Tagging 1.0.1

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/tags/1.0.1@4033 e93f8b46-1217-0410-a6f0-8f06a7374b81
Merged r4029 from trunk.
2010-08-22 21:27:14 +00:00 · 2010-08-22 21:21:25 +00:00 · 2010-08-22 21:21:20 +00:00 · 2010-08-22 21:21:15 +00:00 · 2010-08-22 19:49:31 +00:00 · 2010-08-22 19:49:26 +00:00
655 changed files with 23716 additions and 7229 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -17,3 +17,4 @@
 /tmp/sockets/*
 /tmp/test/*
 /vendor/rails
+*.rbc
--- a/README.rdoc
+++ b/README.rdoc
@@ -2,4 +2,4 @@

 Redmine is a flexible project management web application written using Ruby on Rails framework.

-More details can be found at http://www.redmine.org
+More details can be found at in the doc directory or on the official website http://www.redmine.org
--- a/app/controllers/account_controller.rb
+++ b/app/controllers/account_controller.rb
@@ -25,23 +25,15 @@ class AccountController < ApplicationController
  # Login request and validation
  def login
    if request.get?
-      # Logout user
-      self.logged_user = nil
+      logout_user
    else
-      # Authenticate user
-      if Setting.openid? && using_open_id?
-        open_id_authenticate(params[:openid_url])
-      else
-        password_authentication
-      end
+      authenticate_user
    end
  end

  # Log out current user and redirect to welcome page
  def logout
-    cookies.delete :autologin
-    Token.delete_all(["user_id = ? AND action = ?", User.current.id, 'autologin']) if User.current.logged?
-    self.logged_user = nil
+    logout_user
    redirect_to home_url
  end
  
@@ -91,9 +83,9 @@ class AccountController < ApplicationController
    else
      @user = User.new(params[:user])
      @user.admin = false
-      @user.status = User::STATUS_REGISTERED
+      @user.register
      if session[:auth_source_registration]
-        @user.status = User::STATUS_ACTIVE
+        @user.activate
        @user.login = session[:auth_source_registration][:login]
        @user.auth_source_id = session[:auth_source_registration][:auth_source_id]
        if @user.save
@@ -124,8 +116,8 @@ class AccountController < ApplicationController
    token = Token.find_by_action_and_value('register', params[:token])
    redirect_to(home_url) && return unless token and !token.expired?
    user = token.user
-    redirect_to(home_url) && return unless user.status == User::STATUS_REGISTERED
-    user.status = User::STATUS_ACTIVE
+    redirect_to(home_url) && return unless user.registered?
+    user.activate
    if user.save
      token.destroy
      flash[:notice] = l(:notice_account_activated)
@@ -134,6 +126,22 @@ class AccountController < ApplicationController
  end
  
  private
+  
+  def logout_user
+    if User.current.logged?
+      cookies.delete :autologin
+      Token.delete_all(["user_id = ? AND action = ?", User.current.id, 'autologin'])
+      self.logged_user = nil
+    end
+  end
+  
+  def authenticate_user
+    if Setting.openid? && using_open_id?
+      open_id_authenticate(params[:openid_url])
+    else
+      password_authentication
+    end
+  end

  def password_authentication
    user = User.try_to_login(params[:username], params[:password])
@@ -162,7 +170,7 @@ class AccountController < ApplicationController
          user.mail = registration['email'] unless registration['email'].nil?
          user.firstname, user.lastname = registration['fullname'].split(' ') unless registration['fullname'].nil?
          user.random_password
-          user.status = User::STATUS_REGISTERED
+          user.register

          case Setting.self_registration
          when '1'
@@ -210,6 +218,7 @@ class AccountController < ApplicationController
  end

  def invalid_credentials
+    logger.warn "Failed login for '#{params[:username]}' from #{request.remote_ip} at #{Time.now.utc}"
    flash.now[:error] = l(:notice_account_invalid_creditentials)
  end

@@ -232,7 +241,7 @@ class AccountController < ApplicationController
  # Pass a block for behavior when a user fails to save
  def register_automatically(user, &block)
    # Automatic activation
-    user.status = User::STATUS_ACTIVE
+    user.activate
    user.last_login_on = Time.now
    if user.save
      self.logged_user = user
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -22,6 +22,7 @@ class ApplicationController < ActionController::Base
  include Redmine::I18n

  layout 'base'
+  exempt_from_layout 'builder'
  
  # Remove broken cookie after upgrade from 0.8.x (#4292)
  # See https://rails.lighthouseapp.com/projects/8994/tickets/3360
@@ -45,7 +46,7 @@ class ApplicationController < ActionController::Base
  include Redmine::MenuManager::MenuController
  helper Redmine::MenuManager::MenuHelper
  
-  REDMINE_SUPPORTED_SCM.each do |scm|
+  Redmine::Scm::Base.all.each do |scm|
    require_dependency "repository/#{scm.underscore}"
  end

@@ -70,8 +71,8 @@ class ApplicationController < ActionController::Base
    elsif params[:format] == 'atom' && params[:key] && accept_key_auth_actions.include?(params[:action])
      # RSS key authentication does not start a session
      User.find_by_rss_key(params[:key])
-    elsif Setting.rest_api_enabled? && ['xml', 'json'].include?(params[:format]) && accept_key_auth_actions.include?(params[:action])
-      if params[:key].present?
+    elsif Setting.rest_api_enabled? && ['xml', 'json'].include?(params[:format])
+      if params[:key].present? && accept_key_auth_actions.include?(params[:action])
        # Use API key
        User.find_by_api_key(params[:key])
      else
@@ -107,8 +108,9 @@ class ApplicationController < ActionController::Base
      lang = find_language(User.current.language)
    end
    if lang.nil? && request.env['HTTP_ACCEPT_LANGUAGE']
-      accept_lang = parse_qvalues(request.env['HTTP_ACCEPT_LANGUAGE']).first.downcase
+      accept_lang = parse_qvalues(request.env['HTTP_ACCEPT_LANGUAGE']).first
      if !accept_lang.blank?
+        accept_lang = accept_lang.downcase
        lang = find_language(accept_lang) || find_language(accept_lang.split('-').first)
      end
    end
@@ -127,8 +129,9 @@ class ApplicationController < ActionController::Base
      respond_to do |format|
        format.html { redirect_to :controller => "account", :action => "login", :back_url => url }
        format.atom { redirect_to :controller => "account", :action => "login", :back_url => url }
-        format.xml { head :unauthorized }
-        format.json { head :unauthorized }
+        format.xml  { head :unauthorized, 'WWW-Authenticate' => 'Basic realm="Redmine API"' }
+        format.js   { head :unauthorized, 'WWW-Authenticate' => 'Basic realm="Redmine API"' }
+        format.json { head :unauthorized, 'WWW-Authenticate' => 'Basic realm="Redmine API"' }
      end
      return false
    end
@@ -158,6 +161,62 @@ class ApplicationController < ActionController::Base
  def authorize_global(ctrl = params[:controller], action = params[:action], global = true)
    authorize(ctrl, action, global)
  end
+
+  # Find project of id params[:id]
+  def find_project
+    @project = Project.find(params[:id])
+  rescue ActiveRecord::RecordNotFound
+    render_404
+  end
+
+  # Find a project based on params[:project_id]
+  # TODO: some subclasses override this, see about merging their logic
+  def find_optional_project
+    @project = Project.find(params[:project_id]) unless params[:project_id].blank?
+    allowed = User.current.allowed_to?({:controller => params[:controller], :action => params[:action]}, @project, :global => true)
+    allowed ? true : deny_access
+  rescue ActiveRecord::RecordNotFound
+    render_404
+  end
+
+  # Finds and sets @project based on @object.project
+  def find_project_from_association
+    render_404 unless @object.present?
+    
+    @project = @object.project
+  rescue ActiveRecord::RecordNotFound
+    render_404
+  end
+
+  def find_model_object
+    model = self.class.read_inheritable_attribute('model_object')
+    if model
+      @object = model.find(params[:id])
+      self.instance_variable_set('@' + controller_name.singularize, @object) if @object
+    end
+  rescue ActiveRecord::RecordNotFound
+    render_404
+  end
+
+  def self.model_object(model)
+    write_inheritable_attribute('model_object', model)
+  end
+
+  # Filter for bulk issue operations
+  def find_issues
+    @issues = Issue.find_all_by_id(params[:id] || params[:ids])
+    raise ActiveRecord::RecordNotFound if @issues.empty?
+    projects = @issues.collect(&:project).compact.uniq
+    if projects.size == 1
+      @project = projects.first
+    else
+      # TODO: let users bulk edit/move/destroy issues from different projects
+      render_error 'Can not bulk edit/move/destroy issues from different projects'
+      return false
+    end
+  rescue ActiveRecord::RecordNotFound
+    render_404
+  end
  
  # make sure that the user is a member of the project (or admin) if project is private
  # used as a before_filter for actions that do not require any particular permission on the project
@@ -175,6 +234,10 @@ class ApplicationController < ActionController::Base
    end
  end

+  def back_url
+    params[:back_url] || request.env['HTTP_REFERER']
+  end
+
  def redirect_back_or_default(default)
    back_url = CGI.unescape(params[:back_url].to_s)
    if !back_url.blank?
@@ -194,21 +257,51 @@ class ApplicationController < ActionController::Base
  
  def render_403
    @project = nil
-    render :template => "common/403", :layout => (request.xhr? ? false : 'base'), :status => 403
+    respond_to do |format|
+      format.html { render :template => "common/403", :layout => use_layout, :status => 403 }
+      format.atom { head 403 }
+      format.xml { head 403 }
+      format.js { head 403 }
+      format.json { head 403 }
+    end
    return false
  end
    
  def render_404
-    render :template => "common/404", :layout => !request.xhr?, :status => 404
+    respond_to do |format|
+      format.html { render :template => "common/404", :layout => use_layout, :status => 404 }
+      format.atom { head 404 }
+      format.xml { head 404 }
+      format.js { head 404 }
+      format.json { head 404 }
+    end
    return false
  end
  
  def render_error(msg)
-    flash.now[:error] = msg
-    render :text => '', :layout => !request.xhr?, :status => 500
+    respond_to do |format|
+      format.html { 
+        flash.now[:error] = msg
+        render :text => '', :layout => use_layout, :status => 500
+      }
+      format.atom { head 500 }
+      format.xml { head 500 }
+      format.js { head 500 }
+      format.json { head 500 }
+    end
+  end
+
+  # Picks which layout to use based on the request
+  #
+  # @return [boolean, string] name of the layout to use or false for no layout
+  def use_layout
+    request.xhr? ? false : 'base'
  end
  
  def invalid_authenticity_token
+    if api_request?
+      logger.error "Form authenticity token is missing or is invalid. API calls must include a proper Content-type header (text/xml or text/json)."
+    end
    render_error "Invalid form authenticity token."
  end
  
@@ -229,27 +322,6 @@ class ApplicationController < ActionController::Base
    self.class.read_inheritable_attribute('accept_key_auth_actions') || []
  end
  
-  # TODO: move to model
-  def attach_files(obj, attachments)
-    attached = []
-    unsaved = []
-    if attachments && attachments.is_a?(Hash)
-      attachments.each_value do |attachment|
-        file = attachment['file']
-        next unless file && file.size > 0
-        a = Attachment.create(:container => obj, 
-                              :file => file,
-                              :description => attachment['description'].to_s.strip,
-                              :author => User.current)
-        a.new_record? ? (unsaved << a) : (attached << a)
-      end
-      if unsaved.any?
-        flash[:warning] = l(:warning_attachments_not_saved, unsaved.size)
-      end
-    end
-    attached
-  end
-
  # Returns the number of objects that should be displayed
  # on the paginated list
  def per_page_option
@@ -290,4 +362,44 @@ class ApplicationController < ActionController::Base
  def filename_for_content_disposition(name)
    request.env['HTTP_USER_AGENT'] =~ %r{MSIE} ? ERB::Util.url_encode(name) : name
  end
+  
+  def api_request?
+    %w(xml json).include? params[:format]
+  end
+
+  # Renders a warning flash if obj has unsaved attachments
+  def render_attachment_warning_if_needed(obj)
+    flash[:warning] = l(:warning_attachments_not_saved, obj.unsaved_attachments.size) if obj.unsaved_attachments.present?
+  end
+
+  # Sets the `flash` notice or error based the number of issues that did not save
+  #
+  # @param [Array, Issue] issues all of the saved and unsaved Issues
+  # @param [Array, Integer] unsaved_issue_ids the issue ids that were not saved
+  def set_flash_from_bulk_issue_save(issues, unsaved_issue_ids)
+    if unsaved_issue_ids.empty?
+      flash[:notice] = l(:notice_successful_update) unless issues.empty?
+    else
+      flash[:error] = l(:notice_failed_to_save_issues,
+                        :count => unsaved_issue_ids.size,
+                        :total => issues.size,
+                        :ids => '#' + unsaved_issue_ids.join(', #'))
+    end
+  end
+
+  # Rescues an invalid query statement. Just in case...
+  def query_statement_invalid(exception)
+    logger.error "Query::StatementInvalid: #{exception.message}" if logger
+    session.delete(:query)
+    sort_clear if respond_to?(:sort_clear)
+    render_error "An error occurred while executing the query and has been logged. Please report this error to your Redmine administrator."
+  end
+
+  # Converts the errors on an ActiveRecord object into a common JSON format
+  def object_errors_to_json(object)
+    object.errors.collect do |attribute, error|
+      { attribute => error }
+    end.to_json
+  end
+  
 end
--- a/app/controllers/attachments_controller.rb
+++ b/app/controllers/attachments_controller.rb
@@ -41,7 +41,7 @@ class AttachmentsController < ApplicationController
    
    # images are sent inline
    send_file @attachment.diskfile, :filename => filename_for_content_disposition(@attachment.filename),
-                                    :type => @attachment.content_type, 
+                                    :type => detect_content_type(@attachment), 
                                    :disposition => (@attachment.image? ? 'inline' : 'attachment')
   
  end
@@ -76,4 +76,12 @@ private
  def delete_authorize
    @attachment.deletable? ? true : deny_access
  end
+  
+  def detect_content_type(attachment)
+    content_type = attachment.content_type
+    if content_type.blank?
+      content_type = Redmine::MimeType.of(attachment.filename)
+    end
+    content_type.to_s
+  end
 end
--- a/app/controllers/auth_sources_controller.rb
+++ b/app/controllers/auth_sources_controller.rb
@@ -20,45 +20,42 @@ class AuthSourcesController < ApplicationController
  
  before_filter :require_admin

-  def index
-    list
-    render :action => 'list' unless request.xhr?
-  end
-
  # GETs should be safe (see http://www.w3.org/2001/tag/doc/whenToUseGet.html)
  verify :method => :post, :only => [ :destroy, :create, :update ],
-         :redirect_to => { :action => :list }
+         :redirect_to => { :template => :index }

-  def list
-    @auth_source_pages, @auth_sources = paginate :auth_sources, :per_page => 10
-    render :action => "list", :layout => false if request.xhr?
+  def index
+    @auth_source_pages, @auth_sources = paginate auth_source_class.name.tableize, :per_page => 10
+    render "auth_sources/index"
  end

  def new
-    @auth_source = AuthSourceLdap.new
+    @auth_source = auth_source_class.new
+    render 'auth_sources/new'
  end

  def create
-    @auth_source = AuthSourceLdap.new(params[:auth_source])
+    @auth_source = auth_source_class.new(params[:auth_source])
    if @auth_source.save
      flash[:notice] = l(:notice_successful_create)
-      redirect_to :action => 'list'
+      redirect_to :action => 'index'
    else
-      render :action => 'new'
+      render 'auth_sources/new'
    end
  end

  def edit
    @auth_source = AuthSource.find(params[:id])
+    render 'auth_sources/edit'
  end

  def update
    @auth_source = AuthSource.find(params[:id])
    if @auth_source.update_attributes(params[:auth_source])
      flash[:notice] = l(:notice_successful_update)
-      redirect_to :action => 'list'
+      redirect_to :action => 'index'
    else
-      render :action => 'edit'
+      render 'auth_sources/edit'
    end
  end
  
@@ -68,9 +65,9 @@ class AuthSourcesController < ApplicationController
      @auth_method.test_connection
      flash[:notice] = l(:notice_successful_connection)
    rescue => text
-      flash[:error] = "Unable to connect (#{text})"
+      flash[:error] = l(:error_unable_to_connect, text.message)
    end
-    redirect_to :action => 'list'
+    redirect_to :action => 'index'
  end

  def destroy
@@ -79,6 +76,12 @@ class AuthSourcesController < ApplicationController
      @auth_source.destroy
      flash[:notice] = l(:notice_successful_delete)
    end
-    redirect_to :action => 'list'
+    redirect_to :action => 'index'
+  end
+
+  protected
+
+  def auth_source_class
+    AuthSource
  end
 end
--- a/app/controllers/auto_completes_controller.rb
+++ b/app/controllers/auto_completes_controller.rb
@@ -0,0 +1,25 @@
+class AutoCompletesController < ApplicationController
+  before_filter :find_project
+  
+  def issues
+    @issues = []
+    q = params[:q].to_s
+    if q.match(/^\d+$/)
+      @issues << @project.issues.visible.find_by_id(q.to_i)
+    end
+    unless q.blank?
+      @issues += @project.issues.visible.find(:all, :conditions => ["LOWER(#{Issue.table_name}.subject) LIKE ?", "%#{q.downcase}%"], :limit => 10)
+    end
+    render :layout => false
+  end
+
+  private
+
+  def find_project
+    project_id = (params[:issue] && params[:issue][:project_id]) || params[:project_id]
+    @project = Project.find(project_id)
+  rescue ActiveRecord::RecordNotFound
+    render_404
+  end
+
+end
--- a/app/controllers/boards_controller.rb
+++ b/app/controllers/boards_controller.rb
@@ -17,7 +17,8 @@

 class BoardsController < ApplicationController
  default_search_scope :messages
-  before_filter :find_project, :authorize
+  before_filter :find_project, :find_board_if_available, :authorize
+  accept_key_auth :index, :show

  helper :messages
  include MessagesHelper
@@ -68,24 +69,33 @@ class BoardsController < ApplicationController
    @board.project = @project
    if request.post? && @board.save
      flash[:notice] = l(:notice_successful_create)
-      redirect_to :controller => 'projects', :action => 'settings', :id => @project, :tab => 'boards'
+      redirect_to_settings_in_projects
    end
  end

  def edit
    if request.post? && @board.update_attributes(params[:board])
-      redirect_to :controller => 'projects', :action => 'settings', :id => @project, :tab => 'boards'
+      redirect_to_settings_in_projects
    end
  end

  def destroy
    @board.destroy
-    redirect_to :controller => 'projects', :action => 'settings', :id => @project, :tab => 'boards'
+    redirect_to_settings_in_projects
  end
  
 private
+  def redirect_to_settings_in_projects
+    redirect_to :controller => 'projects', :action => 'settings', :id => @project, :tab => 'boards'
+  end
+
  def find_project
    @project = Project.find(params[:project_id])
+  rescue ActiveRecord::RecordNotFound
+    render_404
+  end
+
+  def find_board_if_available
    @board = @project.boards.find(params[:id]) if params[:id]
  rescue ActiveRecord::RecordNotFound
    render_404
--- a/app/controllers/calendars_controller.rb
+++ b/app/controllers/calendars_controller.rb
@@ -0,0 +1,39 @@
+class CalendarsController < ApplicationController
+  menu_item :calendar
+  before_filter :find_optional_project
+
+  rescue_from Query::StatementInvalid, :with => :query_statement_invalid
+
+  helper :issues
+  helper :projects
+  helper :queries
+  include QueriesHelper
+
+  def show
+    if params[:year] and params[:year].to_i > 1900
+      @year = params[:year].to_i
+      if params[:month] and params[:month].to_i > 0 and params[:month].to_i < 13
+        @month = params[:month].to_i
+      end    
+    end
+    @year ||= Date.today.year
+    @month ||= Date.today.month
+    
+    @calendar = Redmine::Helpers::Calendar.new(Date.civil(@year, @month, 1), current_language, :month)
+    retrieve_query
+    @query.group_by = nil
+    if @query.valid?
+      events = []
+      events += @query.issues(:include => [:tracker, :assigned_to, :priority],
+                              :conditions => ["((start_date BETWEEN ? AND ?) OR (due_date BETWEEN ? AND ?))", @calendar.startdt, @calendar.enddt, @calendar.startdt, @calendar.enddt]
+                              )
+      events += @query.versions(:conditions => ["effective_date BETWEEN ? AND ?", @calendar.startdt, @calendar.enddt])
+                                     
+      @calendar.events = events
+    end
+    
+    render :layout => false if request.xhr?
+  end
+  
+
+end
--- a/app/controllers/context_menus_controller.rb
+++ b/app/controllers/context_menus_controller.rb
@@ -0,0 +1,33 @@
+class ContextMenusController < ApplicationController
+  helper :watchers
+  
+  def issues
+    @issues = Issue.find_all_by_id(params[:ids], :include => :project)
+    if (@issues.size == 1)
+      @issue = @issues.first
+      @allowed_statuses = @issue.new_statuses_allowed_to(User.current)
+    end
+    projects = @issues.collect(&:project).compact.uniq
+    @project = projects.first if projects.size == 1
+
+    @can = {:edit => (@project && User.current.allowed_to?(:edit_issues, @project)),
+            :log_time => (@project && User.current.allowed_to?(:log_time, @project)),
+            :update => (@project && (User.current.allowed_to?(:edit_issues, @project) || (User.current.allowed_to?(:change_status, @project) && @allowed_statuses && !@allowed_statuses.empty?))),
+            :move => (@project && User.current.allowed_to?(:move_issues, @project)),
+            :copy => (@issue && @project.trackers.include?(@issue.tracker) && User.current.allowed_to?(:add_issues, @project)),
+            :delete => (@project && User.current.allowed_to?(:delete_issues, @project))
+            }
+    if @project
+      @assignables = @project.assignable_users
+      @assignables << @issue.assigned_to if @issue && @issue.assigned_to && !@assignables.include?(@issue.assigned_to)
+      @trackers = @project.trackers
+    end
+    
+    @priorities = IssuePriority.all.reverse
+    @statuses = IssueStatus.find(:all, :order => 'position')
+    @back = back_url
+    
+    render :layout => false
+  end
+  
+end
--- a/app/controllers/custom_fields_controller.rb
+++ b/app/controllers/custom_fields_controller.rb
@@ -56,7 +56,7 @@ class CustomFieldsController < ApplicationController
    @custom_field = CustomField.find(params[:id]).destroy
    redirect_to :action => 'index', :tab => @custom_field.class.name
  rescue
-    flash[:error] = "Unable to delete custom field"
+    flash[:error] = l(:error_can_not_delete_custom_field)
    redirect_to :action => 'index'
  end
 end
--- a/app/controllers/documents_controller.rb
+++ b/app/controllers/documents_controller.rb
@@ -17,8 +17,10 @@

 class DocumentsController < ApplicationController
  default_search_scope :documents
+  model_object Document
  before_filter :find_project, :only => [:index, :new]
-  before_filter :find_document, :except => [:index, :new]
+  before_filter :find_model_object, :except => [:index, :new]
+  before_filter :find_project_from_association, :except => [:index, :new]
  before_filter :authorize
  
  helper :attachments
@@ -47,7 +49,8 @@ class DocumentsController < ApplicationController
  def new
    @document = @project.documents.build(params[:document])    
    if request.post? and @document.save	
-      attach_files(@document, params[:attachments])
+      attachments = Attachment.attach_files(@document, params[:attachments])
+      render_attachment_warning_if_needed(@document)
      flash[:notice] = l(:notice_successful_create)
      redirect_to :action => 'index', :project_id => @project
    end
@@ -67,8 +70,10 @@ class DocumentsController < ApplicationController
  end
  
  def add_attachment
-    attachments = attach_files(@document, params[:attachments])
-    Mailer.deliver_attachments_added(attachments) if !attachments.empty? && Setting.notified_events.include?('document_added')
+    attachments = Attachment.attach_files(@document, params[:attachments])
+    render_attachment_warning_if_needed(@document)
+
+    Mailer.deliver_attachments_added(attachments[:files]) if attachments.present? && attachments[:files].present? && Setting.notified_events.include?('document_added')
    redirect_to :action => 'show', :id => @document
  end

@@ -78,11 +83,4 @@ private
  rescue ActiveRecord::RecordNotFound
    render_404
  end
-
-  def find_document
-    @document = Document.find(params[:id])
-    @project = @document.project
-  rescue ActiveRecord::RecordNotFound
-    render_404
-  end
 end
--- a/app/controllers/enumerations_controller.rb
+++ b/app/controllers/enumerations_controller.rb
@@ -76,12 +76,12 @@ class EnumerationsController < ApplicationController
      @enumeration.destroy
      redirect_to :action => 'index'
    elsif params[:reassign_to_id]
-      if reassign_to = Enumeration.find_by_type_and_id(@enumeration.type, params[:reassign_to_id])
+      if reassign_to = @enumeration.class.find_by_id(params[:reassign_to_id])
        @enumeration.destroy(reassign_to)
        redirect_to :action => 'index'
      end
    end
-    @enumerations = Enumeration.find(:all, :conditions => ['type = (?)', @enumeration.type]) - [@enumeration]
+    @enumerations = @enumeration.class.find(:all) - [@enumeration]
  #rescue
  #  flash[:error] = 'Unable to delete enumeration'
  #  redirect_to :action => 'index'
--- a/app/controllers/gantts_controller.rb
+++ b/app/controllers/gantts_controller.rb
@@ -0,0 +1,46 @@
+class GanttsController < ApplicationController
+  menu_item :gantt
+  before_filter :find_optional_project
+
+  rescue_from Query::StatementInvalid, :with => :query_statement_invalid
+
+  helper :issues
+  helper :projects
+  helper :queries
+  include QueriesHelper
+  helper :sort
+  include SortHelper
+  include Redmine::Export::PDF
+  
+  def show
+    @gantt = Redmine::Helpers::Gantt.new(params)
+    retrieve_query
+    @query.group_by = nil
+    if @query.valid?
+      events = []
+      # Issues that have start and due dates
+      events += @query.issues(:include => [:tracker, :assigned_to, :priority],
+                              :order => "start_date, due_date",
+                              :conditions => ["(((start_date>=? and start_date<=?) or (due_date>=? and due_date<=?) or (start_date<? and due_date>?)) and start_date is not null and due_date is not null)", @gantt.date_from, @gantt.date_to, @gantt.date_from, @gantt.date_to, @gantt.date_from, @gantt.date_to]
+                              )
+      # Issues that don't have a due date but that are assigned to a version with a date
+      events += @query.issues(:include => [:tracker, :assigned_to, :priority, :fixed_version],
+                              :order => "start_date, effective_date",
+                              :conditions => ["(((start_date>=? and start_date<=?) or (effective_date>=? and effective_date<=?) or (start_date<? and effective_date>?)) and start_date is not null and due_date is null and effective_date is not null)", @gantt.date_from, @gantt.date_to, @gantt.date_from, @gantt.date_to, @gantt.date_from, @gantt.date_to]
+                              )
+      # Versions
+      events += @query.versions(:conditions => ["effective_date BETWEEN ? AND ?", @gantt.date_from, @gantt.date_to])
+                                   
+      @gantt.events = events
+    end
+    
+    basename = (@project ? "#{@project.identifier}-" : '') + 'gantt'
+    
+    respond_to do |format|
+      format.html { render :action => "show", :layout => !request.xhr? }
+      format.png  { send_data(@gantt.to_image(@project), :disposition => 'inline', :type => 'image/png', :filename => "#{basename}.png") } if @gantt.respond_to?('to_image')
+      format.pdf  { send_data(gantt_to_pdf(@gantt, @project), :type => 'application/pdf', :filename => "#{basename}.pdf") }
+    end
+  end
+
+end
--- a/app/controllers/groups_controller.rb
+++ b/app/controllers/groups_controller.rb
@@ -57,7 +57,7 @@ class GroupsController < ApplicationController

  # GET /groups/1/edit
  def edit
-    @group = Group.find(params[:id])
+    @group = Group.find(params[:id], :include => :projects)
  end

  # POST /groups
@@ -138,18 +138,25 @@ class GroupsController < ApplicationController
  
  def edit_membership
    @group = Group.find(params[:id])
-    @membership = params[:membership_id] ? Member.find(params[:membership_id]) : Member.new(:principal => @group)
-    @membership.attributes = params[:membership]
+    @membership = Member.edit_membership(params[:membership_id], params[:membership], @group)
    @membership.save if request.post?
    respond_to do |format|
-       format.html { redirect_to :controller => 'groups', :action => 'edit', :id => @group, :tab => 'memberships' }
-       format.js { 
-         render(:update) {|page| 
-           page.replace_html "tab-content-memberships", :partial => 'groups/memberships'
-           page.visual_effect(:highlight, "member-#{@membership.id}")
-         }
-       }
-     end
+      if @membership.valid?
+        format.html { redirect_to :controller => 'groups', :action => 'edit', :id => @group, :tab => 'memberships' }
+        format.js {
+          render(:update) {|page|
+            page.replace_html "tab-content-memberships", :partial => 'groups/memberships'
+            page.visual_effect(:highlight, "member-#{@membership.id}")
+          }
+        }
+      else
+        format.js {
+          render(:update) {|page|
+            page.alert(l(:notice_failed_to_save_members, :errors => @membership.errors.full_messages.join(', ')))
+          }
+        }
+      end
+    end
  end
  
  def destroy_membership
--- a/app/controllers/issue_categories_controller.rb
+++ b/app/controllers/issue_categories_controller.rb
@@ -17,10 +17,41 @@

 class IssueCategoriesController < ApplicationController
  menu_item :settings
-  before_filter :find_project, :authorize
+  model_object IssueCategory
+  before_filter :find_model_object, :except => :new
+  before_filter :find_project_from_association, :except => :new
+  before_filter :find_project, :only => :new
+  before_filter :authorize
  
  verify :method => :post, :only => :destroy

+  def new
+    @category = @project.issue_categories.build(params[:category])
+    if request.post?
+      if @category.save
+        respond_to do |format|
+          format.html do
+            flash[:notice] = l(:notice_successful_create)
+            redirect_to :controller => 'projects', :action => 'settings', :tab => 'categories', :id => @project
+          end
+          format.js do
+            # IE doesn't support the replace_html rjs method for select box options
+            render(:update) {|page| page.replace "issue_category_id",
+              content_tag('select', '<option></option>' + options_from_collection_for_select(@project.issue_categories, 'id', 'name', @category.id), :id => 'issue_category_id', :name => 'issue[category_id]')
+            }
+          end
+        end
+      else
+        respond_to do |format|
+          format.html
+          format.js do
+            render(:update) {|page| page.alert(@category.errors.full_messages.join('\n')) }
+          end
+        end
+      end
+    end
+  end
+  
  def edit
    if request.post? and @category.update_attributes(params[:category])
      flash[:notice] = l(:notice_successful_update)
@@ -43,10 +74,16 @@ class IssueCategoriesController < ApplicationController
  end

 private
+  # Wrap ApplicationController's find_model_object method to set
+  # @category instead of just @issue_category
+  def find_model_object
+    super
+    @category = @object
+  end    
+  
  def find_project
-    @category = IssueCategory.find(params[:id])
-    @project = @category.project
+    @project = Project.find(params[:project_id])
  rescue ActiveRecord::RecordNotFound
    render_404
-  end    
+  end
 end
--- a/app/controllers/issue_moves_controller.rb
+++ b/app/controllers/issue_moves_controller.rb
@@ -0,0 +1,65 @@
+class IssueMovesController < ApplicationController
+  default_search_scope :issues
+  before_filter :find_issues
+  before_filter :authorize
+  
+  def new
+    prepare_for_issue_move
+    render :layout => false if request.xhr?
+  end
+
+  def create
+    prepare_for_issue_move
+
+    if request.post?
+      new_tracker = params[:new_tracker_id].blank? ? nil : @target_project.trackers.find_by_id(params[:new_tracker_id])
+      unsaved_issue_ids = []
+      moved_issues = []
+      @issues.each do |issue|
+        issue.reload
+        issue.init_journal(User.current)
+        call_hook(:controller_issues_move_before_save, { :params => params, :issue => issue, :target_project => @target_project, :copy => !!@copy })
+        if r = issue.move_to_project(@target_project, new_tracker, {:copy => @copy, :attributes => extract_changed_attributes_for_move(params)})
+          moved_issues << r
+        else
+          unsaved_issue_ids << issue.id
+        end
+      end
+      set_flash_from_bulk_issue_save(@issues, unsaved_issue_ids)
+
+      if params[:follow]
+        if @issues.size == 1 && moved_issues.size == 1
+          redirect_to :controller => 'issues', :action => 'show', :id => moved_issues.first
+        else
+          redirect_to :controller => 'issues', :action => 'index', :project_id => (@target_project || @project)
+        end
+      else
+        redirect_to :controller => 'issues', :action => 'index', :project_id => @project
+      end
+      return
+    end
+  end
+
+  private
+
+  def prepare_for_issue_move
+    @issues.sort!
+    @copy = params[:copy_options] && params[:copy_options][:copy]
+    @allowed_projects = Issue.allowed_target_projects_on_move
+    @target_project = @allowed_projects.detect {|p| p.id.to_s == params[:new_project_id]} if params[:new_project_id]
+    @target_project ||= @project    
+    @trackers = @target_project.trackers
+    @available_statuses = Workflow.available_statuses(@project)
+  end
+
+  def extract_changed_attributes_for_move(params)
+    changed_attributes = {}
+    [:assigned_to_id, :status_id, :start_date, :due_date].each do |valid_attribute|
+      unless params[valid_attribute].blank?
+        changed_attributes[valid_attribute] = (params[valid_attribute] == 'none' ? nil : params[valid_attribute])
+      end
+    end
+    changed_attributes
+  end
+
+end
--- a/app/controllers/issue_relations_controller.rb
+++ b/app/controllers/issue_relations_controller.rb
@@ -16,13 +16,13 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class IssueRelationsController < ApplicationController
-  before_filter :find_project, :authorize
+  before_filter :find_issue, :find_project_from_association, :authorize
  
  def new
    @relation = IssueRelation.new(params[:relation])
    @relation.issue_from = @issue
-    if params[:relation] && !params[:relation][:issue_to_id].blank?
-      @relation.issue_to = Issue.visible.find_by_id(params[:relation][:issue_to_id])
+    if params[:relation] && m = params[:relation][:issue_to_id].to_s.match(/^#?(\d+)$/)
+      @relation.issue_to = Issue.visible.find_by_id(m[1].to_i)
    end
    @relation.save if request.post?
    respond_to do |format|
@@ -52,9 +52,8 @@ class IssueRelationsController < ApplicationController
  end
  
 private
-  def find_project
-    @issue = Issue.find(params[:issue_id])
-    @project = @issue.project
+  def find_issue
+    @issue = @object = Issue.find(params[:issue_id])
  rescue ActiveRecord::RecordNotFound
    render_404
  end
--- a/app/controllers/issue_statuses_controller.rb
+++ b/app/controllers/issue_statuses_controller.rb
@@ -21,16 +21,11 @@ class IssueStatusesController < ApplicationController
  before_filter :require_admin

  verify :method => :post, :only => [ :destroy, :create, :update, :move, :update_issue_done_ratio ],
-         :redirect_to => { :action => :list }
+         :redirect_to => { :action => :index }
         
  def index
-    list
-    render :action => 'list' unless request.xhr?
-  end
-
-  def list
    @issue_status_pages, @issue_statuses = paginate :issue_statuses, :per_page => 25, :order => "position"
-    render :action => "list", :layout => false if request.xhr?
+    render :action => "index", :layout => false if request.xhr?
  end

  def new
@@ -41,7 +36,7 @@ class IssueStatusesController < ApplicationController
    @issue_status = IssueStatus.new(params[:issue_status])
    if @issue_status.save
      flash[:notice] = l(:notice_successful_create)
-      redirect_to :action => 'list'
+      redirect_to :action => 'index'
    else
      render :action => 'new'
    end
@@ -55,7 +50,7 @@ class IssueStatusesController < ApplicationController
    @issue_status = IssueStatus.find(params[:id])
    if @issue_status.update_attributes(params[:issue_status])
      flash[:notice] = l(:notice_successful_update)
-      redirect_to :action => 'list'
+      redirect_to :action => 'index'
    else
      render :action => 'edit'
    end
@@ -63,10 +58,10 @@ class IssueStatusesController < ApplicationController

  def destroy
    IssueStatus.find(params[:id]).destroy
-    redirect_to :action => 'list'
+    redirect_to :action => 'index'
  rescue
-    flash[:error] = "Unable to delete issue status"
-    redirect_to :action => 'list'
+    flash[:error] = l(:error_unable_delete_issue_status)
+    redirect_to :action => 'index'
  end  	
  
  def update_issue_done_ratio
@@ -75,6 +70,6 @@ class IssueStatusesController < ApplicationController
    else
      flash[:error] =  l(:error_issue_done_ratios_not_updated)
    end
-    redirect_to :action => 'list'
+    redirect_to :action => 'index'
  end
 end
--- a/app/controllers/issues_controller.rb
+++ b/app/controllers/issues_controller.rb
@@ -16,14 +16,16 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class IssuesController < ApplicationController
-  menu_item :new_issue, :only => :new
+  menu_item :new_issue, :only => [:new, :create]
  default_search_scope :issues
  
