && accept_key_auth_actions.include?(params[:action])
+      # RSS key authentication does not start a session
      User.find_by_rss_key(params[:key])
+    elsif Setting.rest_api_enabled? && ['xml', 'json'].include?(params[:format]) && accept_key_auth_actions.include?(params[:action])
+      if params[:key].present?
+        # Use API key
+        User.find_by_api_key(params[:key])
+      else
+        # HTTP Basic, either username/password or API key/random
+        authenticate_with_http_basic do |username, password|
+          User.try_to_login(username, password) || User.find_by_api_key(username)
+        end
+      end
+    end
+  end
+
+  # Sets the logged in user
+  def logged_user=(user)
+    reset_session
+    if user && user.is_a?(User)
+      User.current = user
+      session[:user_id] = user.id
+    else
+      User.current = User.anonymous
    end
  end
  
@@ -64,25 +102,35 @@ class ApplicationController < ActionController::Base
  end 
  
  def set_localization
-    User.current.language = nil unless User.current.logged?
-    lang = begin
-      if !User.current.language.blank? && GLoc.valid_language?(User.current.language)
-        User.current.language
-      elsif request.env['HTTP_ACCEPT_LANGUAGE']
-        accept_lang = parse_qvalues(request.env['HTTP_ACCEPT_LANGUAGE']).first.downcase
-        if !accept_lang.blank? && (GLoc.valid_language?(accept_lang) || GLoc.valid_language?(accept_lang = accept_lang.split('-').first))
-          User.current.language = accept_lang
-        end
+    lang = nil
+    if User.current.logged?
+      lang = find_language(User.current.language)
+    end
+    if lang.nil? && request.env['HTTP_ACCEPT_LANGUAGE']
+      accept_lang = parse_qvalues(request.env['HTTP_ACCEPT_LANGUAGE']).first
+      if !accept_lang.blank?
+        accept_lang = accept_lang.downcase
+        lang = find_language(accept_lang) || find_language(accept_lang.split('-').first)
      end
-    rescue
-      nil
-    end || Setting.default_language
-    set_language_if_valid(lang)    
+    end
+    lang ||= Setting.default_language
+    set_language_if_valid(lang)
  end
  
  def require_login
    if !User.current.logged?
-      redirect_to :controller => "account", :action => "login", :back_url => url_for(params)
+      # Extract only the basic url parameters on non-GET requests
+      if request.get?
+        url = url_for(params)
+      else
+        url = url_for(:controller => params[:controller], :action => params[:action], :id => params[:id], :project_id => params[:project_id])
+      end
+      respond_to do |format|
+        format.html { redirect_to :controller => "account", :action => "login", :back_url => url }
+        format.atom { redirect_to :controller => "account", :action => "login", :back_url => url }
+        format.xml { head :unauthorized }
+        format.json { head :unauthorized }
+      end
      return false
    end
    true
@@ -102,10 +150,15 @@ class ApplicationController < ActionController::Base
  end

  # Authorize the user for the requested action
-  def authorize(ctrl = params[:controller], action = params[:action])
-    allowed = User.current.allowed_to?({:controller => ctrl, :action => action}, @project)
+  def authorize(ctrl = params[:controller], action = params[:action], global = false)
+    allowed = User.current.allowed_to?({:controller => ctrl, :action => action}, @project, :global => global)
    allowed ? true : deny_access
  end
+
+  # Authorize the user for the requested action outside a project
+  def authorize_global(ctrl = params[:controller], action = params[:action], global = true)
+    authorize(ctrl, action, global)
+  end
  
  # make sure that the user is a member of the project (or admin) if project is private
  # used as a before_filter for actions that do not require any particular permission on the project
@@ -126,10 +179,15 @@ class ApplicationController < ActionController::Base
  def redirect_back_or_default(default)
    back_url = CGI.unescape(params[:back_url].to_s)
    if !back_url.blank?
-      uri = URI.parse(back_url)
-      # do not redirect user to another host or to the login or register page
-      if (uri.relative? || (uri.host == request.host)) && !uri.path.match(%r{/(login|account/register)})
-        redirect_to(back_url) and return
+      begin
+        uri = URI.parse(back_url)
+        # do not redirect user to another host or to the login or register page
+        if (uri.relative? || (uri.host == request.host)) && !uri.path.match(%r{/(login|account/register)})
+          redirect_to(back_url)
+          return
+        end
+      rescue URI::InvalidURIError
+        # redirect to default
      end
    end
    redirect_to default
@@ -137,7 +195,7 @@ class ApplicationController < ActionController::Base
  
  def render_403
    @project = nil
-    render :template => "common/403", :layout => !request.xhr?, :status => 403
+    render :template => "common/403", :layout => (request.xhr? ? false : 'base'), :status => 403
    return false
  end
    
@@ -148,7 +206,11 @@ class ApplicationController < ActionController::Base
  
  def render_error(msg)
    flash.now[:error] = msg
-    render :nothing => true, :layout => !request.xhr?, :status => 500
+    render :text => '', :layout => !request.xhr?, :status => 500
+  end
+  
+  def invalid_authenticity_token
+    render_error "Invalid form authenticity token."
  end
  
  def render_feed(items, options={})    
@@ -171,6 +233,7 @@ class ApplicationController < ActionController::Base
  # TODO: move to model
  def attach_files(obj, attachments)
    attached = []
+    unsaved = []
    if attachments && attachments.is_a?(Hash)
      attachments.each_value do |attachment|
        file = attachment['file']
@@ -179,7 +242,10 @@ class ApplicationController < ActionController::Base
                              :file => file,
                              :description => attachment['description'].to_s.strip,
                              :author => User.current)
-        attached << a unless a.new_record?
+        a.new_record? ? (unsaved << a) : (attached << a)
+      end
+      if unsaved.any?
+        flash[:warning] = l(:warning_attachments_not_saved, unsaved.size)
      end
    end
    attached
@@ -217,6 +283,8 @@ class ApplicationController < ActionController::Base
      tmp.collect!{|val, q| val}
    end
    return tmp
+  rescue
+    nil
  end
  
  # Returns a string that can be used as filename value in Content-Disposition header
--- a/app/controllers/attachments_controller.rb
+++ b/app/controllers/attachments_controller.rb
@@ -1,5 +1,5 @@
-# redMine - project management software
-# Copyright (C) 2006-2007  Jean-Philippe Lang
+# Redmine - project management software
+# Copyright (C) 2006-2008  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -17,39 +17,71 @@

 class AttachmentsController < ApplicationController
  before_filter :find_project
-
+  before_filter :file_readable, :read_authorize, :except => :destroy
+  before_filter :delete_authorize, :only => :destroy
+  
+  verify :method => :post, :only => :destroy
+  
  def show
    if @attachment.is_diff?
      @diff = File.new(@attachment.diskfile, "rb").read
      render :action => 'diff'
-    elsif @attachment.is_text?
+    elsif @attachment.is_text? && @attachment.filesize <= Setting.file_max_size_displayed.to_i.kilobyte
      @content = File.new(@attachment.diskfile, "rb").read
      render :action => 'file'
-    elsif
+    else
      download
    end
  end
  
  def download
-    @attachment.increment_download if @attachment.container.is_a?(Version)
+    if @attachment.container.is_a?(Version) || @attachment.container.is_a?(Project)
+      @attachment.increment_download
+    end
    
    # images are sent inline
    send_file @attachment.diskfile, :filename => filename_for_content_disposition(@attachment.filename),
-                                    :type => @attachment.content_type, 
+                                    :type => detect_content_type(@attachment), 
                                    :disposition => (@attachment.image? ? 'inline' : 'attachment')
+   
  end
- 
+  
+  def destroy
+    # Make sure association callbacks are called
+    @attachment.container.attachments.delete(@attachment)
+    redirect_to :back
+  rescue ::ActionController::RedirectBackError
+    redirect_to :controller => 'projects', :action => 'show', :id => @project
+  end
+  
 private
  def find_project
    @attachment = Attachment.find(params[:id])
    # Show 404 if the filename in the url is wrong
    raise ActiveRecord::RecordNotFound if params[:filename] && params[:filename] != @attachment.filename
-    
    @project = @attachment.project
-    permission = @attachment.container.is_a?(Version) ? :view_files : "view_#{@attachment.container.class.name.underscore.pluralize}".to_sym
-    allowed = User.current.allowed_to?(permission, @project)
-    allowed ? true : (User.current.logged? ? render_403 : require_login)
  rescue ActiveRecord::RecordNotFound
    render_404
  end
+  
+  # Checks that the file exists and is readable
+  def file_readable
+    @attachment.readable? ? true : render_404
+  end
+  
+  def read_authorize
+    @attachment.visible? ? true : deny_access
+  end
+  
+  def delete_authorize
+    @attachment.deletable? ? true : deny_access
+  end
+  
+  def detect_content_type(attachment)
+    content_type = attachment.content_type
+    if content_type.blank?
+      content_type = Redmine::MimeType.of(attachment.filename)
+    end
+    content_type.to_s
+  end
 end
--- a/app/controllers/auth_sources_controller.rb
+++ b/app/controllers/auth_sources_controller.rb
@@ -16,6 +16,8 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class AuthSourcesController < ApplicationController
+  layout 'admin'
+  
  before_filter :require_admin

  def index
--- a/app/controllers/boards_controller.rb
+++ b/app/controllers/boards_controller.rb
@@ -16,6 +16,7 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class BoardsController < ApplicationController
+  default_search_scope :messages
  before_filter :find_project, :authorize

  helper :messages
@@ -35,16 +36,29 @@ class BoardsController < ApplicationController
  end

  def show
-    sort_init "#{Message.table_name}.updated_on", "desc"
-    sort_update	
-      
-    @topic_count = @board.topics.count
-    @topic_pages = Paginator.new self, @topic_count, per_page_option, params['page']
-    @topics =  @board.topics.find :all, :order => "#{Message.table_name}.sticky DESC, #{sort_clause}",
-                                  :include => [:author, {:last_reply => :author}],
-                                  :limit  =>  @topic_pages.items_per_page,
-                                  :offset =>  @topic_pages.current.offset
-    render :action => 'show', :layout => !request.xhr?
+    respond_to do |format|
+      format.html {
+        sort_init 'updated_on', 'desc'
+        sort_update	'created_on' => "#{Message.table_name}.created_on",
+                    'replies' => "#{Message.table_name}.replies_count",
+                    'updated_on' => "#{Message.table_name}.updated_on"
+          
+        @topic_count = @board.topics.count
+        @topic_pages = Paginator.new self, @topic_count, per_page_option, params['page']
+        @topics =  @board.topics.find :all, :order => ["#{Message.table_name}.sticky DESC", sort_clause].compact.join(', '),
+                                      :include => [:author, {:last_reply => :author}],
+                                      :limit  =>  @topic_pages.items_per_page,
+                                      :offset =>  @topic_pages.current.offset
+        @message = Message.new
+        render :action => 'show', :layout => !request.xhr?
+      }
+      format.atom {
+        @messages = @board.messages.find :all, :order => 'created_on DESC',
+                                               :include => [:author, :board],
+                                               :limit => Setting.feeds_limit.to_i
+        render_feed(@messages, :title => "#{@project}: #{@board}")
+      }
+    end
  end
  
  verify :method => :post, :only => [ :destroy ], :redirect_to => { :action => :index }
@@ -60,12 +74,6 @@ class BoardsController < ApplicationController

  def edit
    if request.post? && @board.update_attributes(params[:board])
-      case params[:position]
-      when 'highest'; @board.move_to_top
-      when 'higher'; @board.move_higher
-      when 'lower'; @board.move_lower
-      when 'lowest'; @board.move_to_bottom
-      end if params[:position]
      redirect_to :controller => 'projects', :action => 'settings', :id => @project, :tab => 'boards'
    end
  end
--- a/app/controllers/custom_fields_controller.rb
+++ b/app/controllers/custom_fields_controller.rb
@@ -1,5 +1,5 @@
-# redMine - project management software
-# Copyright (C) 2006  Jean-Philippe Lang
+# Redmine - project management software
+# Copyright (C) 2006-2009  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -16,37 +16,28 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class CustomFieldsController < ApplicationController
+  layout 'admin'
+  
  before_filter :require_admin

  def index
-    list
-    render :action => 'list' unless request.xhr?
-  end
-
-  def list
    @custom_fields_by_type = CustomField.find(:all).group_by {|f| f.class.name }
    @tab = params[:tab] || 'IssueCustomField'
-    render :action => "list", :layout => false if request.xhr?
  end
  
  def new
-    case params[:type]
-      when "IssueCustomField" 
-        @custom_field = IssueCustomField.new(params[:custom_field])
-        @custom_field.trackers = Tracker.find(params[:tracker_ids]) if params[:tracker_ids]
-      when "UserCustomField" 
-        @custom_field = UserCustomField.new(params[:custom_field])
-      when "ProjectCustomField" 
-        @custom_field = ProjectCustomField.new(params[:custom_field])
-      when "TimeEntryCustomField" 
-        @custom_field = TimeEntryCustomField.new(params[:custom_field])
-      else
-        redirect_to :action => 'list'
-        return
-    end  
+    @custom_field = begin
+      if params[:type].to_s.match(/.+CustomField$/)
+        params[:type].to_s.constantize.new(params[:custom_field])
+      end
+    rescue
+    end
+    (redirect_to(:action => 'index'); return) unless @custom_field.is_a?(CustomField)
+    
    if request.post? and @custom_field.save
      flash[:notice] = l(:notice_successful_create)
-      redirect_to :action => 'list', :tab => @custom_field.class.name
+      call_hook(:controller_custom_fields_new_after_save, :params => params, :custom_field => @custom_field)
+      redirect_to :action => 'index', :tab => @custom_field.class.name
    end
    @trackers = Tracker.find(:all, :order => 'position')
  end
@@ -54,35 +45,18 @@ class CustomFieldsController < ApplicationController
  def edit
    @custom_field = CustomField.find(params[:id])
    if request.post? and @custom_field.update_attributes(params[:custom_field])
-      if @custom_field.is_a? IssueCustomField
-        @custom_field.trackers = params[:tracker_ids] ? Tracker.find(params[:tracker_ids]) : []
-      end
      flash[:notice] = l(:notice_successful_update)
-      redirect_to :action => 'list', :tab => @custom_field.class.name
+      call_hook(:controller_custom_fields_edit_after_save, :params => params, :custom_field => @custom_field)
+      redirect_to :action => 'index', :tab => @custom_field.class.name
    end
    @trackers = Tracker.find(:all, :order => 'position')
  end
-
-  def move
-    @custom_field = CustomField.find(params[:id])
-    case params[:position]
-    when 'highest'
-      @custom_field.move_to_top
-    when 'higher'
-      @custom_field.move_higher
-    when 'lower'
-      @custom_field.move_lower
-    when 'lowest'
-      @custom_field.move_to_bottom
-    end if params[:position]
-    redirect_to :action => 'list', :tab => @custom_field.class.name
-  end
  
  def destroy
    @custom_field = CustomField.find(params[:id]).destroy
-    redirect_to :action => 'list', :tab => @custom_field.class.name
+    redirect_to :action => 'index', :tab => @custom_field.class.name
  rescue
    flash[:error] = "Unable to delete custom field"
-    redirect_to :action => 'list'
+    redirect_to :action => 'index'
  end
 end
--- a/app/controllers/documents_controller.rb
+++ b/app/controllers/documents_controller.rb
@@ -16,6 +16,7 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class DocumentsController < ApplicationController
+  default_search_scope :documents
  before_filter :find_project, :only => [:index, :new]
  before_filter :find_document, :except => [:index, :new]
  before_filter :authorize
@@ -27,7 +28,7 @@ class DocumentsController < ApplicationController
    documents = @project.documents.find :all, :include => [:attachments, :category]
    case @sort_by
    when 'date'
-      @grouped = documents.group_by {|d| d.created_on.to_date }
+      @grouped = documents.group_by {|d| d.updated_on.to_date }
    when 'title'
      @grouped = documents.group_by {|d| d.title.first.upcase}
    when 'author'
@@ -35,6 +36,7 @@ class DocumentsController < ApplicationController
    else
      @grouped = documents.group_by(&:category)
    end
+    @document = @project.documents.build
    render :layout => false if request.xhr?
  end
  
@@ -47,13 +49,12 @@ class DocumentsController < ApplicationController
    if request.post? and @document.save	
      attach_files(@document, params[:attachments])
      flash[:notice] = l(:notice_successful_create)
-      Mailer.deliver_document_added(@document) if Setting.notified_events.include?('document_added')
      redirect_to :action => 'index', :project_id => @project
    end
  end
  
  def edit
-    @categories = Enumeration::get_values('DCAT')
+    @categories = DocumentCategory.all
    if request.post? and @document.update_attributes(params[:document])
      flash[:notice] = l(:notice_successful_update)
      redirect_to :action => 'show', :id => @document
@@ -70,11 +71,6 @@ class DocumentsController < ApplicationController
    Mailer.deliver_attachments_added(attachments) if !attachments.empty? && Setting.notified_events.include?('document_added')
    redirect_to :action => 'show', :id => @document
  end
-  
-  def destroy_attachment
-    @document.attachments.find(params[:attachment_id]).destroy
-    redirect_to :action => 'show', :id => @document
-  end

 private
  def find_project
--- a/app/controllers/enumerations_controller.rb
+++ b/app/controllers/enumerations_controller.rb
@@ -16,7 +16,12 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class EnumerationsController < ApplicationController
+  layout 'admin'
+  
  before_filter :require_admin
+
+  helper :custom_fields
+  include CustomFieldsHelper
  
  def index
    list
@@ -31,14 +36,19 @@ class EnumerationsController < ApplicationController
  end

  def new
-    @enumeration = Enumeration.new(:opt => params[:opt])
+    begin
+      @enumeration = params[:type].constantize.new
+    rescue NameError
+      @enumeration = Enumeration.new      
+    end
  end

  def create
    @enumeration = Enumeration.new(params[:enumeration])
+    @enumeration.type = params[:enumeration][:type]
    if @enumeration.save
      flash[:notice] = l(:notice_successful_create)
-      redirect_to :action => 'list', :opt => @enumeration.opt
+      redirect_to :action => 'list', :type => @enumeration.type
    else
      render :action => 'new'
    end
@@ -50,28 +60,14 @@ class EnumerationsController < ApplicationController

  def update
    @enumeration = Enumeration.find(params[:id])
+    @enumeration.type = params[:enumeration][:type] if params[:enumeration][:type]
    if @enumeration.update_attributes(params[:enumeration])
      flash[:notice] = l(:notice_successful_update)
-      redirect_to :action => 'list', :opt => @enumeration.opt
+      redirect_to :action => 'list', :type => @enumeration.type
    else
      render :action => 'edit'
    end
  end
-
-  def move
-    @enumeration = Enumeration.find(params[:id])
-    case params[:position]
-    when 'highest'
-      @enumeration.move_to_top
-    when 'higher'
-      @enumeration.move_higher
-    when 'lower'
-      @enumeration.move_lower
-    when 'lowest'
-      @enumeration.move_to_bottom
-    end if params[:position]
-    redirect_to :action => 'index'
-  end
  
  def destroy
    @enumeration = Enumeration.find(params[:id])
@@ -80,12 +76,12 @@ class EnumerationsController < ApplicationController
      @enumeration.destroy
      redirect_to :action => 'index'
    elsif params[:reassign_to_id]
-      if reassign_to = Enumeration.find_by_opt_and_id(@enumeration.opt, params[:reassign_to_id])
+      if reassign_to = @enumeration.class.find_by_id(params[:reassign_to_id])
        @enumeration.destroy(reassign_to)
        redirect_to :action => 'index'
      end
    end
-    @enumerations = Enumeration.get_values(@enumeration.opt) - [@enumeration]
+    @enumerations = @enumeration.class.find(:all) - [@enumeration]
  #rescue
  #  flash[:error] = 'Unable to delete enumeration'
  #  redirect_to :action => 'index'
--- a/app/controllers/groups_controller.rb
+++ b/app/controllers/groups_controller.rb
@@ -0,0 +1,163 @@
+# Redmine - project management software
+# Copyright (C) 2006-2009  Jean-Philippe Lang
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+# 
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+
+class GroupsController < ApplicationController
+  layout 'admin'
+  
+  before_filter :require_admin
+  
+  helper :custom_fields
+  
+  # GET /groups
+  # GET /groups.xml
+  def index
+    @groups = Group.find(:all, :order => 'lastname')
+
+    respond_to do |format|
+      format.html # index.html.erb
+      format.xml  { render :xml => @groups }
+    end
+  end
+
+  # GET /groups/1
+  # GET /groups/1.xml
+  def show
+    @group = Group.find(params[:id])
+
+    respond_to do |format|
+      format.html # show.html.erb
+      format.xml  { render :xml => @group }
+    end
+  end
+
+  # GET /groups/new
+  # GET /groups/new.xml
+  def new
+    @group = Group.new
+    
+    respond_to do |format|
+      format.html # new.html.erb
+      format.xml  { render :xml => @group }
+    end
+  end
+
+  # GET /groups/1/edit
+  def edit
+    @group = Group.find(params[:id])
+  end
+
+  # POST /groups
+  # POST /groups.xml
+  def create
+    @group = Group.new(params[:group])
+
+    respond_to do |format|
+      if @group.save
+        flash[:notice] = l(:notice_successful_create)
+        format.html { redirect_to(groups_path) }
+        format.xml  { render :xml => @group, :status => :created, :location => @group }
+      else
+        format.html { render :action => "new" }
+        format.xml  { render :xml => @group.errors, :status => :unprocessable_entity }
+      end
+    end
+  end
+
+  # PUT /groups/1
+  # PUT /groups/1.xml
+  def update
+    @group = Group.find(params[:id])
+
+    respond_to do |format|
+      if @group.update_attributes(params[:group])
+        flash[:notice] = l(:notice_successful_update)
+        format.html { redirect_to(groups_path) }
+        format.xml  { head :ok }
+      else
+        format.html { render :action => "edit" }
+        format.xml  { render :xml => @group.errors, :status => :unprocessable_entity }
+      end
+    end
+  end
+
+  # DELETE /groups/1
+  # DELETE /groups/1.xml
+  def destroy
+    @group = Group.find(params[:id])
+    @group.destroy
+
+    respond_to do |format|
+      format.html { redirect_to(groups_url) }
+      format.xml  { head :ok }
+    end
+  end
+  
+  def add_users
+    @group = Group.find(params[:id])
+    users = User.find_all_by_id(params[:user_ids])
+    @group.users << users if request.post?
+    respond_to do |format|
+      format.html { redirect_to :controller => 'groups', :action => 'edit', :id => @group, :tab => 'users' }
+      format.js { 
+        render(:update) {|page| 
+          page.replace_html "tab-content-users", :partial => 'groups/users'
+          users.each {|user| page.visual_effect(:highlight, "user-#{user.id}") }
+        }
+      }
+    end
+  end
+  
+  def remove_user
+    @group = Group.find(params[:id])
+    @group.users.delete(User.find(params[:user_id])) if request.post?
+    respond_to do |format|
+      format.html { redirect_to :controller => 'groups', :action => 'edit', :id => @group, :tab => 'users' }
+      format.js { render(:update) {|page| page.replace_html "tab-content-users", :partial => 'groups/users'} }
+    end
+  end
+  
+  def autocomplete_for_user
+    @group = Group.find(params[:id])
+    @users = User.active.like(params[:q]).find(:all, :limit => 100) - @group.users
+    render :layout => false
+  end
+  
+  def edit_membership
+    @group = Group.find(params[:id])
+    @membership = params[:membership_id] ? Member.find(params[:membership_id]) : Member.new(:principal => @group)
+    @membership.attributes = params[:membership]
+    @membership.save if request.post?
+    respond_to do |format|
+       format.html { redirect_to :controller => 'groups', :action => 'edit', :id => @group, :tab => 'memberships' }
+       format.js { 
+         render(:update) {|page| 
+           page.replace_html "tab-content-memberships", :partial => 'groups/memberships'
+           page.visual_effect(:highlight, "member-#{@membership.id}")
+         }
+       }
+     end
+  end
+  
+  def destroy_membership
+    @group = Group.find(params[:id])
+    Member.find(params[:membership_id]).destroy if request.post?
+    respond_to do |format|
+      format.html { redirect_to :controller => 'groups', :action => 'edit', :id => @group, :tab => 'memberships' }
+      format.js { render(:update) {|page| page.replace_html "tab-content-memberships", :partial => 'groups/memberships'} }
+    end
+  end
+end
--- a/app/controllers/issue_relations_controller.rb
+++ b/app/controllers/issue_relations_controller.rb
@@ -21,6 +21,9 @@ class IssueRelationsController < ApplicationController
  def new
    @relation = IssueRelation.new(params[:relation])
    @relation.issue_from = @issue
+    if params[:relation] && m = params[:relation][:issue_to_id].to_s.match(/^#?(\d+)$/)
+      @relation.issue_to = Issue.visible.find_by_id(m[1].to_i)
+    end
    @relation.save if request.post?
    respond_to do |format|
      format.html { redirect_to :controller => 'issues', :action => 'show', :id => @issue }
--- a/app/controllers/issue_statuses_controller.rb
+++ b/app/controllers/issue_statuses_controller.rb
@@ -16,9 +16,11 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class IssueStatusesController < ApplicationController
+  layout 'admin'
+  
  before_filter :require_admin

-  verify :method => :post, :only => [ :destroy, :create, :update, :move ],
+  verify :method => :post, :only => [ :destroy, :create, :update, :move, :update_issue_done_ratio ],
         :redirect_to => { :action => :list }
         
  def index
@@ -58,21 +60,6 @@ class IssueStatusesController < ApplicationController
      render :action => 'edit'
    end
  end
-  
-  def move
-    @issue_status = IssueStatus.find(params[:id])
-    case params[:position]
-    when 'highest'
-      @issue_status.move_to_top
-    when 'higher'
-      @issue_status.move_higher
-    when 'lower'
-      @issue_status.move_lower
-    when 'lowest'
-      @issue_status.move_to_bottom
-    end if params[:position]
-    redirect_to :action => 'list'
-  end

  def destroy
    IssueStatus.find(params[:id]).destroy
@@ -81,4 +68,13 @@ class IssueStatusesController < ApplicationController
    flash[:error] = "Unable to delete issue status"
    redirect_to :action => 'list'
  end  	
+  
+  def update_issue_done_ratio
+    if IssueStatus.update_issue_done_ratios
+      flash[:notice] = l(:notice_issue_done_ratios_updated)
+    else
+      flash[:error] =  l(:error_issue_done_ratios_not_updated)
+    end
+    redirect_to :action => 'list'
+  end
 end
--- a/app/controllers/issues_controller.rb
+++ b/app/controllers/issues_controller.rb
@@ -17,21 +17,22 @@

 class IssuesController < ApplicationController
  menu_item :new_issue, :only => :new
+  default_search_scope :issues
  
-  before_filter :find_issue, :only => [:show, :edit, :reply, :destroy_attachment]
+  before_filter :find_issue, :only => [:show, :edit, :reply]
  before_filter :find_issues, :only => [:bulk_edit, :move, :destroy]
  before_filter :find_project, :only => [:new, :update_form, :preview]
-  before_filter :authorize, :except => [:index, :changes, :gantt, :calendar, :preview, :update_form, :context_menu]
+  before_filter :authorize, :except => [:index, :changes, :gantt, :calendar, :preview, :context_menu]
  before_filter :find_optional_project, :only => [:index, :changes, :gantt, :calendar]
-  accept_key_auth :index, :changes
+  accept_key_auth :index, :show, :changes

+  rescue_from Query::StatementInvalid, :with => :query_statement_invalid
+  
  helper :journals
  helper :projects
  include ProjectsHelper   
  helper :custom_fields
  include CustomFieldsHelper
-  helper :ifpdf
-  include IfpdfHelper
  helper :issue_relations
  include IssueRelationsHelper
  helper :watchers
@@ -39,35 +40,45 @@ class IssuesController < ApplicationController
  helper :attachments
  include AttachmentsHelper
  helper :queries
+  include QueriesHelper
  helper :sort
  include SortHelper
  include IssuesHelper
  helper :timelog
+  include Redmine::Export::PDF

+  verify :method => :post,
+         :only => :destroy,
+         :render => { :nothing => true, :status => :method_not_allowed }
+           
  def index
-    sort_init "#{Issue.table_name}.id", "desc"
-    sort_update
    retrieve_query
+    sort_init(@query.sort_criteria.empty? ? [['id', 'desc']] : @query.sort_criteria)
+    sort_update({'id' => "#{Issue.table_name}.id"}.merge(@query.available_columns.inject({}) {|h, c| h[c.name.to_s] = c.sortable; h}))
+    
    if @query.valid?
-      limit = per_page_option
-      respond_to do |format|
-        format.html { }
-        format.atom { }
-        format.csv  { limit = Setting.issues_export_limit.to_i }
-        format.pdf  { limit = Setting.issues_export_limit.to_i }
+      limit = case params[:format]
+      when 'csv', 'pdf'
+        Setting.issues_export_limit.to_i
+      when 'atom'
+        Setting.feeds_limit.to_i
+      else
+        per_page_option
      end
-      @issue_count = Issue.count(:include => [:status, :project], :conditions => @query.statement)
+      
+      @issue_count = @query.issue_count
      @issue_pages = Paginator.new self, @issue_count, limit, params['page']
-      @issues = Issue.find :all, :order => sort_clause,
-                           :include => [ :assigned_to, :status, :tracker, :project, :priority, :category, :fixed_version ],
-                           :conditions => @query.statement,
-                           :limit  =>  limit,
-                           :offset =>  @issue_pages.current.offset
+      @issues = @query.issues(:include => [:assigned_to, :tracker, :priority, :category, :fixed_version],
+                              :order => sort_clause, 
+                              :offset => @issue_pages.current.offset, 
+                              :limit => limit)
+      @issue_count_by_group = @query.issue_count_by_group
+      
      respond_to do |format|
        format.html { render :template => 'issues/index.rhtml', :layout => !request.xhr? }
        format.atom { render_feed(@issues, :title => "#{@project || Setting.app_title}: #{l(:label_issue_plural)}") }
-        format.csv  { send_data(issues_to_csv(@issues, @project).read, :type => 'text/csv; header=present', :filename => 'export.csv') }
-        format.pdf  { send_data(render(:template => 'issues/index.rfpdf', :layout => false), :type => 'application/pdf', :filename => 'export.pdf') }
+        format.csv  { send_data(issues_to_csv(@issues, @project), :type => 'text/csv; header=present', :filename => 'export.csv') }
+        format.pdf  { send_data(issues_to_pdf(@issues, @project, @query), :type => 'application/pdf', :filename => 'export.pdf') }
      end
    else
      # Send html if the query is not valid
@@ -78,14 +89,13 @@ class IssuesController < ApplicationController
  end
  
  def changes
-    sort_init "#{Issue.table_name}.id", "desc"
-    sort_update
    retrieve_query
+    sort_init 'id', 'desc'
+    sort_update({'id' => "#{Issue.table_name}.id"}.merge(@query.available_columns.inject({}) {|h, c| h[c.name.to_s] = c.sortable; h}))
+    
    if @query.valid?
-      @journals = Journal.find :all, :include => [ :details, :user, {:issue => [:project, :author, :tracker, :status]} ],
-                                     :conditions => @query.statement,
-                                     :limit => 25,
-                                     :order => "#{Journal.table_name}.created_on DESC"
+      @journals = @query.journals(:order => "#{Journal.table_name}.created_on DESC", 
+                                  :limit => 25)
    end
    @title = (@project ? @project.name : Setting.app_title) + ": " + (@query.new_record? ? l(:label_changes_details) : @query.name)
    render :layout => false, :content_type => 'application/atom+xml'
@@ -97,14 +107,16 @@ class IssuesController < ApplicationController
    @journals = @issue.journals.find(:all, :include => [:user, :details], :order => "#{Journal.table_name}.created_on ASC")
    @journals.each_with_index {|j,i| j.indice = i+1}
    @journals.reverse! if User.current.wants_comments_in_reverse_order?
+    @changesets = @issue.changesets.visible.all
+    @changesets.reverse! if User.current.wants_comments_in_reverse_order?
    @allowed_statuses = @issue.new_statuses_allowed_to(User.current)
    @edit_allowed = User.current.allowed_to?(:edit_issues, @project)
-    @priorities = Enumeration::get_values('IPRI')
+    @priorities = IssuePriority.all
    @time_entry = TimeEntry.new
    respond_to do |format|
      format.html { render :template => 'issues/show.rhtml' }
      format.atom { render :action => 'changes', :layout => false, :content_type => 'application/atom+xml' }
-      format.pdf  { send_data(render(:template => 'issues/show.rfpdf', :layout => false), :type => 'application/pdf', :filename => "#{@project.identifier}-#{@issue.id}.pdf") }
+      format.pdf  { send_data(issue_to_pdf(@issue), :type => 'application/pdf', :filename => "#{@project.identifier}-#{@issue.id}.pdf") }
    end
  end

@@ -117,37 +129,40 @@ class IssuesController < ApplicationController
    # Tracker must be set before custom field values
    @issue.tracker ||= @project.trackers.find((params[:issue] && params[:issue][:tracker_id]) || params[:tracker_id] || :first)
    if @issue.tracker.nil?
-      flash.now[:error] = 'No tracker is associated to this project. Please check the Project settings.'
-      render :nothing => true, :layout => true
+      render_error l(:error_no_tracker_in_project)
      return
    end
-    @issue.attributes = params[:issue]
+    if params[:issue].is_a?(Hash)
+      @issue.attributes = params[:issue]
+      @issue.watcher_user_ids = params[:issue]['watcher_user_ids'] if User.current.allowed_to?(:add_issue_watchers, @project)
+    end
    @issue.author = User.current
    
    default_status = IssueStatus.default
    unless default_status
-      flash.now[:error] = 'No default issue status is defined. Please check your configuration (Go to "Administration -> Issue statuses").'
-      render :nothing => true, :layout => true
+      render_error l(:error_no_default_issue_status)
      return
    end    
    @issue.status = default_status
-    @allowed_statuses = ([default_status] + default_status.find_new_statuses_allowed_to(User.current.role_for_project(@project), @issue.tracker)).uniq
+    @allowed_statuses = ([default_status] + default_status.find_new_statuses_allowed_to(User.current.roles_for_project(@project), @issue.tracker)).uniq
    
    if request.get? || request.xhr?
      @issue.start_date ||= Date.today
    else
-      requested_status = IssueStatus.find_by_id(params[:issue][:status_id])
+      requested_status = IssueStatus.find_by_id(params[:issue][:status_id]) if params[:issue]
      # Check that the user is allowed to apply the requested status
      @issue.status = (@allowed_statuses.include? requested_status) ? requested_status : default_status
+      call_hook(:controller_issues_new_before_save, { :params => params, :issue => @issue })
      if @issue.save
        attach_files(@issue, params[:attachments])
        flash[:notice] = l(:notice_successful_create)
-        Mailer.deliver_issue_add(@issue) if Setting.notified_events.include?('issue_added')
-        redirect_to :controller => 'issues', :action => 'show', :id => @issue
+        call_hook(:controller_issues_new_after_save, { :params => params, :issue => @issue})
+        redirect_to(params[:continue] ? { :action => 'new', :tracker_id => @issue.tracker } :
+                                        { :action => 'show', :id => @issue })
        return
      end		
    end	
-    @priorities = Enumeration::get_values('IPRI')
+    @priorities = IssuePriority.all
    render :layout => !request.xhr?
  end
  
@@ -157,7 +172,7 @@ class IssuesController < ApplicationController
  
  def edit
    @allowed_statuses = @issue.new_statuses_allowed_to(User.current)
-    @priorities = Enumeration::get_values('IPRI')
+    @priorities = IssuePriority.all
    @edit_allowed = User.current.allowed_to?(:edit_issues, @project)
    @time_entry = TimeEntry.new
    
@@ -174,27 +189,29 @@ class IssuesController < ApplicationController
    if request.post?
      @time_entry = TimeEntry.new(:project => @project, :issue => @issue, :user => User.current, :spent_on => Date.today)
      @time_entry.attributes = params[:time_entry]
-      attachments = attach_files(@issue, params[:attachments])
-      attachments.each {|a| journal.details << JournalDetail.new(:property => 'attachment', :prop_key => a.id, :value => a.filename)}
-      
-      call_hook(:controller_issues_edit_before_save, { :params => params, :issue => @issue, :time_entry => @time_entry, :journal => journal})
-
-      if (@time_entry.hours.nil? || @time_entry.valid?) && @issue.save
-        # Log spend time
-        if current_role.allowed_to?(:log_time)
-          @time_entry.save
+      if (@time_entry.hours.nil? || @time_entry.valid?) && @issue.valid?
+        attachments = attach_files(@issue, params[:attachments])
+        attachments.each {|a| journal.details << JournalDetail.new(:property => 'attachment', :prop_key => a.id, :value => a.filename)}
+        call_hook(:controller_issues_edit_before_save, { :params => params, :issue => @issue, :time_entry => @time_entry, :journal => journal})
+        if @issue.save
+          # Log spend time
+          if User.current.allowed_to?(:log_time, @project)
+            @time_entry.save
+          end
+          if !journal.new_record?
+            # Only send notification if something was actually changed
+            flash[:notice] = l(:notice_successful_update)
+          end
+          call_hook(:controller_issues_edit_after_save, { :params => params, :issue => @issue, :time_entry => @time_entry, :journal => journal})
+          redirect_back_or_default({:action => 'show', :id => @issue})
        end
-        if !journal.new_record?
-          # Only send notification if something was actually changed
-          flash[:notice] = l(:notice_successful_update)
-          Mailer.deliver_issue_edit(journal) if Setting.notified_events.include?('issue_updated')
-        end
-        redirect_to(params[:back_to] || {:action => 'show', :id => @issue})
      end
    end
  rescue ActiveRecord::StaleObjectError
    # Optimistic locking exception
    flash.now[:error] = l(:notice_locking_conflict)
+    # Remove the previously added attachments if issue was not updated
+    attachments.each(&:destroy)
  end

  def reply
@@ -206,10 +223,13 @@ class IssuesController < ApplicationController
      user = @issue.author
      text = @issue.description
    end
-    content = "#{ll(Setting.default_language, :text_user_wrote, user)}\\n> "
-    content << text.to_s.strip.gsub(%r{<pre>((.|\s)*?)</pre>}m, '[...]').gsub('"', '\"').gsub(/(\r?\n|\r\n?)/, "\\n> ") + "\\n\\n"
+    # Replaces pre blocks with [...]
+    text = text.to_s.strip.gsub(%r{<pre>((.|\s)*?)</pre>}m, '[...]')
+    content = "#{ll(Setting.default_language, :text_user_wrote, user)}\n> "
+    content << text.gsub(/(\r?\n|\r\n?)/, "\n> ") + "\n\n"
+      
    render(:update) { |page|
-      page.<< "$('notes').value = \"#{content}\";"
+      page.<< "$('notes').value = \"#{escape_javascript content}\";"
      page.show 'update'
      page << "Form.Element.focus('notes');"
      page << "Element.scrollTo('update');"
@@ -220,15 +240,18 @@ class IssuesController < ApplicationController
  # Bulk edit a set of issues
  def bulk_edit
    if request.post?
+      tracker = params[:tracker_id].blank? ? nil : @project.trackers.find_by_id(params[:tracker_id])
      status = params[:status_id].blank? ? nil : IssueStatus.find_by_id(params[:status_id])
-      priority = params[:priority_id].blank? ? nil : Enumeration.find_by_id(params[:priority_id])
+      priority = params[:priority_id].blank? ? nil : IssuePriority.find_by_id(params[:priority_id])
      assigned_to = (params[:assigned_to_id].blank? || params[:assigned_to_id] == 'none') ? nil : User.find_by_id(params[:assigned_to_id])
      category = (params[:category_id].blank? || params[:category_id] == 'none') ? nil : @project.issue_categories.find_by_id(params[:category_id])
-      fixed_version = (params[:fixed_version_id].blank? || params[:fixed_version_id] == 'none') ? nil : @project.versions.find_by_id(params[:fixed_version_id])
+      fixed_version = (params[:fixed_version_id].blank? || params[:fixed_version_id] == 'none') ? nil : @project.shared_versions.find_by_id(params[:fixed_version_id])
+      custom_field_values = params[:custom_field_values] ? params[:custom_field_values].reject {|k,v| v.blank?} : nil
      
      unsaved_issue_ids = []      
      @issues.each do |issue|
        journal = issue.init_journal(User.current, params[:notes])
+        issue.tracker = tracker if tracker
        issue.priority = priority if priority
        issue.assigned_to = assigned_to if assigned_to || params[:assigned_to_id] == 'none'
        issue.category = category if category || params[:category_id] == 'none'
@@ -236,12 +259,10 @@ class IssuesController < ApplicationController
        issue.start_date = params[:start_date] unless params[:start_date].blank?
        issue.due_date = params[:due_date] unless params[:due_date].blank?
        issue.done_ratio = params[:done_ratio] unless params[:done_ratio].blank?
+        issue.custom_field_values = custom_field_values if custom_field_values && !custom_field_values.empty?
        call_hook(:controller_issues_bulk_edit_before_save, { :params => params, :issue => issue })
        # Don't save any change to the issue if the user is not authorized to apply the requested status
-        if (status.nil? || (issue.status.new_status_allowed_to?(status, current_role, issue.tracker) && issue.status = status)) && issue.save
-          # Send notification for each issue (if changed)
-          Mailer.deliver_issue_edit(journal) if journal.details.any? && Setting.notified_events.include?('issue_updated')
-        else
+        unless (status.nil? || (issue.new_statuses_allowed_to(User.current).include?(status) && issue.status = status)) && issue.save
          # Keep unsaved issue ids to display them in flash error
          unsaved_issue_ids << issue.id
        end
@@ -249,41 +270,58 @@ class IssuesController < ApplicationController
      if unsaved_issue_ids.empty?
        flash[:notice] = l(:notice_successful_update) unless @issues.empty?
      else
-        flash[:error] = l(:notice_failed_to_save_issues, unsaved_issue_ids.size, @issues.size, '#' + unsaved_issue_ids.join(', #'))
+        flash[:error] = l(:notice_failed_to_save_issues, :count => unsaved_issue_ids.size,
+                                                         :total => @issues.size,
+                                                         :ids => '#' + unsaved_issue_ids.join(', #'))
      end
-      redirect_to(params[:back_to] || {:controller => 'issues', :action => 'index', :project_id => @project})
+      redirect_back_or_default({:controller => 'issues', :action => 'index', :project_id => @project})
      return
    end
-    # Find potential statuses the user could be allowed to switch issues to
-    @available_statuses = Workflow.find(:all, :include => :new_status,
-                                              :conditions => {:role_id => current_role.id}).collect(&:new_status).compact.uniq.sort
+    @available_statuses = Workflow.available_statuses(@project)
+    @custom_fields = @project.all_issue_custom_fields
  end

  def move
-    @allowed_projects = []
-    # find projects to which the user is allowed to move the issue
-    if User.current.admin?
-      # admin is allowed to move issues to any active (visible) project
-      @allowed_projects = Project.find(:all, :conditions => Project.visible_by(User.current), :order => 'name')
-    else
-      User.current.memberships.each {|m| @allowed_projects << m.project if m.role.allowed_to?(:move_issues)}
-    end
+    @copy = params[:copy_options] && params[:copy_options][:copy]
+    @allowed_projects = Issue.allowed_target_projects_on_move
    @target_project = @allowed_projects.detect {|p| p.id.to_s == params[:new_project_id]} if params[:new_project_id]
    @target_project ||= @project    
    @trackers = @target_project.trackers
+    @available_statuses = Workflow.available_statuses(@project)
    if request.post?
      new_tracker = params[:new_tracker_id].blank? ? nil : @target_project.trackers.find_by_id(params[:new_tracker_id])
      unsaved_issue_ids = []
+      moved_issues = []
      @issues.each do |issue|
+        changed_attributes = {}
+        [:assigned_to_id, :status_id, :start_date, :due_date].each do |valid_attribute|
+          unless params[valid_attribute].blank?
+            changed_attributes[valid_attribute] = (params[valid_attribute] == 'none' ? nil : params[valid_attribute])
+          end 
+        end
        issue.init_journal(User.current)
-        unsaved_issue_ids << issue.id unless issue.move_to(@target_project, new_tracker)
+        if r = issue.move_to(@target_project, new_tracker, {:copy => @copy, :attributes => changed_attributes})
+          moved_issues << r
+        else
+          unsaved_issue_ids << issue.id
+        end
      end
      if unsaved_issue_ids.empty?
        flash[:notice] = l(:notice_successful_update) unless @issues.empty?
      else
-        flash[:error] = l(:notice_failed_to_save_issues, unsaved_issue_ids.size, @issues.size, '#' + unsaved_issue_ids.join(', #'))
+        flash[:error] = l(:notice_failed_to_save_issues, :count => unsaved_issue_ids.size,
+                                                         :total => @issues.size,
+                                                         :ids => '#' + unsaved_issue_ids.join(', #'))
+      end
+      if params[:follow]
+        if @issues.size == 1 && moved_issues.size == 1
+          redirect_to :controller => 'issues', :action => 'show', :id => moved_issues.first
+        else
+          redirect_to :controller => 'issues', :action => 'index', :project_id => (@target_project || @project)
+        end
+      else
+        redirect_to :controller => 'issues', :action => 'index', :project_id => @project
      end
-      redirect_to :controller => 'issues', :action => 'index', :project_id => @project
      return
    end
    render :layout => false if request.xhr?
@@ -313,46 +351,35 @@ class IssuesController < ApplicationController
    @issues.each(&:destroy)
    redirect_to :action => 'index', :project_id => @project
  end
-
-  def destroy_attachment
-    a = @issue.attachments.find(params[:attachment_id])
-    a.destroy
-    journal = @issue.init_journal(User.current)
-    journal.details << JournalDetail.new(:property => 'attachment',
-                                         :prop_key => a.id,
-                                         :old_value => a.filename)
-    journal.save
-    redirect_to :action => 'show', :id => @issue
-  end
  
  def gantt
    @gantt = Redmine::Helpers::Gantt.new(params)
    retrieve_query
+    @query.group_by = nil
    if @query.valid?
      events = []
      # Issues that have start and due dates
-      events += Issue.find(:all, 
-                           :order => "start_date, due_date",
-                           :include => [:tracker, :status, :assigned_to, :priority, :project], 
-                           :conditions => ["(#{@query.statement}) AND (((start_date>=? and start_date<=?) or (due_date>=? and due_date<=?) or (start_date<? and due_date>?)) and start_date is not null and due_date is not null)", @gantt.date_from, @gantt.date_to, @gantt.date_from, @gantt.date_to, @gantt.date_from, @gantt.date_to]
-                           )
+      events += @query.issues(:include => [:tracker, :assigned_to, :priority],
+                              :order => "start_date, due_date",
+                              :conditions => ["(((start_date>=? and start_date<=?) or (due_date>=? and due_date<=?) or (start_date<? and due_date>?)) and start_date is not null and due_date is not null)", @gantt.date_from, @gantt.date_to, @gantt.date_from, @gantt.date_to, @gantt.date_from, @gantt.date_to]
+                              )
      # Issues that don't have a due date but that are assigned to a version with a date
-      events += Issue.find(:all, 
-                           :order => "start_date, effective_date",
-                           :include => [:tracker, :status, :assigned_to, :priority, :project, :fixed_version], 
-                           :conditions => ["(#{@query.statement}) AND (((start_date>=? and start_date<=?) or (effective_date>=? and effective_date<=?) or (start_date<? and effective_date>?)) and start_date is not null and due_date is null and effective_date is not null)", @gantt.date_from, @gantt.date_to, @gantt.date_from, @gantt.date_to, @gantt.date_from, @gantt.date_to]
-                           )
+      events += @query.issues(:include => [:tracker, :assigned_to, :priority, :fixed_version],
+                              :order => "start_date, effective_date",
+                              :conditions => ["(((start_date>=? and start_date<=?) or (effective_date>=? and effective_date<=?) or (start_date<? and effective_date>?)) and start_date is not null and due_date is null and effective_date is not null)", @gantt.date_from, @gantt.date_to, @gantt.date_from, @gantt.date_to, @gantt.date_from, @gantt.date_to]
+                              )
      # Versions
-      events += Version.find(:all, :include => :project,
-                                   :conditions => ["(#{@query.project_statement}) AND effective_date BETWEEN ? AND ?", @gantt.date_from, @gantt.date_to])
+      events += @query.versions(:conditions => ["effective_date BETWEEN ? AND ?", @gantt.date_from, @gantt.date_to])
                                   
