tagged version 1.1.0

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/tags/1.1.0@4672 e93f8b46-1217-0410-a6f0-8f06a7374b81
Merged r4670 from trunk.
2011-01-09 16:27:39 +00:00 · 2011-01-09 15:58:15 +00:00 · 2011-01-08 10:14:00 +00:00 · 2011-01-08 10:09:04 +00:00 · 2011-01-08 10:04:38 +00:00 · 2011-01-08 00:24:43 +00:00
528 changed files with 25054 additions and 14976 deletions
--- a/.hgignore
+++ b/.hgignore
@@ -0,0 +1,22 @@
+syntax: glob
+
+config/additional_environment.rb
+config/database.yml
+config/email.yml
+config/initializers/session_store.rb
+coverage
+db/*.db
+db/*.sqlite3
+db/schema.rb
+files/*
+log/*.log*
+log/mongrel_debug
+public/dispatch.*
+public/plugin_assets
+tmp/*
+tmp/cache/*
+tmp/sessions/*
+tmp/sockets/*
+tmp/test/*
+vendor/rails
+*.rbc
--- a/README.rdoc
+++ b/README.rdoc
@@ -2,4 +2,4 @@

 Redmine is a flexible project management web application written using Ruby on Rails framework.

-More details can be found at http://www.redmine.org
+More details can be found at in the doc directory or on the official website http://www.redmine.org
--- a/app/controllers/account_controller.rb
+++ b/app/controllers/account_controller.rb
@@ -83,9 +83,9 @@ class AccountController < ApplicationController
    else
      @user = User.new(params[:user])
      @user.admin = false
-      @user.status = User::STATUS_REGISTERED
+      @user.register
      if session[:auth_source_registration]
-        @user.status = User::STATUS_ACTIVE
+        @user.activate
        @user.login = session[:auth_source_registration][:login]
        @user.auth_source_id = session[:auth_source_registration][:auth_source_id]
        if @user.save
@@ -116,8 +116,8 @@ class AccountController < ApplicationController
    token = Token.find_by_action_and_value('register', params[:token])
    redirect_to(home_url) && return unless token and !token.expired?
    user = token.user
-    redirect_to(home_url) && return unless user.status == User::STATUS_REGISTERED
-    user.status = User::STATUS_ACTIVE
+    redirect_to(home_url) && return unless user.registered?
+    user.activate
    if user.save
      token.destroy
      flash[:notice] = l(:notice_account_activated)
@@ -170,7 +170,7 @@ class AccountController < ApplicationController
          user.mail = registration['email'] unless registration['email'].nil?
          user.firstname, user.lastname = registration['fullname'].split(' ') unless registration['fullname'].nil?
          user.random_password
-          user.status = User::STATUS_REGISTERED
+          user.register

          case Setting.self_registration
          when '1'
@@ -241,7 +241,7 @@ class AccountController < ApplicationController
  # Pass a block for behavior when a user fails to save
  def register_automatically(user, &block)
    # Automatic activation
-    user.status = User::STATUS_ACTIVE
+    user.activate
    user.last_login_on = Time.now
    if user.save
      self.logged_user = user
--- a/app/controllers/activities_controller.rb
+++ b/app/controllers/activities_controller.rb
@@ -0,0 +1,59 @@
+class ActivitiesController < ApplicationController
+  menu_item :activity
+  before_filter :find_optional_project
+  accept_key_auth :index
+
+  def index
+    @days = Setting.activity_days_default.to_i
+    
+    if params[:from]
+      begin; @date_to = params[:from].to_date + 1; rescue; end
+    end
+
+    @date_to ||= Date.today + 1
+    @date_from = @date_to - @days
+    @with_subprojects = params[:with_subprojects].nil? ? Setting.display_subprojects_issues? : (params[:with_subprojects] == '1')
+    @author = (params[:user_id].blank? ? nil : User.active.find(params[:user_id]))
+    
+    @activity = Redmine::Activity::Fetcher.new(User.current, :project => @project, 
+                                                             :with_subprojects => @with_subprojects,
+                                                             :author => @author)
+    @activity.scope_select {|t| !params["show_#{t}"].nil?}
+    @activity.scope = (@author.nil? ? :default : :all) if @activity.scope.empty?
+
+    events = @activity.events(@date_from, @date_to)
+    
+    if events.empty? || stale?(:etag => [@activity.scope, @date_to, @date_from, @with_subprojects, @author, events.first, User.current, current_language])
+      respond_to do |format|
+        format.html { 
+          @events_by_day = events.group_by(&:event_date)
+          render :layout => false if request.xhr?
+        }
+        format.atom {
+          title = l(:label_activity)
+          if @author
+            title = @author.name
+          elsif @activity.scope.size == 1
+            title = l("label_#{@activity.scope.first.singularize}_plural")
+          end
+          render_feed(events, :title => "#{@project || Setting.app_title}: #{title}")
+        }
+      end
+    end
+    
+  rescue ActiveRecord::RecordNotFound
+    render_404
+  end
+
+  private
+
+  # TODO: refactor, duplicated in projects_controller
+  def find_optional_project
+    return true unless params[:id]
+    @project = Project.find(params[:id])
+    authorize
+  rescue ActiveRecord::RecordNotFound
+    render_404
+  end
+
+end
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -22,7 +22,7 @@ class ApplicationController < ActionController::Base
  include Redmine::I18n

  layout 'base'
-  exempt_from_layout 'builder'
+  exempt_from_layout 'builder', 'rsb'
  
  # Remove broken cookie after upgrade from 0.8.x (#4292)
  # See https://rails.lighthouseapp.com/projects/8994/tickets/3360
@@ -71,10 +71,10 @@ class ApplicationController < ActionController::Base
    elsif params[:format] == 'atom' && params[:key] && accept_key_auth_actions.include?(params[:action])
      # RSS key authentication does not start a session
      User.find_by_rss_key(params[:key])
-    elsif Setting.rest_api_enabled? && ['xml', 'json'].include?(params[:format])
-      if params[:key].present? && accept_key_auth_actions.include?(params[:action])
+    elsif Setting.rest_api_enabled? && api_request?
+      if (key = api_key_from_request) && accept_key_auth_actions.include?(params[:action])
        # Use API key
-        User.find_by_api_key(params[:key])
+        User.find_by_api_key(key)
      else
        # HTTP Basic, either username/password or API key/random
        authenticate_with_http_basic do |username, password|
@@ -153,8 +153,16 @@ class ApplicationController < ActionController::Base

  # Authorize the user for the requested action
  def authorize(ctrl = params[:controller], action = params[:action], global = false)
-    allowed = User.current.allowed_to?({:controller => ctrl, :action => action}, @project, :global => global)
-    allowed ? true : deny_access
+    allowed = User.current.allowed_to?({:controller => ctrl, :action => action}, @project || @projects, :global => global)
+    if allowed
+      true
+    else
+      if @project && @project.archived?
+        render_403 :message => :notice_not_authorized_archived_project
+      else
+        deny_access
+      end
+    end
  end

  # Authorize the user for the requested action outside a project
@@ -169,6 +177,13 @@ class ApplicationController < ActionController::Base
    render_404
  end

+  # Find project of id params[:project_id]
+  def find_project_by_project_id
+    @project = Project.find(params[:project_id])
+  rescue ActiveRecord::RecordNotFound
+    render_404
+  end
+
  # Find a project based on params[:project_id]
  # TODO: some subclasses override this, see about merging their logic
  def find_optional_project
@@ -201,7 +216,26 @@ class ApplicationController < ActionController::Base
  def self.model_object(model)
    write_inheritable_attribute('model_object', model)
  end
-    
+
+  # Filter for bulk issue operations
+  def find_issues
+    @issues = Issue.find_all_by_id(params[:id] || params[:ids])
+    raise ActiveRecord::RecordNotFound if @issues.empty?
+    @projects = @issues.collect(&:project).compact.uniq
+    @project = @projects.first if @projects.size == 1
+  rescue ActiveRecord::RecordNotFound
+    render_404
+  end
+  
+  # Check if project is unique before bulk operations
+  def check_project_uniqueness
+    unless @project
+      # TODO: let users bulk edit/move/destroy issues from different projects
+      render_error 'Can not bulk edit/move/destroy issues from different projects'
+      return false
+    end
+  end
+  
  # make sure that the user is a member of the project (or admin) if project is private
  # used as a before_filter for actions that do not require any particular permission on the project
  def check_project_privacy
@@ -218,6 +252,10 @@ class ApplicationController < ActionController::Base
    end
  end

+  def back_url
+    params[:back_url] || request.env['HTTP_REFERER']
+  end
+
  def redirect_back_or_default(default)
    back_url = CGI.unescape(params[:back_url].to_s)
    if !back_url.blank?
@@ -235,41 +273,42 @@ class ApplicationController < ActionController::Base
    redirect_to default
  end
  
-  def render_403
+  def render_403(options={})
    @project = nil
-    respond_to do |format|
-      format.html { render :template => "common/403", :layout => (request.xhr? ? false : 'base'), :status => 403 }
-      format.atom { head 403 }
-      format.xml { head 403 }
-      format.js { head 403 }
-      format.json { head 403 }
-    end
+    render_error({:message => :notice_not_authorized, :status => 403}.merge(options))
    return false
  end
    
-  def render_404
-    respond_to do |format|
-      format.html { render :template => "common/404", :layout => !request.xhr?, :status => 404 }
-      format.atom { head 404 }
-      format.xml { head 404 }
-      format.js { head 404 }
-      format.json { head 404 }
-    end
+  def render_404(options={})
+    render_error({:message => :notice_file_not_found, :status => 404}.merge(options))
    return false
  end
  
-  def render_error(msg)
+  # Renders an error response
+  def render_error(arg)
+    arg = {:message => arg} unless arg.is_a?(Hash)
+    
+    @message = arg[:message]
+    @message = l(@message) if @message.is_a?(Symbol)
+    @status = arg[:status] || 500
+    
    respond_to do |format|
-      format.html { 
-        flash.now[:error] = msg
-        render :text => '', :layout => !request.xhr?, :status => 500
+      format.html {
+        render :template => 'common/error', :layout => use_layout, :status => @status
      }
-      format.atom { head 500 }
-      format.xml { head 500 }
-      format.js { head 500 }
-      format.json { head 500 }
+      format.atom { head @status }
+      format.xml { head @status }
+      format.js { head @status }
+      format.json { head @status }
    end
  end
+
+  # Picks which layout to use based on the request
+  #
+  # @return [boolean, string] name of the layout to use or false for no layout
+  def use_layout
+    request.xhr? ? false : 'base'
+  end
  
  def invalid_authenticity_token
    if api_request?
@@ -310,6 +349,30 @@ class ApplicationController < ActionController::Base
    per_page
  end

+  # Returns offset and limit used to retrieve objects
+  # for an API response based on offset, limit and page parameters
+  def api_offset_and_limit(options=params)
+    if options[:offset].present?
+      offset = options[:offset].to_i
+      if offset < 0
+        offset = 0
+      end
+    end
+    limit = options[:limit].to_i
+    if limit < 1
+      limit = 25
+    elsif limit > 100
+      limit = 100
+    end
+    if offset.nil? && options[:page].present?
+      offset = (options[:page].to_i - 1) * limit
+      offset = 0 if offset < 0
+    end
+    offset ||= 0
+    
+    [offset, limit]
+  end
+  
  # qvalues http header parser
  # code taken from webrick
  def parse_qvalues(value)
@@ -339,12 +402,36 @@ class ApplicationController < ActionController::Base
  def api_request?
    %w(xml json).include? params[:format]
  end
+  
+  # Returns the API key present in the request
+  def api_key_from_request
+    if params[:key].present?
+      params[:key]
+    elsif request.headers["X-Redmine-API-Key"].present?
+      request.headers["X-Redmine-API-Key"]
+    end
+  end

  # Renders a warning flash if obj has unsaved attachments
  def render_attachment_warning_if_needed(obj)
    flash[:warning] = l(:warning_attachments_not_saved, obj.unsaved_attachments.size) if obj.unsaved_attachments.present?
  end

+  # Sets the `flash` notice or error based the number of issues that did not save
+  #
+  # @param [Array, Issue] issues all of the saved and unsaved Issues
+  # @param [Array, Integer] unsaved_issue_ids the issue ids that were not saved
+  def set_flash_from_bulk_issue_save(issues, unsaved_issue_ids)
+    if unsaved_issue_ids.empty?
+      flash[:notice] = l(:notice_successful_update) unless issues.empty?
+    else
+      flash[:error] = l(:notice_failed_to_save_issues,
+                        :count => unsaved_issue_ids.size,
+                        :total => issues.size,
+                        :ids => '#' + unsaved_issue_ids.join(', #'))
+    end
+  end
+
  # Rescues an invalid query statement. Just in case...
  def query_statement_invalid(exception)
    logger.error "Query::StatementInvalid: #{exception.message}" if logger
@@ -359,5 +446,37 @@ class ApplicationController < ActionController::Base
      { attribute => error }
    end.to_json
  end
+
+  # Renders API response on validation failure
+  def render_validation_errors(object)
+    options = { :status => :unprocessable_entity, :layout => false }
+    options.merge!(case params[:format]
+      when 'xml';  { :xml =>  object.errors }
+      when 'json'; { :json => {'errors' => object.errors} } # ActiveResource client compliance
+      else
+        raise "Unknown format #{params[:format]} in #render_validation_errors"
+      end
+    )
+    render options
+  end
  
+  # Overrides #default_template so that the api template
+  # is used automatically if it exists
+  def default_template(action_name = self.action_name)
+    if api_request?
+      begin
+        return self.view_paths.find_template(default_template_name(action_name), 'api')
+      rescue ::ActionView::MissingTemplate
+        # the api template was not found
+        # fallback to the default behaviour
+      end
+    end
+    super
+  end
+  
+  # Overrides #pick_layout so that #render with no arguments
+  # doesn't use the layout for api requests
+  def pick_layout(*args)
+    api_request? ? nil : super
+  end
 end
--- a/app/controllers/auto_completes_controller.rb
+++ b/app/controllers/auto_completes_controller.rb
@@ -0,0 +1,27 @@
+class AutoCompletesController < ApplicationController
+  before_filter :find_project
+  
+  def issues
+    @issues = []
+    q = params[:q].to_s
+    query = (params[:scope] == "all" && Setting.cross_project_issue_relations?) ? Issue : @project.issues
+    if q.match(/^\d+$/)
+      @issues << query.visible.find_by_id(q.to_i)
+    end
+    unless q.blank?
+      @issues += query.visible.find(:all, :conditions => ["LOWER(#{Issue.table_name}.subject) LIKE ?", "%#{q.downcase}%"], :limit => 10)
+    end
+    @issues.compact!
+    render :layout => false
+  end
+
+  private
+
+  def find_project
+    project_id = (params[:issue] && params[:issue][:project_id]) || params[:project_id]
+    @project = Project.find(project_id)
+  rescue ActiveRecord::RecordNotFound
+    render_404
+  end
+
+end
--- a/app/controllers/boards_controller.rb
+++ b/app/controllers/boards_controller.rb
@@ -18,6 +18,7 @@
 class BoardsController < ApplicationController
  default_search_scope :messages
  before_filter :find_project, :find_board_if_available, :authorize
+  accept_key_auth :index, :show

  helper :messages
  include MessagesHelper
--- a/app/controllers/calendars_controller.rb
+++ b/app/controllers/calendars_controller.rb
@@ -1,4 +1,5 @@
 class CalendarsController < ApplicationController
+  menu_item :calendar
  before_filter :find_optional_project

  rescue_from Query::StatementInvalid, :with => :query_statement_invalid
@@ -7,6 +8,8 @@ class CalendarsController < ApplicationController
  helper :projects
  helper :queries
  include QueriesHelper
+  helper :sort
+  include SortHelper

  def show
    if params[:year] and params[:year].to_i > 1900
@@ -31,8 +34,11 @@ class CalendarsController < ApplicationController
      @calendar.events = events
    end
    
-    render :layout => false if request.xhr?
+    render :action => 'show', :layout => false if request.xhr?
  end
  
+  def update
+    show
+  end

 end
--- a/app/controllers/comments_controller.rb
+++ b/app/controllers/comments_controller.rb
@@ -0,0 +1,36 @@
+class CommentsController < ApplicationController
+  default_search_scope :news
+  model_object News
+  before_filter :find_model_object
+  before_filter :find_project_from_association
+  before_filter :authorize
+
+  verify :method => :post, :only => :create, :render => {:nothing => true, :status => :method_not_allowed }
+  def create
+    @comment = Comment.new(params[:comment])
+    @comment.author = User.current
+    if @news.comments << @comment
+      flash[:notice] = l(:label_comment_added)
+    end
+    
+    redirect_to :controller => 'news', :action => 'show', :id => @news
+  end
+
+  verify :method => :delete, :only => :destroy, :render => {:nothing => true, :status => :method_not_allowed }
+  def destroy
+    @news.comments.find(params[:comment_id]).destroy
+    redirect_to :controller => 'news', :action => 'show', :id => @news
+  end
+
+  private
+
+  # ApplicationController's find_model_object sets it based on the controller
+  # name so it needs to be overriden and set to @news instead
+  def find_model_object
+    super
+    @news = @object
+    @comment = nil
+    @news
+  end
+  
+end
--- a/app/controllers/context_menus_controller.rb
+++ b/app/controllers/context_menus_controller.rb
@@ -0,0 +1,44 @@
+class ContextMenusController < ApplicationController
+  helper :watchers
+  
+  def issues
+    @issues = Issue.visible.all(:conditions => {:id => params[:ids]}, :include => :project)
+    
+    if (@issues.size == 1)
+      @issue = @issues.first
+      @allowed_statuses = @issue.new_statuses_allowed_to(User.current)
+    else
+      @allowed_statuses = @issues.map do |i|
+        i.new_statuses_allowed_to(User.current)
+      end.inject do |memo,s|
+        memo & s
+      end
+    end
+    @projects = @issues.collect(&:project).compact.uniq
+    @project = @projects.first if @projects.size == 1
+
+    @can = {:edit => User.current.allowed_to?(:edit_issues, @projects),
+            :log_time => (@project && User.current.allowed_to?(:log_time, @project)),
+            :update => (User.current.allowed_to?(:edit_issues, @projects) || (User.current.allowed_to?(:change_status, @projects) && !@allowed_statuses.blank?)),
+            :move => (@project && User.current.allowed_to?(:move_issues, @project)),
+            :copy => (@issue && @project.trackers.include?(@issue.tracker) && User.current.allowed_to?(:add_issues, @project)),
+            :delete => User.current.allowed_to?(:delete_issues, @projects)
+            }
+    if @project
+      @assignables = @project.assignable_users
+      @assignables << @issue.assigned_to if @issue && @issue.assigned_to && !@assignables.include?(@issue.assigned_to)
+      @trackers = @project.trackers
+    else
+      #when multiple projects, we only keep the intersection of each set
+      @assignables = @projects.map(&:assignable_users).inject{|memo,a| memo & a}
+      @trackers = @projects.map(&:trackers).inject{|memo,t| memo & t}
+    end
+    
+    @priorities = IssuePriority.all.reverse
+    @statuses = IssueStatus.find(:all, :order => 'position')
+    @back = back_url
+    
+    render :layout => false
+  end
+  
+end
--- a/app/controllers/files_controller.rb
+++ b/app/controllers/files_controller.rb
@@ -0,0 +1,36 @@
+class FilesController < ApplicationController
+  menu_item :files
+
+  before_filter :find_project_by_project_id
+  before_filter :authorize
+
+  helper :sort
+  include SortHelper
+
+  def index
+    sort_init 'filename', 'asc'
+    sort_update 'filename' => "#{Attachment.table_name}.filename",
+                'created_on' => "#{Attachment.table_name}.created_on",
+                'size' => "#{Attachment.table_name}.filesize",
+                'downloads' => "#{Attachment.table_name}.downloads"
+                
+    @containers = [ Project.find(@project.id, :include => :attachments, :order => sort_clause)]
+    @containers += @project.versions.find(:all, :include => :attachments, :order => sort_clause).sort.reverse
+    render :layout => !request.xhr?
+  end
+
+  def new
+    @versions = @project.versions.sort
+  end
+
+  def create
+    container = (params[:version_id].blank? ? @project : @project.versions.find_by_id(params[:version_id]))
+    attachments = Attachment.attach_files(container, params[:attachments])
+    render_attachment_warning_if_needed(container)
+
+    if !attachments.empty? && !attachments[:files].blank? && Setting.notified_events.include?('file_added')
+      Mailer.deliver_attachments_added(attachments[:files])
+    end
+    redirect_to project_files_path(@project)
+  end
+end
--- a/app/controllers/gantts_controller.rb
+++ b/app/controllers/gantts_controller.rb
@@ -1,8 +1,10 @@
 class GanttsController < ApplicationController
+  menu_item :gantt
  before_filter :find_optional_project

  rescue_from Query::StatementInvalid, :with => :query_statement_invalid

+  helper :gantt
  helper :issues
  helper :projects
  helper :queries
@@ -13,33 +15,22 @@ class GanttsController < ApplicationController
  
  def show
    @gantt = Redmine::Helpers::Gantt.new(params)
+    @gantt.project = @project
    retrieve_query
    @query.group_by = nil
-    if @query.valid?
-      events = []
-      # Issues that have start and due dates
-      events += @query.issues(:include => [:tracker, :assigned_to, :priority],
-                              :order => "start_date, due_date",
-                              :conditions => ["(((start_date>=? and start_date<=?) or (due_date>=? and due_date<=?) or (start_date<? and due_date>?)) and start_date is not null and due_date is not null)", @gantt.date_from, @gantt.date_to, @gantt.date_from, @gantt.date_to, @gantt.date_from, @gantt.date_to]
-                              )
-      # Issues that don't have a due date but that are assigned to a version with a date
-      events += @query.issues(:include => [:tracker, :assigned_to, :priority, :fixed_version],
-                              :order => "start_date, effective_date",
-                              :conditions => ["(((start_date>=? and start_date<=?) or (effective_date>=? and effective_date<=?) or (start_date<? and effective_date>?)) and start_date is not null and due_date is null and effective_date is not null)", @gantt.date_from, @gantt.date_to, @gantt.date_from, @gantt.date_to, @gantt.date_from, @gantt.date_to]
-                              )
-      # Versions
-      events += @query.versions(:conditions => ["effective_date BETWEEN ? AND ?", @gantt.date_from, @gantt.date_to])
-                                   
-      @gantt.events = events
-    end
+    @gantt.query = @query if @query.valid?
    
    basename = (@project ? "#{@project.identifier}-" : '') + 'gantt'
    
    respond_to do |format|
      format.html { render :action => "show", :layout => !request.xhr? }
      format.png  { send_data(@gantt.to_image, :disposition => 'inline', :type => 'image/png', :filename => "#{basename}.png") } if @gantt.respond_to?('to_image')
-      format.pdf  { send_data(gantt_to_pdf(@gantt, @project), :type => 'application/pdf', :filename => "#{basename}.pdf") }
+      format.pdf  { send_data(@gantt.to_pdf, :type => 'application/pdf', :filename => "#{basename}.pdf") }
    end
  end