-  before_filter :find_issue, :only => [:show, :edit, :reply]
-  before_filter :find_issues, :only => [:bulk_edit, :move, :destroy]
-  before_filter :find_project, :only => [:new, :update_form, :preview]
-  before_filter :authorize, :except => [:index, :changes, :gantt, :calendar, :preview, :context_menu]
-  before_filter :find_optional_project, :only => [:index, :changes, :gantt, :calendar]
+  before_filter :find_issue, :only => [:show, :edit, :update]
+  before_filter :find_issues, :only => [:bulk_edit, :move, :perform_move, :destroy]
+  before_filter :find_project, :only => [:new, :create]
+  before_filter :authorize, :except => [:index, :changes]
+  before_filter :find_optional_project, :only => [:index, :changes]
+  before_filter :check_for_default_issue_status, :only => [:new, :create]
+  before_filter :build_new_issue_from_params, :only => [:new, :create]
  accept_key_auth :index, :show, :changes

  rescue_from Query::StatementInvalid, :with => :query_statement_invalid
@@ -40,28 +42,33 @@ class IssuesController < ApplicationController
  helper :attachments
  include AttachmentsHelper
  helper :queries
+  include QueriesHelper
  helper :sort
  include SortHelper
  include IssuesHelper
  helper :timelog
  include Redmine::Export::PDF

-  verify :method => :post,
+  verify :method => [:post, :delete],
         :only => :destroy,
         :render => { :nothing => true, :status => :method_not_allowed }
-           
+
+  verify :method => :post, :only => :create, :render => {:nothing => true, :status => :method_not_allowed }
+  verify :method => :put, :only => :update, :render => {:nothing => true, :status => :method_not_allowed }
+  
  def index
    retrieve_query
    sort_init(@query.sort_criteria.empty? ? [['id', 'desc']] : @query.sort_criteria)
-    sort_update({'id' => "#{Issue.table_name}.id"}.merge(@query.available_columns.inject({}) {|h, c| h[c.name.to_s] = c.sortable; h}))
+    sort_update(@query.sortable_columns)
    
    if @query.valid?
-      limit = per_page_option
-      respond_to do |format|
-        format.html { }
-        format.atom { limit = Setting.feeds_limit.to_i }
-        format.csv  { limit = Setting.issues_export_limit.to_i }
-        format.pdf  { limit = Setting.issues_export_limit.to_i }
+      limit = case params[:format]
+      when 'csv', 'pdf'
+        Setting.issues_export_limit.to_i
+      when 'atom'
+        Setting.feeds_limit.to_i
+      else
+        per_page_option
      end
      
      @issue_count = @query.issue_count
@@ -74,6 +81,8 @@ class IssuesController < ApplicationController
      
      respond_to do |format|
        format.html { render :template => 'issues/index.rhtml', :layout => !request.xhr? }
+        format.xml  { render :layout => false }
+        format.json { render :text => @issues.to_json, :layout => false }
        format.atom { render_feed(@issues, :title => "#{@project || Setting.app_title}: #{l(:label_issue_plural)}") }
        format.csv  { send_data(issues_to_csv(@issues, @project), :type => 'text/csv; header=present', :filename => 'export.csv') }
        format.pdf  { send_data(issues_to_pdf(@issues, @project, @query), :type => 'application/pdf', :filename => 'export.pdf') }
@@ -89,7 +98,7 @@ class IssuesController < ApplicationController
  def changes
    retrieve_query
    sort_init 'id', 'desc'
-    sort_update({'id' => "#{Issue.table_name}.id"}.merge(@query.available_columns.inject({}) {|h, c| h[c.name.to_s] = c.sortable; h}))
+    sort_update(@query.sortable_columns)
    
    if @query.valid?
      @journals = @query.journals(:order => "#{Journal.table_name}.created_on DESC", 
@@ -105,7 +114,7 @@ class IssuesController < ApplicationController
    @journals = @issue.journals.find(:all, :include => [:user, :details], :order => "#{Journal.table_name}.created_on ASC")
    @journals.each_with_index {|j,i| j.indice = i+1}
    @journals.reverse! if User.current.wants_comments_in_reverse_order?
-    @changesets = @issue.changesets
+    @changesets = @issue.changesets.visible.all
    @changesets.reverse! if User.current.wants_comments_in_reverse_order?
    @allowed_statuses = @issue.new_statuses_allowed_to(User.current)
    @edit_allowed = User.current.allowed_to?(:edit_issues, @project)
@@ -113,6 +122,8 @@ class IssuesController < ApplicationController
    @time_entry = TimeEntry.new
    respond_to do |format|
      format.html { render :template => 'issues/show.rhtml' }
+      format.xml  { render :layout => false }
+      format.json { render :text => @issue.to_json, :layout => false }
      format.atom { render :action => 'changes', :layout => false, :content_type => 'application/atom+xml' }
      format.pdf  { send_data(issue_to_pdf(@issue), :type => 'application/pdf', :filename => "#{@project.identifier}-#{@issue.id}.pdf") }
    end
@@ -121,46 +132,35 @@ class IssuesController < ApplicationController
  # Add a new issue
  # The new issue will be created from an existing one if copy_from parameter is given
  def new
-    @issue = Issue.new
-    @issue.copy_from(params[:copy_from]) if params[:copy_from]
-    @issue.project = @project
-    # Tracker must be set before custom field values
-    @issue.tracker ||= @project.trackers.find((params[:issue] && params[:issue][:tracker_id]) || params[:tracker_id] || :first)
-    if @issue.tracker.nil?
-      render_error l(:error_no_tracker_in_project)
-      return
+    respond_to do |format|
+      format.html { render :action => 'new', :layout => !request.xhr? }
+      format.js { render :partial => 'attributes' }
    end
-    if params[:issue].is_a?(Hash)
-      @issue.attributes = params[:issue]
-      @issue.watcher_user_ids = params[:issue]['watcher_user_ids'] if User.current.allowed_to?(:add_issue_watchers, @project)
-    end
-    @issue.author = User.current
-    
-    default_status = IssueStatus.default
-    unless default_status
-      render_error l(:error_no_default_issue_status)
+  end
+
+  def create
+    call_hook(:controller_issues_new_before_save, { :params => params, :issue => @issue })
+    if @issue.save
+      attachments = Attachment.attach_files(@issue, params[:attachments])
+      render_attachment_warning_if_needed(@issue)
+      flash[:notice] = l(:notice_successful_create)
+      call_hook(:controller_issues_new_after_save, { :params => params, :issue => @issue})
+      respond_to do |format|
+        format.html {
+          redirect_to(params[:continue] ? { :action => 'new', :issue => {:tracker_id => @issue.tracker, :parent_issue_id => @issue.parent_issue_id}.reject {|k,v| v.nil?} } :
+                      { :action => 'show', :id => @issue })
+        }
+        format.xml  { render :action => 'show', :status => :created, :location => url_for(:controller => 'issues', :action => 'show', :id => @issue) }
+        format.json { render :text => @issue.to_json, :status => :created, :location => url_for(:controller => 'issues', :action => 'show'), :layout => false }
+      end
      return
-    end    
-    @issue.status = default_status
-    @allowed_statuses = ([default_status] + default_status.find_new_statuses_allowed_to(User.current.roles_for_project(@project), @issue.tracker)).uniq
-    
-    if request.get? || request.xhr?
-      @issue.start_date ||= Date.today
    else
-      requested_status = IssueStatus.find_by_id(params[:issue][:status_id])
-      # Check that the user is allowed to apply the requested status
-      @issue.status = (@allowed_statuses.include? requested_status) ? requested_status : default_status
-      if @issue.save
-        attach_files(@issue, params[:attachments])
-        flash[:notice] = l(:notice_successful_create)
-        call_hook(:controller_issues_new_after_save, { :params => params, :issue => @issue})
-        redirect_to(params[:continue] ? { :action => 'new', :tracker_id => @issue.tracker } :
-                                        { :action => 'show', :id => @issue })
-        return
-      end		
-    end	
-    @priorities = IssuePriority.all
-    render :layout => !request.xhr?
+      respond_to do |format|
+        format.html { render :action => 'new' }
+        format.xml  { render(:xml => @issue.errors, :status => :unprocessable_entity); return }
+        format.json { render :text => object_errors_to_json(@issue), :status => :unprocessable_entity, :layout => false }
+      end
+    end
  end
  
  # Attributes that can be updated on workflow transition (without :edit permission)
@@ -168,164 +168,66 @@ class IssuesController < ApplicationController
  UPDATABLE_ATTRS_ON_TRANSITION = %w(status_id assigned_to_id fixed_version_id done_ratio) unless const_defined?(:UPDATABLE_ATTRS_ON_TRANSITION)
  
  def edit
-    @allowed_statuses = @issue.new_statuses_allowed_to(User.current)
-    @priorities = IssuePriority.all
-    @edit_allowed = User.current.allowed_to?(:edit_issues, @project)
-    @time_entry = TimeEntry.new
-    
-    @notes = params[:notes]
-    journal = @issue.init_journal(User.current, @notes)
-    # User can change issue attributes only if he has :edit permission or if a workflow transition is allowed
-    if (@edit_allowed || !@allowed_statuses.empty?) && params[:issue]
-      attrs = params[:issue].dup
-      attrs.delete_if {|k,v| !UPDATABLE_ATTRS_ON_TRANSITION.include?(k) } unless @edit_allowed
-      attrs.delete(:status_id) unless @allowed_statuses.detect {|s| s.id.to_s == attrs[:status_id].to_s}
-      @issue.attributes = attrs
+    update_issue_from_params
+
+    @journal = @issue.current_journal
+
+    respond_to do |format|
+      format.html { }
+      format.xml  { }
    end
+  end

-    if request.post?
-      @time_entry = TimeEntry.new(:project => @project, :issue => @issue, :user => User.current, :spent_on => Date.today)
-      @time_entry.attributes = params[:time_entry]
-      attachments = attach_files(@issue, params[:attachments])
-      attachments.each {|a| journal.details << JournalDetail.new(:property => 'attachment', :prop_key => a.id, :value => a.filename)}
-      
-      call_hook(:controller_issues_edit_before_save, { :params => params, :issue => @issue, :time_entry => @time_entry, :journal => journal})
+  def update
+    update_issue_from_params

-      if (@time_entry.hours.nil? || @time_entry.valid?) && @issue.save
-        # Log spend time
-        if User.current.allowed_to?(:log_time, @project)
-          @time_entry.save
-        end
-        if !journal.new_record?
-          # Only send notification if something was actually changed
-          flash[:notice] = l(:notice_successful_update)
-        end
-        call_hook(:controller_issues_edit_after_save, { :params => params, :issue => @issue, :time_entry => @time_entry, :journal => journal})
-        redirect_to(params[:back_to] || {:action => 'show', :id => @issue})
+    if @issue.save_issue_with_child_records(params, @time_entry)
+      render_attachment_warning_if_needed(@issue)
+      flash[:notice] = l(:notice_successful_update) unless @issue.current_journal.new_record?
+
+      respond_to do |format|
+        format.html { redirect_back_or_default({:action => 'show', :id => @issue}) }
+        format.xml  { head :ok }
+        format.json  { head :ok }
+      end
+    else
+      render_attachment_warning_if_needed(@issue)
+      flash[:notice] = l(:notice_successful_update) unless @issue.current_journal.new_record?
+      @journal = @issue.current_journal
+
+      respond_to do |format|
+        format.html { render :action => 'edit' }
+        format.xml  { render :xml => @issue.errors, :status => :unprocessable_entity }
+        format.json { render :text => object_errors_to_json(@issue), :status => :unprocessable_entity, :layout => false }
      end
    end
-  rescue ActiveRecord::StaleObjectError
-    # Optimistic locking exception
-    flash.now[:error] = l(:notice_locking_conflict)
-    # Remove the previously added attachments if issue was not updated
-    attachments.each(&:destroy)
  end

-  def reply
-    journal = Journal.find(params[:journal_id]) if params[:journal_id]
-    if journal
-      user = journal.user
-      text = journal.notes
-    else
-      user = @issue.author
-      text = @issue.description
-    end
-    content = "#{ll(Setting.default_language, :text_user_wrote, user)}\\n> "
-    content << text.to_s.strip.gsub(%r{<pre>((.|\s)*?)</pre>}m, '[...]').gsub('"', '\"').gsub(/(\r?\n|\r\n?)/, "\\n> ") + "\\n\\n"
-    render(:update) { |page|
-      page.<< "$('notes').value = \"#{content}\";"
-      page.show 'update'
-      page << "Form.Element.focus('notes');"
-      page << "Element.scrollTo('update');"
-      page << "$('notes').scrollTop = $('notes').scrollHeight - $('notes').clientHeight;"
-    }
-  end
-  
  # Bulk edit a set of issues
  def bulk_edit
+    @issues.sort!
    if request.post?
-      tracker = params[:tracker_id].blank? ? nil : @project.trackers.find_by_id(params[:tracker_id])
-      status = params[:status_id].blank? ? nil : IssueStatus.find_by_id(params[:status_id])
-      priority = params[:priority_id].blank? ? nil : IssuePriority.find_by_id(params[:priority_id])
-      assigned_to = (params[:assigned_to_id].blank? || params[:assigned_to_id] == 'none') ? nil : User.find_by_id(params[:assigned_to_id])
-      category = (params[:category_id].blank? || params[:category_id] == 'none') ? nil : @project.issue_categories.find_by_id(params[:category_id])
-      fixed_version = (params[:fixed_version_id].blank? || params[:fixed_version_id] == 'none') ? nil : @project.shared_versions.find_by_id(params[:fixed_version_id])
-      custom_field_values = params[:custom_field_values] ? params[:custom_field_values].reject {|k,v| v.blank?} : nil
+      attributes = (params[:issue] || {}).reject {|k,v| v.blank?}
+      attributes.keys.each {|k| attributes[k] = '' if attributes[k] == 'none'}
+      attributes[:custom_field_values].reject! {|k,v| v.blank?} if attributes[:custom_field_values]
      
-      unsaved_issue_ids = []      
+      unsaved_issue_ids = []
      @issues.each do |issue|
+        issue.reload
        journal = issue.init_journal(User.current, params[:notes])
-        issue.tracker = tracker if tracker
-        issue.priority = priority if priority
-        issue.assigned_to = assigned_to if assigned_to || params[:assigned_to_id] == 'none'
-        issue.category = category if category || params[:category_id] == 'none'
-        issue.fixed_version = fixed_version if fixed_version || params[:fixed_version_id] == 'none'
-        issue.start_date = params[:start_date] unless params[:start_date].blank?
-        issue.due_date = params[:due_date] unless params[:due_date].blank?
-        issue.done_ratio = params[:done_ratio] unless params[:done_ratio].blank?
-        issue.custom_field_values = custom_field_values if custom_field_values && !custom_field_values.empty?
+        issue.safe_attributes = attributes
        call_hook(:controller_issues_bulk_edit_before_save, { :params => params, :issue => issue })
-        # Don't save any change to the issue if the user is not authorized to apply the requested status
-        unless (status.nil? || (issue.new_statuses_allowed_to(User.current).include?(status) && issue.status = status)) && issue.save
+        unless issue.save
          # Keep unsaved issue ids to display them in flash error
          unsaved_issue_ids << issue.id
        end
      end
-      if unsaved_issue_ids.empty?
-        flash[:notice] = l(:notice_successful_update) unless @issues.empty?
-      else
-        flash[:error] = l(:notice_failed_to_save_issues, :count => unsaved_issue_ids.size,
-                                                         :total => @issues.size,
-                                                         :ids => '#' + unsaved_issue_ids.join(', #'))
-      end
-      redirect_to(params[:back_to] || {:controller => 'issues', :action => 'index', :project_id => @project})
+      set_flash_from_bulk_issue_save(@issues, unsaved_issue_ids)
+      redirect_back_or_default({:controller => 'issues', :action => 'index', :project_id => @project})
      return
    end
    @available_statuses = Workflow.available_statuses(@project)
-    @custom_fields = @project.issue_custom_fields.select {|f| f.field_format == 'list'}
-  end
-
-  def move
-    @copy = params[:copy_options] && params[:copy_options][:copy]
-    @allowed_projects = []
-    # find projects to which the user is allowed to move the issue
-    if User.current.admin?
-      # admin is allowed to move issues to any active (visible) project
-      @allowed_projects = Project.find(:all, :conditions => Project.visible_by(User.current))
-    else
-      User.current.memberships.each {|m| @allowed_projects << m.project if m.roles.detect {|r| r.allowed_to?(:move_issues)}}
-    end
-    @target_project = @allowed_projects.detect {|p| p.id.to_s == params[:new_project_id]} if params[:new_project_id]
-    @target_project ||= @project    
-    @trackers = @target_project.trackers
-    @available_statuses = Workflow.available_statuses(@project)
-    if request.post?
-      new_tracker = params[:new_tracker_id].blank? ? nil : @target_project.trackers.find_by_id(params[:new_tracker_id])
-      unsaved_issue_ids = []
-      moved_issues = []
-      @issues.each do |issue|
-        changed_attributes = {}
-        [:assigned_to_id, :status_id, :start_date, :due_date].each do |valid_attribute|
-          unless params[valid_attribute].blank?
-            changed_attributes[valid_attribute] = (params[valid_attribute] == 'none' ? nil : params[valid_attribute])
-          end 
-        end
-        issue.init_journal(User.current)
-        if r = issue.move_to(@target_project, new_tracker, {:copy => @copy, :attributes => changed_attributes})
-          moved_issues << r
-        else
-          unsaved_issue_ids << issue.id
-        end
-      end
-      if unsaved_issue_ids.empty?
-        flash[:notice] = l(:notice_successful_update) unless @issues.empty?
-      else
-        flash[:error] = l(:notice_failed_to_save_issues, :count => unsaved_issue_ids.size,
-                                                         :total => @issues.size,
-                                                         :ids => '#' + unsaved_issue_ids.join(', #'))
-      end
-      if params[:follow]
-        if @issues.size == 1 && moved_issues.size == 1
-          redirect_to :controller => 'issues', :action => 'show', :id => moved_issues.first
-        else
-          redirect_to :controller => 'issues', :action => 'index', :project_id => (@target_project || @project)
-        end
-      else
-        redirect_to :controller => 'issues', :action => 'index', :project_id => @project
-      end
-      return
-    end
-    render :layout => false if request.xhr?
+    @custom_fields = @project.all_issue_custom_fields
  end
  
  def destroy
@@ -345,119 +247,20 @@ class IssuesController < ApplicationController
          TimeEntry.update_all("issue_id = #{reassign_to.id}", ['issue_id IN (?)', @issues])
        end
      else
-        # display the destroy form
-        return
+        unless params[:format] == 'xml' || params[:format] == 'json'
+          # display the destroy form if it's a user request
+          return
+        end
      end
    end
    @issues.each(&:destroy)
-    redirect_to :action => 'index', :project_id => @project
-  end
-  
-  def gantt
-    @gantt = Redmine::Helpers::Gantt.new(params)
-    retrieve_query
-    if @query.valid?
-      events = []
-      # Issues that have start and due dates
-      events += @query.issues(:include => [:tracker, :assigned_to, :priority],
-                              :order => "start_date, due_date",
-                              :conditions => ["(((start_date>=? and start_date<=?) or (due_date>=? and due_date<=?) or (start_date<? and due_date>?)) and start_date is not null and due_date is not null)", @gantt.date_from, @gantt.date_to, @gantt.date_from, @gantt.date_to, @gantt.date_from, @gantt.date_to]
-                              )
-      # Issues that don't have a due date but that are assigned to a version with a date
-      events += @query.issues(:include => [:tracker, :assigned_to, :priority, :fixed_version],
-                              :order => "start_date, effective_date",
-                              :conditions => ["(((start_date>=? and start_date<=?) or (effective_date>=? and effective_date<=?) or (start_date<? and effective_date>?)) and start_date is not null and due_date is null and effective_date is not null)", @gantt.date_from, @gantt.date_to, @gantt.date_from, @gantt.date_to, @gantt.date_from, @gantt.date_to]
-                              )
-      # Versions
-      events += @query.versions(:conditions => ["effective_date BETWEEN ? AND ?", @gantt.date_from, @gantt.date_to])
-                                   
-      @gantt.events = events
-    end
-    
-    basename = (@project ? "#{@project.identifier}-" : '') + 'gantt'
-    
    respond_to do |format|
-      format.html { render :template => "issues/gantt.rhtml", :layout => !request.xhr? }
-      format.png  { send_data(@gantt.to_image, :disposition => 'inline', :type => 'image/png', :filename => "#{basename}.png") } if @gantt.respond_to?('to_image')
-      format.pdf  { send_data(gantt_to_pdf(@gantt, @project), :type => 'application/pdf', :filename => "#{basename}.pdf") }
+      format.html { redirect_to :action => 'index', :project_id => @project }
+      format.xml  { head :ok }
+      format.json  { head :ok }
    end
  end
-  
-  def calendar
-    if params[:year] and params[:year].to_i > 1900
-      @year = params[:year].to_i
-      if params[:month] and params[:month].to_i > 0 and params[:month].to_i < 13
-        @month = params[:month].to_i
-      end    
-    end
-    @year ||= Date.today.year
-    @month ||= Date.today.month
-    
-    @calendar = Redmine::Helpers::Calendar.new(Date.civil(@year, @month, 1), current_language, :month)
-    retrieve_query
-    if @query.valid?
-      events = []
-      events += @query.issues(:include => [:tracker, :assigned_to, :priority],
-                              :conditions => ["((start_date BETWEEN ? AND ?) OR (due_date BETWEEN ? AND ?))", @calendar.startdt, @calendar.enddt, @calendar.startdt, @calendar.enddt]
-                              )
-      events += @query.versions(:conditions => ["effective_date BETWEEN ? AND ?", @calendar.startdt, @calendar.enddt])
-                                     
-      @calendar.events = events
-    end
-    
-    render :layout => false if request.xhr?
-  end
-  
-  def context_menu
-    @issues = Issue.find_all_by_id(params[:ids], :include => :project)
-    if (@issues.size == 1)
-      @issue = @issues.first
-      @allowed_statuses = @issue.new_statuses_allowed_to(User.current)
-    end
-    projects = @issues.collect(&:project).compact.uniq
-    @project = projects.first if projects.size == 1
-
-    @can = {:edit => (@project && User.current.allowed_to?(:edit_issues, @project)),
-            :log_time => (@project && User.current.allowed_to?(:log_time, @project)),
-            :update => (@project && (User.current.allowed_to?(:edit_issues, @project) || (User.current.allowed_to?(:change_status, @project) && @allowed_statuses && !@allowed_statuses.empty?))),
-            :move => (@project && User.current.allowed_to?(:move_issues, @project)),
-            :copy => (@issue && @project.trackers.include?(@issue.tracker) && User.current.allowed_to?(:add_issues, @project)),
-            :delete => (@project && User.current.allowed_to?(:delete_issues, @project))
-            }
-    if @project
-      @assignables = @project.assignable_users
-      @assignables << @issue.assigned_to if @issue && @issue.assigned_to && !@assignables.include?(@issue.assigned_to)
-      @trackers = @project.trackers
-    end
-    
-    @priorities = IssuePriority.all.reverse
-    @statuses = IssueStatus.find(:all, :order => 'position')
-    @back = params[:back_url] || request.env['HTTP_REFERER']
-    
-    render :layout => false
-  end

-  def update_form
-    if params[:id].blank?
-      @issue = Issue.new
-      @issue.project = @project
-    else
-      @issue = @project.issues.visible.find(params[:id])
-    end
-    @issue.attributes = params[:issue]
-    @allowed_statuses = ([@issue.status] + @issue.status.find_new_statuses_allowed_to(User.current.roles_for_project(@project), @issue.tracker)).uniq
-    @priorities = IssuePriority.all
-    
-    render :partial => 'attributes'
-  end
-  
-  def preview
-    @issue = @project.issues.find_by_id(params[:id]) unless params[:id].blank?
-    @attachements = @issue.attachments if @issue
-    @text = params[:notes] || (params[:issue] ? params[:issue][:description] : nil)
-    render :partial => 'common/preview'
-  end
-  
 private
  def find_issue
    @issue = Issue.find(params[:id], :include => [:project, :tracker, :status, :author, :priority, :category])
@@ -466,75 +269,65 @@ private
    render_404
  end
  
-  # Filter for bulk operations
-  def find_issues
-    @issues = Issue.find_all_by_id(params[:id] || params[:ids])
-    raise ActiveRecord::RecordNotFound if @issues.empty?
-    projects = @issues.collect(&:project).compact.uniq
-    if projects.size == 1
-      @project = projects.first
+  def find_project
+    project_id = (params[:issue] && params[:issue][:project_id]) || params[:project_id]
+    @project = Project.find(project_id)
+  rescue ActiveRecord::RecordNotFound
+    render_404
+  end
+  
+  # Used by #edit and #update to set some common instance variables
+  # from the params
+  # TODO: Refactor, not everything in here is needed by #edit
+  def update_issue_from_params
+    @allowed_statuses = @issue.new_statuses_allowed_to(User.current)
+    @priorities = IssuePriority.all
+    @edit_allowed = User.current.allowed_to?(:edit_issues, @project)
+    @time_entry = TimeEntry.new
+    
+    @notes = params[:notes]
+    @issue.init_journal(User.current, @notes)
+    # User can change issue attributes only if he has :edit permission or if a workflow transition is allowed
+    if (@edit_allowed || !@allowed_statuses.empty?) && params[:issue]
+      attrs = params[:issue].dup
+      attrs.delete_if {|k,v| !UPDATABLE_ATTRS_ON_TRANSITION.include?(k) } unless @edit_allowed
+      attrs.delete(:status_id) unless @allowed_statuses.detect {|s| s.id.to_s == attrs[:status_id].to_s}
+      @issue.safe_attributes = attrs
+    end
+
+  end
+
+  # TODO: Refactor, lots of extra code in here
+  def build_new_issue_from_params
+    if params[:id].blank?
+      @issue = Issue.new
+      @issue.copy_from(params[:copy_from]) if params[:copy_from]
+      @issue.project = @project
    else
-      # TODO: let users bulk edit/move/destroy issues from different projects
-      render_error 'Can not bulk edit/move/destroy issues from different projects'
+      @issue = @project.issues.visible.find(params[:id])
+    end
+    
+    @issue.project = @project
+    # Tracker must be set before custom field values
+    @issue.tracker ||= @project.trackers.find((params[:issue] && params[:issue][:tracker_id]) || params[:tracker_id] || :first)
+    if @issue.tracker.nil?
+      render_error l(:error_no_tracker_in_project)
      return false
    end
-  rescue ActiveRecord::RecordNotFound
-    render_404
+    if params[:issue].is_a?(Hash)
+      @issue.safe_attributes = params[:issue]
+      @issue.watcher_user_ids = params[:issue]['watcher_user_ids'] if User.current.allowed_to?(:add_issue_watchers, @project)
+    end
+    @issue.author = User.current
+    @issue.start_date ||= Date.today
+    @priorities = IssuePriority.all
+    @allowed_statuses = @issue.new_statuses_allowed_to(User.current, true)
  end
-  
-  def find_project
-    @project = Project.find(params[:project_id])
-  rescue ActiveRecord::RecordNotFound
-    render_404
-  end
-  
-  def find_optional_project
-    @project = Project.find(params[:project_id]) unless params[:project_id].blank?
-    allowed = User.current.allowed_to?({:controller => params[:controller], :action => params[:action]}, @project, :global => true)
-    allowed ? true : deny_access
-  rescue ActiveRecord::RecordNotFound
-    render_404
-  end
-  
-  # Retrieve query from session or build a new query
-  def retrieve_query
-    if !params[:query_id].blank?
-      cond = "project_id IS NULL"
-      cond << " OR project_id = #{@project.id}" if @project
-      @query = Query.find(params[:query_id], :conditions => cond)
-      @query.project = @project
-      session[:query] = {:id => @query.id, :project_id => @query.project_id}
-      sort_clear
-    else
-      if params[:set_filter] || session[:query].nil? || session[:query][:project_id] != (@project ? @project.id : nil)
-        # Give it a name, required to be valid
-        @query = Query.new(:name => "_")
-        @query.project = @project
-        if params[:fields] and params[:fields].is_a? Array
-          params[:fields].each do |field|
-            @query.add_filter(field, params[:operators][field], params[:values][field])
-          end
-        else
-          @query.available_filters.keys.each do |field|
-            @query.add_short_filter(field, params[field]) if params[field]
-          end
-        end
-        @query.group_by = params[:group_by]
-        @query.column_names = params[:query] && params[:query][:column_names]
-        session[:query] = {:project_id => @query.project_id, :filters => @query.filters, :group_by => @query.group_by, :column_names => @query.column_names}
-      else
-        @query = Query.find_by_id(session[:query][:id]) if session[:query][:id]
-        @query ||= Query.new(:name => "_", :project => @project, :filters => session[:query][:filters], :group_by => session[:query][:group_by], :column_names => session[:query][:column_names])
-        @query.project = @project
-      end
+
+  def check_for_default_issue_status
+    if IssueStatus.default.nil?
+      render_error l(:error_no_default_issue_status)
+      return false
    end
  end
-  
-  # Rescues an invalid query statement. Just in case...
-  def query_statement_invalid(exception)
-    logger.error "Query::StatementInvalid: #{exception.message}" if logger
-    session.delete(:query)
-    sort_clear
-    render_error "An error occurred while executing the query and has been logged. Please report this error to your Redmine administrator."
-  end
 end
--- a/app/controllers/journals_controller.rb
+++ b/app/controllers/journals_controller.rb
@@ -16,7 +16,31 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class JournalsController < ApplicationController
-  before_filter :find_journal
+  before_filter :find_journal, :only => [:edit]
+  before_filter :find_issue, :only => [:new]
+  
+  def new
+    journal = Journal.find(params[:journal_id]) if params[:journal_id]
+    if journal
+      user = journal.user
+      text = journal.notes
+    else
+      user = @issue.author
+      text = @issue.description
+    end
+    # Replaces pre blocks with [...]
+    text = text.to_s.strip.gsub(%r{<pre>((.|\s)*?)</pre>}m, '[...]')
+    content = "#{ll(Setting.default_language, :text_user_wrote, user)}\n> "
+    content << text.gsub(/(\r?\n|\r\n?)/, "\n> ") + "\n\n"
+      
+    render(:update) { |page|
+      page.<< "$('notes').value = \"#{escape_javascript content}\";"
+      page.show 'update'
+      page << "Form.Element.focus('notes');"
+      page << "Element.scrollTo('update');"
+      page << "$('notes').scrollTop = $('notes').scrollHeight - $('notes').clientHeight;"
+    }
+  end
  
  def edit
    if request.post?
@@ -38,4 +62,12 @@ private
  rescue ActiveRecord::RecordNotFound
    render_404
  end
+
+  # TODO: duplicated in IssuesController
+  def find_issue
+    @issue = Issue.find(params[:id], :include => [:project, :tracker, :status, :author, :priority, :category])
+    @project = @issue.project
+  rescue ActiveRecord::RecordNotFound
+    render_404
+  end
 end
--- a/app/controllers/ldap_auth_sources_controller.rb
+++ b/app/controllers/ldap_auth_sources_controller.rb
@@ -0,0 +1,25 @@
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+# 
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+
+class LdapAuthSourcesController < AuthSourcesController
+
+  protected
+  
+  def auth_source_class
+    AuthSourceLdap
+  end
+end
--- a/app/controllers/members_controller.rb
+++ b/app/controllers/members_controller.rb
@@ -16,7 +16,9 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class MembersController < ApplicationController
-  before_filter :find_member, :except => [:new, :autocomplete_for_member]
+  model_object Member
+  before_filter :find_model_object, :except => [:new, :autocomplete_for_member]
+  before_filter :find_project_from_association, :except => [:new, :autocomplete_for_member]
  before_filter :find_project, :only => [:new, :autocomplete_for_member]
  before_filter :authorize