      @gantt.events = events
    end
    
+    basename = (@project ? "#{@project.identifier}-" : '') + 'gantt'
+    
    respond_to do |format|
      format.html { render :template => "issues/gantt.rhtml", :layout => !request.xhr? }
-      format.png  { send_data(@gantt.to_image, :disposition => 'inline', :type => 'image/png', :filename => "#{@project.identifier}-gantt.png") } if @gantt.respond_to?('to_image')
-      format.pdf  { send_data(render(:template => "issues/gantt.rfpdf", :layout => false), :type => 'application/pdf', :filename => "#{@project.nil? ? '' : "#{@project.identifier}-" }gantt.pdf") }
+      format.png  { send_data(@gantt.to_image, :disposition => 'inline', :type => 'image/png', :filename => "#{basename}.png") } if @gantt.respond_to?('to_image')
+      format.pdf  { send_data(gantt_to_pdf(@gantt, @project), :type => 'application/pdf', :filename => "#{basename}.pdf") }
    end
  end
  
@@ -368,14 +395,13 @@ class IssuesController < ApplicationController
    
    @calendar = Redmine::Helpers::Calendar.new(Date.civil(@year, @month, 1), current_language, :month)
    retrieve_query
+    @query.group_by = nil
    if @query.valid?
      events = []
-      events += Issue.find(:all, 
-                           :include => [:tracker, :status, :assigned_to, :priority, :project], 
-                           :conditions => ["(#{@query.statement}) AND ((start_date BETWEEN ? AND ?) OR (due_date BETWEEN ? AND ?))", @calendar.startdt, @calendar.enddt, @calendar.startdt, @calendar.enddt]
-                           )
-      events += Version.find(:all, :include => :project,
-                                   :conditions => ["(#{@query.project_statement}) AND effective_date BETWEEN ? AND ?", @calendar.startdt, @calendar.enddt])
+      events += @query.issues(:include => [:tracker, :assigned_to, :priority],
+                              :conditions => ["((start_date BETWEEN ? AND ?) OR (due_date BETWEEN ? AND ?))", @calendar.startdt, @calendar.enddt, @calendar.startdt, @calendar.enddt]
+                              )
+      events += @query.versions(:conditions => ["effective_date BETWEEN ? AND ?", @calendar.startdt, @calendar.enddt])
                                     
      @calendar.events = events
    end
@@ -402,18 +428,28 @@ class IssuesController < ApplicationController
    if @project
      @assignables = @project.assignable_users
      @assignables << @issue.assigned_to if @issue && @issue.assigned_to && !@assignables.include?(@issue.assigned_to)
+      @trackers = @project.trackers
    end
    
-    @priorities = Enumeration.get_values('IPRI').reverse
+    @priorities = IssuePriority.all.reverse
    @statuses = IssueStatus.find(:all, :order => 'position')
-    @back = request.env['HTTP_REFERER']
+    @back = params[:back_url] || request.env['HTTP_REFERER']
    
    render :layout => false
  end

  def update_form
-    @issue = Issue.new(params[:issue])
-    render :action => :new, :layout => false
+    if params[:id].blank?
+      @issue = Issue.new
+      @issue.project = @project
+    else
+      @issue = @project.issues.visible.find(params[:id])
+    end
+    @issue.attributes = params[:issue]
+    @allowed_statuses = ([@issue.status] + @issue.status.find_new_statuses_allowed_to(User.current.roles_for_project(@project), @issue.tracker)).uniq
+    @priorities = IssuePriority.all
+    
+    render :partial => 'attributes'
  end
  
  def preview
@@ -440,7 +476,8 @@ private
      @project = projects.first
    else
      # TODO: let users bulk edit/move/destroy issues from different projects
-      render_error 'Can not bulk edit/move/destroy issues from different projects' and return false
+      render_error 'Can not bulk edit/move/destroy issues from different projects'
+      return false
    end
  rescue ActiveRecord::RecordNotFound
    render_404
@@ -468,6 +505,7 @@ private
      @query = Query.find(params[:query_id], :conditions => cond)
      @query.project = @project
      session[:query] = {:id => @query.id, :project_id => @query.project_id}
+      sort_clear
    else
      if params[:set_filter] || session[:query].nil? || session[:query][:project_id] != (@project ? @project.id : nil)
        # Give it a name, required to be valid
@@ -482,12 +520,22 @@ private
            @query.add_short_filter(field, params[field]) if params[field]
          end
        end
-        session[:query] = {:project_id => @query.project_id, :filters => @query.filters}
+        @query.group_by = params[:group_by]
+        @query.column_names = params[:query] && params[:query][:column_names]
+        session[:query] = {:project_id => @query.project_id, :filters => @query.filters, :group_by => @query.group_by, :column_names => @query.column_names}
      else
        @query = Query.find_by_id(session[:query][:id]) if session[:query][:id]
-        @query ||= Query.new(:name => "_", :project => @project, :filters => session[:query][:filters])
+        @query ||= Query.new(:name => "_", :project => @project, :filters => session[:query][:filters], :group_by => session[:query][:group_by], :column_names => session[:query][:column_names])
        @query.project = @project
      end
    end
  end
+  
+  # Rescues an invalid query statement. Just in case...
+  def query_statement_invalid(exception)
+    logger.error "Query::StatementInvalid: #{exception.message}" if logger
+    session.delete(:query)
+    sort_clear
+    render_error "An error occurred while executing the query and has been logged. Please report this error to your Redmine administrator."
+  end
 end
--- a/app/controllers/journals_controller.rb
+++ b/app/controllers/journals_controller.rb
@@ -22,6 +22,7 @@ class JournalsController < ApplicationController
    if request.post?
      @journal.update_attributes(:notes => params[:notes]) if params[:notes]
      @journal.destroy if @journal.details.empty? && @journal.notes.blank?
+      call_hook(:controller_journals_edit_post, { :journal => @journal, :params => params})
      respond_to do |format|
        format.html { redirect_to :controller => 'issues', :action => 'show', :id => @journal.journalized_id }
        format.js { render :action => 'update' }
@@ -32,7 +33,7 @@ class JournalsController < ApplicationController
 private
  def find_journal
    @journal = Journal.find(params[:id])
-    render_403 and return false unless @journal.editable_by?(User.current)
+    (render_403; return false) unless @journal.editable_by?(User.current)
    @project = @journal.journalized.project
  rescue ActiveRecord::RecordNotFound
    render_404
--- a/app/controllers/mail_handler_controller.rb
+++ b/app/controllers/mail_handler_controller.rb
@@ -37,8 +37,8 @@ class MailHandlerController < ActionController::Base
  
  def check_credential
    User.current = nil
-    unless Setting.mail_handler_api_enabled? && params[:key] == Setting.mail_handler_api_key
-      render :nothing => true, :status => 403
+    unless Setting.mail_handler_api_enabled? && params[:key].to_s == Setting.mail_handler_api_key
+      render :text => 'Access denied. Incoming emails WS is disabled or key is invalid.', :status => 403
    end
  end
 end
--- a/app/controllers/members_controller.rb
+++ b/app/controllers/members_controller.rb
@@ -16,15 +16,32 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class MembersController < ApplicationController
-  before_filter :find_member, :except => :new
-  before_filter :find_project, :only => :new
+  before_filter :find_member, :except => [:new, :autocomplete_for_member]
+  before_filter :find_project, :only => [:new, :autocomplete_for_member]
  before_filter :authorize

  def new
-    @project.members << Member.new(params[:member]) if request.post?
+    members = []
+    if params[:member] && request.post?
+      attrs = params[:member].dup
+      if (user_ids = attrs.delete(:user_ids))
+        user_ids.each do |user_id|
+          members << Member.new(attrs.merge(:user_id => user_id))
+        end
+      else
+        members << Member.new(attrs)
+      end
+      @project.members << members
+    end
    respond_to do |format|
-      format.html { redirect_to :action => 'settings', :tab => 'members', :id => @project }
-      format.js { render(:update) {|page| page.replace_html "tab-content-members", :partial => 'projects/settings/members'} }
+      format.html { redirect_to :controller => 'projects', :action => 'settings', :tab => 'members', :id => @project }
+      format.js { 
+        render(:update) {|page| 
+          page.replace_html "tab-content-members", :partial => 'projects/settings/members'
+          page << 'hideOnLoad()'
+          members.each {|member| page.visual_effect(:highlight, "member-#{member.id}") }
+        }
+      }
    end
  end
  
@@ -32,17 +49,34 @@ class MembersController < ApplicationController
    if request.post? and @member.update_attributes(params[:member])
  	 respond_to do |format|
        format.html { redirect_to :controller => 'projects', :action => 'settings', :tab => 'members', :id => @project }
-        format.js { render(:update) {|page| page.replace_html "tab-content-members", :partial => 'projects/settings/members'} }
+        format.js { 
+          render(:update) {|page| 
+            page.replace_html "tab-content-members", :partial => 'projects/settings/members'
+            page << 'hideOnLoad()'
+            page.visual_effect(:highlight, "member-#{@member.id}")
+          }
+        }
      end
    end
  end

  def destroy
-    @member.destroy
-	respond_to do |format|
-      format.html { redirect_to :controller => 'projects', :action => 'settings', :tab => 'members', :id => @project }
-      format.js { render(:update) {|page| page.replace_html "tab-content-members", :partial => 'projects/settings/members'} }
+    if request.post? && @member.deletable?
+      @member.destroy
    end
+    respond_to do |format|
+      format.html { redirect_to :controller => 'projects', :action => 'settings', :tab => 'members', :id => @project }
+      format.js { render(:update) {|page|
+          page.replace_html "tab-content-members", :partial => 'projects/settings/members'
+          page << 'hideOnLoad()'
+        }
+      }
+    end
+  end
+  
+  def autocomplete_for_member
+    @principals = Principal.active.like(params[:q]).find(:all, :limit => 100) - @project.principals
+    render :layout => false
  end

 private
--- a/app/controllers/messages_controller.rb
+++ b/app/controllers/messages_controller.rb
@@ -17,6 +17,7 @@

 class MessagesController < ApplicationController
  menu_item :boards
+  default_search_scope :messages
  before_filter :find_board, :only => [:new, :preview]
  before_filter :find_message, :except => [:new, :preview]
  before_filter :authorize, :except => [:preview, :edit, :destroy]
@@ -46,6 +47,7 @@ class MessagesController < ApplicationController
      @message.sticky = params[:message]['sticky']
    end
    if request.post? && @message.save
+      call_hook(:controller_messages_new_after_save, { :params => params, :message => @message})
      attach_files(@message, params[:attachments])
      redirect_to :action => 'show', :id => @message
    end
@@ -58,6 +60,7 @@ class MessagesController < ApplicationController
    @reply.board = @board
    @topic.children << @reply
    if !@reply.new_record?
+      call_hook(:controller_messages_reply_after_save, { :params => params, :message => @reply})
      attach_files(@reply, params[:attachments])
    end
    redirect_to :action => 'show', :id => @topic
@@ -65,7 +68,7 @@ class MessagesController < ApplicationController

  # Edit a message
  def edit
-    render_403 and return false unless @message.editable_by?(User.current)
+    (render_403; return false) unless @message.editable_by?(User.current)
    if params[:message]
      @message.locked = params[:message]['locked']
      @message.sticky = params[:message]['sticky']
@@ -73,13 +76,14 @@ class MessagesController < ApplicationController
    if request.post? && @message.update_attributes(params[:message])
      attach_files(@message, params[:attachments])
      flash[:notice] = l(:notice_successful_update)
-      redirect_to :action => 'show', :id => @topic
+      @message.reload
+      redirect_to :action => 'show', :board_id => @message.board, :id => @message.root
    end
  end
  
  # Delete a messages
  def destroy
-    render_403 and return false unless @message.destroyable_by?(User.current)
+    (render_403; return false) unless @message.destroyable_by?(User.current)
    @message.destroy
    redirect_to @message.parent.nil? ?
      { :controller => 'boards', :action => 'show', :project_id => @project, :id => @board } :
@@ -89,9 +93,12 @@ class MessagesController < ApplicationController
  def quote
    user = @message.author
    text = @message.content
+    subject = @message.subject.gsub('"', '\"')
+    subject = "RE: #{subject}" unless subject.starts_with?('RE:')
    content = "#{ll(Setting.default_language, :text_user_wrote, user)}\\n> "
    content << text.to_s.strip.gsub(%r{<pre>((.|\s)*?)</pre>}m, '[...]').gsub('"', '\"').gsub(/(\r?\n|\r\n?)/, "\\n> ") + "\\n\\n"
    render(:update) { |page|
+      page << "$('reply_subject').value = \"#{subject}\";"
      page.<< "$('message_content').value = \"#{content}\";"
      page.show 'reply'
      page << "Form.Element.focus('message_content');"
--- a/app/controllers/my_controller.rb
+++ b/app/controllers/my_controller.rb
@@ -1,5 +1,5 @@
-# redMine - project management software
-# Copyright (C) 2006  Jean-Philippe Lang
+# Redmine - project management software
+# Copyright (C) 2006-2009  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -19,6 +19,7 @@ class MyController < ApplicationController
  before_filter :require_login

  helper :issues
+  helper :custom_fields

  BLOCKS = { 'issuesassignedtome' => :label_assigned_to_me_issues,
             'issuesreportedbyme' => :label_reported_issues,
@@ -27,14 +28,13 @@ class MyController < ApplicationController
             'calendar' => :label_calendar,
             'documents' => :label_document_plural,
             'timelog' => :label_spent_time
-           }.freeze
+           }.merge(Redmine::Views::MyPage::Block.additional_blocks).freeze

  DEFAULT_LAYOUT = {  'left' => ['issuesassignedtome'], 
                      'right' => ['issuesreportedbyme'] 
                   }.freeze

  verify :xhr => true,
-         :session => :page_layout,
         :only => [:add_block, :remove_block, :order_blocks]

  def index
@@ -77,7 +77,11 @@ class MyController < ApplicationController
  # Manage user's password
  def password
    @user = User.current
-    flash[:error] = l(:notice_can_t_change_password) and redirect_to :action => 'account' and return if @user.auth_source_id
+    if @user.auth_source_id
+      flash[:error] = l(:notice_can_t_change_password)
+      redirect_to :action => 'account'
+      return
+    end
    if request.post?
      if @user.check_password?(params[:password])
        @user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation]
@@ -93,43 +97,65 @@ class MyController < ApplicationController
  
  # Create a new feeds key
  def reset_rss_key
-    if request.post? && User.current.rss_token
-      User.current.rss_token.destroy
+    if request.post?
+      if User.current.rss_token
+        User.current.rss_token.destroy
+        User.current.reload
+      end
+      User.current.rss_key
      flash[:notice] = l(:notice_feeds_access_key_reseted)
    end
    redirect_to :action => 'account'
  end

+  # Create a new API key
+  def reset_api_key
+    if request.post?
+      if User.current.api_token
+        User.current.api_token.destroy
+        User.current.reload
+      end
+      User.current.api_key
+      flash[:notice] = l(:notice_api_access_key_reseted)
+    end
+    redirect_to :action => 'account'
+  end
+
  # User's page layout configuration
  def page_layout
    @user = User.current
    @blocks = @user.pref[:my_page_layout] || DEFAULT_LAYOUT.dup
-    session[:page_layout] = @blocks
-    %w(top left right).each {|f| session[:page_layout][f] ||= [] }
    @block_options = []
-    BLOCKS.each {|k, v| @block_options << [l(v), k]}
+    BLOCKS.each {|k, v| @block_options << [l("my.blocks.#{v}", :default => [v, v.to_s.humanize]), k.dasherize]}
  end
  
  # Add a block to user's page
  # The block is added on top of the page
  # params[:block] : id of the block to add
  def add_block
-    block = params[:block]
-    render(:nothing => true) and return unless block && (BLOCKS.keys.include? block)
+    block = params[:block].to_s.underscore
+    (render :nothing => true; return) unless block && (BLOCKS.keys.include? block)
    @user = User.current
+    layout = @user.pref[:my_page_layout] || {}
    # remove if already present in a group
-    %w(top left right).each {|f| (session[:page_layout][f] ||= []).delete block }
+    %w(top left right).each {|f| (layout[f] ||= []).delete block }
    # add it on top
-    session[:page_layout]['top'].unshift block
+    layout['top'].unshift block
+    @user.pref[:my_page_layout] = layout
+    @user.pref.save 
    render :partial => "block", :locals => {:user => @user, :block_name => block}
  end
  
  # Remove a block to user's page
  # params[:block] : id of the block to remove
  def remove_block
-    block = params[:block]
+    block = params[:block].to_s.underscore
+    @user = User.current
    # remove block in all groups
-    %w(top left right).each {|f| (session[:page_layout][f] ||= []).delete block }
+    layout = @user.pref[:my_page_layout] || {}
+    %w(top left right).each {|f| (layout[f] ||= []).delete block }
+    @user.pref[:my_page_layout] = layout
+    @user.pref.save 
    render :nothing => true
  end

@@ -138,23 +164,20 @@ class MyController < ApplicationController
  # params[:list-(top|left|right)] : array of block ids of the group
  def order_blocks
    group = params[:group]
-    group_items = params["list-#{group}"]
-    if group_items and group_items.is_a? Array
-      # remove group blocks if they are presents in other groups
-      %w(top left right).each {|f|
-        session[:page_layout][f] = (session[:page_layout][f] || []) - group_items
-      }
-      session[:page_layout][group] = group_items    
+    @user = User.current
+    if group.is_a?(String)
+      group_items = (params["list-#{group}"] || []).collect(&:underscore)
+      if group_items and group_items.is_a? Array
+        layout = @user.pref[:my_page_layout] || {}
+        # remove group blocks if they are presents in other groups
+        %w(top left right).each {|f|
+          layout[f] = (layout[f] || []) - group_items
+        }
+        layout[group] = group_items
+        @user.pref[:my_page_layout] = layout
+        @user.pref.save 
+      end
    end
    render :nothing => true
  end
-  
-  # Save user's page layout  
-  def page_layout_save
-    @user = User.current
-    @user.pref[:my_page_layout] = session[:page_layout] if session[:page_layout]
-    @user.pref.save
-    session[:page_layout] = nil
-    redirect_to :action => 'page'
-  end
 end
--- a/app/controllers/news_controller.rb
+++ b/app/controllers/news_controller.rb
@@ -16,6 +16,7 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class NewsController < ApplicationController
+  default_search_scope :news
  before_filter :find_news, :except => [:new, :index, :preview]
  before_filter :find_project, :only => [:new, :preview]
  before_filter :authorize, :except => [:index, :preview]
@@ -25,11 +26,13 @@ class NewsController < ApplicationController
  def index
    @news_pages, @newss = paginate :news,
                                   :per_page => 10,
-                                   :conditions => (@project ? {:project_id => @project.id} : Project.visible_by(User.current)),
+                                   :conditions => Project.allowed_to_condition(User.current, :view_news, :project => @project),
                                   :include => [:author, :project],
                                   :order => "#{News.table_name}.created_on DESC"    
    respond_to do |format|
      format.html { render :layout => false if request.xhr? }
+      format.xml { render :xml => @newss.to_xml }
+      format.json { render :json => @newss.to_json }
      format.atom { render_feed(@newss, :title => (@project ? @project.name : Setting.app_title) + ": #{l(:label_news_plural)}") }
    end
  end
@@ -45,7 +48,6 @@ class NewsController < ApplicationController
      @news.attributes = params[:news]
      if @news.save
        flash[:notice] = l(:notice_successful_create)
-        Mailer.deliver_news_added(@news) if Setting.notified_events.include?('news_added')
        redirect_to :controller => 'news', :action => 'index', :project_id => @project
      end
    end
@@ -65,6 +67,7 @@ class NewsController < ApplicationController
      flash[:notice] = l(:label_comment_added)
      redirect_to :action => 'show', :id => @news
    else
+      show
      render :action => 'show'
    end
  end
--- a/app/controllers/projects_controller.rb
+++ b/app/controllers/projects_controller.rb
@@ -1,5 +1,5 @@
-# redMine - project management software
-# Copyright (C) 2006-2007  Jean-Philippe Lang
+# Redmine - project management software
+# Copyright (C) 2006-2009  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -21,20 +21,24 @@ class ProjectsController < ApplicationController
  menu_item :roadmap, :only => :roadmap
  menu_item :files, :only => [:list_files, :add_file]
  menu_item :settings, :only => :settings
-  menu_item :issues, :only => [:changelog]
  
-  before_filter :find_project, :except => [ :index, :list, :add, :activity ]
+  before_filter :find_project, :except => [ :index, :list, :add, :copy, :activity ]
  before_filter :find_optional_project, :only => :activity
-  before_filter :authorize, :except => [ :index, :list, :add, :archive, :unarchive, :destroy, :activity ]
-  before_filter :require_admin, :only => [ :add, :archive, :unarchive, :destroy ]
-  accept_key_auth :activity
+  before_filter :authorize, :except => [ :index, :list, :add, :copy, :archive, :unarchive, :destroy, :activity ]
+  before_filter :authorize_global, :only => :add
+  before_filter :require_admin, :only => [ :copy, :archive, :unarchive, :destroy ]
+  accept_key_auth :activity, :index
+  
+  after_filter :only => [:add, :edit, :archive, :unarchive, :destroy] do |controller|
+    if controller.request.post?
+      controller.send :expire_action, :controller => 'welcome', :action => 'robots.txt'
+    end
+  end
  
  helper :sort
  include SortHelper
  helper :custom_fields
  include CustomFieldsHelper   
-  helper :ifpdf
-  include IfpdfHelper
  helper :issues
  helper IssuesHelper
  helper :queries
@@ -45,17 +49,14 @@ class ProjectsController < ApplicationController
  
  # Lists visible projects
  def index
-    projects = Project.find :all,
-                            :conditions => Project.visible_by(User.current),
-                            :include => :parent
    respond_to do |format|
      format.html { 
-        @project_tree = projects.group_by {|p| p.parent || p}
-        @project_tree.keys.each {|p| @project_tree[p] -= [p]} 
+        @projects = Project.visible.find(:all, :order => 'lft') 
      }
      format.atom {
-        render_feed(projects.sort_by(&:created_on).reverse.slice(0, Setting.feeds_limit.to_i), 
-                                  :title => "#{Setting.app_title}: #{l(:label_project_latest)}")
+        projects = Project.visible.find(:all, :order => 'created_on DESC',
+                                              :limit => Setting.feeds_limit.to_i)
+        render_feed(projects, :title => "#{Setting.app_title}: #{l(:label_project_latest)}")
      }
    end
  end
@@ -64,40 +65,84 @@ class ProjectsController < ApplicationController
  def add
    @issue_custom_fields = IssueCustomField.find(:all, :order => "#{CustomField.table_name}.position")
    @trackers = Tracker.all
-    @root_projects = Project.find(:all,
-                                  :conditions => "parent_id IS NULL AND status = #{Project::STATUS_ACTIVE}",
-                                  :order => 'name')
    @project = Project.new(params[:project])
    if request.get?
      @project.identifier = Project.next_identifier if Setting.sequential_project_identifiers?
      @project.trackers = Tracker.all
      @project.is_public = Setting.default_projects_public?
-      @project.enabled_module_names = Redmine::AccessControl.available_project_modules
+      @project.enabled_module_names = Setting.default_projects_modules
    else
      @project.enabled_module_names = params[:enabled_modules]
-      if @project.save
+      if validate_parent_id && @project.save
+        @project.set_allowed_parent!(params[:project]['parent_id']) if params[:project].has_key?('parent_id')
+        # Add current user as a project member if he is not admin
+        unless User.current.admin?
+          r = Role.givable.find_by_id(Setting.new_project_user_role_id.to_i) || Role.givable.first
+          m = Member.new(:user => User.current, :roles => [r])
+          @project.members << m
+        end
        flash[:notice] = l(:notice_successful_create)
-        redirect_to :controller => 'admin', :action => 'projects'
-	  end		
+        redirect_to :controller => 'projects', :action => 'settings', :id => @project
+      end
    end	
  end
+  
+  def copy
+    @issue_custom_fields = IssueCustomField.find(:all, :order => "#{CustomField.table_name}.position")
+    @trackers = Tracker.all
+    @root_projects = Project.find(:all,
+                                  :conditions => "parent_id IS NULL AND status = #{Project::STATUS_ACTIVE}",
+                                  :order => 'name')
+    @source_project = Project.find(params[:id])
+    if request.get?
+      @project = Project.copy_from(@source_project)
+      if @project
+        @project.identifier = Project.next_identifier if Setting.sequential_project_identifiers?
+      else
+        redirect_to :controller => 'admin', :action => 'projects'
+      end  
+    else
+      Mailer.with_deliveries(params[:notifications] == '1') do
+        @project = Project.new(params[:project])
+        @project.enabled_module_names = params[:enabled_modules]
+        if validate_parent_id && @project.copy(@source_project, :only => params[:only])
+          @project.set_allowed_parent!(params[:project]['parent_id']) if params[:project].has_key?('parent_id')
+          flash[:notice] = l(:notice_successful_create)
+          redirect_to :controller => 'admin', :action => 'projects'
+        elsif !@project.new_record?
+          # Project was created
+          # But some objects were not copied due to validation failures
+          # (eg. issues from disabled trackers)
+          # TODO: inform about that
+          redirect_to :controller => 'admin', :action => 'projects'
+        end
+      end
+    end
+  rescue ActiveRecord::RecordNotFound
+    redirect_to :controller => 'admin', :action => 'projects'
+  end
 	
  # Show @project
  def show
-    @members_by_role = @project.members.find(:all, :include => [:user, :role], :order => 'position').group_by {|m| m.role}
-    @subprojects = @project.children.find(:all, :conditions => Project.visible_by(User.current))
+    if params[:jump]
+      # try to redirect to the requested menu item
+      redirect_to_project_menu_item(@project, params[:jump]) && return
+    end
+    
+    @users_by_role = @project.users_by_role
+    @subprojects = @project.children.visible
    @news = @project.news.find(:all, :limit => 5, :include => [ :author, :project ], :order => "#{News.table_name}.created_on DESC")
    @trackers = @project.rolled_up_trackers
    
    cond = @project.project_condition(Setting.display_subprojects_issues?)
-    Issue.visible_by(User.current) do
-      @open_issues_by_tracker = Issue.count(:group => :tracker,
+    
+    @open_issues_by_tracker = Issue.visible.count(:group => :tracker,
                                            :include => [:project, :status, :tracker],
                                            :conditions => ["(#{cond}) AND #{IssueStatus.table_name}.is_closed=?", false])
-      @total_issues_by_tracker = Issue.count(:group => :tracker,
+    @total_issues_by_tracker = Issue.visible.count(:group => :tracker,
                                            :include => [:project, :status, :tracker],
                                            :conditions => cond)
-    end
+    
    TimeEntry.visible_by(User.current) do
      @total_hours = TimeEntry.sum(:hours, 
                                   :include => :project,
@@ -107,9 +152,6 @@ class ProjectsController < ApplicationController
  end

  def settings
-    @root_projects = Project.find(:all,
-                                  :conditions => ["parent_id IS NULL AND status = #{Project::STATUS_ACTIVE} AND id <> ?", @project.id],
-                                  :order => 'name')
    @issue_custom_fields = IssueCustomField.find(:all, :order => "#{CustomField.table_name}.position")
    @issue_category ||= IssueCategory.new
    @member ||= @project.members.new
@@ -122,7 +164,8 @@ class ProjectsController < ApplicationController
  def edit
    if request.post?
      @project.attributes = params[:project]
-      if @project.save
+      if validate_parent_id && @project.save
+        @project.set_allowed_parent!(params[:project]['parent_id']) if params[:project].has_key?('parent_id')
        flash[:notice] = l(:notice_successful_update)
        redirect_to :action => 'settings', :id => @project
      else
@@ -138,13 +181,17 @@ class ProjectsController < ApplicationController
  end

  def archive
-    @project.archive if request.post? && @project.active?
-    redirect_to :controller => 'admin', :action => 'projects'
+    if request.post?
+      unless @project.archive
+        flash[:error] = l(:error_can_not_archive_project)
+      end
+    end
+    redirect_to(url_for(:controller => 'admin', :action => 'projects', :status => params[:status]))
  end
  
  def unarchive
    @project.unarchive if request.post? && !@project.active?
-    redirect_to :controller => 'admin', :action => 'projects'
+    redirect_to(url_for(:controller => 'admin', :action => 'projects', :status => params[:status]))
  end
  
  # Delete @project
@@ -161,17 +208,26 @@ class ProjectsController < ApplicationController
  # Add a new issue category to @project
  def add_issue_category
    @category = @project.issue_categories.build(params[:category])
-    if request.post? and @category.save
-  	  respond_to do |format|
-        format.html do
-          flash[:notice] = l(:notice_successful_create)
-          redirect_to :action => 'settings', :tab => 'categories', :id => @project
+    if request.post?
+      if @category.save
+    	  respond_to do |format|
+          format.html do
+            flash[:notice] = l(:notice_successful_create)
+            redirect_to :action => 'settings', :tab => 'categories', :id => @project
+          end
+          format.js do
+            # IE doesn't support the replace_html rjs method for select box options
+            render(:update) {|page| page.replace "issue_category_id",
+              content_tag('select', '<option></option>' + options_from_collection_for_select(@project.issue_categories, 'id', 'name', @category.id), :id => 'issue_category_id', :name => 'issue[category_id]')
+            }
+          end
        end
-        format.js do
-          # IE doesn't support the replace_html rjs method for select box options
-          render(:update) {|page| page.replace "issue_category_id",
-            content_tag('select', '<option></option>' + options_from_collection_for_select(@project.issue_categories, 'id', 'name', @category.id), :id => 'issue_category_id', :name => 'issue[category_id]')
-          }
+      else
+        respond_to do |format|
+          format.html
+          format.js do
+            render(:update) {|page| page.alert(@category.errors.full_messages.join('\n')) }
+          end
        end
      end
    end
@@ -179,42 +235,101 @@ class ProjectsController < ApplicationController
 	
  # Add a new version to @project
  def add_version
-  	@version = @project.versions.build(params[:version])
-  	if request.post? and @version.save
-  	  flash[:notice] = l(:notice_successful_create)
-      redirect_to :action => 'settings', :tab => 'versions', :id => @project
+    @version = @project.versions.build
+    if params[:version]
+      attributes = params[:version].dup
+      attributes.delete('sharing') unless attributes.nil? || @version.allowed_sharings.include?(attributes['sharing'])
+      @version.attributes = attributes
+    end
+  	if request.post?
+  	  if @version.save
+        respond_to do |format|
+          format.html do
+            flash[:notice] = l(:notice_successful_create)
+            redirect_to :action => 'settings', :tab => 'versions', :id => @project
+          end
+          format.js do
+            # IE doesn't support the replace_html rjs method for select box options
+            render(:update) {|page| page.replace "issue_fixed_version_id",
+              content_tag('select', '<option></option>' + version_options_for_select(@project.shared_versions.open, @version), :id => 'issue_fixed_version_id', :name => 'issue[fixed_version_id]')
+            }
+          end
+        end
+      else
+        respond_to do |format|
+          format.html
+          format.js do
+            render(:update) {|page| page.alert(@version.errors.full_messages.join('\n')) }
+          end
+        end
+  	  end
  	end
  end

  def add_file
    if request.post?
-      @version = @project.versions.find_by_id(params[:version_id])
-      attachments = attach_files(@version, params[:attachments])
-      Mailer.deliver_attachments_added(attachments) if !attachments.empty? && Setting.notified_events.include?('file_added')
+      container = (params[:version_id].blank? ? @project : @project.versions.find_by_id(params[:version_id]))
+      attachments = attach_files(container, params[:attachments])
+      if !attachments.empty? && Setting.notified_events.include?('file_added')
+        Mailer.deliver_attachments_added(attachments)
+      end
      redirect_to :controller => 'projects', :action => 'list_files', :id => @project
+      return
    end
    @versions = @project.versions.sort
  end
-  
-  def list_files
-    sort_init "#{Attachment.table_name}.filename", "asc"
-    sort_update
-    @versions = @project.versions.find(:all, :include => :attachments, :order => sort_clause).sort.reverse
-    render :layout => !request.xhr?
+
+  def save_activities
+    if request.post? && params[:enumerations]
+      Project.transaction do
+        params[:enumerations].each do |id, activity|
+          @project.update_or_create_time_entry_activity(id, activity)
+        end
+      end
+    end
+    
+    redirect_to :controller => 'projects', :action => 'settings', :tab => 'activities', :id => @project
+  end
+
+  def reset_activities
+    @project.time_entry_activities.each do |time_entry_activity|
+      time_entry_activity.destroy(time_entry_activity.parent)
+    end
+    redirect_to :controller => 'projects', :action => 'settings', :tab => 'activities', :id => @project
  end
  
-  # Show changelog for @project
-  def changelog
-    @trackers = @project.trackers.find(:all, :conditions => ["is_in_chlog=?", true], :order => 'position')
-    retrieve_selected_tracker_ids(@trackers)    
-    @versions = @project.versions.sort
+  def list_files
+    sort_init 'filename', 'asc'
+    sort_update 'filename' => "#{Attachment.table_name}.filename",
+                'created_on' => "#{Attachment.table_name}.created_on",
+                'size' => "#{Attachment.table_name}.filesize",
+                'downloads' => "#{Attachment.table_name}.downloads"
+                
+    @containers = [ Project.find(@project.id, :include => :attachments, :order => sort_clause)]
+    @containers += @project.versions.find(:all, :include => :attachments, :order => sort_clause).sort.reverse
+    render :layout => !request.xhr?
  end

  def roadmap
-    @trackers = @project.trackers.find(:all, :conditions => ["is_in_roadmap=?", true])
-    retrieve_selected_tracker_ids(@trackers)
-    @versions = @project.versions.sort
-    @versions = @versions.select {|v| !v.completed? } unless params[:completed]
+    @trackers = @project.trackers.find(:all, :order => 'position')
+    retrieve_selected_tracker_ids(@trackers, @trackers.select {|t| t.is_in_roadmap?})
+    @with_subprojects = params[:with_subprojects].nil? ? Setting.display_subprojects_issues? : (params[:with_subprojects] == '1')
+    project_ids = @with_subprojects ? @project.self_and_descendants.collect(&:id) : [@project.id]
+    
+    @versions = @project.shared_versions.sort
+    @versions.reject! {|version| version.closed? || version.completed? } unless params[:completed]
+    
+    @issues_by_version = {}
+    unless @selected_tracker_ids.empty?
+      @versions.each do |version|
+        issues = version.fixed_issues.visible.find(:all,
+                                                   :include => [:project, :status, :tracker, :priority],
+                                                   :conditions => {:tracker_id => @selected_tracker_ids, :project_id => project_ids},
+                                                   :order => "#{Project.table_name}.lft, #{Tracker.table_name}.position, #{Issue.table_name}.id")
+        @issues_by_version[version] = issues
+      end
+    end
+    @versions.reject! {|version| !project_ids.include?(version.project_id) && @issues_by_version[version].empty?}
  end
  
  def activity
@@ -237,20 +352,22 @@ class ProjectsController < ApplicationController

    events = @activity.events(@date_from, @date_to)
    
-    respond_to do |format|
-      format.html { 
-        @events_by_day = events.group_by(&:event_date)
-        render :layout => false if request.xhr?
-      }
-      format.atom {
-        title = l(:label_activity)
-        if @author
-          title = @author.name
-        elsif @activity.scope.size == 1
-          title = l("label_#{@activity.scope.first.singularize}_plural")
-        end
-        render_feed(events, :title => "#{@project || Setting.app_title}: #{title}")
-      }
+    if events.empty? || stale?(:etag => [events.first, User.current])
+      respond_to do |format|
+        format.html { 
+          @events_by_day = events.group_by(&:event_date)
+          render :layout => false if request.xhr?
+        }
+        format.atom {
+          title = l(:label_activity)
+          if @author
+            title = @author.name
+          elsif @activity.scope.size == 1
+            title = l("label_#{@activity.scope.first.singularize}_plural")
+          end
+          render_feed(events, :title => "#{@project || Setting.app_title}: #{title}")
+        }
+      end
    end
    
  rescue ActiveRecord::RecordNotFound
@@ -275,11 +392,26 @@ private
    render_404
  end

-  def retrieve_selected_tracker_ids(selectable_trackers)
+  def retrieve_selected_tracker_ids(selectable_trackers, default_trackers=nil)
    if ids = params[:tracker_ids]
      @selected_tracker_ids = (ids.is_a? Array) ? ids.collect { |id| id.to_i.to_s } : ids.split('/').collect { |id| id.to_i.to_s }
    else
-      @selected_tracker_ids = selectable_trackers.collect {|t| t.id.to_s }
+      @selected_tracker_ids = (default_trackers || selectable_trackers).collect {|t| t.id.to_s }
    end
  end
+  
+  # Validates parent_id param according to user's permissions
+  # TODO: move it to Project model in a validation that depends on User.current
+  def validate_parent_id
+    return true if User.current.admin?
+    parent_id = params[:project] && params[:project][:parent_id]
+    if parent_id || @project.new_record?
+      parent = parent_id.blank? ? nil : Project.find_by_id(parent_id.to_i)
+      unless @project.allowed_parents.include?(parent)
+        @project.errors.add :parent_id, :invalid
+        return false
+      end
+    end
+    true
+  end
 end
--- a/app/controllers/queries_controller.rb
+++ b/app/controllers/queries_controller.rb
@@ -24,12 +24,13 @@ class QueriesController < ApplicationController
    @query = Query.new(params[:query])
    @query.project = params[:query_is_for_all] ? nil : @project
    @query.user = User.current
-    @query.is_public = false unless (@query.project && current_role.allowed_to?(:manage_public_queries)) || User.current.admin?
+    @query.is_public = false unless User.current.allowed_to?(:manage_public_queries, @project) || User.current.admin?
    @query.column_names = nil if params[:default_columns]
    
    params[:fields].each do |field|
      @query.add_filter(field, params[:operators][field], params[:values][field])
    end if params[:fields]
+    @query.group_by ||= params[:group_by]
    
    if request.post? && params[:confirm] && @query.save
      flash[:notice] = l(:notice_successful_create)
@@ -47,7 +48,7 @@ class QueriesController < ApplicationController
      end if params[:fields]
      @query.attributes = params[:query]
      @query.project = nil if params[:query_is_for_all]
-      @query.is_public = false unless (@query.project && current_role.allowed_to?(:manage_public_queries)) || User.current.admin?
+      @query.is_public = false unless User.current.allowed_to?(:manage_public_queries, @project) || User.current.admin?
      @query.column_names = nil if params[:default_columns]
      
      if @query.save
@@ -73,7 +74,7 @@ private
  
  def find_optional_project
    @project = Project.find(params[:project_id]) if params[:project_id]
-    User.current.allowed_to?(:save_queries, @project, :global => true)
+    render_403 unless User.current.allowed_to?(:save_queries, @project, :global => true)
  rescue ActiveRecord::RecordNotFound
    render_404
  end
--- a/app/controllers/reports_controller.rb
+++ b/app/controllers/reports_controller.rb
@@ -31,13 +31,13 @@ class ReportsController < ApplicationController
      render :template => "reports/issue_report_details"
    when "version"
      @field = "fixed_version_id"
-      @rows = @project.versions.sort
+      @rows = @project.shared_versions.sort
      @data = issues_by_version
      @report_title = l(:field_version)
      render :template => "reports/issue_report_details"
    when "priority"
      @field = "priority_id"
-      @rows = Enumeration::get_values('IPRI')
+      @rows = IssuePriority.all
      @data = issues_by_priority
      @report_title = l(:field_priority)
      render :template => "reports/issue_report_details"   
@@ -49,30 +49,30 @@ class ReportsController < ApplicationController
      render :template => "reports/issue_report_details"   
    when "assigned_to"
      @field = "assigned_to_id"
-      @rows = @project.members.collect { |m| m.user }
+      @rows = @project.members.collect { |m| m.user }.sort
      @data = issues_by_assigned_to
      @report_title = l(:field_assigned_to)
      render :template => "reports/issue_report_details"
    when "author"
      @field = "author_id"
-      @rows = @project.members.collect { |m| m.user }
+      @rows = @project.members.collect { |m| m.user }.sort
      @data = issues_by_author
      @report_title = l(:field_author)
      render :template => "reports/issue_report_details"  
    when "subproject"
      @field = "project_id"
-      @rows = @project.active_children
+      @rows = @project.descendants.visible
      @data = issues_by_subproject
      @report_title = l(:field_subproject)
      render :template => "reports/issue_report_details"  
    else
      @trackers = @project.trackers
-      @versions = @project.versions.sort
-      @priorities = Enumeration::get_values('IPRI')
+      @versions = @project.shared_versions.sort
+      @priorities = IssuePriority.all
      @categories = @project.issue_categories
-      @assignees = @project.members.collect { |m| m.user }
-      @authors = @project.members.collect { |m| m.user }
-      @subprojects = @project.active_children
+      @assignees = @project.members.collect { |m| m.user }.sort
+      @authors = @project.members.collect { |m| m.user }.sort
+      @subprojects = @project.descendants.visible
      issues_by_tracker
      issues_by_version
      issues_by_priority
@@ -85,42 +85,6 @@ class ReportsController < ApplicationController
    end
  end  
  
-  def delays
-    @trackers = Tracker.find(:all)
-    if request.get?
-      @selected_tracker_ids = @trackers.collect {|t| t.id.to_s }
-    else
-      @selected_tracker_ids = params[:tracker_ids].collect { |id| id.to_i.to_s } if params[:tracker_ids] and params[:tracker_ids].is_a? Array
-    end
-    @selected_tracker_ids ||= []    
-    @raw = 
-      ActiveRecord::Base.connection.select_all("SELECT datediff( a.created_on, b.created_on ) as delay, count(a.id) as total
-      FROM issue_histories a, issue_histories b, issues i
-      WHERE a.status_id =5
-      AND a.issue_id = b.issue_id
-      AND a.issue_id = i.id
-      AND i.tracker_id in (#{@selected_tracker_ids.join(',')})
-      AND b.id = (
-      SELECT min( c.id )
-      FROM issue_histories c
-      WHERE b.issue_id = c.issue_id ) 
-      GROUP BY delay") unless @selected_tracker_ids.empty?    
-    @raw ||=[]
-    
-    @x_from = 0
-    @x_to = 0
-    @y_from = 0
-    @y_to = 0
-    @sum_total = 0
-    @sum_delay = 0
-    @raw.each do |r|
-      @x_to = [r['delay'].to_i, @x_to].max
-      @y_to = [r['total'].to_i, @y_to].max
-      @sum_total = @sum_total + r['total'].to_i
-      @sum_delay = @sum_delay + r['total'].to_i * r['delay'].to_i
-    end    
-  end
-  
 private
  # Find project of id params[:id]
  def find_project
@@ -166,7 +130,7 @@ private
                                                  p.id as priority_id,
                                                  count(i.id) as total 
                                                from 
-                                                  #{Issue.table_name} i, #{IssueStatus.table_name} s, #{Enumeration.table_name} p
+                                                  #{Issue.table_name} i, #{IssueStatus.table_name} s, #{IssuePriority.table_name} p
                                                where 
                                                  i.status_id=s.id 
                                                  and i.priority_id=p.id
@@ -229,8 +193,8 @@ private
                                                  #{Issue.table_name} i, #{IssueStatus.table_name} s
                                                where 
                                                  i.status_id=s.id 
-                                                  and i.project_id IN (#{@project.active_children.collect{|p| p.id}.join(',')})
-                                                group by s.id, s.is_closed, i.project_id") if @project.active_children.any?
+                                                  and i.project_id IN (#{@project.descendants.active.collect{|p| p.id}.join(',')})
+                                                group by s.id, s.is_closed, i.project_id") if @project.descendants.active.any?
    @issues_by_subproject ||= []
  end
 end
--- a/app/controllers/repositories_controller.rb
+++ b/app/controllers/repositories_controller.rb
@@ -1,5 +1,5 @@
-# redMine - project management software
-# Copyright (C) 2006-2007  Jean-Philippe Lang
+# Redmine - project management software
+# Copyright (C) 2006-2009  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -24,6 +24,8 @@ class InvalidRevisionParam < Exception; end

 class RepositoriesController < ApplicationController
  menu_item :repository
+  default_search_scope :changesets
+  
  before_filter :find_repository, :except => :edit
  before_filter :find_project, :only => :edit
  before_filter :authorize
@@ -51,8 +53,9 @@ class RepositoriesController < ApplicationController
    @users += User.find_all_by_id(additional_user_ids) unless additional_user_ids.empty?
    @users.compact!
    @users.sort!
-    if request.post?
-      @repository.committer_ids = params[:committers]
+    if request.post? && params[:committers].is_a?(Hash)
+      # Build a hash with repository usernames as keys and corresponding user ids as values
+      @repository.committer_ids = params[:committers].values.inject({}) {|h, c| h[c.first] = c.last; h}
      flash[:notice] = l(:notice_successful_update)
      redirect_to :action => 'committers', :id => @project
    end
@@ -63,31 +66,26 @@ class RepositoriesController < ApplicationController
    redirect_to :controller => 'projects', :action => 'settings', :id => @project, :tab => 'repository'
  end
  
-  def show
-    # check if new revisions have been committed in the repository
-    @repository.fetch_changesets if Setting.autofetch_changesets?
-    # root entries
-    @entries = @repository.entries('', @rev)    
-    # latest changesets
-    @changesets = @repository.changesets.find(:all, :limit => 10, :order => "committed_on DESC")
-    show_error_not_found unless @entries || @changesets.any?
-  end
-  
-  def browse
+  def show 
+    @repository.fetch_changesets if Setting.autofetch_changesets? && @path.empty?
+
    @entries = @repository.entries(@path, @rev)
    if request.xhr?
      @entries ? render(:partial => 'dir_list_content') : render(:nothing => true)
    else
-      show_error_not_found and return unless @entries
+      (show_error_not_found; return) unless @entries
+      @changesets = @repository.latest_changesets(@path, @rev)
      @properties = @repository.properties(@path, @rev)
-      render :action => 'browse'
+      render :action => 'show'
    end
  end
+
+  alias_method :browse, :show
  
  def changes
    @entry = @repository.entry(@path, @rev)
-    show_error_not_found and return unless @entry
-    @changesets = @repository.changesets_for_path(@path)
+    (show_error_not_found; return) unless @entry
+    @changesets = @repository.latest_changesets(@path, @rev, Setting.repository_log_display_limit.to_i)
    @properties = @repository.properties(@path, @rev)
  end
  