+  def update
+    show
+  end
+
 end
--- a/app/controllers/groups_controller.rb
+++ b/app/controllers/groups_controller.rb
@@ -141,14 +141,22 @@ class GroupsController < ApplicationController
    @membership = Member.edit_membership(params[:membership_id], params[:membership], @group)
    @membership.save if request.post?
    respond_to do |format|
-       format.html { redirect_to :controller => 'groups', :action => 'edit', :id => @group, :tab => 'memberships' }
-       format.js { 
-         render(:update) {|page| 
-           page.replace_html "tab-content-memberships", :partial => 'groups/memberships'
-           page.visual_effect(:highlight, "member-#{@membership.id}")
-         }
-       }
-     end
+      if @membership.valid?
+        format.html { redirect_to :controller => 'groups', :action => 'edit', :id => @group, :tab => 'memberships' }
+        format.js {
+          render(:update) {|page|
+            page.replace_html "tab-content-memberships", :partial => 'groups/memberships'
+            page.visual_effect(:highlight, "member-#{@membership.id}")
+          }
+        }
+      else
+        format.js {
+          render(:update) {|page|
+            page.alert(l(:notice_failed_to_save_members, :errors => @membership.errors.full_messages.join(', ')))
+          }
+        }
+      end
+    end
  end
  
  def destroy_membership
--- a/app/controllers/issue_moves_controller.rb
+++ b/app/controllers/issue_moves_controller.rb
@@ -0,0 +1,68 @@
+class IssueMovesController < ApplicationController
+  default_search_scope :issues
+  before_filter :find_issues, :check_project_uniqueness
+  before_filter :authorize
+  
+  def new
+    prepare_for_issue_move
+    render :layout => false if request.xhr?
+  end
+
+  def create
+    prepare_for_issue_move
+
+    if request.post?
+      new_tracker = params[:new_tracker_id].blank? ? nil : @target_project.trackers.find_by_id(params[:new_tracker_id])
+      unsaved_issue_ids = []
+      moved_issues = []
+      @issues.each do |issue|
+        issue.reload
+        issue.init_journal(User.current)
+        issue.current_journal.notes = @notes if @notes.present?
+        call_hook(:controller_issues_move_before_save, { :params => params, :issue => issue, :target_project => @target_project, :copy => !!@copy })
+        if r = issue.move_to_project(@target_project, new_tracker, {:copy => @copy, :attributes => extract_changed_attributes_for_move(params)})
+          moved_issues << r
+        else
+          unsaved_issue_ids << issue.id
+        end
+      end
+      set_flash_from_bulk_issue_save(@issues, unsaved_issue_ids)
+
+      if params[:follow]
+        if @issues.size == 1 && moved_issues.size == 1
+          redirect_to :controller => 'issues', :action => 'show', :id => moved_issues.first
+        else
+          redirect_to :controller => 'issues', :action => 'index', :project_id => (@target_project || @project)
+        end
+      else
+        redirect_to :controller => 'issues', :action => 'index', :project_id => @project
+      end
+      return
+    end
+  end
+
+  private
+
+  def prepare_for_issue_move
+    @issues.sort!
+    @copy = params[:copy_options] && params[:copy_options][:copy]
+    @allowed_projects = Issue.allowed_target_projects_on_move
+    @target_project = @allowed_projects.detect {|p| p.id.to_s == params[:new_project_id]} if params[:new_project_id]
+    @target_project ||= @project    
+    @trackers = @target_project.trackers
+    @available_statuses = Workflow.available_statuses(@project)
+    @notes = params[:notes]
+    @notes ||= ''
+  end
+
+  def extract_changed_attributes_for_move(params)
+    changed_attributes = {}
+    [:assigned_to_id, :status_id, :start_date, :due_date, :priority_id].each do |valid_attribute|
+      unless params[valid_attribute].blank?
+        changed_attributes[valid_attribute] = (params[valid_attribute] == 'none' ? nil : params[valid_attribute])
+      end
+    end
+    changed_attributes
+  end
+
+end
--- a/app/controllers/issues_controller.rb
+++ b/app/controllers/issues_controller.rb
@@ -19,14 +19,15 @@ class IssuesController < ApplicationController
  menu_item :new_issue, :only => [:new, :create]
  default_search_scope :issues
  
-  before_filter :find_issue, :only => [:show, :edit, :update, :reply]
-  before_filter :find_issues, :only => [:bulk_edit, :move, :destroy]
-  before_filter :find_project, :only => [:new, :create, :update_form, :preview, :auto_complete]
-  before_filter :authorize, :except => [:index, :changes, :preview, :context_menu]
-  before_filter :find_optional_project, :only => [:index, :changes]
+  before_filter :find_issue, :only => [:show, :edit, :update]
+  before_filter :find_issues, :only => [:bulk_edit, :bulk_update, :move, :perform_move, :destroy]
+  before_filter :check_project_uniqueness, :only => [:move, :perform_move]
+  before_filter :find_project, :only => [:new, :create]
+  before_filter :authorize, :except => [:index]
+  before_filter :find_optional_project, :only => [:index]
  before_filter :check_for_default_issue_status, :only => [:new, :create]
  before_filter :build_new_issue_from_params, :only => [:new, :create]
-  accept_key_auth :index, :show, :changes
+  accept_key_auth :index, :show, :create, :update, :destroy

  rescue_from Query::StatementInvalid, :with => :query_statement_invalid
  
@@ -43,10 +44,13 @@ class IssuesController < ApplicationController
  include AttachmentsHelper
  helper :queries
  include QueriesHelper
+  helper :repositories
+  include RepositoriesHelper
  helper :sort
  include SortHelper
  include IssuesHelper
  helper :timelog
+  helper :gantt
  include Redmine::Export::PDF

  verify :method => [:post, :delete],
@@ -54,6 +58,7 @@ class IssuesController < ApplicationController
         :render => { :nothing => true, :status => :method_not_allowed }

  verify :method => :post, :only => :create, :render => {:nothing => true, :status => :method_not_allowed }
+  verify :method => :post, :only => :bulk_update, :render => {:nothing => true, :status => :method_not_allowed }
  verify :method => :put, :only => :update, :render => {:nothing => true, :status => :method_not_allowed }
  
  def index
@@ -62,27 +67,29 @@ class IssuesController < ApplicationController
    sort_update(@query.sortable_columns)
    
    if @query.valid?
-      limit = case params[:format]
+      case params[:format]
      when 'csv', 'pdf'
-        Setting.issues_export_limit.to_i
+        @limit = Setting.issues_export_limit.to_i
      when 'atom'
-        Setting.feeds_limit.to_i
+        @limit = Setting.feeds_limit.to_i
+      when 'xml', 'json'
+        @offset, @limit = api_offset_and_limit
      else
-        per_page_option
+        @limit = per_page_option
      end
      
      @issue_count = @query.issue_count
-      @issue_pages = Paginator.new self, @issue_count, limit, params['page']
+      @issue_pages = Paginator.new self, @issue_count, @limit, params['page']
+      @offset ||= @issue_pages.current.offset
      @issues = @query.issues(:include => [:assigned_to, :tracker, :priority, :category, :fixed_version],
                              :order => sort_clause, 
-                              :offset => @issue_pages.current.offset, 
-                              :limit => limit)
+                              :offset => @offset, 
+                              :limit => @limit)
      @issue_count_by_group = @query.issue_count_by_group
      
      respond_to do |format|
        format.html { render :template => 'issues/index.rhtml', :layout => !request.xhr? }
-        format.xml  { render :layout => false }
-        format.json { render :text => @issues.to_json, :layout => false }
+        format.api
        format.atom { render_feed(@issues, :title => "#{@project || Setting.app_title}: #{l(:label_issue_plural)}") }
        format.csv  { send_data(issues_to_csv(@issues, @project), :type => 'text/csv; header=present', :filename => 'export.csv') }
        format.pdf  { send_data(issues_to_pdf(@issues, @project, @query), :type => 'application/pdf', :filename => 'export.pdf') }
@@ -95,21 +102,6 @@ class IssuesController < ApplicationController
    render_404
  end
  
-  def changes
-    retrieve_query
-    sort_init 'id', 'desc'
-    sort_update(@query.sortable_columns)
-    
-    if @query.valid?
-      @journals = @query.journals(:order => "#{Journal.table_name}.created_on DESC", 
-                                  :limit => 25)
-    end
-    @title = (@project ? @project.name : Setting.app_title) + ": " + (@query.new_record? ? l(:label_changes_details) : @query.name)
-    render :layout => false, :content_type => 'application/atom+xml'
-  rescue ActiveRecord::RecordNotFound
-    render_404
-  end
-  
  def show
    @journals = @issue.journals.find(:all, :include => [:user, :details], :order => "#{Journal.table_name}.created_on ASC")
    @journals.each_with_index {|j,i| j.indice = i+1}
@@ -122,9 +114,8 @@ class IssuesController < ApplicationController
    @time_entry = TimeEntry.new
    respond_to do |format|
      format.html { render :template => 'issues/show.rhtml' }
-      format.xml  { render :layout => false }
-      format.json { render :text => @issue.to_json, :layout => false }
-      format.atom { render :action => 'changes', :layout => false, :content_type => 'application/atom+xml' }
+      format.api
+      format.atom { render :template => 'journals/index', :layout => false, :content_type => 'application/atom+xml' }
      format.pdf  { send_data(issue_to_pdf(@issue), :type => 'application/pdf', :filename => "#{@project.identifier}-#{@issue.id}.pdf") }
    end
  end
@@ -132,7 +123,10 @@ class IssuesController < ApplicationController
  # Add a new issue
  # The new issue will be created from an existing one if copy_from parameter is given
  def new
-    render :action => 'new', :layout => !request.xhr?
+    respond_to do |format|
+      format.html { render :action => 'new', :layout => !request.xhr? }
+      format.js { render :partial => 'attributes' }
+    end
  end

  def create
@@ -144,26 +138,20 @@ class IssuesController < ApplicationController
      call_hook(:controller_issues_new_after_save, { :params => params, :issue => @issue})
      respond_to do |format|
        format.html {
-          redirect_to(params[:continue] ? { :action => 'new', :issue => {:tracker_id => @issue.tracker, :parent_issue_id => @issue.parent_issue_id}.reject {|k,v| v.nil?} } :
+          redirect_to(params[:continue] ?  { :action => 'new', :project_id => @project, :issue => {:tracker_id => @issue.tracker, :parent_issue_id => @issue.parent_issue_id}.reject {|k,v| v.nil?} } :
                      { :action => 'show', :id => @issue })
        }
-        format.xml  { render :action => 'show', :status => :created, :location => url_for(:controller => 'issues', :action => 'show', :id => @issue) }
-        format.json { render :text => @issue.to_json, :status => :created, :location => url_for(:controller => 'issues', :action => 'show'), :layout => false }
+        format.api  { render :action => 'show', :status => :created, :location => issue_url(@issue) }
      end
      return
    else
      respond_to do |format|
        format.html { render :action => 'new' }
-        format.xml  { render(:xml => @issue.errors, :status => :unprocessable_entity); return }
-        format.json { render :text => object_errors_to_json(@issue), :status => :unprocessable_entity, :layout => false }
+        format.api  { render_validation_errors(@issue) }
      end
    end
  end
-  
-  # Attributes that can be updated on workflow transition (without :edit permission)
-  # TODO: make it configurable (at least per role)
-  UPDATABLE_ATTRS_ON_TRANSITION = %w(status_id assigned_to_id fixed_version_id done_ratio) unless const_defined?(:UPDATABLE_ATTRS_ON_TRANSITION)
-  
+    
  def edit
    update_issue_from_params

@@ -184,8 +172,7 @@ class IssuesController < ApplicationController

      respond_to do |format|
        format.html { redirect_back_or_default({:action => 'show', :id => @issue}) }
-        format.xml  { head :ok }
-        format.json  { head :ok }
+        format.api  { head :ok }
      end
    else
      render_attachment_warning_if_needed(@issue)
@@ -194,104 +181,37 @@ class IssuesController < ApplicationController

      respond_to do |format|
        format.html { render :action => 'edit' }
-        format.xml  { render :xml => @issue.errors, :status => :unprocessable_entity }
-        format.json { render :text => object_errors_to_json(@issue), :status => :unprocessable_entity, :layout => false }
+        format.api  { render_validation_errors(@issue) }
      end
    end
  end

-  def reply
-    journal = Journal.find(params[:journal_id]) if params[:journal_id]
-    if journal
-      user = journal.user
-      text = journal.notes
-    else
-      user = @issue.author
-      text = @issue.description
-    end
-    # Replaces pre blocks with [...]
-    text = text.to_s.strip.gsub(%r{<pre>((.|\s)*?)</pre>}m, '[...]')
-    content = "#{ll(Setting.default_language, :text_user_wrote, user)}\n> "
-    content << text.gsub(/(\r?\n|\r\n?)/, "\n> ") + "\n\n"
-      
-    render(:update) { |page|
-      page.<< "$('notes').value = \"#{escape_javascript content}\";"
-      page.show 'update'
-      page << "Form.Element.focus('notes');"
-      page << "Element.scrollTo('update');"
-      page << "$('notes').scrollTop = $('notes').scrollHeight - $('notes').clientHeight;"
-    }
-  end
-  
  # Bulk edit a set of issues
  def bulk_edit
    @issues.sort!
-    if request.post?
-      attributes = (params[:issue] || {}).reject {|k,v| v.blank?}
-      attributes.keys.each {|k| attributes[k] = '' if attributes[k] == 'none'}
-      attributes[:custom_field_values].reject! {|k,v| v.blank?} if attributes[:custom_field_values]
-      
-      unsaved_issue_ids = []
-      @issues.each do |issue|
-        issue.reload
-        journal = issue.init_journal(User.current, params[:notes])
-        issue.safe_attributes = attributes
-        call_hook(:controller_issues_bulk_edit_before_save, { :params => params, :issue => issue })
-        unless issue.save
-          # Keep unsaved issue ids to display them in flash error
-          unsaved_issue_ids << issue.id
-        end
-      end
-      set_flash_from_bulk_issue_save(@issues, unsaved_issue_ids)
-      redirect_back_or_default({:controller => 'issues', :action => 'index', :project_id => @project})
-      return
-    end
-    @available_statuses = Workflow.available_statuses(@project)
-    @custom_fields = @project.all_issue_custom_fields
+    @available_statuses = @projects.map{|p|Workflow.available_statuses(p)}.inject{|memo,w|memo & w}
+    @custom_fields = @projects.map{|p|p.all_issue_custom_fields}.inject{|memo,c|memo & c}
+    @assignables = @projects.map(&:assignable_users).inject{|memo,a| memo & a}
+    @trackers = @projects.map(&:trackers).inject{|memo,t| memo & t}
  end

-  def move
+  def bulk_update
    @issues.sort!
-    @copy = params[:copy_options] && params[:copy_options][:copy]
-    @allowed_projects = Issue.allowed_target_projects_on_move
-    @target_project = @allowed_projects.detect {|p| p.id.to_s == params[:new_project_id]} if params[:new_project_id]
-    @target_project ||= @project    
-    @trackers = @target_project.trackers
-    @available_statuses = Workflow.available_statuses(@project)
-    if request.post?
-      new_tracker = params[:new_tracker_id].blank? ? nil : @target_project.trackers.find_by_id(params[:new_tracker_id])
-      unsaved_issue_ids = []
-      moved_issues = []
-      @issues.each do |issue|
-        issue.reload
-        changed_attributes = {}
-        [:assigned_to_id, :status_id, :start_date, :due_date].each do |valid_attribute|
-          unless params[valid_attribute].blank?
-            changed_attributes[valid_attribute] = (params[valid_attribute] == 'none' ? nil : params[valid_attribute])
-          end 
-        end
-        issue.init_journal(User.current)
-        call_hook(:controller_issues_move_before_save, { :params => params, :issue => issue, :target_project => @target_project, :copy => !!@copy })
-        if r = issue.move_to_project(@target_project, new_tracker, {:copy => @copy, :attributes => changed_attributes})
-          moved_issues << r
-        else
-          unsaved_issue_ids << issue.id
-        end
-      end
-      set_flash_from_bulk_issue_save(@issues, unsaved_issue_ids)
+    attributes = parse_params_for_bulk_issue_attributes(params)

-      if params[:follow]
-        if @issues.size == 1 && moved_issues.size == 1
-          redirect_to :controller => 'issues', :action => 'show', :id => moved_issues.first
-        else
-          redirect_to :controller => 'issues', :action => 'index', :project_id => (@target_project || @project)
-        end
-      else
-        redirect_to :controller => 'issues', :action => 'index', :project_id => @project
+    unsaved_issue_ids = []
+    @issues.each do |issue|
+      issue.reload
+      journal = issue.init_journal(User.current, params[:notes])
+      issue.safe_attributes = attributes
+      call_hook(:controller_issues_bulk_edit_before_save, { :params => params, :issue => issue })
+      unless issue.save
+        # Keep unsaved issue ids to display them in flash error
+        unsaved_issue_ids << issue.id
      end
-      return
    end
-    render :layout => false if request.xhr?
+    set_flash_from_bulk_issue_save(@issues, unsaved_issue_ids)
+    redirect_back_or_default({:controller => 'issues', :action => 'index', :project_id => @project})
  end
  
  def destroy
@@ -311,90 +231,17 @@ class IssuesController < ApplicationController
          TimeEntry.update_all("issue_id = #{reassign_to.id}", ['issue_id IN (?)', @issues])
        end
      else
-        unless params[:format] == 'xml' || params[:format] == 'json'
-          # display the destroy form if it's a user request
-          return
-        end
+        # display the destroy form if it's a user request
+        return unless api_request?
      end
    end
    @issues.each(&:destroy)
    respond_to do |format|
-      format.html { redirect_to :action => 'index', :project_id => @project }
-      format.xml  { head :ok }
-      format.json  { head :ok }
+      format.html { redirect_back_or_default(:action => 'index', :project_id => @project) }
+      format.api  { head :ok }
    end
  end
-  
-  def context_menu
-    @issues = Issue.find_all_by_id(params[:ids], :include => :project)
-    if (@issues.size == 1)
-      @issue = @issues.first
-      @allowed_statuses = @issue.new_statuses_allowed_to(User.current)
-    end
-    projects = @issues.collect(&:project).compact.uniq
-    @project = projects.first if projects.size == 1
-
-    @can = {:edit => (@project && User.current.allowed_to?(:edit_issues, @project)),
-            :log_time => (@project && User.current.allowed_to?(:log_time, @project)),
-            :update => (@project && (User.current.allowed_to?(:edit_issues, @project) || (User.current.allowed_to?(:change_status, @project) && @allowed_statuses && !@allowed_statuses.empty?))),
-            :move => (@project && User.current.allowed_to?(:move_issues, @project)),
-            :copy => (@issue && @project.trackers.include?(@issue.tracker) && User.current.allowed_to?(:add_issues, @project)),
-            :delete => (@project && User.current.allowed_to?(:delete_issues, @project))
-            }
-    if @project
-      @assignables = @project.assignable_users
-      @assignables << @issue.assigned_to if @issue && @issue.assigned_to && !@assignables.include?(@issue.assigned_to)
-      @trackers = @project.trackers
-    end
-    
-    @priorities = IssuePriority.all.reverse
-    @statuses = IssueStatus.find(:all, :order => 'position')
-    @back = params[:back_url] || request.env['HTTP_REFERER']
-    
-    render :layout => false
-  end

-  def update_form
-    if params[:id].blank?
-      @issue = Issue.new
-      @issue.project = @project
-    else
-      @issue = @project.issues.visible.find(params[:id])
-    end
-    @issue.attributes = params[:issue]
-    @allowed_statuses = ([@issue.status] + @issue.status.find_new_statuses_allowed_to(User.current.roles_for_project(@project), @issue.tracker)).uniq
-    @priorities = IssuePriority.all
-    
-    render :partial => 'attributes'
-  end
-  
-  def preview
-    @issue = @project.issues.find_by_id(params[:id]) unless params[:id].blank?
-    if @issue
-      @attachements = @issue.attachments
-      @description = params[:issue] && params[:issue][:description]
-      if @description && @description.gsub(/(\r?\n|\n\r?)/, "\n") == @issue.description.to_s.gsub(/(\r?\n|\n\r?)/, "\n")
-        @description = nil
-      end
-      @notes = params[:notes]
-    else
-      @description = (params[:issue] ? params[:issue][:description] : nil)
-    end
-    render :layout => false
-  end
-  
-  def auto_complete
-    @issues = []
-    q = params[:q].to_s
-    if q.match(/^\d+$/)
-      @issues << @project.issues.visible.find_by_id(q.to_i)
-    end
-    unless q.blank?
-      @issues += @project.issues.visible.find(:all, :conditions => ["LOWER(#{Issue.table_name}.subject) LIKE ?", "%#{q.downcase}%"], :limit => 10)
-    end
-    render :layout => false
-  end
-  
 private
  def find_issue
    @issue = Issue.find(params[:id], :include => [:project, :tracker, :status, :author, :priority, :category])
@@ -403,22 +250,6 @@ private
    render_404
  end
  
-  # Filter for bulk operations
-  def find_issues
-    @issues = Issue.find_all_by_id(params[:id] || params[:ids])
-    raise ActiveRecord::RecordNotFound if @issues.empty?
-    projects = @issues.collect(&:project).compact.uniq
-    if projects.size == 1
-      @project = projects.first
-    else
-      # TODO: let users bulk edit/move/destroy issues from different projects
-      render_error 'Can not bulk edit/move/destroy issues from different projects'
-      return false
-    end
-  rescue ActiveRecord::RecordNotFound
-    render_404
-  end
-  
  def find_project
    project_id = (params[:issue] && params[:issue][:project_id]) || params[:project_id]
    @project = Project.find(project_id)
@@ -434,23 +265,24 @@ private
    @priorities = IssuePriority.all
    @edit_allowed = User.current.allowed_to?(:edit_issues, @project)
    @time_entry = TimeEntry.new
+    @time_entry.attributes = params[:time_entry]
    
-    @notes = params[:notes]
+    @notes = params[:notes] || (params[:issue].present? ? params[:issue][:notes] : nil)
    @issue.init_journal(User.current, @notes)
-    # User can change issue attributes only if he has :edit permission or if a workflow transition is allowed
-    if (@edit_allowed || !@allowed_statuses.empty?) && params[:issue]
-      attrs = params[:issue].dup
-      attrs.delete_if {|k,v| !UPDATABLE_ATTRS_ON_TRANSITION.include?(k) } unless @edit_allowed
-      attrs.delete(:status_id) unless @allowed_statuses.detect {|s| s.id.to_s == attrs[:status_id].to_s}
-      @issue.safe_attributes = attrs
-    end
-
+    @issue.safe_attributes = params[:issue]
  end