@@ -34,13 +36,30 @@ class MembersController < ApplicationController
      @project.members << members
    end
    respond_to do |format|
-      format.html { redirect_to :controller => 'projects', :action => 'settings', :tab => 'members', :id => @project }
-      format.js { 
-        render(:update) {|page| 
-          page.replace_html "tab-content-members", :partial => 'projects/settings/members'
-          members.each {|member| page.visual_effect(:highlight, "member-#{member.id}") }
+      if members.present? && members.all? {|m| m.valid? }
+
+        format.html { redirect_to :controller => 'projects', :action => 'settings', :tab => 'members', :id => @project }
+
+        format.js { 
+          render(:update) {|page| 
+            page.replace_html "tab-content-members", :partial => 'projects/settings/members'
+            page << 'hideOnLoad()'
+            members.each {|member| page.visual_effect(:highlight, "member-#{member.id}") }
+          }
        }
-      }
+      else
+
+        format.js {
+          render(:update) {|page|
+            errors = members.collect {|m|
+              m.errors.full_messages
+            }.flatten.uniq
+
+            page.alert(l(:notice_failed_to_save_members, :errors => errors.join(', ')))
+          }
+        }
+        
+      end
    end
  end
  
@@ -51,6 +70,7 @@ class MembersController < ApplicationController
        format.js { 
          render(:update) {|page| 
            page.replace_html "tab-content-members", :partial => 'projects/settings/members'
+            page << 'hideOnLoad()'
            page.visual_effect(:highlight, "member-#{@member.id}")
          }
        }
@@ -64,7 +84,11 @@ class MembersController < ApplicationController
    end
    respond_to do |format|
      format.html { redirect_to :controller => 'projects', :action => 'settings', :tab => 'members', :id => @project }
-      format.js { render(:update) {|page| page.replace_html "tab-content-members", :partial => 'projects/settings/members'} }
+      format.js { render(:update) {|page|
+          page.replace_html "tab-content-members", :partial => 'projects/settings/members'
+          page << 'hideOnLoad()'
+        }
+      }
    end
  end
  
@@ -73,17 +97,4 @@ class MembersController < ApplicationController
    render :layout => false
  end

-private
-  def find_project
-    @project = Project.find(params[:id])
-  rescue ActiveRecord::RecordNotFound
-    render_404
-  end
-  
-  def find_member
-    @member = Member.find(params[:id]) 
-    @project = @member.project
-  rescue ActiveRecord::RecordNotFound
-    render_404
-  end
 end
--- a/app/controllers/messages_controller.rb
+++ b/app/controllers/messages_controller.rb
@@ -29,10 +29,24 @@ class MessagesController < ApplicationController
  helper :attachments
  include AttachmentsHelper   

+  REPLIES_PER_PAGE = 25 unless const_defined?(:REPLIES_PER_PAGE)
+  
  # Show a topic and its replies
  def show
-    @replies = @topic.children.find(:all, :include => [:author, :attachments, {:board => :project}])
-    @replies.reverse! if User.current.wants_comments_in_reverse_order?
+    page = params[:page]
+    # Find the page of the requested reply
+    if params[:r] && page.nil?
+      offset = @topic.children.count(:conditions => ["#{Message.table_name}.id < ?", params[:r].to_i])
+      page = 1 + offset / REPLIES_PER_PAGE
+    end
+    
+    @reply_count = @topic.children.count
+    @reply_pages = Paginator.new self, @reply_count, REPLIES_PER_PAGE, page
+    @replies =  @topic.children.find(:all, :include => [:author, :attachments, {:board => :project}],
+                                           :order => "#{Message.table_name}.created_on ASC",
+                                           :limit => @reply_pages.items_per_page,
+                                           :offset => @reply_pages.current.offset)
+    
    @reply = Message.new(:subject => "RE: #{@message.subject}")
    render :action => "show", :layout => false if request.xhr?
  end
@@ -48,7 +62,8 @@ class MessagesController < ApplicationController
    end
    if request.post? && @message.save
      call_hook(:controller_messages_new_after_save, { :params => params, :message => @message})
-      attach_files(@message, params[:attachments])
+      attachments = Attachment.attach_files(@message, params[:attachments])
+      render_attachment_warning_if_needed(@message)
      redirect_to :action => 'show', :id => @message
    end
  end
@@ -61,9 +76,10 @@ class MessagesController < ApplicationController
    @topic.children << @reply
    if !@reply.new_record?
      call_hook(:controller_messages_reply_after_save, { :params => params, :message => @reply})
-      attach_files(@reply, params[:attachments])
+      attachments = Attachment.attach_files(@reply, params[:attachments])
+      render_attachment_warning_if_needed(@reply)
    end
-    redirect_to :action => 'show', :id => @topic
+    redirect_to :action => 'show', :id => @topic, :r => @reply
  end

  # Edit a message
@@ -74,10 +90,11 @@ class MessagesController < ApplicationController
      @message.sticky = params[:message]['sticky']
    end
    if request.post? && @message.update_attributes(params[:message])
-      attach_files(@message, params[:attachments])
+      attachments = Attachment.attach_files(@message, params[:attachments])
+      render_attachment_warning_if_needed(@message)
      flash[:notice] = l(:notice_successful_update)
      @message.reload
-      redirect_to :action => 'show', :board_id => @message.board, :id => @message.root
+      redirect_to :action => 'show', :board_id => @message.board, :id => @message.root, :r => (@message.parent_id && @message.id)
    end
  end
  
@@ -87,7 +104,7 @@ class MessagesController < ApplicationController
    @message.destroy
    redirect_to @message.parent.nil? ?
      { :controller => 'boards', :action => 'show', :project_id => @project, :id => @board } :
-      { :action => 'show', :id => @message.parent }
+      { :action => 'show', :id => @message.parent, :r => @message }
  end
  
  def quote
--- a/app/controllers/my_controller.rb
+++ b/app/controllers/my_controller.rb
@@ -77,7 +77,7 @@ class MyController < ApplicationController
  # Manage user's password
  def password
    @user = User.current
-    if @user.auth_source_id
+    unless @user.change_password_allowed?
      flash[:error] = l(:notice_can_t_change_password)
      redirect_to :action => 'account'
      return
--- a/app/controllers/news_controller.rb
+++ b/app/controllers/news_controller.rb
@@ -17,7 +17,9 @@

 class NewsController < ApplicationController
  default_search_scope :news
-  before_filter :find_news, :except => [:new, :index, :preview]
+  model_object News
+  before_filter :find_model_object, :except => [:new, :index, :preview]
+  before_filter :find_project_from_association, :except => [:new, :index, :preview]
  before_filter :find_project, :only => [:new, :preview]
  before_filter :authorize, :except => [:index, :preview]
  before_filter :find_optional_project, :only => :index
@@ -88,13 +90,6 @@ class NewsController < ApplicationController
  end
  
 private
-  def find_news
-    @news = News.find(params[:id])
-    @project = @news.project
-  rescue ActiveRecord::RecordNotFound
-    render_404
-  end
-  
  def find_project
    @project = Project.find(params[:project_id])
  rescue ActiveRecord::RecordNotFound
--- a/app/controllers/previews_controller.rb
+++ b/app/controllers/previews_controller.rb
@@ -0,0 +1,28 @@
+class PreviewsController < ApplicationController
+  before_filter :find_project
+
+  def issue
+    @issue = @project.issues.find_by_id(params[:id]) unless params[:id].blank?
+    if @issue
+      @attachements = @issue.attachments
+      @description = params[:issue] && params[:issue][:description]
+      if @description && @description.gsub(/(\r?\n|\n\r?)/, "\n") == @issue.description.to_s.gsub(/(\r?\n|\n\r?)/, "\n")
+        @description = nil
+      end
+      @notes = params[:notes]
+    else
+      @description = (params[:issue] ? params[:issue][:description] : nil)
+    end
+    render :layout => false
+  end
+
+  private
+  
+  def find_project
+    project_id = (params[:issue] && params[:issue][:project_id]) || params[:project_id]
+    @project = Project.find(project_id)
+  rescue ActiveRecord::RecordNotFound
+    render_404
+  end
+  
+end
--- a/app/controllers/projects_controller.rb
+++ b/app/controllers/projects_controller.rb
@@ -27,7 +27,7 @@ class ProjectsController < ApplicationController
  before_filter :authorize, :except => [ :index, :list, :add, :copy, :archive, :unarchive, :destroy, :activity ]
  before_filter :authorize_global, :only => :add
  before_filter :require_admin, :only => [ :copy, :archive, :unarchive, :destroy ]
-  accept_key_auth :activity
+  accept_key_auth :activity, :index
  
  after_filter :only => [:add, :edit, :archive, :unarchive, :destroy] do |controller|
    if controller.request.post?
@@ -40,7 +40,6 @@ class ProjectsController < ApplicationController
  helper :custom_fields
  include CustomFieldsHelper   
  helper :issues
-  helper IssuesHelper
  helper :queries
  include QueriesHelper
  helper :repositories
@@ -53,6 +52,9 @@ class ProjectsController < ApplicationController
      format.html { 
        @projects = Project.visible.find(:all, :order => 'lft') 
      }
+      format.xml  {
+        @projects = Project.visible.find(:all, :order => 'lft')
+      }
      format.atom {
        projects = Project.visible.find(:all, :order => 'created_on DESC',
                                              :limit => Setting.feeds_limit.to_i)
@@ -81,8 +83,18 @@ class ProjectsController < ApplicationController
          m = Member.new(:user => User.current, :roles => [r])
          @project.members << m
        end
-        flash[:notice] = l(:notice_successful_create)
-        redirect_to :controller => 'projects', :action => 'settings', :id => @project
+        respond_to do |format|
+          format.html { 
+            flash[:notice] = l(:notice_successful_create)
+            redirect_to :controller => 'projects', :action => 'settings', :id => @project
+          }
+          format.xml  { head :created, :location => url_for(:controller => 'projects', :action => 'show', :id => @project.id) }
+        end
+      else
+        respond_to do |format|
+          format.html
+          format.xml  { render :xml => @project.errors, :status => :unprocessable_entity }
+        end
      end
    end	
  end
@@ -102,18 +114,20 @@ class ProjectsController < ApplicationController
        redirect_to :controller => 'admin', :action => 'projects'
      end  
    else
-      @project = Project.new(params[:project])
-      @project.enabled_module_names = params[:enabled_modules]
-      if validate_parent_id && @project.copy(@source_project, :only => params[:only])
-        @project.set_allowed_parent!(params[:project]['parent_id']) if params[:project].has_key?('parent_id')
-        flash[:notice] = l(:notice_successful_create)
-        redirect_to :controller => 'admin', :action => 'projects'
-      elsif !@project.new_record?
-        # Project was created
-        # But some objects were not copied due to validation failures
-        # (eg. issues from disabled trackers)
-        # TODO: inform about that
-        redirect_to :controller => 'admin', :action => 'projects'
+      Mailer.with_deliveries(params[:notifications] == '1') do
+        @project = Project.new(params[:project])
+        @project.enabled_module_names = params[:enabled_modules]
+        if validate_parent_id && @project.copy(@source_project, :only => params[:only])
+          @project.set_allowed_parent!(params[:project]['parent_id']) if params[:project].has_key?('parent_id')
+          flash[:notice] = l(:notice_successful_create)
+          redirect_to :controller => 'admin', :action => 'projects'
+        elsif !@project.new_record?
+          # Project was created
+          # But some objects were not copied due to validation failures
+          # (eg. issues from disabled trackers)
+          # TODO: inform about that
+          redirect_to :controller => 'admin', :action => 'projects'
+        end
      end
    end
  rescue ActiveRecord::RecordNotFound
@@ -147,6 +161,11 @@ class ProjectsController < ApplicationController
                                   :conditions => cond).to_f
    end
    @key = User.current.rss_key
+    
+    respond_to do |format|
+      format.html
+      format.xml
+    end
  end

  def settings
@@ -160,21 +179,33 @@ class ProjectsController < ApplicationController
  
  # Edit @project
  def edit
-    if request.post?
+    if request.get?
+    else
      @project.attributes = params[:project]
      if validate_parent_id && @project.save
        @project.set_allowed_parent!(params[:project]['parent_id']) if params[:project].has_key?('parent_id')
-        flash[:notice] = l(:notice_successful_update)
-        redirect_to :action => 'settings', :id => @project
+        respond_to do |format|
+          format.html { 
+            flash[:notice] = l(:notice_successful_update)
+            redirect_to :action => 'settings', :id => @project
+          }
+          format.xml  { head :ok }
+        end
      else
-        settings
-        render :action => 'settings'
+        respond_to do |format|
+          format.html { 
+            settings
+            render :action => 'settings'
+          }
+          format.xml  { render :xml => @project.errors, :status => :unprocessable_entity }
+        end
      end
    end
  end
  
  def modules
    @project.enabled_module_names = params[:enabled_modules]
+    flash[:notice] = l(:notice_successful_update)
    redirect_to :action => 'settings', :id => @project, :tab => 'modules'
  end

@@ -195,81 +226,29 @@ class ProjectsController < ApplicationController
  # Delete @project
  def destroy
    @project_to_destroy = @project
-    if request.post? and params[:confirm]
-      @project_to_destroy.destroy
-      redirect_to :controller => 'admin', :action => 'projects'
-    end
-    # hide project in layout
-    @project = nil
-  end
-	
-  # Add a new issue category to @project
-  def add_issue_category
-    @category = @project.issue_categories.build(params[:category])
-    if request.post?
-      if @category.save
-    	  respond_to do |format|
-          format.html do
-            flash[:notice] = l(:notice_successful_create)
-            redirect_to :action => 'settings', :tab => 'categories', :id => @project
-          end
-          format.js do
-            # IE doesn't support the replace_html rjs method for select box options
-            render(:update) {|page| page.replace "issue_category_id",
-              content_tag('select', '<option></option>' + options_from_collection_for_select(@project.issue_categories, 'id', 'name', @category.id), :id => 'issue_category_id', :name => 'issue[category_id]')
-            }
-          end
-        end
-      else
+    if request.get?
+      # display confirmation view
+    else
+      if params[:format] == 'xml' || params[:confirm]
+        @project_to_destroy.destroy
        respond_to do |format|
-          format.html
-          format.js do
-            render(:update) {|page| page.alert(@category.errors.full_messages.join('\n')) }
-          end
+          format.html { redirect_to :controller => 'admin', :action => 'projects' }
+          format.xml  { head :ok }
        end
      end
    end
-  end
-	
-  # Add a new version to @project
-  def add_version
-    @version = @project.versions.build
-    if params[:version]
-      attributes = params[:version].dup
-      attributes.delete('sharing') unless attributes.nil? || @version.allowed_sharings.include?(attributes['sharing'])
-      @version.attributes = attributes
-    end
-  	if request.post?
-  	  if @version.save
-        respond_to do |format|
-          format.html do
-            flash[:notice] = l(:notice_successful_create)
-            redirect_to :action => 'settings', :tab => 'versions', :id => @project
-          end
-          format.js do
-            # IE doesn't support the replace_html rjs method for select box options
-            render(:update) {|page| page.replace "issue_fixed_version_id",
-              content_tag('select', '<option></option>' + version_options_for_select(@project.shared_versions.open, @version), :id => 'issue_fixed_version_id', :name => 'issue[fixed_version_id]')
-            }
-          end
-        end
-      else
-        respond_to do |format|
-          format.html
-          format.js do
-            render(:update) {|page| page.alert(@version.errors.full_messages.join('\n')) }
-          end
-        end
-  	  end
-  	end
+    # hide project in layout
+    @project = nil
  end

  def add_file
    if request.post?
      container = (params[:version_id].blank? ? @project : @project.versions.find_by_id(params[:version_id]))
-      attachments = attach_files(container, params[:attachments])
+      attachments = Attachment.attach_files(container, params[:attachments])
+      render_attachment_warning_if_needed(container)
+
      if !attachments.empty? && Setting.notified_events.include?('file_added')
-        Mailer.deliver_attachments_added(attachments)
+        Mailer.deliver_attachments_added(attachments[:files])
      end
      redirect_to :controller => 'projects', :action => 'list_files', :id => @project
      return
@@ -284,6 +263,7 @@ class ProjectsController < ApplicationController
          @project.update_or_create_time_entry_activity(id, activity)
        end
      end
+      flash[:notice] = l(:notice_successful_update)
    end
    
    redirect_to :controller => 'projects', :action => 'settings', :tab => 'activities', :id => @project
@@ -293,6 +273,7 @@ class ProjectsController < ApplicationController
    @project.time_entry_activities.each do |time_entry_activity|
      time_entry_activity.destroy(time_entry_activity.parent)
    end
+    flash[:notice] = l(:notice_successful_update)
    redirect_to :controller => 'projects', :action => 'settings', :tab => 'activities', :id => @project
  end
  
@@ -314,24 +295,22 @@ class ProjectsController < ApplicationController
    @with_subprojects = params[:with_subprojects].nil? ? Setting.display_subprojects_issues? : (params[:with_subprojects] == '1')
    project_ids = @with_subprojects ? @project.self_and_descendants.collect(&:id) : [@project.id]
    
-    @versions = @project.shared_versions.sort
+    @versions = @project.shared_versions || []
+    @versions += @project.rolled_up_versions.visible if @with_subprojects
+    @versions = @versions.uniq.sort
    @versions.reject! {|version| version.closed? || version.completed? } unless params[:completed]
    
    @issues_by_version = {}
    unless @selected_tracker_ids.empty?
      @versions.each do |version|
-        conditions = {:tracker_id => @selected_tracker_ids}
-        if !@project.versions.include?(version)
-          conditions.merge!(:project_id => project_ids)
-        end
        issues = version.fixed_issues.visible.find(:all,
                                                   :include => [:project, :status, :tracker, :priority],
-                                                   :conditions => conditions,
+                                                   :conditions => {:tracker_id => @selected_tracker_ids, :project_id => project_ids},
                                                   :order => "#{Project.table_name}.lft, #{Tracker.table_name}.position, #{Issue.table_name}.id")
        @issues_by_version[version] = issues
      end
    end
-    @versions.reject! {|version| !project_ids.include?(version.project_id) && @issues_by_version[version].empty?}
+    @versions.reject! {|version| !project_ids.include?(version.project_id) && @issues_by_version[version].blank?}
  end
  
  def activity
@@ -377,15 +356,6 @@ class ProjectsController < ApplicationController
  end
  
 private
-  # Find project of id params[:id]
-  # if not found, redirect to project list
-  # Used as a before_filter
-  def find_project
-    @project = Project.find(params[:id])
-  rescue ActiveRecord::RecordNotFound
-    render_404
-  end
-  
  def find_optional_project
    return true unless params[:id]
    @project = Project.find(params[:id])
--- a/app/controllers/queries_controller.rb
+++ b/app/controllers/queries_controller.rb
@@ -27,9 +27,7 @@ class QueriesController < ApplicationController
    @query.is_public = false unless User.current.allowed_to?(:manage_public_queries, @project) || User.current.admin?
    @query.column_names = nil if params[:default_columns]
    
-    params[:fields].each do |field|
-      @query.add_filter(field, params[:operators][field], params[:values][field])
-    end if params[:fields]
+    @query.add_filters(params[:fields], params[:operators], params[:values]) if params[:fields]
    @query.group_by ||= params[:group_by]
    
    if request.post? && params[:confirm] && @query.save
@@ -43,9 +41,7 @@ class QueriesController < ApplicationController
  def edit
    if request.post?
      @query.filters = {}
-      params[:fields].each do |field|
-        @query.add_filter(field, params[:operators][field], params[:values][field])
-      end if params[:fields]
+      @query.add_filters(params[:fields], params[:operators], params[:values]) if params[:fields]
      @query.attributes = params[:query]
      @query.project = nil if params[:query_is_for_all]
      @query.is_public = false unless User.current.allowed_to?(:manage_public_queries, @project) || User.current.admin?
@@ -74,7 +70,7 @@ private
  
  def find_optional_project
    @project = Project.find(params[:project_id]) if params[:project_id]
-    User.current.allowed_to?(:save_queries, @project, :global => true)
+    render_403 unless User.current.allowed_to?(:save_queries, @project, :global => true)
  rescue ActiveRecord::RecordNotFound
    render_404
  end
--- a/app/controllers/reports_controller.rb
+++ b/app/controllers/reports_controller.rb
@@ -17,184 +17,79 @@

 class ReportsController < ApplicationController
  menu_item :issues
-  before_filter :find_project, :authorize
+  before_filter :find_project, :authorize, :find_issue_statuses

  def issue_report
-    @statuses = IssueStatus.find(:all, :order => 'position')
-    
+    @trackers = @project.trackers
+    @versions = @project.shared_versions.sort
+    @priorities = IssuePriority.all
+    @categories = @project.issue_categories
+    @assignees = @project.members.collect { |m| m.user }.sort
+    @authors = @project.members.collect { |m| m.user }.sort
+    @subprojects = @project.descendants.visible
+
+    @issues_by_tracker = Issue.by_tracker(@project)
+    @issues_by_version = Issue.by_version(@project)
+    @issues_by_priority = Issue.by_priority(@project)
+    @issues_by_category = Issue.by_category(@project)
+    @issues_by_assigned_to = Issue.by_assigned_to(@project)
+    @issues_by_author = Issue.by_author(@project)
+    @issues_by_subproject = Issue.by_subproject(@project) || []
+
+    render :template => "reports/issue_report"
+  end  
+
+  def issue_report_details
    case params[:detail]
    when "tracker"
      @field = "tracker_id"
      @rows = @project.trackers
-      @data = issues_by_tracker
+      @data = Issue.by_tracker(@project)
      @report_title = l(:field_tracker)
-      render :template => "reports/issue_report_details"
    when "version"
      @field = "fixed_version_id"
      @rows = @project.shared_versions.sort
-      @data = issues_by_version
+      @data = Issue.by_version(@project)
      @report_title = l(:field_version)
-      render :template => "reports/issue_report_details"
    when "priority"
      @field = "priority_id"
      @rows = IssuePriority.all
-      @data = issues_by_priority
+      @data = Issue.by_priority(@project)
      @report_title = l(:field_priority)
-      render :template => "reports/issue_report_details"   
    when "category"
      @field = "category_id"
      @rows = @project.issue_categories
-      @data = issues_by_category
+      @data = Issue.by_category(@project)
      @report_title = l(:field_category)
-      render :template => "reports/issue_report_details"   
    when "assigned_to"
      @field = "assigned_to_id"
-      @rows = @project.members.collect { |m| m.user }
-      @data = issues_by_assigned_to
+      @rows = @project.members.collect { |m| m.user }.sort
+      @data = Issue.by_assigned_to(@project)
      @report_title = l(:field_assigned_to)
-      render :template => "reports/issue_report_details"
    when "author"
      @field = "author_id"
-      @rows = @project.members.collect { |m| m.user }
-      @data = issues_by_author
+      @rows = @project.members.collect { |m| m.user }.sort
+      @data = Issue.by_author(@project)
      @report_title = l(:field_author)
-      render :template => "reports/issue_report_details"  
    when "subproject"
      @field = "project_id"
-      @rows = @project.descendants.active
-      @data = issues_by_subproject
+      @rows = @project.descendants.visible
+      @data = Issue.by_subproject(@project) || []
      @report_title = l(:field_subproject)
-      render :template => "reports/issue_report_details"  
-    else
-      @trackers = @project.trackers
-      @versions = @project.shared_versions.sort
-      @priorities = IssuePriority.all
-      @categories = @project.issue_categories
-      @assignees = @project.members.collect { |m| m.user }
-      @authors = @project.members.collect { |m| m.user }
-      @subprojects = @project.descendants.active
-      issues_by_tracker
-      issues_by_version
-      issues_by_priority
-      issues_by_category
-      issues_by_assigned_to
-      issues_by_author
-      issues_by_subproject
-      
-      render :template => "reports/issue_report"
    end
-  end  
-  
-private
-  # Find project of id params[:id]
-  def find_project
-    @project = Project.find(params[:id])		
-  rescue ActiveRecord::RecordNotFound
-    render_404
+
+    respond_to do |format|
+      if @field
+        format.html {}
+      else
+        format.html { redirect_to :action => 'issue_report', :id => @project }
+      end
+    end
  end

-  def issues_by_tracker
-    @issues_by_tracker ||= 
-        ActiveRecord::Base.connection.select_all("select    s.id as status_id, 
-                                                  s.is_closed as closed, 
-                                                  t.id as tracker_id,
-                                                  count(i.id) as total 
-                                                from 
-                                                  #{Issue.table_name} i, #{IssueStatus.table_name} s, #{Tracker.table_name} t
-                                                where 
-                                                  i.status_id=s.id 
-                                                  and i.tracker_id=t.id
-                                                  and i.project_id=#{@project.id}
-                                                group by s.id, s.is_closed, t.id")	
-  end
+  private

-  def issues_by_version
-    @issues_by_version ||= 
-        ActiveRecord::Base.connection.select_all("select    s.id as status_id, 
-                                                  s.is_closed as closed, 
-                                                  v.id as fixed_version_id,
-                                                  count(i.id) as total 
-                                                from 
-                                                  #{Issue.table_name} i, #{IssueStatus.table_name} s, #{Version.table_name} v
-                                                where 
-                                                  i.status_id=s.id 
-                                                  and i.fixed_version_id=v.id
-                                                  and i.project_id=#{@project.id}
-                                                group by s.id, s.is_closed, v.id")	
-  end
-  	
-  def issues_by_priority    
-    @issues_by_priority ||= 
-      ActiveRecord::Base.connection.select_all("select    s.id as status_id, 
-                                                  s.is_closed as closed, 
-                                                  p.id as priority_id,
-                                                  count(i.id) as total 
-                                                from 
-                                                  #{Issue.table_name} i, #{IssueStatus.table_name} s, #{IssuePriority.table_name} p
-                                                where 
-                                                  i.status_id=s.id 
-                                                  and i.priority_id=p.id
-                                                  and i.project_id=#{@project.id}
-                                                group by s.id, s.is_closed, p.id")	
-  end
-	
-  def issues_by_category   
-    @issues_by_category ||= 
-      ActiveRecord::Base.connection.select_all("select    s.id as status_id, 
-                                                  s.is_closed as closed, 
-                                                  c.id as category_id,
-                                                  count(i.id) as total 
-                                                from 
-                                                  #{Issue.table_name} i, #{IssueStatus.table_name} s, #{IssueCategory.table_name} c
-                                                where 
-                                                  i.status_id=s.id 
-                                                  and i.category_id=c.id
-                                                  and i.project_id=#{@project.id}
-                                                group by s.id, s.is_closed, c.id")	
-  end
-  
-  def issues_by_assigned_to
-    @issues_by_assigned_to ||= 
-      ActiveRecord::Base.connection.select_all("select    s.id as status_id, 
-                                                  s.is_closed as closed, 
-                                                  a.id as assigned_to_id,
-                                                  count(i.id) as total 
-                                                from 
-                                                  #{Issue.table_name} i, #{IssueStatus.table_name} s, #{User.table_name} a
-                                                where 
-                                                  i.status_id=s.id 
-                                                  and i.assigned_to_id=a.id
-                                                  and i.project_id=#{@project.id}
-                                                group by s.id, s.is_closed, a.id")
-  end
-  
-  def issues_by_author
-    @issues_by_author ||= 
-      ActiveRecord::Base.connection.select_all("select    s.id as status_id, 
-                                                  s.is_closed as closed, 
-                                                  a.id as author_id,
-                                                  count(i.id) as total 
-                                                from 
-                                                  #{Issue.table_name} i, #{IssueStatus.table_name} s, #{User.table_name} a
-                                                where 
-                                                  i.status_id=s.id 
-                                                  and i.author_id=a.id
-                                                  and i.project_id=#{@project.id}
-                                                group by s.id, s.is_closed, a.id")	
-  end
-  
-  def issues_by_subproject
-    @issues_by_subproject ||= 
-      ActiveRecord::Base.connection.select_all("select    s.id as status_id, 
-                                                  s.is_closed as closed, 
-                                                  i.project_id as project_id,
-                                                  count(i.id) as total 
-                                                from 
-                                                  #{Issue.table_name} i, #{IssueStatus.table_name} s
-                                                where 
-                                                  i.status_id=s.id 
-                                                  and i.project_id IN (#{@project.descendants.active.collect{|p| p.id}.join(',')})
-                                                group by s.id, s.is_closed, i.project_id") if @project.descendants.active.any?
-    @issues_by_subproject ||= []
+  def find_issue_statuses
+    @statuses = IssueStatus.find(:all, :order => 'position')
  end
 end
--- a/app/controllers/repositories_controller.rb
+++ b/app/controllers/repositories_controller.rb
@@ -24,6 +24,7 @@ class InvalidRevisionParam < Exception; end

 class RepositoriesController < ApplicationController
  menu_item :repository
+  menu_item :settings, :only => :edit
  default_search_scope :changesets
  
  before_filter :find_repository, :except => :edit
@@ -43,7 +44,13 @@ class RepositoriesController < ApplicationController
      @repository.attributes = params[:repository]
      @repository.save
    end
-    render(:update) {|page| page.replace_html "tab-content-repository", :partial => 'projects/settings/repository'}
+    render(:update) do |page|
+      page.replace_html "tab-content-repository", :partial => 'projects/settings/repository'
+      if @repository && !@project.repository
+        @project.reload #needed to reload association
+        page.replace_html "main-menu", render_main_menu(@project)
+      end
+    end
  end
  
  def committers
@@ -190,12 +197,6 @@ class RepositoriesController < ApplicationController
  end
  
 private
-  def find_project
-    @project = Project.find(params[:id])
-  rescue ActiveRecord::RecordNotFound
-    render_404
-  end
-  
  def find_repository
    @project = Project.find(params[:id])
    @repository = @project.repository
--- a/app/controllers/roles_controller.rb
+++ b/app/controllers/roles_controller.rb
@@ -21,16 +21,11 @@ class RolesController < ApplicationController
  before_filter :require_admin

  verify :method => :post, :only => [ :destroy, :move ],
-         :redirect_to => { :action => :list }
+         :redirect_to => { :action => :index }

  def index
-    list
-    render :action => 'list' unless request.xhr?
-  end
-
-  def list
    @role_pages, @roles = paginate :roles, :per_page => 25, :order => 'builtin, position'
-    render :action => "list", :layout => false if request.xhr?
+    render :action => "index", :layout => false if request.xhr?
  end

  def new
@@ -62,7 +57,7 @@ class RolesController < ApplicationController
    @role.destroy
    redirect_to :action => 'index'
  rescue
-    flash[:error] = 'This role is in use and can not be deleted.'
+    flash[:error] =  l(:error_can_not_remove_role)
    redirect_to :action => 'index'
  end
  
--- a/app/controllers/search_controller.rb
+++ b/app/controllers/search_controller.rb
@@ -43,12 +43,12 @@ class SearchController < ApplicationController
    begin; offset = params[:offset].to_time if params[:offset]; rescue; end
    
    # quick jump to an issue
-    if @question.match(/^#?(\d+)$/) && Issue.visible.find_by_id($1)
+    if @question.match(/^#?(\d+)$/) && Issue.visible.find_by_id($1.to_i)
      redirect_to :controller => "issues", :action => "show", :id => $1
      return
    end
    
-    @object_types = %w(issues news documents changesets wiki_pages messages projects)
+    @object_types = Redmine::Search.available_search_types.dup
    if projects_to_search.is_a? Project
      # don't search projects
      @object_types.delete('projects')
@@ -62,21 +62,19 @@ class SearchController < ApplicationController
    # extract tokens from the question
    # eg. hello "bye bye" => ["hello", "bye bye"]
    @tokens = @question.scan(%r{((\s|^)"[\s\w]+"(\s|$)|\S+)}).collect {|m| m.first.gsub(%r{(^\s*"\s*|\s*"\s*$)}, '')}
-    # tokens must be at least 3 character long
-    @tokens = @tokens.uniq.select {|w| w.length > 2 }
+    # tokens must be at least 2 characters long
+    @tokens = @tokens.uniq.select {|w| w.length > 1 }
    
    if !@tokens.empty?
      # no more than 5 tokens to search for
-      @tokens.slice! 5..-1 if @tokens.size > 5
-      # strings used in sql like statement
-      like_tokens = @tokens.collect {|w| "%#{w.downcase}%"}      
+      @tokens.slice! 5..-1 if @tokens.size > 5  
      