@@ -99,7 +97,7 @@ class RepositoriesController < ApplicationController
    @changesets = @repository.changesets.find(:all,
 						:limit  =>  @changeset_pages.items_per_page,
 						:offset =>  @changeset_pages.current.offset,
-            :include => :user)
+            :include => [:user, :repository])

    respond_to do |format|
      format.html { render :layout => false if request.xhr? }
@@ -109,15 +107,15 @@ class RepositoriesController < ApplicationController
  
  def entry
    @entry = @repository.entry(@path, @rev)
-    show_error_not_found and return unless @entry
-    
+    (show_error_not_found; return) unless @entry
+
    # If the entry is a dir, show the browser
-    browse and return if @entry.is_dir?
-    
+    (show; return) if @entry.is_dir?
+
    @content = @repository.cat(@path, @rev)
-    show_error_not_found and return unless @content
-    if 'raw' == params[:format] || @content.is_binary_data?
-      # Force the download if it's a binary file
+    (show_error_not_found; return) unless @content
+    if 'raw' == params[:format] || @content.is_binary_data? || (@entry.size && @entry.size > Setting.file_max_size_displayed.to_i.kilobyte)
+      # Force the download
      send_data @content, :filename => @path.split('/').last
    else
      # Prevent empty lines when displaying a file with Windows style eol
@@ -126,12 +124,15 @@ class RepositoriesController < ApplicationController
  end
  
  def annotate
+    @entry = @repository.entry(@path, @rev)
+    (show_error_not_found; return) unless @entry
+    
    @annotate = @repository.scm.annotate(@path, @rev)
-    render_error l(:error_scm_annotate) and return if @annotate.nil? || @annotate.empty?
+    (render_error l(:error_scm_annotate); return) if @annotate.nil? || @annotate.empty?
  end
  
  def revision
-    @changeset = @repository.changesets.find_by_revision(@rev)
+    @changeset = @repository.find_changeset_by_name(@rev)
    raise ChangesetNotFound unless @changeset

    respond_to do |format|
@@ -145,7 +146,7 @@ class RepositoriesController < ApplicationController
  def diff
    if params[:format] == 'diff'
      @diff = @repository.diff(@path, @rev, @rev_to)
-      show_error_not_found and return unless @diff
+      (show_error_not_found; return) unless @diff
      filename = "changeset_r#{@rev}"
      filename << "_r#{@rev_to}" if @rev_to
      send_data @diff.join, :filename => "#{filename}.diff",
@@ -195,17 +196,14 @@ private
    render_404
  end
  
-  REV_PARAM_RE = %r{^[a-f0-9]*$}
-  
  def find_repository
    @project = Project.find(params[:id])
    @repository = @project.repository
-    render_404 and return false unless @repository
+    (render_404; return false) unless @repository
    @path = params[:path].join('/') unless params[:path].nil?
    @path ||= ''
-    @rev = params[:rev]
+    @rev = params[:rev].blank? ? @repository.default_branch : params[:rev].strip
    @rev_to = params[:rev_to]
-    raise InvalidRevisionParam unless @rev.to_s.match(REV_PARAM_RE) && @rev.to_s.match(REV_PARAM_RE)
  rescue ActiveRecord::RecordNotFound
    render_404
  rescue InvalidRevisionParam
@@ -234,8 +232,7 @@ private
    changes_by_day.each {|c| changes_by_month[c.first.to_date.months_ago] += c.last }
   
    fields = []
-    month_names = l(:actionview_datehelper_select_month_names_abbr).split(',')
-    12.times {|m| fields << month_names[((Date.today.month - 1 - m) % 12)]}
+    12.times {|m| fields << month_name(((Date.today.month - 1 - m) % 12) + 1)}
  
    graph = SVG::Graph::Bar.new(
      :height => 300,
@@ -264,7 +261,7 @@ private

  def graph_commits_per_author(repository)
    commits_by_author = repository.changesets.count(:all, :group => :committer)
-    commits_by_author.sort! {|x, y| x.last <=> y.last}
+    commits_by_author.to_a.sort! {|x, y| x.last <=> y.last}

    changes_by_author = repository.changes.count(:all, :group => :committer)
    h = changes_by_author.inject({}) {|o, i| o[i.first] = i.last; o}
--- a/app/controllers/roles_controller.rb
+++ b/app/controllers/roles_controller.rb
@@ -16,6 +16,8 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class RolesController < ApplicationController
+  layout 'admin'
+  
  before_filter :require_admin

  verify :method => :post, :only => [ :destroy, :move ],
@@ -40,7 +42,7 @@ class RolesController < ApplicationController
        @role.workflows.copy(copy_from)
      end
      flash[:notice] = l(:notice_successful_create)
-      redirect_to :action => 'list'
+      redirect_to :action => 'index'
    end
    @permissions = @role.setable_permissions
    @roles = Role.find :all, :order => 'builtin, position'
@@ -50,7 +52,7 @@ class RolesController < ApplicationController
    @role = Role.find(params[:id])
    if request.post? and @role.update_attributes(params[:role])
      flash[:notice] = l(:notice_successful_update)
-      redirect_to :action => 'list'
+      redirect_to :action => 'index'
    end
    @permissions = @role.setable_permissions
  end
@@ -58,27 +60,12 @@ class RolesController < ApplicationController
  def destroy
    @role = Role.find(params[:id])
    @role.destroy
-    redirect_to :action => 'list'
+    redirect_to :action => 'index'
  rescue
    flash[:error] = 'This role is in use and can not be deleted.'
    redirect_to :action => 'index'
  end
  
-  def move
-    @role = Role.find(params[:id])
-    case params[:position]
-    when 'highest'
-      @role.move_to_top
-    when 'higher'
-      @role.move_higher
-    when 'lower'
-      @role.move_lower
-    when 'lowest'
-      @role.move_to_bottom
-    end if params[:position]
-    redirect_to :action => 'list'
-  end
-  
  def report    
    @roles = Role.find(:all, :order => 'builtin, position')
    @permissions = Redmine::AccessControl.permissions.select { |p| !p.public? }
@@ -88,7 +75,7 @@ class RolesController < ApplicationController
        role.save
      end
      flash[:notice] = l(:notice_successful_update)
-      redirect_to :action => 'list'
+      redirect_to :action => 'index'
    end
  end
 end
--- a/app/controllers/search_controller.rb
+++ b/app/controllers/search_controller.rb
@@ -34,7 +34,7 @@ class SearchController < ApplicationController
      when 'my_projects'
        User.current.memberships.collect(&:project)
      when 'subprojects'
-        @project ? ([ @project ] + @project.active_children) : nil
+        @project ? (@project.self_and_descendants.active) : nil
      else
        @project
      end
@@ -43,7 +43,7 @@ class SearchController < ApplicationController
    begin; offset = params[:offset].to_time if params[:offset]; rescue; end
    
    # quick jump to an issue
-    if @question.match(/^#?(\d+)$/) && Issue.find_by_id($1, :include => :project, :conditions => Project.visible_by(User.current))
+    if @question.match(/^#?(\d+)$/) && Issue.visible.find_by_id($1)
      redirect_to :controller => "issues", :action => "show", :id => $1
      return
    end
@@ -62,8 +62,8 @@ class SearchController < ApplicationController
    # extract tokens from the question
    # eg. hello "bye bye" => ["hello", "bye bye"]
    @tokens = @question.scan(%r{((\s|^)"[\s\w]+"(\s|$)|\S+)}).collect {|m| m.first.gsub(%r{(^\s*"\s*|\s*"\s*$)}, '')}
-    # tokens must be at least 3 character long
-    @tokens = @tokens.uniq.select {|w| w.length > 2 }
+    # tokens must be at least 2 characters long
+    @tokens = @tokens.uniq.select {|w| w.length > 1 }
    
    if !@tokens.empty?
      # no more than 5 tokens to search for
--- a/app/controllers/settings_controller.rb
+++ b/app/controllers/settings_controller.rb
@@ -16,6 +16,8 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class SettingsController < ApplicationController
+  layout 'admin'
+  
  before_filter :require_admin

  def index
@@ -24,7 +26,7 @@ class SettingsController < ApplicationController
  end

  def edit
-    @notifiables = %w(issue_added issue_updated news_added document_added file_added message_posted)
+    @notifiables = %w(issue_added issue_updated news_added document_added file_added message_posted wiki_content_added wiki_content_updated)
    if request.post? && params[:settings] && params[:settings].is_a?(Hash)
      settings = (params[:settings] || {}).dup.symbolize_keys
      settings.each do |name, value|
@@ -40,8 +42,8 @@ class SettingsController < ApplicationController
    @options[:user_format] = User::USER_FORMATS.keys.collect {|f| [User.current.name(f), f.to_s] }
    @deliveries = ActionMailer::Base.perform_deliveries

-    @guessed_host_and_path = request.host_with_port
-    @guessed_host_and_path << ('/'+ request.relative_url_root.gsub(%r{^\/}, '')) unless request.relative_url_root.blank?
+    @guessed_host_and_path = request.host_with_port.dup
+    @guessed_host_and_path << ('/'+ Redmine::Utils.relative_url_root.gsub(%r{^\/}, '')) unless Redmine::Utils.relative_url_root.blank?
  end

  def plugin
--- a/app/controllers/sys_controller.rb
+++ b/app/controllers/sys_controller.rb
@@ -1,5 +1,5 @@
-# redMine - project management software
-# Copyright (C) 2006-2007  Jean-Philippe Lang
+# Redmine - project management software
+# Copyright (C) 2006-2009  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -16,31 +16,52 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class SysController < ActionController::Base
-  wsdl_service_name 'Sys'
-  web_service_api SysApi
-  web_service_scaffold :invoke
+  before_filter :check_enabled
  
-  before_invocation :check_enabled
+  def projects
+    p = Project.active.has_module(:repository).find(:all, :include => :repository, :order => 'identifier')
+    render :xml => p.to_xml(:include => :repository)
+  end
  
-  # Returns the projects list, with their repositories
-  def projects_with_repository_enabled
-    Project.has_module(:repository).find(:all, :include => :repository, :order => 'identifier')
+  def create_project_repository
+    project = Project.find(params[:id])
+    if project.repository
+      render :nothing => true, :status => 409
+    else
+      logger.info "Repository for #{project.name} was reported to be created by #{request.remote_ip}."
+      project.repository = Repository.factory(params[:vendor], params[:repository])
+      if project.repository && project.repository.save
+        render :xml => project.repository, :status => 201
+      else
+        render :nothing => true, :status => 422
+      end
+    end
+  end
+  
+  def fetch_changesets
+    projects = []
+    if params[:id]
+      projects << Project.active.has_module(:repository).find(params[:id])
+    else
+      projects = Project.active.has_module(:repository).find(:all, :include => :repository)
+    end
+    projects.each do |project|
+      if project.repository
+        project.repository.fetch_changesets
+      end
+    end
+    render :nothing => true, :status => 200
+  rescue ActiveRecord::RecordNotFound
+    render :nothing => true, :status => 404
  end

-  # Registers a repository for the given project identifier
-  def repository_created(identifier, vendor, url)
-    project = Project.find_by_identifier(identifier)
-    # Do not create the repository if the project has already one
-    return 0 unless project && project.repository.nil?
-    logger.debug "Repository for #{project.name} was created"
-    repository = Repository.factory(vendor, :project => project, :url => url)
-    repository.save
-    repository.id || 0
-  end
+  protected

-protected
-
-  def check_enabled(name, args)
-    Setting.sys_api_enabled?
+  def check_enabled
+    User.current = nil
+    unless Setting.sys_api_enabled? && params[:key].to_s == Setting.sys_api_key
+      render :text => 'Access denied. Repository management WS is disabled or key is invalid.', :status => 403
+      return false
+    end
  end
 end
--- a/app/controllers/timelog_controller.rb
+++ b/app/controllers/timelog_controller.rb
@@ -46,7 +46,7 @@ class TimelogController < ApplicationController
                                          :klass => Tracker,
                                          :label => :label_tracker},
                             'activity' => {:sql => "#{TimeEntry.table_name}.activity_id",
-                                           :klass => Enumeration,
+                                           :klass => TimeEntryActivity,
                                           :label => :label_activity},
                             'issue' => {:sql => "#{TimeEntry.table_name}.issue_id",
                                         :klass => Issue,
@@ -67,7 +67,14 @@ class TimelogController < ApplicationController
                                             :format => cf.field_format,
                                             :label => cf.name}
    end
-    
+
+    # Add list and boolean time entry activity custom fields
+    TimeEntryActivityCustomField.find(:all).select {|cf| %w(list bool).include? cf.field_format }.each do |cf|
+      @available_criterias["cf_#{cf.id}"] = {:sql => "(SELECT c.value FROM #{CustomValue.table_name} c WHERE c.custom_field_id = #{cf.id} AND c.customized_type = 'Enumeration' AND c.customized_id = #{TimeEntry.table_name}.activity_id)",
+                                             :format => cf.field_format,
+                                             :label => cf.name}
+    end
+
    @criterias = params[:criterias] || []
    @criterias = @criterias.select{|criteria| @available_criterias.has_key? criteria}
    @criterias.uniq!
@@ -80,15 +87,23 @@ class TimelogController < ApplicationController
    unless @criterias.empty?
      sql_select = @criterias.collect{|criteria| @available_criterias[criteria][:sql] + " AS " + criteria}.join(', ')
      sql_group_by = @criterias.collect{|criteria| @available_criterias[criteria][:sql]}.join(', ')
+      sql_condition = ''
      
+      if @project.nil?
+        sql_condition = Project.allowed_to_condition(User.current, :view_time_entries)
+      elsif @issue.nil?
+        sql_condition = @project.project_condition(Setting.display_subprojects_issues?)
+      else
+        sql_condition = "#{TimeEntry.table_name}.issue_id = #{@issue.id}"
+      end
+
      sql = "SELECT #{sql_select}, tyear, tmonth, tweek, spent_on, SUM(hours) AS hours"
      sql << " FROM #{TimeEntry.table_name}"
      sql << " LEFT JOIN #{Issue.table_name} ON #{TimeEntry.table_name}.issue_id = #{Issue.table_name}.id"
      sql << " LEFT JOIN #{Project.table_name} ON #{TimeEntry.table_name}.project_id = #{Project.table_name}.id"
      sql << " WHERE"
-      sql << " (%s) AND" % @project.project_condition(Setting.display_subprojects_issues?) if @project
-      sql << " (%s) AND" % Project.allowed_to_condition(User.current, :view_time_entries)
-      sql << " (spent_on BETWEEN '%s' AND '%s')" % [ActiveRecord::Base.connection.quoted_date(@from.to_time), ActiveRecord::Base.connection.quoted_date(@to.to_time)]
+      sql << " (%s) AND" % sql_condition
+      sql << " (spent_on BETWEEN '%s' AND '%s')" % [ActiveRecord::Base.connection.quoted_date(@from), ActiveRecord::Base.connection.quoted_date(@to)]
      sql << " GROUP BY #{sql_group_by}, tyear, tmonth, tweek, spent_on"
      
      @hours = ActiveRecord::Base.connection.select_all(sql)
@@ -132,13 +147,18 @@ class TimelogController < ApplicationController
    
    respond_to do |format|
      format.html { render :layout => !request.xhr? }
-      format.csv  { send_data(report_to_csv(@criterias, @periods, @hours).read, :type => 'text/csv; header=present', :filename => 'timelog.csv') }
+      format.csv  { send_data(report_to_csv(@criterias, @periods, @hours), :type => 'text/csv; header=present', :filename => 'timelog.csv') }
    end
  end
  
  def details
    sort_init 'spent_on', 'desc'
-    sort_update
+    sort_update 'spent_on' => 'spent_on',
+                'user' => 'user_id',
+                'activity' => 'activity_id',
+                'project' => "#{Project.table_name}.name",
+                'issue' => 'issue_id',
+                'hours' => 'hours'
    
    cond = ARCondition.new
    if @project.nil?
@@ -182,16 +202,19 @@ class TimelogController < ApplicationController
                                    :include => [:project, :activity, :user, {:issue => [:tracker, :assigned_to, :priority]}],
                                    :conditions => cond.conditions,
                                    :order => sort_clause)
-          send_data(entries_to_csv(@entries).read, :type => 'text/csv; header=present', :filename => 'timelog.csv')
+          send_data(entries_to_csv(@entries), :type => 'text/csv; header=present', :filename => 'timelog.csv')
        }
      end
    end
  end
  
  def edit
-    render_403 and return if @time_entry && !@time_entry.editable_by?(User.current)
-    @time_entry ||= TimeEntry.new(:project => @project, :issue => @issue, :user => User.current, :spent_on => Date.today)
+    (render_403; return) if @time_entry && !@time_entry.editable_by?(User.current)
+    @time_entry ||= TimeEntry.new(:project => @project, :issue => @issue, :user => User.current, :spent_on => User.current.today)
    @time_entry.attributes = params[:time_entry]
+    
+    call_hook(:controller_timelog_edit_before_save, { :params => params, :time_entry => @time_entry })
+    
    if request.post? and @time_entry.save
      flash[:notice] = l(:notice_successful_update)
      redirect_back_or_default :action => 'details', :project_id => @time_entry.project
@@ -200,8 +223,8 @@ class TimelogController < ApplicationController
  end
  
  def destroy
-    render_404 and return unless @time_entry
-    render_403 and return unless @time_entry.editable_by?(User.current)
+    (render_404; return) unless @time_entry
+    (render_403; return) unless @time_entry.editable_by?(User.current)
    @time_entry.destroy
    flash[:notice] = l(:notice_successful_delete)
    redirect_to :back
--- a/app/controllers/trackers_controller.rb
+++ b/app/controllers/trackers_controller.rb
@@ -1,5 +1,5 @@
-# redMine - project management software
-# Copyright (C) 2006  Jean-Philippe Lang
+# Redmine - project management software
+# Copyright (C) 2006-2009  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -16,15 +16,16 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class TrackersController < ApplicationController
+  layout 'admin'
+  
  before_filter :require_admin

  def index
    list
    render :action => 'list' unless request.xhr?
  end
-
-  # GETs should be safe (see http://www.w3.org/2001/tag/doc/whenToUseGet.html)
-  verify :method => :post, :only => [ :destroy, :move ], :redirect_to => { :action => :list }
+  
+  verify :method => :post, :only => :destroy, :redirect_to => { :action => :list }

  def list
    @tracker_pages, @trackers = paginate :trackers, :per_page => 10, :order => 'position'
@@ -40,8 +41,10 @@ class TrackersController < ApplicationController
      end
      flash[:notice] = l(:notice_successful_create)
      redirect_to :action => 'list'
+      return
    end
    @trackers = Tracker.find :all, :order => 'position'
+    @projects = Project.find(:all)
  end

  def edit
@@ -49,22 +52,9 @@ class TrackersController < ApplicationController
    if request.post? and @tracker.update_attributes(params[:tracker])
      flash[:notice] = l(:notice_successful_update)
      redirect_to :action => 'list'
+      return
    end
-  end
-
-  def move
-    @tracker = Tracker.find(params[:id])
-    case params[:position]
-    when 'highest'
-      @tracker.move_to_top
-    when 'higher'
-      @tracker.move_higher
-    when 'lower'
-      @tracker.move_lower
-    when 'lowest'
-      @tracker.move_to_bottom
-    end if params[:position]
-    redirect_to :action => 'list'
+    @projects = Project.find(:all)
  end
  
  def destroy
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -1,5 +1,5 @@
-# redMine - project management software
-# Copyright (C) 2006-2007  Jean-Philippe Lang
+# Redmine - project management software
+# Copyright (C) 2006-2009  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -16,7 +16,9 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class UsersController < ApplicationController
-  before_filter :require_admin
+  layout 'admin'
+  
+  before_filter :require_admin, :except => :show

  helper :sort
  include SortHelper
@@ -24,20 +26,15 @@ class UsersController < ApplicationController
  include CustomFieldsHelper   

  def index
-    list
-    render :action => 'list' unless request.xhr?
-  end
-
-  def list
    sort_init 'login', 'asc'
-    sort_update
+    sort_update %w(login firstname lastname mail admin created_on last_login_on)
    
    @status = params[:status] ? params[:status].to_i : 1
    c = ARCondition.new(@status == 0 ? "status <> 0" : ["status = ?", @status])

    unless params[:name].blank?
      name = "%#{params[:name].strip.downcase}%"
-      c << ["LOWER(login) LIKE ? OR LOWER(firstname) LIKE ? OR LOWER(lastname) LIKE ?", name, name, name]
+      c << ["LOWER(login) LIKE ? OR LOWER(firstname) LIKE ? OR LOWER(lastname) LIKE ? OR LOWER(mail) LIKE ?", name, name, name, name]
    end
    
    @user_count = User.count(:conditions => c.conditions)
@@ -49,7 +46,29 @@ class UsersController < ApplicationController
 						:limit  =>  @user_pages.items_per_page,
 						:offset =>  @user_pages.current.offset

-    render :action => "list", :layout => false if request.xhr?	
+    render :layout => !request.xhr?	
+  end
+  
+  def show
+    @user = User.active.find(params[:id])
+    @custom_values = @user.custom_values
+    
+    # show only public projects and private projects that the logged in user is also a member of
+    @memberships = @user.memberships.select do |membership|
+      membership.project.is_public? || (User.current.member_of?(membership.project))
+    end
+    
+    events = Redmine::Activity::Fetcher.new(User.current, :author => @user).events(nil, nil, :limit => 10)
+    @events_by_day = events.group_by(&:event_date)
+    
+    if @user != User.current && !User.current.admin? && @memberships.empty? && events.empty?
+      render_404
+      return
+    end
+    render :layout => 'base'
+
+  rescue ActiveRecord::RecordNotFound
+    render_404
  end

  def add
@@ -63,7 +82,9 @@ class UsersController < ApplicationController
      if @user.save
        Mailer.deliver_account_information(@user, params[:password]) if params[:send_information]
        flash[:notice] = l(:notice_successful_create)
-        redirect_to :action => 'list'
+        redirect_to(params[:continue] ? {:controller => 'users', :action => 'add'} : 
+                                        {:controller => 'users', :action => 'edit', :id => @user})
+        return
      end
    end
    @auth_sources = AuthSource.find(:all)
@@ -75,30 +96,51 @@ class UsersController < ApplicationController
      @user.admin = params[:user][:admin] if params[:user][:admin]
      @user.login = params[:user][:login] if params[:user][:login]
      @user.password, @user.password_confirmation = params[:password], params[:password_confirmation] unless params[:password].nil? or params[:password].empty? or @user.auth_source_id
-      if @user.update_attributes(params[:user])
+      @user.group_ids = params[:user][:group_ids] if params[:user][:group_ids]
+      @user.attributes = params[:user]
+      # Was the account actived ? (do it before User#save clears the change)
+      was_activated = (@user.status_change == [User::STATUS_REGISTERED, User::STATUS_ACTIVE])
+      if @user.save
+        if was_activated
+          Mailer.deliver_account_activated(@user)
+        elsif @user.active? && params[:send_information] && !params[:password].blank? && @user.auth_source_id.nil?
+          Mailer.deliver_account_information(@user, params[:password])
+        end
        flash[:notice] = l(:notice_successful_update)
-        # Give a string to redirect_to otherwise it would use status param as the response code
-        redirect_to(url_for(:action => 'list', :status => params[:status], :page => params[:page]))
+        redirect_to :back
      end
    end
    @auth_sources = AuthSource.find(:all)
-    @roles = Role.find_all_givable
-    @projects = Project.find(:all, :order => 'name', :conditions => "status=#{Project::STATUS_ACTIVE}") - @user.projects
    @membership ||= Member.new
-    @memberships = @user.memberships
+  rescue ::ActionController::RedirectBackError
+    redirect_to :controller => 'users', :action => 'edit', :id => @user
  end
  
  def edit_membership
    @user = User.find(params[:id])
-    @membership = params[:membership_id] ? Member.find(params[:membership_id]) : Member.new(:user => @user)
+    @membership = params[:membership_id] ? Member.find(params[:membership_id]) : Member.new(:principal => @user)
    @membership.attributes = params[:membership]
    @membership.save if request.post?
-    redirect_to :action => 'edit', :id => @user, :tab => 'memberships'
+    respond_to do |format|
+       format.html { redirect_to :controller => 'users', :action => 'edit', :id => @user, :tab => 'memberships' }
+       format.js { 
+         render(:update) {|page| 
+           page.replace_html "tab-content-memberships", :partial => 'users/memberships'
+           page.visual_effect(:highlight, "member-#{@membership.id}")
+         }
+       }
+     end
  end
  
  def destroy_membership
    @user = User.find(params[:id])
-    Member.find(params[:membership_id]).destroy if request.post?
-    redirect_to :action => 'edit', :id => @user, :tab => 'memberships'
+    @membership = Member.find(params[:membership_id])
+    if request.post? && @membership.deletable?
+      @membership.destroy
+    end
+    respond_to do |format|
+      format.html { redirect_to :controller => 'users', :action => 'edit', :id => @user, :tab => 'memberships' }
+      format.js { render(:update) {|page| page.replace_html "tab-content-memberships", :partial => 'users/memberships'} }
+    end
  end
 end
--- a/app/controllers/versions_controller.rb
+++ b/app/controllers/versions_controller.rb
@@ -17,30 +17,45 @@

 class VersionsController < ApplicationController
  menu_item :roadmap
-  before_filter :find_project, :authorize
+  before_filter :find_version, :except => :close_completed
+  before_filter :find_project, :only => :close_completed
+  before_filter :authorize

+  helper :custom_fields
+  helper :projects
+  
  def show
+    @issues = @version.fixed_issues.visible.find(:all,
+      :include => [:status, :tracker, :priority],
+      :order => "#{Tracker.table_name}.position, #{Issue.table_name}.id")
  end
  
  def edit
-    if request.post? and @version.update_attributes(params[:version])
-      flash[:notice] = l(:notice_successful_update)
-      redirect_to :controller => 'projects', :action => 'settings', :tab => 'versions', :id => @project
+    if request.post? && params[:version]
+      attributes = params[:version].dup
+      attributes.delete('sharing') unless @version.allowed_sharings.include?(attributes['sharing'])
+      if @version.update_attributes(attributes)
+        flash[:notice] = l(:notice_successful_update)
+        redirect_to :controller => 'projects', :action => 'settings', :tab => 'versions', :id => @project
+      end
    end
  end
+  
+  def close_completed
+    if request.post?
+      @project.close_completed_versions
+    end
+    redirect_to :controller => 'projects', :action => 'settings', :tab => 'versions', :id => @project
+  end

  def destroy
-    @version.destroy
-    redirect_to :controller => 'projects', :action => 'settings', :tab => 'versions', :id => @project
-  rescue
-    flash[:error] = l(:notice_unable_delete_version)
-    redirect_to :controller => 'projects', :action => 'settings', :tab => 'versions', :id => @project
-  end
-  
-  def destroy_file
-    @version.attachments.find(params[:attachment_id]).destroy
-    flash[:notice] = l(:notice_successful_delete)
-    redirect_to :controller => 'projects', :action => 'list_files', :id => @project
+    if @version.fixed_issues.empty?
+      @version.destroy
+      redirect_to :controller => 'projects', :action => 'settings', :tab => 'versions', :id => @project
+    else
+      flash[:error] = l(:notice_unable_delete_version)
+      redirect_to :controller => 'projects', :action => 'settings', :tab => 'versions', :id => @project
+    end
  end
  
  def status_by
@@ -51,10 +66,16 @@ class VersionsController < ApplicationController
  end

 private
-  def find_project
+  def find_version
    @version = Version.find(params[:id])
    @project = @version.project
  rescue ActiveRecord::RecordNotFound
    render_404
-  end  
+  end
+  
+  def find_project
+    @project = Project.find(params[:project_id])
+  rescue ActiveRecord::RecordNotFound
+    render_404
+  end
 end
--- a/app/controllers/watchers_controller.rb
+++ b/app/controllers/watchers_controller.rb
@@ -18,14 +18,18 @@
 class WatchersController < ApplicationController
  before_filter :find_project
  before_filter :require_login, :check_project_privacy, :only => [:watch, :unwatch]
-  before_filter :authorize, :only => :new
+  before_filter :authorize, :only => [:new, :destroy]
  
  verify :method => :post,
         :only => [ :watch, :unwatch ],
         :render => { :nothing => true, :status => :method_not_allowed }
  
  def watch
-    set_watcher(User.current, true)
+    if @watched.respond_to?(:visible?) && !@watched.visible?(User.current)
+      render_403
+    else
+      set_watcher(User.current, true)
+    end
  end
  
  def unwatch
@@ -48,6 +52,18 @@ class WatchersController < ApplicationController
    render :text => 'Watcher added.', :layout => true
  end
  
+  def destroy
+    @watched.set_watcher(User.find(params[:user_id]), false) if request.post?
+    respond_to do |format|
+      format.html { redirect_to :back }
+      format.js do
+        render :update do |page|
+          page.replace_html 'watchers', :partial => 'watchers/watchers', :locals => {:watched => @watched}
+        end
+      end
+    end
+  end
+  
 private
  def find_project
    klass = Object.const_get(params[:object_type].camelcase)
@@ -60,9 +76,24 @@ private
  
  def set_watcher(user, watching)
    @watched.set_watcher(user, watching)
+    if params[:replace].present?
+      if params[:replace].is_a? Array
+        replace_ids = params[:replace]
+      else
+        replace_ids = [params[:replace]]
+      end
+    else
+      replace_ids = 'watcher'
+    end
    respond_to do |format|
      format.html { redirect_to :back }
-      format.js { render(:update) {|page| page.replace_html 'watcher', watcher_link(@watched, user)} }
+      format.js do
+        render(:update) do |page|
+          replace_ids.each do |replace_id|
+            page.replace_html replace_id, watcher_link(@watched, user, :replace => replace_ids)
+          end
+        end
+      end
    end
  rescue ::ActionController::RedirectBackError
    render :text => (watching ? 'Watcher added.' : 'Watcher removed.'), :layout => true
--- a/app/controllers/welcome_controller.rb
+++ b/app/controllers/welcome_controller.rb
@@ -16,9 +16,15 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class WelcomeController < ApplicationController
+  caches_action :robots

  def index
    @news = News.latest User.current
    @projects = Project.latest User.current
  end
+  
+  def robots
+    @projects = Project.all_public.active
+    render :layout => false, :content_type => 'text/plain'
+  end
 end
--- a/app/controllers/wiki_controller.rb
+++ b/app/controllers/wiki_controller.rb
@@ -18,12 +18,15 @@
 require 'diff'

 class WikiController < ApplicationController
+  default_search_scope :wiki_pages
  before_filter :find_wiki, :authorize
+  before_filter :find_existing_page, :only => [:rename, :protect, :history, :diff, :annotate, :add_attachment, :destroy]
  
-  verify :method => :post, :only => [:destroy, :destroy_attachment, :protect], :redirect_to => { :action => :index }
+  verify :method => :post, :only => [:destroy, :protect], :redirect_to => { :action => :index }

  helper :attachments
  include AttachmentsHelper   
+  helper :watchers
  
  # display a page (in editing mode if it doesn't exist)
  def index
@@ -44,11 +47,11 @@ class WikiController < ApplicationController
      return
    end
    @content = @page.content_for_version(params[:version])
-    if params[:export] == 'html'
+    if params[:format] == 'html'
      export = render_to_string :action => 'export', :layout => false
      send_data(export, :type => 'text/html', :filename => "#{@page.title}.html")
      return
-    elsif params[:export] == 'txt'
+    elsif params[:format] == 'txt'
      send_data(@content.text, :type => 'text/plain', :filename => "#{@page.title}.txt")
      return
    end
@@ -81,6 +84,7 @@ class WikiController < ApplicationController
      @content.author = User.current
      # if page is new @page.save will also save content, but not if page isn't a new record
      if (@page.new_record? ? @page.save : @content.save)
+        call_hook(:controller_wiki_edit_after_save, { :params => params, :page => @page})
        redirect_to :action => 'index', :id => @project, :page => @page.title
      end
    end
@@ -91,8 +95,7 @@ class WikiController < ApplicationController
  
  # rename a page
  def rename
-    @page = @wiki.find_page(params[:page])
-	return render_403 unless editable?
+    return render_403 unless editable?
    @page.redirect_existing_links = true
    # used to display the *original* title if some AR validation errors occur
    @original_title = @page.pretty_title
@@ -103,15 +106,12 @@ class WikiController < ApplicationController
  end
  
  def protect
-    page = @wiki.find_page(params[:page])
-    page.update_attribute :protected, params[:protected]
-    redirect_to :action => 'index', :id => @project, :page => page.title
+    @page.update_attribute :protected, params[:protected]
+    redirect_to :action => 'index', :id => @project, :page => @page.title
  end

  # show page history
  def history
-    @page = @wiki.find_page(params[:page])
-    
    @version_count = @page.content.versions.count
    @version_pages = Paginator.new self, @version_count, per_page_option, params['p']
    # don't load text    
@@ -125,21 +125,41 @@ class WikiController < ApplicationController
  end
  
  def diff
-    @page = @wiki.find_page(params[:page])
    @diff = @page.diff(params[:version], params[:version_from])
    render_404 unless @diff
  end
  
  def annotate
-    @page = @wiki.find_page(params[:page])
    @annotate = @page.annotate(params[:version])
+    render_404 unless @annotate
  end
  
-  # remove a wiki page and its history
+  # Removes a wiki page and its history
+  # Children can be either set as root pages, removed or reassigned to another parent page
  def destroy
-    @page = @wiki.find_page(params[:page])
-	return render_403 unless editable?
-    @page.destroy if @page
+    return render_403 unless editable?
+    
+    @descendants_count = @page.descendants.size
+    if @descendants_count > 0
+      case params[:todo]
+      when 'nullify'
+        # Nothing to do
+      when 'destroy'
+        # Removes all its descendants
+        @page.descendants.each(&:destroy)
+      when 'reassign'
+        # Reassign children to another parent page
+        reassign_to = @wiki.pages.find_by_id(params[:reassign_to_id].to_i)
+        return unless reassign_to
+        @page.children.each do |child|
+          child.update_attribute(:parent, reassign_to)
+        end
+      else
+        @reassignable_to = @wiki.pages - @page.self_and_descendants
+        return
+      end
+    end
+    @page.destroy
    redirect_to :action => 'special', :id => @project, :page => 'Page_index'
  end

@@ -163,7 +183,8 @@ class WikiController < ApplicationController
      return      
    else
      # requested special page doesn't exist, redirect to default page
-      redirect_to :action => 'index', :id => @project, :page => nil and return
+      redirect_to :action => 'index', :id => @project, :page => nil
+      return
    end
    render :action => "special_#{page_title}"
  end
@@ -181,19 +202,11 @@ class WikiController < ApplicationController
  end

  def add_attachment
-    @page = @wiki.find_page(params[:page])
    return render_403 unless editable?
    attach_files(@page, params[:attachments])
    redirect_to :action => 'index', :page => @page.title
  end

-  def destroy_attachment
-    @page = @wiki.find_page(params[:page])
-    return render_403 unless editable?
-    @page.attachments.find(params[:attachment_id]).destroy
-    redirect_to :action => 'index', :page => @page.title
-  end
-
 private
  
  def find_wiki
@@ -204,6 +217,12 @@ private
    render_404
  end
  
+  # Finds the requested page and returns a 404 error if it doesn't exist
+  def find_existing_page
+    @page = @wiki.find_page(params[:page])
+    render_404 if @page.nil?
+  end
+  
  # Returns true if the current user is allowed to edit the page, otherwise false
  def editable?(page = @page)
    page.editable_by?(User.current)
--- a/app/controllers/workflows_controller.rb
+++ b/app/controllers/workflows_controller.rb
@@ -16,6 +16,8 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class WorkflowsController < ApplicationController
+  layout 'admin'
+  
  before_filter :require_admin

  def index
@@ -40,6 +42,42 @@ class WorkflowsController < ApplicationController
    end
    @roles = Role.find(:all, :order => 'builtin, position')
    @trackers = Tracker.find(:all, :order => 'position')
-    @statuses = IssueStatus.find(:all, :order => 'position')
+    
+    @used_statuses_only = (params[:used_statuses_only] == '0' ? false : true)
+    if @tracker && @used_statuses_only && @tracker.issue_statuses.any?
+      @statuses = @tracker.issue_statuses
+    end
+    @statuses ||= IssueStatus.find(:all, :order => 'position')
+  end
+  
+  def copy
+    @trackers = Tracker.find(:all, :order => 'position')
+    @roles = Role.find(:all, :order => 'builtin, position')
+    
+    if params[:source_tracker_id].blank? || params[:source_tracker_id] == 'any'
+      @source_tracker = nil
+    else
+      @source_tracker = Tracker.find_by_id(params[:source_tracker_id].to_i)
+    end
+    if params[:source_role_id].blank? || params[:source_role_id] == 'any'
+      @source_role = nil
+    else
+      @source_role = Role.find_by_id(params[:source_role_id].to_i)
+    end
+    
+    @target_trackers = params[:target_tracker_ids].blank? ? nil : Tracker.find_all_by_id(params[:target_tracker_ids])
+    @target_roles = params[:target_role_ids].blank? ? nil : Role.find_all_by_id(params[:target_role_ids])
+     
+    if request.post?
+      if params[:source_tracker_id].blank? || params[:source_role_id].blank? || (@source_tracker.nil? && @source_role.nil?)
+        flash.now[:error] = l(:error_workflow_copy_source)
+      elsif @target_trackers.nil? || @target_roles.nil?
+        flash.now[:error] = l(:error_workflow_copy_target)
+      else
+        Workflow.copy(@source_tracker, @source_role, @target_trackers, @target_roles)
+        flash[:notice] = l(:notice_successful_update)
+        redirect_to :action => 'copy', :source_tracker_id => @source_tracker, :source_role_id => @source_role
+      end
+    end
  end
 end
--- a/app/helpers/admin_helper.rb
+++ b/app/helpers/admin_helper.rb
@@ -20,4 +20,12 @@ module AdminHelper
    options_for_select([[l(:label_all), ''], 
                        [l(:status_active), 1]], selected)
  end
+  
+  def css_project_classes(project)
+    s = 'project'
+    s << ' root' if project.root?
+    s << ' child' if project.child?
+    s << (project.leaf? ? ' leaf' : ' parent')
+    s
+  end
 end
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@@ -18,18 +18,16 @@
 require 'coderay'
 require 'coderay/helpers/file_type'
 require 'forwardable'
+require 'cgi'

 module ApplicationHelper
  include Redmine::WikiFormatting::Macros::Definitions
+  include Redmine::I18n
  include GravatarHelper::PublicMethods

  extend Forwardable
  def_delegators :wiki_helper, :wikitoolbar_for, :heads_for_wiki_formatter

-  def current_role
-    @current_role ||= User.current.role_for_project(@project)
-  end
-
  # Return true if user is authorized for controller/action, otherwise false
  def authorize_for(controller, action)
    User.current.allowed_to?({:controller => controller, :action => action}, @project)
@@ -46,16 +44,45 @@ module ApplicationHelper
    link_to_remote(name, options, html_options) if authorize_for(url[:controller] || params[:controller], url[:action])
  end

-  # Display a link to user's account page
-  def link_to_user(user)
-    (user && !user.anonymous?) ? link_to(user, :controller => 'account', :action => 'show', :id => user) : 'Anonymous'
+  # Displays a link to user's account page if active
+  def link_to_user(user, options={})
+    if user.is_a?(User)
+      name = h(user.name(options[:format]))
+      if user.active?
+        link_to name, :controller => 'users', :action => 'show', :id => user
+      else
+        name
+      end
+    else
+      h(user.to_s)
+    end
  end

+  # Displays a link to +issue+ with its subject.
+  # Examples:
+  # 
+  #   link_to_issue(issue)                        # => Defect #6: This is the subject
+  #   link_to_issue(issue, :truncate => 6)        # => Defect #6: This i...
+  #   link_to_issue(issue, :subject => false)     # => Defect #6
+  #   link_to_issue(issue, :project => true)      # => Foo - Defect #6
+  #
  def link_to_issue(issue, options={})
-    options[:class] ||= ''
-    options[:class] << ' issue'
-    options[:class] << ' closed' if issue.closed?
-    link_to "#{issue.tracker.name} ##{issue.id}", {:controller => "issues", :action => "show", :id => issue}, options
+    title = nil
+    subject = nil
+    if options[:subject] == false
+      title = truncate(issue.subject, :length => 60)
+    else
+      subject = issue.subject
+      if options[:truncate]
+        subject = truncate(subject, :length => options[:truncate])
+      end
+    end
+    s = link_to "#{issue.tracker} ##{issue.id}", {:controller => "issues", :action => "show", :id => issue}, 
+                                                 :class => issue.css_classes,
+                                                 :title => title
+    s << ": #{h subject}" if subject
+    s = "#{h issue.project} - " + s if options[:project]
+    s
  end

  # Generates a link to an attachment.
@@ -69,6 +96,15 @@ module ApplicationHelper
    link_to(h(text), {:controller => 'attachments', :action => action, :id => attachment, :filename => attachment.filename }, options)
  end

+  # Generates a link to a SCM revision
+  # Options:
+  # * :text - Link text (default to the formatted revision)
+  def link_to_revision(revision, project, options={})
+    text = options.delete(:text) || format_revision(revision)
+
+    link_to(text, {:controller => 'repositories', :action => 'revision', :id => project, :rev => revision}, :title => l(:label_revision_id, revision))
+  end
+
  def toggle_link(name, id, options={})
    onclick = "Element.toggle('#{id}'); "
    onclick << (options[:focus] ? "Form.Element.focus('#{options[:focus]}'); " : "this.blur(); ")
@@ -88,26 +124,9 @@ module ApplicationHelper
    html_options[:onclick] = "promptToRemote('#{text}', '#{param}', '#{url_for(url)}'); return false;"
    link_to name, {}, html_options
  end
-
-  def format_date(date)
-    return nil unless date
-    # "Setting.date_format.size < 2" is a temporary fix (content of date_format setting changed)
-    @date_format ||= (Setting.date_format.blank? || Setting.date_format.size < 2 ? l(:general_fmt_date) : Setting.date_format)
-    date.strftime(@date_format)
-  end
-
-  def format_time(time, include_date = true)
-    return nil unless time
-    time = time.to_time if time.is_a?(String)
-    zone = User.current.time_zone
-    local = zone ? time.in_time_zone(zone) : (time.utc? ? time.localtime : time)
-    @date_format ||= (Setting.date_format.blank? || Setting.date_format.size < 2 ? l(:general_fmt_date) : Setting.date_format)
-    @time_format ||= (Setting.time_format.blank? ? l(:general_fmt_time) : Setting.time_format)
-    include_date ? local.strftime("#{@date_format} #{@time_format}") : local.strftime(@time_format)
-  end
  
  def format_activity_title(text)
-    h(truncate_single_line(text, 100))
+    h(truncate_single_line(text, :length => 100))
  end
  
  def format_activity_day(date)
@@ -115,16 +134,17 @@ module ApplicationHelper
  end
  
  def format_activity_description(text)
-    h(truncate(text.to_s, 250).gsub(%r{<(pre|code)>.*$}m, '...'))
+    h(truncate(text.to_s, :length => 120).gsub(%r{[\r\n]*<(pre|code)>.*$}m, '...')).gsub(/[\r\n]+/, "<br />")
  end

-  def distance_of_date_in_words(from_date, to_date = 0)
-    from_date = from_date.to_date if from_date.respond_to?(:to_date)
-    to_date = to_date.to_date if to_date.respond_to?(:to_date)
-    distance_in_days = (to_date - from_date).abs
-    lwr(:actionview_datehelper_time_in_words_day, distance_in_days)
+  def format_version_name(version)
+    if version.project == @project
+    	h(version)
+    else
+      h("#{version.project} - #{version}")
+    end
  end
-
+  
  def due_date_distance_in_words(date)
    if date
      l((date < Date.today ? :label_roadmap_overdue : :label_roadmap_due_in), distance_of_date_in_words(Date.today, date))
@@ -146,10 +166,99 @@ module ApplicationHelper
    end
    content
  end
+  
+  # Renders flash messages
+  def render_flash_messages
+    s = ''
+    flash.each do |k,v|
+      s << content_tag('div', v, :class => "flash #{k}")
+    end
+    s
+  end
+  
+  # Renders tabs and their content
+  def render_tabs(tabs)
+    if tabs.any?
+      render :partial => 'common/tabs', :locals => {:tabs => tabs}
+    else
+      content_tag 'p', l(:label_no_data), :class => "nodata"
+    end
+  end
+  
+  # Renders the project quick-jump box
+  def render_project_jump_box
+    # Retrieve them now to avoid a COUNT query
+    projects = User.current.projects.all
+    if projects.any?
+      s = '<select onchange="if (this.value != \'\') { window.location = this.value; }">' +
+            "<option value=''>#{ l(:label_jump_to_a_project) }</option>" +
+            '<option value="" disabled="disabled">---</option>'
+      s << project_tree_options_for_select(projects, :selected => @project) do |p|
+        { :value => url_for(:controller => 'projects', :action => 'show', :id => p, :jump => current_menu_item) }
+      end
+      s << '</select>'
+      s
+    end
+  end
+  
+  def project_tree_options_for_select(projects, options = {})
+    s = ''
+    project_tree(projects) do |project, level|
+      name_prefix = (level > 0 ? ('&nbsp;' * 2 * level + '&#187; ') : '')
+      tag_options = {:value => project.id, :selected => ((project == options[:selected]) ? 'selected' : nil)}
+      tag_options.merge!(yield(project)) if block_given?
+      s << content_tag('option', name_prefix + h(project), tag_options)
+    end
+    s
+  end
+  
+  # Yields the given block for each project with its level in the tree
+  def project_tree(projects, &block)
+    ancestors = []
+    projects.sort_by(&:lft).each do |project|
+      while (ancestors.any? && !project.is_descendant_of?(ancestors.last)) 
+        ancestors.pop
+      end
+      yield project, ancestors.size
+      ancestors << project
+    end
+  end
+  
+  def project_nested_ul(projects, &block)
+    s = ''
+    if projects.any?
+      ancestors = []
+      projects.sort_by(&:lft).each do |project|
+        if (ancestors.empty? || project.is_descendant_of?(ancestors.last))
+          s << "<ul>\n"
+        else
+          ancestors.pop
+          s << "</li>"
+          while (ancestors.any? && !project.is_descendant_of?(ancestors.last)) 
+            ancestors.pop
+            s << "</ul></li>\n"
+          end
+        end
+        s << "<li>"
+        s << yield(project).to_s
+        ancestors << project
+      end
+      s << ("</li></ul>\n" * ancestors.size)
+    end
+    s
+  end
+  
+  def principals_check_box_tags(name, principals)
+    s = ''
+    principals.sort.each do |principal|
+      s << "<label>#{ check_box_tag name, principal.id, false } #{h principal}</label>\n"
+    end
+    s 
+  end