  # TODO: Refactor, lots of extra code in here
+  # TODO: Changing tracker on an existing issue should not trigger this
  def build_new_issue_from_params
-    @issue = Issue.new
-    @issue.copy_from(params[:copy_from]) if params[:copy_from]
+    if params[:id].blank?
+      @issue = Issue.new
+      @issue.copy_from(params[:copy_from]) if params[:copy_from]
+      @issue.project = @project
+    else
+      @issue = @project.issues.visible.find(params[:id])
+    end
+    
    @issue.project = @project
    # Tracker must be set before custom field values
    @issue.tracker ||= @project.trackers.find((params[:issue] && params[:issue][:tracker_id]) || params[:tracker_id] || :first)
@@ -458,31 +290,29 @@ private
      render_error l(:error_no_tracker_in_project)
      return false
    end
+    @issue.start_date ||= Date.today
    if params[:issue].is_a?(Hash)
      @issue.safe_attributes = params[:issue]
-      @issue.watcher_user_ids = params[:issue]['watcher_user_ids'] if User.current.allowed_to?(:add_issue_watchers, @project)
+      if User.current.allowed_to?(:add_issue_watchers, @project) && @issue.new_record?
+        @issue.watcher_user_ids = params[:issue]['watcher_user_ids']
+      end
    end
    @issue.author = User.current
-    @issue.start_date ||= Date.today
    @priorities = IssuePriority.all
    @allowed_statuses = @issue.new_statuses_allowed_to(User.current, true)
  end

-  def set_flash_from_bulk_issue_save(issues, unsaved_issue_ids)
-    if unsaved_issue_ids.empty?
-      flash[:notice] = l(:notice_successful_update) unless issues.empty?
-    else
-      flash[:error] = l(:notice_failed_to_save_issues,
-                        :count => unsaved_issue_ids.size,
-                        :total => issues.size,
-                        :ids => '#' + unsaved_issue_ids.join(', #'))
-    end
-  end
-
  def check_for_default_issue_status
    if IssueStatus.default.nil?
      render_error l(:error_no_default_issue_status)
      return false
    end
  end
+
+  def parse_params_for_bulk_issue_attributes(params)
+    attributes = (params[:issue] || {}).reject {|k,v| v.blank?}
+    attributes.keys.each {|k| attributes[k] = '' if attributes[k] == 'none'}
+    attributes[:custom_field_values].reject! {|k,v| v.blank?} if attributes[:custom_field_values]
+    attributes
+  end
 end
--- a/app/controllers/journals_controller.rb
+++ b/app/controllers/journals_controller.rb
@@ -16,7 +16,55 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class JournalsController < ApplicationController
-  before_filter :find_journal
+  before_filter :find_journal, :only => [:edit]
+  before_filter :find_issue, :only => [:new]
+  before_filter :find_optional_project, :only => [:index]
+  before_filter :authorize, :only => [:new, :edit]
+  accept_key_auth :index
+
+  helper :issues
+  helper :queries
+  include QueriesHelper
+  helper :sort
+  include SortHelper
+
+  def index
+    retrieve_query
+    sort_init 'id', 'desc'
+    sort_update(@query.sortable_columns)
+    
+    if @query.valid?
+      @journals = @query.journals(:order => "#{Journal.table_name}.created_on DESC", 
+                                  :limit => 25)
+    end
+    @title = (@project ? @project.name : Setting.app_title) + ": " + (@query.new_record? ? l(:label_changes_details) : @query.name)
+    render :layout => false, :content_type => 'application/atom+xml'
+  rescue ActiveRecord::RecordNotFound
+    render_404
+  end
+  
+  def new
+    journal = Journal.find(params[:journal_id]) if params[:journal_id]
+    if journal
+      user = journal.user
+      text = journal.notes
+    else
+      user = @issue.author
+      text = @issue.description
+    end
+    # Replaces pre blocks with [...]
+    text = text.to_s.strip.gsub(%r{<pre>((.|\s)*?)</pre>}m, '[...]')
+    content = "#{ll(Setting.default_language, :text_user_wrote, user)}\n> "
+    content << text.gsub(/(\r?\n|\r\n?)/, "\n> ") + "\n\n"
+      
+    render(:update) { |page|
+      page.<< "$('notes').value = \"#{escape_javascript content}\";"
+      page.show 'update'
+      page << "Form.Element.focus('notes');"
+      page << "Element.scrollTo('update');"
+      page << "$('notes').scrollTop = $('notes').scrollHeight - $('notes').clientHeight;"
+    }
+  end
  
  def edit
    if request.post?
@@ -38,4 +86,12 @@ private
  rescue ActiveRecord::RecordNotFound
    render_404
  end
+
+  # TODO: duplicated in IssuesController
+  def find_issue
+    @issue = Issue.find(params[:id], :include => [:project, :tracker, :status, :author, :priority, :category])
+    @project = @issue.project
+  rescue ActiveRecord::RecordNotFound
+    render_404
+  end
 end
--- a/app/controllers/my_controller.rb
+++ b/app/controllers/my_controller.rb
@@ -19,6 +19,7 @@ class MyController < ApplicationController
  before_filter :require_login

  helper :issues
+  helper :users
  helper :custom_fields

  BLOCKS = { 'issuesassignedtome' => :label_assigned_to_me_issues,
@@ -53,25 +54,18 @@ class MyController < ApplicationController
    @user = User.current
    @pref = @user.pref
    if request.post?
-      @user.attributes = params[:user]
-      @user.mail_notification = (params[:notification_option] == 'all')
+      @user.safe_attributes = params[:user]
      @user.pref.attributes = params[:pref]
      @user.pref[:no_self_notified] = (params[:no_self_notified] == '1')
      if @user.save
        @user.pref.save
-        @user.notified_project_ids = (params[:notification_option] == 'selected' ? params[:notified_project_ids] : [])
+        @user.notified_project_ids = (@user.mail_notification == 'selected' ? params[:notified_project_ids] : [])
        set_language_if_valid @user.language
        flash[:notice] = l(:notice_account_updated)
        redirect_to :action => 'account'
        return
      end
    end
-    @notification_options = [[l(:label_user_mail_option_all), 'all'],
-                             [l(:label_user_mail_option_none), 'none']]
-    # Only users that belong to more than 1 project can select projects for which they are notified
-    # Note that @user.membership.size would fail since AR ignores :include association option when doing a count
-    @notification_options.insert 1, [l(:label_user_mail_option_selected), 'selected'] if @user.memberships.length > 1
-    @notification_option = @user.mail_notification? ? 'all' : (@user.notified_projects_ids.empty? ? 'none' : 'selected')    
  end

  # Manage user's password
--- a/app/controllers/news_controller.rb
+++ b/app/controllers/news_controller.rb
@@ -18,23 +18,34 @@
 class NewsController < ApplicationController
  default_search_scope :news
  model_object News
-  before_filter :find_model_object, :except => [:new, :index, :preview]
-  before_filter :find_project_from_association, :except => [:new, :index, :preview]
-  before_filter :find_project, :only => [:new, :preview]
-  before_filter :authorize, :except => [:index, :preview]
+  before_filter :find_model_object, :except => [:new, :create, :index]
+  before_filter :find_project_from_association, :except => [:new, :create, :index]
+  before_filter :find_project, :only => [:new, :create]
+  before_filter :authorize, :except => [:index]
  before_filter :find_optional_project, :only => :index
  accept_key_auth :index
  
  def index
-    @news_pages, @newss = paginate :news,
-                                   :per_page => 10,
-                                   :conditions => Project.allowed_to_condition(User.current, :view_news, :project => @project),
-                                   :include => [:author, :project],
-                                   :order => "#{News.table_name}.created_on DESC"    
+    case params[:format]
+    when 'xml', 'json'
+      @offset, @limit = api_offset_and_limit
+    else
+      @limit =  10
+    end
+    
+    scope = @project ? @project.news.visible : News.visible
+    
+    @news_count = scope.count
+    @news_pages = Paginator.new self, @news_count, @limit, params['page']
+    @offset ||= @news_pages.current.offset
+    @newss = scope.all(:include => [:author, :project],
+                                       :order => "#{News.table_name}.created_on DESC",
+                                       :offset => @offset,
+                                       :limit => @limit)
+    
    respond_to do |format|
      format.html { render :layout => false if request.xhr? }
-      format.xml { render :xml => @newss.to_xml }
-      format.json { render :json => @newss.to_json }
+      format.api
      format.atom { render_feed(@newss, :title => (@project ? @project.name : Setting.app_title) + ": #{l(:label_news_plural)}") }
    end
  end
@@ -46,49 +57,38 @@ class NewsController < ApplicationController

  def new
    @news = News.new(:project => @project, :author => User.current)
+  end
+
+  def create
+    @news = News.new(:project => @project, :author => User.current)
    if request.post?
      @news.attributes = params[:news]
      if @news.save
        flash[:notice] = l(:notice_successful_create)
        redirect_to :controller => 'news', :action => 'index', :project_id => @project
+      else
+        render :action => 'new'
      end
    end
  end
-  
+
  def edit
-    if request.post? and @news.update_attributes(params[:news])
+  end
+  
+  def update
+    if request.put? and @news.update_attributes(params[:news])
      flash[:notice] = l(:notice_successful_update)
      redirect_to :action => 'show', :id => @news
-    end
-  end
-  
-  def add_comment
-    @comment = Comment.new(params[:comment])
-    @comment.author = User.current
-    if @news.comments << @comment
-      flash[:notice] = l(:label_comment_added)
-      redirect_to :action => 'show', :id => @news
    else
-      show
-      render :action => 'show'
+      render :action => 'edit'
    end
  end

-  def destroy_comment
-    @news.comments.find(params[:comment_id]).destroy
-    redirect_to :action => 'show', :id => @news
-  end
-
  def destroy
    @news.destroy
    redirect_to :action => 'index', :project_id => @project
  end
  
-  def preview
-    @text = (params[:news] ? params[:news][:description] : nil)
-    render :partial => 'common/preview'
-  end
-  
 private
  def find_project
    @project = Project.find(params[:project_id])
--- a/app/controllers/previews_controller.rb
+++ b/app/controllers/previews_controller.rb
@@ -0,0 +1,33 @@
+class PreviewsController < ApplicationController
+  before_filter :find_project
+
+  def issue
+    @issue = @project.issues.find_by_id(params[:id]) unless params[:id].blank?
+    if @issue
+      @attachements = @issue.attachments
+      @description = params[:issue] && params[:issue][:description]
+      if @description && @description.gsub(/(\r?\n|\n\r?)/, "\n") == @issue.description.to_s.gsub(/(\r?\n|\n\r?)/, "\n")
+        @description = nil
+      end
+      @notes = params[:notes]
+    else
+      @description = (params[:issue] ? params[:issue][:description] : nil)
+    end
+    render :layout => false
+  end
+
+  def news
+    @text = (params[:news] ? params[:news][:description] : nil)
+    render :partial => 'common/preview'
+  end
+
+  private
+  
+  def find_project
+    project_id = (params[:issue] && params[:issue][:project_id]) || params[:project_id]
+    @project = Project.find(project_id)
+  rescue ActiveRecord::RecordNotFound
+    render_404
+  end
+  
+end
--- a/app/controllers/project_enumerations_controller.rb
+++ b/app/controllers/project_enumerations_controller.rb
@@ -0,0 +1,26 @@
+class ProjectEnumerationsController < ApplicationController
+  before_filter :find_project_by_project_id
+  before_filter :authorize
+  
+  def update
+    if request.put? && params[:enumerations]
+      Project.transaction do
+        params[:enumerations].each do |id, activity|
+          @project.update_or_create_time_entry_activity(id, activity)
+        end
+      end
+      flash[:notice] = l(:notice_successful_update)
+    end
+    
+    redirect_to :controller => 'projects', :action => 'settings', :tab => 'activities', :id => @project
+  end
+
+  def destroy
+    @project.time_entry_activities.each do |time_entry_activity|
+      time_entry_activity.destroy(time_entry_activity.parent)
+    end
+    flash[:notice] = l(:notice_successful_update)
+    redirect_to :controller => 'projects', :action => 'settings', :tab => 'activities', :id => @project
+  end
+
+end
--- a/app/controllers/projects_controller.rb
+++ b/app/controllers/projects_controller.rb
@@ -17,24 +17,21 @@

 class ProjectsController < ApplicationController
  menu_item :overview
-  menu_item :activity, :only => :activity
  menu_item :roadmap, :only => :roadmap
-  menu_item :files, :only => [:list_files, :add_file]
  menu_item :settings, :only => :settings
  
-  before_filter :find_project, :except => [ :index, :list, :add, :copy, :activity ]
-  before_filter :find_optional_project, :only => :activity
-  before_filter :authorize, :except => [ :index, :list, :add, :copy, :archive, :unarchive, :destroy, :activity ]
-  before_filter :authorize_global, :only => :add
+  before_filter :find_project, :except => [ :index, :list, :new, :create, :copy ]
+  before_filter :authorize, :except => [ :index, :list, :new, :create, :copy, :archive, :unarchive, :destroy]
+  before_filter :authorize_global, :only => [:new, :create]
  before_filter :require_admin, :only => [ :copy, :archive, :unarchive, :destroy ]
-  accept_key_auth :activity, :index
-  
-  after_filter :only => [:add, :edit, :archive, :unarchive, :destroy] do |controller|
+  accept_key_auth :index, :show, :create, :update, :destroy
+
+  after_filter :only => [:create, :edit, :update, :archive, :unarchive, :destroy] do |controller|
    if controller.request.post?
      controller.send :expire_action, :controller => 'welcome', :action => 'robots.txt'
    end
  end
-  
+
  helper :sort
  include SortHelper
  helper :custom_fields
@@ -52,8 +49,10 @@ class ProjectsController < ApplicationController
      format.html { 
        @projects = Project.visible.find(:all, :order => 'lft') 
      }
-      format.xml  {
-        @projects = Project.visible.find(:all, :order => 'lft')
+      format.api  {
+        @offset, @limit = api_offset_and_limit
+        @project_count = Project.visible.count
+        @projects = Project.visible.all(:offset => @offset, :limit => @limit, :order => 'lft')
      }
      format.atom {
        projects = Project.visible.find(:all, :order => 'created_on DESC',
@@ -63,40 +62,41 @@ class ProjectsController < ApplicationController
    end
  end
  
-  # Add a new project
-  def add
+  def new
    @issue_custom_fields = IssueCustomField.find(:all, :order => "#{CustomField.table_name}.position")
    @trackers = Tracker.all
    @project = Project.new(params[:project])
-    if request.get?
-      @project.identifier = Project.next_identifier if Setting.sequential_project_identifiers?
-      @project.trackers = Tracker.all
-      @project.is_public = Setting.default_projects_public?
-      @project.enabled_module_names = Setting.default_projects_modules
-    else
-      @project.enabled_module_names = params[:enabled_modules]
-      if validate_parent_id && @project.save
-        @project.set_allowed_parent!(params[:project]['parent_id']) if params[:project].has_key?('parent_id')
-        # Add current user as a project member if he is not admin
-        unless User.current.admin?
-          r = Role.givable.find_by_id(Setting.new_project_user_role_id.to_i) || Role.givable.first
-          m = Member.new(:user => User.current, :roles => [r])
-          @project.members << m
-        end
-        respond_to do |format|
-          format.html { 
-            flash[:notice] = l(:notice_successful_create)
-            redirect_to :controller => 'projects', :action => 'settings', :id => @project
-          }
-          format.xml  { head :created, :location => url_for(:controller => 'projects', :action => 'show', :id => @project.id) }
-        end
-      else
-        respond_to do |format|
-          format.html
-          format.xml  { render :xml => @project.errors, :status => :unprocessable_entity }
-        end
+  end
+
+  verify :method => :post, :only => :create, :render => {:nothing => true, :status => :method_not_allowed }
+  def create
+    @issue_custom_fields = IssueCustomField.find(:all, :order => "#{CustomField.table_name}.position")
+    @trackers = Tracker.all
+    @project = Project.new
+    @project.safe_attributes = params[:project]
+
+    if validate_parent_id && @project.save
+      @project.set_allowed_parent!(params[:project]['parent_id']) if params[:project].has_key?('parent_id')
+      # Add current user as a project member if he is not admin
+      unless User.current.admin?
+        r = Role.givable.find_by_id(Setting.new_project_user_role_id.to_i) || Role.givable.first
+        m = Member.new(:user => User.current, :roles => [r])
+        @project.members << m
      end
-    end	
+      respond_to do |format|
+        format.html { 
+          flash[:notice] = l(:notice_successful_create)
+          redirect_to :controller => 'projects', :action => 'settings', :id => @project
+        }
+        format.api  { render :action => 'show', :status => :created, :location => url_for(:controller => 'projects', :action => 'show', :id => @project.id) }
+      end
+    else
+      respond_to do |format|
+        format.html { render :action => 'new' }
+        format.api  { render_validation_errors(@project) }
+      end
+    end
+    
  end
  
  def copy
@@ -115,18 +115,19 @@ class ProjectsController < ApplicationController
      end  
    else
      Mailer.with_deliveries(params[:notifications] == '1') do
-        @project = Project.new(params[:project])
+        @project = Project.new
+        @project.safe_attributes = params[:project]
        @project.enabled_module_names = params[:enabled_modules]
        if validate_parent_id && @project.copy(@source_project, :only => params[:only])
          @project.set_allowed_parent!(params[:project]['parent_id']) if params[:project].has_key?('parent_id')
          flash[:notice] = l(:notice_successful_create)
-          redirect_to :controller => 'admin', :action => 'projects'
+          redirect_to :controller => 'projects', :action => 'settings', :id => @project
        elsif !@project.new_record?
          # Project was created
          # But some objects were not copied due to validation failures
          # (eg. issues from disabled trackers)
          # TODO: inform about that
-          redirect_to :controller => 'admin', :action => 'projects'
+          redirect_to :controller => 'projects', :action => 'settings', :id => @project
        end
      end
    end
@@ -164,7 +165,7 @@ class ProjectsController < ApplicationController
    
    respond_to do |format|
      format.html
-      format.xml
+      format.api
    end
  end

@@ -177,34 +178,36 @@ class ProjectsController < ApplicationController
    @wiki ||= @project.wiki
  end
  
-  # Edit @project
  def edit
-    if request.get?
+  end
+
+  # TODO: convert to PUT only
+  verify :method => [:post, :put], :only => :update, :render => {:nothing => true, :status => :method_not_allowed }
+  def update
+    @project.safe_attributes = params[:project]
+    if validate_parent_id && @project.save
+      @project.set_allowed_parent!(params[:project]['parent_id']) if params[:project].has_key?('parent_id')
+      respond_to do |format|
+        format.html { 
+          flash[:notice] = l(:notice_successful_update)
+          redirect_to :action => 'settings', :id => @project
+        }
+        format.api  { head :ok }
+      end
    else
-      @project.attributes = params[:project]
-      if validate_parent_id && @project.save
-        @project.set_allowed_parent!(params[:project]['parent_id']) if params[:project].has_key?('parent_id')
-        respond_to do |format|
-          format.html { 
-            flash[:notice] = l(:notice_successful_update)
-            redirect_to :action => 'settings', :id => @project
-          }
-          format.xml  { head :ok }
-        end
-      else
-        respond_to do |format|
-          format.html { 
-            settings
-            render :action => 'settings'
-          }
-          format.xml  { render :xml => @project.errors, :status => :unprocessable_entity }
-        end
+      respond_to do |format|
+        format.html { 
+          settings
+          render :action => 'settings'
+        }
+        format.api  { render_validation_errors(@project) }
      end
    end
  end
-  
+
+  verify :method => :post, :only => :modules, :render => {:nothing => true, :status => :method_not_allowed }
  def modules
-    @project.enabled_module_names = params[:enabled_modules]
+    @project.enabled_module_names = params[:enabled_module_names]
    flash[:notice] = l(:notice_successful_update)
    redirect_to :action => 'settings', :id => @project, :tab => 'modules'
  end
@@ -229,11 +232,11 @@ class ProjectsController < ApplicationController
    if request.get?
      # display confirmation view
    else
-      if params[:format] == 'xml' || params[:confirm]
+      if api_request? || params[:confirm]
        @project_to_destroy.destroy
        respond_to do |format|
          format.html { redirect_to :controller => 'admin', :action => 'projects' }
-          format.xml  { head :ok }
+          format.api  { head :ok }
        end
      end
    end
@@ -241,120 +244,6 @@ class ProjectsController < ApplicationController
    @project = nil
  end

-  def add_file
-    if request.post?
-      container = (params[:version_id].blank? ? @project : @project.versions.find_by_id(params[:version_id]))
-      attachments = Attachment.attach_files(container, params[:attachments])
-      render_attachment_warning_if_needed(container)
-
-      if !attachments.empty? && Setting.notified_events.include?('file_added')
-        Mailer.deliver_attachments_added(attachments[:files])
-      end
-      redirect_to :controller => 'projects', :action => 'list_files', :id => @project
-      return
-    end
-    @versions = @project.versions.sort
-  end
-
-  def save_activities
-    if request.post? && params[:enumerations]
-      Project.transaction do
-        params[:enumerations].each do |id, activity|
-          @project.update_or_create_time_entry_activity(id, activity)
-        end
-      end
-      flash[:notice] = l(:notice_successful_update)
-    end
-    
-    redirect_to :controller => 'projects', :action => 'settings', :tab => 'activities', :id => @project
-  end
-
-  def reset_activities
-    @project.time_entry_activities.each do |time_entry_activity|
-      time_entry_activity.destroy(time_entry_activity.parent)
-    end
-    flash[:notice] = l(:notice_successful_update)
-    redirect_to :controller => 'projects', :action => 'settings', :tab => 'activities', :id => @project
-  end
-  
-  def list_files
-    sort_init 'filename', 'asc'
-    sort_update 'filename' => "#{Attachment.table_name}.filename",
-                'created_on' => "#{Attachment.table_name}.created_on",
-                'size' => "#{Attachment.table_name}.filesize",
-                'downloads' => "#{Attachment.table_name}.downloads"
-                
-    @containers = [ Project.find(@project.id, :include => :attachments, :order => sort_clause)]
-    @containers += @project.versions.find(:all, :include => :attachments, :order => sort_clause).sort.reverse
-    render :layout => !request.xhr?
-  end
-
-  def roadmap
-    @trackers = @project.trackers.find(:all, :order => 'position')
-    retrieve_selected_tracker_ids(@trackers, @trackers.select {|t| t.is_in_roadmap?})
-    @with_subprojects = params[:with_subprojects].nil? ? Setting.display_subprojects_issues? : (params[:with_subprojects] == '1')
-    project_ids = @with_subprojects ? @project.self_and_descendants.collect(&:id) : [@project.id]
-    
-    @versions = @project.shared_versions || []
-    @versions += @project.rolled_up_versions.visible if @with_subprojects
-    @versions = @versions.uniq.sort
-    @versions.reject! {|version| version.closed? || version.completed? } unless params[:completed]
-    
-    @issues_by_version = {}
-    unless @selected_tracker_ids.empty?
-      @versions.each do |version|
-        issues = version.fixed_issues.visible.find(:all,
-                                                   :include => [:project, :status, :tracker, :priority],
-                                                   :conditions => {:tracker_id => @selected_tracker_ids, :project_id => project_ids},
-                                                   :order => "#{Project.table_name}.lft, #{Tracker.table_name}.position, #{Issue.table_name}.id")
-        @issues_by_version[version] = issues
-      end
-    end
-    @versions.reject! {|version| !project_ids.include?(version.project_id) && @issues_by_version[version].blank?}
-  end
-  
-  def activity
-    @days = Setting.activity_days_default.to_i
-    
-    if params[:from]
-      begin; @date_to = params[:from].to_date + 1; rescue; end
-    end
-
-    @date_to ||= Date.today + 1
-    @date_from = @date_to - @days
-    @with_subprojects = params[:with_subprojects].nil? ? Setting.display_subprojects_issues? : (params[:with_subprojects] == '1')
-    @author = (params[:user_id].blank? ? nil : User.active.find(params[:user_id]))
-    
-    @activity = Redmine::Activity::Fetcher.new(User.current, :project => @project, 
-                                                             :with_subprojects => @with_subprojects,
-                                                             :author => @author)
-    @activity.scope_select {|t| !params["show_#{t}"].nil?}
-    @activity.scope = (@author.nil? ? :default : :all) if @activity.scope.empty?
-
-    events = @activity.events(@date_from, @date_to)
-    
-    if events.empty? || stale?(:etag => [events.first, User.current])
-      respond_to do |format|
-        format.html { 
-          @events_by_day = events.group_by(&:event_date)
-          render :layout => false if request.xhr?
-        }
-        format.atom {
-          title = l(:label_activity)
-          if @author
-            title = @author.name
-          elsif @activity.scope.size == 1
-            title = l("label_#{@activity.scope.first.singularize}_plural")
-          end
-          render_feed(events, :title => "#{@project || Setting.app_title}: #{title}")
-        }
-      end
-    end
-    
-  rescue ActiveRecord::RecordNotFound
-    render_404
-  end
-  
 private
  def find_optional_project
    return true unless params[:id]
@@ -364,14 +253,6 @@ private
    render_404
  end