      @results = []
      @results_by_type = Hash.new {|h,k| h[k] = 0}
      
      limit = 10
      @scope.each do |s|
-        r, c = s.singularize.camelcase.constantize.search(like_tokens, projects_to_search,
+        r, c = s.singularize.camelcase.constantize.search(@tokens, projects_to_search,
          :all_words => @all_words,
          :titles_only => @titles_only,
          :limit => (limit+1),
--- a/app/controllers/timelog_controller.rb
+++ b/app/controllers/timelog_controller.rb
@@ -19,6 +19,7 @@ class TimelogController < ApplicationController
  menu_item :issues
  before_filter :find_project, :authorize, :only => [:edit, :destroy]
  before_filter :find_optional_project, :only => [:report, :details]
+  before_filter :load_available_criterias, :only => [:report]

  verify :method => :post, :only => :destroy, :redirect_to => { :action => :details }
  
@@ -30,51 +31,6 @@ class TimelogController < ApplicationController
  include CustomFieldsHelper
  
  def report
-    @available_criterias = { 'project' => {:sql => "#{TimeEntry.table_name}.project_id",
-                                          :klass => Project,
-                                          :label => :label_project},
-                             'version' => {:sql => "#{Issue.table_name}.fixed_version_id",
-                                          :klass => Version,
-                                          :label => :label_version},
-                             'category' => {:sql => "#{Issue.table_name}.category_id",
-                                            :klass => IssueCategory,
-                                            :label => :field_category},
-                             'member' => {:sql => "#{TimeEntry.table_name}.user_id",
-                                         :klass => User,
-                                         :label => :label_member},
-                             'tracker' => {:sql => "#{Issue.table_name}.tracker_id",
-                                          :klass => Tracker,
-                                          :label => :label_tracker},
-                             'activity' => {:sql => "#{TimeEntry.table_name}.activity_id",
-                                           :klass => TimeEntryActivity,
-                                           :label => :label_activity},
-                             'issue' => {:sql => "#{TimeEntry.table_name}.issue_id",
-                                         :klass => Issue,
-                                         :label => :label_issue}
-                           }
-    
-    # Add list and boolean custom fields as available criterias
-    custom_fields = (@project.nil? ? IssueCustomField.for_all : @project.all_issue_custom_fields)
-    custom_fields.select {|cf| %w(list bool).include? cf.field_format }.each do |cf|
-      @available_criterias["cf_#{cf.id}"] = {:sql => "(SELECT c.value FROM #{CustomValue.table_name} c WHERE c.custom_field_id = #{cf.id} AND c.customized_type = 'Issue' AND c.customized_id = #{Issue.table_name}.id)",
-                                             :format => cf.field_format,
-                                             :label => cf.name}
-    end if @project
-    
-    # Add list and boolean time entry custom fields
-    TimeEntryCustomField.find(:all).select {|cf| %w(list bool).include? cf.field_format }.each do |cf|
-      @available_criterias["cf_#{cf.id}"] = {:sql => "(SELECT c.value FROM #{CustomValue.table_name} c WHERE c.custom_field_id = #{cf.id} AND c.customized_type = 'TimeEntry' AND c.customized_id = #{TimeEntry.table_name}.id)",
-                                             :format => cf.field_format,
-                                             :label => cf.name}
-    end
-
-    # Add list and boolean time entry activity custom fields
-    TimeEntryActivityCustomField.find(:all).select {|cf| %w(list bool).include? cf.field_format }.each do |cf|
-      @available_criterias["cf_#{cf.id}"] = {:sql => "(SELECT c.value FROM #{CustomValue.table_name} c WHERE c.custom_field_id = #{cf.id} AND c.customized_type = 'Enumeration' AND c.customized_id = #{TimeEntry.table_name}.activity_id)",
-                                             :format => cf.field_format,
-                                             :label => cf.name}
-    end
-
    @criterias = params[:criterias] || []
    @criterias = @criterias.select{|criteria| @available_criterias.has_key? criteria}
    @criterias.uniq!
@@ -94,13 +50,12 @@ class TimelogController < ApplicationController
      elsif @issue.nil?
        sql_condition = @project.project_condition(Setting.display_subprojects_issues?)
      else
-        sql_condition = "#{TimeEntry.table_name}.issue_id = #{@issue.id}"
+        sql_condition = "#{Issue.table_name}.root_id = #{@issue.root_id} AND #{Issue.table_name}.lft >= #{@issue.lft} AND #{Issue.table_name}.rgt <= #{@issue.rgt}"
      end

      sql = "SELECT #{sql_select}, tyear, tmonth, tweek, spent_on, SUM(hours) AS hours"
      sql << " FROM #{TimeEntry.table_name}"
-      sql << " LEFT JOIN #{Issue.table_name} ON #{TimeEntry.table_name}.issue_id = #{Issue.table_name}.id"
-      sql << " LEFT JOIN #{Project.table_name} ON #{TimeEntry.table_name}.project_id = #{Project.table_name}.id"
+      sql << time_report_joins
      sql << " WHERE"
      sql << " (%s) AND" % sql_condition
      sql << " (spent_on BETWEEN '%s' AND '%s')" % [ActiveRecord::Base.connection.quoted_date(@from), ActiveRecord::Base.connection.quoted_date(@to)]
@@ -166,7 +121,7 @@ class TimelogController < ApplicationController
    elsif @issue.nil?
      cond << @project.project_condition(Setting.display_subprojects_issues?)
    else
-      cond << ["#{TimeEntry.table_name}.issue_id = ?", @issue.id]
+      cond << "#{Issue.table_name}.root_id = #{@issue.root_id} AND #{Issue.table_name}.lft >= #{@issue.lft} AND #{Issue.table_name}.rgt <= #{@issue.rgt}"
    end
    
    retrieve_date_range
@@ -176,7 +131,7 @@ class TimelogController < ApplicationController
      respond_to do |format|
        format.html {
          # Paginate results
-          @entry_count = TimeEntry.count(:include => :project, :conditions => cond.conditions)
+          @entry_count = TimeEntry.count(:include => [:project, :issue], :conditions => cond.conditions)
          @entry_pages = Paginator.new self, @entry_count, per_page_option, params['page']
          @entries = TimeEntry.find(:all, 
                                    :include => [:project, :activity, :user, {:issue => :tracker}],
@@ -184,7 +139,7 @@ class TimelogController < ApplicationController
                                    :order => sort_clause,
                                    :limit  =>  @entry_pages.items_per_page,
                                    :offset =>  @entry_pages.current.offset)
-          @total_hours = TimeEntry.sum(:hours, :include => :project, :conditions => cond.conditions).to_f
+          @total_hours = TimeEntry.sum(:hours, :include => [:project, :issue], :conditions => cond.conditions).to_f

          render :layout => !request.xhr?
        }
@@ -225,8 +180,11 @@ class TimelogController < ApplicationController
  def destroy
    (render_404; return) unless @time_entry
    (render_403; return) unless @time_entry.editable_by?(User.current)
-    @time_entry.destroy
-    flash[:notice] = l(:notice_successful_delete)
+    if @time_entry.destroy && @time_entry.destroyed?
+      flash[:notice] = l(:notice_successful_delete)
+    else
+      flash[:error] = l(:notice_unable_delete_time_entry)
+    end
    redirect_to :back
  rescue ::ActionController::RedirectBackError
    redirect_to :action => 'details', :project_id => @time_entry.project
@@ -305,4 +263,62 @@ private
    @from ||= (TimeEntry.minimum(:spent_on, :include => :project, :conditions => Project.allowed_to_condition(User.current, :view_time_entries)) || Date.today) - 1
    @to   ||= (TimeEntry.maximum(:spent_on, :include => :project, :conditions => Project.allowed_to_condition(User.current, :view_time_entries)) || Date.today)
  end
+
+  def load_available_criterias
+    @available_criterias = { 'project' => {:sql => "#{TimeEntry.table_name}.project_id",
+                                          :klass => Project,
+                                          :label => :label_project},
+                             'version' => {:sql => "#{Issue.table_name}.fixed_version_id",
+                                          :klass => Version,
+                                          :label => :label_version},
+                             'category' => {:sql => "#{Issue.table_name}.category_id",
+                                            :klass => IssueCategory,
+                                            :label => :field_category},
+                             'member' => {:sql => "#{TimeEntry.table_name}.user_id",
+                                         :klass => User,
+                                         :label => :label_member},
+                             'tracker' => {:sql => "#{Issue.table_name}.tracker_id",
+                                          :klass => Tracker,
+                                          :label => :label_tracker},
+                             'activity' => {:sql => "#{TimeEntry.table_name}.activity_id",
+                                           :klass => TimeEntryActivity,
+                                           :label => :label_activity},
+                             'issue' => {:sql => "#{TimeEntry.table_name}.issue_id",
+                                         :klass => Issue,
+                                         :label => :label_issue}
+                           }
+    
+    # Add list and boolean custom fields as available criterias
+    custom_fields = (@project.nil? ? IssueCustomField.for_all : @project.all_issue_custom_fields)
+    custom_fields.select {|cf| %w(list bool).include? cf.field_format }.each do |cf|
+      @available_criterias["cf_#{cf.id}"] = {:sql => "(SELECT c.value FROM #{CustomValue.table_name} c WHERE c.custom_field_id = #{cf.id} AND c.customized_type = 'Issue' AND c.customized_id = #{Issue.table_name}.id)",
+                                             :format => cf.field_format,
+                                             :label => cf.name}
+    end if @project
+    
+    # Add list and boolean time entry custom fields
+    TimeEntryCustomField.find(:all).select {|cf| %w(list bool).include? cf.field_format }.each do |cf|
+      @available_criterias["cf_#{cf.id}"] = {:sql => "(SELECT c.value FROM #{CustomValue.table_name} c WHERE c.custom_field_id = #{cf.id} AND c.customized_type = 'TimeEntry' AND c.customized_id = #{TimeEntry.table_name}.id)",
+                                             :format => cf.field_format,
+                                             :label => cf.name}
+    end
+
+    # Add list and boolean time entry activity custom fields
+    TimeEntryActivityCustomField.find(:all).select {|cf| %w(list bool).include? cf.field_format }.each do |cf|
+      @available_criterias["cf_#{cf.id}"] = {:sql => "(SELECT c.value FROM #{CustomValue.table_name} c WHERE c.custom_field_id = #{cf.id} AND c.customized_type = 'Enumeration' AND c.customized_id = #{TimeEntry.table_name}.activity_id)",
+                                             :format => cf.field_format,
+                                             :label => cf.name}
+    end
+
+    call_hook(:controller_timelog_available_criterias, { :available_criterias => @available_criterias, :project => @project })
+    @available_criterias
+  end
+
+  def time_report_joins
+    sql = ''
+    sql << " LEFT JOIN #{Issue.table_name} ON #{TimeEntry.table_name}.issue_id = #{Issue.table_name}.id"
+    sql << " LEFT JOIN #{Project.table_name} ON #{TimeEntry.table_name}.project_id = #{Project.table_name}.id"
+    call_hook(:controller_timelog_time_report_joins, {:sql => sql} )
+    sql
+  end
 end
--- a/app/controllers/trackers_controller.rb
+++ b/app/controllers/trackers_controller.rb
@@ -20,16 +20,11 @@ class TrackersController < ApplicationController
  
  before_filter :require_admin

-  def index
-    list
-    render :action => 'list' unless request.xhr?
-  end
-  
-  verify :method => :post, :only => :destroy, :redirect_to => { :action => :list }
+  verify :method => :post, :only => :destroy, :redirect_to => { :action => :index }

-  def list
+  def index
    @tracker_pages, @trackers = paginate :trackers, :per_page => 10, :order => 'position'
-    render :action => "list", :layout => false if request.xhr?
+    render :action => "index", :layout => false if request.xhr?
  end

  def new
@@ -40,7 +35,7 @@ class TrackersController < ApplicationController
        @tracker.workflows.copy(copy_from)
      end
      flash[:notice] = l(:notice_successful_create)
-      redirect_to :action => 'list'
+      redirect_to :action => 'index'
      return
    end
    @trackers = Tracker.find :all, :order => 'position'
@@ -51,7 +46,7 @@ class TrackersController < ApplicationController
    @tracker = Tracker.find(params[:id])
    if request.post? and @tracker.update_attributes(params[:tracker])
      flash[:notice] = l(:notice_successful_update)
-      redirect_to :action => 'list'
+      redirect_to :action => 'index'
      return
    end
    @projects = Project.find(:all)
@@ -60,10 +55,10 @@ class TrackersController < ApplicationController
  def destroy
    @tracker = Tracker.find(params[:id])
    unless @tracker.issues.empty?
-      flash[:error] = "This tracker contains issues and can\'t be deleted."
+      flash[:error] = l(:error_can_not_delete_tracker)
    else
      @tracker.destroy
    end
-    redirect_to :action => 'list'
+    redirect_to :action => 'index'
  end  
 end
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -50,20 +50,20 @@ class UsersController < ApplicationController
  end
  
  def show
-    @user = User.active.find(params[:id])
+    @user = User.find(params[:id])
    @custom_values = @user.custom_values
    
-    # show only public projects and private projects that the logged in user is also a member of
-    @memberships = @user.memberships.select do |membership|
-      membership.project.is_public? || (User.current.member_of?(membership.project))
-    end
+    # show projects based on current user visibility
+    @memberships = @user.memberships.all(:conditions => Project.visible_by(User.current))
    
    events = Redmine::Activity::Fetcher.new(User.current, :author => @user).events(nil, nil, :limit => 10)
    @events_by_day = events.group_by(&:event_date)
    
-    if @user != User.current && !User.current.admin? && @memberships.empty? && events.empty?
-      render_404
-      return
+    unless User.current.admin?
+      if !@user.active? || (@user != User.current  && @memberships.empty? && events.empty?)
+        render_404
+        return
+      end
    end
    render :layout => 'base'

@@ -118,18 +118,25 @@ class UsersController < ApplicationController
  
  def edit_membership
    @user = User.find(params[:id])
-    @membership = params[:membership_id] ? Member.find(params[:membership_id]) : Member.new(:principal => @user)
-    @membership.attributes = params[:membership]
+    @membership = Member.edit_membership(params[:membership_id], params[:membership], @user)
    @membership.save if request.post?
    respond_to do |format|
-       format.html { redirect_to :controller => 'users', :action => 'edit', :id => @user, :tab => 'memberships' }
-       format.js { 
-         render(:update) {|page| 
-           page.replace_html "tab-content-memberships", :partial => 'users/memberships'
-           page.visual_effect(:highlight, "member-#{@membership.id}")
-         }
-       }
-     end
+      if @membership.valid?
+        format.html { redirect_to :controller => 'users', :action => 'edit', :id => @user, :tab => 'memberships' }
+        format.js {
+          render(:update) {|page|
+            page.replace_html "tab-content-memberships", :partial => 'users/memberships'
+            page.visual_effect(:highlight, "member-#{@membership.id}")
+          }
+        }
+      else
+        format.js {
+          render(:update) {|page|
+            page.alert(l(:notice_failed_to_save_members, :errors => @membership.errors.full_messages.join(', ')))
+          }
+        }
+      end
+    end
  end
  
  def destroy_membership
--- a/app/controllers/versions_controller.rb
+++ b/app/controllers/versions_controller.rb
@@ -17,14 +17,51 @@

 class VersionsController < ApplicationController
  menu_item :roadmap
-  before_filter :find_version, :except => :close_completed
-  before_filter :find_project, :only => :close_completed
+  model_object Version
+  before_filter :find_model_object, :except => [:new, :close_completed]
+  before_filter :find_project_from_association, :except => [:new, :close_completed]
+  before_filter :find_project, :only => [:new, :close_completed]
  before_filter :authorize

  helper :custom_fields
  helper :projects
  
  def show
+    @issues = @version.fixed_issues.visible.find(:all,
+      :include => [:status, :tracker, :priority],
+      :order => "#{Tracker.table_name}.position, #{Issue.table_name}.id")
+  end
+  
+  def new
+    @version = @project.versions.build
+    if params[:version]
+      attributes = params[:version].dup
+      attributes.delete('sharing') unless attributes.nil? || @version.allowed_sharings.include?(attributes['sharing'])
+      @version.attributes = attributes
+    end
+    if request.post?
+      if @version.save
+        respond_to do |format|
+          format.html do
+            flash[:notice] = l(:notice_successful_create)
+            redirect_to :controller => 'projects', :action => 'settings', :tab => 'versions', :id => @project
+          end
+          format.js do
+            # IE doesn't support the replace_html rjs method for select box options
+            render(:update) {|page| page.replace "issue_fixed_version_id",
+              content_tag('select', '<option></option>' + version_options_for_select(@project.shared_versions.open, @version), :id => 'issue_fixed_version_id', :name => 'issue[fixed_version_id]')
+            }
+          end
+        end
+      else
+        respond_to do |format|
+          format.html
+          format.js do
+            render(:update) {|page| page.alert(@version.errors.full_messages.join('\n')) }
+          end
+        end
+      end
+    end
  end
  
  def edit
@@ -46,11 +83,13 @@ class VersionsController < ApplicationController
  end

  def destroy
-    @version.destroy
-    redirect_to :controller => 'projects', :action => 'settings', :tab => 'versions', :id => @project
-  rescue
-    flash[:error] = l(:notice_unable_delete_version)
-    redirect_to :controller => 'projects', :action => 'settings', :tab => 'versions', :id => @project
+    if @version.fixed_issues.empty?
+      @version.destroy
+      redirect_to :controller => 'projects', :action => 'settings', :tab => 'versions', :id => @project
+    else
+      flash[:error] = l(:notice_unable_delete_version)
+      redirect_to :controller => 'projects', :action => 'settings', :tab => 'versions', :id => @project
+    end
  end
  
  def status_by
@@ -61,13 +100,6 @@ class VersionsController < ApplicationController
  end

 private
-  def find_version
-    @version = Version.find(params[:id])
-    @project = @version.project
-  rescue ActiveRecord::RecordNotFound
-    render_404
-  end
-  
  def find_project
    @project = Project.find(params[:project_id])
  rescue ActiveRecord::RecordNotFound
--- a/app/controllers/watchers_controller.rb
+++ b/app/controllers/watchers_controller.rb
@@ -83,7 +83,7 @@ private
        replace_ids = [params[:replace]]
      end
    else
-      replace_ids = 'watcher'
+      replace_ids = ['watcher']
    end
    respond_to do |format|
      format.html { redirect_to :back }
--- a/app/controllers/wiki_controller.rb
+++ b/app/controllers/wiki_controller.rb
@@ -33,7 +33,7 @@ class WikiController < ApplicationController
    page_title = params[:page]
    @page = @wiki.find_or_new_page(page_title)
    if @page.new_record?
-      if User.current.allowed_to?(:edit_wiki_pages, @project)
+      if User.current.allowed_to?(:edit_wiki_pages, @project) && editable?
        edit
        render :action => 'edit'
      else
@@ -47,15 +47,17 @@ class WikiController < ApplicationController
      return
    end
    @content = @page.content_for_version(params[:version])
-    if params[:format] == 'html'
-      export = render_to_string :action => 'export', :layout => false
-      send_data(export, :type => 'text/html', :filename => "#{@page.title}.html")
-      return
-    elsif params[:format] == 'txt'
-      send_data(@content.text, :type => 'text/plain', :filename => "#{@page.title}.txt")
-      return
+    if User.current.allowed_to?(:export_wiki_pages, @project)
+      if params[:format] == 'html'
+        export = render_to_string :action => 'export', :layout => false
+        send_data(export, :type => 'text/html', :filename => "#{@page.title}.html")
+        return
+      elsif params[:format] == 'txt'
+        send_data(@content.text, :type => 'text/plain', :filename => "#{@page.title}.txt")
+        return
+      end
    end
-	@editable = editable?
+    @editable = editable?
    render :action => 'show'
  end
  
@@ -74,6 +76,8 @@ class WikiController < ApplicationController
      @content.version = @page.content.version
    else
      if !@page.new_record? && @content.text == params[:content][:text]
+        attachments = Attachment.attach_files(@page, params[:attachments])
+        render_attachment_warning_if_needed(@page)
        # don't save if text wasn't changed
        redirect_to :action => 'index', :id => @project, :page => @page.title
        return
@@ -84,6 +88,8 @@ class WikiController < ApplicationController
      @content.author = User.current
      # if page is new @page.save will also save content, but not if page isn't a new record
      if (@page.new_record? ? @page.save : @content.save)
+        attachments = Attachment.attach_files(@page, params[:attachments])
+        render_attachment_warning_if_needed(@page)
        call_hook(:controller_wiki_edit_after_save, { :params => params, :page => @page})
        redirect_to :action => 'index', :id => @project, :page => @page.title
      end
@@ -177,9 +183,13 @@ class WikiController < ApplicationController
      @pages_by_parent_id = @pages.group_by(&:parent_id)
    # export wiki to a single html file
    when 'export'
-      @pages = @wiki.pages.find :all, :order => 'title'
-      export = render_to_string :action => 'export_multiple', :layout => false
-      send_data(export, :type => 'text/html', :filename => "wiki.html")
+      if User.current.allowed_to?(:export_wiki_pages, @project)
+        @pages = @wiki.pages.find :all, :order => 'title'
+        export = render_to_string :action => 'export_multiple', :layout => false
+        send_data(export, :type => 'text/html', :filename => "wiki.html")
+      else
+        redirect_to :action => 'index', :id => @project, :page => nil
+      end
      return      
    else
      # requested special page doesn't exist, redirect to default page
@@ -203,7 +213,8 @@ class WikiController < ApplicationController

  def add_attachment
    return render_403 unless editable?
-    attach_files(@page, params[:attachments])
+    attachments = Attachment.attach_files(@page, params[:attachments])
+    render_attachment_warning_if_needed(@page)
    redirect_to :action => 'index', :page => @page.title
  end

--- a/app/controllers/wikis_controller.rb
+++ b/app/controllers/wikis_controller.rb
@@ -34,11 +34,4 @@ class WikisController < ApplicationController
      redirect_to :controller => 'projects', :action => 'settings', :id => @project, :tab => 'wiki'
    end    
  end
-  
-private
-  def find_project
-    @project = Project.find(params[:id])
-  rescue ActiveRecord::RecordNotFound
-    render_404
-  end
 end
--- a/app/controllers/workflows_controller.rb
+++ b/app/controllers/workflows_controller.rb
@@ -19,7 +19,9 @@ class WorkflowsController < ApplicationController
  layout 'admin'
  
  before_filter :require_admin
-
+  before_filter :find_roles
+  before_filter :find_trackers
+  
  def index
    @workflow_counts = Workflow.count_by_tracker_and_role
  end
@@ -40,8 +42,6 @@ class WorkflowsController < ApplicationController
        redirect_to :action => 'edit', :role_id => @role, :tracker_id => @tracker
      end
    end
-    @roles = Role.find(:all, :order => 'builtin, position')
-    @trackers = Tracker.find(:all, :order => 'position')
    
    @used_statuses_only = (params[:used_statuses_only] == '0' ? false : true)
    if @tracker && @used_statuses_only && @tracker.issue_statuses.any?
@@ -51,8 +51,6 @@ class WorkflowsController < ApplicationController
  end
  
  def copy
-    @trackers = Tracker.find(:all, :order => 'position')
-    @roles = Role.find(:all, :order => 'builtin, position')
    
    if params[:source_tracker_id].blank? || params[:source_tracker_id] == 'any'
      @source_tracker = nil
@@ -80,4 +78,14 @@ class WorkflowsController < ApplicationController
      end
    end
  end
+
+  private
+
+  def find_roles
+    @roles = Role.find(:all, :order => 'builtin, position')
+  end
+  
+  def find_trackers
+    @trackers = Tracker.find(:all, :order => 'position')
+  end
 end
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@@ -15,8 +15,6 @@
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

-require 'coderay'
-require 'coderay/helpers/file_type'
 require 'forwardable'
 require 'cgi'

@@ -105,6 +103,23 @@ module ApplicationHelper
    link_to(text, {:controller => 'repositories', :action => 'revision', :id => project, :rev => revision}, :title => l(:label_revision_id, revision))
  end

+  # Generates a link to a project if active
+  # Examples:
+  # 
+  #   link_to_project(project)                          # => link to the specified project overview
+  #   link_to_project(project, :action=>'settings')     # => link to project settings
+  #   link_to_project(project, {:only_path => false}, :class => "project") # => 3rd arg adds html options
+  #   link_to_project(project, {}, :class => "project") # => html options with default url (project overview)
+  #
+  def link_to_project(project, options={}, html_options = nil)
+    if project.active?
+      url = {:controller => 'projects', :action => 'show', :id => project}.merge(options)
+      link_to(h(project), url, html_options)
+    else
+      h(project)
+    end
+  end
+
  def toggle_link(name, id, options={})
    onclick = "Element.toggle('#{id}'); "
    onclick << (options[:focus] ? "Form.Element.focus('#{options[:focus]}'); " : "this.blur(); ")
@@ -205,7 +220,12 @@ module ApplicationHelper
    s = ''
    project_tree(projects) do |project, level|
      name_prefix = (level > 0 ? ('&nbsp;' * 2 * level + '&#187; ') : '')
-      tag_options = {:value => project.id, :selected => ((project == options[:selected]) ? 'selected' : nil)}
+      tag_options = {:value => project.id}
+      if project == options[:selected] || (options[:selected].respond_to?(:include?) && options[:selected].include?(project))
+        tag_options[:selected] = 'selected'
+      else
+        tag_options[:selected] = nil
+      end
      tag_options.merge!(yield(project)) if block_given?
      s << content_tag('option', name_prefix + h(project), tag_options)
    end
@@ -260,6 +280,16 @@ module ApplicationHelper
  def truncate_single_line(string, *args)
    truncate(string.to_s, *args).gsub(%r{[\r\n]+}m, ' ')
  end
+  
+  # Truncates at line break after 250 characters or options[:length]
+  def truncate_lines(string, options={})
+    length = options[:length] || 250
+    if string.to_s =~ /\A(.{#{length}}.*?)$/m
+      "#{$1}..."
+    else
+      string
+    end
+  end

  def html_hours(text)
    text.gsub(%r{(\d+)\.(\d+)}, '<span class="hours hours-int">\1</span><span class="hours hours-dec">.\2</span>')
@@ -279,8 +309,7 @@ module ApplicationHelper
  end

  def syntax_highlight(name, content)
-    type = CodeRay::FileType[name]
-    type ? CodeRay.scan(content, type).html : h(content)
+    Redmine::SyntaxHighlighting.highlight_by_filename(content, name)
  end

  def to_path_param(path)
@@ -289,6 +318,7 @@ module ApplicationHelper

  def pagination_links_full(paginator, count=nil, options={})
    page_param = options.delete(:page_param) || :page
+    per_page_links = options.delete(:per_page_links)
    url_param = params.dup
    # don't reuse query params if filters are present
    url_param.merge!(:fields => nil, :values => nil, :operators => nil) if url_param.delete(:set_filter)
@@ -307,10 +337,10 @@ module ApplicationHelper
    end

    unless count.nil?
-      html << [
-        " (#{paginator.current.first_item}-#{paginator.current.last_item}/#{count})",
-        per_page_links(paginator.items_per_page)
-      ].compact.join(' | ')
+      html << " (#{paginator.current.first_item}-#{paginator.current.last_item}/#{count})"
+      if per_page_links != false && links = per_page_links(paginator.items_per_page)
+	      html << " | #{links}"
+      end
    end

    html
@@ -355,12 +385,12 @@ module ApplicationHelper
      ancestors = (@project.root? ? [] : @project.ancestors.visible)
      if ancestors.any?
        root = ancestors.shift
-        b << link_to(h(root), {:controller => 'projects', :action => 'show', :id => root, :jump => current_menu_item}, :class => 'root')
+        b << link_to_project(root, {:jump => current_menu_item}, :class => 'root')
        if ancestors.size > 2
          b << '&#8230;'
          ancestors = ancestors[-2, 2]
        end
-        b += ancestors.collect {|p| link_to(h(p), {:controller => 'projects', :action => 'show', :id => p, :jump => current_menu_item}, :class => 'ancestor') }
+        b += ancestors.collect {|p| link_to_project(p, {:jump => current_menu_item}, :class => 'ancestor') }
      end
      b << h(@project)
      b.join(' &#187; ')
@@ -380,6 +410,19 @@ module ApplicationHelper
    end
  end

+  # Returns the theme, controller name, and action as css classes for the
+  # HTML body.
+  def body_css_classes
+    css = []
+    if theme = Redmine::Themes.theme(Setting.ui_theme)
+      css << 'theme-' + theme.name
+    end
+
+    css << 'controller-' + params[:controller]
+    css << 'action-' + params[:action]
+    css.join(' ')
+  end
+
  def accesskey(s)
    Redmine::AccessKeys.key_for s
  end
@@ -396,61 +439,87 @@ module ApplicationHelper
      text = args.shift
    when 2
      obj = args.shift
-      text = obj.send(args.shift).to_s
+      attr = args.shift
+      text = obj.send(attr).to_s
    else
      raise ArgumentError, 'invalid arguments to textilizable'
    end
    return '' if text.blank?
-
+    project = options[:project] || @project || (obj && obj.respond_to?(:project) ? obj.project : nil)
    only_path = options.delete(:only_path) == false ? false : true

+    text = Redmine::WikiFormatting.to_html(Setting.text_formatting, text, :object => obj, :attribute => attr) { |macro, args| exec_macro(macro, obj, args) }
+      
+    parse_non_pre_blocks(text) do |text|
+      [:parse_inline_attachments, :parse_wiki_links, :parse_redmine_links].each do |method_name|
+        send method_name, text, project, obj, attr, only_path, options
+      end
+    end
+  end
+  
+  def parse_non_pre_blocks(text)
+    s = StringScanner.new(text)
+    tags = []
+    parsed = ''
+    while !s.eos?
+      s.scan(/(.*?)(<(\/)?(pre|code)(.*?)>|\z)/im)
+      text, full_tag, closing, tag = s[1], s[2], s[3], s[4]
+      if tags.empty?
+        yield text
+      end
+      parsed << text
+      if tag
+        if closing
+          if tags.last == tag.downcase
+            tags.pop
+          end
+        else
+          tags << tag.downcase
+        end
+        parsed << full_tag
+      end
+    end
+    # Close any non closing tags
+    while tag = tags.pop
+      parsed << "</#{tag}>"
+    end
+    parsed
+  end
+  
+  def parse_inline_attachments(text, project, obj, attr, only_path, options)
    # when using an image link, try to use an attachment, if possible
-    attachments = options[:attachments] || (obj && obj.respond_to?(:attachments) ? obj.attachments : nil)
-
-    if attachments
-      attachments = attachments.sort_by(&:created_on).reverse
-      text = text.gsub(/!((\<|\=|\>)?(\([^\)]+\))?(\[[^\]]+\])?(\{[^\}]+\})?)(\S+\.(bmp|gif|jpg|jpeg|png))!/i) do |m|
-        style = $1
-        filename = $6.downcase
+    if options[:attachments] || (obj && obj.respond_to?(:attachments))
+      attachments = nil
+      text.gsub!(/src="([^\/"]+\.(bmp|gif|jpg|jpeg|png))"(\s+alt="([^"]*)")?/i) do |m|
+        filename, ext, alt, alttext = $1.downcase, $2, $3, $4 
+        attachments ||= (options[:attachments] || obj.attachments).sort_by(&:created_on).reverse
        # search for the picture in attachments
        if found = attachments.detect { |att| att.filename.downcase == filename }
          image_url = url_for :only_path => only_path, :controller => 'attachments', :action => 'download', :id => found
-          desc = found.description.to_s.gsub(/^([^\(\)]*).*$/, "\\1")
-          alt = desc.blank? ? nil : "(#{desc})"
-          "!#{style}#{image_url}#{alt}!"
+          desc = found.description.to_s.gsub('"', '')
+          if !desc.blank? && alttext.blank?
+            alt = " title=\"#{desc}\" alt=\"#{desc}\""
+          end
+          "src=\"#{image_url}\"#{alt}"
        else
          m
        end
      end
    end
+  end