  # Truncates and returns the string as a single line
  def truncate_single_line(string, *args)
-    truncate(string, *args).gsub(%r{[\r\n]+}m, ' ')
+    truncate(string.to_s, *args).gsub(%r{[\r\n]+}m, ' ')
  end

  def html_hours(text)
@@ -157,25 +266,16 @@ module ApplicationHelper
  end

  def authoring(created, author, options={})
-    time_tag = @project.nil? ? content_tag('acronym', distance_of_time_in_words(Time.now, created), :title => format_time(created)) :
-                               link_to(distance_of_time_in_words(Time.now, created), 
-                                       {:controller => 'projects', :action => 'activity', :id => @project, :from => created.to_date},
-                                       :title => format_time(created))
-    author_tag = (author.is_a?(User) && !author.anonymous?) ? link_to(h(author), :controller => 'account', :action => 'show', :id => author) : h(author || 'Anonymous')
-    l(options[:label] || :label_added_time_by, author_tag, time_tag)
+    l(options[:label] || :label_added_time_by, :author => link_to_user(author), :age => time_tag(created))
  end
-
-  def l_or_humanize(s, options={})
-    k = "#{options[:prefix]}#{s}".to_sym
-    l_has_string?(k) ? l(k) : s.to_s.humanize
-  end
-
-  def day_name(day)
-    l(:general_day_names).split(',')[day-1]
-  end
-
-  def month_name(month)
-    l(:actionview_datehelper_select_month_names).split(',')[month-1]
+  
+  def time_tag(time)
+    text = distance_of_time_in_words(Time.now, time)
+    if @project
+      link_to(text, {:controller => 'projects', :action => 'activity', :id => @project, :from => time.to_date}, :title => format_time(time))
+    else
+      content_tag('acronym', text, :title => format_time(time))
+    end
  end

  def syntax_highlight(name, content)
@@ -190,52 +290,82 @@ module ApplicationHelper
  def pagination_links_full(paginator, count=nil, options={})
    page_param = options.delete(:page_param) || :page
    url_param = params.dup
-    # don't reuse params if filters are present
-    url_param.clear if url_param.has_key?(:set_filter)
+    # don't reuse query params if filters are present
+    url_param.merge!(:fields => nil, :values => nil, :operators => nil) if url_param.delete(:set_filter)

    html = ''
-    html << link_to_remote(('&#171; ' + l(:label_previous)),
-                            {:update => 'content',
-                             :url => url_param.merge(page_param => paginator.current.previous),
-                             :complete => 'window.scrollTo(0,0)'},
-                            {:href => url_for(:params => url_param.merge(page_param => paginator.current.previous))}) + ' ' if paginator.current.previous
+    if paginator.current.previous
+      html << link_to_remote_content_update('&#171; ' + l(:label_previous), url_param.merge(page_param => paginator.current.previous)) + ' '
+    end

    html << (pagination_links_each(paginator, options) do |n|
-      link_to_remote(n.to_s,
-                      {:url => {:params => url_param.merge(page_param => n)},
-                       :update => 'content',
-                       :complete => 'window.scrollTo(0,0)'},
-                      {:href => url_for(:params => url_param.merge(page_param => n))})
+      link_to_remote_content_update(n.to_s, url_param.merge(page_param => n))
    end || '')
-
-    html << ' ' + link_to_remote((l(:label_next) + ' &#187;'),
-                                 {:update => 'content',
-                                  :url => url_param.merge(page_param => paginator.current.next),
-                                  :complete => 'window.scrollTo(0,0)'},
-                                 {:href => url_for(:params => url_param.merge(page_param => paginator.current.next))}) if paginator.current.next
+    
+    if paginator.current.next
+      html << ' ' + link_to_remote_content_update((l(:label_next) + ' &#187;'), url_param.merge(page_param => paginator.current.next))
+    end

    unless count.nil?
-      html << [" (#{paginator.current.first_item}-#{paginator.current.last_item}/#{count})", per_page_links(paginator.items_per_page)].compact.join(' | ')
+      html << [
+        " (#{paginator.current.first_item}-#{paginator.current.last_item}/#{count})",
+        per_page_links(paginator.items_per_page)
+      ].compact.join(' | ')
    end

    html
  end
-
+  
  def per_page_links(selected=nil)
    url_param = params.dup
    url_param.clear if url_param.has_key?(:set_filter)

    links = Setting.per_page_options_array.collect do |n|
-      n == selected ? n : link_to_remote(n, {:update => "content", :url => params.dup.merge(:per_page => n)},
+      n == selected ? n : link_to_remote(n, {:update => "content",
+                                             :url => params.dup.merge(:per_page => n),
+                                             :method => :get},
                                            {:href => url_for(url_param.merge(:per_page => n))})
    end
    links.size > 1 ? l(:label_display_per_page, links.join(', ')) : nil
  end
+  
+  def reorder_links(name, url)
+    link_to(image_tag('2uparrow.png',   :alt => l(:label_sort_highest)), url.merge({"#{name}[move_to]" => 'highest'}), :method => :post, :title => l(:label_sort_highest)) +
+    link_to(image_tag('1uparrow.png',   :alt => l(:label_sort_higher)),  url.merge({"#{name}[move_to]" => 'higher'}),  :method => :post, :title => l(:label_sort_higher)) +
+    link_to(image_tag('1downarrow.png', :alt => l(:label_sort_lower)),   url.merge({"#{name}[move_to]" => 'lower'}),   :method => :post, :title => l(:label_sort_lower)) +
+    link_to(image_tag('2downarrow.png', :alt => l(:label_sort_lowest)),  url.merge({"#{name}[move_to]" => 'lowest'}),  :method => :post, :title => l(:label_sort_lowest))
+  end

  def breadcrumb(*args)
    elements = args.flatten
    elements.any? ? content_tag('p', args.join(' &#187; ') + ' &#187; ', :class => 'breadcrumb') : nil
  end
+  
+  def other_formats_links(&block)
+    concat('<p class="other-formats">' + l(:label_export_to))
+    yield Redmine::Views::OtherFormatsBuilder.new(self)
+    concat('</p>')
+  end
+  
+  def page_header_title
+    if @project.nil? || @project.new_record?
+      h(Setting.app_title)
+    else
+      b = []
+      ancestors = (@project.root? ? [] : @project.ancestors.visible)
+      if ancestors.any?
+        root = ancestors.shift
+        b << link_to(h(root), {:controller => 'projects', :action => 'show', :id => root, :jump => current_menu_item}, :class => 'root')
+        if ancestors.size > 2
+          b << '&#8230;'
+          ancestors = ancestors[-2, 2]
+        end
+        b += ancestors.collect {|p| link_to(h(p), {:controller => 'projects', :action => 'show', :id => p, :jump => current_menu_item}, :class => 'ancestor') }
+      end
+      b << h(@project)
+      b.join(' &#187; ')
+    end
+  end

  def html_title(*args)
    if args.empty?
@@ -243,7 +373,7 @@ module ApplicationHelper
      title << @project.name if @project
      title += @html_title if @html_title
      title << Setting.app_title
-      title.compact.join(' - ')
+      title.select {|t| !t.blank? }.join(' - ')
    else
      @html_title ||= []
      @html_title += args
@@ -281,16 +411,15 @@ module ApplicationHelper
      attachments = attachments.sort_by(&:created_on).reverse
      text = text.gsub(/!((\<|\=|\>)?(\([^\)]+\))?(\[[^\]]+\])?(\{[^\}]+\})?)(\S+\.(bmp|gif|jpg|jpeg|png))!/i) do |m|
        style = $1
-        filename = $6
-        rf = Regexp.new(Regexp.escape(filename),  Regexp::IGNORECASE)
+        filename = $6.downcase
        # search for the picture in attachments
-        if found = attachments.detect { |att| att.filename =~ rf }
+        if found = attachments.detect { |att| att.filename.downcase == filename }
          image_url = url_for :only_path => only_path, :controller => 'attachments', :action => 'download', :id => found
          desc = found.description.to_s.gsub(/^([^\(\)]*).*$/, "\\1")
          alt = desc.blank? ? nil : "(#{desc})"
          "!#{style}#{image_url}#{alt}!"
        else
-          "!#{style}#{filename}!"
+          m
        end
      end
    end
@@ -343,7 +472,7 @@ module ApplicationHelper
                                   :class => ('wiki-page' + (wiki_page ? '' : ' new')))
        else
          # project or wiki doesn't exist
-          title || page
+          all
        end
      else
        all
@@ -376,25 +505,24 @@ module ApplicationHelper
    #     export:some/file -> Force the download of the file
    #  Forum messages:
    #     message#1218 -> Link to message with id 1218
-    text = text.gsub(%r{([\s\(,\-\>]|^)(!)?(attachment|document|version|commit|source|export|message)?((#|r)(\d+)|(:)([^"\s<>][^\s<>]*?|"[^"]+?"))(?=(?=[[:punct:]]\W)|\s|<|$)}) do |m|
-      leading, esc, prefix, sep, oid = $1, $2, $3, $5 || $7, $6 || $8
+    text = text.gsub(%r{([\s\(,\-\>]|^)(!)?(attachment|document|version|commit|source|export|message)?((#|r)(\d+)|(:)([^"\s<>][^\s<>]*?|"[^"]+?"))(?=(?=[[:punct:]]\W)|,|\s|<|$)}) do |m|
+      leading, esc, prefix, sep, identifier = $1, $2, $3, $5 || $7, $6 || $8
      link = nil
      if esc.nil?
        if prefix.nil? && sep == 'r'
-          if project && (changeset = project.changesets.find_by_revision(oid))
-            link = link_to("r#{oid}", {:only_path => only_path, :controller => 'repositories', :action => 'revision', :id => project, :rev => oid},
+          if project && (changeset = project.changesets.find_by_revision(identifier))
+            link = link_to("r#{identifier}", {:only_path => only_path, :controller => 'repositories', :action => 'revision', :id => project, :rev => changeset.revision},
                                      :class => 'changeset',
-                                      :title => truncate_single_line(changeset.comments, 100))
+                                      :title => truncate_single_line(changeset.comments, :length => 100))
          end
        elsif sep == '#'
-          oid = oid.to_i
+          oid = identifier.to_i
          case prefix
          when nil
-            if issue = Issue.find_by_id(oid, :include => [:project, :status], :conditions => Project.visible_by(User.current))
+            if issue = Issue.visible.find_by_id(oid, :include => :status)
              link = link_to("##{oid}", {:only_path => only_path, :controller => 'issues', :action => 'show', :id => oid},
-                                        :class => (issue.closed? ? 'issue closed' : 'issue'),
-                                        :title => "#{truncate(issue.subject, 100)} (#{issue.status.name})")
-              link = content_tag('del', link) if issue.closed?
+                                        :class => issue.css_classes,
+                                        :title => "#{truncate(issue.subject, :length => 100)} (#{issue.status.name})")
            end
          when 'document'
            if document = Document.find_by_id(oid, :include => [:project], :conditions => Project.visible_by(User.current))
@@ -408,7 +536,7 @@ module ApplicationHelper
            end
          when 'message'
            if message = Message.find_by_id(oid, :include => [:parent, {:board => :project}], :conditions => Project.visible_by(User.current))
-              link = link_to h(truncate(message.subject, 60)), {:only_path => only_path,
+              link = link_to h(truncate(message.subject, :length => 60)), {:only_path => only_path,
                                                                :controller => 'messages',
                                                                :action => 'show',
                                                                :board_id => message.board,
@@ -419,7 +547,7 @@ module ApplicationHelper
          end
        elsif sep == ':'
          # removes the double quotes if any
-          name = oid.gsub(%r{^"(.*)"$}, "\\1")
+          name = identifier.gsub(%r{^"(.*)"$}, "\\1")
          case prefix
          when 'document'
            if project && document = project.documents.find_by_title(name)
@@ -435,7 +563,7 @@ module ApplicationHelper
            if project && (changeset = project.changesets.find(:first, :conditions => ["scmid LIKE ?", "#{name}%"]))
              link = link_to h("#{name}"), {:only_path => only_path, :controller => 'repositories', :action => 'revision', :id => project, :rev => changeset.revision},
                                           :class => 'changeset',
-                                           :title => truncate_single_line(changeset.comments, 100)
+                                           :title => truncate_single_line(changeset.comments, :length => 100)
            end
          when 'source', 'export'
            if project && project.repository
@@ -456,7 +584,7 @@ module ApplicationHelper
          end
        end
      end
-      leading + (link || "#{prefix}#{sep}#{oid}")
+      leading + (link || "#{prefix}#{sep}#{identifier}")
    end

    text
@@ -470,46 +598,9 @@ module ApplicationHelper
      gsub(/([^\n]\n)(?=[^\n])/, '\1<br />')  # 1 newline   -> br
  end

-  def error_messages_for(object_name, options = {})
-    options = options.symbolize_keys
-    object = instance_variable_get("@#{object_name}")
-    if object && !object.errors.empty?
-      # build full_messages here with controller current language
-      full_messages = []
-      object.errors.each do |attr, msg|
-        next if msg.nil?
-        msg = msg.first if msg.is_a? Array
-        if attr == "base"
-          full_messages << l(msg)
-        else
-          full_messages << "&#171; " + (l_has_string?("field_" + attr) ? l("field_" + attr) : object.class.human_attribute_name(attr)) + " &#187; " + l(msg) unless attr == "custom_values"
-        end
-      end
-      # retrieve custom values error messages
-      if object.errors[:custom_values]
-        object.custom_values.each do |v|
-          v.errors.each do |attr, msg|
-            next if msg.nil?
-            msg = msg.first if msg.is_a? Array
-            full_messages << "&#171; " + v.custom_field.name + " &#187; " + l(msg)
-          end
-        end
-      end
-      content_tag("div",
-        content_tag(
-          options[:header_tag] || "span", lwr(:gui_validation_error, full_messages.length) + ":"
-        ) +
-        content_tag("ul", full_messages.collect { |msg| content_tag("li", msg) }),
-        "id" => options[:id] || "errorExplanation", "class" => options[:class] || "errorExplanation"
-      )
-    else
-      ""
-    end
-  end
-
  def lang_options_for_select(blank=true)
    (blank ? [["(auto)", ""]] : []) +
-      GLoc.valid_languages.collect{|lang| [ ll(lang.to_s, :general_lang_name), lang.to_s]}.sort{|x,y| x.last <=> y.last }
+      valid_languages.collect{|lang| [ ll(lang.to_s, :general_lang_name), lang.to_s]}.sort{|x,y| x.last <=> y.last }
  end

  def label_tag_for(name, option_tags = nil, options = {})
@@ -525,7 +616,8 @@ module ApplicationHelper

  def back_url_hidden_field_tag
    back_url = params[:back_url] || request.env['HTTP_REFERER']
-    hidden_field_tag('back_url', back_url) unless back_url.blank?
+    back_url = CGI.unescape(back_url.to_s)
+    hidden_field_tag('back_url', CGI.escape(back_url)) unless back_url.blank?
  end

  def check_all_links(form_name)
@@ -536,15 +628,16 @@ module ApplicationHelper

  def progress_bar(pcts, options={})
    pcts = [pcts, pcts] unless pcts.is_a?(Array)
+    pcts = pcts.collect(&:round)
    pcts[1] = pcts[1] - pcts[0]
    pcts << (100 - pcts[1] - pcts[0])
    width = options[:width] || '100px;'
    legend = options[:legend] || ''
    content_tag('table',
      content_tag('tr',
-        (pcts[0] > 0 ? content_tag('td', '', :style => "width: #{pcts[0].floor}%;", :class => 'closed') : '') +
-        (pcts[1] > 0 ? content_tag('td', '', :style => "width: #{pcts[1].floor}%;", :class => 'done') : '') +
-        (pcts[2] > 0 ? content_tag('td', '', :style => "width: #{pcts[2].floor}%;", :class => 'todo') : '')
+        (pcts[0] > 0 ? content_tag('td', '', :style => "width: #{pcts[0]}%;", :class => 'closed') : '') +
+        (pcts[1] > 0 ? content_tag('td', '', :style => "width: #{pcts[1]}%;", :class => 'done') : '') +
+        (pcts[2] > 0 ? content_tag('td', '', :style => "width: #{pcts[2]}%;", :class => 'todo') : '')
      ), :class => 'progress', :style => "width: #{width};") +
      content_tag('p', legend, :class => 'pourcent')
  end
@@ -575,8 +668,18 @@ module ApplicationHelper
    unless @calendar_headers_tags_included
      @calendar_headers_tags_included = true
      content_for :header_tags do
+        start_of_week = case Setting.start_of_week.to_i
+        when 1
+          'Calendar._FD = 1;' # Monday
+        when 7
+          'Calendar._FD = 0;' # Sunday
+        else
+          '' # use language
+        end
+        
        javascript_include_tag('calendar/calendar') +
-        javascript_include_tag("calendar/lang/calendar-#{current_language}.js") +
+        javascript_include_tag("calendar/lang/calendar-#{current_language.to_s.downcase}.js") +
+        javascript_tag(start_of_week) +  
        javascript_include_tag('calendar/calendar-setup') +
        stylesheet_link_tag('calendar')
      end
@@ -597,6 +700,7 @@ module ApplicationHelper
  # +user+ can be a User or a string that will be scanned for an email address (eg. 'joe <joe@foo.bar>')
  def avatar(user, options = { })
    if Setting.gravatar_enabled?
+      options.merge!({:ssl => Setting.protocol == 'https', :default => Setting.gravatar_default})
      email = nil
      if user.respond_to?(:mail)
        email = user.mail
@@ -614,4 +718,12 @@ module ApplicationHelper
    extend helper
    return self
  end
+  
+  def link_to_remote_content_update(text, url_params)
+    link_to_remote(text,
+      {:url => url_params, :method => :get, :update => 'content', :complete => 'window.scrollTo(0,0)'},
+      {:href => url_for(:params => url_params)}
+    )
+  end
+  
 end
--- a/app/helpers/attachments_helper.rb
+++ b/app/helpers/attachments_helper.rb
@@ -16,10 +16,15 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 module AttachmentsHelper
-  # displays the links to a collection of attachments
-  def link_to_attachments(attachments, options = {})
-    if attachments.any?
-      render :partial => 'attachments/links', :locals => {:attachments => attachments, :options => options}
+  # Displays view/delete links to the attachments of the given object
+  # Options:
+  #   :author -- author names are not displayed if set to false
+  def link_to_attachments(container, options = {})
+    options.assert_valid_keys(:author)
+    
+    if container.attachments.any?
+      options = {:deletable => container.attachments_deletable?, :author => true}.merge(options)
+      render :partial => 'attachments/links', :locals => {:attachments => container.attachments, :options => options}
    end
  end
  
--- a/app/helpers/custom_fields_helper.rb
+++ b/app/helpers/custom_fields_helper.rb
@@ -18,10 +18,15 @@
 module CustomFieldsHelper

  def custom_fields_tabs
-    tabs = [{:name => 'IssueCustomField', :label => :label_issue_plural},
-            {:name => 'TimeEntryCustomField', :label => :label_spent_time},
-            {:name => 'ProjectCustomField', :label => :label_project_plural},
-            {:name => 'UserCustomField', :label => :label_user_plural}
+    tabs = [{:name => 'IssueCustomField', :partial => 'custom_fields/index', :label => :label_issue_plural},
+            {:name => 'TimeEntryCustomField', :partial => 'custom_fields/index', :label => :label_spent_time},
+            {:name => 'ProjectCustomField', :partial => 'custom_fields/index', :label => :label_project_plural},
+            {:name => 'VersionCustomField', :partial => 'custom_fields/index', :label => :label_version_plural},
+            {:name => 'UserCustomField', :partial => 'custom_fields/index', :label => :label_user_plural},
+            {:name => 'GroupCustomField', :partial => 'custom_fields/index', :label => :label_group_plural},
+            {:name => 'TimeEntryActivityCustomField', :partial => 'custom_fields/index', :label => TimeEntryActivity::OptionName},
+            {:name => 'IssuePriorityCustomField', :partial => 'custom_fields/index', :label => IssuePriority::OptionName},
+            {:name => 'DocumentCategoryCustomField', :partial => 'custom_fields/index', :label => DocumentCategory::OptionName}
            ]
  end
  
@@ -38,7 +43,7 @@ module CustomFieldsHelper
    when "text"
      text_area_tag(field_name, custom_value.value, :id => field_id, :rows => 3, :style => 'width:90%')
    when "bool"
-      check_box_tag(field_name, '1', custom_value.true?, :id => field_id) + hidden_field_tag(field_name, '0')
+      hidden_field_tag(field_name, '0') + check_box_tag(field_name, '1', custom_value.true?, :id => field_id)
    when "list"
      blank_option = custom_field.is_required? ?
                       (custom_field.default_value.blank? ? "<option value=\"\">--- #{l(:actionview_instancetag_blank_option)} ---</option>" : '') : 
@@ -61,6 +66,26 @@ module CustomFieldsHelper
  def custom_field_tag_with_label(name, custom_value)
    custom_field_label_tag(name, custom_value) + custom_field_tag(name, custom_value)
  end
+  
+  def custom_field_tag_for_bulk_edit(custom_field)
+    field_name = "custom_field_values[#{custom_field.id}]"
+    field_id = "custom_field_values_#{custom_field.id}"
+    case custom_field.field_format
+      when "date"
+        text_field_tag(field_name, '', :id => field_id, :size => 10) + 
+        calendar_for(field_id)
+      when "text"
+        text_area_tag(field_name, '', :id => field_id, :rows => 3, :style => 'width:90%')
+      when "bool"
+        select_tag(field_name, options_for_select([[l(:label_no_change_option), ''],
+                                                   [l(:general_text_yes), '1'],
+                                                   [l(:general_text_no), '0']]), :id => field_id)
+      when "list"
+        select_tag(field_name, options_for_select([[l(:label_no_change_option), '']] + custom_field.possible_values), :id => field_id)
+      else
+        text_field_tag(field_name, '', :id => field_id)
+    end
+  end

  # Return a string used to display a custom value
  def show_value(custom_value)
@@ -75,7 +100,7 @@ module CustomFieldsHelper
    when "date"
      begin; format_date(value.to_date); rescue; value end
    when "bool"
-      l_YesNo(value == "1")
+      l(value == "1" ? :general_text_Yes : :general_text_No)
    else
      value
    end
--- a/app/helpers/groups_helper.rb
+++ b/app/helpers/groups_helper.rb
@@ -0,0 +1,34 @@
+# Redmine - project management software
+# Copyright (C) 2006-2009  Jean-Philippe Lang
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+# 
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+
+module GroupsHelper
+  # Options for the new membership projects combo-box
+  def options_for_membership_project_select(user, projects)
+    options = content_tag('option', "--- #{l(:actionview_instancetag_blank_option)} ---")
+    options << project_tree_options_for_select(projects) do |p|
+      {:disabled => (user.projects.include?(p))}
+    end
+    options
+  end
+  
+  def group_settings_tabs
+    tabs = [{:name => 'general', :partial => 'groups/general', :label => :label_general},
+            {:name => 'users', :partial => 'groups/users', :label => :label_user_plural},
+            {:name => 'memberships', :partial => 'groups/memberships', :label => :label_project_plural}
+            ]
+  end
+end
--- a/app/helpers/ifpdf_helper.rb
+++ b/app/helpers/ifpdf_helper.rb
@@ -1,85 +0,0 @@
-# redMine - project management software
-# Copyright (C) 2006  Jean-Philippe Lang
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-# 
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-# 
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
-
-require 'iconv'
-require 'rfpdf/chinese'
-
-module IfpdfHelper  
-  
-  class IFPDF < FPDF
-    include GLoc
-    attr_accessor :footer_date
-    
-    def initialize(lang)
-      super()
-      set_language_if_valid lang
-      case current_language.to_s
-      when 'ja'
-        extend(PDF_Japanese)
-        AddSJISFont()
-        @font_for_content = 'SJIS'
-        @font_for_footer = 'SJIS'
-      when 'zh'
-        extend(PDF_Chinese)
-        AddGBFont()
-        @font_for_content = 'GB'
-        @font_for_footer = 'GB'
-      when 'zh-tw'
-        extend(PDF_Chinese)
-        AddBig5Font()
-        @font_for_content = 'Big5'
-        @font_for_footer = 'Big5'
-      else
-        @font_for_content = 'Arial'
-        @font_for_footer = 'Helvetica'              
-      end
-      SetCreator(Redmine::Info.app_name)
-      SetFont(@font_for_content)
-    end
-    
-    def SetFontStyle(style, size)
-      SetFont(@font_for_content, style, size)
-    end
-      
-    def Cell(w,h=0,txt='',border=0,ln=0,align='',fill=0,link='')
-      @ic ||= Iconv.new(l(:general_pdf_encoding), 'UTF-8')
-      # these quotation marks are not correctly rendered in the pdf
-      txt = txt.gsub(/[“”]/, '"') if txt
-      txt = begin
-        # 0x5c char handling
-        txtar = txt.split('\\')
-        txtar << '' if txt[-1] == ?\\
-        txtar.collect {|x| @ic.iconv(x)}.join('\\').gsub(/\\/, "\\\\\\\\")
-      rescue
-        txt
-      end || ''
-      super w,h,txt,border,ln,align,fill,link
-    end
-    
-    def Footer
-      SetFont(@font_for_footer, 'I', 8)
-      SetY(-15)
-      SetX(15)
-      Cell(0, 5, @footer_date, 0, 0, 'L')
-      SetY(-15)
-      SetX(-30)
-      Cell(0, 5, PageNo().to_s + '/{nb}', 0, 0, 'C')
-    end
-    
-  end
-
-end
--- a/app/helpers/issues_helper.rb
+++ b/app/helpers/issues_helper.rb
@@ -15,8 +15,6 @@
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

-require 'csv'
-
 module IssuesHelper
  include ApplicationHelper

@@ -26,13 +24,32 @@ module IssuesHelper
    @cached_label_assigned_to ||= l(:field_assigned_to)
    @cached_label_priority ||= l(:field_priority)
    
-    link_to_issue(issue) + ": #{h(issue.subject)}<br /><br />" +
+    link_to_issue(issue) + "<br /><br />" +
      "<strong>#{@cached_label_start_date}</strong>: #{format_date(issue.start_date)}<br />" +
      "<strong>#{@cached_label_due_date}</strong>: #{format_date(issue.due_date)}<br />" +
      "<strong>#{@cached_label_assigned_to}</strong>: #{issue.assigned_to}<br />" +
      "<strong>#{@cached_label_priority}</strong>: #{issue.priority.name}"
  end
  
+  def render_custom_fields_rows(issue)
+    return if issue.custom_field_values.empty?
+    ordered_values = []
+    half = (issue.custom_field_values.size / 2.0).ceil
+    half.times do |i|
+      ordered_values << issue.custom_field_values[i]
+      ordered_values << issue.custom_field_values[i + half]
+    end
+    s = "<tr>\n"
+    n = 0
+    ordered_values.compact.each do |value|
+      s << "</tr>\n<tr>\n" if n > 0 && (n % 2) == 0
+      s << "\t<th>#{ h(value.custom_field.name) }:</th><td>#{ simple_format_without_paragraph(h(show_value(value))) }</td>\n"
+      n += 1
+    end
+    s << "</tr>\n"
+    s
+  end
+  
  def sidebar_queries
    unless @sidebar_queries
      # User can see public queries and his own queries
@@ -40,6 +57,7 @@ module IssuesHelper
      # Project specific queries and global queries
      visible << (@project.nil? ? ["project_id IS NULL"] : ["project_id IS NULL OR project_id = ?", @project.id])
      @sidebar_queries = Query.find(:all, 
+                                    :select => 'id, name',
                                    :order => "name ASC",
                                    :conditions => visible.conditions)
    end
@@ -67,8 +85,8 @@ module IssuesHelper
        u = User.find_by_id(detail.value) and value = u.name if detail.value
        u = User.find_by_id(detail.old_value) and old_value = u.name if detail.old_value
      when 'priority_id'
-        e = Enumeration.find_by_id(detail.value) and value = e.name if detail.value
-        e = Enumeration.find_by_id(detail.old_value) and old_value = e.name if detail.old_value
+        e = IssuePriority.find_by_id(detail.value) and value = e.name if detail.value
+        e = IssuePriority.find_by_id(detail.old_value) and old_value = e.name if detail.old_value
      when 'category_id'
        c = IssueCategory.find_by_id(detail.value) and value = c.name if detail.value
        c = IssueCategory.find_by_id(detail.old_value) and old_value = c.name if detail.old_value
@@ -111,28 +129,22 @@ module IssuesHelper
      case detail.property
      when 'attr', 'cf'
        if !detail.old_value.blank?
-          label + " " + l(:text_journal_changed, old_value, value)
+          l(:text_journal_changed, :label => label, :old => old_value, :new => value)
        else
-          label + " " + l(:text_journal_set_to, value)
+          l(:text_journal_set_to, :label => label, :value => value)
        end
      when 'attachment'
-        "#{label} #{value} #{l(:label_added)}"
+        l(:text_journal_added, :label => label, :value => value)
      end
    else
-      case detail.property
-      when 'attr', 'cf'
-        label + " " + l(:text_journal_deleted) + " (#{old_value})"
-      when 'attachment'
-        "#{label} #{old_value} #{l(:label_deleted)}"
-      end
+      l(:text_journal_deleted, :label => label, :old => old_value)
    end
  end
  
  def issues_to_csv(issues, project = nil)
    ic = Iconv.new(l(:general_csv_encoding), 'UTF-8')    
    decimal_separator = l(:general_csv_decimal_separator)
-    export = StringIO.new
-    CSV::Writer.generate(export, l(:general_csv_separator)) do |csv|
+    export = FCSV.generate(:col_sep => l(:general_csv_separator)) do |csv|
      # csv header fields
      headers = [ "#",
                  l(:field_status), 
@@ -182,7 +194,6 @@ module IssuesHelper
        csv << fields.collect {|c| begin; ic.iconv(c.to_s); rescue; c.to_s; end }
      end
    end
-    export.rewind
    export
  end
 end
--- a/app/helpers/journals_helper.rb
+++ b/app/helpers/journals_helper.rb
@@ -30,7 +30,9 @@ module JournalsHelper
    end
    content << content_tag('div', links.join(' '), :class => 'contextual') unless links.empty?
    content << textilizable(journal, :notes)
-    content_tag('div', content, :id => "journal-#{journal.id}-notes", :class => (editable ? 'wiki editable' : 'wiki'))
+    css_classes = "wiki"
+    css_classes << " editable" if editable
+    content_tag('div', content, :id => "journal-#{journal.id}-notes", :class => css_classes)
  end
  
  def link_to_in_place_notes_editor(text, field_id, url, options={})
--- a/app/helpers/messages_helper.rb
+++ b/app/helpers/messages_helper.rb
@@ -19,7 +19,7 @@ module MessagesHelper

  def link_to_message(message)
    return '' unless message
-    link_to h(truncate(message.subject, 60)), :controller => 'messages',
+    link_to h(truncate(message.subject, :length => 60)), :controller => 'messages',
                                           :action => 'show',
                                           :board_id => message.board_id,
                                           :id => message.root,
--- a/app/helpers/projects_helper.rb
+++ b/app/helpers/projects_helper.rb
@@ -18,7 +18,7 @@
 module ProjectsHelper
  def link_to_version(version, options = {})
    return '' unless version && version.is_a?(Version)
-    link_to h(version.name), { :controller => 'versions', :action => 'show', :id => version }, options
+    link_to_if version.visible?, format_version_name(version), { :controller => 'versions', :action => 'show', :id => version }, options
  end
  
  def project_settings_tabs
@@ -29,8 +29,76 @@ module ProjectsHelper
            {:name => 'categories', :action => :manage_categories, :partial => 'projects/settings/issue_categories', :label => :label_issue_category_plural},
            {:name => 'wiki', :action => :manage_wiki, :partial => 'projects/settings/wiki', :label => :label_wiki},
            {:name => 'repository', :action => :manage_repository, :partial => 'projects/settings/repository', :label => :label_repository},
-            {:name => 'boards', :action => :manage_boards, :partial => 'projects/settings/boards', :label => :label_board_plural}
+            {:name => 'boards', :action => :manage_boards, :partial => 'projects/settings/boards', :label => :label_board_plural},
+            {:name => 'activities', :action => :manage_project_activities, :partial => 'projects/settings/activities', :label => :enumeration_activities}
            ]
    tabs.select {|tab| User.current.allowed_to?(tab[:action], @project)}     
  end
+  
+  def parent_project_select_tag(project)
+    selected = project.parent
+    # retrieve the requested parent project
+    parent_id = (params[:project] && params[:project][:parent_id]) || params[:parent_id]
+    if parent_id
+      selected = (parent_id.blank? ? nil : Project.find(parent_id))
+    end
+    
+    options = ''
+    options << "<option value=''></option>" if project.allowed_parents.include?(nil)
+    options << project_tree_options_for_select(project.allowed_parents.compact, :selected => selected)
+    content_tag('select', options, :name => 'project[parent_id]')
+  end
+  
+  # Renders a tree of projects as a nested set of unordered lists
+  # The given collection may be a subset of the whole project tree
+  # (eg. some intermediate nodes are private and can not be seen)
+  def render_project_hierarchy(projects)
+    s = ''
+    if projects.any?
+      ancestors = []
+      projects.each do |project|
+        if (ancestors.empty? || project.is_descendant_of?(ancestors.last))
+          s << "<ul class='projects #{ ancestors.empty? ? 'root' : nil}'>\n"
+        else
+          ancestors.pop
+          s << "</li>"
+          while (ancestors.any? && !project.is_descendant_of?(ancestors.last)) 
+            ancestors.pop
+            s << "</ul></li>\n"
+          end
+        end
+        classes = (ancestors.empty? ? 'root' : 'child')
+        s << "<li class='#{classes}'><div class='#{classes}'>" +
+               link_to(h(project), {:controller => 'projects', :action => 'show', :id => project}, :class => "project #{User.current.member_of?(project) ? 'my-project' : nil}")
+        s << "<div class='wiki description'>#{textilizable(project.short_description, :project => project)}</div>" unless project.description.blank?
+        s << "</div>\n"
+        ancestors << project
+      end
+      s << ("</li></ul>\n" * ancestors.size)
+    end
+    s
+  end
+
+  # Returns a set of options for a select field, grouped by project.
+  def version_options_for_select(versions, selected=nil)
+    grouped = Hash.new {|h,k| h[k] = []}
+    versions.each do |version|
+      grouped[version.project.name] << [version.name, version.id]
+    end
+    # Add in the selected
+    if selected && !versions.include?(selected)
+      grouped[selected.project.name] << [selected.name, selected.id]
+    end
+    
+    if grouped.keys.size > 1
+      grouped_options_for_select(grouped, selected && selected.id)
+    else
+      options_for_select((grouped.values.first || []), selected && selected.id)
+    end
+  end
+
+  def format_version_sharing(sharing)
+    sharing = 'none' unless Version::VERSION_SHARINGS.include?(sharing)
+    l("label_version_sharing_#{sharing}")
+  end
 end
--- a/app/helpers/queries_helper.rb
+++ b/app/helpers/queries_helper.rb
@@ -22,34 +22,43 @@ module QueriesHelper
  end
  
  def column_header(column)
-    column.sortable ? sort_header_tag(column.sortable, :caption => column.caption,
-                                                       :default_order => column.default_order) : 
+    column.sortable ? sort_header_tag(column.name.to_s, :caption => column.caption,
+                                                        :default_order => column.default_order) : 
                      content_tag('th', column.caption)
  end
  
  def column_content(column, issue)
-    if column.is_a?(QueryCustomFieldColumn)
-      cv = issue.custom_values.detect {|v| v.custom_field_id == column.custom_field.id}
-      show_value(cv)
-    else
-      value = issue.send(column.name)
-      if value.is_a?(Date)
-        format_date(value)
-      elsif value.is_a?(Time)
-        format_time(value)
+    value = column.value(issue)
+    
+    case value.class.name
+    when 'String'
+      if column.name == :subject
+        link_to(h(value), :controller => 'issues', :action => 'show', :id => issue)
      else
-        case column.name
-        when :subject
-        h((@project.nil? || @project != issue.project) ? "#{issue.project.name} - " : '') +
-          link_to(h(value), :controller => 'issues', :action => 'show', :id => issue)
-        when :done_ratio
-          progress_bar(value, :width => '80px')
-        when :fixed_version
-          link_to(h(value), { :controller => 'versions', :action => 'show', :id => issue.fixed_version_id })
-        else
-          h(value)
-        end
+        h(value)
      end
+    when 'Time'
+      format_time(value)
+    when 'Date'
+      format_date(value)
+    when 'Fixnum', 'Float'
+      if column.name == :done_ratio
+        progress_bar(value, :width => '80px')
+      else
+        value.to_s
+      end
+    when 'User'
+      link_to_user value
+    when 'Project'
+      link_to(h(value), :controller => 'projects', :action => 'show', :id => value)
+    when 'Version'
+      link_to(h(value), :controller => 'versions', :action => 'show', :id => value)
+    when 'TrueClass'
+      l(:general_text_Yes)
+    when 'FalseClass'
+      l(:general_text_No)
+    else
+      h(value)
    end
  end
 end
--- a/app/helpers/repositories_helper.rb
+++ b/app/helpers/repositories_helper.rb
@@ -52,17 +52,19 @@ module RepositoriesHelper
      else
        change
      end
-    end.compact
+   end.compact
    
    tree = { }
    changes.each do |change|
      p = tree
      dirs = change.path.to_s.split('/').select {|d| !d.blank?}
+      path = ''
      dirs.each do |dir|
+        path += '/' + dir
        p[:s] ||= {}
        p = p[:s]
-        p[dir] ||= {}
-        p = p[dir]
+        p[path] ||= {}
+        p = p[path]
      end
      p[:c] = change
    end
@@ -76,21 +78,26 @@ module RepositoriesHelper
    output = ''
    output << '<ul>'
    tree.keys.sort.each do |file|
-      s = !tree[file][:s].nil?
-      c = tree[file][:c]
-      
      style = 'change'
-      style << ' folder' if s
-      style << " change-#{c.action}" if c
-      
-      text = h(file)
-      unless c.nil?
+      text = File.basename(h(file))
+      if s = tree[file][:s]
+        style << ' folder'
+        path_param = to_path_param(@repository.relative_path(file))
+        text = link_to(text, :controller => 'repositories',
+                             :action => 'show',
+                             :id => @project,
+                             :path => path_param,
+                             :rev => @changeset.revision)
+        output << "<li class='#{style}'>#{text}</li>"
+        output << render_changes_tree(s)
+      elsif c = tree[file][:c]
+        style << " change-#{c.action}"
        path_param = to_path_param(@repository.relative_path(c.path))
        text = link_to(text, :controller => 'repositories',
                             :action => 'entry',
                             :id => @project,
                             :path => path_param,
-                             :rev => @changeset.revision) unless s || c.action == 'D'
+                             :rev => @changeset.revision) unless c.action == 'D'
        text << " - #{c.revision}" unless c.revision.blank?
        text << ' (' + link_to('diff', :controller => 'repositories',
                                       :action => 'diff',
@@ -98,9 +105,8 @@ module RepositoriesHelper
                                       :path => path_param,
                                       :rev => @changeset.revision) + ') ' if c.action == 'M'
        text << ' ' + content_tag('span', c.from_path, :class => 'copied-from') unless c.from_path.blank?
+        output << "<li class='#{style}'>#{text}</li>"
      end
-      output << "<li class='#{style}'>#{text}</li>"
-      output << render_changes_tree(tree[file][:s]) if s
    end
    output << '</ul>'
    output
@@ -121,7 +127,7 @@ module RepositoriesHelper
  
  def repository_field_tags(form, repository)    
    method = repository.class.name.demodulize.underscore + "_field_tags"
-    send(method, form, repository) if repository.is_a?(Repository) && respond_to?(method)
+    send(method, form, repository) if repository.is_a?(Repository) && respond_to?(method) && method != 'repository_field_tags'
  end
  
  def scm_select_tag(repository)
@@ -147,7 +153,7 @@ module RepositoriesHelper

  def subversion_field_tags(form, repository)
      content_tag('p', form.text_field(:url, :size => 60, :required => true, :disabled => (repository && !repository.root_url.blank?)) +
-                       '<br />(http://, https://, svn://, file:///)') +
+                       '<br />(file:///, http://, https://, svn://, svn+[tunnelscheme]://)') +
      content_tag('p', form.text_field(:login, :size => 30)) +
      content_tag('p', form.password_field(:password, :size => 30, :name => 'ignore',
                                           :value => ((repository.new_record? || repository.password.blank?) ? '' : ('x'*15)),
--- a/app/helpers/search_helper.rb
+++ b/app/helpers/search_helper.rb
@@ -27,8 +27,9 @@ module SearchHelper
        result << '...'
        break
      end
+      words = words.mb_chars
      if i.even?
-        result << h(words.length > 100 ? "#{words[0..44]} ... #{words[-45..-1]}" : words)
+        result << h(words.length > 100 ? "#{words.slice(0..44)} ... #{words.slice(-45..-1)}" : words)
      else
        t = (tokens.index(words.downcase) || 0) % 4
        result << content_tag('span', h(words), :class => "highlight token-#{t}")
@@ -44,7 +45,7 @@ module SearchHelper
  def project_select_tag
    options = [[l(:label_project_all), 'all']]
    options << [l(:label_my_projects), 'my_projects'] unless User.current.memberships.empty?
-    options << [l(:label_and_its_subprojects, @project.name), 'subprojects'] unless @project.nil? || @project.active_children.empty?
+    options << [l(:label_and_its_subprojects, @project.name), 'subprojects'] unless @project.nil? || @project.descendants.active.empty?
    options << [@project.name, ''] unless @project.nil?
    select_tag('scope', options_for_select(options, params[:scope].to_s)) if options.size > 1
  end
--- a/app/helpers/settings_helper.rb
+++ b/app/helpers/settings_helper.rb
@@ -1,5 +1,5 @@
-# redMine - project management software
-# Copyright (C) 2006-2007  Jean-Philippe Lang
+# Redmine - project management software
+# Copyright (C) 2006-2009  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -18,12 +18,57 @@
 module SettingsHelper
  def administration_settings_tabs
    tabs = [{:name => 'general', :partial => 'settings/general', :label => :label_general},
+            {:name => 'display', :partial => 'settings/display', :label => :label_display},
            {:name => 'authentication', :partial => 'settings/authentication', :label => :label_authentication},
            {:name => 'projects', :partial => 'settings/projects', :label => :label_project_plural},
            {:name => 'issues', :partial => 'settings/issues', :label => :label_issue_tracking},
-            {:name => 'notifications', :partial => 'settings/notifications', :label => l(:field_mail_notification)},
-            {:name => 'mail_handler', :partial => 'settings/mail_handler', :label => l(:label_incoming_emails)},
+            {:name => 'notifications', :partial => 'settings/notifications', :label => :field_mail_notification},
+            {:name => 'mail_handler', :partial => 'settings/mail_handler', :label => :label_incoming_emails},
            {:name => 'repositories', :partial => 'settings/repositories', :label => :label_repository_plural}
            ]
  end
+  
+  def setting_select(setting, choices, options={})
+    if blank_text = options.delete(:blank)
+      choices = [[blank_text.is_a?(Symbol) ? l(blank_text) : blank_text, '']] + choices
+    end
+    setting_label(setting, options) +
+      select_tag("settings[#{setting}]", options_for_select(choices, Setting.send(setting).to_s), options)
+  end
+  
+  def setting_multiselect(setting, choices, options={})
+    setting_values = Setting.send(setting)
+    setting_values = [] unless setting_values.is_a?(Array)
+      
+    setting_label(setting, options) +
+      hidden_field_tag("settings[#{setting}][]", '') +
+      choices.collect do |choice|
+        text, value = (choice.is_a?(Array) ? choice : [choice, choice]) 
+        content_tag('label',
+          check_box_tag("settings[#{setting}][]", value, Setting.send(setting).include?(value)) + text.to_s,
+          :class => 'block'
+        )
+      end.join
+  end
+  
+  def setting_text_field(setting, options={})
+    setting_label(setting, options) +
+      text_field_tag("settings[#{setting}]", Setting.send(setting), options)
+  end
+  
+  def setting_text_area(setting, options={})
+    setting_label(setting, options) +
+      text_area_tag("settings[#{setting}]", Setting.send(setting), options)
+  end
+  
+  def setting_check_box(setting, options={})
+    setting_label(setting, options) +
+      hidden_field_tag("settings[#{setting}]", 0) +
+      check_box_tag("settings[#{setting}]", 1, Setting.send("#{setting}?"), options)
+  end
+  
+  def setting_label(setting, options={})
+    label = options.delete(:label)
+    label != false ? content_tag("label", l(label || "setting_#{setting}")) : ''
+  end
 end
--- a/app/helpers/sort_helper.rb
+++ b/app/helpers/sort_helper.rb
@@ -1,11 +1,12 @@
 # Helpers to sort tables using clickable column headers.
 #
 # Author:  Stuart Rackham <srackham@methods.co.nz>, March 2005.
+#          Jean-Philippe Lang, 2009
 # License: This source code is released under the MIT license.
 #
 # - Consecutive clicks toggle the column's sort order.
 # - Sort state is maintained by a session hash entry.
-# - Icon image identifies sort column and state.
+# - CSS classes identify sort column and state.
 # - Typically used in conjunction with the Pagination module.
 #
 # Example code snippets:
@@ -17,7 +18,7 @@
 # 
 #   def list
 #     sort_init 'last_name'
-#     sort_update
+#     sort_update %w(first_name last_name)
 #     @items = Contact.find_all nil, sort_clause
 #   end
 # 
@@ -28,7 +29,7 @@
 # 
 #   def list
 #     sort_init 'last_name'
-#     sort_update
+#     sort_update %w(first_name last_name)
 #     @contact_pages, @items = paginate :contacts,
 #       :order_by => sort_clause,
 #       :per_page => 10
@@ -45,77 +46,161 @@
 #     </tr>
 #   </thead>
 #
-# - The ascending and descending sort icon images are sort_asc.png and
-#   sort_desc.png and reside in the application's images directory.
-# - Introduces instance variables: @sort_name, @sort_default.
-# - Introduces params :sort_key and :sort_order.
+# - Introduces instance variables: @sort_default, @sort_criteria
+# - Introduces param :sort
 #
-module SortHelper