-  def retrieve_selected_tracker_ids(selectable_trackers, default_trackers=nil)
-    if ids = params[:tracker_ids]
-      @selected_tracker_ids = (ids.is_a? Array) ? ids.collect { |id| id.to_i.to_s } : ids.split('/').collect { |id| id.to_i.to_s }
-    else
-      @selected_tracker_ids = (default_trackers || selectable_trackers).collect {|t| t.id.to_s }
-    end
-  end
-  
  # Validates parent_id param according to user's permissions
  # TODO: move it to Project model in a validation that depends on User.current
  def validate_parent_id
--- a/app/controllers/repositories_controller.rb
+++ b/app/controllers/repositories_controller.rb
@@ -174,6 +174,9 @@ class RepositoriesController < ApplicationController
        @diff = @repository.diff(@path, @rev, @rev_to)
        show_error_not_found unless @diff
      end
+
+      @changeset = @repository.find_changeset_by_name(@rev)
+      @changeset_to = @rev_to ? @repository.find_changeset_by_name(@rev_to) : nil
    end
  end
  
@@ -196,7 +199,10 @@ class RepositoriesController < ApplicationController
    end
  end
  
-private
+  private
+
+  REV_PARAM_RE = %r{\A[a-f0-9]*\Z}i
+
  def find_repository
    @project = Project.find(params[:id])
    @repository = @project.repository
@@ -205,6 +211,12 @@ private
    @path ||= ''
    @rev = params[:rev].blank? ? @repository.default_branch : params[:rev].strip
    @rev_to = params[:rev_to]
+    
+    unless @rev.to_s.match(REV_PARAM_RE) && @rev.to_s.match(REV_PARAM_RE)
+      if @repository.branches.blank?
+        raise InvalidRevisionParam
+      end
+    end
  rescue ActiveRecord::RecordNotFound
    render_404
  rescue InvalidRevisionParam
--- a/app/controllers/settings_controller.rb
+++ b/app/controllers/settings_controller.rb
@@ -26,7 +26,7 @@ class SettingsController < ApplicationController
  end

  def edit
-    @notifiables = %w(issue_added issue_updated news_added document_added file_added message_posted wiki_content_added wiki_content_updated)
+    @notifiables = Redmine::Notifiable.all
    if request.post? && params[:settings] && params[:settings].is_a?(Hash)
      settings = (params[:settings] || {}).dup.symbolize_keys
      settings.each do |name, value|
@@ -44,6 +44,8 @@ class SettingsController < ApplicationController

    @guessed_host_and_path = request.host_with_port.dup
    @guessed_host_and_path << ('/'+ Redmine::Utils.relative_url_root.gsub(%r{^\/}, '')) unless Redmine::Utils.relative_url_root.blank?
+    
+    Redmine::Themes.rescan
  end

  def plugin
--- a/app/controllers/time_entry_reports_controller.rb
+++ b/app/controllers/time_entry_reports_controller.rb
@@ -0,0 +1,209 @@
+class TimeEntryReportsController < ApplicationController
+  menu_item :issues
+  before_filter :find_optional_project
+  before_filter :load_available_criterias
+
+  helper :sort
+  include SortHelper
+  helper :issues
+  helper :timelog
+  include TimelogHelper
+  helper :custom_fields
+  include CustomFieldsHelper
+
+  def report
+    @criterias = params[:criterias] || []
+    @criterias = @criterias.select{|criteria| @available_criterias.has_key? criteria}
+    @criterias.uniq!
+    @criterias = @criterias[0,3]
+    
+    @columns = (params[:columns] && %w(year month week day).include?(params[:columns])) ? params[:columns] : 'month'
+    
+    retrieve_date_range
+    
+    unless @criterias.empty?
+      sql_select = @criterias.collect{|criteria| @available_criterias[criteria][:sql] + " AS " + criteria}.join(', ')
+      sql_group_by = @criterias.collect{|criteria| @available_criterias[criteria][:sql]}.join(', ')
+      sql_condition = ''
+      
+      if @project.nil?
+        sql_condition = Project.allowed_to_condition(User.current, :view_time_entries)
+      elsif @issue.nil?
+        sql_condition = @project.project_condition(Setting.display_subprojects_issues?)
+      else
+        sql_condition = "#{Issue.table_name}.root_id = #{@issue.root_id} AND #{Issue.table_name}.lft >= #{@issue.lft} AND #{Issue.table_name}.rgt <= #{@issue.rgt}"
+      end
+
+      sql = "SELECT #{sql_select}, tyear, tmonth, tweek, spent_on, SUM(hours) AS hours"
+      sql << " FROM #{TimeEntry.table_name}"
+      sql << time_report_joins
+      sql << " WHERE"
+      sql << " (%s) AND" % sql_condition
+      sql << " (spent_on BETWEEN '%s' AND '%s')" % [ActiveRecord::Base.connection.quoted_date(@from), ActiveRecord::Base.connection.quoted_date(@to)]
+      sql << " GROUP BY #{sql_group_by}, tyear, tmonth, tweek, spent_on"
+      
+      @hours = ActiveRecord::Base.connection.select_all(sql)
+      
+      @hours.each do |row|
+        case @columns
+        when 'year'
+          row['year'] = row['tyear']
+        when 'month'
+          row['month'] = "#{row['tyear']}-#{row['tmonth']}"
+        when 'week'
+          row['week'] = "#{row['tyear']}-#{row['tweek']}"
+        when 'day'
+          row['day'] = "#{row['spent_on']}"
+        end
+      end
+      
+      @total_hours = @hours.inject(0) {|s,k| s = s + k['hours'].to_f}
+      
+      @periods = []
+      # Date#at_beginning_of_ not supported in Rails 1.2.x
+      date_from = @from.to_time
+      # 100 columns max
+      while date_from <= @to.to_time && @periods.length < 100
+        case @columns
+        when 'year'
+          @periods << "#{date_from.year}"
+          date_from = (date_from + 1.year).at_beginning_of_year
+        when 'month'
+          @periods << "#{date_from.year}-#{date_from.month}"
+          date_from = (date_from + 1.month).at_beginning_of_month
+        when 'week'
+          @periods << "#{date_from.year}-#{date_from.to_date.cweek}"
+          date_from = (date_from + 7.day).at_beginning_of_week
+        when 'day'
+          @periods << "#{date_from.to_date}"
+          date_from = date_from + 1.day
+        end
+      end
+    end
+    
+    respond_to do |format|
+      format.html { render :layout => !request.xhr? }
+      format.csv  { send_data(report_to_csv(@criterias, @periods, @hours), :type => 'text/csv; header=present', :filename => 'timelog.csv') }
+    end
+  end
+  
+  private
+
+  # TODO: duplicated in TimelogController
+  def find_optional_project
+    if !params[:issue_id].blank?
+      @issue = Issue.find(params[:issue_id])
+      @project = @issue.project
+    elsif !params[:project_id].blank?
+      @project = Project.find(params[:project_id])
+    end
+    deny_access unless User.current.allowed_to?(:view_time_entries, @project, :global => true)
+  end
+
+  # Retrieves the date range based on predefined ranges or specific from/to param dates
+  # TODO: duplicated in TimelogController
+  def retrieve_date_range
+    @free_period = false
+    @from, @to = nil, nil
+
+    if params[:period_type] == '1' || (params[:period_type].nil? && !params[:period].nil?)
+      case params[:period].to_s
+      when 'today'
+        @from = @to = Date.today
+      when 'yesterday'
+        @from = @to = Date.today - 1
+      when 'current_week'
+        @from = Date.today - (Date.today.cwday - 1)%7
+        @to = @from + 6
+      when 'last_week'
+        @from = Date.today - 7 - (Date.today.cwday - 1)%7
+        @to = @from + 6
+      when '7_days'
+        @from = Date.today - 7
+        @to = Date.today
+      when 'current_month'
+        @from = Date.civil(Date.today.year, Date.today.month, 1)
+        @to = (@from >> 1) - 1
+      when 'last_month'
+        @from = Date.civil(Date.today.year, Date.today.month, 1) << 1
+        @to = (@from >> 1) - 1
+      when '30_days'
+        @from = Date.today - 30
+        @to = Date.today
+      when 'current_year'
+        @from = Date.civil(Date.today.year, 1, 1)
+        @to = Date.civil(Date.today.year, 12, 31)
+      end
+    elsif params[:period_type] == '2' || (params[:period_type].nil? && (!params[:from].nil? || !params[:to].nil?))
+      begin; @from = params[:from].to_s.to_date unless params[:from].blank?; rescue; end
+      begin; @to = params[:to].to_s.to_date unless params[:to].blank?; rescue; end
+      @free_period = true
+    else
+      # default
+    end
+    
+    @from, @to = @to, @from if @from && @to && @from > @to
+    @from ||= (TimeEntry.earilest_date_for_project(@project) || Date.today)
+    @to   ||= (TimeEntry.latest_date_for_project(@project) || Date.today)
+  end
+
+  def load_available_criterias
+    @available_criterias = { 'project' => {:sql => "#{TimeEntry.table_name}.project_id",
+                                          :klass => Project,
+                                          :label => :label_project},
+                             'version' => {:sql => "#{Issue.table_name}.fixed_version_id",
+                                          :klass => Version,
+                                          :label => :label_version},
+                             'category' => {:sql => "#{Issue.table_name}.category_id",
+                                            :klass => IssueCategory,
+                                            :label => :field_category},
+                             'member' => {:sql => "#{TimeEntry.table_name}.user_id",
+                                         :klass => User,
+                                         :label => :label_member},
+                             'tracker' => {:sql => "#{Issue.table_name}.tracker_id",
+                                          :klass => Tracker,
+                                          :label => :label_tracker},
+                             'activity' => {:sql => "#{TimeEntry.table_name}.activity_id",
+                                           :klass => TimeEntryActivity,
+                                           :label => :label_activity},
+                             'issue' => {:sql => "#{TimeEntry.table_name}.issue_id",
+                                         :klass => Issue,
+                                         :label => :label_issue}
+                           }
+    
+    # Add list and boolean custom fields as available criterias
+    custom_fields = (@project.nil? ? IssueCustomField.for_all : @project.all_issue_custom_fields)
+    custom_fields.select {|cf| %w(list bool).include? cf.field_format }.each do |cf|
+      @available_criterias["cf_#{cf.id}"] = {:sql => "(SELECT c.value FROM #{CustomValue.table_name} c WHERE c.custom_field_id = #{cf.id} AND c.customized_type = 'Issue' AND c.customized_id = #{Issue.table_name}.id)",
+                                             :format => cf.field_format,
+                                             :label => cf.name}
+    end if @project
+    
+    # Add list and boolean time entry custom fields
+    TimeEntryCustomField.find(:all).select {|cf| %w(list bool).include? cf.field_format }.each do |cf|
+      @available_criterias["cf_#{cf.id}"] = {:sql => "(SELECT c.value FROM #{CustomValue.table_name} c WHERE c.custom_field_id = #{cf.id} AND c.customized_type = 'TimeEntry' AND c.customized_id = #{TimeEntry.table_name}.id)",
+                                             :format => cf.field_format,
+                                             :label => cf.name}
+    end
+
+    # Add list and boolean time entry activity custom fields
+    TimeEntryActivityCustomField.find(:all).select {|cf| %w(list bool).include? cf.field_format }.each do |cf|
+      @available_criterias["cf_#{cf.id}"] = {:sql => "(SELECT c.value FROM #{CustomValue.table_name} c WHERE c.custom_field_id = #{cf.id} AND c.customized_type = 'Enumeration' AND c.customized_id = #{TimeEntry.table_name}.activity_id)",
+                                             :format => cf.field_format,
+                                             :label => cf.name}
+    end
+
+    call_hook(:controller_timelog_available_criterias, { :available_criterias => @available_criterias, :project => @project })
+    @available_criterias
+  end
+
+  def time_report_joins
+    sql = ''
+    sql << " LEFT JOIN #{Issue.table_name} ON #{TimeEntry.table_name}.issue_id = #{Issue.table_name}.id"
+    sql << " LEFT JOIN #{Project.table_name} ON #{TimeEntry.table_name}.project_id = #{Project.table_name}.id"
+    # TODO: rename hook
+    call_hook(:controller_timelog_time_report_joins, {:sql => sql} )
+    sql
+  end
+
+end
--- a/app/controllers/timelog_controller.rb
+++ b/app/controllers/timelog_controller.rb
@@ -1,5 +1,5 @@
-# redMine - project management software
-# Copyright (C) 2006-2007  Jean-Philippe Lang
+# Redmine - project management software
+# Copyright (C) 2006-2010  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -17,11 +17,11 @@

 class TimelogController < ApplicationController
  menu_item :issues
-  before_filter :find_project, :authorize, :only => [:edit, :destroy]
-  before_filter :find_optional_project, :only => [:report, :details]
-  before_filter :load_available_criterias, :only => [:report]
-
-  verify :method => :post, :only => :destroy, :redirect_to => { :action => :details }
+  before_filter :find_project, :only => [:new, :create]
+  before_filter :find_time_entry, :only => [:show, :edit, :update, :destroy]
+  before_filter :authorize, :except => [:index]
+  before_filter :find_optional_project, :only => [:index]
+  accept_key_auth :index, :show, :create, :update, :destroy
  
  helper :sort
  include SortHelper
@@ -30,84 +30,7 @@ class TimelogController < ApplicationController
  helper :custom_fields
  include CustomFieldsHelper
  
-  def report
-    @criterias = params[:criterias] || []
-    @criterias = @criterias.select{|criteria| @available_criterias.has_key? criteria}
-    @criterias.uniq!
-    @criterias = @criterias[0,3]
-    
-    @columns = (params[:columns] && %w(year month week day).include?(params[:columns])) ? params[:columns] : 'month'
-    
-    retrieve_date_range
-    
-    unless @criterias.empty?
-      sql_select = @criterias.collect{|criteria| @available_criterias[criteria][:sql] + " AS " + criteria}.join(', ')
-      sql_group_by = @criterias.collect{|criteria| @available_criterias[criteria][:sql]}.join(', ')
-      sql_condition = ''
-      
-      if @project.nil?
-        sql_condition = Project.allowed_to_condition(User.current, :view_time_entries)
-      elsif @issue.nil?
-        sql_condition = @project.project_condition(Setting.display_subprojects_issues?)
-      else
-        sql_condition = "#{Issue.table_name}.root_id = #{@issue.root_id} AND #{Issue.table_name}.lft >= #{@issue.lft} AND #{Issue.table_name}.rgt <= #{@issue.rgt}"
-      end
-
-      sql = "SELECT #{sql_select}, tyear, tmonth, tweek, spent_on, SUM(hours) AS hours"
-      sql << " FROM #{TimeEntry.table_name}"
-      sql << " LEFT JOIN #{Issue.table_name} ON #{TimeEntry.table_name}.issue_id = #{Issue.table_name}.id"
-      sql << " LEFT JOIN #{Project.table_name} ON #{TimeEntry.table_name}.project_id = #{Project.table_name}.id"
-      sql << " WHERE"
-      sql << " (%s) AND" % sql_condition
-      sql << " (spent_on BETWEEN '%s' AND '%s')" % [ActiveRecord::Base.connection.quoted_date(@from), ActiveRecord::Base.connection.quoted_date(@to)]
-      sql << " GROUP BY #{sql_group_by}, tyear, tmonth, tweek, spent_on"
-      
-      @hours = ActiveRecord::Base.connection.select_all(sql)
-      
-      @hours.each do |row|
-        case @columns
-        when 'year'
-          row['year'] = row['tyear']
-        when 'month'
-          row['month'] = "#{row['tyear']}-#{row['tmonth']}"
-        when 'week'
-          row['week'] = "#{row['tyear']}-#{row['tweek']}"
-        when 'day'
-          row['day'] = "#{row['spent_on']}"
-        end
-      end
-      
-      @total_hours = @hours.inject(0) {|s,k| s = s + k['hours'].to_f}
-      
-      @periods = []
-      # Date#at_beginning_of_ not supported in Rails 1.2.x
-      date_from = @from.to_time
-      # 100 columns max
-      while date_from <= @to.to_time && @periods.length < 100
-        case @columns
-        when 'year'
-          @periods << "#{date_from.year}"
-          date_from = (date_from + 1.year).at_beginning_of_year
-        when 'month'
-          @periods << "#{date_from.year}-#{date_from.month}"
-          date_from = (date_from + 1.month).at_beginning_of_month
-        when 'week'
-          @periods << "#{date_from.year}-#{date_from.to_date.cweek}"
-          date_from = (date_from + 7.day).at_beginning_of_week
-        when 'day'
-          @periods << "#{date_from.to_date}"
-          date_from = date_from + 1.day
-        end
-      end
-    end
-    
-    respond_to do |format|
-      format.html { render :layout => !request.xhr? }
-      format.csv  { send_data(report_to_csv(@criterias, @periods, @hours), :type => 'text/csv; header=present', :filename => 'timelog.csv') }
-    end
-  end
-  
-  def details
+  def index
    sort_init 'spent_on', 'desc'
    sort_update 'spent_on' => 'spent_on',
                'user' => 'user_id',
@@ -144,6 +67,16 @@ class TimelogController < ApplicationController

          render :layout => !request.xhr?
        }
+        format.api  {
+          @entry_count = TimeEntry.count(:include => [:project, :issue], :conditions => cond.conditions)
+          @entry_pages = Paginator.new self, @entry_count, per_page_option, params['page']
+          @entries = TimeEntry.find(:all, 
+                                    :include => [:project, :activity, :user, {:issue => :tracker}],
+                                    :conditions => cond.conditions,
+                                    :order => sort_clause,
+                                    :limit  =>  @entry_pages.items_per_page,
+                                    :offset =>  @entry_pages.current.offset)
+        }
        format.atom {
          entries = TimeEntry.find(:all,
                                   :include => [:project, :activity, :user, {:issue => :tracker}],
@@ -164,43 +97,114 @@ class TimelogController < ApplicationController
    end
  end
  
-  def edit
-    (render_403; return) if @time_entry && !@time_entry.editable_by?(User.current)
+  def show
+    respond_to do |format|
+      # TODO: Implement html response
+      format.html { render :nothing => true, :status => 406 }
+      format.api
+    end
+  end
+
+  def new
+    @time_entry ||= TimeEntry.new(:project => @project, :issue => @issue, :user => User.current, :spent_on => User.current.today)
+    @time_entry.attributes = params[:time_entry]
+    
+    call_hook(:controller_timelog_edit_before_save, { :params => params, :time_entry => @time_entry })
+    render :action => 'edit'
+  end
+
+  verify :method => :post, :only => :create, :render => {:nothing => true, :status => :method_not_allowed }
+  def create
    @time_entry ||= TimeEntry.new(:project => @project, :issue => @issue, :user => User.current, :spent_on => User.current.today)
    @time_entry.attributes = params[:time_entry]
    
    call_hook(:controller_timelog_edit_before_save, { :params => params, :time_entry => @time_entry })
    
-    if request.post? and @time_entry.save
-      flash[:notice] = l(:notice_successful_update)
-      redirect_back_or_default :action => 'details', :project_id => @time_entry.project
-      return
+    if @time_entry.save
+      respond_to do |format|
+        format.html {
+          flash[:notice] = l(:notice_successful_update)
+          redirect_back_or_default :action => 'index', :project_id => @time_entry.project
+        }
+        format.api  { render :action => 'show', :status => :created, :location => time_entry_url(@time_entry) }
+      end
+    else
+      respond_to do |format|
+        format.html { render :action => 'edit' }
+        format.api  { render_validation_errors(@time_entry) }
+      end
    end    
  end
  