-    text = Redmine::WikiFormatting.to_html(Setting.text_formatting, text) { |macro, args| exec_macro(macro, obj, args) }
-
-    # different methods for formatting wiki links
-    case options[:wiki_links]
-    when :local
-      # used for local links to html files
-      format_wiki_link = Proc.new {|project, title, anchor| "#{title}.html" }
-    when :anchor
-      # used for single-file wiki export
-      format_wiki_link = Proc.new {|project, title, anchor| "##{title}" }
-    else
-      format_wiki_link = Proc.new {|project, title, anchor| url_for(:only_path => only_path, :controller => 'wiki', :action => 'index', :id => project, :page => title, :anchor => anchor) }
-    end
-
-    project = options[:project] || @project || (obj && obj.respond_to?(:project) ? obj.project : nil)
-
-    # Wiki links
-    #
-    # Examples:
-    #   [[mypage]]
-    #   [[mypage|mytext]]
-    # wiki links can refer other project wikis, using project name or identifier:
-    #   [[project:]] -> wiki starting page
-    #   [[project:|mytext]]
-    #   [[project:mypage]]
-    #   [[project:mypage|mytext]]
-    text = text.gsub(/(!)?(\[\[([^\]\n\|]+)(\|([^\]\n\|]+))?\]\])/) do |m|
+  # Wiki links
+  #
+  # Examples:
+  #   [[mypage]]
+  #   [[mypage|mytext]]
+  # wiki links can refer other project wikis, using project name or identifier:
+  #   [[project:]] -> wiki starting page
+  #   [[project:|mytext]]
+  #   [[project:mypage]]
+  #   [[project:mypage|mytext]]
+  def parse_wiki_links(text, project, obj, attr, only_path, options)
+    text.gsub!(/(!)?(\[\[([^\]\n\|]+)(\|([^\]\n\|]+))?\]\])/) do |m|
      link_project = project
      esc, all, page, title = $1, $2, $3, $5
      if esc.nil?
@@ -468,8 +537,13 @@ module ApplicationHelper
          end
          # check if page exists
          wiki_page = link_project.wiki.find_page(page)
-          link_to((title || page), format_wiki_link.call(link_project, Wiki.titleize(page), anchor),
-                                   :class => ('wiki-page' + (wiki_page ? '' : ' new')))
+          url = case options[:wiki_links]
+            when :local; "#{title}.html"
+            when :anchor; "##{title}"   # used for single-file wiki export
+            else
+              url_for(:only_path => only_path, :controller => 'wiki', :action => 'index', :id => link_project, :page => Wiki.titleize(page), :anchor => anchor)
+            end
+          link_to((title || page), url, :class => ('wiki-page' + (wiki_page ? '' : ' new')))
        else
          # project or wiki doesn't exist
          all
@@ -478,45 +552,47 @@ module ApplicationHelper
        all
      end
    end
-
-    # Redmine links
-    #
-    # Examples:
-    #   Issues:
-    #     #52 -> Link to issue #52
-    #   Changesets:
-    #     r52 -> Link to revision 52
-    #     commit:a85130f -> Link to scmid starting with a85130f
-    #   Documents:
-    #     document#17 -> Link to document with id 17
-    #     document:Greetings -> Link to the document with title "Greetings"
-    #     document:"Some document" -> Link to the document with title "Some document"
-    #   Versions:
-    #     version#3 -> Link to version with id 3
-    #     version:1.0.0 -> Link to version named "1.0.0"
-    #     version:"1.0 beta 2" -> Link to version named "1.0 beta 2"
-    #   Attachments:
-    #     attachment:file.zip -> Link to the attachment of the current object named file.zip
-    #   Source files:
-    #     source:some/file -> Link to the file located at /some/file in the project's repository
-    #     source:some/file@52 -> Link to the file's revision 52
-    #     source:some/file#L120 -> Link to line 120 of the file
-    #     source:some/file@52#L120 -> Link to line 120 of the file's revision 52
-    #     export:some/file -> Force the download of the file
-    #  Forum messages:
-    #     message#1218 -> Link to message with id 1218
-    text = text.gsub(%r{([\s\(,\-\>]|^)(!)?(attachment|document|version|commit|source|export|message)?((#|r)(\d+)|(:)([^"\s<>][^\s<>]*?|"[^"]+?"))(?=(?=[[:punct:]]\W)|,|\s|<|$)}) do |m|
-      leading, esc, prefix, sep, oid = $1, $2, $3, $5 || $7, $6 || $8
+  end
+  
+  # Redmine links
+  #
+  # Examples:
+  #   Issues:
+  #     #52 -> Link to issue #52
+  #   Changesets:
+  #     r52 -> Link to revision 52
+  #     commit:a85130f -> Link to scmid starting with a85130f
+  #   Documents:
+  #     document#17 -> Link to document with id 17
+  #     document:Greetings -> Link to the document with title "Greetings"
+  #     document:"Some document" -> Link to the document with title "Some document"
+  #   Versions:
+  #     version#3 -> Link to version with id 3
+  #     version:1.0.0 -> Link to version named "1.0.0"
+  #     version:"1.0 beta 2" -> Link to version named "1.0 beta 2"
+  #   Attachments:
+  #     attachment:file.zip -> Link to the attachment of the current object named file.zip
+  #   Source files:
+  #     source:some/file -> Link to the file located at /some/file in the project's repository
+  #     source:some/file@52 -> Link to the file's revision 52
+  #     source:some/file#L120 -> Link to line 120 of the file
+  #     source:some/file@52#L120 -> Link to line 120 of the file's revision 52
+  #     export:some/file -> Force the download of the file
+  #  Forum messages:
+  #     message#1218 -> Link to message with id 1218
+  def parse_redmine_links(text, project, obj, attr, only_path, options)
+    text.gsub!(%r{([\s\(,\-\[\>]|^)(!)?(attachment|document|version|commit|source|export|message|project)?((#|r)(\d+)|(:)([^"\s<>][^\s<>]*?|"[^"]+?"))(?=(?=[[:punct:]]\W)|,|\s|\]|<|$)}) do |m|
+      leading, esc, prefix, sep, identifier = $1, $2, $3, $5 || $7, $6 || $8
      link = nil
      if esc.nil?
        if prefix.nil? && sep == 'r'
-          if project && (changeset = project.changesets.find_by_revision(oid))
-            link = link_to("r#{oid}", {:only_path => only_path, :controller => 'repositories', :action => 'revision', :id => project, :rev => oid},
+          if project && (changeset = project.changesets.find_by_revision(identifier))
+            link = link_to("r#{identifier}", {:only_path => only_path, :controller => 'repositories', :action => 'revision', :id => project, :rev => changeset.revision},
                                      :class => 'changeset',
                                      :title => truncate_single_line(changeset.comments, :length => 100))
          end
        elsif sep == '#'
-          oid = oid.to_i
+          oid = identifier.to_i
          case prefix
          when nil
            if issue = Issue.visible.find_by_id(oid, :include => :status)
@@ -544,10 +620,14 @@ module ApplicationHelper
                                                                :anchor => (message.parent ? "message-#{message.id}" : nil)},
                                                 :class => 'message'
            end
+          when 'project'
+            if p = Project.visible.find_by_id(oid)
+              link = link_to_project(p, {:only_path => only_path}, :class => 'project')
+            end
          end
        elsif sep == ':'
          # removes the double quotes if any
-          name = oid.gsub(%r{^"(.*)"$}, "\\1")
+          name = identifier.gsub(%r{^"(.*)"$}, "\\1")
          case prefix
          when 'document'
            if project && document = project.documents.find_by_title(name)
@@ -577,17 +657,20 @@ module ApplicationHelper
                                                     :class => (prefix == 'export' ? 'source download' : 'source')
            end
          when 'attachment'
+            attachments = options[:attachments] || (obj && obj.respond_to?(:attachments) ? obj.attachments : nil)
            if attachments && attachment = attachments.detect {|a| a.filename == name }
              link = link_to h(attachment.filename), {:only_path => only_path, :controller => 'attachments', :action => 'download', :id => attachment},
                                                     :class => 'attachment'
            end
+          when 'project'
+            if p = Project.visible.find(:first, :conditions => ["identifier = :s OR LOWER(name) = :s", {:s => name.downcase}])
+              link = link_to_project(p, {:only_path => only_path}, :class => 'project')
+            end
          end
        end
      end
-      leading + (link || "#{prefix}#{sep}#{oid}")
+      leading + (link || "#{prefix}#{sep}#{identifier}")
    end
-
-    text
  end

  # Same as Rails' simple_format helper without using paragraphs
@@ -641,6 +724,28 @@ module ApplicationHelper
      ), :class => 'progress', :style => "width: #{width};") +
      content_tag('p', legend, :class => 'pourcent')
  end
+  
+  def checked_image(checked=true)
+    if checked
+      image_tag 'toggle_check.png'
+    end
+  end
+  
+  def context_menu(url)
+    unless @context_menu_included
+      content_for :header_tags do
+        javascript_include_tag('context_menu') +
+          stylesheet_link_tag('context_menu')
+      end
+      if l(:direction) == 'rtl'
+        content_for :header_tags do
+          stylesheet_link_tag('context_menu_rtl')
+        end
+      end
+      @context_menu_included = true
+    end
+    javascript_tag "new ContextMenu('#{ url_for(url) }')"
+  end

  def context_menu_link(name, url, options={})
    options[:class] ||= ''
@@ -711,6 +816,10 @@ module ApplicationHelper
    end
  end

+  def favicon
+    "<link rel='shortcut icon' href='#{image_path('/favicon.ico')}' />"
+  end
+
  private

  def wiki_helper
--- a/app/helpers/custom_fields_helper.rb
+++ b/app/helpers/custom_fields_helper.rb
@@ -35,8 +35,9 @@ module CustomFieldsHelper
    custom_field = custom_value.custom_field
    field_name = "#{name}[custom_field_values][#{custom_field.id}]"
    field_id = "#{name}_custom_field_values_#{custom_field.id}"
-    
-    case custom_field.field_format
+
+    field_format = Redmine::CustomFieldFormat.find_by_name(custom_field.field_format)
+    case field_format.edit_as
    when "date"
      text_field_tag(field_name, custom_value.value, :id => field_id, :size => 10) + 
      calendar_for(field_id)
@@ -66,6 +67,27 @@ module CustomFieldsHelper
  def custom_field_tag_with_label(name, custom_value)
    custom_field_label_tag(name, custom_value) + custom_field_tag(name, custom_value)
  end
+  
+  def custom_field_tag_for_bulk_edit(name, custom_field)
+    field_name = "#{name}[custom_field_values][#{custom_field.id}]"
+    field_id = "#{name}_custom_field_values_#{custom_field.id}"
+    field_format = Redmine::CustomFieldFormat.find_by_name(custom_field.field_format)
+    case field_format.edit_as
+      when "date"
+        text_field_tag(field_name, '', :id => field_id, :size => 10) + 
+        calendar_for(field_id)
+      when "text"
+        text_area_tag(field_name, '', :id => field_id, :rows => 3, :style => 'width:90%')
+      when "bool"
+        select_tag(field_name, options_for_select([[l(:label_no_change_option), ''],
+                                                   [l(:general_text_yes), '1'],
+                                                   [l(:general_text_no), '0']]), :id => field_id)
+      when "list"
+        select_tag(field_name, options_for_select([[l(:label_no_change_option), '']] + custom_field.possible_values), :id => field_id)
+      else
+        text_field_tag(field_name, '', :id => field_id)
+    end
+  end

  # Return a string used to display a custom value
  def show_value(custom_value)
@@ -75,19 +97,11 @@ module CustomFieldsHelper
  
  # Return a string used to display a custom value
  def format_value(value, field_format)
-    return "" unless value && !value.empty?
-    case field_format
-    when "date"
-      begin; format_date(value.to_date); rescue; value end
-    when "bool"
-      l(value == "1" ? :general_text_Yes : :general_text_No)
-    else
-      value
-    end
+    Redmine::CustomFieldFormat.format_value(value, field_format) # Proxy
  end

  # Return an array of custom field formats which can be used in select_tag
  def custom_field_formats_for_select
-    CustomField::FIELD_FORMATS.sort {|a,b| a[1][:order]<=>b[1][:order]}.collect { |k| [ l(k[1][:name]), k[0] ] }
+    Redmine::CustomFieldFormat.as_select
  end
 end
--- a/app/helpers/issue_moves_helper.rb
+++ b/app/helpers/issue_moves_helper.rb
@@ -0,0 +1,2 @@
+module IssueMovesHelper
+end
--- a/app/helpers/issues_helper.rb
+++ b/app/helpers/issues_helper.rb
@@ -18,18 +18,56 @@
 module IssuesHelper
  include ApplicationHelper

+  def issue_list(issues, &block)
+    ancestors = []
+    issues.each do |issue|
+      while (ancestors.any? && !issue.is_descendant_of?(ancestors.last))
+        ancestors.pop
+      end
+      yield issue, ancestors.size
+      ancestors << issue unless issue.leaf?
+    end
+  end
+  
  def render_issue_tooltip(issue)
+    @cached_label_status ||= l(:field_status)
    @cached_label_start_date ||= l(:field_start_date)
    @cached_label_due_date ||= l(:field_due_date)
    @cached_label_assigned_to ||= l(:field_assigned_to)
    @cached_label_priority ||= l(:field_priority)
    
    link_to_issue(issue) + "<br /><br />" +
+      "<strong>#{@cached_label_status}</strong>: #{issue.status.name}<br />" +
      "<strong>#{@cached_label_start_date}</strong>: #{format_date(issue.start_date)}<br />" +
      "<strong>#{@cached_label_due_date}</strong>: #{format_date(issue.due_date)}<br />" +
      "<strong>#{@cached_label_assigned_to}</strong>: #{issue.assigned_to}<br />" +
      "<strong>#{@cached_label_priority}</strong>: #{issue.priority.name}"
  end
+    
+  def render_issue_subject_with_tree(issue)
+    s = ''
+    issue.ancestors.each do |ancestor|
+      s << '<div>' + content_tag('p', link_to_issue(ancestor))
+    end
+    s << '<div>' + content_tag('h3', h(issue.subject))
+    s << '</div>' * (issue.ancestors.size + 1)
+    s
+  end
+  
+  def render_descendants_tree(issue)
+    s = '<form><table class="list issues">'
+    issue_list(issue.descendants.sort_by(&:lft)) do |child, level|
+      s << content_tag('tr',
+             content_tag('td', check_box_tag("ids[]", child.id, false, :id => nil), :class => 'checkbox') +
+             content_tag('td', link_to_issue(child, :truncate => 60), :class => 'subject') +
+             content_tag('td', h(child.status)) +
+             content_tag('td', link_to_user(child.assigned_to)) +
+             content_tag('td', progress_bar(child.done_ratio, :width => '80px')),
+             :class => "issue issue-#{child.id} hascontextmenu #{level > 0 ? "idnt idnt-#{level}" : nil}")
+    end
+    s << '</form></table>'
+    s
+  end
  
  def render_custom_fields_rows(issue)
    return if issue.custom_field_values.empty?
@@ -67,35 +105,25 @@ module IssuesHelper
  def show_detail(detail, no_html=false)
    case detail.property
    when 'attr'
-      label = l(("field_" + detail.prop_key.to_s.gsub(/\_id$/, "")).to_sym)   
-      case detail.prop_key
-      when 'due_date', 'start_date'
+      field = detail.prop_key.to_s.gsub(/\_id$/, "")
+      label = l(("field_" + field).to_sym)
+      case
+      when ['due_date', 'start_date'].include?(detail.prop_key)
        value = format_date(detail.value.to_date) if detail.value
        old_value = format_date(detail.old_value.to_date) if detail.old_value
-      when 'project_id'
-        p = Project.find_by_id(detail.value) and value = p.name if detail.value
-        p = Project.find_by_id(detail.old_value) and old_value = p.name if detail.old_value
-      when 'status_id'
-        s = IssueStatus.find_by_id(detail.value) and value = s.name if detail.value
-        s = IssueStatus.find_by_id(detail.old_value) and old_value = s.name if detail.old_value
-      when 'tracker_id'
-        t = Tracker.find_by_id(detail.value) and value = t.name if detail.value
-        t = Tracker.find_by_id(detail.old_value) and old_value = t.name if detail.old_value
-      when 'assigned_to_id'
-        u = User.find_by_id(detail.value) and value = u.name if detail.value
-        u = User.find_by_id(detail.old_value) and old_value = u.name if detail.old_value
-      when 'priority_id'
-        e = IssuePriority.find_by_id(detail.value) and value = e.name if detail.value
-        e = IssuePriority.find_by_id(detail.old_value) and old_value = e.name if detail.old_value
-      when 'category_id'
-        c = IssueCategory.find_by_id(detail.value) and value = c.name if detail.value
-        c = IssueCategory.find_by_id(detail.old_value) and old_value = c.name if detail.old_value
-      when 'fixed_version_id'
-        v = Version.find_by_id(detail.value) and value = format_version_name(v) if detail.value
-        v = Version.find_by_id(detail.old_value) and old_value = format_version_name(v) if detail.old_value
-      when 'estimated_hours'
+
+      when ['project_id', 'status_id', 'tracker_id', 'assigned_to_id', 'priority_id', 'category_id', 'fixed_version_id'].include?(detail.prop_key)
+        value = find_name_by_reflection(field, detail.value)
+        old_value = find_name_by_reflection(field, detail.old_value)
+
+      when detail.prop_key == 'estimated_hours'
        value = "%0.02f" % detail.value.to_f unless detail.value.blank?
        old_value = "%0.02f" % detail.old_value.to_f unless detail.old_value.blank?
+
+      when detail.prop_key == 'parent_id'
+        label = l(:field_parent_issue)
+        value = "##{detail.value}" unless detail.value.blank?
+        old_value = "##{detail.old_value}" unless detail.old_value.blank?
      end
    when 'cf'
      custom_field = CustomField.find_by_id(detail.prop_key)
@@ -140,6 +168,15 @@ module IssuesHelper
      l(:text_journal_deleted, :label => label, :old => old_value)
    end
  end
+
+  # Find the name of an associated record stored in the field attribute
+  def find_name_by_reflection(field, id)
+    association = Issue.reflect_on_association(field.to_sym)
+    if association
+      record = association.class_name.constantize.find_by_id(id)
+      return record.name if record
+    end
+  end
  
  def issues_to_csv(issues, project = nil)
    ic = Iconv.new(l(:general_csv_encoding), 'UTF-8')    
@@ -160,6 +197,7 @@ module IssuesHelper
                  l(:field_due_date),
                  l(:field_done_ratio),
                  l(:field_estimated_hours),
+                  l(:field_parent_issue),
                  l(:field_created_on),
                  l(:field_updated_on)
                  ]
@@ -186,6 +224,7 @@ module IssuesHelper
                  format_date(issue.due_date),
                  issue.done_ratio,
                  issue.estimated_hours.to_s.gsub('.', decimal_separator),
+                  issue.parent_id,
                  format_time(issue.created_on),  
                  format_time(issue.updated_on)
                  ]
@@ -196,4 +235,30 @@ module IssuesHelper
    end
    export
  end
+
+  def gantt_zoom_link(gantt, in_or_out)
+    img_attributes = {:style => 'height:1.4em; width:1.4em; margin-left: 3px;'} # em for accessibility
+
+    case in_or_out
+    when :in
+      if gantt.zoom < 4
+        link_to_remote(l(:text_zoom_in) + image_tag('zoom_in.png', img_attributes.merge(:alt => l(:text_zoom_in))),
+                       {:url => gantt.params.merge(:zoom => (gantt.zoom+1)), :update => 'content'},
+                       {:href => url_for(gantt.params.merge(:zoom => (gantt.zoom+1)))})
+      else
+        l(:text_zoom_in) +
+          image_tag('zoom_in_g.png', img_attributes.merge(:alt => l(:text_zoom_in)))
+      end
+      
+    when :out
+      if gantt.zoom > 1
+        link_to_remote(l(:text_zoom_out) + image_tag('zoom_out.png', img_attributes.merge(:alt => l(:text_zoom_out))),
+                       {:url => gantt.params.merge(:zoom => (gantt.zoom-1)), :update => 'content'},
+                       {:href => url_for(gantt.params.merge(:zoom => (gantt.zoom-1)))})
+      else
+        l(:text_zoom_out) +
+          image_tag('zoom_out_g.png', img_attributes.merge(:alt => l(:text_zoom_out)))
+      end
+    end
+  end
 end
--- a/app/helpers/journals_helper.rb
+++ b/app/helpers/journals_helper.rb
@@ -16,13 +16,13 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 module JournalsHelper
-  def render_notes(journal, options={})
+  def render_notes(issue, journal, options={})
    content = ''
-    editable = journal.editable_by?(User.current)
+    editable = User.current.logged? && (User.current.allowed_to?(:edit_issue_notes, issue.project) || (journal.user == User.current && User.current.allowed_to?(:edit_own_issue_notes, issue.project)))
    links = []
    if !journal.notes.blank?
      links << link_to_remote(image_tag('comment.png'),
-                              { :url => {:controller => 'issues', :action => 'reply', :id => journal.journalized, :journal_id => journal} },
+                              { :url => {:controller => 'journals', :action => 'new', :id => issue, :journal_id => journal} },
                              :title => l(:button_quote)) if options[:reply_links]
      links << link_to_in_place_notes_editor(image_tag('edit.png'), "journal-#{journal.id}-notes", 
                                             { :controller => 'journals', :action => 'edit', :id => journal },
@@ -32,7 +32,6 @@ module JournalsHelper
    content << textilizable(journal, :notes)
    css_classes = "wiki"
    css_classes << " editable" if editable
-    css_classes << " gravatar-margin" if Setting.gravatar_enabled?
    content_tag('div', content, :id => "journal-#{journal.id}-notes", :class => css_classes)
  end
  
--- a/app/helpers/messages_helper.rb
+++ b/app/helpers/messages_helper.rb
@@ -23,6 +23,7 @@ module MessagesHelper
                                           :action => 'show',
                                           :board_id => message.board_id,
                                           :id => message.root,
+                                           :r => (message.parent_id && message.id),
                                           :anchor => (message.parent_id ? "message-#{message.id}" : nil)
  end
 end
--- a/app/helpers/projects_helper.rb
+++ b/app/helpers/projects_helper.rb
@@ -46,7 +46,7 @@ module ProjectsHelper
    options = ''
    options << "<option value=''></option>" if project.allowed_parents.include?(nil)
    options << project_tree_options_for_select(project.allowed_parents.compact, :selected => selected)
-    content_tag('select', options, :name => 'project[parent_id]')
+    content_tag('select', options, :name => 'project[parent_id]', :id => 'project_parent_id')
  end
  
  # Renders a tree of projects as a nested set of unordered lists
@@ -56,7 +56,10 @@ module ProjectsHelper
    s = ''
    if projects.any?
      ancestors = []
+      original_project = @project
      projects.each do |project|
+        # set the project environment to please macros.
+        @project = project
        if (ancestors.empty? || project.is_descendant_of?(ancestors.last))
          s << "<ul class='projects #{ ancestors.empty? ? 'root' : nil}'>\n"
        else
@@ -69,12 +72,13 @@ module ProjectsHelper
        end
        classes = (ancestors.empty? ? 'root' : 'child')
        s << "<li class='#{classes}'><div class='#{classes}'>" +
-               link_to(h(project), {:controller => 'projects', :action => 'show', :id => project}, :class => "project #{User.current.member_of?(project) ? 'my-project' : nil}")
+               link_to_project(project, {}, :class => "project #{User.current.member_of?(project) ? 'my-project' : nil}")
        s << "<div class='wiki description'>#{textilizable(project.short_description, :project => project)}</div>" unless project.description.blank?
        s << "</div>\n"
        ancestors << project
      end
      s << ("</li></ul>\n" * ancestors.size)
+      @project = original_project
    end
    s
  end
--- a/app/helpers/queries_helper.rb
+++ b/app/helpers/queries_helper.rb
@@ -50,15 +50,51 @@ module QueriesHelper
    when 'User'
      link_to_user value
    when 'Project'
-      link_to(h(value), :controller => 'projects', :action => 'show', :id => value)
+      link_to_project value
    when 'Version'
      link_to(h(value), :controller => 'versions', :action => 'show', :id => value)
    when 'TrueClass'
      l(:general_text_Yes)
    when 'FalseClass'
      l(:general_text_No)
+    when 'Issue'
+      link_to_issue(value, :subject => false)
    else
      h(value)
    end
  end
+
+  # Retrieve query from session or build a new query
+  def retrieve_query
+    if !params[:query_id].blank?
+      cond = "project_id IS NULL"
+      cond << " OR project_id = #{@project.id}" if @project
+      @query = Query.find(params[:query_id], :conditions => cond)
+      @query.project = @project
+      session[:query] = {:id => @query.id, :project_id => @query.project_id}
+      sort_clear
+    else
+      if api_request? || params[:set_filter] || session[:query].nil? || session[:query][:project_id] != (@project ? @project.id : nil)
+        # Give it a name, required to be valid
+        @query = Query.new(:name => "_")
+        @query.project = @project
+        if params[:fields] and params[:fields].is_a? Array
+          params[:fields].each do |field|
+            @query.add_filter(field, params[:operators][field], params[:values][field])
+          end
+        else
+          @query.available_filters.keys.each do |field|
+            @query.add_short_filter(field, params[field]) if params[field]
+          end
+        end
+        @query.group_by = params[:group_by]
+        @query.column_names = params[:query] && params[:query][:column_names]
+        session[:query] = {:project_id => @query.project_id, :filters => @query.filters, :group_by => @query.group_by, :column_names => @query.column_names}
+      else
+        @query = Query.find_by_id(session[:query][:id]) if session[:query][:id]
+        @query ||= Query.new(:name => "_", :project => @project, :filters => session[:query][:filters], :group_by => session[:query][:group_by], :column_names => session[:query][:column_names])
+        @query.project = @project
+      end
+    end
+  end
 end
--- a/app/helpers/repositories_helper.rb
+++ b/app/helpers/repositories_helper.rb
@@ -52,17 +52,19 @@ module RepositoriesHelper
      else
        change
      end
-    end.compact
+   end.compact
    
    tree = { }
    changes.each do |change|
      p = tree
      dirs = change.path.to_s.split('/').select {|d| !d.blank?}
+      path = ''
      dirs.each do |dir|
+        path += '/' + dir
        p[:s] ||= {}
        p = p[:s]
-        p[dir] ||= {}
-        p = p[dir]
+        p[path] ||= {}
+        p = p[path]
      end
      p[:c] = change
    end
@@ -76,21 +78,26 @@ module RepositoriesHelper
    output = ''
    output << '<ul>'
    tree.keys.sort.each do |file|
-      s = !tree[file][:s].nil?
-      c = tree[file][:c]
-      
      style = 'change'
-      style << ' folder' if s
-      style << " change-#{c.action}" if c
-      
-      text = h(file)
-      unless c.nil?
+      text = File.basename(h(file))
+      if s = tree[file][:s]
+        style << ' folder'
+        path_param = to_path_param(@repository.relative_path(file))
+        text = link_to(text, :controller => 'repositories',
+                             :action => 'show',
+                             :id => @project,
+                             :path => path_param,
+                             :rev => @changeset.revision)
+        output << "<li class='#{style}'>#{text}</li>"
+        output << render_changes_tree(s)
+      elsif c = tree[file][:c]
+        style << " change-#{c.action}"
        path_param = to_path_param(@repository.relative_path(c.path))
        text = link_to(text, :controller => 'repositories',
                             :action => 'entry',
                             :id => @project,
                             :path => path_param,
-                             :rev => @changeset.revision) unless s || c.action == 'D'
+                             :rev => @changeset.revision) unless c.action == 'D'
        text << " - #{c.revision}" unless c.revision.blank?
        text << ' (' + link_to('diff', :controller => 'repositories',
                                       :action => 'diff',
@@ -98,9 +105,8 @@ module RepositoriesHelper
                                       :path => path_param,
                                       :rev => @changeset.revision) + ') ' if c.action == 'M'
        text << ' ' + content_tag('span', c.from_path, :class => 'copied-from') unless c.from_path.blank?
+        output << "<li class='#{style}'>#{text}</li>"
      end
-      output << "<li class='#{style}'>#{text}</li>"
-      output << render_changes_tree(tree[file][:s]) if s
    end
    output << '</ul>'
    output
@@ -126,7 +132,7 @@ module RepositoriesHelper
  
  def scm_select_tag(repository)
    scm_options = [["--- #{l(:actionview_instancetag_blank_option)} ---", '']]
-    REDMINE_SUPPORTED_SCM.each do |scm|
+    Redmine::Scm::Base.all.each do |scm|
      scm_options << ["Repository::#{scm}".constantize.scm_name, scm] if Setting.enabled_scm.include?(scm) || (repository && repository.class.name.demodulize == scm)
    end
    
--- a/app/helpers/sort_helper.rb
+++ b/app/helpers/sort_helper.rb
@@ -81,7 +81,7 @@ module SortHelper
    def to_sql
      sql = @criteria.collect do |k,o|
        if s = @available_criteria[k]
-          (o ? s.to_a : s.to_a.collect {|c| "#{c} DESC"}).join(', ')
+          (o ? s.to_a : s.to_a.collect {|c| append_desc(c)}).join(', ')
        end
      end.compact.join(', ')
      sql.blank? ? nil : sql
@@ -120,6 +120,15 @@ module SortHelper
      @criteria.slice!(3)
      self
    end
+    
+    # Appends DESC to the sort criterion unless it has a fixed order
+    def append_desc(criterion)
+      if criterion =~ / (asc|desc)$/i
+        criterion
+      else
+        "#{criterion} DESC"
+      end
+    end
  end
  
  def sort_name
--- a/app/helpers/timelog_helper.rb
+++ b/app/helpers/timelog_helper.rb
@@ -57,7 +57,7 @@ module TimelogHelper
  	if value.to_s.empty?
  		data.select {|row| row[criteria].blank? }
    else 
-    	data.select {|row| row[criteria] == value}
+    	data.select {|row| row[criteria].to_s == value.to_s}
    end
  end
  
--- a/app/helpers/watchers_helper.rb
+++ b/app/helpers/watchers_helper.rb
@@ -48,8 +48,8 @@ module WatchersHelper
  # Returns a comma separated list of users watching the given object
  def watchers_list(object)
    remove_allowed = User.current.allowed_to?("delete_#{object.class.name.underscore}_watchers".to_sym, object.project)
-    object.watcher_users.collect do |user|
-      s = content_tag('span', link_to_user(user), :class => 'user')
+    lis = object.watcher_users.collect do |user|
+      s = avatar(user, :size => "16").to_s + link_to_user(user, :class => 'user').to_s
      if remove_allowed
        url = {:controller => 'watchers',
               :action => 'destroy',
@@ -59,9 +59,11 @@ module WatchersHelper
        s += ' ' + link_to_remote(image_tag('delete.png'),
                                  {:url => url},
                                  :href => url_for(url),
-                                  :style => "vertical-align: middle")
+                                  :style => "vertical-align: middle",
+                                  :class => "delete")
      end
-      s
-    end.join(",\n")
+      "<li>#{ s }</li>"
+    end
+    lis.empty? ? "" : "<ul>#{ lis.join("\n") }</ul>"
  end
 end
--- a/app/models/attachment.rb
+++ b/app/models/attachment.rb
@@ -58,6 +58,9 @@ class Attachment < ActiveRecord::Base
        self.filename = sanitize_filename(@temp_file.original_filename)
        self.disk_filename = Attachment.disk_filename(filename)
        self.content_type = @temp_file.content_type.to_s.chomp
+        if content_type.blank?
+          self.content_type = Redmine::MimeType.of(filename)
+        end
        self.filesize = @temp_file.size
      end
    end
@@ -130,6 +133,33 @@ class Attachment < ActiveRecord::Base
  def readable?
    File.readable?(diskfile)
  end
+
+  # Bulk attaches a set of files to an object
+  #
+  # Returns a Hash of the results:
+  # :files => array of the attached files
+  # :unsaved => array of the files that could not be attached
+  def self.attach_files(obj, attachments)
+    attached = []
+    if attachments && attachments.is_a?(Hash)
+      attachments.each_value do |attachment|
+        file = attachment['file']
+        next unless file && file.size > 0
+        a = Attachment.create(:container => obj, 
+                              :file => file,
+                              :description => attachment['description'].to_s.strip,
+                              :author => User.current)
+
+        if a.new_record?
+          obj.unsaved_attachments ||= []
+          obj.unsaved_attachments << a
+        else
+          attached << a
+        end
+      end
+    end
+    {:files => attached, :unsaved => obj.unsaved_attachments}
+  end
  
 private
  def sanitize_filename(value)
@@ -144,14 +174,18 @@ private
  
  # Returns an ASCII or hashed filename
  def self.disk_filename(filename)
-    df = DateTime.now.strftime("%y%m%d%H%M%S") + "_"
+    timestamp = DateTime.now.strftime("%y%m%d%H%M%S")
+    ascii = ''
    if filename =~ %r{^[a-zA-Z0-9_\.\-]*$}
-      df << filename
+      ascii = filename
    else
-      df << Digest::MD5.hexdigest(filename)
+      ascii = Digest::MD5.hexdigest(filename)
      # keep the extension if any
-      df << $1 if filename =~ %r{(\.[a-zA-Z0-9]+)$}
+      ascii << $1 if filename =~ %r{(\.[a-zA-Z0-9]+)$}
    end
-    df
+    while File.exist?(File.join(@@storage_path, "#{timestamp}_#{ascii}"))
+      timestamp.succ!
+    end
+    "#{timestamp}_#{ascii}"
  end
 end
--- a/app/models/auth_source.rb
+++ b/app/models/auth_source.rb
@@ -32,6 +32,15 @@ class AuthSource < ActiveRecord::Base
    "Abstract"
  end