-  # Initializes the default sort column (default_key) and sort order
-  # (default_order).
+module SortHelper
+  class SortCriteria
+    
+    def initialize
+      @criteria = []
+    end
+    
+    def available_criteria=(criteria)
+      unless criteria.is_a?(Hash)
+        criteria = criteria.inject({}) {|h,k| h[k] = k; h}
+      end
+      @available_criteria = criteria
+    end
+    
+    def from_param(param)
+      @criteria = param.to_s.split(',').collect {|s| s.split(':')[0..1]}
+      normalize!
+    end
+    
+    def criteria=(arg)
+      @criteria = arg
+      normalize!
+    end
+    
+    def to_param
+      @criteria.collect {|k,o| k + (o ? '' : ':desc')}.join(',')
+    end
+    
+    def to_sql
+      sql = @criteria.collect do |k,o|
+        if s = @available_criteria[k]
+          (o ? s.to_a : s.to_a.collect {|c| "#{c} DESC"}).join(', ')
+        end
+      end.compact.join(', ')
+      sql.blank? ? nil : sql
+    end
+    
+    def add!(key, asc)
+      @criteria.delete_if {|k,o| k == key}
+      @criteria = [[key, asc]] + @criteria
+      normalize!
+    end
+    
+    def add(*args)
+      r = self.class.new.from_param(to_param)
+      r.add!(*args)
+      r
+    end
+    
+    def first_key
+      @criteria.first && @criteria.first.first
+    end
+    
+    def first_asc?
+      @criteria.first && @criteria.first.last
+    end
+    
+    def empty?
+      @criteria.empty?
+    end
+    
+    private
+    
+    def normalize!
+      @criteria ||= []
+      @criteria = @criteria.collect {|s| s = s.to_a; [s.first, (s.last == false || s.last == 'desc') ? false : true]}
+      @criteria = @criteria.select {|k,o| @available_criteria.has_key?(k)} if @available_criteria
+      @criteria.slice!(3)
+      self
+    end
+  end
+  
+  def sort_name
+    controller_name + '_' + action_name + '_sort'
+  end
+
+  # Initializes the default sort.
+  # Examples:
+  #   
+  #   sort_init 'name'
+  #   sort_init 'id', 'desc'
+  #   sort_init ['name', ['id', 'desc']]
+  #   sort_init [['name', 'desc'], ['id', 'desc']]
  #
-  # - default_key is a column attribute name.
-  # - default_order is 'asc' or 'desc'.
-  # - name is the name of the session hash entry that stores the sort state,
-  #   defaults to '<controller_name>_sort'.
-  #
-  def sort_init(default_key, default_order='asc', name=nil)
-    @sort_name = name || params[:controller] + params[:action] + '_sort'
-    @sort_default = {:key => default_key, :order => default_order}
+  def sort_init(*args)
+    case args.size
+    when 1
+      @sort_default = args.first.is_a?(Array) ? args.first : [[args.first]]
+    when 2
+      @sort_default = [[args.first, args.last]]
+    else
+      raise ArgumentError
+    end
  end

  # Updates the sort state. Call this in the controller prior to calling
  # sort_clause.
+  # - criteria can be either an array or a hash of allowed keys
  #
-  def sort_update()
-    if params[:sort_key]
-      sort = {:key => params[:sort_key], :order => params[:sort_order]}
-    elsif session[@sort_name]
-      sort = session[@sort_name]   # Previous sort.
-    else
-      sort = @sort_default
-    end
-    session[@sort_name] = sort
+  def sort_update(criteria)
+    @sort_criteria = SortCriteria.new
+    @sort_criteria.available_criteria = criteria
+    @sort_criteria.from_param(params[:sort] || session[sort_name])
+    @sort_criteria.criteria = @sort_default if @sort_criteria.empty?
+    session[sort_name] = @sort_criteria.to_param
+  end
+  
+  # Clears the sort criteria session data
+  #
+  def sort_clear
+    session[sort_name] = nil
  end

  # Returns an SQL sort clause corresponding to the current sort state.
  # Use this to sort the controller's table items collection.
  #
  def sort_clause()
-    session[@sort_name][:key] + ' ' + (session[@sort_name][:order] || 'ASC')
+    @sort_criteria.to_sql
  end

  # Returns a link which sorts by the named column.
  #
  # - column is the name of an attribute in the sorted record collection.
-  # - The optional caption explicitly specifies the displayed link text.
-  # - A sort icon image is positioned to the right of the sort link.
+  # - the optional caption explicitly specifies the displayed link text.
+  # - 2 CSS classes reflect the state of the link: sort and asc or desc
  #
  def sort_link(column, caption, default_order)
-    key, order = session[@sort_name][:key], session[@sort_name][:order]
-    if key == column
-      if order.downcase == 'asc'
-        icon = 'sort_asc.png'
+    css, order = nil, default_order
+    
+    if column.to_s == @sort_criteria.first_key
+      if @sort_criteria.first_asc?
+        css = 'sort asc'
        order = 'desc'
      else
-        icon = 'sort_desc.png'
+        css = 'sort desc'
        order = 'asc'
      end
-    else
-      icon = nil
-      order = default_order
    end
-    caption = titleize(Inflector::humanize(column)) unless caption
+    caption = column.to_s.humanize unless caption
    
-    sort_options = { :sort_key => column, :sort_order => order }
+    sort_options = { :sort => @sort_criteria.add(column.to_s, order).to_param }
    # don't reuse params if filters are present
    url_options = params.has_key?(:set_filter) ? sort_options : params.merge(sort_options)
    
+     # Add project_id to url_options
+    url_options = url_options.merge(:project_id => params[:project_id]) if params.has_key?(:project_id)
+
    link_to_remote(caption,
-                  {:update => "content", :url => url_options},
-                  {:href => url_for(url_options)}) +
-    (icon ? nbsp(2) + image_tag(icon) : '')
+                  {:update => "content", :url => url_options, :method => :get},
+                  {:href => url_for(url_options),
+                   :class => css})
  end

  # Returns a table header <th> tag with a sort link for the named column
@@ -131,30 +216,11 @@ module SortHelper
  #
  #   <%= sort_header_tag('id', :title => 'Sort by contact ID', :width => 40) %>
  #
-  # Renders:
-  #
-  #   <th title="Sort by contact ID" width="40">
-  #     <a href="/contact/list?sort_order=desc&amp;sort_key=id">Id</a>
-  #     &nbsp;&nbsp;<img alt="Sort_asc" src="/images/sort_asc.png" />
-  #   </th>
-  #
  def sort_header_tag(column, options = {})
-    caption = options.delete(:caption) || titleize(Inflector::humanize(column))
+    caption = options.delete(:caption) || column.to_s.humanize
    default_order = options.delete(:default_order) || 'asc'
-    options[:title]= l(:label_sort_by, "\"#{caption}\"") unless options[:title]
+    options[:title] = l(:label_sort_by, "\"#{caption}\"") unless options[:title]
    content_tag('th', sort_link(column, caption, default_order), options)
  end
-
-  private
-
-    # Return n non-breaking spaces.
-    def nbsp(n)
-      '&nbsp;' * n
-    end
-
-    # Return capitalized title.
-    def titleize(title)
-      title.split.map {|w| w.capitalize }.join(' ')
-    end
-
 end
+
--- a/app/helpers/timelog_helper.rb
+++ b/app/helpers/timelog_helper.rb
@@ -16,24 +16,49 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 module TimelogHelper
+  include ApplicationHelper
+  
  def render_timelog_breadcrumb
    links = []
    links << link_to(l(:label_project_all), {:project_id => nil, :issue_id => nil})
    links << link_to(h(@project), {:project_id => @project, :issue_id => nil}) if @project
-    links << link_to_issue(@issue) if @issue
+    if @issue
+      if @issue.visible?
+        links << link_to_issue(@issue, :subject => false)
+      else
+        links << "##{@issue.id}"
+      end
+    end
    breadcrumb links
  end
-  
-  def activity_collection_for_select_options
-    activities = Enumeration::get_values('ACTI')
+
+  # Returns a collection of activities for a select field.  time_entry
+  # is optional and will be used to check if the selected TimeEntryActivity
+  # is active.
+  def activity_collection_for_select_options(time_entry=nil, project=nil)
+    project ||= @project
+    if project.nil?
+      activities = TimeEntryActivity.shared.active
+    else
+      activities = project.activities
+    end
+
    collection = []
-    collection << [ "--- #{l(:actionview_instancetag_blank_option)} ---", '' ] unless activities.detect(&:is_default)
+    if time_entry && time_entry.activity && !time_entry.activity.active?
+      collection << [ "--- #{l(:actionview_instancetag_blank_option)} ---", '' ]
+    else
+      collection << [ "--- #{l(:actionview_instancetag_blank_option)} ---", '' ] unless activities.detect(&:is_default)
+    end
    activities.each { |a| collection << [a.name, a.id] }
    collection
  end
  
  def select_hours(data, criteria, value)
-    data.select {|row| row[criteria] == value}
+  	if value.to_s.empty?
+  		data.select {|row| row[criteria].blank? }
+    else 
+    	data.select {|row| row[criteria] == value}
+    end
  end
  
  def sum_hours(data)
@@ -62,8 +87,7 @@ module TimelogHelper
    ic = Iconv.new(l(:general_csv_encoding), 'UTF-8')    
    decimal_separator = l(:general_csv_decimal_separator)
    custom_fields = TimeEntryCustomField.find(:all)
-    export = StringIO.new
-    CSV::Writer.generate(export, l(:general_csv_separator)) do |csv|
+    export = FCSV.generate(:col_sep => l(:general_csv_separator)) do |csv|
      # csv header fields
      headers = [l(:field_spent_on),
                 l(:field_user),
@@ -81,7 +105,7 @@ module TimelogHelper
      csv << headers.collect {|c| begin; ic.iconv(c.to_s); rescue; c.to_s; end }
      # csv lines
      entries.each do |entry|
-        fields = [l_date(entry.spent_on),
+        fields = [format_date(entry.spent_on),
                  entry.user,
                  entry.activity,
                  entry.project,
@@ -96,17 +120,26 @@ module TimelogHelper
        csv << fields.collect {|c| begin; ic.iconv(c.to_s); rescue; c.to_s; end }
      end
    end
-    export.rewind
    export
  end
  
  def format_criteria_value(criteria, value)
-    value.blank? ? l(:label_none) : ((k = @available_criterias[criteria][:klass]) ? k.find_by_id(value.to_i) : format_value(value, @available_criterias[criteria][:format]))
+    if value.blank?
+      l(:label_none)
+    elsif k = @available_criterias[criteria][:klass]
+      obj = k.find_by_id(value.to_i)
+      if obj.is_a?(Issue)
+        obj.visible? ? "#{obj.tracker} ##{obj.id}: #{obj.subject}" : "##{obj.id}"
+      else
+        obj
+      end
+    else
+      format_value(value, @available_criterias[criteria][:format])
+    end
  end
  
  def report_to_csv(criterias, periods, hours)
-    export = StringIO.new
-    CSV::Writer.generate(export, l(:general_csv_separator)) do |csv|
+    export = FCSV.generate(:col_sep => l(:general_csv_separator)) do |csv|
      # Column headers
      headers = criterias.collect {|criteria| l(@available_criterias[criteria][:label]) }
      headers += periods
@@ -125,7 +158,6 @@ module TimelogHelper
      row << "%.2f" %total
      csv << row
    end
-    export.rewind
    export
  end
  
--- a/app/helpers/users_helper.rb
+++ b/app/helpers/users_helper.rb
@@ -25,21 +25,16 @@ module UsersHelper
  end
  
  # Options for the new membership projects combo-box
-  def projects_options_for_select(projects)
+  def options_for_membership_project_select(user, projects)
    options = content_tag('option', "--- #{l(:actionview_instancetag_blank_option)} ---")
-    projects_by_root = projects.group_by(&:root)
-    projects_by_root.keys.sort.each do |root|
-      options << content_tag('option', h(root.name), :value => root.id, :disabled => (!projects.include?(root)))
-      projects_by_root[root].sort.each do |project|
-        next if project == root
-        options << content_tag('option', '&#187; ' + h(project.name), :value => project.id)
-      end
+    options << project_tree_options_for_select(projects) do |p|
+      {:disabled => (user.projects.include?(p))}
    end
    options
  end
  
  def change_status_link(user)
-    url = {:action => 'edit', :id => user, :page => params[:page], :status => params[:status]}
+    url = {:controller => 'users', :action => 'edit', :id => user, :page => params[:page], :status => params[:status], :tab => nil}
    
    if user.locked?
      link_to l(:button_unlock), url.merge(:user => {:status => User::STATUS_ACTIVE}), :method => :post, :class => 'icon icon-unlock'
@@ -54,5 +49,9 @@ module UsersHelper
    tabs = [{:name => 'general', :partial => 'users/general', :label => :label_general},
            {:name => 'memberships', :partial => 'users/memberships', :label => :label_project_plural}
            ]
+    if Group.all.any?
+      tabs.insert 1, {:name => 'groups', :partial => 'users/groups', :label => :label_group_plural}
+    end
+    tabs
  end
 end
--- a/app/helpers/watchers_helper.rb
+++ b/app/helpers/watchers_helper.rb
@@ -16,17 +16,28 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 module WatchersHelper
-  def watcher_tag(object, user)
-    content_tag("span", watcher_link(object, user), :id => 'watcher')
+
+  # Valid options
+  # * :id - the element id
+  # * :replace - a string or array of element ids that will be
+  #   replaced
+  def watcher_tag(object, user, options={:replace => 'watcher'})
+    id = options[:id]
+    id ||= options[:replace] if options[:replace].is_a? String
+    content_tag("span", watcher_link(object, user, options), :id => id)
  end
  
-  def watcher_link(object, user)
+  # Valid options
+  # * :replace - a string or array of element ids that will be
+  #   replaced
+  def watcher_link(object, user, options={:replace => 'watcher'})
    return '' unless user && user.logged? && object.respond_to?('watched_by?')
    watched = object.watched_by?(user)
    url = {:controller => 'watchers',
           :action => (watched ? 'unwatch' : 'watch'),
           :object_type => object.class.to_s.underscore,
-           :object_id => object.id}           
+           :object_id => object.id,
+           :replace => options[:replace]}
    link_to_remote((watched ? l(:button_unwatch) : l(:button_watch)),
                   {:url => url},
                   :href => url_for(url),
@@ -36,6 +47,21 @@ module WatchersHelper
  
  # Returns a comma separated list of users watching the given object
  def watchers_list(object)
-    object.watcher_users.collect {|u| content_tag('span', link_to_user(u), :class => 'user') }.join(",\n")
+    remove_allowed = User.current.allowed_to?("delete_#{object.class.name.underscore}_watchers".to_sym, object.project)
+    object.watcher_users.collect do |user|
+      s = content_tag('span', link_to_user(user), :class => 'user')
+      if remove_allowed
+        url = {:controller => 'watchers',
+               :action => 'destroy',
+               :object_type => object.class.to_s.underscore,
+               :object_id => object.id,
+               :user_id => user}
+        s += ' ' + link_to_remote(image_tag('delete.png'),
+                                  {:url => url},
+                                  :href => url_for(url),
+                                  :style => "vertical-align: middle")
+      end
+      s
+    end.join(",\n")
  end
 end
--- a/app/helpers/wiki_helper.rb
+++ b/app/helpers/wiki_helper.rb
@@ -17,6 +17,19 @@

 module WikiHelper
  
+  def wiki_page_options_for_select(pages, selected = nil, parent = nil, level = 0)
+    s = ''
+    pages.select {|p| p.parent == parent}.each do |page|
+      attrs = "value='#{page.id}'"
+      attrs << " selected='selected'" if selected == page
+      indent = (level > 0) ? ('&nbsp;' * level * 2 + '&#187; ') : nil
+      
+      s << "<option value='#{page.id}'>#{indent}#{h page.pretty_title}</option>\n" + 
+             wiki_page_options_for_select(pages, selected, page, level + 1)
+    end
+    s
+  end
+  
  def html_diff(wdiff)
    words = wdiff.words.collect{|word| h(word)}
    words_add = 0
@@ -36,7 +49,7 @@ module WikiHelper
          words_add += 1
        else
          del_at = pos unless del_at
-          deleted << ' ' + change[2]
+          deleted << ' ' + h(change[2])
          words_del	 += 1
        end
      end
--- a/app/models/attachment.rb
+++ b/app/models/attachment.rb
@@ -33,7 +33,7 @@ class Attachment < ActiveRecord::Base
                            :author_key => :author_id,
                            :find_options => {:select => "#{Attachment.table_name}.*", 
                                              :joins => "LEFT JOIN #{Version.table_name} ON #{Attachment.table_name}.container_type='Version' AND #{Version.table_name}.id = #{Attachment.table_name}.container_id " +
-                                                        "LEFT JOIN #{Project.table_name} ON #{Version.table_name}.project_id = #{Project.table_name}.id"}
+                                                        "LEFT JOIN #{Project.table_name} ON #{Version.table_name}.project_id = #{Project.table_name}.id OR ( #{Attachment.table_name}.container_type='Project' AND #{Attachment.table_name}.container_id = #{Project.table_name}.id )"}
  
  acts_as_activity_provider :type => 'documents',
                            :permission => :view_documents,
@@ -46,7 +46,9 @@ class Attachment < ActiveRecord::Base
  @@storage_path = "#{RAILS_ROOT}/files"
  
  def validate
-    errors.add_to_base :too_long if self.filesize > Setting.attachment_max_size.to_i.kilobytes
+    if self.filesize > Setting.attachment_max_size.to_i.kilobytes
+      errors.add(:base, :too_long, :count => Setting.attachment_max_size.to_i.kilobytes)
+    end
  end

  def file=(incoming_file)
@@ -56,6 +58,9 @@ class Attachment < ActiveRecord::Base
        self.filename = sanitize_filename(@temp_file.original_filename)
        self.disk_filename = Attachment.disk_filename(filename)
        self.content_type = @temp_file.content_type.to_s.chomp
+        if content_type.blank?
+          self.content_type = Redmine::MimeType.of(filename)
+        end
        self.filesize = @temp_file.size
      end
    end
@@ -65,14 +70,20 @@ class Attachment < ActiveRecord::Base
    nil
  end

-  # Copy temp file to its final location
+  # Copies the temporary file to its final location
+  # and computes its MD5 hash
  def before_save
    if @temp_file && (@temp_file.size > 0)
      logger.debug("saving '#{self.diskfile}'")
+      md5 = Digest::MD5.new
      File.open(diskfile, "wb") do |f| 
-        f.write(@temp_file.read)
+        buffer = ""
+        while (buffer = @temp_file.read(8192))
+          f.write(buffer)
+          md5.update(buffer)
+        end
      end
-      self.digest = self.class.digest(diskfile)
+      self.digest = md5.hexdigest
    end
    # Don't save the content type if it's longer than the authorized length
    if self.content_type && self.content_type.length > 255
@@ -98,6 +109,14 @@ class Attachment < ActiveRecord::Base
    container.project
  end
  
+  def visible?(user=User.current)
+    container.attachments_visible?(user)
+  end
+  
+  def deletable?(user=User.current)
+    container.attachments_deletable?(user)
+  end
+  
  def image?
    self.filename =~ /\.(jpe?g|gif|png)$/i
  end
@@ -110,6 +129,11 @@ class Attachment < ActiveRecord::Base
    self.filename =~ /\.(patch|diff)$/i
  end
  
+  # Returns true if the file is readable
+  def readable?
+    File.readable?(diskfile)
+  end
+  
 private
  def sanitize_filename(value)
    # get only the filename, not the whole path
@@ -133,11 +157,4 @@ private
    end
    df
  end
-  
-  # Returns the MD5 digest of the file at given path
-  def self.digest(filename)
-    File.open(filename, 'rb') do |f|
-      Digest::MD5.hexdigest(f.read)
-    end
-  end
 end
--- a/app/models/board.rb
+++ b/app/models/board.rb
@@ -26,4 +26,25 @@ class Board < ActiveRecord::Base
  validates_presence_of :name, :description
  validates_length_of :name, :maximum => 30
  validates_length_of :description, :maximum => 255
+  
+  def visible?(user=User.current)
+    !user.nil? && user.allowed_to?(:view_messages, project)
+  end
+  
+  def to_s
+    name
+  end
+  
+  def reset_counters!
+    self.class.reset_counters!(id)
+  end
+  
+  # Updates topics_count, messages_count and last_message_id attributes for +board_id+
+  def self.reset_counters!(board_id)
+    board_id = board_id.to_i
+    update_all("topics_count = (SELECT COUNT(*) FROM #{Message.table_name} WHERE board_id=#{board_id} AND parent_id IS NULL)," +
+               " messages_count = (SELECT COUNT(*) FROM #{Message.table_name} WHERE board_id=#{board_id})," +
+               " last_message_id = (SELECT MAX(id) FROM #{Message.table_name} WHERE board_id=#{board_id})",
+               ["id = ?", board_id])
+  end
 end
--- a/app/models/changeset.rb
+++ b/app/models/changeset.rb
@@ -1,5 +1,5 @@
 # Redmine - project management software
-# Copyright (C) 2006-2008  Jean-Philippe Lang
+# Copyright (C) 2006-2010  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -23,10 +23,10 @@ class Changeset < ActiveRecord::Base
  has_many :changes, :dependent => :delete_all
  has_and_belongs_to_many :issues

-  acts_as_event :title => Proc.new {|o| "#{l(:label_revision)} #{o.revision}" + (o.comments.blank? ? '' : (': ' + o.comments))},
-                :description => :comments,
+  acts_as_event :title => Proc.new {|o| "#{l(:label_revision)} #{o.revision}" + (o.short_comments.blank? ? '' : (': ' + o.short_comments))},
+                :description => :long_comments,
                :datetime => :committed_on,
-                :url => Proc.new {|o| {:controller => 'repositories', :action => 'revision', :id => o.repository.project_id, :rev => o.revision}}
+                :url => Proc.new {|o| {:controller => 'repositories', :action => 'revision', :id => o.repository.project, :rev => o.revision}}
                
  acts_as_searchable :columns => 'comments',
                     :include => {:repository => :project},
@@ -35,12 +35,15 @@ class Changeset < ActiveRecord::Base
                     
  acts_as_activity_provider :timestamp => "#{table_name}.committed_on",
                            :author_key => :user_id,
-                            :find_options => {:include => {:repository => :project}}
+                            :find_options => {:include => [:user, {:repository => :project}]}
  
  validates_presence_of :repository_id, :revision, :committed_on, :commit_date
  validates_uniqueness_of :revision, :scope => :repository_id
  validates_uniqueness_of :scmid, :scope => :repository_id, :allow_nil => true
  
+  named_scope :visible, lambda {|*args| { :include => {:repository => :project},
+                                          :conditions => Project.allowed_to_condition(args.first || User.current, :view_changesets) } }
+                                          
  def revision=(r)
    write_attribute :revision, (r.nil? ? nil : r.to_s)
  end
@@ -54,6 +57,10 @@ class Changeset < ActiveRecord::Base
    super
  end
  
+  def committer=(arg)
+    write_attribute(:committer, self.class.to_utf8(arg.to_s))
+  end
+
  def project
    repository.project
  end
@@ -77,9 +84,6 @@ class Changeset < ActiveRecord::Base
    ref_keywords = Setting.commit_ref_keywords.downcase.split(",").collect(&:strip)
    # keywords used to fix issues
    fix_keywords = Setting.commit_fix_keywords.downcase.split(",").collect(&:strip)
-    # status and optional done ratio applied
-    fix_status = IssueStatus.find_by_id(Setting.commit_fix_status_id)
-    done_ratio = Setting.commit_fix_done_ratio.blank? ? nil : Setting.commit_fix_done_ratio.to_i
    
    kw_regexp = (ref_keywords + fix_keywords).collect{|kw| Regexp.escape(kw)}.join("|")
    return if kw_regexp.blank?
@@ -89,15 +93,15 @@ class Changeset < ActiveRecord::Base
    if ref_keywords.delete('*')
      # find any issue ID in the comments
      target_issue_ids = []
-      comments.scan(%r{([\s\(,-]|^)#(\d+)(?=[[:punct:]]|\s|<|$)}).each { |m| target_issue_ids << m[1] }
-      referenced_issues += repository.project.issues.find_all_by_id(target_issue_ids)
+      comments.scan(%r{([\s\(\[,-]|^)#(\d+)(?=[[:punct:]]|\s|<|$)}).each { |m| target_issue_ids << m[1] }
+      referenced_issues += find_referenced_issues_by_id(target_issue_ids)
    end
    
    comments.scan(Regexp.new("(#{kw_regexp})[\s:]+(([\s,;&]*#?\\d+)+)", Regexp::IGNORECASE)).each do |match|
      action = match[0]
      target_issue_ids = match[1].scan(/\d+/)
-      target_issues = repository.project.issues.find_all_by_id(target_issue_ids)
-      if fix_status && fix_keywords.include?(action.downcase)
+      target_issues = find_referenced_issues_by_id(target_issue_ids)
+      if fix_keywords.include?(action.downcase) && fix_status = IssueStatus.find_by_id(Setting.commit_fix_status_id)
        # update status of issues
        logger.debug "Issues fixed by changeset #{self.revision}: #{issue_ids.join(', ')}." if logger && logger.debug?
        target_issues.each do |issue|
@@ -109,17 +113,29 @@ class Changeset < ActiveRecord::Base
          if self.scmid && (! (csettext =~ /^r[0-9]+$/))
            csettext = "commit:\"#{self.scmid}\""
          end
-          journal = issue.init_journal(user || User.anonymous, l(:text_status_changed_by_changeset, csettext))
+          journal = issue.init_journal(user || User.anonymous, ll(Setting.default_language, :text_status_changed_by_changeset, csettext))
          issue.status = fix_status
-          issue.done_ratio = done_ratio if done_ratio
+          unless Setting.commit_fix_done_ratio.blank?
+            issue.done_ratio = Setting.commit_fix_done_ratio.to_i
+          end
+          Redmine::Hook.call_hook(:model_changeset_scan_commit_for_issue_ids_pre_issue_update,
+                                  { :changeset => self, :issue => issue })
          issue.save
-          Mailer.deliver_issue_edit(journal) if Setting.notified_events.include?('issue_updated')
        end
      end
      referenced_issues += target_issues
    end
    
-    self.issues = referenced_issues.uniq
+    referenced_issues.uniq!
+    self.issues = referenced_issues unless referenced_issues.empty?
+  end
+  
+  def short_comments
+    @short_comments || split_comments.first
+  end
+  
+  def long_comments
+    @long_comments || split_comments.last
  end
  
  # Returns the previous changeset
@@ -139,17 +155,38 @@ class Changeset < ActiveRecord::Base
  
  private

+  # Finds issues that can be referenced by the commit message
+  # i.e. issues that belong to the repository project, a subproject or a parent project
+  def find_referenced_issues_by_id(ids)
+    return [] if ids.compact.empty?
+    Issue.find_all_by_id(ids, :include => :project).select {|issue|
+      project == issue.project || project.is_ancestor_of?(issue.project) || project.is_descendant_of?(issue.project)
+    }
+  end
+  
+  def split_comments
+    comments =~ /\A(.+?)\r?\n(.*)$/m
+    @short_comments = $1 || comments
+    @long_comments = $2.to_s.strip
+    return @short_comments, @long_comments
+  end

  def self.to_utf8(str)
    return str if /\A[\r\n\t\x20-\x7e]*\Z/n.match(str) # for us-ascii
    encoding = Setting.commit_logs_encoding.to_s.strip
    unless encoding.blank? || encoding == 'UTF-8'
      begin
-        return Iconv.conv('UTF-8', encoding, str)
+        str = Iconv.conv('UTF-8', encoding, str)
      rescue Iconv::Failure
        # do nothing here
      end
    end
-    str
+    # removes invalid UTF8 sequences
+    begin
+      Iconv.conv('UTF-8//IGNORE', 'UTF-8', str + '  ')[0..-3]
+    rescue Iconv::InvalidEncoding
+      # "UTF-8//IGNORE" is not supported on some OS
+      str
+    end
  end
 end
--- a/app/models/custom_field.rb
+++ b/app/models/custom_field.rb
@@ -41,8 +41,6 @@ class CustomField < ActiveRecord::Base
  end
  
  def before_validation
-    # remove empty values
-    self.possible_values = self.possible_values.collect{|v| v unless v.empty?}.compact
    # make sure these fields are not searchable
    self.searchable = false if %w(int float date bool).include?(field_format)
    true
@@ -50,20 +48,77 @@ class CustomField < ActiveRecord::Base
  
  def validate
    if self.field_format == "list"
-      errors.add(:possible_values, :activerecord_error_blank) if self.possible_values.nil? || self.possible_values.empty?
-      errors.add(:possible_values, :activerecord_error_invalid) unless self.possible_values.is_a? Array
+      errors.add(:possible_values, :blank) if self.possible_values.nil? || self.possible_values.empty?
+      errors.add(:possible_values, :invalid) unless self.possible_values.is_a? Array
    end
    
    # validate default value
    v = CustomValue.new(:custom_field => self.clone, :value => default_value, :customized => nil)
    v.custom_field.is_required = false
-    errors.add(:default_value, :activerecord_error_invalid) unless v.valid?
+    errors.add(:default_value, :invalid) unless v.valid?
+  end
+  
+  # Makes possible_values accept a multiline string
+  def possible_values=(arg)
+    if arg.is_a?(Array)
+      write_attribute(:possible_values, arg.compact.collect(&:strip).select {|v| !v.blank?})
+    else
+      self.possible_values = arg.to_s.split(/[\n\r]+/)
+    end
+  end
+  
+  def cast_value(value)
+    casted = nil
+    unless value.blank?
+      case field_format
+      when 'string', 'text', 'list'
+        casted = value
+      when 'date'
+        casted = begin; value.to_date; rescue; nil end
+      when 'bool'
+        casted = (value == '1' ? true : false)
+      when 'int'
+        casted = value.to_i
+      when 'float'
+        casted = value.to_f
+      end
+    end
+    casted
+  end
+  
+  # Returns a ORDER BY clause that can used to sort customized
+  # objects by their value of the custom field.
+  # Returns false, if the custom field can not be used for sorting.
+  def order_statement
+    case field_format
+      when 'string', 'text', 'list', 'date', 'bool'
+        # COALESCE is here to make sure that blank and NULL values are sorted equally
+        "COALESCE((SELECT cv_sort.value FROM #{CustomValue.table_name} cv_sort" + 
+          " WHERE cv_sort.customized_type='#{self.class.customized_class.name}'" +
+          " AND cv_sort.customized_id=#{self.class.customized_class.table_name}.id" +
+          " AND cv_sort.custom_field_id=#{id} LIMIT 1), '')"
+      when 'int', 'float'
+        # Make the database cast values into numeric
+        # Postgresql will raise an error if a value can not be casted!
+        # CustomValue validations should ensure that it doesn't occur
+        "(SELECT CAST(cv_sort.value AS decimal(60,3)) FROM #{CustomValue.table_name} cv_sort" + 
+          " WHERE cv_sort.customized_type='#{self.class.customized_class.name}'" +
+          " AND cv_sort.customized_id=#{self.class.customized_class.table_name}.id" +
+          " AND cv_sort.custom_field_id=#{id} AND cv_sort.value <> '' AND cv_sort.value IS NOT NULL LIMIT 1)"
+      else
+        nil
+    end
  end

  def <=>(field)
    position <=> field.position
  end
  
+  def self.customized_class
+    self.name =~ /^(.+)CustomField$/
+    begin; $1.constantize; rescue nil; end
+  end
+  
  # to move in project_custom_field
  def self.for_all
    find(:all, :conditions => ["is_for_all=?", true], :order => 'position')
--- a/app/models/custom_value.rb
+++ b/app/models/custom_value.rb
@@ -20,7 +20,7 @@ class CustomValue < ActiveRecord::Base
  belongs_to :customized, :polymorphic => true

  def after_initialize
-    if custom_field && new_record? && (customized_type.blank? || (customized && customized.new_record?))
+    if new_record? && custom_field && (customized_type.blank? || (customized && customized.new_record?))
      self.value ||= custom_field.default_value
    end
  end
@@ -30,25 +30,37 @@ class CustomValue < ActiveRecord::Base
    self.value == '1'
  end
  
+  def editable?
+    custom_field.editable?
+  end
+  
+  def required?
+    custom_field.is_required?
+  end
+  
+  def to_s
+    value.to_s
+  end
+  
 protected
  def validate
    if value.blank?
-      errors.add(:value, :activerecord_error_blank) if custom_field.is_required? and value.blank?    
+      errors.add(:value, :blank) if custom_field.is_required? and value.blank?    
    else
-      errors.add(:value, :activerecord_error_invalid) unless custom_field.regexp.blank? or value =~ Regexp.new(custom_field.regexp)
-      errors.add(:value, :activerecord_error_too_short) if custom_field.min_length > 0 and value.length < custom_field.min_length
-      errors.add(:value, :activerecord_error_too_long) if custom_field.max_length > 0 and value.length > custom_field.max_length
+      errors.add(:value, :invalid) unless custom_field.regexp.blank? or value =~ Regexp.new(custom_field.regexp)
+      errors.add(:value, :too_short, :count => custom_field.min_length) if custom_field.min_length > 0 and value.length < custom_field.min_length
+      errors.add(:value, :too_long, :count => custom_field.max_length) if custom_field.max_length > 0 and value.length > custom_field.max_length
    
      # Format specific validations
      case custom_field.field_format
      when 'int'
-        errors.add(:value, :activerecord_error_not_a_number) unless value =~ /^[+-]?\d+$/	
+        errors.add(:value, :not_a_number) unless value =~ /^[+-]?\d+$/	
      when 'float'
-        begin; Kernel.Float(value); rescue; errors.add(:value, :activerecord_error_invalid) end
+        begin; Kernel.Float(value); rescue; errors.add(:value, :invalid) end
      when 'date'
-        errors.add(:value, :activerecord_error_not_a_date) unless value =~ /^\d{4}-\d{2}-\d{2}$/
+        errors.add(:value, :not_a_date) unless value =~ /^\d{4}-\d{2}-\d{2}$/
      when 'list'
-        errors.add(:value, :activerecord_error_inclusion) unless custom_field.possible_values.include?(value)
+        errors.add(:value, :inclusion) unless custom_field.possible_values.include?(value)
      end
    end
  end
--- a/app/models/document.rb
+++ b/app/models/document.rb
@@ -17,8 +17,8 @@

 class Document < ActiveRecord::Base
  belongs_to :project
-  belongs_to :category, :class_name => "Enumeration", :foreign_key => "category_id"
-  has_many :attachments, :as => :container, :dependent => :destroy
+  belongs_to :category, :class_name => "DocumentCategory", :foreign_key => "category_id"
+  acts_as_attachable :delete_permission => :manage_documents

  acts_as_searchable :columns => ['title', "#{table_name}.description"], :include => :project
  acts_as_event :title => Proc.new {|o| "#{l(:label_document)}: #{o.title}"},
@@ -28,4 +28,29 @@ class Document < ActiveRecord::Base
  
  validates_presence_of :project, :title, :category
  validates_length_of :title, :maximum => 60
+  
+  def visible?(user=User.current)
+    !user.nil? && user.allowed_to?(:view_documents, project)
+  end
+  
+  def after_initialize
+    if new_record?
+      self.category ||= DocumentCategory.default
+    end
+  end
+  
+  def updated_on
+    unless @updated_on
+      a = attachments.find(:first, :order => 'created_on DESC')
+      @updated_on = (a && a.created_on) || created_on
+    end
+    @updated_on
+  end
+  
+  # Returns the mail adresses of users that should be notified
+  def recipients
+    notified = project.notified_users
+    notified.reject! {|user| !visible?(user)}
+    notified.collect(&:mail)
+  end
 end
--- a/app/models/document_category.rb
+++ b/app/models/document_category.rb
@@ -0,0 +1,34 @@
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+# 
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+
+class DocumentCategory < Enumeration
+  has_many :documents, :foreign_key => 'category_id'
+
+  OptionName = :enumeration_doc_categories
+
+  def option_name
+    OptionName
+  end
+
+  def objects_count
+    documents.count
+  end
+
+  def transfer_relations(to)
+    documents.update_all("category_id = #{to.id}")
+  end
+end
--- a/app/models/document_category_custom_field.rb
+++ b/app/models/document_category_custom_field.rb
@@ -0,0 +1,23 @@
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+# 
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+
+class DocumentCategoryCustomField < CustomField
+  def type_name
+    :enumeration_doc_categories
+  end
+end
+
--- a/app/models/document_observer.rb
+++ b/app/models/document_observer.rb
@@ -15,19 +15,8 @@
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

-class AWSProjectWithRepository < ActionWebService::Struct
-  member :id,              :int
-  member :identifier,      :string
-  member :name,            :string
-  member :is_public,       :bool
-  member :repository,      Repository
-end
-
-class SysApi < ActionWebService::API::Base
-  api_method :projects_with_repository_enabled,
-             :expects => [],
-             :returns => [[AWSProjectWithRepository]]
-  api_method :repository_created,
-             :expects => [:string, :string, :string],
-             :returns => [:int]
+class DocumentObserver < ActiveRecord::Observer
+  def after_create(document)
+    Mailer.deliver_document_added(document) if Setting.notified_events.include?('document_added')
+  end
 end
--- a/app/models/enabled_module.rb
+++ b/app/models/enabled_module.rb
@@ -1,5 +1,5 @@
-# redMine - project management software
-# Copyright (C) 2006-2007  Jean-Philippe Lang
+# Redmine - project management software
+# Copyright (C) 2006-2009  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -20,4 +20,19 @@ class EnabledModule < ActiveRecord::Base
  
  validates_presence_of :name
  validates_uniqueness_of :name, :scope => :project_id
+  
+  after_create :module_enabled
+  
+  private
+  
+  # after_create callback used to do things when a module is enabled
+  def module_enabled
+    case name
+    when 'wiki'
+      # Create a wiki with a default start page
+      if project && project.wiki.nil?
+        Wiki.create(:project => project, :start_page => 'Wiki')
+      end
+    end
+  end
 end
--- a/app/models/enumeration.rb
+++ b/app/models/enumeration.rb
@@ -16,44 +16,59 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class Enumeration < ActiveRecord::Base
-  acts_as_list :scope => 'opt = \'#{opt}\''
+  default_scope :order => "#{Enumeration.table_name}.position ASC"
+  
+  belongs_to :project
+  
+  acts_as_list :scope => 'type = \'#{type}\''
+  acts_as_customizable
+  acts_as_tree :order => 'position ASC'

  before_destroy :check_integrity
  
-  validates_presence_of :opt, :name
-  validates_uniqueness_of :name, :scope => [:opt]
+  validates_presence_of :name
+  validates_uniqueness_of :name, :scope => [:type, :project_id]
  validates_length_of :name, :maximum => 30

-  # Single table inheritance would be an option
-  OPTIONS = {
-    "IPRI" => {:label => :enumeration_issue_priorities, :model => Issue, :foreign_key => :priority_id},
-    "DCAT" => {:label => :enumeration_doc_categories, :model => Document, :foreign_key => :category_id},
-    "ACTI" => {:label => :enumeration_activities, :model => TimeEntry, :foreign_key => :activity_id}
-  }.freeze
-  
-  def self.get_values(option)
-    find(:all, :conditions => {:opt => option}, :order => 'position')
-  end
-  
-  def self.default(option)  
-    find(:first, :conditions => {:opt => option, :is_default => true}, :order => 'position')
-  end
+  named_scope :shared, :conditions => { :project_id => nil }
+  named_scope :active, :conditions => { :active => true }

+  def self.default
+    # Creates a fake default scope so Enumeration.default will check
+    # it's type.  STI subclasses will automatically add their own
+    # types to the finder.
+    if self.descends_from_active_record?
+      find(:first, :conditions => { :is_default => true, :type => 'Enumeration' })
+    else
+      # STI classes are
+      find(:first, :conditions => { :is_default => true })
+    end
+  end
+  
+  # Overloaded on concrete classes
  def option_name
-    OPTIONS[self.opt][:label]
+    nil
  end

  def before_save
-    Enumeration.update_all("is_default = #{connection.quoted_false}", {:opt => opt}) if is_default?
+    if is_default? && is_default_changed?
+      Enumeration.update_all("is_default = #{connection.quoted_false}", {:type => type})
+    end
  end
  
+  # Overloaded on concrete classes
  def objects_count
-    OPTIONS[self.opt][:model].count(:conditions => "#{OPTIONS[self.opt][:foreign_key]} = #{id}")
+    0
  end
  
  def in_use?
    self.objects_count != 0
  end
+
+  # Is this enumeration overiding a system level enumeration?
+  def is_override?
+    !self.parent.nil?
+  end
  
  alias :destroy_without_reassign :destroy
  
@@ -61,7 +76,7 @@ class Enumeration < ActiveRecord::Base
  # If a enumeration is specified, objects are reassigned
  def destroy(reassign_to = nil)
    if reassign_to && reassign_to.is_a?(Enumeration)
-      OPTIONS[self.opt][:model].update_all("#{OPTIONS[self.opt][:foreign_key]} = #{reassign_to.id}", "#{OPTIONS[self.opt][:foreign_key]} = #{id}")
+      self.transfer_relations(reassign_to)
    end
    destroy_without_reassign
  end
@@ -71,9 +86,49 @@ class Enumeration < ActiveRecord::Base
  end
  
  def to_s; name end
+
+  # Returns the Subclasses of Enumeration.  Each Subclass needs to be
+  # required in development mode.
+  #
+  # Note: subclasses is protected in ActiveRecord
+  def self.get_subclasses
+    @@subclasses[Enumeration]
+  end
+
+  # Does the +new+ Hash override the previous Enumeration?
+  def self.overridding_change?(new, previous)
+    if (same_active_state?(new['active'], previous.active)) && same_custom_values?(new,previous)
+      return false
+    else
+      return true
+    end
+  end
+
+  # Does the +new+ Hash have the same custom values as the previous Enumeration?
+  def self.same_custom_values?(new, previous)
+    previous.custom_field_values.each do |custom_value|
+      if custom_value.value != new["custom_field_values"][custom_value.custom_field_id.to_s]
+        return false
+      end
+    end
+
+    return true
+  end
+  
+  # Are the new and previous fields equal?
+  def self.same_active_state?(new, previous)
+    new = (new == "1" ? true : false)
+    return new == previous
+  end
  
 private
  def check_integrity
    raise "Can't delete enumeration" if self.in_use?
  end
+
 end
+
+# Force load the subclasses in development mode
+require_dependency 'time_entry_activity'
+require_dependency 'document_category'
+require_dependency 'issue_priority'
--- a/app/models/group.rb
+++ b/app/models/group.rb
@@ -0,0 +1,48 @@
+# Redmine - project management software
+# Copyright (C) 2006-2009  Jean-Philippe Lang
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+# 
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+
+class Group < Principal
+  has_and_belongs_to_many :users, :after_add => :user_added,
+                                  :after_remove => :user_removed
+  
+  acts_as_customizable
+  
+  validates_presence_of :lastname
+  validates_uniqueness_of :lastname, :case_sensitive => false
+  validates_length_of :lastname, :maximum => 30
+    
+  def to_s
+    lastname.to_s
+  end
+  
+  def user_added(user)
+    members.each do |member|
+      user_member = Member.find_by_project_id_and_user_id(member.project_id, user.id) || Member.new(:project_id => member.project_id, :user_id => user.id)
+      member.member_roles.each do |member_role|
+        user_member.member_roles << MemberRole.new(:role => member_role.role, :inherited_from => member_role.id)
+      end
+      user_member.save!
+    end
+  end
+  
+  def user_removed(user)
+    members.each do |member|
+      MemberRole.find(:all, :include => :member,
+                            :conditions => ["#{Member.table_name}.user_id = ? AND #{MemberRole.table_name}.inherited_from IN (?)", user.id, member.member_role_ids]).each(&:destroy)
+    end
+  end
+end
--- a/app/models/group_custom_field.rb
+++ b/app/models/group_custom_field.rb
@@ -0,0 +1,22 @@
+# Redmine - project management software
+# Copyright (C) 2006-2009  Jean-Philippe Lang
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+# 
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+
+class GroupCustomField < CustomField
+  def type_name
+    :label_group_plural
+  end
+end
--- a/app/models/issue.rb
+++ b/app/models/issue.rb
@@ -22,39 +22,55 @@ class Issue < ActiveRecord::Base
  belongs_to :author, :class_name => 'User', :foreign_key => 'author_id'
  belongs_to :assigned_to, :class_name => 'User', :foreign_key => 'assigned_to_id'
  belongs_to :fixed_version, :class_name => 'Version', :foreign_key => 'fixed_version_id'
-  belongs_to :priority, :class_name => 'Enumeration', :foreign_key => 'priority_id'
+  belongs_to :priority, :class_name => 'IssuePriority', :foreign_key => 'priority_id'
  belongs_to :category, :class_name => 'IssueCategory', :foreign_key => 'category_id'

  has_many :journals, :as => :journalized, :dependent => :destroy
-  has_many :attachments, :as => :container, :dependent => :destroy
  has_many :time_entries, :dependent => :delete_all
  has_and_belongs_to_many :changesets, :order => "#{Changeset.table_name}.committed_on ASC, #{Changeset.table_name}.id ASC"
  
  has_many :relations_from, :class_name => 'IssueRelation', :foreign_key => 'issue_from_id', :dependent => :delete_all
  has_many :relations_to, :class_name => 'IssueRelation', :foreign_key => 'issue_to_id', :dependent => :delete_all
  
+  acts_as_attachable :after_remove => :attachment_removed
  acts_as_customizable
  acts_as_watchable
  acts_as_searchable :columns => ['subject', "#{table_name}.description", "#{Journal.table_name}.notes"],
                     :include => [:project, :journals],
                     # sort by id so that limited eager loading doesn't break with postgresql
                     :order_column => "#{table_name}.id"
-  acts_as_event :title => Proc.new {|o| "#{o.tracker.name} ##{o.id}: #{o.subject}"},
-                :url => Proc.new {|o| {:controller => 'issues', :action => 'show', :id => o.id}}                
+  acts_as_event :title => Proc.new {|o| "#{o.tracker.name} ##{o.id} (#{o.status}): #{o.subject}"},
+                :url => Proc.new {|o| {:controller => 'issues', :action => 'show', :id => o.id}},
+                :type => Proc.new {|o| 'issue' + (o.closed? ? ' closed' : '') }
  
  acts_as_activity_provider :find_options => {:include => [:project, :author, :tracker]},
                            :author_key => :author_id
+
+  DONE_RATIO_OPTIONS = %w(issue_field issue_status)
  
-  validates_presence_of :subject, :description, :priority, :project, :tracker, :author, :status
+  validates_presence_of :subject, :priority, :project, :tracker, :author, :status
  validates_length_of :subject, :maximum => 255
  validates_inclusion_of :done_ratio, :in => 0..100
  validates_numericality_of :estimated_hours, :allow_nil => true

+  named_scope :visible, lambda {|*args| { :include => :project,
+                                          :conditions => Project.allowed_to_condition(args.first || User.current, :view_issues) } }
+  
+  named_scope :open, :conditions => ["#{IssueStatus.table_name}.is_closed = ?", false], :include => :status
+
+  before_save :update_done_ratio_from_issue_status
+  after_save :create_journal
+  
+  # Returns true if usr or current user is allowed to view the issue
+  def visible?(usr=nil)
+    (usr || User.current).allowed_to?(:view_issues, self.project)
+  end
+  
  def after_initialize
    if new_record?
      # set default values for new records only
      self.status ||= IssueStatus.default
-      self.priority ||= Enumeration.default('IPRI')
+      self.priority ||= IssuePriority.default
    end
  end
  
@@ -64,67 +80,135 @@ class Issue < ActiveRecord::Base
  end
  
  def copy_from(arg)
-    issue = arg.is_a?(Issue) ? arg : Issue.find(arg)
-    self.attributes = issue.attributes.dup
+    issue = arg.is_a?(Issue) ? arg : Issue.visible.find(arg)
+    self.attributes = issue.attributes.dup.except("id", "created_on", "updated_on")
    self.custom_values = issue.custom_values.collect {|v| v.clone}
+    self.status = issue.status
    self
  end
  