-  def destroy
-    (render_404; return) unless @time_entry
-    (render_403; return) unless @time_entry.editable_by?(User.current)
-    if @time_entry.destroy && @time_entry.destroyed?
-      flash[:notice] = l(:notice_successful_delete)
+  def edit
+    @time_entry.attributes = params[:time_entry]
+    
+    call_hook(:controller_timelog_edit_before_save, { :params => params, :time_entry => @time_entry })
+  end
+
+  verify :method => :put, :only => :update, :render => {:nothing => true, :status => :method_not_allowed }
+  def update
+    @time_entry.attributes = params[:time_entry]
+    
+    call_hook(:controller_timelog_edit_before_save, { :params => params, :time_entry => @time_entry })
+    
+    if @time_entry.save
+      respond_to do |format|
+        format.html {
+          flash[:notice] = l(:notice_successful_update)
+          redirect_back_or_default :action => 'index', :project_id => @time_entry.project
+        }
+        format.api  { head :ok }
+      end
    else
-      flash[:error] = l(:notice_unable_delete_time_entry)
+      respond_to do |format|
+        format.html { render :action => 'edit' }
+        format.api  { render_validation_errors(@time_entry) }
+      end
+    end    
+  end
+
+  verify :method => :delete, :only => :destroy, :render => {:nothing => true, :status => :method_not_allowed }
+  def destroy
+    if @time_entry.destroy && @time_entry.destroyed?
+      respond_to do |format|
+        format.html {
+          flash[:notice] = l(:notice_successful_delete)
+          redirect_to :back
+        }
+        format.api  { head :ok }
+      end
+    else
+      respond_to do |format|
+        format.html {
+          flash[:error] = l(:notice_unable_delete_time_entry)
+          redirect_to :back
+        }
+        format.api  { render_validation_errors(@time_entry) }
+      end
    end
-    redirect_to :back
  rescue ::ActionController::RedirectBackError
-    redirect_to :action => 'details', :project_id => @time_entry.project
+    redirect_to :action => 'index', :project_id => @time_entry.project
  end

 private
+  def find_time_entry
+    @time_entry = TimeEntry.find(params[:id])
+    unless @time_entry.editable_by?(User.current)
+      render_403
+      return false
+    end
+    @project = @time_entry.project
+  rescue ActiveRecord::RecordNotFound
+    render_404
+  end
+
  def find_project
-    if params[:id]
-      @time_entry = TimeEntry.find(params[:id])
-      @project = @time_entry.project
-    elsif params[:issue_id]
-      @issue = Issue.find(params[:issue_id])
+    if (issue_id = (params[:issue_id] || params[:time_entry] && params[:time_entry][:issue_id])).present?
+      @issue = Issue.find(issue_id)
      @project = @issue.project
-    elsif params[:project_id]
-      @project = Project.find(params[:project_id])
+    elsif (project_id = (params[:project_id] || params[:time_entry] && params[:time_entry][:project_id])).present?
+      @project = Project.find(project_id)
    else
      render_404
      return false
@@ -261,57 +265,8 @@ private
    end
    
    @from, @to = @to, @from if @from && @to && @from > @to
-    @from ||= (TimeEntry.minimum(:spent_on, :include => :project, :conditions => Project.allowed_to_condition(User.current, :view_time_entries)) || Date.today) - 1
-    @to   ||= (TimeEntry.maximum(:spent_on, :include => :project, :conditions => Project.allowed_to_condition(User.current, :view_time_entries)) || Date.today)
+    @from ||= (TimeEntry.earilest_date_for_project(@project) || Date.today)
+    @to   ||= (TimeEntry.latest_date_for_project(@project) || Date.today)
  end

-  def load_available_criterias
-    @available_criterias = { 'project' => {:sql => "#{TimeEntry.table_name}.project_id",
-                                          :klass => Project,
-                                          :label => :label_project},
-                             'version' => {:sql => "#{Issue.table_name}.fixed_version_id",
-                                          :klass => Version,
-                                          :label => :label_version},
-                             'category' => {:sql => "#{Issue.table_name}.category_id",
-                                            :klass => IssueCategory,
-                                            :label => :field_category},
-                             'member' => {:sql => "#{TimeEntry.table_name}.user_id",
-                                         :klass => User,
-                                         :label => :label_member},
-                             'tracker' => {:sql => "#{Issue.table_name}.tracker_id",
-                                          :klass => Tracker,
-                                          :label => :label_tracker},
-                             'activity' => {:sql => "#{TimeEntry.table_name}.activity_id",
-                                           :klass => TimeEntryActivity,
-                                           :label => :label_activity},
-                             'issue' => {:sql => "#{TimeEntry.table_name}.issue_id",
-                                         :klass => Issue,
-                                         :label => :label_issue}
-                           }
-    
-    # Add list and boolean custom fields as available criterias
-    custom_fields = (@project.nil? ? IssueCustomField.for_all : @project.all_issue_custom_fields)
-    custom_fields.select {|cf| %w(list bool).include? cf.field_format }.each do |cf|
-      @available_criterias["cf_#{cf.id}"] = {:sql => "(SELECT c.value FROM #{CustomValue.table_name} c WHERE c.custom_field_id = #{cf.id} AND c.customized_type = 'Issue' AND c.customized_id = #{Issue.table_name}.id)",
-                                             :format => cf.field_format,
-                                             :label => cf.name}
-    end if @project
-    
-    # Add list and boolean time entry custom fields
-    TimeEntryCustomField.find(:all).select {|cf| %w(list bool).include? cf.field_format }.each do |cf|
-      @available_criterias["cf_#{cf.id}"] = {:sql => "(SELECT c.value FROM #{CustomValue.table_name} c WHERE c.custom_field_id = #{cf.id} AND c.customized_type = 'TimeEntry' AND c.customized_id = #{TimeEntry.table_name}.id)",
-                                             :format => cf.field_format,
-                                             :label => cf.name}
-    end
-
-    # Add list and boolean time entry activity custom fields
-    TimeEntryActivityCustomField.find(:all).select {|cf| %w(list bool).include? cf.field_format }.each do |cf|
-      @available_criterias["cf_#{cf.id}"] = {:sql => "(SELECT c.value FROM #{CustomValue.table_name} c WHERE c.custom_field_id = #{cf.id} AND c.customized_type = 'Enumeration' AND c.customized_id = #{TimeEntry.table_name}.activity_id)",
-                                             :format => cf.field_format,
-                                             :label => cf.name}
-    end
-
-    call_hook(:controller_timelog_available_criterias, { :available_criterias => @available_criterias, :project => @project })
-    @available_criterias
-  end
 end
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -1,5 +1,5 @@
 # Redmine - project management software
-# Copyright (C) 2006-2009  Jean-Philippe Lang
+# Copyright (C) 2006-2010  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -19,6 +19,8 @@ class UsersController < ApplicationController
  layout 'admin'
  
  before_filter :require_admin, :except => :show
+  before_filter :find_user, :only => [:show, :edit, :update, :edit_membership, :destroy_membership]
+  accept_key_auth :index, :show, :create, :update

  helper :sort
  include SortHelper
@@ -29,6 +31,13 @@ class UsersController < ApplicationController
    sort_init 'login', 'asc'
    sort_update %w(login firstname lastname mail admin created_on last_login_on)
    
+    case params[:format]
+    when 'xml', 'json'
+      @offset, @limit = api_offset_and_limit
+    else
+      @limit = per_page_option
+    end
+    
    @status = params[:status] ? params[:status].to_i : 1
    c = ARCondition.new(@status == 0 ? "status <> 0" : ["status = ?", @status])

@@ -38,25 +47,23 @@ class UsersController < ApplicationController
    end
    
    @user_count = User.count(:conditions => c.conditions)
-    @user_pages = Paginator.new self, @user_count,
-								per_page_option,
-								params['page']								
-    @users =  User.find :all,:order => sort_clause,
+    @user_pages = Paginator.new self, @user_count, @limit, params['page']
+    @offset ||= @user_pages.current.offset
+    @users =  User.find :all,
+                        :order => sort_clause,
                        :conditions => c.conditions,
-						:limit  =>  @user_pages.items_per_page,
-						:offset =>  @user_pages.current.offset
+                        :limit  =>  @limit,
+                        :offset =>  @offset

-    render :layout => !request.xhr?	
+		respond_to do |format|
+		  format.html { render :layout => !request.xhr? }
+      format.api
+		end	
  end
  
  def show
-    @user = User.find(params[:id])
-    @custom_values = @user.custom_values
-    
-    # show only public projects and private projects that the logged in user is also a member of
-    @memberships = @user.memberships.select do |membership|
-      membership.project.is_public? || (User.current.member_of?(membership.project))
-    end
+    # show projects based on current user visibility
+    @memberships = @user.memberships.all(:conditions => Project.visible_by(User.current))
    
    events = Redmine::Activity::Fetcher.new(User.current, :author => @user).events(nil, nil, :limit => 10)
    @events_by_day = events.group_by(&:event_date)
@@ -67,74 +74,132 @@ class UsersController < ApplicationController
        return
      end
    end
-    render :layout => 'base'
-
-  rescue ActiveRecord::RecordNotFound
-    render_404
+    
+    respond_to do |format|
+      format.html { render :layout => 'base' }
+      format.api
+    end
  end

-  def add
-    if request.get?
-      @user = User.new(:language => Setting.default_language)
+  def new
+    @user = User.new(:language => Setting.default_language, :mail_notification => Setting.default_notification_option)
+    @auth_sources = AuthSource.find(:all)
+  end
+  
+  verify :method => :post, :only => :create, :render => {:nothing => true, :status => :method_not_allowed }
+  def create
+    @user = User.new(:language => Setting.default_language, :mail_notification => Setting.default_notification_option)
+    @user.safe_attributes = params[:user]
+    @user.admin = params[:user][:admin] || false
+    @user.login = params[:user][:login]
+    @user.password, @user.password_confirmation = params[:user][:password], params[:user][:password_confirmation] unless @user.auth_source_id
+
+    # TODO: Similar to My#account
+    @user.pref.attributes = params[:pref]
+    @user.pref[:no_self_notified] = (params[:no_self_notified] == '1')
+
+    if @user.save
+      @user.pref.save
+      @user.notified_project_ids = (@user.mail_notification == 'selected' ? params[:notified_project_ids] : [])
+
+      Mailer.deliver_account_information(@user, params[:user][:password]) if params[:send_information]
+      
+      respond_to do |format|
+        format.html {
+          flash[:notice] = l(:notice_successful_create)
+          redirect_to(params[:continue] ? 
+            {:controller => 'users', :action => 'new'} : 
+            {:controller => 'users', :action => 'edit', :id => @user}
+          )
+        }
+        format.api  { render :action => 'show', :status => :created, :location => user_url(@user) }
+      end
    else
-      @user = User.new(params[:user])
-      @user.admin = params[:user][:admin] || false
-      @user.login = params[:user][:login]
-      @user.password, @user.password_confirmation = params[:password], params[:password_confirmation] unless @user.auth_source_id
-      if @user.save
-        Mailer.deliver_account_information(@user, params[:password]) if params[:send_information]
-        flash[:notice] = l(:notice_successful_create)
-        redirect_to(params[:continue] ? {:controller => 'users', :action => 'add'} : 
-                                        {:controller => 'users', :action => 'edit', :id => @user})
-        return
+      @auth_sources = AuthSource.find(:all)
+      # Clear password input
+      @user.password = @user.password_confirmation = nil
+
+      respond_to do |format|
+        format.html { render :action => 'new' }
+        format.api  { render_validation_errors(@user) }
      end
    end
-    @auth_sources = AuthSource.find(:all)
  end

  def edit
-    @user = User.find(params[:id])
-    if request.post?
-      @user.admin = params[:user][:admin] if params[:user][:admin]
-      @user.login = params[:user][:login] if params[:user][:login]
-      @user.password, @user.password_confirmation = params[:password], params[:password_confirmation] unless params[:password].nil? or params[:password].empty? or @user.auth_source_id
-      @user.group_ids = params[:user][:group_ids] if params[:user][:group_ids]
-      @user.attributes = params[:user]
-      # Was the account actived ? (do it before User#save clears the change)
-      was_activated = (@user.status_change == [User::STATUS_REGISTERED, User::STATUS_ACTIVE])
-      if @user.save
-        if was_activated
-          Mailer.deliver_account_activated(@user)
-        elsif @user.active? && params[:send_information] && !params[:password].blank? && @user.auth_source_id.nil?
-          Mailer.deliver_account_information(@user, params[:password])
-        end
-        flash[:notice] = l(:notice_successful_update)
-        redirect_to :back
-      end
-    end
    @auth_sources = AuthSource.find(:all)
    @membership ||= Member.new
+  end
+  
+  verify :method => :put, :only => :update, :render => {:nothing => true, :status => :method_not_allowed }
+  def update
+    @user.admin = params[:user][:admin] if params[:user][:admin]
+    @user.login = params[:user][:login] if params[:user][:login]
+    if params[:user][:password].present? && (@user.auth_source_id.nil? || params[:user][:auth_source_id].blank?)
+      @user.password, @user.password_confirmation = params[:user][:password], params[:user][:password_confirmation]
+    end
+    @user.safe_attributes = params[:user]
+    # Was the account actived ? (do it before User#save clears the change)
+    was_activated = (@user.status_change == [User::STATUS_REGISTERED, User::STATUS_ACTIVE])
+    # TODO: Similar to My#account
+    @user.pref.attributes = params[:pref]
+    @user.pref[:no_self_notified] = (params[:no_self_notified] == '1')
+
+    if @user.save
+      @user.pref.save
+      @user.notified_project_ids = (@user.mail_notification == 'selected' ? params[:notified_project_ids] : [])
+
+      if was_activated
+        Mailer.deliver_account_activated(@user)
+      elsif @user.active? && params[:send_information] && !params[:user][:password].blank? && @user.auth_source_id.nil?
+        Mailer.deliver_account_information(@user, params[:user][:password])
+      end
+      
+      respond_to do |format|
+        format.html {
+          flash[:notice] = l(:notice_successful_update)
+          redirect_to :back
+        }
+        format.api  { head :ok }
+      end
+    else
+      @auth_sources = AuthSource.find(:all)
+      @membership ||= Member.new
+      # Clear password input
+      @user.password = @user.password_confirmation = nil
+
+      respond_to do |format|
+        format.html { render :action => :edit }
+        format.api  { render_validation_errors(@user) }
+      end
+    end
  rescue ::ActionController::RedirectBackError
    redirect_to :controller => 'users', :action => 'edit', :id => @user
  end
-  
+
  def edit_membership
-    @user = User.find(params[:id])
    @membership = Member.edit_membership(params[:membership_id], params[:membership], @user)
    @membership.save if request.post?
    respond_to do |format|
-       format.html { redirect_to :controller => 'users', :action => 'edit', :id => @user, :tab => 'memberships' }
-       format.js { 
-         render(:update) {|page| 
-           page.replace_html "tab-content-memberships", :partial => 'users/memberships'
-           page.visual_effect(:highlight, "member-#{@membership.id}")
-         }
-       }
-     end
+      if @membership.valid?
+        format.html { redirect_to :controller => 'users', :action => 'edit', :id => @user, :tab => 'memberships' }
+        format.js {
+          render(:update) {|page|
+            page.replace_html "tab-content-memberships", :partial => 'users/memberships'
+            page.visual_effect(:highlight, "member-#{@membership.id}")
+          }
+        }
+      else
+        format.js {
+          render(:update) {|page|
+            page.alert(l(:notice_failed_to_save_members, :errors => @membership.errors.full_messages.join(', ')))
+          }
+        }
+      end
+    end
  end
  
  def destroy_membership
-    @user = User.find(params[:id])
    @membership = Member.find(params[:membership_id])
    if request.post? && @membership.deletable?
      @membership.destroy
@@ -144,4 +209,17 @@ class UsersController < ApplicationController
      format.js { render(:update) {|page| page.replace_html "tab-content-memberships", :partial => 'users/memberships'} }
    end
  end
+  
+  private
+  
+  def find_user
+    if params[:id] == 'current'
+      require_login || return
+      @user = User.current
+    else
+      @user = User.find(params[:id])
+    end
+  rescue ActiveRecord::RecordNotFound
+    render_404
+  end
 end
--- a/app/controllers/versions_controller.rb
+++ b/app/controllers/versions_controller.rb
@@ -18,15 +18,42 @@
 class VersionsController < ApplicationController
  menu_item :roadmap
  model_object Version
-  before_filter :find_model_object, :except => [:new, :close_completed]
-  before_filter :find_project_from_association, :except => [:new, :close_completed]
-  before_filter :find_project, :only => [:new, :close_completed]
+  before_filter :find_model_object, :except => [:index, :new, :create, :close_completed]
+  before_filter :find_project_from_association, :except => [:index, :new, :create, :close_completed]
+  before_filter :find_project, :only => [:index, :new, :create, :close_completed]
  before_filter :authorize

  helper :custom_fields
  helper :projects
+
+  def index
+    @trackers = @project.trackers.find(:all, :order => 'position')
+    retrieve_selected_tracker_ids(@trackers, @trackers.select {|t| t.is_in_roadmap?})
+    @with_subprojects = params[:with_subprojects].nil? ? Setting.display_subprojects_issues? : (params[:with_subprojects] == '1')
+    project_ids = @with_subprojects ? @project.self_and_descendants.collect(&:id) : [@project.id]
+    
+    @versions = @project.shared_versions || []
+    @versions += @project.rolled_up_versions.visible if @with_subprojects
+    @versions = @versions.uniq.sort
+    @versions.reject! {|version| version.closed? || version.completed? } unless params[:completed]
+    
+    @issues_by_version = {}
+    unless @selected_tracker_ids.empty?
+      @versions.each do |version|
+        issues = version.fixed_issues.visible.find(:all,
+                                                   :include => [:project, :status, :tracker, :priority],
+                                                   :conditions => {:tracker_id => @selected_tracker_ids, :project_id => project_ids},
+                                                   :order => "#{Project.table_name}.lft, #{Tracker.table_name}.position, #{Issue.table_name}.id")
+        @issues_by_version[version] = issues
+      end
+    end
+    @versions.reject! {|version| !project_ids.include?(version.project_id) && @issues_by_version[version].blank?}
+  end
  
  def show
+    @issues = @version.fixed_issues.visible.find(:all,
+      :include => [:status, :tracker, :priority],
+      :order => "#{Tracker.table_name}.position, #{Issue.table_name}.id")
  end
  
  def new
@@ -36,6 +63,17 @@ class VersionsController < ApplicationController
      attributes.delete('sharing') unless attributes.nil? || @version.allowed_sharings.include?(attributes['sharing'])
      @version.attributes = attributes
    end
+  end
+
+  def create
+    # TODO: refactor with code above in #new
+    @version = @project.versions.build
+    if params[:version]
+      attributes = params[:version].dup
+      attributes.delete('sharing') unless attributes.nil? || @version.allowed_sharings.include?(attributes['sharing'])
+      @version.attributes = attributes
+    end
+
    if request.post?
      if @version.save
        respond_to do |format|
@@ -52,7 +90,7 @@ class VersionsController < ApplicationController
        end
      else
        respond_to do |format|
-          format.html
+          format.html { render :action => 'new' }
          format.js do
            render(:update) {|page| page.alert(@version.errors.full_messages.join('\n')) }
          end
@@ -60,20 +98,27 @@ class VersionsController < ApplicationController
      end
    end
  end
-  
+
  def edit
-    if request.post? && params[:version]
+  end
+  
+  def update
+    if request.put? && params[:version]
      attributes = params[:version].dup
      attributes.delete('sharing') unless @version.allowed_sharings.include?(attributes['sharing'])
      if @version.update_attributes(attributes)
        flash[:notice] = l(:notice_successful_update)
        redirect_to :controller => 'projects', :action => 'settings', :tab => 'versions', :id => @project
+      else
+        respond_to do |format|
+          format.html { render :action => 'edit' }
+        end
      end
    end
  end
  
  def close_completed
-    if request.post?
+    if request.put?
      @project.close_completed_versions
    end
    redirect_to :controller => 'projects', :action => 'settings', :tab => 'versions', :id => @project
@@ -102,4 +147,13 @@ private
  rescue ActiveRecord::RecordNotFound
    render_404
  end
+
+  def retrieve_selected_tracker_ids(selectable_trackers, default_trackers=nil)
+    if ids = params[:tracker_ids]
+      @selected_tracker_ids = (ids.is_a? Array) ? ids.collect { |id| id.to_i.to_s } : ids.split('/').collect { |id| id.to_i.to_s }
+    else
+      @selected_tracker_ids = (default_trackers || selectable_trackers).collect {|t| t.id.to_s }
+    end
+  end
+
 end
--- a/app/controllers/wiki_controller.rb
+++ b/app/controllers/wiki_controller.rb
@@ -17,20 +17,39 @@

 require 'diff'

+# The WikiController follows the Rails REST controller pattern but with
+# a few differences
+#
+# * index - shows a list of WikiPages grouped by page or date
+# * new - not used
+# * create - not used
+# * show - will also show the form for creating a new wiki page
+# * edit - used to edit an existing or new page
+# * update - used to save a wiki page update to the database, including new pages
+# * destroy - normal
+#
+# Other member and collection methods are also used
+#
+# TODO: still being worked on
 class WikiController < ApplicationController
  default_search_scope :wiki_pages
  before_filter :find_wiki, :authorize
  before_filter :find_existing_page, :only => [:rename, :protect, :history, :diff, :annotate, :add_attachment, :destroy]
  
-  verify :method => :post, :only => [:destroy, :protect], :redirect_to => { :action => :index }
+  verify :method => :post, :only => [:protect], :redirect_to => { :action => :show }

  helper :attachments
  include AttachmentsHelper   
  helper :watchers
-  
-  # display a page (in editing mode if it doesn't exist)
+
+  # List of pages, sorted alphabetically and by parent (hierarchy)
  def index
-    page_title = params[:page]
+    load_pages_grouped_by_date_without_content
+  end
+
+  # display a page (in editing mode if it doesn't exist)
+  def show
+    page_title = params[:id]
    @page = @wiki.find_or_new_page(page_title)
    if @page.new_record?
      if User.current.allowed_to?(:edit_wiki_pages, @project) && editable?
@@ -63,7 +82,7 @@ class WikiController < ApplicationController
  
  # edit an existing page or a new one
  def edit
-    @page = @wiki.find_or_new_page(params[:page])    
+    @page = @wiki.find_or_new_page(params[:id])    
    return render_403 unless editable?
    @page.content = WikiContent.new(:page => @page) if @page.new_record?
    