+  def allow_password_changes?
+    self.class.allow_password_changes?
+  end
+
+  # Does this auth source backend allow password changes?
+  def self.allow_password_changes?
+    false
+  end
+
  # Try to authenticate a user not yet registered against available sources
  def self.authenticate(login, password)
    AuthSource.find(:all, :conditions => ["onthefly_register=?", true]).each do |source|
--- a/app/models/auth_source_ldap.rb
+++ b/app/models/auth_source_ldap.rb
@@ -33,30 +33,12 @@ class AuthSourceLdap < AuthSource
  
  def authenticate(login, password)
    return nil if login.blank? || password.blank?
-    attrs = []
-    # get user's DN
-    ldap_con = initialize_ldap_con(self.account, self.account_password)
-    login_filter = Net::LDAP::Filter.eq( self.attr_login, login ) 
-    object_filter = Net::LDAP::Filter.eq( "objectClass", "*" ) 
-    dn = String.new
-    ldap_con.search( :base => self.base_dn, 
-                     :filter => object_filter & login_filter, 
-                     # only ask for the DN if on-the-fly registration is disabled
-                     :attributes=> (onthefly_register? ? ['dn', self.attr_firstname, self.attr_lastname, self.attr_mail] : ['dn'])) do |entry|
-      dn = entry.dn
-      attrs = [:firstname => AuthSourceLdap.get_attr(entry, self.attr_firstname),
-               :lastname => AuthSourceLdap.get_attr(entry, self.attr_lastname),
-               :mail => AuthSourceLdap.get_attr(entry, self.attr_mail),
-               :auth_source_id => self.id ] if onthefly_register?
+    attrs = get_user_dn(login)
+    
+    if attrs && attrs[:dn] && authenticate_dn(attrs[:dn], password)
+      logger.debug "Authentication successful for '#{login}'" if logger && logger.debug?
+      return attrs.except(:dn)
    end
-    return nil if dn.empty?
-    logger.debug "DN found for #{login}: #{dn}" if logger && logger.debug?
-    # authenticate user
-    ldap_con = initialize_ldap_con(dn, password)
-    return nil unless ldap_con.bind
-    # return user's attributes
-    logger.debug "Authentication successful for '#{login}'" if logger && logger.debug?
-    attrs    
  rescue  Net::LDAP::LdapError => text
    raise "LdapError: " + text
  end
@@ -89,6 +71,56 @@ class AuthSourceLdap < AuthSource
    options.merge!(:auth => { :method => :simple, :username => ldap_user, :password => ldap_password }) unless ldap_user.blank? && ldap_password.blank?
    Net::LDAP.new options
  end
+
+  def get_user_attributes_from_ldap_entry(entry)
+    {
+     :dn => entry.dn,
+     :firstname => AuthSourceLdap.get_attr(entry, self.attr_firstname),
+     :lastname => AuthSourceLdap.get_attr(entry, self.attr_lastname),
+     :mail => AuthSourceLdap.get_attr(entry, self.attr_mail),
+     :auth_source_id => self.id
+    }
+  end
+
+  # Return the attributes needed for the LDAP search.  It will only
+  # include the user attributes if on-the-fly registration is enabled
+  def search_attributes
+    if onthefly_register?
+      ['dn', self.attr_firstname, self.attr_lastname, self.attr_mail]
+    else
+      ['dn']
+    end
+  end
+
+  # Check if a DN (user record) authenticates with the password
+  def authenticate_dn(dn, password)
+    if dn.present? && password.present?
+      initialize_ldap_con(dn, password).bind
+    end
+  end
+
+  # Get the user's dn and any attributes for them, given their login
+  def get_user_dn(login)
+    ldap_con = initialize_ldap_con(self.account, self.account_password)
+    login_filter = Net::LDAP::Filter.eq( self.attr_login, login ) 
+    object_filter = Net::LDAP::Filter.eq( "objectClass", "*" ) 
+    attrs = {}
+    
+    ldap_con.search( :base => self.base_dn, 
+                     :filter => object_filter & login_filter, 
+                     :attributes=> search_attributes) do |entry|
+
+      if onthefly_register?
+        attrs = get_user_attributes_from_ldap_entry(entry)
+      else
+        attrs = {:dn => entry.dn}
+      end
+
+      logger.debug "DN found for #{login}: #{attrs[:dn]}" if logger && logger.debug?
+    end
+
+    attrs
+  end
  
  def self.get_attr(entry, attr_name)
    if !attr_name.blank?
--- a/app/models/change.rb
+++ b/app/models/change.rb
@@ -19,8 +19,13 @@ class Change < ActiveRecord::Base
  belongs_to :changeset
  
  validates_presence_of :changeset_id, :action, :path
+  before_save :init_path
  
  def relative_path
    changeset.repository.relative_path(path)
  end
+  
+  def init_path
+    self.path ||= ""
+  end
 end
--- a/app/models/changeset.rb
+++ b/app/models/changeset.rb
@@ -1,5 +1,5 @@
 # Redmine - project management software
-# Copyright (C) 2006-2008  Jean-Philippe Lang
+# Copyright (C) 2006-2010  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -41,6 +41,9 @@ class Changeset < ActiveRecord::Base
  validates_uniqueness_of :revision, :scope => :repository_id
  validates_uniqueness_of :scmid, :scope => :repository_id, :allow_nil => true
  
+  named_scope :visible, lambda {|*args| { :include => {:repository => :project},
+                                          :conditions => Project.allowed_to_condition(args.first || User.current, :view_changesets) } }
+                                          
  def revision=(r)
    write_attribute :revision, (r.nil? ? nil : r.to_s)
  end
@@ -54,6 +57,10 @@ class Changeset < ActiveRecord::Base
    super
  end
  
+  def committer=(arg)
+    write_attribute(:committer, self.class.to_utf8(arg.to_s))
+  end
+
  def project
    repository.project
  end
@@ -69,7 +76,6 @@ class Changeset < ActiveRecord::Base
  def after_create
    scan_comment_for_issue_ids
  end
-  require 'pp'
  
  def scan_comment_for_issue_ids
    return if comments.blank?
@@ -77,9 +83,6 @@ class Changeset < ActiveRecord::Base
    ref_keywords = Setting.commit_ref_keywords.downcase.split(",").collect(&:strip)
    # keywords used to fix issues
    fix_keywords = Setting.commit_fix_keywords.downcase.split(",").collect(&:strip)
-    # status and optional done ratio applied
-    fix_status = IssueStatus.find_by_id(Setting.commit_fix_status_id)
-    done_ratio = Setting.commit_fix_done_ratio.blank? ? nil : Setting.commit_fix_done_ratio.to_i
    
    kw_regexp = (ref_keywords + fix_keywords).collect{|kw| Regexp.escape(kw)}.join("|")
    return if kw_regexp.blank?
@@ -90,14 +93,14 @@ class Changeset < ActiveRecord::Base
      # find any issue ID in the comments
      target_issue_ids = []
      comments.scan(%r{([\s\(\[,-]|^)#(\d+)(?=[[:punct:]]|\s|<|$)}).each { |m| target_issue_ids << m[1] }
-      referenced_issues += repository.project.issues.find_all_by_id(target_issue_ids)
+      referenced_issues += find_referenced_issues_by_id(target_issue_ids)
    end
    
    comments.scan(Regexp.new("(#{kw_regexp})[\s:]+(([\s,;&]*#?\\d+)+)", Regexp::IGNORECASE)).each do |match|
      action = match[0]
      target_issue_ids = match[1].scan(/\d+/)
-      target_issues = repository.project.issues.find_all_by_id(target_issue_ids)
-      if fix_status && fix_keywords.include?(action.downcase)
+      target_issues = find_referenced_issues_by_id(target_issue_ids)
+      if fix_keywords.include?(action.downcase) && fix_status = IssueStatus.find_by_id(Setting.commit_fix_status_id)
        # update status of issues
        logger.debug "Issues fixed by changeset #{self.revision}: #{issue_ids.join(', ')}." if logger && logger.debug?
        target_issues.each do |issue|
@@ -111,7 +114,9 @@ class Changeset < ActiveRecord::Base
          end
          journal = issue.init_journal(user || User.anonymous, ll(Setting.default_language, :text_status_changed_by_changeset, csettext))
          issue.status = fix_status
-          issue.done_ratio = done_ratio if done_ratio
+          unless Setting.commit_fix_done_ratio.blank?
+            issue.done_ratio = Setting.commit_fix_done_ratio.to_i
+          end
          Redmine::Hook.call_hook(:model_changeset_scan_commit_for_issue_ids_pre_issue_update,
                                  { :changeset => self, :issue => issue })
          issue.save
@@ -120,7 +125,8 @@ class Changeset < ActiveRecord::Base
      referenced_issues += target_issues
    end
    
-    self.issues = referenced_issues.uniq
+    referenced_issues.uniq!
+    self.issues = referenced_issues unless referenced_issues.empty?
  end
  
  def short_comments
@@ -145,9 +151,27 @@ class Changeset < ActiveRecord::Base
  def self.normalize_comments(str)
    to_utf8(str.to_s.strip)
  end
+
+  # Creates a new Change from it's common parameters
+  def create_change(change)
+    Change.create(:changeset => self,
+                  :action => change[:action],
+                  :path => change[:path],
+                  :from_path => change[:from_path],
+                  :from_revision => change[:from_revision])
+  end
  
  private

+  # Finds issues that can be referenced by the commit message
+  # i.e. issues that belong to the repository project, a subproject or a parent project
+  def find_referenced_issues_by_id(ids)
+    return [] if ids.compact.empty?
+    Issue.find_all_by_id(ids, :include => :project).select {|issue|
+      project == issue.project || project.is_ancestor_of?(issue.project) || project.is_descendant_of?(issue.project)
+    }
+  end
+  
  def split_comments
    comments =~ /\A(.+?)\r?\n(.*)$/m
    @short_comments = $1 || comments
@@ -160,11 +184,17 @@ class Changeset < ActiveRecord::Base
    encoding = Setting.commit_logs_encoding.to_s.strip
    unless encoding.blank? || encoding == 'UTF-8'
      begin
-        return Iconv.conv('UTF-8', encoding, str)
+        str = Iconv.conv('UTF-8', encoding, str)
      rescue Iconv::Failure
        # do nothing here
      end
    end
-    str
+    # removes invalid UTF8 sequences
+    begin
+      Iconv.conv('UTF-8//IGNORE', 'UTF-8', str + '  ')[0..-3]
+    rescue Iconv::InvalidEncoding
+      # "UTF-8//IGNORE" is not supported on some OS
+      str
+    end
  end
 end
--- a/app/models/custom_field.rb
+++ b/app/models/custom_field.rb
@@ -20,20 +20,11 @@ class CustomField < ActiveRecord::Base
  acts_as_list :scope => 'type = \'#{self.class}\''
  serialize :possible_values
  
-  FIELD_FORMATS = { "string" => { :name => :label_string, :order => 1 },
-                    "text" => { :name => :label_text, :order => 2 },
-                    "int" => { :name => :label_integer, :order => 3 },
-                    "float" => { :name => :label_float, :order => 4 },
-                    "list" => { :name => :label_list, :order => 5 },
-			        "date" => { :name => :label_date, :order => 6 },
-			        "bool" => { :name => :label_boolean, :order => 7 }
-  }.freeze
-
  validates_presence_of :name, :field_format
  validates_uniqueness_of :name, :scope => :type
  validates_length_of :name, :maximum => 30
  validates_format_of :name, :with => /^[\w\s\.\'\-]*$/i
-  validates_inclusion_of :field_format, :in => FIELD_FORMATS.keys
+  validates_inclusion_of :field_format, :in => Redmine::CustomFieldFormat.available_formats

  def initialize(attributes = nil)
    super
--- a/app/models/document.rb
+++ b/app/models/document.rb
@@ -46,11 +46,4 @@ class Document < ActiveRecord::Base
    end
    @updated_on
  end
-  
-  # Returns the mail adresses of users that should be notified
-  def recipients
-    notified = project.notified_users
-    notified.reject! {|user| !visible?(user)}
-    notified.collect(&:mail)
-  end
 end
--- a/app/models/issue.rb
+++ b/app/models/issue.rb
@@ -32,6 +32,7 @@ class Issue < ActiveRecord::Base
  has_many :relations_from, :class_name => 'IssueRelation', :foreign_key => 'issue_from_id', :dependent => :delete_all
  has_many :relations_to, :class_name => 'IssueRelation', :foreign_key => 'issue_to_id', :dependent => :delete_all
  
+  acts_as_nested_set :scope => 'root_id'
  acts_as_attachable :after_remove => :attachment_removed
  acts_as_customizable
  acts_as_watchable
@@ -47,8 +48,11 @@ class Issue < ActiveRecord::Base
                            :author_key => :author_id

  DONE_RATIO_OPTIONS = %w(issue_field issue_status)
-  
+
+  attr_reader :current_journal
+
  validates_presence_of :subject, :priority, :project, :tracker, :author, :status
+
  validates_length_of :subject, :maximum => 255
  validates_inclusion_of :done_ratio, :in => 0..100
  validates_numericality_of :estimated_hours, :allow_nil => true
@@ -58,8 +62,16 @@ class Issue < ActiveRecord::Base
  
  named_scope :open, :conditions => ["#{IssueStatus.table_name}.is_closed = ?", false], :include => :status

-  before_save :update_done_ratio_from_issue_status
-  after_save :create_journal
+  named_scope :recently_updated, :order => "#{self.table_name}.updated_on DESC"
+  named_scope :with_limit, lambda { |limit| { :limit => limit} }
+  named_scope :on_active_project, :include => [:status, :project, :tracker],
+                                  :conditions => ["#{Project.table_name}.status=#{Project::STATUS_ACTIVE}"]
+
+  before_create :default_assign
+  before_save :reschedule_following_issues, :close_duplicates, :update_done_ratio_from_issue_status
+  after_save :update_nested_set_attributes, :update_parent_attributes, :create_journal
+  after_destroy :destroy_children
+  after_destroy :update_parent_attributes
  
  # Returns true if usr or current user is allowed to view the issue
  def visible?(usr=nil)
@@ -80,61 +92,81 @@ class Issue < ActiveRecord::Base
  end
  
  def copy_from(arg)
-    issue = arg.is_a?(Issue) ? arg : Issue.find(arg)
-    self.attributes = issue.attributes.dup.except("id", "created_on", "updated_on")
-    self.custom_values = issue.custom_values.collect {|v| v.clone}
+    issue = arg.is_a?(Issue) ? arg : Issue.visible.find(arg)
+    self.attributes = issue.attributes.dup.except("id", "root_id", "parent_id", "lft", "rgt", "created_on", "updated_on")
+    self.custom_field_values = issue.custom_field_values.inject({}) {|h,v| h[v.custom_field_id] = v.value; h}
    self.status = issue.status
    self
  end
  
  # Moves/copies an issue to a new project and tracker
  # Returns the moved/copied issue on success, false on failure
-  def move_to(new_project, new_tracker = nil, options = {})
+  def move_to_project(*args)
+    ret = Issue.transaction do
+      move_to_project_without_transaction(*args) || raise(ActiveRecord::Rollback)
+    end || false
+  end
+  
+  def move_to_project_without_transaction(new_project, new_tracker = nil, options = {})
    options ||= {}
-    issue = options[:copy] ? self.clone : self
-    transaction do
-      if new_project && issue.project_id != new_project.id
-        # delete issue relations
-        unless Setting.cross_project_issue_relations?
-          issue.relations_from.clear
-          issue.relations_to.clear
-        end
-        # issue is moved to another project
-        # reassign to the category with same name if any
-        new_category = issue.category.nil? ? nil : new_project.issue_categories.find_by_name(issue.category.name)
-        issue.category = new_category
-        # Keep the fixed_version if it's still valid in the new_project
-        unless new_project.shared_versions.include?(issue.fixed_version)
-          issue.fixed_version = nil
-        end
-        issue.project = new_project
+    issue = options[:copy] ? self.class.new.copy_from(self) : self
+    
+    if new_project && issue.project_id != new_project.id
+      # delete issue relations
+      unless Setting.cross_project_issue_relations?
+        issue.relations_from.clear
+        issue.relations_to.clear
      end
-      if new_tracker
-        issue.tracker = new_tracker
+      # issue is moved to another project
+      # reassign to the category with same name if any
+      new_category = issue.category.nil? ? nil : new_project.issue_categories.find_by_name(issue.category.name)
+      issue.category = new_category
+      # Keep the fixed_version if it's still valid in the new_project
+      unless new_project.shared_versions.include?(issue.fixed_version)
+        issue.fixed_version = nil
      end
-      if options[:copy]
-        issue.custom_field_values = self.custom_field_values.inject({}) {|h,v| h[v.custom_field_id] = v.value; h}
-        issue.status = if options[:attributes] && options[:attributes][:status_id]
-                         IssueStatus.find_by_id(options[:attributes][:status_id])
-                       else
-                         self.status
-                       end
-      end
-      # Allow bulk setting of attributes on the issue
-      if options[:attributes]
-        issue.attributes = options[:attributes]
-      end
-      if issue.save
-        unless options[:copy]
-          # Manually update project_id on related time entries
-          TimeEntry.update_all("project_id = #{new_project.id}", {:issue_id => id})
-        end
-      else
-        Issue.connection.rollback_db_transaction
-        return false
+      issue.project = new_project
+      if issue.parent && issue.parent.project_id != issue.project_id
+        issue.parent_issue_id = nil
      end
    end
-    return issue
+    if new_tracker
+      issue.tracker = new_tracker
+      issue.reset_custom_values!
+    end
+    if options[:copy]
+      issue.custom_field_values = self.custom_field_values.inject({}) {|h,v| h[v.custom_field_id] = v.value; h}
+      issue.status = if options[:attributes] && options[:attributes][:status_id]
+                       IssueStatus.find_by_id(options[:attributes][:status_id])
+                     else
+                       self.status
+                     end
+    end
+    # Allow bulk setting of attributes on the issue
+    if options[:attributes]
+      issue.attributes = options[:attributes]
+    end
+    if issue.save
+      unless options[:copy]
+        # Manually update project_id on related time entries
+        TimeEntry.update_all("project_id = #{new_project.id}", {:issue_id => id})
+        
+        issue.children.each do |child|
+          unless child.move_to_project_without_transaction(new_project)
+            # Move failed and transaction was rollback'd
+            return false
+          end
+        end
+      end
+    else
+      return false
+    end
+    issue
+  end
+
+  def status_id=(sid)
+    self.status = nil
+    write_attribute(:status_id, sid)
  end
  
  def priority_id=(pid)
@@ -144,7 +176,6 @@ class Issue < ActiveRecord::Base

  def tracker_id=(tid)
    self.tracker = nil
-    write_attribute(:tracker_id, tid)
    result = write_attribute(:tracker_id, tid)
    @custom_field_values = nil
    result
@@ -157,14 +188,62 @@ class Issue < ActiveRecord::Base
    if new_tracker_id
      self.tracker_id = new_tracker_id
    end
-    self.attributes_without_tracker_first = new_attributes, *args
+    send :attributes_without_tracker_first=, new_attributes, *args
  end
-  alias_method_chain :attributes=, :tracker_first
+  # Do not redefine alias chain on reload (see #4838)
+  alias_method_chain(:attributes=, :tracker_first) unless method_defined?(:attributes_without_tracker_first=)
  
  def estimated_hours=(h)
    write_attribute :estimated_hours, (h.is_a?(String) ? h.to_hours : h)
  end
  
+  SAFE_ATTRIBUTES = %w(
+    tracker_id
+    status_id
+    parent_issue_id
+    category_id
+    assigned_to_id
+    priority_id
+    fixed_version_id
+    subject
+    description
+    start_date
+    due_date
+    done_ratio
+    estimated_hours
+    custom_field_values
+    lock_version
+  ) unless const_defined?(:SAFE_ATTRIBUTES)
+  
+  # Safely sets attributes
+  # Should be called from controllers instead of #attributes=
+  # attr_accessible is too rough because we still want things like
+  # Issue.new(:project => foo) to work
+  # TODO: move workflow/permission checks from controllers to here
+  def safe_attributes=(attrs, user=User.current)
+    return if attrs.nil?
+    attrs = attrs.reject {|k,v| !SAFE_ATTRIBUTES.include?(k)}
+    if attrs['status_id']
+      unless new_statuses_allowed_to(user).collect(&:id).include?(attrs['status_id'].to_i)
+        attrs.delete('status_id')
+      end
+    end
+    
+    unless leaf?
+      attrs.reject! {|k,v| %w(priority_id done_ratio start_date due_date estimated_hours).include?(k)}
+    end
+    
+    if attrs.has_key?('parent_issue_id')
+      if !user.allowed_to?(:manage_subtasks, project)
+        attrs.delete('parent_issue_id')
+      elsif !attrs['parent_issue_id'].blank?
+        attrs.delete('parent_issue_id') unless Issue.visible(user).exists?(attrs['parent_issue_id'])
+      end
+    end
+    
+    self.attributes = attrs
+  end
+  
  def done_ratio
    if Issue.use_status_for_done_ratio? && status && status.default_done_ratio?
      status.default_done_ratio
@@ -208,12 +287,21 @@ class Issue < ActiveRecord::Base
        errors.add :tracker_id, :inclusion
      end
    end
-  end
-  
-  def before_create
-    # default assignment based on category
-    if assigned_to.nil? && category && category.assigned_to
-      self.assigned_to = category.assigned_to
+    
+    # Checks parent issue assignment
+    if @parent_issue
+      if @parent_issue.project_id != project_id
+        errors.add :parent_issue_id, :not_same_project
+      elsif !new_record?
+        # moving an existing issue
+        if @parent_issue.root_id != root_id
+          # we can always move to another tree
+        elsif move_possible?(@parent_issue)
+          # move accepted inside tree
+        else
+          errors.add :parent_issue_id, :not_a_valid_parent
+        end
+      end
    end
  end
  
@@ -225,27 +313,6 @@ class Issue < ActiveRecord::Base
    end
  end
  
-  def after_save
-    # Reload is needed in order to get the right status
-    reload
-    
-    # Update start/due dates of following issues
-    relations_from.each(&:set_issue_to_dates)
-    
-    # Close duplicates if the issue was closed
-    if @issue_before_change && !@issue_before_change.closed? && self.closed?
-      duplicates.each do |duplicate|
-        # Reload is need in case the duplicate was updated by a previous duplicate
-        duplicate.reload
-        # Don't re-close it if it's already closed
-        next if duplicate.closed?
-        # Same user and notes
-        duplicate.init_journal(@current_journal.user, @current_journal.notes)
-        duplicate.update_attribute :status, self.status
-      end
-    end
-  end
-  
  def init_journal(user, notes = "")
    @current_journal ||= Journal.new(:journalized => self, :user => user, :notes => notes)
    @issue_before_change = self.clone
@@ -273,6 +340,18 @@ class Issue < ActiveRecord::Base
    end
    false
  end
+
+  # Return true if the issue is being closed
+  def closing?
+    if !new_record? && status_id_changed?
+      status_was = IssueStatus.find_by_id(status_id_was)
+      status_new = IssueStatus.find_by_id(status_id)
+      if status_was && status_new && !status_was.is_closed? && status_new.is_closed?
+        return true
+      end
+    end
+    false
+  end
  
  # Returns true if the issue is overdue
  def overdue?
@@ -295,9 +374,10 @@ class Issue < ActiveRecord::Base
  end
  
  # Returns an array of status that user is able to apply
-  def new_statuses_allowed_to(user)
+  def new_statuses_allowed_to(user, include_default=false)
    statuses = status.find_new_statuses_allowed_to(user.roles_for_project(project), tracker)
    statuses << status unless statuses.empty?
+    statuses << IssueStatus.default if include_default
    statuses = statuses.uniq.sort
    blocked? ? statuses.reject {|s| s.is_closed?} : statuses
  end
@@ -314,13 +394,13 @@ class Issue < ActiveRecord::Base
    notified.collect(&:mail)
  end
  
-  # Returns the total number of hours spent on this issue.
+  # Returns the total number of hours spent on this issue and its descendants
  #
  # Example:
-  #   spent_hours => 0
-  #   spent_hours => 50
+  #   spent_hours => 0.0
+  #   spent_hours => 50.2
  def spent_hours
-    @spent_hours ||= time_entries.sum(:hours) || 0
+    @spent_hours ||= self_and_descendants.sum("#{TimeEntry.table_name}.hours", :include => :time_entries).to_f || 0.0
  end
  
  def relations
@@ -357,7 +437,34 @@ class Issue < ActiveRecord::Base
  end
  
  def soonest_start
-    @soonest_start ||= relations_to.collect{|relation| relation.successor_soonest_start}.compact.min
+    @soonest_start ||= (
+        relations_to.collect{|relation| relation.successor_soonest_start} +
+        ancestors.collect(&:soonest_start)
+      ).compact.max
+  end
+  
+  def reschedule_after(date)
+    return if date.nil?
+    if leaf?
+      if start_date.nil? || start_date < date
+        self.start_date, self.due_date = date, date + duration
+        save
+      end
+    else
+      leaves.each do |leaf|
+        leaf.reschedule_after(date)
+      end
+    end
+  end
+  
+  def <=>(issue)
+    if issue.nil?
+      -1
+    elsif root_id != issue.root_id
+      (root_id || 0) <=> (issue.root_id || 0)
+    else
+      (lft || 0) <=> (issue.lft || 0)
+    end
  end
  
  def to_s
@@ -374,6 +481,42 @@ class Issue < ActiveRecord::Base
    s
  end

+  # Saves an issue, time_entry, attachments, and a journal from the parameters
+  # Returns false if save fails
+  def save_issue_with_child_records(params, existing_time_entry=nil)
+    Issue.transaction do
+      if params[:time_entry] && params[:time_entry][:hours].present? && User.current.allowed_to?(:log_time, project)
+        @time_entry = existing_time_entry || TimeEntry.new
+        @time_entry.project = project
+        @time_entry.issue = self
+        @time_entry.user = User.current
+        @time_entry.spent_on = Date.today
+        @time_entry.attributes = params[:time_entry]
+        self.time_entries << @time_entry
+      end
+  
+      if valid?
+        attachments = Attachment.attach_files(self, params[:attachments])
+  
+        attachments[:files].each {|a| @current_journal.details << JournalDetail.new(:property => 'attachment', :prop_key => a.id, :value => a.filename)}
+        # TODO: Rename hook
+        Redmine::Hook.call_hook(:controller_issues_edit_before_save, { :params => params, :issue => self, :time_entry => @time_entry, :journal => @current_journal})
+        begin
+          if save
+            # TODO: Rename hook
+            Redmine::Hook.call_hook(:controller_issues_edit_after_save, { :params => params, :issue => self, :time_entry => @time_entry, :journal => @current_journal})
+          else
+            raise ActiveRecord::Rollback
+          end
+        rescue ActiveRecord::StaleObjectError
+          attachments[:files].each(&:destroy)
+          errors.add_to_base l(:notice_locking_conflict)
+          raise ActiveRecord::Rollback
+        end
+      end
+    end
+  end
+
  # Unassigns issues from +version+ if it's no longer shared with issue's project
  def self.update_versions_from_sharing_change(version)
    # Update issues assigned to the version
@@ -388,8 +531,189 @@ class Issue < ActiveRecord::Base
    Issue.update_versions(["#{Version.table_name}.project_id IN (?) OR #{Issue.table_name}.project_id IN (?)", moved_project_ids, moved_project_ids])
  end

+  def parent_issue_id=(arg)
+    parent_issue_id = arg.blank? ? nil : arg.to_i
+    if parent_issue_id && @parent_issue = Issue.find_by_id(parent_issue_id)
+      @parent_issue.id
+    else
+      @parent_issue = nil
+      nil
+    end
+  end
+  
+  def parent_issue_id
+    if instance_variable_defined? :@parent_issue
+      @parent_issue.nil? ? nil : @parent_issue.id
+    else
+      parent_id
+    end
+  end
+
+  # Extracted from the ReportsController.
+  def self.by_tracker(project)
+    count_and_group_by(:project => project,
+                       :field => 'tracker_id',
+                       :joins => Tracker.table_name)
+  end
+
+  def self.by_version(project)
+    count_and_group_by(:project => project,
+                       :field => 'fixed_version_id',
+                       :joins => Version.table_name)
+  end
+
+  def self.by_priority(project)
+    count_and_group_by(:project => project,
+                       :field => 'priority_id',
+                       :joins => IssuePriority.table_name)
+  end
+
+  def self.by_category(project)
+    count_and_group_by(:project => project,
+                       :field => 'category_id',
+                       :joins => IssueCategory.table_name)
+  end
+
+  def self.by_assigned_to(project)
+    count_and_group_by(:project => project,
+                       :field => 'assigned_to_id',
+                       :joins => User.table_name)
+  end
+
+  def self.by_author(project)
+    count_and_group_by(:project => project,
+                       :field => 'author_id',
+                       :joins => User.table_name)
+  end
+
+  def self.by_subproject(project)
+    ActiveRecord::Base.connection.select_all("select    s.id as status_id, 
+                                                s.is_closed as closed, 
+                                                i.project_id as project_id,
+                                                count(i.id) as total 
+                                              from 
+                                                #{Issue.table_name} i, #{IssueStatus.table_name} s
+                                              where 
+                                                i.status_id=s.id 
+                                                and i.project_id IN (#{project.descendants.active.collect{|p| p.id}.join(',')})
+                                              group by s.id, s.is_closed, i.project_id") if project.descendants.active.any?
+  end
+  # End ReportsController extraction
+  
+  # Returns an array of projects that current user can move issues to
+  def self.allowed_target_projects_on_move
+    projects = []
+    if User.current.admin?
+      # admin is allowed to move issues to any active (visible) project
+      projects = Project.visible.all
+    elsif User.current.logged?
+      if Role.non_member.allowed_to?(:move_issues)
+        projects = Project.visible.all
+      else
+        User.current.memberships.each {|m| projects << m.project if m.roles.detect {|r| r.allowed_to?(:move_issues)}}
+      end
+    end
+    projects
+  end
+   
  private
  
+  def update_nested_set_attributes
+    if root_id.nil?
+      # issue was just created
+      self.root_id = (@parent_issue.nil? ? id : @parent_issue.root_id)
+      set_default_left_and_right
+      Issue.update_all("root_id = #{root_id}, lft = #{lft}, rgt = #{rgt}", ["id = ?", id])
+      if @parent_issue
+        move_to_child_of(@parent_issue)
+      end
+      reload
+    elsif parent_issue_id != parent_id
+      former_parent_id = parent_id
+      # moving an existing issue
+      if @parent_issue && @parent_issue.root_id == root_id
+        # inside the same tree
+        move_to_child_of(@parent_issue)
+      else
+        # to another tree
+        unless root?
+          move_to_right_of(root)
+          reload
+        end
+        old_root_id = root_id
+        self.root_id = (@parent_issue.nil? ? id : @parent_issue.root_id )
+        target_maxright = nested_set_scope.maximum(right_column_name) || 0
+        offset = target_maxright + 1 - lft
+        Issue.update_all("root_id = #{root_id}, lft = lft + #{offset}, rgt = rgt + #{offset}",
+                          ["root_id = ? AND lft >= ? AND rgt <= ? ", old_root_id, lft, rgt])
+        self[left_column_name] = lft + offset
+        self[right_column_name] = rgt + offset
+        if @parent_issue
+          move_to_child_of(@parent_issue)
+        end
+      end
+      reload
+      # delete invalid relations of all descendants
+      self_and_descendants.each do |issue|
+        issue.relations.each do |relation|
+          relation.destroy unless relation.valid?
+        end
+      end
+      # update former parent
+      recalculate_attributes_for(former_parent_id) if former_parent_id
+    end
+    remove_instance_variable(:@parent_issue) if instance_variable_defined?(:@parent_issue)
+  end
+  
+  def update_parent_attributes
+    recalculate_attributes_for(parent_id) if parent_id
+  end
+
+  def recalculate_attributes_for(issue_id)
+    if issue_id && p = Issue.find_by_id(issue_id)
+      # priority = highest priority of children
+      if priority_position = p.children.maximum("#{IssuePriority.table_name}.position", :include => :priority)
+        p.priority = IssuePriority.find_by_position(priority_position)
+      end
+      
+      # start/due dates = lowest/highest dates of children
+      p.start_date = p.children.minimum(:start_date)
+      p.due_date = p.children.maximum(:due_date)
+      if p.start_date && p.due_date && p.due_date < p.start_date
+        p.start_date, p.due_date = p.due_date, p.start_date
+      end
+      
+      # done ratio = weighted average ratio of leaves
+      unless Issue.use_status_for_done_ratio? && p.status && p.status.default_done_ratio?
+        leaves_count = p.leaves.count
+        if leaves_count > 0
+          average = p.leaves.average(:estimated_hours).to_f
+          if average == 0
+            average = 1
+          end
+          done = p.leaves.sum("COALESCE(estimated_hours, #{average}) * (CASE WHEN is_closed = #{connection.quoted_true} THEN 100 ELSE COALESCE(done_ratio, 0) END)", :include => :status).to_f
+          progress = done / (average * leaves_count)
+          p.done_ratio = progress.round
+        end
+      end
+      
+      # estimate = sum of leaves estimates
+      p.estimated_hours = p.leaves.sum(:estimated_hours).to_f
+      p.estimated_hours = nil if p.estimated_hours == 0.0
+      
+      # ancestors will be recursively updated
+      p.save(false)
+    end
+  end
+  
+  def destroy_children
+    unless leaf?
+      children.each do |child|
+        child.destroy
+      end
+    end
+  end
+  
  # Update issues so their versions are not pointing to a
  # fixed_version that is not shared with the issue's project
  def self.update_versions(conditions=nil)
@@ -419,12 +743,45 @@ class Issue < ActiveRecord::Base
    journal.save
  end
  
+  # Default assignment based on category
+  def default_assign
+    if assigned_to.nil? && category && category.assigned_to
+      self.assigned_to = category.assigned_to
+    end
+  end
+
+  # Updates start/due dates of following issues
+  def reschedule_following_issues
+    if start_date_changed? || due_date_changed?
+      relations_from.each do |relation|
+        relation.set_issue_to_dates
+      end
+    end
+  end
+
+  # Closes duplicates if the issue is being closed
+  def close_duplicates
+    if closing?
+      duplicates.each do |duplicate|
+        # Reload is need in case the duplicate was updated by a previous duplicate
+        duplicate.reload
+        # Don't re-close it if it's already closed
+        next if duplicate.closed?
+        # Same user and notes
+        if @current_journal
+          duplicate.init_journal(@current_journal.user, @current_journal.notes)
+        end
+        duplicate.update_attribute :status, self.status
+      end
+    end
+  end
+  
  # Saves the changes in a Journal
  # Called after_save
  def create_journal
    if @current_journal
      # attributes changes
-      (Issue.column_names - %w(id description lock_version created_on updated_on)).each {|c|
+      (Issue.column_names - %w(id description root_id lft rgt lock_version created_on updated_on)).each {|c|
        @current_journal.details << JournalDetail.new(:property => 'attr',
                                                      :prop_key => c,
                                                      :old_value => @issue_before_change.send(c),
@@ -440,6 +797,37 @@ class Issue < ActiveRecord::Base
                                                      :value => c.value)
      }      
      @current_journal.save
+      # reset current journal
+      init_journal @current_journal.user, @current_journal.notes
    end
  end
+
+  # Query generator for selecting groups of issue counts for a project
+  # based on specific criteria
+  #
+  # Options
+  # * project - Project to search in.
+  # * field - String. Issue field to key off of in the grouping.
+  # * joins - String. The table name to join against.
+  def self.count_and_group_by(options)
+    project = options.delete(:project)
+    select_field = options.delete(:field)
+    joins = options.delete(:joins)
+
+    where = "i.#{select_field}=j.id"
+    
+    ActiveRecord::Base.connection.select_all("select    s.id as status_id, 
+                                                s.is_closed as closed, 
+                                                j.id as #{select_field},
+                                                count(i.id) as total 
+                                              from 
+                                                  #{Issue.table_name} i, #{IssueStatus.table_name} s, #{joins} as j
+                                              where 
+                                                i.status_id=s.id 
+                                                and #{where}
+                                                and i.project_id=#{project.id}
+                                              group by s.id, s.is_closed, j.id")
+  end
+  
+
 end
--- a/app/models/issue_relation.rb
+++ b/app/models/issue_relation.rb
@@ -21,15 +21,19 @@ class IssueRelation < ActiveRecord::Base
  