-  # Move an issue to a new project and tracker
-  def move_to(new_project, new_tracker = nil)
-    transaction do
-      if new_project && project_id != new_project.id
+  # Moves/copies an issue to a new project and tracker
+  # Returns the moved/copied issue on success, false on failure
+  def move_to(new_project, new_tracker = nil, options = {})
+    options ||= {}
+    issue = options[:copy] ? self.clone : self
+    ret = Issue.transaction do
+      if new_project && issue.project_id != new_project.id
        # delete issue relations
        unless Setting.cross_project_issue_relations?
-          self.relations_from.clear
-          self.relations_to.clear
+          issue.relations_from.clear
+          issue.relations_to.clear
        end
        # issue is moved to another project
        # reassign to the category with same name if any
-        new_category = category.nil? ? nil : new_project.issue_categories.find_by_name(category.name)
-        self.category = new_category
-        self.fixed_version = nil
-        self.project = new_project
+        new_category = issue.category.nil? ? nil : new_project.issue_categories.find_by_name(issue.category.name)
+        issue.category = new_category
+        # Keep the fixed_version if it's still valid in the new_project
+        unless new_project.shared_versions.include?(issue.fixed_version)
+          issue.fixed_version = nil
+        end
+        issue.project = new_project
      end
      if new_tracker
-        self.tracker = new_tracker
+        issue.tracker = new_tracker
      end
-      if save
-        # Manually update project_id on related time entries
-        TimeEntry.update_all("project_id = #{new_project.id}", {:issue_id => id})
+      if options[:copy]
+        issue.custom_field_values = self.custom_field_values.inject({}) {|h,v| h[v.custom_field_id] = v.value; h}
+        issue.status = if options[:attributes] && options[:attributes][:status_id]
+                         IssueStatus.find_by_id(options[:attributes][:status_id])
+                       else
+                         self.status
+                       end
+      end
+      # Allow bulk setting of attributes on the issue
+      if options[:attributes]
+        issue.attributes = options[:attributes]
+      end
+      if issue.save
+        unless options[:copy]
+          # Manually update project_id on related time entries
+          TimeEntry.update_all("project_id = #{new_project.id}", {:issue_id => id})
+        end
+        true
      else
-        rollback_db_transaction
-        return false
+        raise ActiveRecord::Rollback
      end
    end
-    return true
+    ret ? issue : false
  end
  
  def priority_id=(pid)
    self.priority = nil
    write_attribute(:priority_id, pid)
  end
+
+  def tracker_id=(tid)
+    self.tracker = nil
+    write_attribute(:tracker_id, tid)
+    result = write_attribute(:tracker_id, tid)
+    @custom_field_values = nil
+    result
+  end
+  
+  # Overrides attributes= so that tracker_id gets assigned first
+  def attributes_with_tracker_first=(new_attributes, *args)
+    return if new_attributes.nil?
+    new_tracker_id = new_attributes['tracker_id'] || new_attributes[:tracker_id]
+    if new_tracker_id
+      self.tracker_id = new_tracker_id
+    end
+    send :attributes_without_tracker_first=, new_attributes, *args
+  end
+  # Do not redefine alias chain on reload (see #4838)
+  alias_method_chain(:attributes=, :tracker_first) unless method_defined?(:attributes_without_tracker_first=)
  
  def estimated_hours=(h)
    write_attribute :estimated_hours, (h.is_a?(String) ? h.to_hours : h)
  end
  
+  def done_ratio
+    if Issue.use_status_for_done_ratio? && status && status.default_done_ratio?
+      status.default_done_ratio
+    else
+      read_attribute(:done_ratio)
+    end
+  end
+
+  def self.use_status_for_done_ratio?
+    Setting.issue_done_ratio == 'issue_status'
+  end
+
+  def self.use_field_for_done_ratio?
+    Setting.issue_done_ratio == 'issue_field'
+  end
+  
  def validate
    if self.due_date.nil? && @attributes['due_date'] && !@attributes['due_date'].empty?
-      errors.add :due_date, :activerecord_error_not_a_date
+      errors.add :due_date, :not_a_date
    end
    
    if self.due_date and self.start_date and self.due_date < self.start_date
-      errors.add :due_date, :activerecord_error_greater_than_start_date
+      errors.add :due_date, :greater_than_start_date
    end
    
    if start_date && soonest_start && start_date < soonest_start
-      errors.add :start_date, :activerecord_error_invalid
+      errors.add :start_date, :invalid
+    end
+    
+    if fixed_version
+      if !assignable_versions.include?(fixed_version)
+        errors.add :fixed_version_id, :inclusion
+      elsif reopened? && fixed_version.closed?
+        errors.add_to_base I18n.t(:error_can_not_reopen_issue_on_closed_version)
+      end
+    end
+    
+    # Checks that the issue can not be added/moved to a disabled tracker
+    if project && (tracker_id_changed? || project_id_changed?)
+      unless project.trackers.include?(tracker)
+        errors.add :tracker_id, :inclusion
+      end
    end
-  end
-  
-  def validate_on_create
-    errors.add :tracker_id, :activerecord_error_invalid unless project.trackers.include?(tracker)
  end
  
  def before_create
@@ -134,28 +218,12 @@ class Issue < ActiveRecord::Base
    end
  end
  
-  def before_save  
-    if @current_journal
-      # attributes changes
-      (Issue.column_names - %w(id description)).each {|c|
-        @current_journal.details << JournalDetail.new(:property => 'attr',
-                                                      :prop_key => c,
-                                                      :old_value => @issue_before_change.send(c),
-                                                      :value => send(c)) unless send(c)==@issue_before_change.send(c)
-      }
-      # custom fields changes
-      custom_values.each {|c|
-        next if (@custom_values_before_change[c.custom_field_id]==c.value ||
-                  (@custom_values_before_change[c.custom_field_id].blank? && c.value.blank?))
-        @current_journal.details << JournalDetail.new(:property => 'cf', 
-                                                      :prop_key => c.custom_field_id,
-                                                      :old_value => @custom_values_before_change[c.custom_field_id],
-                                                      :value => c.value)
-      }      
-      @current_journal.save
+  # Set the done_ratio using the status if that setting is set.  This will keep the done_ratios
+  # even if the user turns off the setting later
+  def update_done_ratio_from_issue_status
+    if Issue.use_status_for_done_ratio? && status && status.default_done_ratio?
+      self.done_ratio = status.default_done_ratio
    end
-    # Save the issue even if the journal is not saved (because empty)
-    true
  end
  
  def after_save
@@ -195,27 +263,63 @@ class Issue < ActiveRecord::Base
    self.status.is_closed?
  end
  
+  # Return true if the issue is being reopened
+  def reopened?
+    if !new_record? && status_id_changed?
+      status_was = IssueStatus.find_by_id(status_id_was)
+      status_new = IssueStatus.find_by_id(status_id)
+      if status_was && status_new && status_was.is_closed? && !status_new.is_closed?
+        return true
+      end
+    end
+    false
+  end
+  
+  # Returns true if the issue is overdue
+  def overdue?
+    !due_date.nil? && (due_date < Date.today) && !status.is_closed?
+  end
+  
  # Users the issue can be assigned to
  def assignable_users
    project.assignable_users
  end
  
+  # Versions that the issue can be assigned to
+  def assignable_versions
+    @assignable_versions ||= (project.shared_versions.open + [Version.find_by_id(fixed_version_id_was)]).compact.uniq.sort
+  end
+  
+  # Returns true if this issue is blocked by another issue that is still open
+  def blocked?
+    !relations_to.detect {|ir| ir.relation_type == 'blocks' && !ir.issue_from.closed?}.nil?
+  end
+  
  # Returns an array of status that user is able to apply
  def new_statuses_allowed_to(user)
-    statuses = status.find_new_statuses_allowed_to(user.role_for_project(project), tracker)
+    statuses = status.find_new_statuses_allowed_to(user.roles_for_project(project), tracker)
    statuses << status unless statuses.empty?
-    statuses.uniq.sort
+    statuses = statuses.uniq.sort
+    blocked? ? statuses.reject {|s| s.is_closed?} : statuses
  end
  
-  # Returns the mail adresses of users that should be notified for the issue
+  # Returns the mail adresses of users that should be notified
  def recipients
-    recipients = project.recipients
+    notified = project.notified_users
    # Author and assignee are always notified unless they have been locked
-    recipients << author.mail if author && author.active?
-    recipients << assigned_to.mail if assigned_to && assigned_to.active?
-    recipients.compact.uniq
+    notified << author if author && author.active?
+    notified << assigned_to if assigned_to && assigned_to.active?
+    notified.uniq!
+    # Remove users that can not view the issue
+    notified.reject! {|user| !visible?(user)}
+    notified.collect(&:mail)
  end
  
+  # Returns the total number of hours spent on this issue.
+  #
+  # Example:
+  #   spent_hours => 0
+  #   spent_hours => 50
  def spent_hours
    @spent_hours ||= time_entries.sum(:hours) || 0
  end
@@ -244,6 +348,11 @@ class Issue < ActiveRecord::Base
    due_date || (fixed_version ? fixed_version.effective_date : nil)
  end
  
+  # Returns the time scheduled for this issue.
+  # 
+  # Example:
+  #   Start Date: 2/26/09, End Date: 3/04/09
+  #   duration => 6
  def duration
    (start_date && due_date) ? due_date - start_date : 0
  end
@@ -252,13 +361,102 @@ class Issue < ActiveRecord::Base
    @soonest_start ||= relations_to.collect{|relation| relation.successor_soonest_start}.compact.min
  end
  
-  def self.visible_by(usr)
-    with_scope(:find => { :conditions => Project.visible_by(usr) }) do
-      yield
-    end
-  end
-  
  def to_s
    "#{tracker} ##{id}: #{subject}"
  end
+  
+  # Returns a string of css classes that apply to the issue
+  def css_classes
+    s = "issue status-#{status.position} priority-#{priority.position}"
+    s << ' closed' if closed?
+    s << ' overdue' if overdue?
+    s << ' created-by-me' if User.current.logged? && author_id == User.current.id
+    s << ' assigned-to-me' if User.current.logged? && assigned_to_id == User.current.id
+    s
+  end
+
+  # Unassigns issues from +version+ if it's no longer shared with issue's project
+  def self.update_versions_from_sharing_change(version)
+    # Update issues assigned to the version
+    update_versions(["#{Issue.table_name}.fixed_version_id = ?", version.id])
+  end
+  
+  # Unassigns issues from versions that are no longer shared
+  # after +project+ was moved
+  def self.update_versions_from_hierarchy_change(project)
+    moved_project_ids = project.self_and_descendants.reload.collect(&:id)
+    # Update issues of the moved projects and issues assigned to a version of a moved project
+    Issue.update_versions(["#{Version.table_name}.project_id IN (?) OR #{Issue.table_name}.project_id IN (?)", moved_project_ids, moved_project_ids])
+  end
+
+  # Returns an array of projects that current user can move issues to
+  def self.allowed_target_projects_on_move
+    projects = []
+    if User.current.admin?
+      # admin is allowed to move issues to any active (visible) project
+      projects = Project.visible.all
+    elsif User.current.logged?
+      if Role.non_member.allowed_to?(:move_issues)
+        projects = Project.visible.all
+      else
+        User.current.memberships.each {|m| projects << m.project if m.roles.detect {|r| r.allowed_to?(:move_issues)}}
+      end
+    end
+    projects
+  end
+   
+  private
+  
+  # Update issues so their versions are not pointing to a
+  # fixed_version that is not shared with the issue's project
+  def self.update_versions(conditions=nil)
+    # Only need to update issues with a fixed_version from
+    # a different project and that is not systemwide shared
+    Issue.all(:conditions => merge_conditions("#{Issue.table_name}.fixed_version_id IS NOT NULL" +
+                                                " AND #{Issue.table_name}.project_id <> #{Version.table_name}.project_id" +
+                                                " AND #{Version.table_name}.sharing <> 'system'",
+                                                conditions),
+              :include => [:project, :fixed_version]
+              ).each do |issue|
+      next if issue.project.nil? || issue.fixed_version.nil?
+      unless issue.project.shared_versions.include?(issue.fixed_version)
+        issue.init_journal(User.current)
+        issue.fixed_version = nil
+        issue.save
+      end
+    end
+  end
+  
+  # Callback on attachment deletion
+  def attachment_removed(obj)
+    journal = init_journal(User.current)
+    journal.details << JournalDetail.new(:property => 'attachment',
+                                         :prop_key => obj.id,
+                                         :old_value => obj.filename)
+    journal.save
+  end
+  
+  # Saves the changes in a Journal
+  # Called after_save
+  def create_journal
+    if @current_journal
+      # attributes changes
+      (Issue.column_names - %w(id description lock_version created_on updated_on)).each {|c|
+        @current_journal.details << JournalDetail.new(:property => 'attr',
+                                                      :prop_key => c,
+                                                      :old_value => @issue_before_change.send(c),
+                                                      :value => send(c)) unless send(c)==@issue_before_change.send(c)
+      }
+      # custom fields changes
+      custom_values.each {|c|
+        next if (@custom_values_before_change[c.custom_field_id]==c.value ||
+                  (@custom_values_before_change[c.custom_field_id].blank? && c.value.blank?))
+        @current_journal.details << JournalDetail.new(:property => 'cf', 
+                                                      :prop_key => c.custom_field_id,
+                                                      :old_value => @custom_values_before_change[c.custom_field_id],
+                                                      :value => c.value)
+      }      
+      @current_journal.save
+    end
+  end
 end
--- a/app/models/issue_observer.rb
+++ b/app/models/issue_observer.rb
@@ -0,0 +1,22 @@
+# redMine - project management software
+# Copyright (C) 2006-2007  Jean-Philippe Lang
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+# 
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+
+class IssueObserver < ActiveRecord::Observer
+  def after_create(issue)
+    Mailer.deliver_issue_add(issue) if Setting.notified_events.include?('issue_added')
+  end
+end
--- a/app/models/issue_priority.rb
+++ b/app/models/issue_priority.rb
@@ -0,0 +1,34 @@
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+# 
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+
+class IssuePriority < Enumeration
+  has_many :issues, :foreign_key => 'priority_id'
+
+  OptionName = :enumeration_issue_priorities
+
+  def option_name
+    OptionName
+  end
+
+  def objects_count
+    issues.count
+  end
+
+  def transfer_relations(to)
+    issues.update_all("priority_id = #{to.id}")
+  end
+end
--- a/app/models/issue_priority_custom_field.rb
+++ b/app/models/issue_priority_custom_field.rb
@@ -0,0 +1,23 @@
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+# 
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+
+class IssuePriorityCustomField < CustomField
+  def type_name
+    :enumeration_issue_priorities
+  end
+end
+
--- a/app/models/issue_relation.rb
+++ b/app/models/issue_relation.rb
@@ -23,11 +23,13 @@ class IssueRelation < ActiveRecord::Base
  TYPE_DUPLICATES   = "duplicates"
  TYPE_BLOCKS       = "blocks"
  TYPE_PRECEDES     = "precedes"
+  TYPE_FOLLOWS      = "follows"
  
  TYPES = { TYPE_RELATES =>     { :name => :label_relates_to, :sym_name => :label_relates_to, :order => 1 },
            TYPE_DUPLICATES =>  { :name => :label_duplicates, :sym_name => :label_duplicated_by, :order => 2 },
            TYPE_BLOCKS =>      { :name => :label_blocks, :sym_name => :label_blocked_by, :order => 3 },
            TYPE_PRECEDES =>    { :name => :label_precedes, :sym_name => :label_follows, :order => 4 },
+            TYPE_FOLLOWS =>     { :name => :label_follows, :sym_name => :label_precedes, :order => 5 }
          }.freeze
  
  validates_presence_of :issue_from, :issue_to, :relation_type
@@ -35,11 +37,13 @@ class IssueRelation < ActiveRecord::Base
  validates_numericality_of :delay, :allow_nil => true
  validates_uniqueness_of :issue_to_id, :scope => :issue_from_id
  
+  attr_protected :issue_from_id, :issue_to_id
+  
  def validate
    if issue_from && issue_to
-      errors.add :issue_to_id, :activerecord_error_invalid if issue_from_id == issue_to_id
-      errors.add :issue_to_id, :activerecord_error_not_same_project unless issue_from.project_id == issue_to.project_id || Setting.cross_project_issue_relations?
-      errors.add_to_base :activerecord_error_circular_dependency if issue_to.all_dependent_issues.include? issue_from
+      errors.add :issue_to_id, :invalid if issue_from_id == issue_to_id
+      errors.add :issue_to_id, :not_same_project unless issue_from.project_id == issue_to.project_id || Setting.cross_project_issue_relations?
+      errors.add_to_base :circular_dependency if issue_to.all_dependent_issues.include? issue_from
    end
  end
  
@@ -52,6 +56,8 @@ class IssueRelation < ActiveRecord::Base
  end
  
  def before_save
+    reverse_if_needed
+    
    if TYPE_PRECEDES == relation_type
      self.delay ||= 0
    else
@@ -76,4 +82,15 @@ class IssueRelation < ActiveRecord::Base
  def <=>(relation)
    TYPES[self.relation_type][:order] <=> TYPES[relation.relation_type][:order]
  end
+  
+  private
+  
+  def reverse_if_needed
+    if (TYPE_FOLLOWS == relation_type)
+      issue_tmp = issue_to
+      self.issue_to = issue_from
+      self.issue_from = issue_tmp
+      self.relation_type = TYPE_PRECEDES
+    end
+  end
 end
--- a/app/models/issue_status.rb
+++ b/app/models/issue_status.rb
@@ -24,6 +24,7 @@ class IssueStatus < ActiveRecord::Base
  validates_uniqueness_of :name
  validates_length_of :name, :maximum => 30
  validates_format_of :name, :with => /^[\w\s\'\-]*$/i
+  validates_inclusion_of :default_done_ratio, :in => 0..100, :allow_nil => true

  def after_save
    IssueStatus.update_all("is_default=#{connection.quoted_false}", ['id <> ?', id]) if self.is_default?
@@ -33,27 +34,49 @@ class IssueStatus < ActiveRecord::Base
  def self.default
    find(:first, :conditions =>["is_default=?", true])
  end
+  
+  # Update all the +Issues+ setting their done_ratio to the value of their +IssueStatus+
+  def self.update_issue_done_ratios
+    if Issue.use_status_for_done_ratio?
+      IssueStatus.find(:all, :conditions => ["default_done_ratio >= 0"]).each do |status|
+        Issue.update_all(["done_ratio = ?", status.default_done_ratio],
+                         ["status_id = ?", status.id])
+      end
+    end
+
+    return Issue.use_status_for_done_ratio?
+  end

  # Returns an array of all statuses the given role can switch to
  # Uses association cache when called more than one time
-  def new_statuses_allowed_to(role, tracker)
-    new_statuses = workflows.select {|w| w.role_id == role.id && w.tracker_id == tracker.id}.collect{|w| w.new_status} if role && tracker
-    new_statuses ? new_statuses.compact.sort{|x, y| x.position <=> y.position } : []
+  def new_statuses_allowed_to(roles, tracker)
+    if roles && tracker
+      role_ids = roles.collect(&:id)
+      new_statuses = workflows.select {|w| role_ids.include?(w.role_id) && w.tracker_id == tracker.id}.collect{|w| w.new_status}.compact.sort
+    else
+      []
+    end
  end
  
  # Same thing as above but uses a database query
  # More efficient than the previous method if called just once
-  def find_new_statuses_allowed_to(role, tracker)  
-    new_statuses = workflows.find(:all, 
-                                   :include => :new_status,
-                                   :conditions => ["role_id=? and tracker_id=?", role.id, tracker.id]).collect{ |w| w.new_status }.compact  if role && tracker
-    new_statuses ? new_statuses.sort{|x, y| x.position <=> y.position } : []
+  def find_new_statuses_allowed_to(roles, tracker)
+    if roles && tracker
+      workflows.find(:all,
+                     :include => :new_status,
+                     :conditions => { :role_id => roles.collect(&:id), 
+                                      :tracker_id => tracker.id}).collect{ |w| w.new_status }.compact.sort
+    else
+      []
+    end
  end
  
-  def new_status_allowed_to?(status, role, tracker)
-    status && role && tracker ?
-      !workflows.find(:first, :conditions => {:new_status_id => status.id, :role_id => role.id, :tracker_id => tracker.id}).nil? :
+  def new_status_allowed_to?(status, roles, tracker)
+    if status && roles && tracker
+      !workflows.find(:first, :conditions => {:new_status_id => status.id, :role_id => roles.collect(&:id), :tracker_id => tracker.id}).nil?
+    else
      false
+    end
  end

  def <=>(status)
--- a/app/models/journal.rb
+++ b/app/models/journal.rb
@@ -38,7 +38,7 @@ class Journal < ActiveRecord::Base
                                              :conditions => "#{Journal.table_name}.journalized_type = 'Issue' AND" +
                                                             " (#{JournalDetail.table_name}.prop_key = 'status_id' OR #{Journal.table_name}.notes <> '')"}
  
-  def save
+  def save(*args)
    # Do not save an empty journal
    (details.empty? && notes.blank?) ? false : super
  end
--- a/app/models/journal_observer.rb
+++ b/app/models/journal_observer.rb
@@ -0,0 +1,22 @@
+# redMine - project management software
+# Copyright (C) 2006-2007  Jean-Philippe Lang
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+# 
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+
+class JournalObserver < ActiveRecord::Observer
+  def after_create(journal)
+    Mailer.deliver_issue_edit(journal) if Setting.notified_events.include?('issue_updated')
+  end
+end
--- a/app/models/mail_handler.rb
+++ b/app/models/mail_handler.rb
@@ -16,6 +16,7 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class MailHandler < ActionMailer::Base
+  include ActionView::Helpers::SanitizeHelper

  class UnauthorizedAction < StandardError; end
  class MissingInformation < StandardError; end
@@ -33,30 +34,70 @@ class MailHandler < ActionMailer::Base
    @@handler_options[:allow_override] << 'project' unless @@handler_options[:issue].has_key?(:project)
    # Status overridable by default
    @@handler_options[:allow_override] << 'status' unless @@handler_options[:issue].has_key?(:status)    
+    
+    @@handler_options[:no_permission_check] = (@@handler_options[:no_permission_check].to_s == '1' ? true : false)
    super email
  end
  
  # Processes incoming emails
+  # Returns the created object (eg. an issue, a message) or false
  def receive(email)
    @email = email
-    @user = User.active.find(:first, :conditions => ["LOWER(mail) = ?", email.from.first.to_s.strip.downcase])
-    unless @user
-      # Unknown user => the email is ignored
-      # TODO: ability to create the user's account
-      logger.info "MailHandler: email submitted by unknown user [#{email.from.first}]" if logger && logger.info
+    sender_email = email.from.to_a.first.to_s.strip
+    # Ignore emails received from the application emission address to avoid hell cycles
+    if sender_email.downcase == Setting.mail_from.to_s.strip.downcase
+      logger.info  "MailHandler: ignoring email from Redmine emission address [#{sender_email}]" if logger && logger.info
      return false
    end
+    @user = User.find_by_mail(sender_email) if sender_email.present?
+    if @user && !@user.active?
+      logger.info  "MailHandler: ignoring email from non-active user [#{@user.login}]" if logger && logger.info
+      return false
+    end
+    if @user.nil?
+      # Email was submitted by an unknown user
+      case @@handler_options[:unknown_user]
+      when 'accept'
+        @user = User.anonymous
+      when 'create'
+        @user = MailHandler.create_user_from_email(email)
+        if @user
+          logger.info "MailHandler: [#{@user.login}] account created" if logger && logger.info
+          Mailer.deliver_account_information(@user, @user.password)
+        else
+          logger.error "MailHandler: could not create account for [#{sender_email}]" if logger && logger.error
+          return false
+        end
+      else
+        # Default behaviour, emails from unknown users are ignored
+        logger.info  "MailHandler: ignoring email from unknown user [#{sender_email}]" if logger && logger.info
+        return false
+      end
+    end
    User.current = @user
    dispatch
  end
  
  private

-  ISSUE_REPLY_SUBJECT_RE = %r{\[[^\]]+#(\d+)\]}
+  MESSAGE_ID_RE = %r{^<redmine\.([a-z0-9_]+)\-(\d+)\.\d+@}
+  ISSUE_REPLY_SUBJECT_RE = %r{\[[^\]]*#(\d+)\]}
+  MESSAGE_REPLY_SUBJECT_RE = %r{\[[^\]]*msg(\d+)\]}
  
  def dispatch
-    if m = email.subject.match(ISSUE_REPLY_SUBJECT_RE)
-      receive_issue_update(m[1].to_i)
+    headers = [email.in_reply_to, email.references].flatten.compact
+    if headers.detect {|h| h.to_s =~ MESSAGE_ID_RE}
+      klass, object_id = $1, $2.to_i
+      method_name = "receive_#{klass}_reply"
+      if self.class.private_instance_methods.collect(&:to_s).include?(method_name)
+        send method_name, object_id
+      else
+        # ignoring it
+      end
+    elsif m = email.subject.match(ISSUE_REPLY_SUBJECT_RE)
+      receive_issue_reply(m[1].to_i)
+    elsif m = email.subject.match(MESSAGE_REPLY_SUBJECT_RE)
+      receive_message_reply(m[1].to_i)
    else
      receive_issue
    end
@@ -77,26 +118,36 @@ class MailHandler < ActionMailer::Base
    project = target_project
    tracker = (get_keyword(:tracker) && project.trackers.find_by_name(get_keyword(:tracker))) || project.trackers.find(:first)
    category = (get_keyword(:category) && project.issue_categories.find_by_name(get_keyword(:category)))
-    priority = (get_keyword(:priority) && Enumeration.find_by_opt_and_name('IPRI', get_keyword(:priority)))
+    priority = (get_keyword(:priority) && IssuePriority.find_by_name(get_keyword(:priority)))
    status =  (get_keyword(:status) && IssueStatus.find_by_name(get_keyword(:status)))

    # check permission
-    raise UnauthorizedAction unless user.allowed_to?(:add_issues, project)
+    unless @@handler_options[:no_permission_check]
+      raise UnauthorizedAction unless user.allowed_to?(:add_issues, project)
+    end
+    
    issue = Issue.new(:author => user, :project => project, :tracker => tracker, :category => category, :priority => priority)
    # check workflow
    if status && issue.new_statuses_allowed_to(user).include?(status)
      issue.status = status
    end
-    issue.subject = email.subject.chomp.toutf8
-    issue.description = email.plain_text_body.chomp
+    issue.subject = email.subject.chomp
+    if issue.subject.blank?
+      issue.subject = '(no subject)'
+    end
+    # custom fields
+    issue.custom_field_values = issue.available_custom_fields.inject({}) do |h, c|
+      if value = get_keyword(c.name, :override => true)
+        h[c.id] = value
+      end
+      h
+    end
+    issue.description = cleaned_up_text_body
+    # add To and Cc as watchers before saving so the watchers can reply to Redmine
+    add_watchers(issue)
    issue.save!
    add_attachments(issue)
    logger.info "MailHandler: issue ##{issue.id} created by #{user}" if logger && logger.info
-    # send notification before adding watchers since they were cc'ed
-    Mailer.deliver_issue_add(issue) if Setting.notified_events.include?('issue_added')
-    # add To and Cc as watchers
-    add_watchers(issue)
-    
    issue
  end
  
@@ -110,17 +161,19 @@ class MailHandler < ActionMailer::Base
  end
  
  # Adds a note to an existing issue
-  def receive_issue_update(issue_id)
+  def receive_issue_reply(issue_id)
    status =  (get_keyword(:status) && IssueStatus.find_by_name(get_keyword(:status)))
    
    issue = Issue.find_by_id(issue_id)
    return unless issue
    # check permission
-    raise UnauthorizedAction unless user.allowed_to?(:add_issue_notes, issue.project) || user.allowed_to?(:edit_issues, issue.project)
-    raise UnauthorizedAction unless status.nil? || user.allowed_to?(:edit_issues, issue.project)
+    unless @@handler_options[:no_permission_check]
+      raise UnauthorizedAction unless user.allowed_to?(:add_issue_notes, issue.project) || user.allowed_to?(:edit_issues, issue.project)
+      raise UnauthorizedAction unless status.nil? || user.allowed_to?(:edit_issues, issue.project)
+    end

    # add the note
-    journal = issue.init_journal(user, email.plain_text_body.chomp)
+    journal = issue.init_journal(user, cleaned_up_text_body)
    add_attachments(issue)
    # check workflow
    if status && issue.new_statuses_allowed_to(user).include?(status)
@@ -128,10 +181,41 @@ class MailHandler < ActionMailer::Base
    end
    issue.save!
    logger.info "MailHandler: issue ##{issue.id} updated by #{user}" if logger && logger.info
-    Mailer.deliver_issue_edit(journal) if Setting.notified_events.include?('issue_updated')
    journal
  end
  
+  # Reply will be added to the issue
+  def receive_journal_reply(journal_id)
+    journal = Journal.find_by_id(journal_id)
+    if journal && journal.journalized_type == 'Issue'
+      receive_issue_reply(journal.journalized_id)
+    end
+  end
+  
+  # Receives a reply to a forum message
+  def receive_message_reply(message_id)
+    message = Message.find_by_id(message_id)
+    if message
+      message = message.root
+      
+      unless @@handler_options[:no_permission_check]
+        raise UnauthorizedAction unless user.allowed_to?(:add_messages, message.project)
+      end
+      
+      if !message.locked?
+        reply = Message.new(:subject => email.subject.gsub(%r{^.*msg\d+\]}, '').strip,
+                            :content => cleaned_up_text_body)
+        reply.author = user
+        reply.board = message.board
+        message.children << reply
+        add_attachments(reply)
+        reply
+      else
+        logger.info "MailHandler: ignoring reply from [#{sender_email}] to a locked topic" if logger && logger.info
+      end
+    end
+  end
+  
  def add_attachments(obj)
    if email.has_attachments?
      email.attachments.each do |attachment|
@@ -155,22 +239,78 @@ class MailHandler < ActionMailer::Base
    end
  end
  
-  def get_keyword(attr)
-    if @@handler_options[:allow_override].include?(attr.to_s) && email.plain_text_body =~ /^#{attr}:[ \t]*(.+)$/i
-      $1.strip
-    elsif !@@handler_options[:issue][attr].blank?
-      @@handler_options[:issue][attr]
+  def get_keyword(attr, options={})
+    @keywords ||= {}
+    if @keywords.has_key?(attr)
+      @keywords[attr]
+    else
+      @keywords[attr] = begin
+        if (options[:override] || @@handler_options[:allow_override].include?(attr.to_s)) && plain_text_body.gsub!(/^#{attr}[ \t]*:[ \t]*(.+)\s*$/i, '')
+          $1.strip
+        elsif !@@handler_options[:issue][attr].blank?
+          @@handler_options[:issue][attr]
+        end
+      end
    end
  end
-end
-
-class TMail::Mail
-  # Returns body of the first plain text part found if any
+  
+  # Returns the text/plain part of the email
+  # If not found (eg. HTML-only email), returns the body with tags removed
  def plain_text_body
    return @plain_text_body unless @plain_text_body.nil?
-    p = self.parts.collect {|c| (c.respond_to?(:parts) && !c.parts.empty?) ? c.parts : c}.flatten
-    plain = p.detect {|c| c.content_type == 'text/plain'}
-    @plain_text_body = plain.nil? ? self.body : plain.body
+    parts = @email.parts.collect {|c| (c.respond_to?(:parts) && !c.parts.empty?) ? c.parts : c}.flatten
+    if parts.empty?
+      parts << @email
+    end
+    plain_text_part = parts.detect {|p| p.content_type == 'text/plain'}
+    if plain_text_part.nil?
+      # no text/plain part found, assuming html-only email
+      # strip html tags and remove doctype directive
+      @plain_text_body = strip_tags(@email.body.to_s)
+      @plain_text_body.gsub! %r{^<!DOCTYPE .*$}, ''
+    else
+      @plain_text_body = plain_text_part.body.to_s
+    end
+    @plain_text_body.strip!
+    @plain_text_body
+  end
+  
+  def cleaned_up_text_body
+    cleanup_body(plain_text_body)
+  end
+
+  def self.full_sanitizer
+    @full_sanitizer ||= HTML::FullSanitizer.new
+  end
+  
+  # Creates a user account for the +email+ sender
+  def self.create_user_from_email(email)
+    addr = email.from_addrs.to_a.first
+    if addr && !addr.spec.blank?
+      user = User.new
+      user.mail = addr.spec
+      
+      names = addr.name.blank? ? addr.spec.gsub(/@.*$/, '').split('.') : addr.name.split
+      user.firstname = names.shift
+      user.lastname = names.join(' ')
+      user.lastname = '-' if user.lastname.blank?
+      
+      user.login = user.mail
+      user.password = ActiveSupport::SecureRandom.hex(5)
+      user.language = Setting.default_language
+      user.save ? user : nil
+    end
+  end
+
+  private
+  
+  # Removes the email body of text after the truncation configurations.
+  def cleanup_body(body)
+    delimiters = Setting.mail_handler_body_delimiters.to_s.split(/[\r\n]+/).reject(&:blank?).map {|s| Regexp.escape(s)}
+    unless delimiters.empty?
+      regex = Regexp.new("^(#{ delimiters.join('|') })\s*[\r\n].*", Regexp::MULTILINE)
+      body = body.gsub(regex, '')
+    end
+    body.strip
  end
 end
-
--- a/app/models/mailer.rb
+++ b/app/models/mailer.rb
@@ -16,29 +16,53 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class Mailer < ActionMailer::Base
+  layout 'mailer'
  helper :application
  helper :issues
  helper :custom_fields

  include ActionController::UrlWriter
+  include Redmine::I18n

+  def self.default_url_options
+    h = Setting.host_name
+    h = h.to_s.gsub(%r{\/.*$}, '') unless Redmine::Utils.relative_url_root.blank?
+    { :host => h, :protocol => Setting.protocol }
+  end
+  
+  # Builds a tmail object used to email recipients of the added issue.
+  #
+  # Example:
+  #   issue_add(issue) => tmail object
+  #   Mailer.deliver_issue_add(issue) => sends an email to issue recipients
  def issue_add(issue)
    redmine_headers 'Project' => issue.project.identifier,
                    'Issue-Id' => issue.id,
                    'Issue-Author' => issue.author.login
    redmine_headers 'Issue-Assignee' => issue.assigned_to.login if issue.assigned_to
+    message_id issue
    recipients issue.recipients
+    cc(issue.watcher_recipients - @recipients)
    subject "[#{issue.project.name} - #{issue.tracker.name} ##{issue.id}] (#{issue.status.name}) #{issue.subject}"
    body :issue => issue,
         :issue_url => url_for(:controller => 'issues', :action => 'show', :id => issue)
+    render_multipart('issue_add', body)
  end

+  # Builds a tmail object used to email recipients of the edited issue.
+  #
+  # Example:
+  #   issue_edit(journal) => tmail object
+  #   Mailer.deliver_issue_edit(journal) => sends an email to issue recipients
  def issue_edit(journal)
-    issue = journal.journalized
+    issue = journal.journalized.reload
    redmine_headers 'Project' => issue.project.identifier,
                    'Issue-Id' => issue.id,
                    'Issue-Author' => issue.author.login
    redmine_headers 'Issue-Assignee' => issue.assigned_to.login if issue.assigned_to
+    message_id journal
+    references issue
+    @author = journal.user
    recipients issue.recipients
    # Watchers in cc
    cc(issue.watcher_recipients - @recipients)
@@ -49,6 +73,8 @@ class Mailer < ActionMailer::Base
    body :issue => issue,
         :journal => journal,
         :issue_url => url_for(:controller => 'issues', :action => 'show', :id => issue)
+
+    render_multipart('issue_edit', body)
  end

  def reminder(user, issues, days)
@@ -57,54 +83,128 @@ class Mailer < ActionMailer::Base
    subject l(:mail_subject_reminder, issues.size)
    body :issues => issues,
         :days => days,
-         :issues_url => url_for(:controller => 'issues', :action => 'index', :set_filter => 1, :assigned_to_id => user.id, :sort_key => 'issues.due_date', :sort_order => 'asc')
+         :issues_url => url_for(:controller => 'issues', :action => 'index', :set_filter => 1, :assigned_to_id => user.id, :sort_key => 'due_date', :sort_order => 'asc')
+    render_multipart('reminder', body)
  end

+  # Builds a tmail object used to email users belonging to the added document's project.
+  #
+  # Example:
+  #   document_added(document) => tmail object
+  #   Mailer.deliver_document_added(document) => sends an email to the document's project recipients
  def document_added(document)
    redmine_headers 'Project' => document.project.identifier
-    recipients document.project.recipients
+    recipients document.recipients
    subject "[#{document.project.name}] #{l(:label_document_new)}: #{document.title}"
    body :document => document,
         :document_url => url_for(:controller => 'documents', :action => 'show', :id => document)
+    render_multipart('document_added', body)
  end

+  # Builds a tmail object used to email recipients of a project when an attachements are added.
+  #
+  # Example:
+  #   attachments_added(attachments) => tmail object
+  #   Mailer.deliver_attachments_added(attachments) => sends an email to the project's recipients
  def attachments_added(attachments)
    container = attachments.first.container
    added_to = ''
    added_to_url = ''
    case container.class.name
+    when 'Project'
+      added_to_url = url_for(:controller => 'projects', :action => 'list_files', :id => container)
+      added_to = "#{l(:label_project)}: #{container}"
+      recipients container.project.notified_users.select {|user| user.allowed_to?(:view_files, container.project)}.collect  {|u| u.mail}
    when 'Version'
      added_to_url = url_for(:controller => 'projects', :action => 'list_files', :id => container.project_id)
      added_to = "#{l(:label_version)}: #{container.name}"
+      recipients container.project.notified_users.select {|user| user.allowed_to?(:view_files, container.project)}.collect  {|u| u.mail}
    when 'Document'
      added_to_url = url_for(:controller => 'documents', :action => 'show', :id => container.id)
      added_to = "#{l(:label_document)}: #{container.title}"
+      recipients container.recipients
    end
    redmine_headers 'Project' => container.project.identifier
-    recipients container.project.recipients
    subject "[#{container.project.name}] #{l(:label_attachment_new)}"
    body :attachments => attachments,
         :added_to => added_to,
         :added_to_url => added_to_url
+    render_multipart('attachments_added', body)
  end
-
+  
+  # Builds a tmail object used to email recipients of a news' project when a news item is added.
+  #
+  # Example:
+  #   news_added(news) => tmail object
+  #   Mailer.deliver_news_added(news) => sends an email to the news' project recipients
  def news_added(news)
    redmine_headers 'Project' => news.project.identifier
-    recipients news.project.recipients
+    message_id news
+    recipients news.recipients
    subject "[#{news.project.name}] #{l(:label_news)}: #{news.title}"
    body :news => news,
         :news_url => url_for(:controller => 'news', :action => 'show', :id => news)
+    render_multipart('news_added', body)
  end

-  def message_posted(message, recipients)
+  # Builds a tmail object used to email the recipients of the specified message that was posted. 
+  #
+  # Example:
+  #   message_posted(message) => tmail object
+  #   Mailer.deliver_message_posted(message) => sends an email to the recipients
+  def message_posted(message)
    redmine_headers 'Project' => message.project.identifier,
                    'Topic-Id' => (message.parent_id || message.id)
-    recipients(recipients)
-    subject "[#{message.board.project.name} - #{message.board.name}] #{message.subject}"
+    message_id message
+    references message.parent unless message.parent.nil?
+    recipients(message.recipients)
+    cc((message.root.watcher_recipients + message.board.watcher_recipients).uniq - @recipients)
+    subject "[#{message.board.project.name} - #{message.board.name} - msg#{message.root.id}] #{message.subject}"
    body :message => message,
         :message_url => url_for(:controller => 'messages', :action => 'show', :board_id => message.board_id, :id => message.root)
+    render_multipart('message_posted', body)
+  end
+  
+  # Builds a tmail object used to email the recipients of a project of the specified wiki content was added. 
+  #
+  # Example:
+  #   wiki_content_added(wiki_content) => tmail object
+  #   Mailer.deliver_wiki_content_added(wiki_content) => sends an email to the project's recipients
+  def wiki_content_added(wiki_content)
+    redmine_headers 'Project' => wiki_content.project.identifier,
+                    'Wiki-Page-Id' => wiki_content.page.id
+    message_id wiki_content
+    recipients wiki_content.recipients
+    cc(wiki_content.page.wiki.watcher_recipients - recipients)
+    subject "[#{wiki_content.project.name}] #{l(:mail_subject_wiki_content_added, :page => wiki_content.page.pretty_title)}"
+    body :wiki_content => wiki_content,
+         :wiki_content_url => url_for(:controller => 'wiki', :action => 'index', :id => wiki_content.project, :page => wiki_content.page.title)
+    render_multipart('wiki_content_added', body)
+  end
+  
+  # Builds a tmail object used to email the recipients of a project of the specified wiki content was updated. 
+  #
+  # Example:
+  #   wiki_content_updated(wiki_content) => tmail object
+  #   Mailer.deliver_wiki_content_updated(wiki_content) => sends an email to the project's recipients
+  def wiki_content_updated(wiki_content)
+    redmine_headers 'Project' => wiki_content.project.identifier,
+                    'Wiki-Page-Id' => wiki_content.page.id
+    message_id wiki_content
+    recipients wiki_content.recipients
+    cc(wiki_content.page.wiki.watcher_recipients + wiki_content.page.watcher_recipients - recipients)
+    subject "[#{wiki_content.project.name}] #{l(:mail_subject_wiki_content_updated, :page => wiki_content.page.pretty_title)}"
+    body :wiki_content => wiki_content,
+         :wiki_content_url => url_for(:controller => 'wiki', :action => 'index', :id => wiki_content.project, :page => wiki_content.page.title),
+         :wiki_diff_url => url_for(:controller => 'wiki', :action => 'diff', :id => wiki_content.project, :page => wiki_content.page.title, :version => wiki_content.version)
+    render_multipart('wiki_content_updated', body)
  end

+  # Builds a tmail object used to email the specified user their account information.
+  #
+  # Example:
+  #   account_information(user, password) => tmail object
+  #   Mailer.deliver_account_information(user, password) => sends account information to the user
  def account_information(user, password)
    set_language_if_valid user.language
    recipients user.mail
@@ -112,14 +212,35 @@ class Mailer < ActionMailer::Base
    body :user => user,
         :password => password,
         :login_url => url_for(:controller => 'account', :action => 'login')
+    render_multipart('account_information', body)
  end

+  # Builds a tmail object used to email all active administrators of an account activation request.
+  #
+  # Example:
+  #   account_activation_request(user) => tmail object
+  #   Mailer.deliver_account_activation_request(user)=> sends an email to all active administrators
  def account_activation_request(user)
    # Send the email to all active administrators
    recipients User.active.find(:all, :conditions => {:admin => true}).collect { |u| u.mail }.compact
    subject l(:mail_subject_account_activation_request, Setting.app_title)
    body :user => user,
         :url => url_for(:controller => 'users', :action => 'index', :status => User::STATUS_REGISTERED, :sort_key => 'created_on', :sort_order => 'desc')
+    render_multipart('account_activation_request', body)
+  end
+
+  # Builds a tmail object used to email the specified user that their account was activated by an administrator.
+  #
+  # Example:
+  #   account_activated(user) => tmail object
+  #   Mailer.deliver_account_activated(user) => sends an email to the registered user
+  def account_activated(user)
+    set_language_if_valid user.language
+    recipients user.mail
+    subject l(:mail_subject_register, Setting.app_title)
+    body :user => user,
+         :login_url => url_for(:controller => 'account', :action => 'login')
+    render_multipart('account_activated', body)
  end

  def lost_password(token)
@@ -128,6 +249,7 @@ class Mailer < ActionMailer::Base
    subject l(:mail_subject_lost_password, Setting.app_title)
    body :token => token,
         :url => url_for(:controller => 'account', :action => 'lost_password', :token => token.value)
+    render_multipart('lost_password', body)
  end

  def register(token)
@@ -136,6 +258,7 @@ class Mailer < ActionMailer::Base
    subject l(:mail_subject_register, Setting.app_title)
    body :token => token,
         :url => url_for(:controller => 'account', :action => 'activate', :token => token.value)
+    render_multipart('register', body)
  end

  def test(user)
@@ -143,15 +266,25 @@ class Mailer < ActionMailer::Base
    recipients user.mail
    subject 'Redmine test'
    body :url => url_for(:controller => 'welcome')
+    render_multipart('test', body)
  end

  # Overrides default deliver! method to prevent from sending an email
  # with no recipient, cc or bcc
  def deliver!(mail = @mail)
+    set_language_if_valid @initial_language
    return false if (recipients.nil? || recipients.empty?) &&
                    (cc.nil? || cc.empty?) &&
                    (bcc.nil? || bcc.empty?)
-    super
+                    
+    # Set Message-Id and References
+    if @message_id_object
+      mail.message_id = self.class.message_id_for(@message_id_object)
+    end
+    if @references_objects
+      mail.references = @references_objects.collect {|o| self.class.message_id_for(o)}
+    end
+    super(mail)
  end

  # Sends reminders to issue assignees
@@ -177,23 +310,29 @@ class Mailer < ActionMailer::Base
      deliver_reminder(assignee, issues, days) unless assignee.nil?
    end
  end
+  
+  # Activates/desactivates email deliveries during +block+
+  def self.with_deliveries(enabled = true, &block)
+    was_enabled = ActionMailer::Base.perform_deliveries
+    ActionMailer::Base.perform_deliveries = !!enabled
+    yield
+  ensure
+    ActionMailer::Base.perform_deliveries = was_enabled
+  end

  private
  def initialize_defaults(method_name)
    super
+    @initial_language = current_language
    set_language_if_valid Setting.default_language
    from Setting.mail_from
    
-    # URL options
-    h = Setting.host_name
-    h = h.to_s.gsub(%r{\/.*$}, '') unless ActionController::AbstractRequest.relative_url_root.blank?
-    default_url_options[:host] = h
-    default_url_options[:protocol] = Setting.protocol
-    
    # Common headers
    headers 'X-Mailer' => 'Redmine',
            'X-Redmine-Host' => Setting.host_name,
-            'X-Redmine-Site' => Setting.app_title
+            'X-Redmine-Site' => Setting.app_title,
+            'Precedence' => 'bulk',
+            'Auto-Submitted' => 'auto-generated'
  end

  # Appends a Redmine header field (name is prepended with 'X-Redmine-')
@@ -205,9 +344,10 @@ class Mailer < ActionMailer::Base
  def create_mail
    # Removes the current user from the recipients and cc
    # if he doesn't want to receive notifications about what he does
-    if User.current.pref[:no_self_notified]
-      recipients.delete(User.current.mail) if recipients
-      cc.delete(User.current.mail) if cc
+    @author ||= User.current
+    if @author.pref[:no_self_notified]
+      recipients.delete(@author.mail) if recipients
+      cc.delete(@author.mail) if cc
    end
    # Blind carbon copy recipients
    if Setting.bcc_recipients?
@@ -218,30 +358,57 @@ class Mailer < ActionMailer::Base
    super
  end