@@ -71,34 +90,50 @@ class WikiController < ApplicationController
    @content.text = initial_page_content(@page) if @content.text.blank?
    # don't keep previous comment
    @content.comments = nil
-    if request.get?
-      # To prevent StaleObjectError exception when reverting to a previous version
-      @content.version = @page.content.version
-    else
-      if !@page.new_record? && @content.text == params[:content][:text]
-        attachments = Attachment.attach_files(@page, params[:attachments])
-        render_attachment_warning_if_needed(@page)
-        # don't save if text wasn't changed
-        redirect_to :action => 'index', :id => @project, :page => @page.title
-        return
-      end
-      #@content.text = params[:content][:text]
-      #@content.comments = params[:content][:comments]
-      @content.attributes = params[:content]
-      @content.author = User.current
-      # if page is new @page.save will also save content, but not if page isn't a new record
-      if (@page.new_record? ? @page.save : @content.save)
-        attachments = Attachment.attach_files(@page, params[:attachments])
-        render_attachment_warning_if_needed(@page)
-        call_hook(:controller_wiki_edit_after_save, { :params => params, :page => @page})
-        redirect_to :action => 'index', :id => @project, :page => @page.title
-      end
-    end
+
+    # To prevent StaleObjectError exception when reverting to a previous version
+    @content.version = @page.content.version
  rescue ActiveRecord::StaleObjectError
    # Optimistic locking exception
    flash[:error] = l(:notice_locking_conflict)
  end
-  
+
+  verify :method => :put, :only => :update, :render => {:nothing => true, :status => :method_not_allowed }
+  # Creates a new page or updates an existing one
+  def update
+    @page = @wiki.find_or_new_page(params[:id])    
+    return render_403 unless editable?
+    @page.content = WikiContent.new(:page => @page) if @page.new_record?
+    
+    @content = @page.content_for_version(params[:version])
+    @content.text = initial_page_content(@page) if @content.text.blank?
+    # don't keep previous comment
+    @content.comments = nil
+
+    if !@page.new_record? && params[:content].present? && @content.text == params[:content][:text]
+      attachments = Attachment.attach_files(@page, params[:attachments])
+      render_attachment_warning_if_needed(@page)
+      # don't save if text wasn't changed
+      redirect_to :action => 'show', :project_id => @project, :id => @page.title
+      return
+    end
+    @content.attributes = params[:content]
+    @content.author = User.current
+    # if page is new @page.save will also save content, but not if page isn't a new record
+    if (@page.new_record? ? @page.save : @content.save)
+      attachments = Attachment.attach_files(@page, params[:attachments])
+      render_attachment_warning_if_needed(@page)
+      call_hook(:controller_wiki_edit_after_save, { :params => params, :page => @page})
+      redirect_to :action => 'show', :project_id => @project, :id => @page.title
+    else
+      render :action => 'edit'
+    end
+
+  rescue ActiveRecord::StaleObjectError
+    # Optimistic locking exception
+    flash[:error] = l(:notice_locking_conflict)
+  end
+
  # rename a page
  def rename
    return render_403 unless editable?
@@ -107,13 +142,13 @@ class WikiController < ApplicationController
    @original_title = @page.pretty_title
    if request.post? && @page.update_attributes(params[:wiki_page])
      flash[:notice] = l(:notice_successful_update)
-      redirect_to :action => 'index', :id => @project, :page => @page.title
+      redirect_to :action => 'show', :project_id => @project, :id => @page.title
    end
  end
  
  def protect
    @page.update_attribute :protected, params[:protected]
-    redirect_to :action => 'index', :id => @project, :page => @page.title
+    redirect_to :action => 'show', :project_id => @project, :id => @page.title
  end

  # show page history
@@ -139,7 +174,8 @@ class WikiController < ApplicationController
    @annotate = @page.annotate(params[:version])
    render_404 unless @annotate
  end
-  
+
+  verify :method => :delete, :only => [:destroy], :redirect_to => { :action => :show }
  # Removes a wiki page and its history
  # Children can be either set as root pages, removed or reassigned to another parent page
  def destroy
@@ -166,41 +202,26 @@ class WikiController < ApplicationController
      end
    end
    @page.destroy
-    redirect_to :action => 'special', :id => @project, :page => 'Page_index'
+    redirect_to :action => 'index', :project_id => @project
  end

-  # display special pages
-  def special
-    page_title = params[:page].downcase
-    case page_title
-    # show pages index, sorted by title
-    when 'page_index', 'date_index'
-      # eager load information about last updates, without loading text
-      @pages = @wiki.pages.find :all, :select => "#{WikiPage.table_name}.*, #{WikiContent.table_name}.updated_on",
-                                      :joins => "LEFT JOIN #{WikiContent.table_name} ON #{WikiContent.table_name}.page_id = #{WikiPage.table_name}.id",
-                                      :order => 'title'
-      @pages_by_date = @pages.group_by {|p| p.updated_on.to_date}
-      @pages_by_parent_id = @pages.group_by(&:parent_id)
-    # export wiki to a single html file
-    when 'export'
-      if User.current.allowed_to?(:export_wiki_pages, @project)
-        @pages = @wiki.pages.find :all, :order => 'title'
-        export = render_to_string :action => 'export_multiple', :layout => false
-        send_data(export, :type => 'text/html', :filename => "wiki.html")
-      else
-        redirect_to :action => 'index', :id => @project, :page => nil
-      end
-      return      
+  # Export wiki to a single html file
+  def export
+    if User.current.allowed_to?(:export_wiki_pages, @project)
+      @pages = @wiki.pages.find :all, :order => 'title'
+      export = render_to_string :action => 'export_multiple', :layout => false
+      send_data(export, :type => 'text/html', :filename => "wiki.html")
    else
-      # requested special page doesn't exist, redirect to default page
-      redirect_to :action => 'index', :id => @project, :page => nil
-      return
+      redirect_to :action => 'show', :project_id => @project, :id => nil
    end
-    render :action => "special_#{page_title}"
+  end
+
+  def date_index
+    load_pages_grouped_by_date_without_content
  end
  
  def preview
-    page = @wiki.find_page(params[:page])
+    page = @wiki.find_page(params[:id])
    # page is nil when previewing a new page
    return render_403 unless page.nil? || editable?(page)
    if page
@@ -215,13 +236,13 @@ class WikiController < ApplicationController
    return render_403 unless editable?
    attachments = Attachment.attach_files(@page, params[:attachments])
    render_attachment_warning_if_needed(@page)
-    redirect_to :action => 'index', :page => @page.title
+    redirect_to :action => 'show', :id => @page.title, :project_id => @project
  end

 private
  
  def find_wiki
-    @project = Project.find(params[:id])
+    @project = Project.find(params[:project_id])
    @wiki = @project.wiki
    render_404 unless @wiki
  rescue ActiveRecord::RecordNotFound
@@ -230,7 +251,7 @@ private
  
  # Finds the requested page and returns a 404 error if it doesn't exist
  def find_existing_page
-    @page = @wiki.find_page(params[:page])
+    @page = @wiki.find_page(params[:id])
    render_404 if @page.nil?
  end
  
@@ -245,4 +266,14 @@ private
    extend helper unless self.instance_of?(helper)
    helper.instance_method(:initial_page_content).bind(self).call(page)
  end
+
+  # eager load information about last updates, without loading text
+  def load_pages_grouped_by_date_without_content
+    @pages = @wiki.pages.find :all, :select => "#{WikiPage.table_name}.*, #{WikiContent.table_name}.updated_on",
+                                    :joins => "LEFT JOIN #{WikiContent.table_name} ON #{WikiContent.table_name}.page_id = #{WikiPage.table_name}.id",
+                                    :order => 'title'
+    @pages_by_date = @pages.group_by {|p| p.updated_on.to_date}
+    @pages_by_parent_id = @pages.group_by(&:parent_id)
+  end
+  
 end
--- a/app/helpers/admin_helper.rb
+++ b/app/helpers/admin_helper.rb
@@ -20,12 +20,4 @@ module AdminHelper
    options_for_select([[l(:label_all), ''], 
                        [l(:status_active), 1]], selected)
  end
-  
-  def css_project_classes(project)
-    s = 'project'
-    s << ' root' if project.root?
-    s << ' child' if project.child?
-    s << (project.leaf? ? ' leaf' : ' parent')
-    s
-  end
 end
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@@ -1,5 +1,5 @@
-# redMine - project management software
-# Copyright (C) 2006-2007  Jean-Philippe Lang
+# Redmine - project management software
+# Copyright (C) 2006-2010  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -32,6 +32,11 @@ module ApplicationHelper
  end

  # Display a link if user is authorized
+  #
+  # @param [String] name Anchor text (passed to link_to)
+  # @param [Hash] options Hash params. This will checked by authorize_for to see if the user is authorized
+  # @param [optional, Hash] html_options Options passed to link_to
+  # @param [optional, Hash] parameters_for_method_reference Extra parameters for link_to
  def link_to_if_authorized(name, options = {}, html_options = nil, *parameters_for_method_reference)
    link_to(name, options, html_options, *parameters_for_method_reference) if authorize_for(options[:controller] || params[:controller], options[:action])
  end
@@ -99,8 +104,27 @@ module ApplicationHelper
  # * :text - Link text (default to the formatted revision)
  def link_to_revision(revision, project, options={})
    text = options.delete(:text) || format_revision(revision)
+    rev = revision.respond_to?(:identifier) ? revision.identifier : revision

-    link_to(text, {:controller => 'repositories', :action => 'revision', :id => project, :rev => revision}, :title => l(:label_revision_id, revision))
+    link_to(text, {:controller => 'repositories', :action => 'revision', :id => project, :rev => rev},
+            :title => l(:label_revision_id, format_revision(revision)))
+  end
+
+  # Generates a link to a project if active
+  # Examples:
+  # 
+  #   link_to_project(project)                          # => link to the specified project overview
+  #   link_to_project(project, :action=>'settings')     # => link to project settings
+  #   link_to_project(project, {:only_path => false}, :class => "project") # => 3rd arg adds html options
+  #   link_to_project(project, {}, :class => "project") # => html options with default url (project overview)
+  #
+  def link_to_project(project, options={}, html_options = nil)
+    if project.active?
+      url = {:controller => 'projects', :action => 'show', :id => project}.merge(options)
+      link_to(h(project), url, html_options)
+    else
+      h(project)
+    end
  end

  def toggle_link(name, id, options={})
@@ -155,7 +179,7 @@ module ApplicationHelper
      content << "<ul class=\"pages-hierarchy\">\n"
      pages[node].each do |page|
        content << "<li>"
-        content << link_to(h(page.pretty_title), {:controller => 'wiki', :action => 'index', :id => page.project, :page => page.title},
+        content << link_to(h(page.pretty_title), {:controller => 'wiki', :action => 'show', :project_id => page.project, :id => page.title},
                           :title => (page.respond_to?(:updated_on) ? l(:label_updated_time, distance_of_time_in_words(Time.now, page.updated_on)) : nil))
        content << "\n" + render_page_hierarchy(pages, page.id) if pages[page.id]
        content << "</li>\n"
@@ -216,15 +240,10 @@ module ApplicationHelper
  end
  
  # Yields the given block for each project with its level in the tree
+  #
+  # Wrapper for Project#project_tree
  def project_tree(projects, &block)
-    ancestors = []
-    projects.sort_by(&:lft).each do |project|
-      while (ancestors.any? && !project.is_descendant_of?(ancestors.last)) 
-        ancestors.pop
-      end
-      yield project, ancestors.size
-      ancestors << project
-    end
+    Project.project_tree(projects, &block)
  end
  
  def project_nested_ul(projects, &block)
@@ -285,7 +304,7 @@ module ApplicationHelper
  def time_tag(time)
    text = distance_of_time_in_words(Time.now, time)
    if @project
-      link_to(text, {:controller => 'projects', :action => 'activity', :id => @project, :from => time.to_date}, :title => format_time(time))
+      link_to(text, {:controller => 'activities', :action => 'index', :id => @project, :from => time.to_date}, :title => format_time(time))
    else
      content_tag('acronym', text, :title => format_time(time))
    end
@@ -368,12 +387,12 @@ module ApplicationHelper
      ancestors = (@project.root? ? [] : @project.ancestors.visible)
      if ancestors.any?
        root = ancestors.shift
-        b << link_to(h(root), {:controller => 'projects', :action => 'show', :id => root, :jump => current_menu_item}, :class => 'root')
+        b << link_to_project(root, {:jump => current_menu_item}, :class => 'root')
        if ancestors.size > 2
          b << '&#8230;'
          ancestors = ancestors[-2, 2]
        end
-        b += ancestors.collect {|p| link_to(h(p), {:controller => 'projects', :action => 'show', :id => p, :jump => current_menu_item}, :class => 'ancestor') }
+        b += ancestors.collect {|p| link_to_project(p, {:jump => current_menu_item}, :class => 'ancestor') }
      end
      b << h(@project)
      b.join(' &#187; ')
@@ -393,6 +412,19 @@ module ApplicationHelper
    end
  end

+  # Returns the theme, controller name, and action as css classes for the
+  # HTML body.
+  def body_css_classes
+    css = []
+    if theme = Redmine::Themes.theme(Setting.ui_theme)
+      css << 'theme-' + theme.name
+    end
+
+    css << 'controller-' + params[:controller]
+    css << 'action-' + params[:action]
+    css.join(' ')
+  end
+
  def accesskey(s)
    Redmine::AccessKeys.key_for s
  end
@@ -419,12 +451,19 @@ module ApplicationHelper
    only_path = options.delete(:only_path) == false ? false : true

    text = Redmine::WikiFormatting.to_html(Setting.text_formatting, text, :object => obj, :attribute => attr) { |macro, args| exec_macro(macro, obj, args) }
-      
-    parse_non_pre_blocks(text) do |text|
-      [:parse_inline_attachments, :parse_wiki_links, :parse_redmine_links].each do |method_name|
+    
+    @parsed_headings = []
+    text = parse_non_pre_blocks(text) do |text|
+      [:parse_inline_attachments, :parse_wiki_links, :parse_redmine_links, :parse_headings].each do |method_name|
        send method_name, text, project, obj, attr, only_path, options
      end
    end
+    
+    if @parsed_headings.any?
+      replace_toc(text, @parsed_headings)
+    end
+    
+    text
  end
  
  def parse_non_pre_blocks(text)
@@ -494,7 +533,7 @@ module ApplicationHelper
      esc, all, page, title = $1, $2, $3, $5
      if esc.nil?
        if page =~ /^([^\:]+)\:(.*)$/
-          link_project = Project.find_by_name($1) || Project.find_by_identifier($1)
+          link_project = Project.find_by_identifier($1) || Project.find_by_name($1)
          page = $2
          title ||= $1 if page.blank?
        end
@@ -511,7 +550,8 @@ module ApplicationHelper
            when :local; "#{title}.html"
            when :anchor; "##{title}"   # used for single-file wiki export
            else
-              url_for(:only_path => only_path, :controller => 'wiki', :action => 'index', :id => link_project, :page => Wiki.titleize(page), :anchor => anchor)
+              wiki_page_id = page.present? ? Wiki.titleize(page) : nil
+              url_for(:only_path => only_path, :controller => 'wiki', :action => 'show', :project_id => link_project, :id => wiki_page_id, :anchor => anchor)
            end
          link_to((title || page), url, :class => ('wiki-page' + (wiki_page ? '' : ' new')))
        else
@@ -592,8 +632,7 @@ module ApplicationHelper
            end
          when 'project'
            if p = Project.visible.find_by_id(oid)
-              link = link_to h(p.name), {:only_path => only_path, :controller => 'projects', :action => 'show', :id => p},
-                                              :class => 'project'
+              link = link_to_project(p, {:only_path => only_path}, :class => 'project')
            end
          end
        elsif sep == ':'
@@ -635,8 +674,7 @@ module ApplicationHelper
            end
          when 'project'
            if p = Project.visible.find(:first, :conditions => ["identifier = :s OR LOWER(name) = :s", {:s => name.downcase}])
-              link = link_to h(p.name), {:only_path => only_path, :controller => 'projects', :action => 'show', :id => p},
-                                              :class => 'project'
+              link = link_to_project(p, {:only_path => only_path}, :class => 'project')
            end
          end
        end
@@ -644,6 +682,55 @@ module ApplicationHelper
      leading + (link || "#{prefix}#{sep}#{identifier}")
    end
  end
+  
+  HEADING_RE = /<h(1|2|3|4)( [^>]+)?>(.+?)<\/h(1|2|3|4)>/i unless const_defined?(:HEADING_RE)
+  
+  # Headings and TOC
+  # Adds ids and links to headings unless options[:headings] is set to false
+  def parse_headings(text, project, obj, attr, only_path, options)
+    return if options[:headings] == false
+    
+    text.gsub!(HEADING_RE) do
+      level, attrs, content = $1.to_i, $2, $3
+      item = strip_tags(content).strip
+      anchor = item.gsub(%r{[^\w\s\-]}, '').gsub(%r{\s+(\-+\s*)?}, '-')
+      @parsed_headings << [level, anchor, item]
+      "<h#{level} #{attrs} id=\"#{anchor}\">#{content}<a href=\"##{anchor}\" class=\"wiki-anchor\">&para;</a></h#{level}>"
+    end
+  end
+          
+  TOC_RE = /<p>\{\{([<>]?)toc\}\}<\/p>/i unless const_defined?(:TOC_RE)
+  
+  # Renders the TOC with given headings
+  def replace_toc(text, headings)
+    text.gsub!(TOC_RE) do
+      if headings.empty?
+        ''
+      else
+        div_class = 'toc'
+        div_class << ' right' if $1 == '>'
+        div_class << ' left' if $1 == '<'
+        out = "<ul class=\"#{div_class}\"><li>"
+        root = headings.map(&:first).min
+        current = root
+        started = false
+        headings.each do |level, anchor, item|
+          if level > current
+            out << '<ul><li>' * (level - current)
+          elsif level < current
+            out << "</li></ul>\n" * (current - level) + "</li><li>"
+          elsif started
+            out << '</li><li>'
+          end
+          out << "<a href=\"##{anchor}\">#{item}</a>"
+          current = level
+          started = true
+        end
+        out << '</li></ul>' * (current - root)
+        out << '</li></ul>'
+      end
+    end
+  end

  # Same as Rails' simple_format helper without using paragraphs
  def simple_format_without_paragraph(text)
@@ -709,6 +796,11 @@ module ApplicationHelper
        javascript_include_tag('context_menu') +
          stylesheet_link_tag('context_menu')
      end
+      if l(:direction) == 'rtl'
+        content_for :header_tags do
+          stylesheet_link_tag('context_menu_rtl')
+        end
+      end
      @context_menu_included = true
    end
    javascript_tag "new ContextMenu('#{ url_for(url) }')"
@@ -772,7 +864,7 @@ module ApplicationHelper
  # +user+ can be a User or a string that will be scanned for an email address (eg. 'joe <joe@foo.bar>')
  def avatar(user, options = { })
    if Setting.gravatar_enabled?
-      options.merge!({:ssl => Setting.protocol == 'https', :default => Setting.gravatar_default})
+      options.merge!({:ssl => (defined?(request) && request.ssl?), :default => Setting.gravatar_default})
      email = nil
      if user.respond_to?(:mail)
        email = user.mail
@@ -780,9 +872,37 @@ module ApplicationHelper
        email = $1
      end
      return gravatar(email.to_s.downcase, options) unless email.blank? rescue nil
+    else
+      ''
    end
  end

+  def favicon
+    "<link rel='shortcut icon' href='#{image_path('/favicon.ico')}' />"
+  end
+  
+  # Returns true if arg is expected in the API response
+  def include_in_api_response?(arg)
+    unless @included_in_api_response
+      param = params[:include]
+      @included_in_api_response = param.is_a?(Array) ? param.collect(&:to_s) : param.to_s.split(',')
+      @included_in_api_response.collect!(&:strip)
+    end
+    @included_in_api_response.include?(arg.to_s)
+  end
+
+  # Returns options or nil if nometa param or X-Redmine-Nometa header
+  # was set in the request
+  def api_meta(options)
+    if params[:nometa].present? || request.headers['X-Redmine-Nometa']
+      # compatibility mode for activeresource clients that raise
+      # an error when unserializing an array with attributes
+      nil
+    else
+      options
+    end
+  end
+  
  private

  def wiki_helper
--- a/app/helpers/calendars_helper.rb
+++ b/app/helpers/calendars_helper.rb
@@ -0,0 +1,45 @@
+module CalendarsHelper
+  def link_to_previous_month(year, month, options={})
+    target_year, target_month = if month == 1
+                                  [year - 1, 12]
+                                else
+                                  [year, month - 1]
+                                end
+    
+    name = if target_month == 12
+             "#{month_name(target_month)} #{target_year}"
+           else
+             "#{month_name(target_month)}"
+           end
+
+    link_to_month(('&#171; ' + name), target_year, target_month, options)
+  end
+
+  def link_to_next_month(year, month, options={})
+    target_year, target_month = if month == 12
+                                  [year + 1, 1]
+                                else
+                                  [year, month + 1]
+                                end
+
+    name = if target_month == 1
+             "#{month_name(target_month)} #{target_year}"
+           else
+             "#{month_name(target_month)}"
+           end
+
+    link_to_month((name + ' &#187;'), target_year, target_month, options)
+  end
+
+  def link_to_month(link_name, year, month, options={})
+    project_id = options[:project].present? ? options[:project].to_param : nil
+
+    link_target = calendar_path(:year => year, :month => month, :project_id => project_id)
+
+    link_to_remote(link_name,
+                   {:update => "content", :url => link_target, :method => :put},
+                   {:href => link_target})
+
+  end
+  
+end
--- a/app/helpers/custom_fields_helper.rb
+++ b/app/helpers/custom_fields_helper.rb
@@ -104,4 +104,15 @@ module CustomFieldsHelper
  def custom_field_formats_for_select
    Redmine::CustomFieldFormat.as_select
  end
+  
+  # Renders the custom_values in api views
+  def render_api_custom_values(custom_values, api)
+    api.array :custom_fields do
+      custom_values.each do |custom_value|
+        api.custom_field :id => custom_value.custom_field_id, :name => custom_value.custom_field.name do
+          api.value custom_value.value
+        end
+      end
+    end unless custom_values.empty?
+  end
 end
--- a/app/helpers/gantt_helper.rb
+++ b/app/helpers/gantt_helper.rb
@@ -0,0 +1,49 @@
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+# 
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+
+module GanttHelper
+
+  def gantt_zoom_link(gantt, in_or_out)
+    case in_or_out
+    when :in
+      if gantt.zoom < 4
+        link_to_remote(l(:text_zoom_in),
+                       {:url => gantt.params.merge(:zoom => (gantt.zoom+1)), :method => :get, :update => 'content'},
+                       {:href => url_for(gantt.params.merge(:zoom => (gantt.zoom+1))),
+                        :class => 'icon icon-zoom-in'})
+      else
+        content_tag('span', l(:text_zoom_in), :class => 'icon icon-zoom-in')
+      end
+      
+    when :out
+      if gantt.zoom > 1
+        link_to_remote(l(:text_zoom_out),
+                       {:url => gantt.params.merge(:zoom => (gantt.zoom-1)), :method => :get, :update => 'content'},
+                       {:href => url_for(gantt.params.merge(:zoom => (gantt.zoom-1))),
+                        :class => 'icon icon-zoom-out'})
+      else
+        content_tag('span', l(:text_zoom_out), :class => 'icon icon-zoom-out')
+      end
+    end
+  end
+  
+  def number_of_issues_on_versions(gantt)
+    versions = gantt.events.collect {|event| (event.is_a? Version) ? event : nil}.compact
+
+    versions.sum {|v| v.fixed_issues.for_gantt.with_query(@query).count}
+  end
+end
--- a/app/helpers/issue_moves_helper.rb
+++ b/app/helpers/issue_moves_helper.rb
@@ -0,0 +1,2 @@
+module IssueMovesHelper
+end
--- a/app/helpers/issues_helper.rb
+++ b/app/helpers/issues_helper.rb
@@ -28,14 +28,27 @@ module IssuesHelper
      ancestors << issue unless issue.leaf?
    end
  end
-  
+
+  # Renders a HTML/CSS tooltip
+  #
+  # To use, a trigger div is needed.  This is a div with the class of "tooltip"
+  # that contains this method wrapped in a span with the class of "tip"
+  #
+  #    <div class="tooltip"><%= link_to_issue(issue) %>
+  #      <span class="tip"><%= render_issue_tooltip(issue) %></span>
+  #    </div>
+  #
  def render_issue_tooltip(issue)
+    @cached_label_status ||= l(:field_status)
    @cached_label_start_date ||= l(:field_start_date)
    @cached_label_due_date ||= l(:field_due_date)
    @cached_label_assigned_to ||= l(:field_assigned_to)
    @cached_label_priority ||= l(:field_priority)
-    
+    @cached_label_project ||= l(:field_project)
+
    link_to_issue(issue) + "<br /><br />" +
+      "<strong>#{@cached_label_project}</strong>: #{link_to_project(issue.project)}<br />" +
+      "<strong>#{@cached_label_status}</strong>: #{issue.status.name}<br />" +
      "<strong>#{@cached_label_start_date}</strong>: #{format_date(issue.start_date)}<br />" +
      "<strong>#{@cached_label_due_date}</strong>: #{format_date(issue.due_date)}<br />" +
      "<strong>#{@cached_label_assigned_to}</strong>: #{issue.assigned_to}<br />" +
@@ -176,6 +189,20 @@ module IssuesHelper
    end
  end
  