  TYPE_RELATES      = "relates"
  TYPE_DUPLICATES   = "duplicates"
+  TYPE_DUPLICATED   = "duplicated"
  TYPE_BLOCKS       = "blocks"
+  TYPE_BLOCKED      = "blocked"
  TYPE_PRECEDES     = "precedes"
  TYPE_FOLLOWS      = "follows"
  
-  TYPES = { TYPE_RELATES =>     { :name => :label_relates_to, :sym_name => :label_relates_to, :order => 1 },
-            TYPE_DUPLICATES =>  { :name => :label_duplicates, :sym_name => :label_duplicated_by, :order => 2 },
-            TYPE_BLOCKS =>      { :name => :label_blocks, :sym_name => :label_blocked_by, :order => 3 },
-            TYPE_PRECEDES =>    { :name => :label_precedes, :sym_name => :label_follows, :order => 4 },
-            TYPE_FOLLOWS =>     { :name => :label_follows, :sym_name => :label_precedes, :order => 5 }
+  TYPES = { TYPE_RELATES =>     { :name => :label_relates_to, :sym_name => :label_relates_to, :order => 1, :sym => TYPE_RELATES },
+            TYPE_DUPLICATES =>  { :name => :label_duplicates, :sym_name => :label_duplicated_by, :order => 2, :sym => TYPE_DUPLICATED },
+            TYPE_DUPLICATED =>  { :name => :label_duplicated_by, :sym_name => :label_duplicates, :order => 3, :sym => TYPE_DUPLICATES, :reverse => TYPE_DUPLICATES },
+            TYPE_BLOCKS =>      { :name => :label_blocks, :sym_name => :label_blocked_by, :order => 4, :sym => TYPE_BLOCKED },
+            TYPE_BLOCKED =>     { :name => :label_blocked_by, :sym_name => :label_blocks, :order => 5, :sym => TYPE_BLOCKS, :reverse => TYPE_BLOCKS },
+            TYPE_PRECEDES =>    { :name => :label_precedes, :sym_name => :label_follows, :order => 6, :sym => TYPE_FOLLOWS },
+            TYPE_FOLLOWS =>     { :name => :label_follows, :sym_name => :label_precedes, :order => 7, :sym => TYPE_PRECEDES, :reverse => TYPE_PRECEDES }
          }.freeze
  
  validates_presence_of :issue_from, :issue_to, :relation_type
@@ -44,6 +48,7 @@ class IssueRelation < ActiveRecord::Base
      errors.add :issue_to_id, :invalid if issue_from_id == issue_to_id
      errors.add :issue_to_id, :not_same_project unless issue_from.project_id == issue_to.project_id || Setting.cross_project_issue_relations?
      errors.add_to_base :circular_dependency if issue_to.all_dependent_issues.include? issue_from
+      errors.add_to_base :cant_link_an_issue_with_a_descendant if issue_from.is_descendant_of?(issue_to) || issue_from.is_ancestor_of?(issue_to)
    end
  end
  
@@ -51,6 +56,17 @@ class IssueRelation < ActiveRecord::Base
    (self.issue_from_id == issue.id) ? issue_to : issue_from
  end
  
+  # Returns the relation type for +issue+
+  def relation_type_for(issue)
+    if TYPES[relation_type]
+      if self.issue_from_id == issue.id
+        relation_type
+      else
+        TYPES[relation_type][:sym]
+      end
+    end
+  end
+  
  def label_for(issue)
    TYPES[relation_type] ? TYPES[relation_type][(self.issue_from_id == issue.id) ? :name : :sym_name] : :unknow
  end
@@ -68,9 +84,8 @@ class IssueRelation < ActiveRecord::Base
  
  def set_issue_to_dates
    soonest_start = self.successor_soonest_start
-    if soonest_start && (!issue_to.start_date || issue_to.start_date < soonest_start)
-      issue_to.start_date, issue_to.due_date = successor_soonest_start, successor_soonest_start + issue_to.duration
-      issue_to.save
+    if soonest_start
+      issue_to.reschedule_after(soonest_start)
    end
  end
  
@@ -85,12 +100,13 @@ class IssueRelation < ActiveRecord::Base
  
  private
  
+  # Reverses the relation if needed so that it gets stored in the proper way
  def reverse_if_needed
-    if (TYPE_FOLLOWS == relation_type)
+    if TYPES.has_key?(relation_type) && TYPES[relation_type][:reverse]
      issue_tmp = issue_to
      self.issue_to = issue_from
      self.issue_from = issue_tmp
-      self.relation_type = TYPE_PRECEDES
+      self.relation_type = TYPES[relation_type][:reverse]
    end
  end
 end
--- a/app/models/issue_status.rb
+++ b/app/models/issue_status.rb
@@ -17,8 +17,10 @@

 class IssueStatus < ActiveRecord::Base
  before_destroy :check_integrity  
-  has_many :workflows, :foreign_key => "old_status_id", :dependent => :delete_all
+  has_many :workflows, :foreign_key => "old_status_id"
  acts_as_list
+  
+  before_destroy :delete_workflows

  validates_presence_of :name
  validates_uniqueness_of :name
@@ -89,4 +91,9 @@ private
  def check_integrity
    raise "Can't delete status" if Issue.find(:first, :conditions => ["status_id=?", self.id])
  end
+  
+  # Deletes associated workflows
+  def delete_workflows
+    Workflow.delete_all(["old_status_id = :id OR new_status_id = :id", {:id => id}])
+  end
 end
--- a/app/models/mail_handler.rb
+++ b/app/models/mail_handler.rb
@@ -49,7 +49,7 @@ class MailHandler < ActionMailer::Base
      logger.info  "MailHandler: ignoring email from Redmine emission address [#{sender_email}]" if logger && logger.info
      return false
    end
-    @user = User.find_by_mail(sender_email)
+    @user = User.find_by_mail(sender_email) if sender_email.present?
    if @user && !@user.active?
      logger.info  "MailHandler: ignoring email from non-active user [#{@user.login}]" if logger && logger.info
      return false
@@ -120,19 +120,21 @@ class MailHandler < ActionMailer::Base
    category = (get_keyword(:category) && project.issue_categories.find_by_name(get_keyword(:category)))
    priority = (get_keyword(:priority) && IssuePriority.find_by_name(get_keyword(:priority)))
    status =  (get_keyword(:status) && IssueStatus.find_by_name(get_keyword(:status)))
+    assigned_to = (get_keyword(:assigned_to, :override => true) && find_user_from_keyword(get_keyword(:assigned_to, :override => true)))
+    due_date = get_keyword(:due_date, :override => true)
+    start_date = get_keyword(:start_date, :override => true)

    # check permission
    unless @@handler_options[:no_permission_check]
      raise UnauthorizedAction unless user.allowed_to?(:add_issues, project)
    end
-    
-    issue = Issue.new(:author => user, :project => project, :tracker => tracker, :category => category, :priority => priority)
+
+    issue = Issue.new(:author => user, :project => project, :tracker => tracker, :category => category, :priority => priority, :due_date => due_date, :start_date => start_date, :assigned_to => assigned_to)
    # check workflow
    if status && issue.new_statuses_allowed_to(user).include?(status)
      issue.status = status
    end
-    issue.subject = email.subject.chomp
-    issue.subject = issue.subject.toutf8 if issue.subject.respond_to?(:toutf8)
+    issue.subject = email.subject.chomp[0,255]
    if issue.subject.blank?
      issue.subject = '(no subject)'
    end
@@ -164,6 +166,9 @@ class MailHandler < ActionMailer::Base
  # Adds a note to an existing issue
  def receive_issue_reply(issue_id)
    status =  (get_keyword(:status) && IssueStatus.find_by_name(get_keyword(:status)))
+    due_date = get_keyword(:due_date, :override => true)
+    start_date = get_keyword(:start_date, :override => true)
+    assigned_to = (get_keyword(:assigned_to, :override => true) && find_user_from_keyword(get_keyword(:assigned_to, :override => true)))
    
    issue = Issue.find_by_id(issue_id)
    return unless issue
@@ -180,6 +185,10 @@ class MailHandler < ActionMailer::Base
    if status && issue.new_statuses_allowed_to(user).include?(status)
      issue.status = status
    end
+    issue.start_date = start_date if start_date
+    issue.due_date = due_date if due_date
+    issue.assigned_to = assigned_to if assigned_to
+    
    issue.save!
    logger.info "MailHandler: issue ##{issue.id} updated by #{user}" if logger && logger.info
    journal
@@ -246,7 +255,7 @@ class MailHandler < ActionMailer::Base
      @keywords[attr]
    else
      @keywords[attr] = begin
-        if (options[:override] || @@handler_options[:allow_override].include?(attr.to_s)) && plain_text_body.gsub!(/^#{attr}[ \t]*:[ \t]*(.+)\s*$/i, '')
+        if (options[:override] || @@handler_options[:allow_override].include?(attr.to_s)) && plain_text_body.gsub!(/^#{attr.to_s.humanize}[ \t]*:[ \t]*(.+)\s*$/i, '')
          $1.strip
        elsif !@@handler_options[:issue][attr].blank?
          @@handler_options[:issue][attr]
@@ -314,4 +323,14 @@ class MailHandler < ActionMailer::Base
    end
    body.strip
  end
+
+  def find_user_from_keyword(keyword)
+    user ||= User.find_by_mail(keyword)
+    user ||= User.find_by_login(keyword)
+    if user.nil? && keyword.match(/ /)
+      firstname, lastname = *(keyword.split) # "First Last Throwaway"
+      user ||= User.find_by_firstname_and_lastname(firstname, lastname)
+    end
+    user
+  end
 end
--- a/app/models/mailer.rb
+++ b/app/models/mailer.rb
@@ -80,7 +80,7 @@ class Mailer < ActionMailer::Base
  def reminder(user, issues, days)
    set_language_if_valid user.language
    recipients user.mail
-    subject l(:mail_subject_reminder, issues.size)
+    subject l(:mail_subject_reminder, :count => issues.size, :days => days)
    body :issues => issues,
         :days => days,
         :issues_url => url_for(:controller => 'issues', :action => 'index', :set_filter => 1, :assigned_to_id => user.id, :sort_key => 'due_date', :sort_order => 'asc')
@@ -114,11 +114,11 @@ class Mailer < ActionMailer::Base
    when 'Project'
      added_to_url = url_for(:controller => 'projects', :action => 'list_files', :id => container)
      added_to = "#{l(:label_project)}: #{container}"
-      recipients container.project.notified_users.select {|user| user.allowed_to?(:view_files, container.project)}
+      recipients container.project.notified_users.select {|user| user.allowed_to?(:view_files, container.project)}.collect  {|u| u.mail}
    when 'Version'
      added_to_url = url_for(:controller => 'projects', :action => 'list_files', :id => container.project_id)
      added_to = "#{l(:label_version)}: #{container.name}"
-      recipients container.project.notified_users.select {|user| user.allowed_to?(:view_files, container.project)}
+      recipients container.project.notified_users.select {|user| user.allowed_to?(:view_files, container.project)}.collect  {|u| u.mail}
    when 'Document'
      added_to_url = url_for(:controller => 'documents', :action => 'show', :id => container.id)
      added_to = "#{l(:label_document)}: #{container.title}"
@@ -161,7 +161,7 @@ class Mailer < ActionMailer::Base
    cc((message.root.watcher_recipients + message.board.watcher_recipients).uniq - @recipients)
    subject "[#{message.board.project.name} - #{message.board.name} - msg#{message.root.id}] #{message.subject}"
    body :message => message,
-         :message_url => url_for(:controller => 'messages', :action => 'show', :board_id => message.board_id, :id => message.root)
+         :message_url => url_for(message.event_url)
    render_multipart('message_posted', body)
  end
  
@@ -272,6 +272,7 @@ class Mailer < ActionMailer::Base
  # Overrides default deliver! method to prevent from sending an email
  # with no recipient, cc or bcc
  def deliver!(mail = @mail)
+    set_language_if_valid @initial_language
    return false if (recipients.nil? || recipients.empty?) &&
                    (cc.nil? || cc.empty?) &&
                    (bcc.nil? || bcc.empty?)
@@ -283,7 +284,21 @@ class Mailer < ActionMailer::Base
    if @references_objects
      mail.references = @references_objects.collect {|o| self.class.message_id_for(o)}
    end
-    super(mail)
+    
+    # Log errors when raise_delivery_errors is set to false, Rails does not
+    raise_errors = self.class.raise_delivery_errors
+    self.class.raise_delivery_errors = true
+    begin
+      return super(mail)
+    rescue Exception => e
+      if raise_errors
+        raise e
+      elsif mylogger
+        mylogger.error "The following error occured while sending email notification: \"#{e.message}\". Check your configuration in config/email.yml."
+      end
+    ensure
+      self.class.raise_delivery_errors = raise_errors
+    end
  end

  # Sends reminders to issue assignees
@@ -309,10 +324,20 @@ class Mailer < ActionMailer::Base
      deliver_reminder(assignee, issues, days) unless assignee.nil?
    end
  end
+  
+  # Activates/desactivates email deliveries during +block+
+  def self.with_deliveries(enabled = true, &block)
+    was_enabled = ActionMailer::Base.perform_deliveries
+    ActionMailer::Base.perform_deliveries = !!enabled
+    yield
+  ensure
+    ActionMailer::Base.perform_deliveries = was_enabled
+  end

  private
  def initialize_defaults(method_name)
    super
+    @initial_language = current_language
    set_language_if_valid Setting.default_language
    from Setting.mail_from
    
@@ -338,9 +363,14 @@ class Mailer < ActionMailer::Base
      recipients.delete(@author.mail) if recipients
      cc.delete(@author.mail) if cc
    end
+    
+    notified_users = [recipients, cc].flatten.compact.uniq
+    # Rails would log recipients only, not cc and bcc
+    mylogger.info "Sending email notification to: #{notified_users.join(', ')}" if mylogger
+    
    # Blind carbon copy recipients
    if Setting.bcc_recipients?
-      bcc([recipients, cc].flatten.compact.uniq)
+      bcc(notified_users)
      recipients []
      cc []
    end
@@ -391,6 +421,10 @@ class Mailer < ActionMailer::Base
    @references_objects ||= []
    @references_objects << object
  end
+    
+  def mylogger
+    RAILS_DEFAULT_LOGGER
+  end
 end

 # Patch TMail so that message_id is not overwritten
--- a/app/models/member.rb
+++ b/app/models/member.rb
@@ -57,17 +57,32 @@ class Member < ActiveRecord::Base
    member_roles.detect {|mr| mr.inherited_from}.nil?
  end
  
+  def include?(user)
+    if principal.is_a?(Group)
+      !user.nil? && user.groups.include?(principal)
+    else
+      self.user == user
+    end
+  end
+  
  def before_destroy
    if user
      # remove category based auto assignments for this member
      IssueCategory.update_all "assigned_to_id = NULL", ["project_id = ? AND assigned_to_id = ?", project.id, user.id]
    end
  end
+
+  # Find or initilize a Member with an id, attributes, and for a Principal
+  def self.edit_membership(id, new_attributes, principal=nil)
+    @membership = id.present? ? Member.find(id) : Member.new(:principal => principal)
+    @membership.attributes = new_attributes
+    @membership
+  end
  
  protected
  
  def validate
-    errors.add_to_base "Role can't be blank" if member_roles.empty? && roles.empty?
+    errors.add_on_empty :role if member_roles.empty? && roles.empty?
  end
  
  private
--- a/app/models/member_role.rb
+++ b/app/models/member_role.rb
@@ -30,6 +30,10 @@ class MemberRole < ActiveRecord::Base
    errors.add :role_id, :invalid if role && !role.member?
  end
  
+  def inherited?
+    !inherited_from.nil?
+  end
+  
  private
  
  def remove_member_if_empty
--- a/app/models/message.rb
+++ b/app/models/message.rb
@@ -30,7 +30,7 @@ class Message < ActiveRecord::Base
                :description => :content,
                :type => Proc.new {|o| o.parent_id.nil? ? 'message' : 'reply'},
                :url => Proc.new {|o| {:controller => 'messages', :action => 'show', :board_id => o.board_id}.merge(o.parent_id.nil? ? {:id => o.id} : 
-                                                                                                                                       {:id => o.parent_id, :anchor => "message-#{o.id}"})}
+                                                                                                                                       {:id => o.parent_id, :r => o.id, :anchor => "message-#{o.id}"})}

  acts_as_activity_provider :find_options => {:include => [{:board => :project}, :author]},
                            :author_key => :author_id
@@ -90,13 +90,6 @@ class Message < ActiveRecord::Base
    usr && usr.logged? && (usr.allowed_to?(:delete_messages, project) || (self.author == usr && usr.allowed_to?(:delete_own_messages, project)))
  end
  
-  # Returns the mail adresses of users that should be notified
-  def recipients
-    notified = project.notified_users
-    notified.reject! {|user| !visible?(user)}
-    notified.collect(&:mail)
-  end
-  
  private
  
  def add_author_as_watcher
--- a/app/models/news.rb
+++ b/app/models/news.rb
@@ -33,13 +33,6 @@ class News < ActiveRecord::Base
    !user.nil? && user.allowed_to?(:view_news, project)
  end
  
-  # Returns the mail adresses of users that should be notified
-  def recipients
-    notified = project.notified_users
-    notified.reject! {|user| !visible?(user)}
-    notified.collect(&:mail)
-  end
-  
  # returns latest news for projects visible by user
  def self.latest(user = User.current, count = 5)
    find(:all, :limit => count, :conditions => Project.allowed_to_condition(user, :view_news), :include => [ :author, :project ], :order => "#{News.table_name}.created_on DESC")	
--- a/app/models/principal.rb
+++ b/app/models/principal.rb
@@ -16,7 +16,7 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class Principal < ActiveRecord::Base
-  set_table_name 'users'
+  set_table_name "#{table_name_prefix}users#{table_name_suffix}"

  has_many :members, :foreign_key => 'user_id', :dependent => :destroy
  has_many :memberships, :class_name => 'Member', :foreign_key => 'user_id', :include => [ :project, :roles ], :conditions => "#{Project.table_name}.status=#{Project::STATUS_ACTIVE}", :order => "#{Project.table_name}.name"
@@ -32,6 +32,8 @@ class Principal < ActiveRecord::Base
    }
  }
  
+  before_create :set_default_empty_values
+  
  def <=>(principal)
    if self.class.name == principal.class.name
      self.to_s.downcase <=> principal.to_s.downcase
@@ -40,4 +42,16 @@ class Principal < ActiveRecord::Base
      principal.class.name <=> self.class.name
    end
  end
+  
+  protected
+  
+  # Make sure we don't try to insert NULL values (see #4632)
+  def set_default_empty_values
+    self.login ||= ''
+    self.hashed_password ||= ''
+    self.firstname ||= ''
+    self.lastname ||= ''
+    self.mail ||= ''
+    true
+  end
 end
--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -23,6 +23,7 @@ class Project < ActiveRecord::Base
  # Specific overidden Activities
  has_many :time_entry_activities
  has_many :members, :include => [:user, :roles], :conditions => "#{User.table_name}.type='User' AND #{User.table_name}.status=#{User::STATUS_ACTIVE}"
+  has_many :memberships, :class_name => 'Member'
  has_many :member_principals, :class_name => 'Member', 
                               :include => :principal,
                               :conditions => "#{Principal.table_name}.type='Group' OR (#{Principal.table_name}.type='User' AND #{Principal.table_name}.status=#{User::STATUS_ACTIVE})"
@@ -50,14 +51,14 @@ class Project < ActiveRecord::Base
                          :join_table => "#{table_name_prefix}custom_fields_projects#{table_name_suffix}",
                          :association_foreign_key => 'custom_field_id'
                          
-  acts_as_nested_set :order => 'name', :dependent => :destroy
+  acts_as_nested_set :order => 'name'
  acts_as_attachable :view_permission => :view_files,
                     :delete_permission => :manage_files

  acts_as_customizable
-  acts_as_searchable :columns => ['name', 'description'], :project_key => 'id', :permission => nil
+  acts_as_searchable :columns => ['name', 'identifier', 'description'], :project_key => 'id', :permission => nil
  acts_as_event :title => Proc.new {|o| "#{l(:label_project)}: #{o.name}"},
-                :url => Proc.new {|o| {:controller => 'projects', :action => 'show', :id => o.id}},
+                :url => Proc.new {|o| {:controller => 'projects', :action => 'show', :id => o}},
                :author => nil

  attr_protected :status, :enabled_module_names
@@ -73,7 +74,7 @@ class Project < ActiveRecord::Base
  # reserved words
  validates_exclusion_of :identifier, :in => %w( new )

-  before_destroy :delete_all_members
+  before_destroy :delete_all_members, :destroy_children

  named_scope :has_module, lambda { |mod| { :conditions => ["#{Project.table_name}.id IN (SELECT em.project_id FROM #{EnabledModule.table_name} em WHERE em.name=?)", mod.to_s] } }
  named_scope :active, { :conditions => "#{Project.table_name}.status = #{STATUS_ACTIVE}"}
@@ -248,7 +249,7 @@ class Project < ActiveRecord::Base
    return @allowed_parents if @allowed_parents
    @allowed_parents = Project.find(:all, :conditions => Project.allowed_to_condition(User.current, :add_subprojects))
    @allowed_parents = @allowed_parents - self_and_descendants
-    if User.current.allowed_to?(:add_project, nil, :global => true)
+    if User.current.allowed_to?(:add_project, nil, :global => true) || (!new_record? && parent.nil?)
      @allowed_parents << nil
    end
    unless parent.nil? || @allowed_parents.empty? || @allowed_parents.include?(parent)
@@ -335,6 +336,13 @@ class Project < ActiveRecord::Base
      end
    end
  end
+
+  # Returns a scope of the Versions on subprojects
+  def rolled_up_versions
+    @rolled_up_versions ||=
+      Version.scoped(:include => :project,
+                     :conditions => ["#{Project.table_name}.lft >= ? AND #{Project.table_name}.rgt <= ? AND #{Project.table_name}.status = #{STATUS_ACTIVE}", lft, rgt])
+  end
  
  # Returns a scope of the Versions used by the project
  def shared_versions
@@ -498,17 +506,36 @@ class Project < ActiveRecord::Base
  
  private
  
+  # Destroys children before destroying self
+  def destroy_children
+    children.each do |child|
+      child.destroy
+    end
+  end
+  
  # Copies wiki from +project+
  def copy_wiki(project)
    # Check that the source project has a wiki first
    unless project.wiki.nil?
      self.wiki ||= Wiki.new
      wiki.attributes = project.wiki.attributes.dup.except("id", "project_id")
+      wiki_pages_map = {}
      project.wiki.pages.each do |page|
+        # Skip pages without content
+        next if page.content.nil?
        new_wiki_content = WikiContent.new(page.content.attributes.dup.except("id", "page_id", "updated_on"))
        new_wiki_page = WikiPage.new(page.attributes.dup.except("id", "wiki_id", "created_on", "parent_id"))
        new_wiki_page.content = new_wiki_content
        wiki.pages << new_wiki_page
+        wiki_pages_map[page.id] = new_wiki_page
+      end
+      wiki.save
+      # Reproduce page hierarchy
+      project.wiki.pages.each do |page|
+        if page.parent_id && wiki_pages_map[page.id]
+          wiki_pages_map[page.id].parent = wiki_pages_map[page.parent_id]
+          wiki_pages_map[page.id].save
+        end
      end
    end
  end
@@ -537,9 +564,12 @@ class Project < ActiveRecord::Base
    # value.  Used to map the two togeather for issue relations.
    issues_map = {}
    
-    project.issues.each do |issue|
+    # Get issues sorted by root_id, lft so that parent issues
+    # get copied before their children
+    project.issues.find(:all, :order => 'root_id, lft').each do |issue|
      new_issue = Issue.new
      new_issue.copy_from(issue)
+      new_issue.project = self
      # Reassign fixed_versions by name, since names are unique per
      # project and the versions for self are not yet saved
      if issue.fixed_version
@@ -550,6 +580,13 @@ class Project < ActiveRecord::Base
      if issue.category
        new_issue.category = self.issue_categories.select {|c| c.name == issue.category.name}.first
      end
+      # Parent issue
+      if issue.parent_id
+        if copied_parent = issues_map[issue.parent_id]
+          new_issue.parent_issue_id = copied_parent.id
+        end
+      end
+      
      self.issues << new_issue
      issues_map[issue.id] = new_issue
    end
@@ -583,10 +620,14 @@ class Project < ActiveRecord::Base

  # Copies members from +project+
  def copy_members(project)
-    project.members.each do |member|
+    project.memberships.each do |member|
      new_member = Member.new
      new_member.attributes = member.attributes.dup.except("id", "project_id", "created_on")
-      new_member.role_ids = member.role_ids.dup
+      # only copy non inherited roles
+      # inherited roles will be added when copying the group membership
+      role_ids = member.member_roles.reject(&:inherited?).collect(&:role_id)
+      next if role_ids.empty?
+      new_member.role_ids = role_ids
      new_member.project = self
      self.members << new_member
    end
@@ -615,7 +656,7 @@ class Project < ActiveRecord::Base
  
  def allowed_permissions
    @allowed_permissions ||= begin
-      module_names = enabled_modules.collect {|m| m.name}
+      module_names = enabled_modules.all(:select => :name).collect {|m| m.name}
      Redmine::AccessControl.modules_permissions(module_names).collect {|p| p.name}
    end
  end
--- a/app/models/query.rb
+++ b/app/models/query.rb
@@ -27,10 +27,11 @@ class QueryColumn
      self.groupable = name.to_s
    end
    self.default_order = options[:default_order]
+    @caption_key = options[:caption] || "field_#{name}"
  end
  
  def caption
-    l("field_#{name}")
+    l(@caption_key)
  end
  
  # Returns true if the column is sortable, otherwise false
@@ -120,6 +121,7 @@ class Query < ActiveRecord::Base
  @@available_columns = [
    QueryColumn.new(:project, :sortable => "#{Project.table_name}.name", :groupable => true),
    QueryColumn.new(:tracker, :sortable => "#{Tracker.table_name}.position", :groupable => true),
+    QueryColumn.new(:parent, :sortable => ["#{Issue.table_name}.root_id", "#{Issue.table_name}.lft ASC"], :default_order => 'desc', :caption => :field_parent_issue),
    QueryColumn.new(:status, :sortable => "#{IssueStatus.table_name}.position", :groupable => true),
    QueryColumn.new(:priority, :sortable => "#{IssuePriority.table_name}.position", :default_order => 'desc', :groupable => true),
    QueryColumn.new(:subject, :sortable => "#{Issue.table_name}.subject"),
@@ -185,9 +187,11 @@ class Query < ActiveRecord::Base
    if project
      user_values += project.users.sort.collect{|s| [s.name, s.id.to_s] }
    else
-      # members of the user's projects
-      # OPTIMIZE: Is selecting from users per project (N+1)
-      user_values += User.current.projects.collect(&:users).flatten.uniq.sort.collect{|s| [s.name, s.id.to_s] }
+      project_ids = Project.all(:conditions => Project.visible_by(User.current)).collect(&:id)
+      if project_ids.any?
+        # members of the user's projects
+        user_values += User.active.find(:all, :conditions => ["#{User.table_name}.id IN (SELECT DISTINCT user_id FROM members WHERE project_id IN (?))", project_ids]).sort.collect{|s| [s.name, s.id.to_s] }
+      end
    end
    @available_filters["assigned_to_id"] = { :type => :list_optional, :order => 4, :values => user_values } unless user_values.empty?
    @available_filters["author_id"] = { :type => :list, :order => 5, :values => user_values } unless user_values.empty?
@@ -210,7 +214,17 @@ class Query < ActiveRecord::Base
      add_custom_fields_filters(@project.all_issue_custom_fields)
    else
      # global filters for cross project issue list
+      system_shared_versions = Version.visible.find_all_by_sharing('system')
+      unless system_shared_versions.empty?
+        @available_filters["fixed_version_id"] = { :type => :list_optional, :order => 7, :values => system_shared_versions.sort.collect{|s| ["#{s.project.name} - #{s.name}", s.id.to_s] } }
+      end
      add_custom_fields_filters(IssueCustomField.find(:all, :conditions => {:is_filter => true, :is_for_all => true}))
+      # project filter
+      project_values = Project.all(:conditions => Project.visible_by(User.current), :order => 'lft').map do |p|
+        pre = (p.level > 0 ? ('--' * p.level + ' ') : '')
+        ["#{pre}#{p.name}",p.id.to_s]
+      end
+      @available_filters["project_id"] = { :type => :list, :order => 1, :values => project_values}
    end
    @available_filters
  end
@@ -232,9 +246,16 @@ class Query < ActiveRecord::Base
  
  def add_short_filter(field, expression)
    return unless expression
-    parms = expression.scan(/^(o|c|\!|\*)?(.*)$/).first
+    parms = expression.scan(/^(o|c|!\*|!|\*)?(.*)$/).first
    add_filter field, (parms[0] || "="), [parms[1] || ""]
  end
+
+  # Add multiple filters using +add_filter+
+  def add_filters(fields, operators, values)
+    fields.each do |field|
+      add_filter(field, operators[field], values[field])
+    end
+  end
  
  def has_filter?(field)
    filters and filters[field]
@@ -261,11 +282,27 @@ class Query < ActiveRecord::Base
                            IssueCustomField.find(:all)
                           ).collect {|cf| QueryCustomFieldColumn.new(cf) }      
  end
+
+  def self.available_columns=(v)
+    self.available_columns = (v)
+  end
+  
+  def self.add_available_column(column)
+    self.available_columns << (column) if column.is_a?(QueryColumn)
+  end
  
  # Returns an array of columns that can be used to group the results
  def groupable_columns
    available_columns.select {|c| c.groupable}
  end
+
+  # Returns a Hash of columns and the key for sorting
+  def sortable_columns
+    {'id' => "#{Issue.table_name}.id"}.merge(available_columns.inject({}) {|h, column|
+                                               h[column.name.to_s] = column.sortable
+                                               h
+                                             })
+  end
  
  def columns
    if has_default_columns?
--- a/app/models/repository.rb
+++ b/app/models/repository.rb
@@ -136,6 +136,7 @@ class Repository < ActiveRecord::Base
        end
      end
      @committers = nil
+      @found_committer_users = nil
      true
    else
      false
@@ -146,24 +147,34 @@ class Repository < ActiveRecord::Base
  # It will return nil if the committer is not yet mapped and if no User
  # with the same username or email was found
  def find_committer_user(committer)
-    if committer
+    unless committer.blank?
+      @found_committer_users ||= {}
+      return @found_committer_users[committer] if @found_committer_users.has_key?(committer)
+      
+      user = nil
      c = changesets.find(:first, :conditions => {:committer => committer}, :include => :user)
      if c && c.user
-        c.user
+        user = c.user
      elsif committer.strip =~ /^([^<]+)(<(.*)>)?$/
        username, email = $1.strip, $3
        u = User.find_by_login(username)
        u ||= User.find_by_mail(email) unless email.blank?
-        u
+        user = u
      end
+      @found_committer_users[committer] = user
+      user
    end
  end
  
-  # fetch new changesets for all repositories
-  # can be called periodically by an external script
+  # Fetches new changesets for all repositories of active projects
+  # Can be called periodically by an external script
  # eg. ruby script/runner "Repository.fetch_changesets"
  def self.fetch_changesets
-    find(:all).each(&:fetch_changesets)
+    Project.active.has_module(:repository).find(:all, :include => :repository).each do |project|
+      if project.repository
+        project.repository.fetch_changesets
+      end
+    end
  end
  
  # scan changeset comments to find related and fixed issues for all repositories
--- a/app/models/repository/darcs.rb
+++ b/app/models/repository/darcs.rb
@@ -85,11 +85,7 @@ class Repository::Darcs < Repository
                                         :comments => revision.message)
                                         
            revision.paths.each do |change|
-              Change.create(:changeset => changeset,
-                            :action => change[:action],
-                            :path => change[:path],
-                            :from_path => change[:from_path],
-                            :from_revision => change[:from_revision])
+              changeset.create_change(change)
            end
            next_rev += 1
          end if revisions
--- a/app/models/repository/git.rb
+++ b/app/models/repository/git.rb
@@ -40,23 +40,26 @@ class Repository::Git < Repository
  # With SCM's that have a sequential commit numbering, redmine is able to be
  # clever and only fetch changesets going forward from the most recent one
  # it knows about.  However, with git, you never know if people have merged
-  # commits into the middle of the repository history, so we always have to
-  # parse the entire log.
+  # commits into the middle of the repository history, so we should parse
+  # the entire log. Since it's way too slow for large repositories, we only
+  # parse 1 week before the last known commit.
+  # The repository can still be fully reloaded by calling #clear_changesets
+  # before fetching changesets (eg. for offline resync)
  def fetch_changesets
-    # Save ourselves an expensive operation if we're already up to date
-    return if scm.num_revisions == changesets.count
+    c = changesets.find(:first, :order => 'committed_on DESC')
+    since = (c ? c.committed_on - 7.days : nil)

-    revisions = scm.revisions('', nil, nil, :all => true)
+    revisions = scm.revisions('', nil, nil, :all => true, :since => since)
    return if revisions.nil? || revisions.empty?