-  # Renders a message with the corresponding layout
-  def render_message(method_name, body)
-    layout = method_name.match(%r{text\.html\.(rhtml|rxml)}) ? 'layout.text.html.rhtml' : 'layout.text.plain.rhtml'
-    body[:content_for_layout] = render(:file => method_name, :body => body)
-    ActionView::Base.new(template_root, body, self).render(:file => "mailer/#{layout}", :use_full_path => true)
-  end
-
-  # for the case of plain text only
-  def body(*params)
-    value = super(*params)
+  # Rails 2.3 has problems rendering implicit multipart messages with
+  # layouts so this method will wrap an multipart messages with
+  # explicit parts.
+  #
+  # https://rails.lighthouseapp.com/projects/8994/tickets/2338-actionmailer-mailer-views-and-content-type
+  # https://rails.lighthouseapp.com/projects/8994/tickets/1799-actionmailer-doesnt-set-template_format-when-rendering-layouts
+  
+  def render_multipart(method_name, body)
    if Setting.plain_text_mail?
-      templates = Dir.glob("#{template_path}/#{@template}.text.plain.{rhtml,erb}")
-      unless String === @body or templates.empty?
-        template = File.basename(templates.first)
-        @body[:content_for_layout] = render(:file => template, :body => @body)
-        @body = ActionView::Base.new(template_root, @body, self).render(:file => "mailer/layout.text.plain.rhtml", :use_full_path => true)
-        return @body
-      end
+      content_type "text/plain"
+      body render(:file => "#{method_name}.text.plain.rhtml", :body => body, :layout => 'mailer.text.plain.erb')
+    else
+      content_type "multipart/alternative"
+      part :content_type => "text/plain", :body => render(:file => "#{method_name}.text.plain.rhtml", :body => body, :layout => 'mailer.text.plain.erb')
+      part :content_type => "text/html", :body => render_message("#{method_name}.text.html.rhtml", body)
    end
-    return value
  end

  # Makes partial rendering work with Rails 1.2 (retro-compatibility)
  def self.controller_path
    ''
  end unless respond_to?('controller_path')
+  
+  # Returns a predictable Message-Id for the given object
+  def self.message_id_for(object)
+    # id + timestamp should reduce the odds of a collision
+    # as far as we don't send multiple emails for the same object
+    timestamp = object.send(object.respond_to?(:created_on) ? :created_on : :updated_on) 
+    hash = "redmine.#{object.class.name.demodulize.underscore}-#{object.id}.#{timestamp.strftime("%Y%m%d%H%M%S")}"
+    host = Setting.mail_from.to_s.gsub(%r{^.*@}, '')
+    host = "#{::Socket.gethostname}.redmine" if host.empty?
+    "<#{hash}@#{host}>"
+  end
+  
+  private
+  
+  def message_id(object)
+    @message_id_object = object
+  end
+  
+  def references(object)
+    @references_objects ||= []
+    @references_objects << object
+  end
+end
+
+# Patch TMail so that message_id is not overwritten
+module TMail
+  class Mail
+    def add_message_id( fqdn = nil )
+      self.message_id ||= ::TMail::new_message_id(fqdn)
+    end
+  end
 end
--- a/app/models/member.rb
+++ b/app/models/member.rb
@@ -1,5 +1,5 @@
-# redMine - project management software
-# Copyright (C) 2006  Jean-Philippe Lang
+# Redmine - project management software
+# Copyright (C) 2006-2009  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -17,26 +17,73 @@

 class Member < ActiveRecord::Base
  belongs_to :user
-  belongs_to :role
+  belongs_to :principal, :foreign_key => 'user_id'
+  has_many :member_roles, :dependent => :destroy
+  has_many :roles, :through => :member_roles
  belongs_to :project

-  validates_presence_of :role, :user, :project
+  validates_presence_of :principal, :project
  validates_uniqueness_of :user_id, :scope => :project_id

-  def validate
-    errors.add :role_id, :activerecord_error_invalid if role && !role.member?
-  end
+  after_destroy :unwatch_from_permission_change
  
  def name
    self.user.name
  end
  
+  alias :base_role_ids= :role_ids=
+  def role_ids=(arg)
+    ids = (arg || []).collect(&:to_i) - [0]
+    # Keep inherited roles
+    ids += member_roles.select {|mr| !mr.inherited_from.nil?}.collect(&:role_id)
+    
+    new_role_ids = ids - role_ids
+    # Add new roles
+    new_role_ids.each {|id| member_roles << MemberRole.new(:role_id => id) }
+    # Remove roles (Rails' #role_ids= will not trigger MemberRole#on_destroy)
+    member_roles_to_destroy = member_roles.select {|mr| !ids.include?(mr.role_id)}
+    if member_roles_to_destroy.any?
+      member_roles_to_destroy.each(&:destroy)
+      unwatch_from_permission_change
+    end
+  end
+  
  def <=>(member)
-    role == member.role ? (user <=> member.user) : (role <=> member.role)
+    a, b = roles.sort.first, member.roles.sort.first
+    a == b ? (principal <=> member.principal) : (a <=> b)
+  end
+  
+  def deletable?
+    member_roles.detect {|mr| mr.inherited_from}.nil?
+  end
+  
+  def include?(user)
+    if principal.is_a?(Group)
+      !user.nil? && user.groups.include?(principal)
+    else
+      self.user == user
+    end
  end
  
  def before_destroy
-    # remove category based auto assignments for this member
-    IssueCategory.update_all "assigned_to_id = NULL", ["project_id = ? AND assigned_to_id = ?", project.id, user.id]
+    if user
+      # remove category based auto assignments for this member
+      IssueCategory.update_all "assigned_to_id = NULL", ["project_id = ? AND assigned_to_id = ?", project.id, user.id]
+    end
+  end
+  
+  protected
+  
+  def validate
+    errors.add_to_base "Role can't be blank" if member_roles.empty? && roles.empty?
+  end
+  
+  private
+  
+  # Unwatch things that the user is no longer allowed to view inside project
+  def unwatch_from_permission_change
+    if user
+      Watcher.prune(:user => user, :project => project)
+    end
  end
 end
--- a/app/models/member_role.rb
+++ b/app/models/member_role.rb
@@ -0,0 +1,63 @@
+# Redmine - project management software
+# Copyright (C) 2006-2009  Jean-Philippe Lang
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+# 
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+
+class MemberRole < ActiveRecord::Base
+  belongs_to :member
+  belongs_to :role
+  
+  after_destroy :remove_member_if_empty
+
+  after_create :add_role_to_group_users
+  after_destroy :remove_role_from_group_users
+  
+  validates_presence_of :role
+  
+  def validate
+    errors.add :role_id, :invalid if role && !role.member?
+  end
+  
+  def inherited?
+    !inherited_from.nil?
+  end
+  
+  private
+  
+  def remove_member_if_empty
+    if member.roles.empty?
+      member.destroy
+    end
+  end
+  
+  def add_role_to_group_users
+    if member.principal.is_a?(Group)
+      member.principal.users.each do |user|
+        user_member = Member.find_by_project_id_and_user_id(member.project_id, user.id) || Member.new(:project_id => member.project_id, :user_id => user.id)
+        user_member.member_roles << MemberRole.new(:role => role, :inherited_from => id)
+        user_member.save!
+      end
+    end
+  end
+  
+  def remove_role_from_group_users
+    MemberRole.find(:all, :conditions => { :inherited_from => id }).group_by(&:member).each do |member, member_roles|
+      member_roles.each(&:destroy)
+      if member && member.user
+        Watcher.prune(:user => member.user, :project => member.project)
+      end
+    end
+  end
+end
--- a/app/models/message.rb
+++ b/app/models/message.rb
@@ -19,11 +19,11 @@ class Message < ActiveRecord::Base
  belongs_to :board
  belongs_to :author, :class_name => 'User', :foreign_key => 'author_id'
  acts_as_tree :counter_cache => :replies_count, :order => "#{Message.table_name}.created_on ASC"
-  has_many :attachments, :as => :container, :dependent => :destroy
+  acts_as_attachable
  belongs_to :last_reply, :class_name => 'Message', :foreign_key => 'last_reply_id'
  
  acts_as_searchable :columns => ['subject', 'content'],
-                     :include => {:board, :project},
+                     :include => {:board => :project},
                     :project_key => 'project_id',
                     :date_column => "#{table_name}.created_on"
  acts_as_event :title => Proc.new {|o| "#{o.board.name}: #{o.subject}"},
@@ -37,32 +37,41 @@ class Message < ActiveRecord::Base
  acts_as_watchable
    
  attr_protected :locked, :sticky
-  validates_presence_of :subject, :content
+  validates_presence_of :board, :subject, :content
  validates_length_of :subject, :maximum => 255
  
  after_create :add_author_as_watcher
  
+  def visible?(user=User.current)
+    !user.nil? && user.allowed_to?(:view_messages, project)
+  end
+  
  def validate_on_create
    # Can not reply to a locked topic
    errors.add_to_base 'Topic is locked' if root.locked? && self != root
  end
  
  def after_create
-    board.update_attribute(:last_message_id, self.id)
-    board.increment! :messages_count
    if parent
      parent.reload.update_attribute(:last_reply_id, self.id)
-    else
-      board.increment! :topics_count
+    end
+    board.reset_counters!
+  end
+  
+  def after_update
+    if board_id_changed?
+      Message.update_all("board_id = #{board_id}", ["id = ? OR parent_id = ?", root.id, root.id])
+      Board.reset_counters!(board_id_was)
+      Board.reset_counters!(board_id)
    end
  end
  
  def after_destroy
-    # The following line is required so that the previous counter
-    # updates (due to children removal) are not overwritten
-    board.reload
-    board.decrement! :messages_count
-    board.decrement! :topics_count unless parent
+    board.reset_counters!
+  end
+  
+  def sticky=(arg)
+    write_attribute :sticky, (arg == true || arg.to_s == '1' ? 1 : 0)
  end
  
  def sticky?
@@ -81,6 +90,13 @@ class Message < ActiveRecord::Base
    usr && usr.logged? && (usr.allowed_to?(:delete_messages, project) || (self.author == usr && usr.allowed_to?(:delete_own_messages, project)))
  end
  
+  # Returns the mail adresses of users that should be notified
+  def recipients
+    notified = project.notified_users
+    notified.reject! {|user| !visible?(user)}
+    notified.collect(&:mail)
+  end
+  
  private
  
  def add_author_as_watcher
--- a/app/models/message_observer.rb
+++ b/app/models/message_observer.rb
@@ -17,14 +17,6 @@

 class MessageObserver < ActiveRecord::Observer
  def after_create(message)
-    recipients = []
-    # send notification to the topic watchers
-    recipients += message.root.watcher_recipients
-    # send notification to the board watchers
-    recipients += message.board.watcher_recipients
-    # send notification to project members who want to be notified
-    recipients += message.board.project.recipients
-    recipients = recipients.compact.uniq
-    Mailer.deliver_message_posted(message, recipients) if !recipients.empty? && Setting.notified_events.include?('message_posted')
+    Mailer.deliver_message_posted(message) if Setting.notified_events.include?('message_posted')
  end
 end
--- a/app/models/news.rb
+++ b/app/models/news.rb
@@ -24,11 +24,22 @@ class News < ActiveRecord::Base
  validates_length_of :title, :maximum => 60
  validates_length_of :summary, :maximum => 255

-  acts_as_searchable :columns => ['title', "#{table_name}.description"], :include => :project
+  acts_as_searchable :columns => ['title', 'summary', "#{table_name}.description"], :include => :project
  acts_as_event :url => Proc.new {|o| {:controller => 'news', :action => 'show', :id => o.id}}
  acts_as_activity_provider :find_options => {:include => [:project, :author]},
                            :author_key => :author_id
  
+  def visible?(user=User.current)
+    !user.nil? && user.allowed_to?(:view_news, project)
+  end
+  
+  # Returns the mail adresses of users that should be notified
+  def recipients
+    notified = project.notified_users
+    notified.reject! {|user| !visible?(user)}
+    notified.collect(&:mail)
+  end
+  
  # returns latest news for projects visible by user
  def self.latest(user = User.current, count = 5)
    find(:all, :limit => count, :conditions => Project.allowed_to_condition(user, :view_news), :include => [ :author, :project ], :order => "#{News.table_name}.created_on DESC")	
--- a/app/models/news_observer.rb
+++ b/app/models/news_observer.rb
@@ -0,0 +1,22 @@
+# redMine - project management software
+# Copyright (C) 2006-2007  Jean-Philippe Lang
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+# 
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+
+class NewsObserver < ActiveRecord::Observer
+  def after_create(news)
+    Mailer.deliver_news_added(news) if Setting.notified_events.include?('news_added')
+  end
+end
--- a/app/models/principal.rb
+++ b/app/models/principal.rb
@@ -0,0 +1,57 @@
+# Redmine - project management software
+# Copyright (C) 2006-2009  Jean-Philippe Lang
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+# 
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+
+class Principal < ActiveRecord::Base
+  set_table_name "#{table_name_prefix}users#{table_name_suffix}"
+
+  has_many :members, :foreign_key => 'user_id', :dependent => :destroy
+  has_many :memberships, :class_name => 'Member', :foreign_key => 'user_id', :include => [ :project, :roles ], :conditions => "#{Project.table_name}.status=#{Project::STATUS_ACTIVE}", :order => "#{Project.table_name}.name"
+  has_many :projects, :through => :memberships
+
+  # Groups and active users
+  named_scope :active, :conditions => "#{Principal.table_name}.type='Group' OR (#{Principal.table_name}.type='User' AND #{Principal.table_name}.status = 1)"
+  
+  named_scope :like, lambda {|q| 
+    s = "%#{q.to_s.strip.downcase}%"
+    {:conditions => ["LOWER(login) LIKE :s OR LOWER(firstname) LIKE :s OR LOWER(lastname) LIKE :s OR LOWER(mail) LIKE :s", {:s => s}],
+     :order => 'type, login, lastname, firstname, mail'
+    }
+  }
+  
+  before_create :set_default_empty_values
+  
+  def <=>(principal)
+    if self.class.name == principal.class.name
+      self.to_s.downcase <=> principal.to_s.downcase
+    else
+      # groups after users
+      principal.class.name <=> self.class.name
+    end
+  end
+  
+  protected
+  
+  # Make sure we don't try to insert NULL values (see #4632)
+  def set_default_empty_values
+    self.login ||= ''
+    self.hashed_password ||= ''
+    self.firstname ||= ''
+    self.lastname ||= ''
+    self.mail ||= ''
+    true
+  end
+end
--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -20,8 +20,16 @@ class Project < ActiveRecord::Base
  STATUS_ACTIVE     = 1
  STATUS_ARCHIVED   = 9
  
-  has_many :members, :include => :user, :conditions => "#{User.table_name}.status=#{User::STATUS_ACTIVE}"
+  # Specific overidden Activities
+  has_many :time_entry_activities
+  has_many :members, :include => [:user, :roles], :conditions => "#{User.table_name}.type='User' AND #{User.table_name}.status=#{User::STATUS_ACTIVE}"
+  has_many :memberships, :class_name => 'Member'
+  has_many :member_principals, :class_name => 'Member', 
+                               :include => :principal,
+                               :conditions => "#{Principal.table_name}.type='Group' OR (#{Principal.table_name}.type='User' AND #{Principal.table_name}.status=#{User::STATUS_ACTIVE})"
  has_many :users, :through => :members
+  has_many :principals, :through => :member_principals, :source => :principal
+  
  has_many :enabled_modules, :dependent => :delete_all
  has_and_belongs_to_many :trackers, :order => "#{Tracker.table_name}.position"
  has_many :issues, :dependent => :destroy, :order => "#{Issue.table_name}.created_on DESC", :include => [:status, :tracker]
@@ -43,10 +51,12 @@ class Project < ActiveRecord::Base
                          :join_table => "#{table_name_prefix}custom_fields_projects#{table_name_suffix}",
                          :association_foreign_key => 'custom_field_id'
                          
-  acts_as_tree :order => "name", :counter_cache => true
+  acts_as_nested_set :order => 'name'
+  acts_as_attachable :view_permission => :view_files,
+                     :delete_permission => :manage_files

  acts_as_customizable
-  acts_as_searchable :columns => ['name', 'description'], :project_key => 'id', :permission => nil
+  acts_as_searchable :columns => ['name', 'identifier', 'description'], :project_key => 'id', :permission => nil
  acts_as_event :title => Proc.new {|o| "#{l(:label_project)}: #{o.name}"},
                :url => Proc.new {|o| {:controller => 'projects', :action => 'show', :id => o.id}},
                :author => nil
@@ -58,12 +68,18 @@ class Project < ActiveRecord::Base
  validates_associated :repository, :wiki
  validates_length_of :name, :maximum => 30
  validates_length_of :homepage, :maximum => 255
-  validates_length_of :identifier, :in => 3..20
-  validates_format_of :identifier, :with => /^[a-z0-9\-]*$/
-  
-  before_destroy :delete_all_members
+  validates_length_of :identifier, :in => 1..20
+  # donwcase letters, digits, dashes but not digits only
+  validates_format_of :identifier, :with => /^(?!\d+$)[a-z0-9\-]*$/, :if => Proc.new { |p| p.identifier_changed? }
+  # reserved words
+  validates_exclusion_of :identifier, :in => %w( new )
+
+  before_destroy :delete_all_members, :destroy_children

  named_scope :has_module, lambda { |mod| { :conditions => ["#{Project.table_name}.id IN (SELECT em.project_id FROM #{EnabledModule.table_name} em WHERE em.name=?)", mod.to_s] } }
+  named_scope :active, { :conditions => "#{Project.table_name}.status = #{STATUS_ACTIVE}"}
+  named_scope :all_public, { :conditions => { :is_public => true } }
+  named_scope :visible, lambda { { :conditions => Project.visible_by(User.current) } }
  
  def identifier=(identifier)
    super unless identifier_frozen?
@@ -72,21 +88,6 @@ class Project < ActiveRecord::Base
  def identifier_frozen?
    errors[:identifier].nil? && !(new_record? || identifier.blank?)
  end
-  
-  def issues_with_subprojects(include_subprojects=false)
-    conditions = nil
-    if include_subprojects
-      ids = [id] + child_ids
-      conditions = ["#{Project.table_name}.id IN (#{ids.join(',')}) AND #{Project.visible_by}"]
-    end
-    conditions ||= ["#{Project.table_name}.id = ?", id]
-    # Quick and dirty fix for Rails 2 compatibility
-    Issue.send(:with_scope, :find => { :conditions => conditions }) do 
-      Version.send(:with_scope, :find => { :conditions => conditions }) do
-        yield
-      end
-    end 
-  end

  # returns latest created projects
  # non public projects will be returned only if user is a member of those
@@ -94,6 +95,11 @@ class Project < ActiveRecord::Base
    find(:all, :limit => count, :conditions => visible_by(user), :order => "created_on DESC")	
  end	

+  # Returns a SQL :conditions string used to find all active projects for the specified user.
+  #
+  # Examples:
+  #     Projects.visible_by(admin)        => "projects.status = 1"
+  #     Projects.visible_by(normal_user)  => "projects.status = 1 AND projects.is_public = 1"
  def self.visible_by(user=nil)
    user ||= User.current
    if user && user.admin?
@@ -111,12 +117,12 @@ class Project < ActiveRecord::Base
    if perm = Redmine::AccessControl.permission(permission)
      unless perm.project_module.nil?
        # If the permission belongs to a project module, make sure the module is enabled
-        base_statement << " AND EXISTS (SELECT em.id FROM #{EnabledModule.table_name} em WHERE em.name='#{perm.project_module}' AND em.project_id=#{Project.table_name}.id)"
+        base_statement << " AND #{Project.table_name}.id IN (SELECT em.project_id FROM #{EnabledModule.table_name} em WHERE em.name='#{perm.project_module}')"
      end
    end
    if options[:project]
      project_statement = "#{Project.table_name}.id = #{options[:project].id}"
-      project_statement << " OR #{Project.table_name}.parent_id = #{options[:project].id}" if options[:with_subprojects]
+      project_statement << " OR (#{Project.table_name}.lft > #{options[:project].lft} AND #{Project.table_name}.rgt < #{options[:project].rgt})" if options[:with_subprojects]
      base_statement = "(#{project_statement}) AND (#{base_statement})"
    end
    if user.admin?
@@ -124,22 +130,74 @@ class Project < ActiveRecord::Base
    else
      statements << "1=0"
      if user.logged?
-        statements << "#{Project.table_name}.is_public = #{connection.quoted_true}" if Role.non_member.allowed_to?(permission)
-        allowed_project_ids = user.memberships.select {|m| m.role.allowed_to?(permission)}.collect {|m| m.project_id}
+        if Role.non_member.allowed_to?(permission) && !options[:member]
+          statements << "#{Project.table_name}.is_public = #{connection.quoted_true}"
+        end
+        allowed_project_ids = user.memberships.select {|m| m.roles.detect {|role| role.allowed_to?(permission)}}.collect {|m| m.project_id}
        statements << "#{Project.table_name}.id IN (#{allowed_project_ids.join(',')})" if allowed_project_ids.any?
-      elsif Role.anonymous.allowed_to?(permission)
-        # anonymous user allowed on public project
-        statements << "#{Project.table_name}.is_public = #{connection.quoted_true}" 
      else
-        # anonymous user is not authorized
+        if Role.anonymous.allowed_to?(permission) && !options[:member]
+          # anonymous user allowed on public project
+          statements << "#{Project.table_name}.is_public = #{connection.quoted_true}"
+        end 
      end
    end
    statements.empty? ? base_statement : "((#{base_statement}) AND (#{statements.join(' OR ')}))"
  end
+
+  # Returns the Systemwide and project specific activities
+  def activities(include_inactive=false)
+    if include_inactive
+      return all_activities
+    else
+      return active_activities
+    end
+  end
+
+  # Will create a new Project specific Activity or update an existing one
+  #
+  # This will raise a ActiveRecord::Rollback if the TimeEntryActivity
+  # does not successfully save.
+  def update_or_create_time_entry_activity(id, activity_hash)
+    if activity_hash.respond_to?(:has_key?) && activity_hash.has_key?('parent_id')
+      self.create_time_entry_activity_if_needed(activity_hash)
+    else
+      activity = project.time_entry_activities.find_by_id(id.to_i)
+      activity.update_attributes(activity_hash) if activity
+    end
+  end
  
+  # Create a new TimeEntryActivity if it overrides a system TimeEntryActivity
+  #
+  # This will raise a ActiveRecord::Rollback if the TimeEntryActivity
+  # does not successfully save.
+  def create_time_entry_activity_if_needed(activity)
+    if activity['parent_id']
+    
+      parent_activity = TimeEntryActivity.find(activity['parent_id'])
+      activity['name'] = parent_activity.name
+      activity['position'] = parent_activity.position
+
+      if Enumeration.overridding_change?(activity, parent_activity)
+        project_activity = self.time_entry_activities.create(activity)
+
+        if project_activity.new_record?
+          raise ActiveRecord::Rollback, "Overridding TimeEntryActivity was not successfully saved"
+        else
+          self.time_entries.update_all("activity_id = #{project_activity.id}", ["activity_id = ?", parent_activity.id])
+        end
+      end
+    end
+  end
+
+  # Returns a :conditions SQL string that can be used to find the issues associated with this project.
+  #
+  # Examples:
+  #   project.project_condition(true)  => "(projects.id = 1 OR (projects.lft > 1 AND projects.rgt < 10))"
+  #   project.project_condition(false) => "projects.id = 1"
  def project_condition(with_subprojects)
    cond = "#{Project.table_name}.id = #{id}"
-    cond = "(#{cond} OR #{Project.table_name}.parent_id = #{id})" if with_subprojects
+    cond = "(#{cond} OR (#{Project.table_name}.lft > #{lft} AND #{Project.table_name}.rgt < #{rgt}))" if with_subprojects
    cond
  end
  
@@ -162,40 +220,157 @@ class Project < ActiveRecord::Base
    self.status == STATUS_ACTIVE
  end
  
+  # Archives the project and its descendants
  def archive
-    # Archive subprojects if any
-    children.each do |subproject|
-      subproject.archive
+    # Check that there is no issue of a non descendant project that is assigned
+    # to one of the project or descendant versions
+    v_ids = self_and_descendants.collect {|p| p.version_ids}.flatten
+    if v_ids.any? && Issue.find(:first, :include => :project,
+                                        :conditions => ["(#{Project.table_name}.lft < ? OR #{Project.table_name}.rgt > ?)" +
+                                                        " AND #{Issue.table_name}.fixed_version_id IN (?)", lft, rgt, v_ids])
+      return false
    end
-    update_attribute :status, STATUS_ARCHIVED
+    Project.transaction do
+      archive!
+    end
+    true
  end
  
+  # Unarchives the project
+  # All its ancestors must be active
  def unarchive
-    return false if parent && !parent.active?
+    return false if ancestors.detect {|a| !a.active?}
    update_attribute :status, STATUS_ACTIVE
  end
  
-  def active_children
-    children.select {|child| child.active?}
+  # Returns an array of projects the project can be moved to
+  # by the current user
+  def allowed_parents
+    return @allowed_parents if @allowed_parents
+    @allowed_parents = Project.find(:all, :conditions => Project.allowed_to_condition(User.current, :add_subprojects))
+    @allowed_parents = @allowed_parents - self_and_descendants
+    if User.current.allowed_to?(:add_project, nil, :global => true) || (!new_record? && parent.nil?)
+      @allowed_parents << nil
+    end
+    unless parent.nil? || @allowed_parents.empty? || @allowed_parents.include?(parent)
+      @allowed_parents << parent
+    end
+    @allowed_parents
  end
  
-  # Returns an array of the trackers used by the project and its sub projects
+  # Sets the parent of the project with authorization check
+  def set_allowed_parent!(p)
+    unless p.nil? || p.is_a?(Project)
+      if p.to_s.blank?
+        p = nil
+      else
+        p = Project.find_by_id(p)
+        return false unless p
+      end
+    end
+    if p.nil?
+      if !new_record? && allowed_parents.empty?
+        return false
+      end
+    elsif !allowed_parents.include?(p)
+      return false
+    end
+    set_parent!(p)
+  end
+  
+  # Sets the parent of the project
+  # Argument can be either a Project, a String, a Fixnum or nil
+  def set_parent!(p)
+    unless p.nil? || p.is_a?(Project)
+      if p.to_s.blank?
+        p = nil
+      else
+        p = Project.find_by_id(p)
+        return false unless p
+      end
+    end
+    if p == parent && !p.nil?
+      # Nothing to do
+      true
+    elsif p.nil? || (p.active? && move_possible?(p))
+      # Insert the project so that target's children or root projects stay alphabetically sorted
+      sibs = (p.nil? ? self.class.roots : p.children)
+      to_be_inserted_before = sibs.detect {|c| c.name.to_s.downcase > name.to_s.downcase }
+      if to_be_inserted_before
+        move_to_left_of(to_be_inserted_before)
+      elsif p.nil?
+        if sibs.empty?
+          # move_to_root adds the project in first (ie. left) position
+          move_to_root
+        else
+          move_to_right_of(sibs.last) unless self == sibs.last
+        end
+      else
+        # move_to_child_of adds the project in last (ie.right) position
+        move_to_child_of(p)
+      end
+      Issue.update_versions_from_hierarchy_change(self)
+      true
+    else
+      # Can not move to the given target
+      false
+    end
+  end
+  
+  # Returns an array of the trackers used by the project and its active sub projects
  def rolled_up_trackers
    @rolled_up_trackers ||=
      Tracker.find(:all, :include => :projects,
                         :select => "DISTINCT #{Tracker.table_name}.*",
-                         :conditions => ["#{Project.table_name}.id = ? OR #{Project.table_name}.parent_id = ?", id, id],
+                         :conditions => ["#{Project.table_name}.lft >= ? AND #{Project.table_name}.rgt <= ? AND #{Project.table_name}.status = #{STATUS_ACTIVE}", lft, rgt],
                         :order => "#{Tracker.table_name}.position")
  end
  
+  # Closes open and locked project versions that are completed
+  def close_completed_versions
+    Version.transaction do
+      versions.find(:all, :conditions => {:status => %w(open locked)}).each do |version|
+        if version.completed?
+          version.update_attribute(:status, 'closed')
+        end
+      end
+    end
+  end
+  
+  # Returns a scope of the Versions used by the project
+  def shared_versions
+    @shared_versions ||= 
+      Version.scoped(:include => :project,
+                     :conditions => "#{Project.table_name}.id = #{id}" +
+                                    " OR (#{Project.table_name}.status = #{Project::STATUS_ACTIVE} AND (" +
+                                          " #{Version.table_name}.sharing = 'system'" +
+                                          " OR (#{Project.table_name}.lft >= #{root.lft} AND #{Project.table_name}.rgt <= #{root.rgt} AND #{Version.table_name}.sharing = 'tree')" +
+                                          " OR (#{Project.table_name}.lft < #{lft} AND #{Project.table_name}.rgt > #{rgt} AND #{Version.table_name}.sharing IN ('hierarchy', 'descendants'))" +
+                                          " OR (#{Project.table_name}.lft > #{lft} AND #{Project.table_name}.rgt < #{rgt} AND #{Version.table_name}.sharing = 'hierarchy')" +
+                                          "))")
+  end
+
+  # Returns a hash of project users grouped by role
+  def users_by_role
+    members.find(:all, :include => [:user, :roles]).inject({}) do |h, m|
+      m.roles.each do |r|
+        h[r] ||= []
+        h[r] << m.user
+      end
+      h
+    end
+  end
+  
  # Deletes all project's members
  def delete_all_members
+    me, mr = Member.table_name, MemberRole.table_name
+    connection.delete("DELETE FROM #{mr} WHERE #{mr}.member_id IN (SELECT #{me}.id FROM #{me} WHERE #{me}.project_id = #{id})")
    Member.delete_all(['project_id = ?', id])
  end
  
  # Users issues can be assigned to
  def assignable_users
-    members.select {|m| m.role.assignable?}.collect {|m| m.user}.sort
+    members.select {|m| m.roles.detect {|role| role.assignable?}}.collect {|m| m.user}.sort
  end
  
  # Returns the mail adresses of users that should be always notified on project events
@@ -203,6 +378,11 @@ class Project < ActiveRecord::Base
    members.select {|m| m.mail_notification? || m.user.mail_notification?}.collect {|m| m.user.mail}
  end
  
+  # Returns the users that should be notified on project events
+  def notified_users
+    members.select {|m| m.mail_notification? || m.user.mail_notification?}.collect {|m| m.user}
+  end
+  
  # Returns an array of all custom fields enabled for project issues
  # (explictly associated custom fields and custom fields enabled for all projects)
  def all_issue_custom_fields
@@ -223,9 +403,13 @@ class Project < ActiveRecord::Base
  
  # Returns a short description of the projects (first lines)
  def short_description(length = 255)
-    description.gsub(/^(.{#{length}}[^\n]*).*$/m, '\1').strip if description
+    description.gsub(/^(.{#{length}}[^\n\r]*).*$/m, '\1...').strip if description
  end
  
+  # Return true if this project is allowed to do the specified action.
+  # action can be:
+  # * a parameter-like Hash (eg. :controller => 'projects', :action => 'edit')
+  # * a permission Symbol (eg. :edit_project)
  def allows_to?(action)
    if action.is_a? Hash
      allowed_actions.include? "#{action[:controller]}/#{action[:action]}"
@@ -240,10 +424,14 @@ class Project < ActiveRecord::Base
  end
  
  def enabled_module_names=(module_names)
-    enabled_modules.clear
-    module_names = [] unless module_names && module_names.is_a?(Array)
-    module_names.each do |name|
-      enabled_modules << EnabledModule.new(:name => name.to_s)
+    if module_names && module_names.is_a?(Array)
+      module_names = module_names.collect(&:to_s)
+      # remove disabled modules
+      enabled_modules.each {|mod| mod.destroy unless module_names.include?(mod.name)}
+      # add new modules
+      module_names.reject {|name| module_enabled?(name)}.each {|name| enabled_modules << EnabledModule.new(:name => name)}
+    else
+      enabled_modules.clear
    end
  end
  
@@ -253,14 +441,202 @@ class Project < ActiveRecord::Base
    p.nil? ? nil : p.identifier.to_s.succ
  end

-protected
-  def validate
-    errors.add(parent_id, " must be a root project") if parent and parent.parent
-    errors.add_to_base("A project with subprojects can't be a subproject") if parent and children.size > 0
-    errors.add(:identifier, :activerecord_error_invalid) if !identifier.blank? && identifier.match(/^\d*$/)
+  # Copies and saves the Project instance based on the +project+.
+  # Duplicates the source project's:
+  # * Wiki
+  # * Versions
+  # * Categories
+  # * Issues
+  # * Members
+  # * Queries
+  #
+  # Accepts an +options+ argument to specify what to copy
+  #
+  # Examples:
+  #   project.copy(1)                                    # => copies everything
+  #   project.copy(1, :only => 'members')                # => copies members only
+  #   project.copy(1, :only => ['members', 'versions'])  # => copies members and versions
+  def copy(project, options={})
+    project = project.is_a?(Project) ? project : Project.find(project)
+    
+    to_be_copied = %w(wiki versions issue_categories issues members queries boards)
+    to_be_copied = to_be_copied & options[:only].to_a unless options[:only].nil?
+    
+    Project.transaction do
+      if save
+        reload
+        to_be_copied.each do |name|
+          send "copy_#{name}", project
+        end
+        Redmine::Hook.call_hook(:model_project_copy_before_save, :source_project => project, :destination_project => self)
+        save
+      end
+    end
+  end
+
+  
+  # Copies +project+ and returns the new instance.  This will not save
+  # the copy
+  def self.copy_from(project)
+    begin
+      project = project.is_a?(Project) ? project : Project.find(project)
+      if project
+        # clear unique attributes
+        attributes = project.attributes.dup.except('id', 'name', 'identifier', 'status', 'parent_id', 'lft', 'rgt')
+        copy = Project.new(attributes)
+        copy.enabled_modules = project.enabled_modules
+        copy.trackers = project.trackers
+        copy.custom_values = project.custom_values.collect {|v| v.clone}
+        copy.issue_custom_fields = project.issue_custom_fields
+        return copy
+      else
+        return nil
+      end
+    rescue ActiveRecord::RecordNotFound
+      return nil
+    end
+  end
+  
+  private
+  
+  # Destroys children before destroying self
+  def destroy_children
+    children.each do |child|
+      child.destroy
+    end
+  end
+  
+  # Copies wiki from +project+
+  def copy_wiki(project)
+    # Check that the source project has a wiki first
+    unless project.wiki.nil?
+      self.wiki ||= Wiki.new
+      wiki.attributes = project.wiki.attributes.dup.except("id", "project_id")
+      wiki_pages_map = {}
+      project.wiki.pages.each do |page|
+        # Skip pages without content
+        next if page.content.nil?
+        new_wiki_content = WikiContent.new(page.content.attributes.dup.except("id", "page_id", "updated_on"))
+        new_wiki_page = WikiPage.new(page.attributes.dup.except("id", "wiki_id", "created_on", "parent_id"))
+        new_wiki_page.content = new_wiki_content
+        wiki.pages << new_wiki_page
+        wiki_pages_map[page.id] = new_wiki_page
+      end
+      wiki.save
+      # Reproduce page hierarchy
+      project.wiki.pages.each do |page|
+        if page.parent_id && wiki_pages_map[page.id]
+          wiki_pages_map[page.id].parent = wiki_pages_map[page.parent_id]
+          wiki_pages_map[page.id].save
+        end
+      end
+    end
+  end
+
+  # Copies versions from +project+
+  def copy_versions(project)
+    project.versions.each do |version|
+      new_version = Version.new
+      new_version.attributes = version.attributes.dup.except("id", "project_id", "created_on", "updated_on")
+      self.versions << new_version
+    end
+  end
+
+  # Copies issue categories from +project+
+  def copy_issue_categories(project)
+    project.issue_categories.each do |issue_category|
+      new_issue_category = IssueCategory.new
+      new_issue_category.attributes = issue_category.attributes.dup.except("id", "project_id")
+      self.issue_categories << new_issue_category
+    end
+  end
+  
+  # Copies issues from +project+
+  def copy_issues(project)
+    # Stores the source issue id as a key and the copied issues as the
+    # value.  Used to map the two togeather for issue relations.
+    issues_map = {}
+    
+    project.issues.each do |issue|
+      new_issue = Issue.new
+      new_issue.copy_from(issue)
+      # Reassign fixed_versions by name, since names are unique per
+      # project and the versions for self are not yet saved
+      if issue.fixed_version
+        new_issue.fixed_version = self.versions.select {|v| v.name == issue.fixed_version.name}.first
+      end
+      # Reassign the category by name, since names are unique per
+      # project and the categories for self are not yet saved
+      if issue.category
+        new_issue.category = self.issue_categories.select {|c| c.name == issue.category.name}.first
+      end
+      self.issues << new_issue
+      issues_map[issue.id] = new_issue
+    end
+
+    # Relations after in case issues related each other
+    project.issues.each do |issue|
+      new_issue = issues_map[issue.id]
+      
+      # Relations
+      issue.relations_from.each do |source_relation|
+        new_issue_relation = IssueRelation.new
+        new_issue_relation.attributes = source_relation.attributes.dup.except("id", "issue_from_id", "issue_to_id")
+        new_issue_relation.issue_to = issues_map[source_relation.issue_to_id]
+        if new_issue_relation.issue_to.nil? && Setting.cross_project_issue_relations?
+          new_issue_relation.issue_to = source_relation.issue_to
+        end
+        new_issue.relations_from << new_issue_relation
+      end
+      
+      issue.relations_to.each do |source_relation|
+        new_issue_relation = IssueRelation.new
+        new_issue_relation.attributes = source_relation.attributes.dup.except("id", "issue_from_id", "issue_to_id")
+        new_issue_relation.issue_from = issues_map[source_relation.issue_from_id]
+        if new_issue_relation.issue_from.nil? && Setting.cross_project_issue_relations?
+          new_issue_relation.issue_from = source_relation.issue_from
+        end
+        new_issue.relations_to << new_issue_relation
+      end
+    end
+  end
+
+  # Copies members from +project+
+  def copy_members(project)
+    project.memberships.each do |member|
+      new_member = Member.new
+      new_member.attributes = member.attributes.dup.except("id", "project_id", "created_on")
+      # only copy non inherited roles
+      # inherited roles will be added when copying the group membership
+      role_ids = member.member_roles.reject(&:inherited?).collect(&:role_id)
+      next if role_ids.empty?
+      new_member.role_ids = role_ids
+      new_member.project = self
+      self.members << new_member
+    end
+  end
+
+  # Copies queries from +project+
+  def copy_queries(project)
+    project.queries.each do |query|
+      new_query = Query.new
+      new_query.attributes = query.attributes.dup.except("id", "project_id", "sort_criteria")
+      new_query.sort_criteria = query.sort_criteria if query.sort_criteria
+      new_query.project = self
+      self.queries << new_query
+    end
+  end
+
+  # Copies boards from +project+
+  def copy_boards(project)
+    project.boards.each do |board|
+      new_board = Board.new
+      new_board.attributes = board.attributes.dup.except("id", "project_id", "topics_count", "messages_count", "last_message_id")
+      new_board.project = self
+      self.boards << new_board
+    end
  end
  
-private
  def allowed_permissions
    @allowed_permissions ||= begin
      module_names = enabled_modules.collect {|m| m.name}
@@ -271,4 +647,50 @@ private
  def allowed_actions
    @actions_allowed ||= allowed_permissions.inject([]) { |actions, permission| actions += Redmine::AccessControl.allowed_actions(permission) }.flatten
  end
+
+  # Returns all the active Systemwide and project specific activities
+  def active_activities
+    overridden_activity_ids = self.time_entry_activities.collect(&:parent_id)
+    
+    if overridden_activity_ids.empty?
+      return TimeEntryActivity.shared.active
+    else
+      return system_activities_and_project_overrides
+    end
+  end
+
+  # Returns all the Systemwide and project specific activities
+  # (inactive and active)
+  def all_activities
+    overridden_activity_ids = self.time_entry_activities.collect(&:parent_id)
+
+    if overridden_activity_ids.empty?
+      return TimeEntryActivity.shared
+    else
+      return system_activities_and_project_overrides(true)
+    end
+  end
+
+  # Returns the systemwide active activities merged with the project specific overrides
+  def system_activities_and_project_overrides(include_inactive=false)
+    if include_inactive
+      return TimeEntryActivity.shared.
+        find(:all,
+             :conditions => ["id NOT IN (?)", self.time_entry_activities.collect(&:parent_id)]) +
+        self.time_entry_activities
+    else
+      return TimeEntryActivity.shared.active.
+        find(:all,
+             :conditions => ["id NOT IN (?)", self.time_entry_activities.collect(&:parent_id)]) +
+        self.time_entry_activities.active
+    end
+  end
+  
+  # Archives subprojects recursively
+  def archive!
+    children.each do |subproject|
+      subproject.send :archive!
+    end
+    update_attribute :status, STATUS_ARCHIVED
+  end
 end
--- a/app/models/query.rb
+++ b/app/models/query.rb
@@ -16,26 +16,42 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class QueryColumn  
-  attr_accessor :name, :sortable, :default_order
-  include GLoc
+  attr_accessor :name, :sortable, :groupable, :default_order
+  include Redmine::I18n
  
  def initialize(name, options={})
    self.name = name
    self.sortable = options[:sortable]
+    self.groupable = options[:groupable] || false
+    if groupable == true
+      self.groupable = name.to_s
+    end
    self.default_order = options[:default_order]
  end
  
  def caption
-    set_language_if_valid(User.current.language)
    l("field_#{name}")
  end
+  
+  # Returns true if the column is sortable, otherwise false
+  def sortable?
+    !sortable.nil?
+  end
+  
+  def value(issue)
+    issue.send name
+  end
 end

 class QueryCustomFieldColumn < QueryColumn

  def initialize(custom_field)
    self.name = "cf_#{custom_field.id}".to_sym
-    self.sortable = false
+    self.sortable = custom_field.order_statement || false
+    if %w(list date bool int).include?(custom_field.field_format)
+      self.groupable = custom_field.order_statement
+    end
+    self.groupable ||= false
    @cf = custom_field
  end
  
@@ -46,13 +62,22 @@ class QueryCustomFieldColumn < QueryColumn
  def custom_field
    @cf
  end
+  
+  def value(issue)
+    cv = issue.custom_values.detect {|v| v.custom_field_id == @cf.id}
+    cv && @cf.cast_value(cv.value)
+  end
 end

 class Query < ActiveRecord::Base
+  class StatementInvalid < ::ActiveRecord::StatementInvalid
+  end
+  
  belongs_to :project
  belongs_to :user
  serialize :filters
  serialize :column_names
+  serialize :sort_criteria, Array
  
  attr_protected :project_id, :user_id
  
@@ -65,8 +90,8 @@ class Query < ActiveRecord::Base
                  "c"   => :label_closed_issues,
                  "!*"  => :label_none,
                  "*"   => :label_all,
-                  ">="   => '>=',
-                  "<="   => '<=',
+                  ">="  => :label_greater_or_equal,
+                  "<="  => :label_less_or_equal,
                  "<t+" => :label_in_less_than,
                  ">t+" => :label_in_more_than,
                  "t+"  => :label_in,
@@ -93,19 +118,20 @@ class Query < ActiveRecord::Base
  cattr_reader :operators_by_filter_type

  @@available_columns = [
-    QueryColumn.new(:tracker, :sortable => "#{Tracker.table_name}.position"),
-    QueryColumn.new(:status, :sortable => "#{IssueStatus.table_name}.position"),
-    QueryColumn.new(:priority, :sortable => "#{Enumeration.table_name}.position", :default_order => 'desc'),
+    QueryColumn.new(:project, :sortable => "#{Project.table_name}.name", :groupable => true),
+    QueryColumn.new(:tracker, :sortable => "#{Tracker.table_name}.position", :groupable => true),
+    QueryColumn.new(:status, :sortable => "#{IssueStatus.table_name}.position", :groupable => true),
+    QueryColumn.new(:priority, :sortable => "#{IssuePriority.table_name}.position", :default_order => 'desc', :groupable => true),
    QueryColumn.new(:subject, :sortable => "#{Issue.table_name}.subject"),
    QueryColumn.new(:author),
-    QueryColumn.new(:assigned_to, :sortable => "#{User.table_name}.lastname"),
+    QueryColumn.new(:assigned_to, :sortable => ["#{User.table_name}.lastname", "#{User.table_name}.firstname", "#{User.table_name}.id"], :groupable => true),
    QueryColumn.new(:updated_on, :sortable => "#{Issue.table_name}.updated_on", :default_order => 'desc'),
-    QueryColumn.new(:category, :sortable => "#{IssueCategory.table_name}.name"),
-    QueryColumn.new(:fixed_version, :sortable => "#{Version.table_name}.effective_date", :default_order => 'desc'),
+    QueryColumn.new(:category, :sortable => "#{IssueCategory.table_name}.name", :groupable => true),
+    QueryColumn.new(:fixed_version, :sortable => ["#{Version.table_name}.effective_date", "#{Version.table_name}.name"], :default_order => 'desc', :groupable => true),
    QueryColumn.new(:start_date, :sortable => "#{Issue.table_name}.start_date"),
    QueryColumn.new(:due_date, :sortable => "#{Issue.table_name}.due_date"),
    QueryColumn.new(:estimated_hours, :sortable => "#{Issue.table_name}.estimated_hours"),
-    QueryColumn.new(:done_ratio, :sortable => "#{Issue.table_name}.done_ratio"),
+    QueryColumn.new(:done_ratio, :sortable => "#{Issue.table_name}.done_ratio", :groupable => true),
    QueryColumn.new(:created_on, :sortable => "#{Issue.table_name}.created_on", :default_order => 'desc'),
  ]
  cattr_reader :available_columns
@@ -113,7 +139,6 @@ class Query < ActiveRecord::Base
  def initialize(attributes = nil)
    super attributes
    self.filters ||= { 'status_id' => {:operator => "o", :values => [""]} }
-    set_language_if_valid(User.current.language)
  end
  
  def after_initialize
@@ -123,7 +148,7 @@ class Query < ActiveRecord::Base
  
  def validate
    filters.each_key do |field|
-      errors.add label_for(field), :activerecord_error_blank unless 
+      errors.add label_for(field), :blank unless 
          # filter requires one or more values
          (values_for(field) and !values_for(field).first.blank?) or 
          # filter doesn't require any value
@@ -146,7 +171,7 @@ class Query < ActiveRecord::Base
    