+  # Renders issue children recursively
+  def render_api_issue_children(issue, api)
+    return if issue.leaf?
+    api.array :children do
+      issue.children.each do |child|
+        api.issue(:id => child.id) do
+          api.tracker(:id => child.tracker_id, :name => child.tracker.name) unless child.tracker.nil?
+          api.subject child.subject
+          render_api_issue_children(child, api)
+        end
+      end
+    end
+  end
+  
  def issues_to_csv(issues, project = nil)
    ic = Iconv.new(l(:general_csv_encoding), 'UTF-8')    
    decimal_separator = l(:general_csv_decimal_separator)
@@ -233,30 +260,4 @@ module IssuesHelper
    end
    export
  end
-
-  def gantt_zoom_link(gantt, in_or_out)
-    img_attributes = {:style => 'height:1.4em; width:1.4em; margin-left: 3px;'} # em for accessibility
-
-    case in_or_out
-    when :in
-      if gantt.zoom < 4
-        link_to_remote(l(:text_zoom_in) + image_tag('zoom_in.png', img_attributes.merge(:alt => l(:text_zoom_in))),
-                       {:url => gantt.params.merge(:zoom => (gantt.zoom+1)), :update => 'content'},
-                       {:href => url_for(gantt.params.merge(:zoom => (gantt.zoom+1)))})
-      else
-        l(:text_zoom_in) +
-          image_tag('zoom_in_g.png', img_attributes.merge(:alt => l(:text_zoom_in)))
-      end
-      
-    when :out
-      if gantt.zoom > 1
-        link_to_remote(l(:text_zoom_out) + image_tag('zoom_out.png', img_attributes.merge(:alt => l(:text_zoom_out))),
-                       {:url => gantt.params.merge(:zoom => (gantt.zoom-1)), :update => 'content'},
-                       {:href => url_for(gantt.params.merge(:zoom => (gantt.zoom-1)))})
-      else
-        l(:text_zoom_out) +
-          image_tag('zoom_out_g.png', img_attributes.merge(:alt => l(:text_zoom_out)))
-      end
-    end
-  end
 end
--- a/app/helpers/journals_helper.rb
+++ b/app/helpers/journals_helper.rb
@@ -22,7 +22,7 @@ module JournalsHelper
    links = []
    if !journal.notes.blank?
      links << link_to_remote(image_tag('comment.png'),
-                              { :url => {:controller => 'issues', :action => 'reply', :id => issue, :journal_id => journal} },
+                              { :url => {:controller => 'journals', :action => 'new', :id => issue, :journal_id => journal} },
                              :title => l(:button_quote)) if options[:reply_links]
      links << link_to_in_place_notes_editor(image_tag('edit.png'), "journal-#{journal.id}-notes", 
                                             { :controller => 'journals', :action => 'edit', :id => journal },
--- a/app/helpers/projects_helper.rb
+++ b/app/helpers/projects_helper.rb
@@ -72,7 +72,7 @@ module ProjectsHelper
        end
        classes = (ancestors.empty? ? 'root' : 'child')
        s << "<li class='#{classes}'><div class='#{classes}'>" +
-               link_to(h(project), {:controller => 'projects', :action => 'show', :id => project}, :class => "project #{User.current.member_of?(project) ? 'my-project' : nil}")
+               link_to_project(project, {}, :class => "project #{User.current.member_of?(project) ? 'my-project' : nil}")
        s << "<div class='wiki description'>#{textilizable(project.short_description, :project => project)}</div>" unless project.description.blank?
        s << "</div>\n"
        ancestors << project
--- a/app/helpers/queries_helper.rb
+++ b/app/helpers/queries_helper.rb
@@ -50,7 +50,7 @@ module QueriesHelper
    when 'User'
      link_to_user value
    when 'Project'
-      link_to(h(value), :controller => 'projects', :action => 'show', :id => value)
+      link_to_project value
    when 'Version'
      link_to(h(value), :controller => 'versions', :action => 'show', :id => value)
    when 'TrueClass'
@@ -78,10 +78,9 @@ module QueriesHelper
        # Give it a name, required to be valid
        @query = Query.new(:name => "_")
        @query.project = @project
-        if params[:fields] and params[:fields].is_a? Array
-          params[:fields].each do |field|
-            @query.add_filter(field, params[:operators][field], params[:values][field])
-          end
+        if params[:fields]
+          @query.filters = {}
+          @query.add_filters(params[:fields], params[:operators], params[:values])
        else
          @query.available_filters.keys.each do |field|
            @query.add_short_filter(field, params[field]) if params[field]
--- a/app/helpers/repositories_helper.rb
+++ b/app/helpers/repositories_helper.rb
@@ -18,8 +18,12 @@
 require 'iconv'

 module RepositoriesHelper
-  def format_revision(txt)
-    txt.to_s[0,8]
+  def format_revision(revision)
+    if revision.respond_to? :format_identifier
+      revision.format_identifier
+    else
+      revision.to_s
+    end
  end
  
  def truncate_at_line_break(text, length = 255)
@@ -87,7 +91,7 @@ module RepositoriesHelper
                             :action => 'show',
                             :id => @project,
                             :path => path_param,
-                             :rev => @changeset.revision)
+                             :rev => @changeset.identifier)
        output << "<li class='#{style}'>#{text}</li>"
        output << render_changes_tree(s)
      elsif c = tree[file][:c]
@@ -97,13 +101,13 @@ module RepositoriesHelper
                             :action => 'entry',
                             :id => @project,
                             :path => path_param,
-                             :rev => @changeset.revision) unless c.action == 'D'
+                             :rev => @changeset.identifier) unless c.action == 'D'
        text << " - #{c.revision}" unless c.revision.blank?
        text << ' (' + link_to('diff', :controller => 'repositories',
                                       :action => 'diff',
                                       :id => @project,
                                       :path => path_param,
-                                       :rev => @changeset.revision) + ') ' if c.action == 'M'
+                                       :rev => @changeset.identifier) + ') ' if c.action == 'M'
        text << ' ' + content_tag('span', c.from_path, :class => 'copied-from') unless c.from_path.blank?
        output << "<li class='#{style}'>#{text}</li>"
      end
--- a/app/helpers/search_helper.rb
+++ b/app/helpers/search_helper.rb
@@ -39,7 +39,7 @@ module SearchHelper
  end
  
  def type_label(t)
-    l("label_#{t.singularize}_plural")
+    l("label_#{t.singularize}_plural", :default => t.to_s.humanize)
  end
  
  def project_select_tag
--- a/app/helpers/settings_helper.rb
+++ b/app/helpers/settings_helper.rb
@@ -71,4 +71,14 @@ module SettingsHelper
    label = options.delete(:label)
    label != false ? content_tag("label", l(label || "setting_#{setting}")) : ''
  end
+
+  # Renders a notification field for a Redmine::Notifiable option
+  def notification_field(notifiable)
+    return content_tag(:label,
+                       check_box_tag('settings[notified_events][]',
+                                     notifiable.name,
+                                     Setting.notified_events.include?(notifiable.name)) +
+                         l_or_humanize(notifiable.name, :prefix => 'label_'),
+                       :class => notifiable.parent.present? ? "parent" : '')
+  end
 end
--- a/app/helpers/users_helper.rb
+++ b/app/helpers/users_helper.rb
@@ -33,15 +33,19 @@ module UsersHelper
    options
  end
  
+  def user_mail_notification_options(user)
+    user.valid_notification_options.collect {|o| [l(o.last), o.first]}
+  end
+  
  def change_status_link(user)
-    url = {:controller => 'users', :action => 'edit', :id => user, :page => params[:page], :status => params[:status], :tab => nil}
+    url = {:controller => 'users', :action => 'update', :id => user, :page => params[:page], :status => params[:status], :tab => nil}
    
    if user.locked?
-      link_to l(:button_unlock), url.merge(:user => {:status => User::STATUS_ACTIVE}), :method => :post, :class => 'icon icon-unlock'
+      link_to l(:button_unlock), url.merge(:user => {:status => User::STATUS_ACTIVE}), :method => :put, :class => 'icon icon-unlock'
    elsif user.registered?
-      link_to l(:button_activate), url.merge(:user => {:status => User::STATUS_ACTIVE}), :method => :post, :class => 'icon icon-unlock'
+      link_to l(:button_activate), url.merge(:user => {:status => User::STATUS_ACTIVE}), :method => :put, :class => 'icon icon-unlock'
    elsif user != User.current
-      link_to l(:button_lock), url.merge(:user => {:status => User::STATUS_LOCKED}), :method => :post, :class => 'icon icon-lock'
+      link_to l(:button_lock), url.merge(:user => {:status => User::STATUS_LOCKED}), :method => :put, :class => 'icon icon-lock'
    end
  end
  
--- a/app/helpers/wiki_helper.rb
+++ b/app/helpers/wiki_helper.rb
@@ -24,7 +24,7 @@ module WikiHelper
      attrs << " selected='selected'" if selected == page
      indent = (level > 0) ? ('&nbsp;' * level * 2 + '&#187; ') : nil
      
-      s << "<option value='#{page.id}'>#{indent}#{h page.pretty_title}</option>\n" + 
+      s << "<option #{attrs}>#{indent}#{h page.pretty_title}</option>\n" + 
             wiki_page_options_for_select(pages, selected, page, level + 1)
    end
    s
--- a/app/models/board.rb
+++ b/app/models/board.rb
@@ -18,7 +18,7 @@
 class Board < ActiveRecord::Base
  belongs_to :project
  has_many :topics, :class_name => 'Message', :conditions => "#{Message.table_name}.parent_id IS NULL", :order => "#{Message.table_name}.created_on DESC"
-  has_many :messages, :dependent => :delete_all, :order => "#{Message.table_name}.created_on DESC"
+  has_many :messages, :dependent => :destroy, :order => "#{Message.table_name}.created_on DESC"
  belongs_to :last_message, :class_name => 'Message', :foreign_key => :last_message_id
  acts_as_list :scope => :project_id
  acts_as_watchable
--- a/app/models/change.rb
+++ b/app/models/change.rb
@@ -19,12 +19,13 @@ class Change < ActiveRecord::Base
  belongs_to :changeset
  
  validates_presence_of :changeset_id, :action, :path
+  before_save :init_path
  
  def relative_path
    changeset.repository.relative_path(path)
  end
  
-  def before_save
-    path ||= ""
+  def init_path
+    self.path ||= ""
  end
 end
--- a/app/models/changeset.rb
+++ b/app/models/changeset.rb
@@ -23,10 +23,10 @@ class Changeset < ActiveRecord::Base
  has_many :changes, :dependent => :delete_all
  has_and_belongs_to_many :issues

-  acts_as_event :title => Proc.new {|o| "#{l(:label_revision)} #{o.revision}" + (o.short_comments.blank? ? '' : (': ' + o.short_comments))},
+  acts_as_event :title => Proc.new {|o| "#{l(:label_revision)} #{o.format_identifier}" + (o.short_comments.blank? ? '' : (': ' + o.short_comments))},
                :description => :long_comments,
                :datetime => :committed_on,
-                :url => Proc.new {|o| {:controller => 'repositories', :action => 'revision', :id => o.repository.project, :rev => o.revision}}
+                :url => Proc.new {|o| {:controller => 'repositories', :action => 'revision', :id => o.repository.project, :rev => o.identifier}}
                
  acts_as_searchable :columns => 'comments',
                     :include => {:repository => :project},
@@ -47,6 +47,15 @@ class Changeset < ActiveRecord::Base
  def revision=(r)
    write_attribute :revision, (r.nil? ? nil : r.to_s)
  end
+
+  # Returns the identifier of this changeset; depending on repository backends
+  def identifier
+    if repository.class.respond_to? :changeset_identifier
+      repository.class.changeset_identifier self
+    else
+      revision.to_s
+    end
+  end
  
  def comments=(comment)
    write_attribute(:comments, Changeset.normalize_comments(comment))
@@ -56,6 +65,15 @@ class Changeset < ActiveRecord::Base
    self.commit_date = date
    super
  end
+
+  # Returns the readable identifier
+  def format_identifier
+    if repository.class.respond_to? :format_changeset_identifier
+      repository.class.format_changeset_identifier self
+    else
+      identifier
+    end
+  end
  
  def committer=(arg)
    write_attribute(:committer, self.class.to_utf8(arg.to_s))
@@ -76,54 +94,41 @@ class Changeset < ActiveRecord::Base
  def after_create
    scan_comment_for_issue_ids
  end
-  require 'pp'
+  
+  TIMELOG_RE = /
+    (
+    (\d+([.,]\d+)?)h?
+    |
+    (\d+):(\d+)
+    |
+    ((\d+)(h|hours?))?((\d+)(m|min)?)?
+    )
+    /x
  
  def scan_comment_for_issue_ids
    return if comments.blank?
    # keywords used to reference issues
    ref_keywords = Setting.commit_ref_keywords.downcase.split(",").collect(&:strip)
+    ref_keywords_any = ref_keywords.delete('*')
    # keywords used to fix issues
    fix_keywords = Setting.commit_fix_keywords.downcase.split(",").collect(&:strip)
    
    kw_regexp = (ref_keywords + fix_keywords).collect{|kw| Regexp.escape(kw)}.join("|")
-    return if kw_regexp.blank?
    
    referenced_issues = []
    
-    if ref_keywords.delete('*')
-      # find any issue ID in the comments
-      target_issue_ids = []
-      comments.scan(%r{([\s\(\[,-]|^)#(\d+)(?=[[:punct:]]|\s|<|$)}).each { |m| target_issue_ids << m[1] }
-      referenced_issues += find_referenced_issues_by_id(target_issue_ids)
-    end
-    
-    comments.scan(Regexp.new("(#{kw_regexp})[\s:]+(([\s,;&]*#?\\d+)+)", Regexp::IGNORECASE)).each do |match|
-      action = match[0]
-      target_issue_ids = match[1].scan(/\d+/)
-      target_issues = find_referenced_issues_by_id(target_issue_ids)
-      if fix_keywords.include?(action.downcase) && fix_status = IssueStatus.find_by_id(Setting.commit_fix_status_id)
-        # update status of issues
-        logger.debug "Issues fixed by changeset #{self.revision}: #{issue_ids.join(', ')}." if logger && logger.debug?
-        target_issues.each do |issue|
-          # the issue may have been updated by the closure of another one (eg. duplicate)
-          issue.reload
-          # don't change the status is the issue is closed
-          next if issue.status.is_closed?
-          csettext = "r#{self.revision}"
-          if self.scmid && (! (csettext =~ /^r[0-9]+$/))
-            csettext = "commit:\"#{self.scmid}\""
-          end
-          journal = issue.init_journal(user || User.anonymous, ll(Setting.default_language, :text_status_changed_by_changeset, csettext))
-          issue.status = fix_status
-          unless Setting.commit_fix_done_ratio.blank?
-            issue.done_ratio = Setting.commit_fix_done_ratio.to_i
-          end
-          Redmine::Hook.call_hook(:model_changeset_scan_commit_for_issue_ids_pre_issue_update,
-                                  { :changeset => self, :issue => issue })
-          issue.save
+    comments.scan(/([\s\(\[,-]|^)((#{kw_regexp})[\s:]+)?(#\d+(\s+@#{TIMELOG_RE})?([\s,;&]+#\d+(\s+@#{TIMELOG_RE})?)*)(?=[[:punct:]]|\s|<|$)/i) do |match|
+      action, refs = match[2], match[3]
+      next unless action.present? || ref_keywords_any
+      
+      refs.scan(/#(\d+)(\s+@#{TIMELOG_RE})?/).each do |m|
+        issue, hours = find_referenced_issue_by_id(m[0].to_i), m[2]
+        if issue
+          referenced_issues << issue
+          fix_issue(issue) if fix_keywords.include?(action.to_s.downcase)
+          log_time(issue, hours) if hours && Setting.commit_logtime_enabled?
        end
      end
-      referenced_issues += target_issues
    end
    
    referenced_issues.uniq!
@@ -137,6 +142,14 @@ class Changeset < ActiveRecord::Base
  def long_comments
    @long_comments || split_comments.last
  end
+
+  def text_tag
+    if scmid?
+      "commit:#{scmid}"
+    else
+      "r#{revision}"
+    end
+  end
  
  # Returns the previous changeset
  def previous
@@ -164,13 +177,64 @@ class Changeset < ActiveRecord::Base
  
  private

-  # Finds issues that can be referenced by the commit message
-  # i.e. issues that belong to the repository project, a subproject or a parent project
-  def find_referenced_issues_by_id(ids)
-    return [] if ids.compact.empty?
-    Issue.find_all_by_id(ids, :include => :project).select {|issue|
-      project == issue.project || project.is_ancestor_of?(issue.project) || project.is_descendant_of?(issue.project)
-    }
+  # Finds an issue that can be referenced by the commit message
+  # i.e. an issue that belong to the repository project, a subproject or a parent project
+  def find_referenced_issue_by_id(id)
+    return nil if id.blank?
+    issue = Issue.find_by_id(id.to_i, :include => :project)
+    if issue
+      unless project == issue.project || project.is_ancestor_of?(issue.project) || project.is_descendant_of?(issue.project)
+        issue = nil
+      end
+    end
+    issue
+  end
+  
+  def fix_issue(issue)
+    status = IssueStatus.find_by_id(Setting.commit_fix_status_id.to_i)
+    if status.nil?
+      logger.warn("No status macthes commit_fix_status_id setting (#{Setting.commit_fix_status_id})") if logger
+      return issue
+    end
+    
+    # the issue may have been updated by the closure of another one (eg. duplicate)
+    issue.reload
+    # don't change the status is the issue is closed
+    return if issue.status && issue.status.is_closed?
+    
+    journal = issue.init_journal(user || User.anonymous, ll(Setting.default_language, :text_status_changed_by_changeset, text_tag))
+    issue.status = status
+    unless Setting.commit_fix_done_ratio.blank?
+      issue.done_ratio = Setting.commit_fix_done_ratio.to_i
+    end
+    Redmine::Hook.call_hook(:model_changeset_scan_commit_for_issue_ids_pre_issue_update,
+                            { :changeset => self, :issue => issue })
+    unless issue.save
+      logger.warn("Issue ##{issue.id} could not be saved by changeset #{id}: #{issue.errors.full_messages}") if logger
+    end
+    issue
+  end
+  
+  def log_time(issue, hours)
+    time_entry = TimeEntry.new(
+      :user => user,
+      :hours => hours,
+      :issue => issue,
+      :spent_on => commit_date,
+      :comments => l(:text_time_logged_by_changeset, :value => text_tag, :locale => Setting.default_language)
+      )
+    time_entry.activity = log_time_activity unless log_time_activity.nil?
+    
+    unless time_entry.save
+      logger.warn("TimeEntry could not be created by changeset #{id}: #{time_entry.errors.full_messages}") if logger
+    end
+    time_entry
+  end
+  
+  def log_time_activity
+    if Setting.commit_logtime_activity_id.to_i > 0
+      TimeEntryActivity.find_by_id(Setting.commit_logtime_activity_id.to_i)
+    end
  end
  
  def split_comments
--- a/app/models/custom_value.rb
+++ b/app/models/custom_value.rb
@@ -34,6 +34,10 @@ class CustomValue < ActiveRecord::Base
    custom_field.editable?
  end
  
+  def visible?
+    custom_field.visible?
+  end
+  
  def required?
    custom_field.is_required?
  end
--- a/app/models/group.rb
+++ b/app/models/group.rb
@@ -31,6 +31,7 @@ class Group < Principal
  
  def user_added(user)
    members.each do |member|
+      next if member.project.nil?
      user_member = Member.find_by_project_id_and_user_id(member.project_id, user.id) || Member.new(:project_id => member.project_id, :user_id => user.id)
      member.member_roles.each do |member_role|
        user_member.member_roles << MemberRole.new(:role => member_role.role, :inherited_from => member_role.id)
--- a/app/models/issue.rb
+++ b/app/models/issue.rb
@@ -16,6 +16,8 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class Issue < ActiveRecord::Base
+  include Redmine::SafeAttributes
+  
  belongs_to :project
  belongs_to :tracker
  belongs_to :status, :class_name => 'IssueStatus', :foreign_key => 'status_id'
@@ -62,14 +64,31 @@ class Issue < ActiveRecord::Base
  
  named_scope :open, :conditions => ["#{IssueStatus.table_name}.is_closed = ?", false], :include => :status

-  named_scope :recently_updated, :order => "#{self.table_name}.updated_on DESC"
+  named_scope :recently_updated, :order => "#{Issue.table_name}.updated_on DESC"
  named_scope :with_limit, lambda { |limit| { :limit => limit} }
  named_scope :on_active_project, :include => [:status, :project, :tracker],
                                  :conditions => ["#{Project.table_name}.status=#{Project::STATUS_ACTIVE}"]
+  named_scope :for_gantt, lambda {
+    {
+      :include => [:tracker, :status, :assigned_to, :priority, :project, :fixed_version]
+    }
+  }
+
+  named_scope :without_version, lambda {
+    {
+      :conditions => { :fixed_version_id => nil}
+    }
+  }
+
+  named_scope :with_query, lambda {|query|
+    {
+      :conditions => Query.merge_conditions(query.statement)
+    }
+  }

  before_create :default_assign
-  before_save :reschedule_following_issues, :close_duplicates, :update_done_ratio_from_issue_status
-  after_save :update_nested_set_attributes, :update_parent_attributes, :create_journal
+  before_save :close_duplicates, :update_done_ratio_from_issue_status
+  after_save :reschedule_following_issues, :update_nested_set_attributes, :update_parent_attributes, :create_journal
  after_destroy :destroy_children
  after_destroy :update_parent_attributes
  
@@ -197,32 +216,47 @@ class Issue < ActiveRecord::Base
    write_attribute :estimated_hours, (h.is_a?(String) ? h.to_hours : h)
  end
  