-    # Find revisions that redmine knows about already
-    existing_revisions = changesets.find(:all).map!{|c| c.scmid}
+    recent_changesets = changesets.find(:all, :conditions => ['committed_on >= ?', since])

    # Clean out revisions that are no longer in git
-    Changeset.delete_all(["scmid NOT IN (?) AND repository_id = (?)", revisions.map{|r| r.scmid}, self.id])
+    recent_changesets.each {|c| c.destroy unless revisions.detect {|r| r.scmid.to_s == c.scmid.to_s }}

    # Subtract revisions that redmine already knows about
-    revisions.reject!{|r| existing_revisions.include?(r.scmid)}
+    recent_revisions = recent_changesets.map{|c| c.scmid}
+    revisions.reject!{|r| recent_revisions.include?(r.scmid)}

    # Save the remaining ones to the database
    revisions.each{|r| r.save(self)} unless revisions.nil?
--- a/app/models/repository/mercurial.rb
+++ b/app/models/repository/mercurial.rb
@@ -78,11 +78,7 @@ class Repository::Mercurial < Repository
                                           :comments => revision.message)
              
              revision.paths.each do |change|
-                Change.create(:changeset => changeset,
-                              :action => change[:action],
-                              :path => change[:path],
-                              :from_path => change[:from_path],
-                              :from_revision => change[:from_revision])
+                changeset.create_change(change)
              end
            end
          end unless revisions.nil?
--- a/app/models/repository/subversion.rb
+++ b/app/models/repository/subversion.rb
@@ -63,11 +63,7 @@ class Repository::Subversion < Repository
                                           :comments => revision.message)
              
              revision.paths.each do |change|
-                Change.create(:changeset => changeset,
-                              :action => change[:action],
-                              :path => change[:path],
-                              :from_path => change[:from_path],
-                              :from_revision => change[:from_revision])
+                changeset.create_change(change)
              end unless changeset.new_record?
            end
          end unless revisions.nil?
--- a/app/models/role.rb
+++ b/app/models/role.rb
@@ -120,14 +120,30 @@ class Role < ActiveRecord::Base
    find(:all, :conditions => {:builtin => 0}, :order => 'position')
  end

-  # Return the builtin 'non member' role
+  # Return the builtin 'non member' role.  If the role doesn't exist,
+  # it will be created on the fly.
  def self.non_member
-    find(:first, :conditions => {:builtin => BUILTIN_NON_MEMBER}) || raise('Missing non-member builtin role.')
+    non_member_role = find(:first, :conditions => {:builtin => BUILTIN_NON_MEMBER})
+    if non_member_role.nil?
+      non_member_role = create(:name => 'Non member', :position => 0) do |role|
+        role.builtin = BUILTIN_NON_MEMBER
+      end
+      raise 'Unable to create the non-member role.' if non_member_role.new_record?
+    end
+    non_member_role
  end

-  # Return the builtin 'anonymous' role 
+  # Return the builtin 'anonymous' role.  If the role doesn't exist,
+  # it will be created on the fly.
  def self.anonymous
-    find(:first, :conditions => {:builtin => BUILTIN_ANONYMOUS}) || raise('Missing anonymous builtin role.')
+    anonymous_role = find(:first, :conditions => {:builtin => BUILTIN_ANONYMOUS})
+    if anonymous_role.nil?
+      anonymous_role = create(:name => 'Anonymous', :position => 0) do |role|
+        role.builtin = BUILTIN_ANONYMOUS
+      end
+      raise 'Unable to create the anonymous role.' if anonymous_role.new_record?
+    end
+    anonymous_role
  end

  
--- a/app/models/setting.rb
+++ b/app/models/setting.rb
@@ -97,7 +97,7 @@ class Setting < ActiveRecord::Base
  end
  
  def value=(v)
-    v = v.to_yaml if v && @@available_settings[name]['serialized']
+    v = v.to_yaml if v && @@available_settings[name] && @@available_settings[name]['serialized']
    write_attribute(:value, v.to_s)
  end
  
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -53,7 +53,7 @@ class User < Principal
  attr_protected :login, :admin, :password, :password_confirmation, :hashed_password, :group_ids
 	
  validates_presence_of :login, :firstname, :lastname, :mail, :if => Proc.new { |user| !user.is_a?(AnonymousUser) }
-  validates_uniqueness_of :login, :if => Proc.new { |user| !user.login.blank? }
+  validates_uniqueness_of :login, :if => Proc.new { |user| !user.login.blank? }, :case_sensitive => false
  validates_uniqueness_of :mail, :if => Proc.new { |user| !user.mail.blank? }, :case_sensitive => false
  # Login must contain lettres, numbers, underscores only
  validates_format_of :login, :with => /^[a-z0-9_\-@\.]*$/i
@@ -71,7 +71,7 @@ class User < Principal
  
  def before_save
    # update hashed_password if password was set
-    self.hashed_password = User.hash_password(self.password) if self.password
+    self.hashed_password = User.hash_password(self.password) if self.password && self.auth_source_id.blank?
  end
  
  def reload(*args)
@@ -79,6 +79,10 @@ class User < Principal
    super
  end
  
+  def mail=(arg)
+    write_attribute(:mail, arg.to_s.strip)
+  end
+  
  def identity_url=(url)
    if url.blank?
      write_attribute(:identity_url, '')
@@ -96,7 +100,7 @@ class User < Principal
  def self.try_to_login(login, password)
    # Make sure no one can sign in with an empty password
    return nil if password.to_s.empty?
-    user = find(:first, :conditions => ["login=?", login])
+    user = find_by_login(login)
    if user
      # user is already in local database
      return nil if !user.active?
@@ -111,12 +115,12 @@ class User < Principal
      # user is not yet registered, try to authenticate with available sources
      attrs = AuthSource.authenticate(login, password)
      if attrs
-        user = new(*attrs)
+        user = new(attrs)
        user.login = login
        user.language = Setting.default_language
        if user.save
          user.reload
-          logger.info("User '#{user.login}' created from the LDAP") if logger
+          logger.info("User '#{user.login}' created from external auth source: #{user.auth_source.type} - #{user.auth_source.name}") if logger && user.auth_source
        end
      end
    end    
@@ -160,8 +164,42 @@ class User < Principal
    self.status == STATUS_LOCKED
  end

+  def activate
+    self.status = STATUS_ACTIVE
+  end
+
+  def register
+    self.status = STATUS_REGISTERED
+  end
+
+  def lock
+    self.status = STATUS_LOCKED
+  end
+
+  def activate!
+    update_attribute(:status, STATUS_ACTIVE)
+  end
+
+  def register!
+    update_attribute(:status, STATUS_REGISTERED)
+  end
+
+  def lock!
+    update_attribute(:status, STATUS_LOCKED)
+  end
+
  def check_password?(clear_password)
-    User.hash_password(clear_password) == self.hashed_password
+    if auth_source_id.present?
+      auth_source.authenticate(self.login, clear_password)
+    else
+      User.hash_password(clear_password) == self.hashed_password
+    end
+  end
+
+  # Does the backend storage allow this user to change their password?
+  def change_password_allowed?
+    return true if auth_source_id.blank?
+    return auth_source.allow_password_changes?
  end

  # Generate and set a random password.  Useful for automated user creation
@@ -196,7 +234,7 @@ class User < Principal

  # Return user's API key (a 40 chars long string), used to access the API
  def api_key
-    token = self.api_token || Token.create(:user => self, :action => 'api')
+    token = self.api_token || self.create_api_token(:action => 'api')
    token.value
  end
  
@@ -211,7 +249,19 @@ class User < Principal
    @notified_projects_ids = nil
    notified_projects_ids
  end
-  
+
+  # Find a user account by matching the exact login and then a case-insensitive
+  # version.  Exact matches will be given priority.
+  def self.find_by_login(login)
+    # force string comparison to be case sensitive on MySQL
+    type_cast = (ActiveRecord::Base.connection.adapter_name == 'MySQL') ? 'BINARY' : ''
+    
+    # First look for an exact match
+    user = first(:conditions => ["#{type_cast} login = ?", login])
+    # Fail over to case-insensitive if none was found
+    user ||= first(:conditions => ["#{type_cast} LOWER(login) = ?", login.to_s.downcase])
+  end
+
  def self.find_by_rss_key(key)
    token = Token.find_by_value(key)
    token && token.user.active? ? token.user : nil
--- a/app/models/version.rb
+++ b/app/models/version.rb
@@ -1,5 +1,5 @@
-# redMine - project management software
-# Copyright (C) 2006  Jean-Philippe Lang
+# Redmine - project management software
+# Copyright (C) 2006-2010  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -16,10 +16,9 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class Version < ActiveRecord::Base
-  before_destroy :check_integrity
  after_update :update_issues_from_sharing_change
  belongs_to :project
-  has_many :fixed_issues, :class_name => 'Issue', :foreign_key => 'fixed_version_id'
+  has_many :fixed_issues, :class_name => 'Issue', :foreign_key => 'fixed_version_id', :dependent => :nullify
  acts_as_customizable
  acts_as_attachable :view_permission => :view_files,
                     :delete_permission => :manage_files
@@ -52,8 +51,9 @@ class Version < ActiveRecord::Base
  end
  
  # Returns the total estimated time for this version
+  # (sum of leaves estimated_hours)
  def estimated_hours
-    @estimated_hours ||= fixed_issues.sum(:estimated_hours).to_f
+    @estimated_hours ||= fixed_issues.leaves.sum(:estimated_hours).to_f
  end
  
  # Returns the total reported time for this version
@@ -124,13 +124,25 @@ class Version < ActiveRecord::Base
  
  def to_s; name end
  
-  # Versions are sorted by effective_date and name
-  # Those with no effective_date are at the end, sorted by name
+  # Versions are sorted by effective_date and "Project Name - Version name"
+  # Those with no effective_date are at the end, sorted by "Project Name - Version name"
  def <=>(version)
    if self.effective_date
-      version.effective_date ? (self.effective_date == version.effective_date ? self.name <=> version.name : self.effective_date <=> version.effective_date) : -1
+      if version.effective_date
+        if self.effective_date == version.effective_date
+          "#{self.project.name} - #{self.name}" <=> "#{version.project.name} - #{version.name}"
+        else
+          self.effective_date <=> version.effective_date
+        end
+      else
+        -1
+      end
    else
-      version.effective_date ? 1 : (self.name <=> version.name)
+      if version.effective_date
+        1
+      else
+        "#{self.project.name} - #{self.name}" <=> "#{version.project.name} - #{version.name}"
+      end
    end
  end
  
@@ -155,10 +167,7 @@ class Version < ActiveRecord::Base
    end
  end
  
-private
-  def check_integrity
-    raise "Can't delete version" if self.fixed_issues.find(:first)
-  end
+  private

  # Update the issue's fixed versions. Used if a version's sharing changes.
  def update_issues_from_sharing_change
--- a/app/models/wiki.rb
+++ b/app/models/wiki.rb
@@ -29,6 +29,12 @@ class Wiki < ActiveRecord::Base
    !user.nil? && user.allowed_to?(:view_wiki_pages, project)
  end
  
+  # Returns the wiki page that acts as the sidebar content
+  # or nil if no such page exists
+  def sidebar
+    @sidebar ||= find_page('Sidebar', :with_redirect => false)
+  end
+  
  # find the page with the given title
  # if page doesn't exist, return a new page
  def find_or_new_page(title)
--- a/app/models/wiki_content.rb
+++ b/app/models/wiki_content.rb
@@ -34,6 +34,10 @@ class WikiContent < ActiveRecord::Base
    page.project
  end
  
+  def attachments
+    page.nil? ? [] : page.attachments
+  end
+  
  # Returns the mail adresses of users that should be notified
  def recipients
    notified = project.notified_users
--- a/app/models/wiki_page.rb
+++ b/app/models/wiki_page.rb
@@ -41,6 +41,15 @@ class WikiPage < ActiveRecord::Base
  validates_uniqueness_of :title, :scope => :wiki_id, :case_sensitive => false
  validates_associated :content
  
+  # Wiki pages that are protected by default
+  DEFAULT_PROTECTED_PAGES = %w(sidebar)
+  
+  def after_initialize
+    if new_record? && DEFAULT_PROTECTED_PAGES.include?(title.to_s.downcase)
+      self.protected = true
+    end
+  end
+  
  def visible?(user=User.current)
    !user.nil? && user.allowed_to?(:view_wiki_pages, project)
  end
--- a/app/models/workflow.rb
+++ b/app/models/workflow.rb
@@ -32,7 +32,7 @@ class Workflow < ActiveRecord::Base
    trackers.each do |tracker|
      t = []
      roles.each do |role|
-        row = counts.detect {|c| c['role_id'] == role.id.to_s && c['tracker_id'] == tracker.id.to_s}
+        row = counts.detect {|c| c['role_id'].to_s == role.id.to_s && c['tracker_id'].to_s == tracker.id.to_s}
        t << [role, (row.nil? ? 0 : row['c'].to_i)]
      end
      result << [tracker, t]
--- a/app/views/account/login.rhtml
+++ b/app/views/account/login.rhtml
@@ -1,3 +1,4 @@
+<%= call_hook :view_account_login_top %>
 <div id="login-form">
 <% form_tag({:action=> "login"}) do %>
 <%= back_url_hidden_field_tag %>
@@ -38,3 +39,4 @@
 <%= javascript_tag "Form.Element.focus('username');" %>
 <% end %>
 </div>
+<%= call_hook :view_account_login_bottom %>
--- a/app/views/account/password_recovery.rhtml
+++ b/app/views/account/password_recovery.rhtml
@@ -6,7 +6,7 @@
 <div class="box tabular">
 <p><label for="new_password"><%=l(:field_new_password)%> <span class="required">*</span></label>
 <%= password_field_tag 'new_password', nil, :size => 25 %><br />
-<em><%= l(:text_caracters_minimum, 4) %></em></p>
+<em><%= l(:text_caracters_minimum, :count => Setting.password_min_length) %></em></p>

 <p><label for="new_password_confirmation"><%=l(:field_password_confirmation)%> <span class="required">*</span></label>
 <%= password_field_tag 'new_password_confirmation', nil, :size => 25 %></p>
--- a/app/views/admin/_menu.rhtml
+++ b/app/views/admin/_menu.rhtml
@@ -1,19 +1,5 @@
 <div id="admin-menu">
-	<ul>
-		<li><%= link_to l(:label_project_plural), {:controller => 'admin', :action => 'projects'}, :class => 'projects' %></li>
-		<li><%= link_to l(:label_user_plural), {:controller => 'users'}, :class => 'users' %></li>
-		<li><%= link_to l(:label_group_plural), {:controller => 'groups'}, :class => 'groups' %></li>
-		<li><%= link_to l(:label_role_and_permissions), {:controller => 'roles'}, :class => 'roles' %></li>
-		<li><%= link_to l(:label_tracker_plural), {:controller => 'trackers'}, :class => 'trackers' %></li>
-		<li><%= link_to l(:label_issue_status_plural), {:controller => 'issue_statuses'}, :class => 'issue_statuses' %></li>
-		<li><%= link_to l(:label_workflow), {:controller => 'workflows', :action => 'edit'}, :class => 'workflows' %></li>
-		<li><%= link_to l(:label_custom_field_plural), {:controller => 'custom_fields'}, :class => 'custom_fields' %></li>
-		<li><%= link_to l(:label_enumerations), {:controller => 'enumerations'}, :class => 'enumerations' %></li>
-		<li><%= link_to l(:label_settings), {:controller => 'settings'}, :class => 'settings' %></li>
-		<% menu_items_for(:admin_menu) do |item| -%>
-			<li><%= link_to h(item.caption), item.url, item.html_options %></li>
-		<% end -%>
-		<li><%= link_to l(:label_plugins), {:controller => 'admin', :action => 'plugins'}, :class => 'plugins' %></li>
-		<li><%= link_to l(:label_information_plural), {:controller => 'admin', :action => 'info'}, :class => 'info' %></li>
-	</ul>
+  <ul>
+    <%= render_menu :admin_menu %>
+  </ul>
 </div>
--- a/app/views/admin/projects.rhtml
+++ b/app/views/admin/projects.rhtml
@@ -15,6 +15,7 @@
 <% end %>
 &nbsp;

+<div class="autoscroll">
 <table class="list">
  <thead><tr>
 	<th><%=l(:label_project)%></th>
@@ -24,11 +25,11 @@
  <th></th>
  </tr></thead>
  <tbody>
-<% for project in @projects %>
-  <tr class="<%= cycle("odd", "even") %> <%= css_project_classes(project) %>">
-	<td class="name" style="padding-left: <%= project.level %>em;"><%= project.active? ? link_to(h(project.name), :controller => 'projects', :action => 'settings', :id => project) : h(project.name) %></td>
+<% project_tree(@projects) do |project, level| %>
+  <tr class="<%= cycle("odd", "even") %> <%= css_project_classes(project) %> <%= level > 0 ? "idnt idnt-#{level}" : nil %>">
+	<td class="name"><%= link_to_project(project, :action => 'settings') %></td>
 	<td><%= textilizable project.short_description, :project => project %></td>
-	<td align="center"><%= image_tag 'true.png' if project.is_public? %></td>
+	<td align="center"><%= checked_image project.is_public? %></td>
 	<td align="center"><%= format_date(project.created_on) %></td>
  <td class="buttons">
    <%= link_to(l(:button_archive), { :controller => 'projects', :action => 'archive', :id => project, :status => params[:status] }, :confirm => l(:text_are_you_sure), :method => :post, :class => 'icon icon-lock') if project.active? %>
@@ -40,5 +41,6 @@
 <% end %>
  </tbody>
 </table>
+</div>

 <% html_title(l(:label_project_plural)) -%>
--- a/app/views/attachments/_form.rhtml
+++ b/app/views/attachments/_form.rhtml
@@ -1,7 +1,6 @@
 <span id="attachments_fields">
-<%= file_field_tag 'attachments[1][file]', :size => 30, :id => nil  -%>
-<%= text_field_tag 'attachments[1][description]', '', :size => 60, :id => nil %>
-<em><%= l(:label_optional_description) %></em>
+<%= file_field_tag 'attachments[1][file]', :size => 30, :id => nil  -%><label class="inline"><span id="attachment_description_label_content"><%= l(:label_optional_description) %></span><%= text_field_tag 'attachments[1][description]', '', :size => 60, :id => nil %>
+</label>
 </span>
 <br />
 <small><%= link_to l(:label_add_another_file), '#', :onclick => 'addFileField(); return false;' %>
--- a/app/views/auth_sources/_form.html.erb
+++ b/app/views/auth_sources/_form.html.erb
@@ -0,0 +1,13 @@
+<%= error_messages_for 'auth_source' %>
+
+<div class="box">
+<!--[form:auth_source]-->
+<p><label for="auth_source_name"><%=l(:field_name)%> <span class="required">*</span></label>
+<%= text_field 'auth_source', 'name'  %></p>
+
+<p><label for="auth_source_onthefly_register"><%=l(:field_onthefly)%></label>
+<%= check_box 'auth_source', 'onthefly_register' %></p>
+</div>
+
+<!--[eoform:auth_source]-->
+
--- a/app/views/auth_sources/index.html.erb
+++ b/app/views/auth_sources/index.html.erb
@@ -22,6 +22,7 @@
    <td class="buttons">
    	<%= link_to l(:button_test), :action => 'test_connection', :id => source %>
    	<%= link_to l(:button_delete), { :action => 'destroy', :id => source },
+    																										:method => :post,
                                                        :confirm => l(:text_are_you_sure),
                                                        :class => 'icon icon-del',
                                                        :disabled => source.users.any? %>
--- a/app/views/auto_completes/issues.html.erb
+++ b/app/views/auto_completes/issues.html.erb
@@ -0,0 +1,9 @@
+<ul>
+<% if @issues.any? -%>
+  <% @issues.each do |issue| -%>
+    <%= content_tag 'li', h("#{issue.tracker} ##{issue.id}: #{issue.subject}"), :id => issue.id %>
+  <% end -%>
+<% else -%>
+  <%= content_tag("li", l(:label_none), :style => 'display:none') %>
+<% end -%>
+</ul>
--- a/app/views/boards/show.rhtml
+++ b/app/views/boards/show.rhtml
@@ -42,7 +42,7 @@
  <tbody>
  <% @topics.each do |topic| %>
    <tr class="message <%= cycle 'odd', 'even' %> <%= topic.sticky? ? 'sticky' : '' %> <%= topic.locked? ? 'locked' : '' %>">
-      <td class="subject"><%= link_to h(topic.subject), { :controller => 'messages', :action => 'show', :board_id => @board, :id => topic }, :class => 'icon' %></td>
+      <td class="subject"><%= link_to h(topic.subject), { :controller => 'messages', :action => 'show', :board_id => @board, :id => topic } %></td>
      <td class="author" align="center"><%= topic.author %></td>
      <td class="created_on" align="center"><%= format_time(topic.created_on) %></td>
      <td class="replies" align="center"><%= topic.replies_count %></td>
--- a/app/views/calendars/show.html.erb
+++ b/app/views/calendars/show.html.erb
@@ -11,16 +11,18 @@
 <p style="float:right;">
 <%= link_to_remote ('&#171; ' + (@month==1 ? "#{month_name(12)} #{@year-1}" : "#{month_name(@month-1)}")), 
                        {:update => "content", :url => { :year => (@month==1 ? @year-1 : @year), :month =>(@month==1 ? 12 : @month-1) }},
-                        {:href => url_for(:action => 'calendar', :year => (@month==1 ? @year-1 : @year), :month =>(@month==1 ? 12 : @month-1))}
+                        {:href => url_for(:action => 'show', :year => (@month==1 ? @year-1 : @year), :month =>(@month==1 ? 12 : @month-1))}
                        %> |
 <%= link_to_remote ((@month==12 ? "#{month_name(1)} #{@year+1}" : "#{month_name(@month+1)}") + ' &#187;'), 
                        {:update => "content", :url => { :year => (@month==12 ? @year+1 : @year), :month =>(@month==12 ? 1 : @month+1) }},
-                        {:href => url_for(:action => 'calendar', :year => (@month==12 ? @year+1 : @year), :month =>(@month==12 ? 1 : @month+1))}
+                        {:href => url_for(:action => 'show', :year => (@month==12 ? @year+1 : @year), :month =>(@month==12 ? 1 : @month+1))}
                        %>
 </p>

 <p class="buttons">
+<%= label_tag('month', l(:label_month)) %>
 <%= select_month(@month, :prefix => "month", :discard_type => true) %>
+<%= label_tag('year', l(:label_year)) %>
 <%= select_year(@year, :prefix => "year", :discard_type => true) %>

 <%= link_to_remote l(:button_apply), 
@@ -40,9 +42,11 @@
 <% if @query.valid? %>
 <%= render :partial => 'common/calendar', :locals => {:calendar => @calendar} %>

-<%= image_tag 'arrow_from.png' %>&nbsp;&nbsp;<%= l(:text_tip_task_begin_day) %><br />
-<%= image_tag 'arrow_to.png' %>&nbsp;&nbsp;<%= l(:text_tip_task_end_day) %><br />
-<%= image_tag 'arrow_bw.png' %>&nbsp;&nbsp;<%= l(:text_tip_task_begin_end_day) %><br />
+<p class="legend cal">
+	<span class="starting"><%= l(:text_tip_task_begin_day) %></span>
+	<span class="ending"><%= l(:text_tip_task_end_day) %></span>
+	<span class="starting ending"><%= l(:text_tip_task_begin_end_day) %></span>
+</p>
 <% end %>

 <% content_for :sidebar do %>
--- a/app/views/common/_calendar.rhtml
+++ b/app/views/common/_calendar.rhtml
@@ -1,24 +1,17 @@
 <table class="cal">
 <thead>
-<tr><td></td><% 7.times do |i| %><th><%= day_name( (calendar.first_wday+i)%7 ) %></th><% end %></tr>
+<tr><th scope="col" title="<%= l(:label_week) %>" class="week-number"></th><% 7.times do |i| %><th scope="col"><%= day_name( (calendar.first_wday+i)%7 ) %></th><% end %></tr>
 </thead>
 <tbody>
 <tr>
 <% day = calendar.startdt
 while day <= calendar.enddt %>
-<%= "<th>#{day.cweek}</th>" if day.cwday == calendar.first_wday %>
+<%= "<td class='week-number' title='#{ l(:label_week) }'>#{(day+(11-day.cwday)%7).cweek}</td>" if day.cwday == calendar.first_wday %>
 <td class="<%= day.month==calendar.month ? 'even' : 'odd' %><%= ' today' if Date.today == day %>">
 <p class="day-num"><%= day.day %></p>	
 <% calendar.events_on(day).each do |i| %>
  <% if i.is_a? Issue %>
-  <div class="<%= i.css_classes %> tooltip">
-  <%= if day == i.start_date && day == i.due_date
-        image_tag('arrow_bw.png')
-      elsif day == i.start_date
-        image_tag('arrow_from.png') 
-      elsif day == i.due_date
-		image_tag('arrow_to.png') 
-      end %>
+  <div class="<%= i.css_classes %> <%= 'starting' if day == i.start_date %> <%= 'ending' if day == i.due_date %> tooltip">
  <%= h("#{i.project} -") unless @project && @project == i.project %>
  <%= link_to_issue i, :truncate => 30 %>
  <span class="tip"><%= render_issue_tooltip i %></span>
--- a/app/views/common/_diff.rhtml
+++ b/app/views/common/_diff.rhtml
@@ -2,7 +2,7 @@
 <% diff.each do |table_file| -%>
 <div class="autoscroll">
 <% if diff_type == 'sbs' -%>
-<table class="filecontent CodeRay">
+<table class="filecontent">
 <thead>
 <tr><th colspan="4" class="filename"><%= table_file.file_name %></th></tr>
 </thead>
@@ -29,7 +29,7 @@
 </table>

 <% else -%>
-<table class="filecontent CodeRay">
+<table class="filecontent syntaxhl">
 <thead>
 <tr><th colspan="3" class="filename"><%= table_file.file_name %></th></tr>
 </thead>
--- a/app/views/common/_file.rhtml
+++ b/app/views/common/_file.rhtml
@@ -1,5 +1,5 @@
 <div class="autoscroll">
-<table class="filecontent CodeRay">
+<table class="filecontent syntaxhl">
 <tbody>
 <% line_num = 1 %>
 <% syntax_highlight(filename, to_utf8(content)).each_line do |line| %>
--- a/app/views/context_menus/issues.html.erb
+++ b/app/views/context_menus/issues.html.erb
@@ -8,7 +8,7 @@
 		<a href="#" class="submenu" onclick="return false;"><%= l(:field_status) %></a>
 		<ul>
 		<% @statuses.each do |s| -%>
-		    <li><%= context_menu_link s.name, {:controller => 'issues', :action => 'edit', :id => @issue, :issue => {:status_id => s}, :back_to => @back}, :method => :post,
+		    <li><%= context_menu_link s.name, {:controller => 'issues', :action => 'update', :id => @issue, :issue => {:status_id => s}, :back_url => @back}, :method => :put,
 		                              :selected => (s == @issue.status), :disabled => !(@can[:update] && @allowed_statuses.include?(s)) %></li>
 		<% end -%>
 		</ul>
@@ -23,7 +23,7 @@
 		<a href="#" class="submenu"><%= l(:field_tracker) %></a>
 		<ul>
 		<% @trackers.each do |t| -%>
-		    <li><%= context_menu_link t.name, {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), 'tracker_id' => t, :back_to => @back}, :method => :post,
+		    <li><%= context_menu_link t.name, {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), :issue => {'tracker_id' => t}, :back_url => @back}, :method => :post,
 		                              :selected => (@issue && t == @issue.tracker), :disabled => !@can[:edit] %></li>
 		<% end -%>
 		</ul>
@@ -33,8 +33,8 @@
 		<a href="#" class="submenu"><%= l(:field_priority) %></a>
 		<ul>
 		<% @priorities.each do |p| -%>
-		    <li><%= context_menu_link p.name, {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), 'priority_id' => p, :back_to => @back}, :method => :post,
-		                              :selected => (@issue && p == @issue.priority), :disabled => !@can[:edit] %></li>
+		    <li><%= context_menu_link p.name, {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), :issue => {'priority_id' => p}, :back_url => @back}, :method => :post,
+		                              :selected => (@issue && p == @issue.priority), :disabled => (!@can[:edit] || @issues.detect {|i| !i.leaf?}) %></li>
 		<% end -%>
 		</ul>
 	</li>
@@ -43,10 +43,10 @@
 		<a href="#" class="submenu"><%= l(:field_fixed_version) %></a>
 		<ul>
 		<% @project.shared_versions.open.sort.each do |v| -%>
-		    <li><%= context_menu_link format_version_name(v), {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), 'fixed_version_id' => v, :back_to => @back}, :method => :post,
+		    <li><%= context_menu_link format_version_name(v), {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), :issue => {'fixed_version_id' => v}, :back_url => @back}, :method => :post,
 		                              :selected => (@issue && v == @issue.fixed_version), :disabled => !@can[:update] %></li>
 		<% end -%>
-		    <li><%= context_menu_link l(:label_none), {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), 'fixed_version_id' => 'none', :back_to => @back}, :method => :post,
+		    <li><%= context_menu_link l(:label_none), {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), :issue => {'fixed_version_id' => 'none'}, :back_url => @back}, :method => :post,
 		                              :selected => (@issue && @issue.fixed_version.nil?), :disabled => !@can[:update] %></li>
 		</ul>
 	</li>
@@ -56,10 +56,10 @@
 		<a href="#" class="submenu"><%= l(:field_assigned_to) %></a>
 		<ul>
 		<% @assignables.each do |u| -%>
-		    <li><%= context_menu_link u.name, {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), 'assigned_to_id' => u, :back_to => @back}, :method => :post,
+		    <li><%= context_menu_link u.name, {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), :issue => {'assigned_to_id' => u}, :back_url => @back}, :method => :post,
 		                              :selected => (@issue && u == @issue.assigned_to), :disabled => !@can[:update] %></li>
 		<% end -%>
-		    <li><%= context_menu_link l(:label_nobody), {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), 'assigned_to_id' => 'none', :back_to => @back}, :method => :post,
+		    <li><%= context_menu_link l(:label_nobody), {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), :issue => {'assigned_to_id' => 'none'}, :back_url => @back}, :method => :post,
 		                              :selected => (@issue && @issue.assigned_to.nil?), :disabled => !@can[:update] %></li>
 		</ul>
 	</li>
@@ -69,10 +69,10 @@
 		<a href="#" class="submenu"><%= l(:field_category) %></a>
 		<ul>
 		<% @project.issue_categories.each do |u| -%>
-		    <li><%= context_menu_link u.name, {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), 'category_id' => u, :back_to => @back}, :method => :post,
+		    <li><%= context_menu_link u.name, {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), :issue => {'category_id' => u}, :back_url => @back}, :method => :post,
 		                              :selected => (@issue && u == @issue.category), :disabled => !@can[:update] %></li>
 		<% end -%>
-		    <li><%= context_menu_link l(:label_none), {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), 'category_id' => 'none', :back_to => @back}, :method => :post,
+		    <li><%= context_menu_link l(:label_none), {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), :issue => {'category_id' => 'none'}, :back_url => @back}, :method => :post,
 		                              :selected => (@issue && @issue.category.nil?), :disabled => !@can[:update] %></li>
 		</ul>
 	</li>
@@ -82,8 +82,8 @@
 		<a href="#" class="submenu"><%= l(:field_done_ratio) %></a>
 		<ul>
 		<% (0..10).map{|x|x*10}.each do |p| -%>
-		    <li><%= context_menu_link "#{p}%", {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), 'done_ratio' => p, :back_to => @back}, :method => :post,
-		                                  :selected => (@issue && p == @issue.done_ratio), :disabled => !@can[:edit] %></li>
+		    <li><%= context_menu_link "#{p}%", {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), :issue => {'done_ratio' => p}, :back_url => @back}, :method => :post,
+		                                  :selected => (@issue && p == @issue.done_ratio), :disabled => (!@can[:edit] || @issues.detect {|i| !i.leaf?}) %></li>
 		<% end -%>
 		</ul>
 	</li>
@@ -102,9 +102,9 @@
  <li><%= context_menu_link l(:button_duplicate), {:controller => 'issues', :action => 'new', :project_id => @project, :copy_from => @issue},
 	        :class => 'icon-duplicate', :disabled => !@can[:copy] %></li>
 <% end %>
-  <li><%= context_menu_link l(:button_copy), {:controller => 'issues', :action => 'move', :ids => @issues.collect(&:id), :copy_options => {:copy => 't'}},
+  <li><%= context_menu_link l(:button_copy), new_issue_move_path(:ids => @issues.collect(&:id), :copy_options => {:copy => 't'}),
 	                        :class => 'icon-copy', :disabled => !@can[:move]  %></li>
-  <li><%= context_menu_link l(:button_move), {:controller => 'issues', :action => 'move', :ids => @issues.collect(&:id)},
+  <li><%= context_menu_link l(:button_move), new_issue_move_path(:ids => @issues.collect(&:id)),
 	                        :class => 'icon-move', :disabled => !@can[:move]  %></li>
  <li><%= context_menu_link l(:button_delete), {:controller => 'issues', :action => 'destroy', :ids => @issues.collect(&:id)},
                            :method => :post, :confirm => l(:text_issues_destroy_confirmation), :class => 'icon-del', :disabled => !@can[:delete] %></li>
--- a/app/views/custom_fields/_form.rhtml
+++ b/app/views/custom_fields/_form.rhtml
@@ -90,6 +90,7 @@ when "IssueCustomField" %>

 <% when "ProjectCustomField" %>
    <p><%= f.check_box :is_required %></p>
+    <p><%= f.check_box :searchable %></p>

 <% when "TimeEntryCustomField" %>
    <p><%= f.check_box :is_required %></p>
--- a/Show More
+++ b/Show More