    @available_filters = { "status_id" => { :type => :list_status, :order => 1, :values => IssueStatus.find(:all, :order => 'position').collect{|s| [s.name, s.id.to_s] } },       
                           "tracker_id" => { :type => :list, :order => 2, :values => trackers.collect{|s| [s.name, s.id.to_s] } },                                                                                                                
-                           "priority_id" => { :type => :list, :order => 3, :values => Enumeration.find(:all, :conditions => ['opt=?','IPRI'], :order => 'position').collect{|s| [s.name, s.id.to_s] } },
+                           "priority_id" => { :type => :list, :order => 3, :values => IssuePriority.all.collect{|s| [s.name, s.id.to_s] } },
                           "subject" => { :type => :text, :order => 8 },  
                           "created_on" => { :type => :date_past, :order => 9 },                        
                           "updated_on" => { :type => :date_past, :order => 10 },
@@ -161,25 +186,34 @@ class Query < ActiveRecord::Base
      user_values += project.users.sort.collect{|s| [s.name, s.id.to_s] }
    else
      # members of the user's projects
+      # OPTIMIZE: Is selecting from users per project (N+1)
      user_values += User.current.projects.collect(&:users).flatten.uniq.sort.collect{|s| [s.name, s.id.to_s] }
    end
    @available_filters["assigned_to_id"] = { :type => :list_optional, :order => 4, :values => user_values } unless user_values.empty?
    @available_filters["author_id"] = { :type => :list, :order => 5, :values => user_values } unless user_values.empty?
+    
+    if User.current.logged?
+      @available_filters["watcher_id"] = { :type => :list, :order => 15, :values => [["<< #{l(:label_me)} >>", "me"]] }
+    end
  
    if project
      # project specific filters
      unless @project.issue_categories.empty?
        @available_filters["category_id"] = { :type => :list_optional, :order => 6, :values => @project.issue_categories.collect{|s| [s.name, s.id.to_s] } }
      end
-      unless @project.versions.empty?
-        @available_filters["fixed_version_id"] = { :type => :list_optional, :order => 7, :values => @project.versions.sort.collect{|s| [s.name, s.id.to_s] } }
+      unless @project.shared_versions.empty?
+        @available_filters["fixed_version_id"] = { :type => :list_optional, :order => 7, :values => @project.shared_versions.sort.collect{|s| ["#{s.project.name} - #{s.name}", s.id.to_s] } }
      end
-      unless @project.active_children.empty?
-        @available_filters["subproject_id"] = { :type => :list_subprojects, :order => 13, :values => @project.active_children.collect{|s| [s.name, s.id.to_s] } }
+      unless @project.descendants.active.empty?
+        @available_filters["subproject_id"] = { :type => :list_subprojects, :order => 13, :values => @project.descendants.visible.collect{|s| [s.name, s.id.to_s] } }
      end
      add_custom_fields_filters(@project.all_issue_custom_fields)
    else
      # global filters for cross project issue list
+      system_shared_versions = Version.visible.find_all_by_sharing('system')
+      unless system_shared_versions.empty?
+        @available_filters["fixed_version_id"] = { :type => :list_optional, :order => 7, :values => system_shared_versions.sort.collect{|s| ["#{s.project.name} - #{s.name}", s.id.to_s] } }
+      end
      add_custom_fields_filters(IssueCustomField.find(:all, :conditions => {:is_filter => true, :is_for_all => true}))
    end
    @available_filters
@@ -202,7 +236,7 @@ class Query < ActiveRecord::Base
  
  def add_short_filter(field, expression)
    return unless expression
-    parms = expression.scan(/^(o|c|\!|\*)?(.*)$/).first
+    parms = expression.scan(/^(o|c|!\*|!|\*)?(.*)$/).first
    add_filter field, (parms[0] || "="), [parms[1] || ""]
  end
  
@@ -228,13 +262,21 @@ class Query < ActiveRecord::Base
    @available_columns = Query.available_columns
    @available_columns += (project ? 
                            project.all_issue_custom_fields :
-                            IssueCustomField.find(:all, :conditions => {:is_for_all => true})
+                            IssueCustomField.find(:all)
                           ).collect {|cf| QueryCustomFieldColumn.new(cf) }      
  end
  
+  # Returns an array of columns that can be used to group the results
+  def groupable_columns
+    available_columns.select {|c| c.groupable}
+  end
+  
  def columns
    if has_default_columns?
-      available_columns.select {|c| Setting.issue_list_default_columns.include?(c.name.to_s) }
+      available_columns.select do |c|
+        # Adds the project column by default for cross-project lists
+        Setting.issue_list_default_columns.include?(c.name.to_s) || (c.name == :project && project.nil?)
+      end
    else
      # preserve the column_names order
      column_names.collect {|name| available_columns.find {|col| col.name == name}}.compact
@@ -242,8 +284,14 @@ class Query < ActiveRecord::Base
  end
  
  def column_names=(names)
-    names = names.select {|n| n.is_a?(Symbol) || !n.blank? } if names
-    names = names.collect {|n| n.is_a?(Symbol) ? n : n.to_sym } if names
+    if names
+      names = names.select {|n| n.is_a?(Symbol) || !n.blank? }
+      names = names.collect {|n| n.is_a?(Symbol) ? n : n.to_sym }
+      # Set column_names to nil if default columns
+      if names.map(&:to_s) == Setting.issue_list_default_columns
+        names = nil
+      end
+    end
    write_attribute(:column_names, names)
  end
  
@@ -255,9 +303,52 @@ class Query < ActiveRecord::Base
    column_names.nil? || column_names.empty?
  end
  
+  def sort_criteria=(arg)
+    c = []
+    if arg.is_a?(Hash)
+      arg = arg.keys.sort.collect {|k| arg[k]}
+    end
+    c = arg.select {|k,o| !k.to_s.blank?}.slice(0,3).collect {|k,o| [k.to_s, o == 'desc' ? o : 'asc']}
+    write_attribute(:sort_criteria, c)
+  end
+  
+  def sort_criteria
+    read_attribute(:sort_criteria) || []
+  end
+  
+  def sort_criteria_key(arg)
+    sort_criteria && sort_criteria[arg] && sort_criteria[arg].first
+  end
+  
+  def sort_criteria_order(arg)
+    sort_criteria && sort_criteria[arg] && sort_criteria[arg].last
+  end
+  
+  # Returns the SQL sort order that should be prepended for grouping
+  def group_by_sort_order
+    if grouped? && (column = group_by_column)
+      column.sortable.is_a?(Array) ?
+        column.sortable.collect {|s| "#{s} #{column.default_order}"}.join(',') :
+        "#{column.sortable} #{column.default_order}"
+    end
+  end
+  
+  # Returns true if the query is a grouped query
+  def grouped?
+    !group_by.blank?
+  end
+  
+  def group_by_column
+    groupable_columns.detect {|c| c.name.to_s == group_by}
+  end
+  
+  def group_by_statement
+    group_by_column.groupable
+  end
+  
  def project_statement
    project_clauses = []
-    if project && !@project.active_children.empty?
+    if project && !@project.descendants.active.empty?
      ids = [project.id]
      if has_filter?("subproject_id")
        case operator_for("subproject_id")
@@ -268,10 +359,10 @@ class Query < ActiveRecord::Base
          # main project only
        else
          # all subprojects
-          ids += project.child_ids
+          ids += project.descendants.collect(&:id)
        end
      elsif Setting.display_subprojects_issues?
-        ids += project.child_ids
+        ids += project.descendants.collect(&:id)
      end
      project_clauses << "#{Project.table_name}.id IN (%s)" % ids.join(',')
    elsif project
@@ -288,42 +379,108 @@ class Query < ActiveRecord::Base
      next if field == "subproject_id"
      v = values_for(field).clone
      next unless v and !v.empty?
-            
+      operator = operator_for(field)
+      
+      # "me" value subsitution
+      if %w(assigned_to_id author_id watcher_id).include?(field)
+        v.push(User.current.logged? ? User.current.id.to_s : "0") if v.delete("me")
+      end
+      
      sql = ''
-      is_custom_filter = false
      if field =~ /^cf_(\d+)$/
        # custom field
        db_table = CustomValue.table_name
        db_field = 'value'
        is_custom_filter = true
        sql << "#{Issue.table_name}.id IN (SELECT #{Issue.table_name}.id FROM #{Issue.table_name} LEFT OUTER JOIN #{db_table} ON #{db_table}.customized_type='Issue' AND #{db_table}.customized_id=#{Issue.table_name}.id AND #{db_table}.custom_field_id=#{$1} WHERE "
+        sql << sql_for_field(field, operator, v, db_table, db_field, true) + ')'
+      elsif field == 'watcher_id'
+        db_table = Watcher.table_name
+        db_field = 'user_id'
+        sql << "#{Issue.table_name}.id #{ operator == '=' ? 'IN' : 'NOT IN' } (SELECT #{db_table}.watchable_id FROM #{db_table} WHERE #{db_table}.watchable_type='Issue' AND "
+        sql << sql_for_field(field, '=', v, db_table, db_field) + ')'
      else
        # regular field
        db_table = Issue.table_name
        db_field = field
-        sql << '('
+        sql << '(' + sql_for_field(field, operator, v, db_table, db_field) + ')'
      end
-      
-      # "me" value subsitution
-      if %w(assigned_to_id author_id).include?(field)
-        v.push(User.current.logged? ? User.current.id.to_s : "0") if v.delete("me")
-      end
-      
-      sql = sql + sql_for_field(field, v, db_table, db_field, is_custom_filter)
-      
-      sql << ')'
      filters_clauses << sql
+      
    end if filters and valid?
    
    (filters_clauses << project_statement).join(' AND ')
  end
  
+  # Returns the issue count
+  def issue_count
+    Issue.count(:include => [:status, :project], :conditions => statement)
+  rescue ::ActiveRecord::StatementInvalid => e
+    raise StatementInvalid.new(e.message)
+  end
+  
+  # Returns the issue count by group or nil if query is not grouped
+  def issue_count_by_group
+    r = nil
+    if grouped?
+      begin
+        # Rails will raise an (unexpected) RecordNotFound if there's only a nil group value
+        r = Issue.count(:group => group_by_statement, :include => [:status, :project], :conditions => statement)
+      rescue ActiveRecord::RecordNotFound
+        r = {nil => issue_count}
+      end
+      c = group_by_column
+      if c.is_a?(QueryCustomFieldColumn)
+        r = r.keys.inject({}) {|h, k| h[c.custom_field.cast_value(k)] = r[k]; h}
+      end
+    end
+    r
+  rescue ::ActiveRecord::StatementInvalid => e
+    raise StatementInvalid.new(e.message)
+  end
+  
+  # Returns the issues
+  # Valid options are :order, :offset, :limit, :include, :conditions
+  def issues(options={})
+    order_option = [group_by_sort_order, options[:order]].reject {|s| s.blank?}.join(',')
+    order_option = nil if order_option.blank?
+    
+    Issue.find :all, :include => ([:status, :project] + (options[:include] || [])).uniq,
+                     :conditions => Query.merge_conditions(statement, options[:conditions]),
+                     :order => order_option,
+                     :limit  => options[:limit],
+                     :offset => options[:offset]
+  rescue ::ActiveRecord::StatementInvalid => e
+    raise StatementInvalid.new(e.message)
+  end
+
+  # Returns the journals
+  # Valid options are :order, :offset, :limit
+  def journals(options={})
+    Journal.find :all, :include => [:details, :user, {:issue => [:project, :author, :tracker, :status]}],
+                       :conditions => statement,
+                       :order => options[:order],
+                       :limit => options[:limit],
+                       :offset => options[:offset]
+  rescue ::ActiveRecord::StatementInvalid => e
+    raise StatementInvalid.new(e.message)
+  end
+  
+  # Returns the versions
+  # Valid options are :conditions
+  def versions(options={})
+    Version.find :all, :include => :project,
+                       :conditions => Query.merge_conditions(project_statement, options[:conditions])
+  rescue ::ActiveRecord::StatementInvalid => e
+    raise StatementInvalid.new(e.message)
+  end
+  
  private
  
-  # Helper method to generate the WHERE sql for a +field+ with a +value+
-  def sql_for_field(field, value, db_table, db_field, is_custom_filter)
+  # Helper method to generate the WHERE sql for a +field+, +operator+ and a +value+
+  def sql_for_field(field, operator, value, db_table, db_field, is_custom_filter=false)
    sql = ''
-    case operator_for field
+    case operator
    when "="
      sql = "#{db_table}.#{db_field} IN (" + value.collect{|val| "'#{connection.quote_string(val)}'"}.join(",") + ")"
    when "!"
@@ -364,9 +521,9 @@ class Query < ActiveRecord::Base
        Time.now.at_beginning_of_week
      sql = "#{db_table}.#{db_field} BETWEEN '%s' AND '%s'" % [connection.quoted_date(from), connection.quoted_date(from + 7.days)]
    when "~"
-      sql = "#{db_table}.#{db_field} LIKE '%#{connection.quote_string(value.first)}%'"
+      sql = "LOWER(#{db_table}.#{db_field}) LIKE '%#{connection.quote_string(value.first.to_s.downcase)}%'"
    when "!~"
-      sql = "#{db_table}.#{db_field} NOT LIKE '%#{connection.quote_string(value.first)}%'"
+      sql = "LOWER(#{db_table}.#{db_field}) NOT LIKE '%#{connection.quote_string(value.first.to_s.downcase)}%'"
    end
    
    return sql
--- a/app/models/repository.rb
+++ b/app/models/repository.rb
@@ -25,7 +25,7 @@ class Repository < ActiveRecord::Base
  before_destroy :clear_changesets
  
  # Checks if the SCM is enabled when creating a repository
-  validate_on_create { |r| r.errors.add(:type, :activerecord_error_invalid) unless Setting.enabled_scm.include?(r.class.name.demodulize) }
+  validate_on_create { |r| r.errors.add(:type, :invalid) unless Setting.enabled_scm.include?(r.class.name.demodulize) }
  
  # Removes leading and trailing whitespace
  def url=(arg)
@@ -62,6 +62,18 @@ class Repository < ActiveRecord::Base
  def entries(path=nil, identifier=nil)
    scm.entries(path, identifier)
  end
+
+  def branches
+    scm.branches
+  end
+
+  def tags
+    scm.tags
+  end
+
+  def default_branch
+    scm.default_branch
+  end
  
  def properties(path, identifier=nil)
    scm.properties(path, identifier)
@@ -75,27 +87,39 @@ class Repository < ActiveRecord::Base
    scm.diff(path, rev, rev_to)
  end
  
-  # Default behaviour: we search in cached changesets
-  def changesets_for_path(path)
-    path = "/#{path}" unless path.starts_with?('/')
-    Change.find(:all, :include => {:changeset => :user}, 
-      :conditions => ["repository_id = ? AND path = ?", id, path],
-      :order => "committed_on DESC, #{Changeset.table_name}.id DESC").collect(&:changeset)
-  end
-  
  # Returns a path relative to the url of the repository
  def relative_path(path)
    path
  end
  
+  # Finds and returns a revision with a number or the beginning of a hash
+  def find_changeset_by_name(name)
+    changesets.find(:first, :conditions => (name.match(/^\d*$/) ? ["revision = ?", name.to_s] : ["revision LIKE ?", name + '%']))
+  end
+  
  def latest_changeset
    @latest_changeset ||= changesets.find(:first)
  end
+
+  # Returns the latest changesets for +path+
+  # Default behaviour is to search in cached changesets
+  def latest_changesets(path, rev, limit=10)
+    if path.blank?
+      changesets.find(:all, :include => :user,
+                            :order => "#{Changeset.table_name}.committed_on DESC, #{Changeset.table_name}.id DESC",
+                            :limit => limit)
+    else
+      changes.find(:all, :include => {:changeset => :user}, 
+                         :conditions => ["path = ?", path.with_leading_slash],
+                         :order => "#{Changeset.table_name}.committed_on DESC, #{Changeset.table_name}.id DESC",
+                         :limit => limit).collect(&:changeset)
+    end
+  end
    
  def scan_changesets_for_issue_ids
    self.changesets.each(&:scan_comment_for_issue_ids)
  end
-  
+
  # Returns an array of committers usernames and associated user_id
  def committers
    @committers ||= Changeset.connection.select_rows("SELECT DISTINCT committer, user_id FROM #{Changeset.table_name} WHERE repository_id = #{id}")
@@ -112,6 +136,7 @@ class Repository < ActiveRecord::Base
        end
      end
      @committers = nil
+      @found_committer_users = nil
      true
    else
      false
@@ -122,24 +147,34 @@ class Repository < ActiveRecord::Base
  # It will return nil if the committer is not yet mapped and if no User
  # with the same username or email was found
  def find_committer_user(committer)
-    if committer
+    unless committer.blank?
+      @found_committer_users ||= {}
+      return @found_committer_users[committer] if @found_committer_users.has_key?(committer)
+      
+      user = nil
      c = changesets.find(:first, :conditions => {:committer => committer}, :include => :user)
      if c && c.user
-        c.user
+        user = c.user
      elsif committer.strip =~ /^([^<]+)(<(.*)>)?$/
        username, email = $1.strip, $3
        u = User.find_by_login(username)
        u ||= User.find_by_mail(email) unless email.blank?
-        u
+        user = u
      end
+      @found_committer_users[committer] = user
+      user
    end
  end
  
-  # fetch new changesets for all repositories
-  # can be called periodically by an external script
+  # Fetches new changesets for all repositories of active projects
+  # Can be called periodically by an external script
  # eg. ruby script/runner "Repository.fetch_changesets"
  def self.fetch_changesets
-    find(:all).each(&:fetch_changesets)
+    Project.active.has_module(:repository).find(:all, :include => :repository).each do |project|
+      if project.repository
+        project.repository.fetch_changesets
+      end
+    end
  end
  
  # scan changeset comments to find related and fixed issues for all repositories
@@ -172,8 +207,9 @@ class Repository < ActiveRecord::Base
  end
  
  def clear_changesets
-    connection.delete("DELETE FROM changes WHERE changes.changeset_id IN (SELECT changesets.id FROM changesets WHERE changesets.repository_id = #{id})")
-    connection.delete("DELETE FROM changesets_issues WHERE changesets_issues.changeset_id IN (SELECT changesets.id FROM changesets WHERE changesets.repository_id = #{id})")
-    connection.delete("DELETE FROM changesets WHERE changesets.repository_id = #{id}")
+    cs, ch, ci = Changeset.table_name, Change.table_name, "#{table_name_prefix}changesets_issues#{table_name_suffix}"
+    connection.delete("DELETE FROM #{ch} WHERE #{ch}.changeset_id IN (SELECT #{cs}.id FROM #{cs} WHERE #{cs}.repository_id = #{id})")
+    connection.delete("DELETE FROM #{ci} WHERE #{ci}.changeset_id IN (SELECT #{cs}.id FROM #{cs} WHERE #{cs}.repository_id = #{id})")
+    connection.delete("DELETE FROM #{cs} WHERE #{cs}.repository_id = #{id}")
  end
 end
--- a/app/models/repository/git.rb
+++ b/app/models/repository/git.rb
@@ -29,42 +29,53 @@ class Repository::Git < Repository
    'Git'
  end

-  def changesets_for_path(path)
-    Change.find(:all, :include => {:changeset => :user}, 
-                :conditions => ["repository_id = ? AND path = ?", id, path],
-                :order => "committed_on DESC, #{Changeset.table_name}.revision DESC").collect(&:changeset)
+  def branches
+    scm.branches
  end

-  def fetch_changesets
-    scm_info = scm.info
-    if scm_info
-      # latest revision found in database
-      db_revision = latest_changeset ? latest_changeset.revision : nil
-      # latest revision in the repository
-      scm_revision = scm_info.lastrev.scmid
+  def tags
+    scm.tags
+  end

-      unless changesets.find_by_scmid(scm_revision)
-        scm.revisions('', db_revision, nil, :reverse => true) do |revision|
-          if changesets.find_by_scmid(revision.scmid.to_s).nil?
-            transaction do
-              changeset = Changeset.create!(:repository => self,
-                                           :revision => revision.identifier,
-                                           :scmid => revision.scmid,
-                                           :committer => revision.author, 
-                                           :committed_on => revision.time,
-                                           :comments => revision.message)
-              
-              revision.paths.each do |change|
-                Change.create!(:changeset => changeset,
-                              :action => change[:action],
-                              :path => change[:path],
-                              :from_path => change[:from_path],
-                              :from_revision => change[:from_revision])
-              end
-            end
-          end
-        end
-      end
-    end
+  # With SCM's that have a sequential commit numbering, redmine is able to be
+  # clever and only fetch changesets going forward from the most recent one
+  # it knows about.  However, with git, you never know if people have merged
+  # commits into the middle of the repository history, so we should parse
+  # the entire log. Since it's way too slow for large repositories, we only
+  # parse 1 week before the last known commit.
+  # The repository can still be fully reloaded by calling #clear_changesets
+  # before fetching changesets (eg. for offline resync)
+  def fetch_changesets
+    c = changesets.find(:first, :order => 'committed_on DESC')
+    since = (c ? c.committed_on - 7.days : nil)
+
+    revisions = scm.revisions('', nil, nil, :all => true, :since => since)
+    return if revisions.nil? || revisions.empty?
+
+    recent_changesets = changesets.find(:all, :conditions => ['committed_on >= ?', since])
+
+    # Clean out revisions that are no longer in git
+    recent_changesets.each {|c| c.destroy unless revisions.detect {|r| r.scmid.to_s == c.scmid.to_s }}
+
+    # Subtract revisions that redmine already knows about
+    recent_revisions = recent_changesets.map{|c| c.scmid}
+    revisions.reject!{|r| recent_revisions.include?(r.scmid)}
+
+    # Save the remaining ones to the database
+    revisions.each{|r| r.save(self)} unless revisions.nil?
+  end
+
+  def latest_changesets(path,rev,limit=10)
+    revisions = scm.revisions(path, nil, rev, :limit => limit, :all => false)
+    return [] if revisions.nil? || revisions.empty?
+
+    changesets.find(
+      :all, 
+      :conditions => [
+        "scmid IN (?)", 
+        revisions.map!{|c| c.scmid}
+      ],
+      :order => 'committed_on DESC'
+    )
  end
 end
--- a/app/models/repository/subversion.rb
+++ b/app/models/repository/subversion.rb
@@ -20,7 +20,7 @@ require 'redmine/scm/adapters/subversion_adapter'
 class Repository::Subversion < Repository
  attr_protected :root_url
  validates_presence_of :url
-  validates_format_of :url, :with => /^(http|https|svn|svn\+ssh|file):\/\/.+/i
+  validates_format_of :url, :with => /^(http|https|svn(\+[^\s:\/\\]+)?|file):\/\/.+/i

  def scm_adapter
    Redmine::Scm::Adapters::SubversionAdapter
@@ -30,8 +30,8 @@ class Repository::Subversion < Repository
    'Subversion'
  end

-  def changesets_for_path(path)
-    revisions = scm.revisions(path)
+  def latest_changesets(path, rev, limit=10)
+    revisions = scm.revisions(path, rev, nil, :limit => limit)
    revisions ? changesets.find_all_by_revision(revisions.collect(&:identifier), :order => "committed_on DESC", :include => :user) : []
  end
  
@@ -54,8 +54,8 @@ class Repository::Subversion < Repository
          # loads changesets by batches of 200
          identifier_to = [identifier_from + 199, scm_revision].min
          revisions = scm.revisions('', identifier_to, identifier_from, :with_paths => true)
-          transaction do
-            revisions.reverse_each do |revision|
+          revisions.reverse_each do |revision|
+            transaction do
              changeset = Changeset.create(:repository => self,
                                           :revision => revision.identifier, 
                                           :committer => revision.author, 
@@ -68,7 +68,7 @@ class Repository::Subversion < Repository
                              :path => change[:path],
                              :from_path => change[:from_path],
                              :from_revision => change[:from_revision])
-              end
+              end unless changeset.new_record?
            end
          end unless revisions.nil?
          identifier_from = identifier_to + 1
@@ -84,6 +84,6 @@ class Repository::Subversion < Repository
  #     url      = file:///var/svn/foo/bar
  #     => returns /bar
  def relative_url
-    @relative_url ||= url.gsub(Regexp.new("^#{Regexp.escape(root_url)}"), '')
+    @relative_url ||= url.gsub(Regexp.new("^#{Regexp.escape(root_url || scm.root_url)}", Regexp::IGNORECASE), '')
  end
 end
--- a/app/models/role.rb
+++ b/app/models/role.rb
@@ -20,6 +20,7 @@ class Role < ActiveRecord::Base
  BUILTIN_NON_MEMBER = 1
  BUILTIN_ANONYMOUS  = 2

+  named_scope :givable, { :conditions => "builtin = 0", :order => 'position' }
  named_scope :builtin, lambda { |*args|
    compare = 'not' if args.first == true
    { :conditions => "#{compare} builtin = 0" }
@@ -27,18 +28,13 @@ class Role < ActiveRecord::Base
  
  before_destroy :check_deletable
  has_many :workflows, :dependent => :delete_all do
-    def copy(role)
-      raise "Can not copy workflow from a #{role.class}" unless role.is_a?(Role)
-      raise "Can not copy workflow from/to an unsaved role" if proxy_owner.new_record? || role.new_record?
-      clear
-      connection.insert "INSERT INTO workflows (tracker_id, old_status_id, new_status_id, role_id)" +
-                        " SELECT tracker_id, old_status_id, new_status_id, #{proxy_owner.id}" +
-                        " FROM workflows" +
-                        " WHERE role_id = #{role.id}"
+    def copy(source_role)
+      Workflow.copy(nil, source_role, nil, proxy_owner)
    end
  end
  
-  has_many :members
+  has_many :member_roles, :dependent => :destroy
+  has_many :members, :through => :member_roles
  acts_as_list
  
  serialize :permissions, Array
@@ -82,7 +78,11 @@ class Role < ActiveRecord::Base
  end
  
  def <=>(role)
-    position <=> role.position
+    role ? position <=> role.position : -1
+  end
+  
+  def to_s
+    name
  end
  
  # Return true if the role is a builtin role
--- a/app/models/setting.rb
+++ b/app/models/setting.rb
@@ -140,6 +140,10 @@ class Setting < ActiveRecord::Base
    per_page_options.split(%r{[\s,]}).collect(&:to_i).select {|n| n > 0}.sort
  end
  
+  def self.openid?
+    Object.const_defined?(:OpenID) && self[:openid].to_i > 0
+  end
+  
  # Checks if settings have changed since the values were read
  # and clears the cache hash if it's the case
  # Called once per request
--- a/app/models/time_entry.rb
+++ b/app/models/time_entry.rb
@@ -21,25 +21,30 @@ class TimeEntry < ActiveRecord::Base
  belongs_to :project
  belongs_to :issue
  belongs_to :user
-  belongs_to :activity, :class_name => 'Enumeration', :foreign_key => :activity_id
+  belongs_to :activity, :class_name => 'TimeEntryActivity', :foreign_key => 'activity_id'
  
  attr_protected :project_id, :user_id, :tyear, :tmonth, :tweek

  acts_as_customizable
-  acts_as_event :title => Proc.new {|o| "#{o.user}: #{lwr(:label_f_hour, o.hours)} (#{(o.issue || o.project).event_title})"},
-                :url => Proc.new {|o| {:controller => 'timelog', :action => 'details', :project_id => o.project}},
+  acts_as_event :title => Proc.new {|o| "#{l_hours(o.hours)} (#{(o.issue || o.project).event_title})"},
+                :url => Proc.new {|o| {:controller => 'timelog', :action => 'details', :project_id => o.project, :issue_id => o.issue}},
                :author => :user,
                :description => :comments
-  
+
+  acts_as_activity_provider :timestamp => "#{table_name}.created_on",
+                            :author_key => :user_id,
+                            :find_options => {:include => :project} 
+
  validates_presence_of :user_id, :activity_id, :project_id, :hours, :spent_on
-  validates_numericality_of :hours, :allow_nil => true
+  validates_numericality_of :hours, :allow_nil => true, :message => :invalid
  validates_length_of :comments, :maximum => 255, :allow_nil => true

  def after_initialize
    if new_record? && self.activity.nil?
-      if default_activity = Enumeration.default('ACTI')
+      if default_activity = TimeEntryActivity.default
        self.activity_id = default_activity.id
      end
+      self.hours = nil if hours == 0
    end
  end
  
@@ -48,13 +53,13 @@ class TimeEntry < ActiveRecord::Base
  end
  
  def validate
-    errors.add :hours, :activerecord_error_invalid if hours && (hours < 0 || hours >= 1000)
-    errors.add :project_id, :activerecord_error_invalid if project.nil?
-    errors.add :issue_id, :activerecord_error_invalid if (issue_id && !issue) || (issue && project!=issue.project)
+    errors.add :hours, :invalid if hours && (hours < 0 || hours >= 1000)
+    errors.add :project_id, :invalid if project.nil?
+    errors.add :issue_id, :invalid if (issue_id && !issue) || (issue && project!=issue.project)
  end
  
  def hours=(h)
-    write_attribute :hours, (h.is_a?(String) ? h.to_hours : h)
+    write_attribute :hours, (h.is_a?(String) ? (h.to_hours || h) : h)
  end
  
  # tyear, tmonth, tweek assigned where setting spent_on attributes
--- a/app/models/time_entry_activity.rb
+++ b/app/models/time_entry_activity.rb
@@ -0,0 +1,34 @@
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+# 
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+
+class TimeEntryActivity < Enumeration
+  has_many :time_entries, :foreign_key => 'activity_id'
+
+  OptionName = :enumeration_activities
+  
+  def option_name
+    OptionName
+  end
+
+  def objects_count
+    time_entries.count
+  end
+
+  def transfer_relations(to)
+    time_entries.update_all("activity_id = #{to.id}")
+  end
+end
--- a/app/models/time_entry_activity_custom_field.rb
+++ b/app/models/time_entry_activity_custom_field.rb
@@ -0,0 +1,23 @@
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+# 
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+
+class TimeEntryActivityCustomField < CustomField
+  def type_name
+    :enumeration_activities
+  end
+end
+
--- a/app/models/token.rb
+++ b/app/models/token.rb
@@ -1,5 +1,5 @@
-# redMine - project management software
-# Copyright (C) 2006  Jean-Philippe Lang
+# Redmine - project management software
+# Copyright (C) 2006-2009  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -17,6 +17,9 @@

 class Token < ActiveRecord::Base
  belongs_to :user
+  validates_uniqueness_of :value
+  
+  before_create :delete_previous_tokens
  
  @@validity_time = 1.day
  
@@ -36,9 +39,13 @@ class Token < ActiveRecord::Base
  
 private
  def self.generate_token_value
-    chars = ("a".."z").to_a + ("A".."Z").to_a + ("0".."9").to_a
-    token_value = ''
-    40.times { |i| token_value << chars[rand(chars.size-1)] }
-    token_value
+    ActiveSupport::SecureRandom.hex(20)
+  end
+  
+  # Removes obsolete tokens (same user and action)
+  def delete_previous_tokens
+    if user
+      Token.delete_all(['user_id = ? AND action = ?', user.id, action])
+    end
  end
 end
--- a/app/models/tracker.rb
+++ b/app/models/tracker.rb
@@ -19,14 +19,8 @@ class Tracker < ActiveRecord::Base
  before_destroy :check_integrity  
  has_many :issues
  has_many :workflows, :dependent => :delete_all do
-    def copy(tracker)
-      raise "Can not copy workflow from a #{tracker.class}" unless tracker.is_a?(Tracker)
-      raise "Can not copy workflow from/to an unsaved tracker" if proxy_owner.new_record? || tracker.new_record?
-      clear
-      connection.insert "INSERT INTO workflows (tracker_id, old_status_id, new_status_id, role_id)" +
-                        " SELECT #{proxy_owner.id}, old_status_id, new_status_id, role_id" +
-                        " FROM workflows" +
-                        " WHERE tracker_id = #{tracker.id}"
+    def copy(source_tracker)
+      Workflow.copy(source_tracker, nil, proxy_owner, nil)
    end
  end
  
@@ -49,6 +43,23 @@ class Tracker < ActiveRecord::Base
    find(:all, :order => 'position')
  end
  
+  # Returns an array of IssueStatus that are used
+  # in the tracker's workflows
+  def issue_statuses
+    if @issue_statuses
+      return @issue_statuses 
+    elsif new_record?
+      return []
+    end
+    
+    ids = Workflow.
+            connection.select_rows("SELECT DISTINCT old_status_id, new_status_id FROM #{Workflow.table_name} WHERE tracker_id = #{id}").
+            flatten.
+            uniq
+    
+    @issue_statuses = IssueStatus.find_all_by_id(ids).sort
+  end
+  
 private
  def check_integrity
    raise "Can't delete tracker" if Issue.find(:first, :conditions => ["tracker_id=?", self.id])
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -1,5 +1,5 @@
-# redMine - project management software
-# Copyright (C) 2006-2007  Jean-Philippe Lang
+# Redmine - project management software
+# Copyright (C) 2006-2009  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -17,7 +17,7 @@

 require "digest/sha1"

-class User < ActiveRecord::Base
+class User < Principal

  # Account statuses
  STATUS_ANONYMOUS  = 0
@@ -33,13 +33,13 @@ class User < ActiveRecord::Base
    :username => '#{login}'
  }

-  has_many :memberships, :class_name => 'Member', :include => [ :project, :role ], :conditions => "#{Project.table_name}.status=#{Project::STATUS_ACTIVE}", :order => "#{Project.table_name}.name"
-  has_many :members, :dependent => :delete_all
-  has_many :projects, :through => :memberships
+  has_and_belongs_to_many :groups, :after_add => Proc.new {|user, group| group.user_added(user)},
+                                   :after_remove => Proc.new {|user, group| group.user_removed(user)}
  has_many :issue_categories, :foreign_key => 'assigned_to_id', :dependent => :nullify
  has_many :changesets, :dependent => :nullify
  has_one :preference, :dependent => :destroy, :class_name => 'UserPreference'
  has_one :rss_token, :dependent => :destroy, :class_name => 'Token', :conditions => "action='feeds'"
+  has_one :api_token, :dependent => :destroy, :class_name => 'Token', :conditions => "action='api'"
  belongs_to :auth_source
  
  # Active non-anonymous users scope
@@ -50,11 +50,11 @@ class User < ActiveRecord::Base
  attr_accessor :password, :password_confirmation
  attr_accessor :last_before_login_on
  # Prevents unauthorized assignments
-  attr_protected :login, :admin, :password, :password_confirmation, :hashed_password
+  attr_protected :login, :admin, :password, :password_confirmation, :hashed_password, :group_ids
 	
  validates_presence_of :login, :firstname, :lastname, :mail, :if => Proc.new { |user| !user.is_a?(AnonymousUser) }
  validates_uniqueness_of :login, :if => Proc.new { |user| !user.login.blank? }
-  validates_uniqueness_of :mail, :if => Proc.new { |user| !user.mail.blank? }
+  validates_uniqueness_of :mail, :if => Proc.new { |user| !user.mail.blank? }, :case_sensitive => false
  # Login must contain lettres, numbers, underscores only
  validates_format_of :login, :with => /^[a-z0-9_\-@\.]*$/i
  validates_length_of :login, :maximum => 30
@@ -62,7 +62,6 @@ class User < ActiveRecord::Base
  validates_length_of :firstname, :lastname, :maximum => 30
  validates_format_of :mail, :with => /^([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})$/i, :allow_nil => true
  validates_length_of :mail, :maximum => 60, :allow_nil => true
-  validates_length_of :password, :minimum => 4, :allow_nil => true
  validates_confirmation_of :password, :allow_nil => true

  def before_create
@@ -80,6 +79,19 @@ class User < ActiveRecord::Base
    super
  end
  
+  def identity_url=(url)
+    if url.blank?
+      write_attribute(:identity_url, '')
+    else
+      begin
+        write_attribute(:identity_url, OpenIdAuthentication.normalize_identifier(url))
+      rescue OpenIdAuthentication::InvalidOpenId
+        # Invlaid url, don't save
+      end
+    end
+    self.read_attribute(:identity_url)
+  end
+  
  # Returns the user that matches provided login and password, or nil
  def self.try_to_login(login, password)
    # Make sure no one can sign in with an empty password
@@ -113,6 +125,19 @@ class User < ActiveRecord::Base
  rescue => text
    raise text
  end
+  
+  # Returns the user who matches the given autologin +key+ or nil
+  def self.try_to_autologin(key)
+    tokens = Token.find_all_by_action_and_value('autologin', key)
+    # Make sure there's only 1 token that matches the key
+    if tokens.size == 1
+      token = tokens.first
+      if (token.created_on > Setting.autologin.to_i.day.ago) && token.user && token.user.active?
+        token.user.update_attribute(:last_login_on, Time.now)
+        token.user
+      end
+    end
+  end
 	
  # Return user's full name for display
  def name(formatter = nil)
@@ -138,13 +163,25 @@ class User < ActiveRecord::Base
  def check_password?(clear_password)
    User.hash_password(clear_password) == self.hashed_password
  end
+
+  # Generate and set a random password.  Useful for automated user creation
+  # Based on Token#generate_token_value
+  #
+  def random_password
+    chars = ("a".."z").to_a + ("A".."Z").to_a + ("0".."9").to_a
+    password = ''
+    40.times { |i| password << chars[rand(chars.size-1)] }
+    self.password = password
+    self.password_confirmation = password
+    self
+  end
  
  def pref
    self.preference ||= UserPreference.new(:user => self)
  end
  
  def time_zone
-    @time_zone ||= (self.pref.time_zone.blank? ? nil : TimeZone[self.pref.time_zone])
+    @time_zone ||= (self.pref.time_zone.blank? ? nil : ActiveSupport::TimeZone[self.pref.time_zone])
  end
  
  def wants_comments_in_reverse_order?
@@ -156,6 +193,12 @@ class User < ActiveRecord::Base
    token = self.rss_token || Token.create(:user => self, :action => 'feeds')
    token.value
  end
+
+  # Return user's API key (a 40 chars long string), used to access the API
+  def api_key
+    token = self.api_token || self.create_api_token(:action => 'api')
+    token.value
+  end
  
  # Return an array of project ids for which the user has explicitly turned mail notifications on
  def notified_projects_ids
@@ -174,20 +217,29 @@ class User < ActiveRecord::Base
    token && token.user.active? ? token.user : nil
  end
  
-  def self.find_by_autologin_key(key)
-    token = Token.find_by_action_and_value('autologin', key)
-    token && (token.created_on > Setting.autologin.to_i.day.ago) && token.user.active? ? token.user : nil
+  def self.find_by_api_key(key)
+    token = Token.find_by_action_and_value('api', key)
+    token && token.user.active? ? token.user : nil
  end
-
-  # Sort users by their display names
-  def <=>(user)
-    self.to_s.downcase <=> user.to_s.downcase
+  
+  # Makes find_by_mail case-insensitive
+  def self.find_by_mail(mail)
+    find(:first, :conditions => ["LOWER(mail) = ?", mail.to_s.downcase])
  end
  
  def to_s
    name
  end
  
+  # Returns the current day according to user's time zone
+  def today
+    if time_zone.nil?
+      Date.today
+    else
+      Time.now.in_time_zone(time_zone).to_date
+    end
+  end
+  
  def logged?
    true
  end
@@ -196,26 +248,30 @@ class User < ActiveRecord::Base
    !logged?
  end
  
-  # Return user's role for project
-  def role_for_project(project)
+  # Return user's roles for project
+  def roles_for_project(project)
+    roles = []
    # No role on archived projects
-    return nil unless project && project.active?
+    return roles unless project && project.active?
    if logged?
      # Find project membership
      membership = memberships.detect {|m| m.project_id == project.id}
      if membership
-        membership.role
+        roles = membership.roles
      else
        @role_non_member ||= Role.non_member
+        roles << @role_non_member
      end
    else
      @role_anonymous ||= Role.anonymous
+      roles << @role_anonymous
    end
+    roles
  end
  
  # Return true if the user is a member of project
  def member_of?(project)
-    role_for_project(project).member?
+    !roles_for_project(project).detect {|role| role.member?}.nil?
  end
  
  # Return true if the user is allowed to do the specified action on project
@@ -231,13 +287,16 @@ class User < ActiveRecord::Base
      # Admin users are authorized for anything else
      return true if admin?
      
-      role = role_for_project(project)
-      return false unless role
-      role.allowed_to?(action) && (project.is_public? || role.member?)
+      roles = roles_for_project(project)
+      return false unless roles
+      roles.detect {|role| (project.is_public? || role.member?) && role.allowed_to?(action)}
      
    elsif options[:global]
+      # Admin users are always authorized
+      return true if admin?
+      
      # authorize if user has at least one role that has this permission
-      roles = memberships.collect {|m| m.role}.uniq
+      roles = memberships.collect {|m| m.roles}.flatten.uniq
      roles.detect {|r| r.allowed_to?(action)} || (self.logged? ? Role.non_member.allowed_to?(action) : Role.anonymous.allowed_to?(action))
    else
      false
@@ -252,6 +311,8 @@ class User < ActiveRecord::Base
    @current_user ||= User.anonymous
  end
  
+  # Returns the anonymous user.  If the anonymous user does not exist, it is created.  There can be only
+  # one anonymous user per database.
  def self.anonymous
    anonymous_user = AnonymousUser.find(:first)
    if anonymous_user.nil?
@@ -261,7 +322,17 @@ class User < ActiveRecord::Base
    anonymous_user
  end
  
-private
+  protected
+  
+  def validate
+    # Password length validation based on setting
+    if !password.nil? && password.size < Setting.password_min_length.to_i
+      errors.add(:password, :too_short, :count => Setting.password_min_length.to_i)
+    end
+  end
+  
+  private
+    
  # Return password digest
  def self.hash_password(clear_password)
    Digest::SHA1.hexdigest(clear_password || "")
@@ -282,7 +353,7 @@ class AnonymousUser < User
  # Overrides a few properties
  def logged?; false end
  def admin; false end
-  def name; 'Anonymous' end
+  def name(*args); I18n.t(:label_user_anonymous) end
  def mail; nil end
  def time_zone; nil end
  def rss_key; nil end
--- a/app/models/version.rb
+++ b/app/models/version.rb
@@ -1,5 +1,5 @@
-# redMine - project management software
-# Copyright (C) 2006  Jean-Philippe Lang
+# Redmine - project management software
+# Copyright (C) 2006-2010  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -16,15 +16,31 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class Version < ActiveRecord::Base
-  before_destroy :check_integrity
+  after_update :update_issues_from_sharing_change
  belongs_to :project
-  has_many :fixed_issues, :class_name => 'Issue', :foreign_key => 'fixed_version_id'
-  has_many :attachments, :as => :container, :dependent => :destroy
+  has_many :fixed_issues, :class_name => 'Issue', :foreign_key => 'fixed_version_id', :dependent => :nullify
+  acts_as_customizable
+  acts_as_attachable :view_permission => :view_files,
+                     :delete_permission => :manage_files

+  VERSION_STATUSES = %w(open locked closed)
+  VERSION_SHARINGS = %w(none descendants hierarchy tree system)
+  
  validates_presence_of :name
  validates_uniqueness_of :name, :scope => [:project_id]
  validates_length_of :name, :maximum => 60
-  validates_format_of :effective_date, :with => /^\d{4}-\d{2}-\d{2}$/, :message => 'activerecord_error_not_a_date', :allow_nil => true
+  validates_format_of :effective_date, :with => /^\d{4}-\d{2}-\d{2}$/, :message => :not_a_date, :allow_nil => true
+  validates_inclusion_of :status, :in => VERSION_STATUSES
+  validates_inclusion_of :sharing, :in => VERSION_SHARINGS
+
+  named_scope :open, :conditions => {:status => 'open'}
+  named_scope :visible, lambda {|*args| { :include => :project,
+                                          :conditions => Project.allowed_to_condition(args.first || User.current, :view_issues) } }
+
+  # Returns true if +user+ or current user is allowed to view the version
+  def visible?(user=User.current)
+    user.allowed_to?(:view_issues, self.project)
+  end
  
  def start_date
    effective_date
@@ -44,26 +60,37 @@ class Version < ActiveRecord::Base
    @spent_hours ||= TimeEntry.sum(:hours, :include => :issue, :conditions => ["#{Issue.table_name}.fixed_version_id = ?", id]).to_f
  end
  
+  def closed?
+    status == 'closed'
+  end
+
+  def open?
+    status == 'open'
+  end
+  
  # Returns true if the version is completed: due date reached and no open issues
  def completed?
    effective_date && (effective_date <= Date.today) && (open_issues_count == 0)
  end
  
+  # Returns the completion percentage of this version based on the amount of open/closed issues
+  # and the time spent on the open issues.
  def completed_pourcent
-    if fixed_issues.count == 0
+    if issues_count == 0
      0
    elsif open_issues_count == 0
      100
    else
-      (closed_issues_count * 100 + Issue.sum('done_ratio', :include => 'status', :conditions => ["fixed_version_id = ? AND is_closed = ?", id, false]).to_f) / fixed_issues.count
+      issues_progress(false) + issues_progress(true)
    end
  end
  
+  # Returns the percentage of issues that have been marked as 'closed'.
  def closed_pourcent
-    if fixed_issues.count == 0
+    if issues_count == 0
      0
    else
-      closed_issues_count * 100.0 / fixed_issues.count
+      issues_progress(false)
    end
  end
  
@@ -72,10 +99,17 @@ class Version < ActiveRecord::Base
    effective_date && (effective_date < Date.today) && (open_issues_count > 0)
  end
  
+  # Returns assigned issues count
+  def issues_count
+    @issue_count ||= fixed_issues.count
+  end
+  
+  # Returns the total amount of open issues for this version.
  def open_issues_count
    @open_issues_count ||= Issue.count(:all, :conditions => ["fixed_version_id = ? AND is_closed = ?", self.id, false], :include => :status)
  end

+  # Returns the total amount of closed issues for this version.
  def closed_issues_count
    @closed_issues_count ||= Issue.count(:all, :conditions => ["fixed_version_id = ? AND is_closed = ?", self.id, true], :include => :status)
  end
@@ -99,8 +133,73 @@ class Version < ActiveRecord::Base
    end
  end
  
-private
-  def check_integrity
-    raise "Can't delete version" if self.fixed_issues.find(:first)
+  # Returns the sharings that +user+ can set the version to
+  def allowed_sharings(user = User.current)
+    VERSION_SHARINGS.select do |s|
+      if sharing == s
+        true
+      else
+        case s
+        when 'system'
+          # Only admin users can set a systemwide sharing
+          user.admin?
+        when 'hierarchy', 'tree'
+          # Only users allowed to manage versions of the root project can
+          # set sharing to hierarchy or tree
+          project.nil? || user.allowed_to?(:manage_versions, project.root)
+        else
+          true
+        end
+      end
+    end
+  end
+  
+  private
+
+  # Update the issue's fixed versions. Used if a version's sharing changes.
+  def update_issues_from_sharing_change
+    if sharing_changed?
+      if VERSION_SHARINGS.index(sharing_was).nil? ||
+          VERSION_SHARINGS.index(sharing).nil? ||
+          VERSION_SHARINGS.index(sharing_was) > VERSION_SHARINGS.index(sharing)
+        Issue.update_versions_from_sharing_change self
+      end
+    end
+  end
+  
+  # Returns the average estimated time of assigned issues
+  # or 1 if no issue has an estimated time
+  # Used to weigth unestimated issues in progress calculation
+  def estimated_average
+    if @estimated_average.nil?
+      average = fixed_issues.average(:estimated_hours).to_f
+      if average == 0
+        average = 1
+      end
+      @estimated_average = average
+    end
+    @estimated_average
+  end
+  
+  # Returns the total progress of open or closed issues.  The returned percentage takes into account
+  # the amount of estimated time set for this version.
+  #
+  # Examples:
+  # issues_progress(true)   => returns the progress percentage for open issues.
+  # issues_progress(false)  => returns the progress percentage for closed issues.
+  def issues_progress(open)
+    @issues_progress ||= {}
+    @issues_progress[open] ||= begin
+      progress = 0
+      if issues_count > 0
+        ratio = open ? 'done_ratio' : 100
+        
+        done = fixed_issues.sum("COALESCE(estimated_hours, #{estimated_average}) * #{ratio}",
+                                  :include => :status,
+                                  :conditions => ["is_closed = ?", !open]).to_f
+        progress = done / (estimated_average * issues_count)
+      end
+      progress
+    end
  end
 end
--- a/Show More
+++ b/Show More