-  SAFE_ATTRIBUTES = %w(
-    tracker_id
-    status_id
-    parent_issue_id
-    category_id
-    assigned_to_id
-    priority_id
-    fixed_version_id
-    subject
-    description
-    start_date
-    due_date
-    done_ratio
-    estimated_hours
-    custom_field_values
-    lock_version
-  ) unless const_defined?(:SAFE_ATTRIBUTES)
+  safe_attributes 'tracker_id',
+    'status_id',
+    'parent_issue_id',
+    'category_id',
+    'assigned_to_id',
+    'priority_id',
+    'fixed_version_id',
+    'subject',
+    'description',
+    'start_date',
+    'due_date',
+    'done_ratio',
+    'estimated_hours',
+    'custom_field_values',
+    'custom_fields',
+    'lock_version',
+    :if => lambda {|issue, user| issue.new_record? || user.allowed_to?(:edit_issues, issue.project) }
  
+  safe_attributes 'status_id',
+    'assigned_to_id',
+    'fixed_version_id',
+    'done_ratio',
+    :if => lambda {|issue, user| issue.new_statuses_allowed_to(user).any? }
+
  # Safely sets attributes
  # Should be called from controllers instead of #attributes=
  # attr_accessible is too rough because we still want things like
  # Issue.new(:project => foo) to work
  # TODO: move workflow/permission checks from controllers to here
  def safe_attributes=(attrs, user=User.current)
-    return if attrs.nil?
-    attrs = attrs.reject {|k,v| !SAFE_ATTRIBUTES.include?(k)}
+    return unless attrs.is_a?(Hash)
+    
+    # User can change issue attributes only if he has :edit permission or if a workflow transition is allowed
+    attrs = delete_unsafe_attributes(attrs, user)
+    return if attrs.empty? 
+    
+    # Tracker must be set before since new_statuses_allowed_to depends on it.
+    if t = attrs.delete('tracker_id')
+      self.tracker_id = t
+    end
+    
    if attrs['status_id']
      unless new_statuses_allowed_to(user).collect(&:id).include?(attrs['status_id'].to_i)
        attrs.delete('status_id')
@@ -237,7 +271,7 @@ class Issue < ActiveRecord::Base
      if !user.allowed_to?(:manage_subtasks, project)
        attrs.delete('parent_issue_id')
      elsif !attrs['parent_issue_id'].blank?
-        attrs.delete('parent_issue_id') unless Issue.visible(user).exists?(attrs['parent_issue_id'])
+        attrs.delete('parent_issue_id') unless Issue.visible(user).exists?(attrs['parent_issue_id'].to_i)
      end
    end
    
@@ -245,7 +279,7 @@ class Issue < ActiveRecord::Base
  end
  
  def done_ratio
-    if Issue.use_status_for_done_ratio? && status && status.default_done_ratio?
+    if Issue.use_status_for_done_ratio? && status && status.default_done_ratio
      status.default_done_ratio
    else
      read_attribute(:done_ratio)
@@ -308,7 +342,7 @@ class Issue < ActiveRecord::Base
  # Set the done_ratio using the status if that setting is set.  This will keep the done_ratios
  # even if the user turns off the setting later
  def update_done_ratio_from_issue_status
-    if Issue.use_status_for_done_ratio? && status && status.default_done_ratio?
+    if Issue.use_status_for_done_ratio? && status && status.default_done_ratio
      self.done_ratio = status.default_done_ratio
    end
  end
@@ -357,10 +391,24 @@ class Issue < ActiveRecord::Base
  def overdue?
    !due_date.nil? && (due_date < Date.today) && !status.is_closed?
  end
+
+  # Is the amount of work done less than it should for the due date
+  def behind_schedule?
+    return false if start_date.nil? || due_date.nil?
+    done_date = start_date + ((due_date - start_date+1)* done_ratio/100).floor
+    return done_date <= Date.today
+  end
+
+  # Does this issue have children?
+  def children?
+    !leaf?
+  end
  
  # Users the issue can be assigned to
  def assignable_users
-    project.assignable_users
+    users = project.assignable_users
+    users << author if author
+    users.uniq.sort
  end
  
  # Versions that the issue can be assigned to
@@ -385,9 +433,10 @@ class Issue < ActiveRecord::Base
  # Returns the mail adresses of users that should be notified
  def recipients
    notified = project.notified_users
-    # Author and assignee are always notified unless they have been locked
-    notified << author if author && author.active?
-    notified << assigned_to if assigned_to && assigned_to.active?
+    # Author and assignee are always notified unless they have been
+    # locked or don't want to be notified
+    notified << author if author && author.active? && author.notify_about?(self)
+    notified << assigned_to if assigned_to && assigned_to.active? && assigned_to.notify_about?(self)
    notified.uniq!
    # Remove users that can not view the issue
    notified.reject! {|user| !visible?(user)}
@@ -684,7 +733,7 @@ class Issue < ActiveRecord::Base
      end
      
      # done ratio = weighted average ratio of leaves
-      unless Issue.use_status_for_done_ratio? && p.status && p.status.default_done_ratio?
+      unless Issue.use_status_for_done_ratio? && p.status && p.status.default_done_ratio
        leaves_count = p.leaves.count
        if leaves_count > 0
          average = p.leaves.average(:estimated_hours).to_f
@@ -821,7 +870,7 @@ class Issue < ActiveRecord::Base
                                                j.id as #{select_field},
                                                count(i.id) as total 
                                              from 
-                                                  #{Issue.table_name} i, #{IssueStatus.table_name} s, #{joins} as j
+                                                  #{Issue.table_name} i, #{IssueStatus.table_name} s, #{joins} j
                                              where 
                                                i.status_id=s.id 
                                                and #{where}
--- a/app/models/issue_relation.rb
+++ b/app/models/issue_relation.rb
@@ -84,14 +84,15 @@ class IssueRelation < ActiveRecord::Base
  
  def set_issue_to_dates
    soonest_start = self.successor_soonest_start
-    if soonest_start
+    if soonest_start && issue_to
      issue_to.reschedule_after(soonest_start)
    end
  end
  
  def successor_soonest_start
-    return nil unless (TYPE_PRECEDES == self.relation_type) && (issue_from.start_date || issue_from.due_date)
-    (issue_from.due_date || issue_from.start_date) + 1 + delay
+    if (TYPE_PRECEDES == self.relation_type) && delay && issue_from && (issue_from.start_date || issue_from.due_date)
+      (issue_from.due_date || issue_from.start_date) + 1 + delay
+    end
  end
  
  def <=>(relation)
--- a/app/models/issue_status.rb
+++ b/app/models/issue_status.rb
@@ -17,8 +17,10 @@

 class IssueStatus < ActiveRecord::Base
  before_destroy :check_integrity  
-  has_many :workflows, :foreign_key => "old_status_id", :dependent => :delete_all
+  has_many :workflows, :foreign_key => "old_status_id"
  acts_as_list
+  
+  before_destroy :delete_workflows

  validates_presence_of :name
  validates_uniqueness_of :name
@@ -89,4 +91,9 @@ private
  def check_integrity
    raise "Can't delete status" if Issue.find(:first, :conditions => ["status_id=?", self.id])
  end
+  
+  # Deletes associated workflows
+  def delete_workflows
+    Workflow.delete_all(["old_status_id = :id OR new_status_id = :id", {:id => id}])
+  end
 end
--- a/app/models/journal.rb
+++ b/app/models/journal.rb
@@ -65,4 +65,12 @@ class Journal < ActiveRecord::Base
  def attachments
    journalized.respond_to?(:attachments) ? journalized.attachments : nil
  end
+
+  # Returns a string of css classes
+  def css_classes
+    s = 'journal'
+    s << ' has-notes' unless notes.blank?
+    s << ' has-details' unless details.blank?
+    s
+  end
 end
--- a/app/models/journal_observer.rb
+++ b/app/models/journal_observer.rb
@@ -17,6 +17,11 @@

 class JournalObserver < ActiveRecord::Observer
  def after_create(journal)
-    Mailer.deliver_issue_edit(journal) if Setting.notified_events.include?('issue_updated')
+    if Setting.notified_events.include?('issue_updated') ||
+        (Setting.notified_events.include?('issue_note_added') && journal.notes.present?) ||
+        (Setting.notified_events.include?('issue_status_updated') && journal.new_status.present?) ||
+        (Setting.notified_events.include?('issue_priority_updated') && journal.new_value_for('priority_id').present?)
+      Mailer.deliver_issue_edit(journal)
+    end
  end
 end
--- a/app/models/mail_handler.rb
+++ b/app/models/mail_handler.rb
@@ -17,6 +17,7 @@

 class MailHandler < ActionMailer::Base
  include ActionView::Helpers::SanitizeHelper
+  include Redmine::I18n

  class UnauthorizedAction < StandardError; end
  class MissingInformation < StandardError; end
@@ -116,36 +117,20 @@ class MailHandler < ActionMailer::Base
  # Creates a new issue
  def receive_issue
    project = target_project
-    tracker = (get_keyword(:tracker) && project.trackers.find_by_name(get_keyword(:tracker))) || project.trackers.find(:first)
-    category = (get_keyword(:category) && project.issue_categories.find_by_name(get_keyword(:category)))
-    priority = (get_keyword(:priority) && IssuePriority.find_by_name(get_keyword(:priority)))
-    status =  (get_keyword(:status) && IssueStatus.find_by_name(get_keyword(:status)))
-    assigned_to = (get_keyword(:assigned_to, :override => true) && find_user_from_keyword(get_keyword(:assigned_to, :override => true)))
-    due_date = get_keyword(:due_date, :override => true)
-    start_date = get_keyword(:start_date, :override => true)
-
    # check permission
    unless @@handler_options[:no_permission_check]
      raise UnauthorizedAction unless user.allowed_to?(:add_issues, project)
    end

-    issue = Issue.new(:author => user, :project => project, :tracker => tracker, :category => category, :priority => priority, :due_date => due_date, :start_date => start_date, :assigned_to => assigned_to)
-    # check workflow
-    if status && issue.new_statuses_allowed_to(user).include?(status)
-      issue.status = status
-    end
-    issue.subject = email.subject.chomp[0,255]
+    issue = Issue.new(:author => user, :project => project)
+    issue.safe_attributes = issue_attributes_from_keywords(issue)
+    issue.safe_attributes = {'custom_field_values' => custom_field_values_from_keywords(issue)}
+    issue.subject = email.subject.to_s.chomp[0,255]
    if issue.subject.blank?
      issue.subject = '(no subject)'
    end
-    # custom fields
-    issue.custom_field_values = issue.available_custom_fields.inject({}) do |h, c|
-      if value = get_keyword(c.name, :override => true)
-        h[c.id] = value
-      end
-      h
-    end
    issue.description = cleaned_up_text_body
+    
    # add To and Cc as watchers before saving so the watchers can reply to Redmine
    add_watchers(issue)
    issue.save!
@@ -154,41 +139,22 @@ class MailHandler < ActionMailer::Base
    issue
  end
  
-  def target_project
-    # TODO: other ways to specify project:
-    # * parse the email To field
-    # * specific project (eg. Setting.mail_handler_target_project)
-    target = Project.find_by_identifier(get_keyword(:project))
-    raise MissingInformation.new('Unable to determine target project') if target.nil?
-    target
-  end
-  
  # Adds a note to an existing issue
  def receive_issue_reply(issue_id)
-    status =  (get_keyword(:status) && IssueStatus.find_by_name(get_keyword(:status)))
-    due_date = get_keyword(:due_date, :override => true)
-    start_date = get_keyword(:start_date, :override => true)
-    assigned_to = (get_keyword(:assigned_to, :override => true) && find_user_from_keyword(get_keyword(:assigned_to, :override => true)))
-    
    issue = Issue.find_by_id(issue_id)
    return unless issue
    # check permission
    unless @@handler_options[:no_permission_check]
      raise UnauthorizedAction unless user.allowed_to?(:add_issue_notes, issue.project) || user.allowed_to?(:edit_issues, issue.project)
-      raise UnauthorizedAction unless status.nil? || user.allowed_to?(:edit_issues, issue.project)
    end
-
-    # add the note
-    journal = issue.init_journal(user, cleaned_up_text_body)
-    add_attachments(issue)
-    # check workflow
-    if status && issue.new_statuses_allowed_to(user).include?(status)
-      issue.status = status
-    end
-    issue.start_date = start_date if start_date
-    issue.due_date = due_date if due_date
-    issue.assigned_to = assigned_to if assigned_to
    
+    # ignore CLI-supplied defaults for new issues
+    @@handler_options[:issue].clear
+    
+    journal = issue.init_journal(user, cleaned_up_text_body)
+    issue.safe_attributes = issue_attributes_from_keywords(issue)
+    issue.safe_attributes = {'custom_field_values' => custom_field_values_from_keywords(issue)}
+    add_attachments(issue)
    issue.save!
    logger.info "MailHandler: issue ##{issue.id} updated by #{user}" if logger && logger.info
    journal
@@ -255,8 +221,8 @@ class MailHandler < ActionMailer::Base
      @keywords[attr]
    else
      @keywords[attr] = begin
-        if (options[:override] || @@handler_options[:allow_override].include?(attr.to_s)) && plain_text_body.gsub!(/^#{attr.to_s.humanize}[ \t]*:[ \t]*(.+)\s*$/i, '')
-          $1.strip
+        if (options[:override] || @@handler_options[:allow_override].include?(attr.to_s)) && (v = extract_keyword!(plain_text_body, attr, options[:format]))
+          v
        elsif !@@handler_options[:issue][attr].blank?
          @@handler_options[:issue][attr]
        end
@@ -264,6 +230,65 @@ class MailHandler < ActionMailer::Base
    end
  end
  
+  # Destructively extracts the value for +attr+ in +text+
+  # Returns nil if no matching keyword found
+  def extract_keyword!(text, attr, format=nil)
+    keys = [attr.to_s.humanize]
+    if attr.is_a?(Symbol)
+      keys << l("field_#{attr}", :default => '', :locale =>  user.language) if user
+      keys << l("field_#{attr}", :default => '', :locale =>  Setting.default_language)
+    end
+    keys.reject! {|k| k.blank?}
+    keys.collect! {|k| Regexp.escape(k)}
+    format ||= '.+'
+    text.gsub!(/^(#{keys.join('|')})[ \t]*:[ \t]*(#{format})\s*$/i, '')
+    $2 && $2.strip
+  end
+
+  def target_project
+    # TODO: other ways to specify project:
+    # * parse the email To field
+    # * specific project (eg. Setting.mail_handler_target_project)
+    target = Project.find_by_identifier(get_keyword(:project))
+    raise MissingInformation.new('Unable to determine target project') if target.nil?
+    target
+  end
+  
+  # Returns a Hash of issue attributes extracted from keywords in the email body
+  def issue_attributes_from_keywords(issue)
+    assigned_to = (k = get_keyword(:assigned_to, :override => true)) && find_user_from_keyword(k)
+    assigned_to = nil if assigned_to && !issue.assignable_users.include?(assigned_to)
+    
+    attrs = {
+      'tracker_id' => (k = get_keyword(:tracker)) && issue.project.trackers.find_by_name(k).try(:id),
+      'status_id' =>  (k = get_keyword(:status)) && IssueStatus.find_by_name(k).try(:id),
+      'priority_id' => (k = get_keyword(:priority)) && IssuePriority.find_by_name(k).try(:id),
+      'category_id' => (k = get_keyword(:category)) && issue.project.issue_categories.find_by_name(k).try(:id),
+      'assigned_to_id' => assigned_to.try(:id),
+      'fixed_version_id' => (k = get_keyword(:fixed_version, :override => true)) && issue.project.shared_versions.find_by_name(k).try(:id),
+      'start_date' => get_keyword(:start_date, :override => true, :format => '\d{4}-\d{2}-\d{2}'),
+      'due_date' => get_keyword(:due_date, :override => true, :format => '\d{4}-\d{2}-\d{2}'),
+      'estimated_hours' => get_keyword(:estimated_hours, :override => true),
+      'done_ratio' => get_keyword(:done_ratio, :override => true, :format => '(\d|10)?0')
+    }.delete_if {|k, v| v.blank? }
+    
+    if issue.new_record? && attrs['tracker_id'].nil?
+      attrs['tracker_id'] = issue.project.trackers.find(:first).try(:id)
+    end
+    
+    attrs
+  end
+  
+  # Returns a Hash of issue custom field values extracted from keywords in the email body
+  def custom_field_values_from_keywords(customized)  
+    customized.custom_field_values.inject({}) do |h, v|
+      if value = get_keyword(v.custom_field.name, :override => true)
+        h[v.custom_field.id.to_s] = value
+      end
+      h
+    end
+  end
+  
  # Returns the text/plain part of the email
  # If not found (eg. HTML-only email), returns the body with tags removed
  def plain_text_body
@@ -318,7 +343,7 @@ class MailHandler < ActionMailer::Base
  def cleanup_body(body)
    delimiters = Setting.mail_handler_body_delimiters.to_s.split(/[\r\n]+/).reject(&:blank?).map {|s| Regexp.escape(s)}
    unless delimiters.empty?
-      regex = Regexp.new("^(#{ delimiters.join('|') })\s*[\r\n].*", Regexp::MULTILINE)
+      regex = Regexp.new("^[> ]*(#{ delimiters.join('|') })\s*[\r\n].*", Regexp::MULTILINE)
      body = body.gsub(regex, '')
    end
    body.strip
--- a/app/models/mailer.rb
+++ b/app/models/mailer.rb
@@ -15,6 +15,8 @@
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

+require 'ar_condition'
+
 class Mailer < ActionMailer::Base
  layout 'mailer'
  helper :application
@@ -80,7 +82,7 @@ class Mailer < ActionMailer::Base
  def reminder(user, issues, days)
    set_language_if_valid user.language
    recipients user.mail
-    subject l(:mail_subject_reminder, issues.size)
+    subject l(:mail_subject_reminder, :count => issues.size, :days => days)
    body :issues => issues,
         :days => days,
         :issues_url => url_for(:controller => 'issues', :action => 'index', :set_filter => 1, :assigned_to_id => user.id, :sort_key => 'due_date', :sort_order => 'asc')
@@ -176,9 +178,9 @@ class Mailer < ActionMailer::Base
    message_id wiki_content
    recipients wiki_content.recipients
    cc(wiki_content.page.wiki.watcher_recipients - recipients)
-    subject "[#{wiki_content.project.name}] #{l(:mail_subject_wiki_content_added, :page => wiki_content.page.pretty_title)}"
+    subject "[#{wiki_content.project.name}] #{l(:mail_subject_wiki_content_added, :id => wiki_content.page.pretty_title)}"
    body :wiki_content => wiki_content,
-         :wiki_content_url => url_for(:controller => 'wiki', :action => 'index', :id => wiki_content.project, :page => wiki_content.page.title)
+         :wiki_content_url => url_for(:controller => 'wiki', :action => 'show', :project_id => wiki_content.project, :id => wiki_content.page.title)
    render_multipart('wiki_content_added', body)
  end
  
@@ -193,10 +195,10 @@ class Mailer < ActionMailer::Base
    message_id wiki_content
    recipients wiki_content.recipients
    cc(wiki_content.page.wiki.watcher_recipients + wiki_content.page.watcher_recipients - recipients)
-    subject "[#{wiki_content.project.name}] #{l(:mail_subject_wiki_content_updated, :page => wiki_content.page.pretty_title)}"
+    subject "[#{wiki_content.project.name}] #{l(:mail_subject_wiki_content_updated, :id => wiki_content.page.pretty_title)}"
    body :wiki_content => wiki_content,
-         :wiki_content_url => url_for(:controller => 'wiki', :action => 'index', :id => wiki_content.project, :page => wiki_content.page.title),
-         :wiki_diff_url => url_for(:controller => 'wiki', :action => 'diff', :id => wiki_content.project, :page => wiki_content.page.title, :version => wiki_content.version)
+         :wiki_content_url => url_for(:controller => 'wiki', :action => 'show', :project_id => wiki_content.project, :id => wiki_content.page.title),
+         :wiki_diff_url => url_for(:controller => 'wiki', :action => 'diff', :project_id => wiki_content.project, :id => wiki_content.page.title, :version => wiki_content.version)
    render_multipart('wiki_content_updated', body)
  end

@@ -306,13 +308,16 @@ class Mailer < ActionMailer::Base
  # * :days     => how many days in the future to remind about (defaults to 7)
  # * :tracker  => id of tracker for filtering issues (defaults to all trackers)
  # * :project  => id or identifier of project to process (defaults to all projects)
+  # * :users    => array of user ids who should be reminded
  def self.reminders(options={})
    days = options[:days] || 7
    project = options[:project] ? Project.find(options[:project]) : nil
    tracker = options[:tracker] ? Tracker.find(options[:tracker]) : nil
+    user_ids = options[:users]

    s = ARCondition.new ["#{IssueStatus.table_name}.is_closed = ? AND #{Issue.table_name}.due_date <= ?", false, days.day.from_now.to_date]
    s << "#{Issue.table_name}.assigned_to_id IS NOT NULL"
+    s << ["#{Issue.table_name}.assigned_to_id IN (?)", user_ids] if user_ids.present?
    s << "#{Project.table_name}.status = #{Project::STATUS_ACTIVE}"
    s << "#{Issue.table_name}.project_id = #{project.id}" if project
    s << "#{Issue.table_name}.tracker_id = #{tracker.id}" if tracker
--- a/app/models/member.rb
+++ b/app/models/member.rb
@@ -82,7 +82,7 @@ class Member < ActiveRecord::Base
  protected
  
  def validate
-    errors.add_to_base "Role can't be blank" if member_roles.empty? && roles.empty?
+    errors.add_on_empty :role if member_roles.empty? && roles.empty?
  end
  
  private
--- a/app/models/news.rb
+++ b/app/models/news.rb
@@ -29,6 +29,11 @@ class News < ActiveRecord::Base
  acts_as_activity_provider :find_options => {:include => [:project, :author]},
                            :author_key => :author_id
  
+  named_scope :visible, lambda {|*args| { 
+    :include => :project,
+    :conditions => Project.allowed_to_condition(args.first || User.current, :view_news) 
+  }}
+  
  def visible?(user=User.current)
    !user.nil? && user.allowed_to?(:view_news, project)
  end
--- a/app/models/principal.rb
+++ b/app/models/principal.rb
@@ -33,7 +33,11 @@ class Principal < ActiveRecord::Base
  }
  
  before_create :set_default_empty_values
-  
+
+  def name(formatter = nil)
+    to_s
+  end
+
  def <=>(principal)
    if self.class.name == principal.class.name
      self.to_s.downcase <=> principal.to_s.downcase
--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -16,10 +16,15 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class Project < ActiveRecord::Base
+  include Redmine::SafeAttributes
+  
  # Project statuses
  STATUS_ACTIVE     = 1
  STATUS_ARCHIVED   = 9
  
+  # Maximum length for project identifiers
+  IDENTIFIER_MAX_LENGTH = 100
+  
  # Specific overidden Activities
  has_many :time_entry_activities
  has_many :members, :include => [:user, :roles], :conditions => "#{User.table_name}.type='User' AND #{User.table_name}.status=#{User::STATUS_ACTIVE}"
@@ -61,14 +66,14 @@ class Project < ActiveRecord::Base
                :url => Proc.new {|o| {:controller => 'projects', :action => 'show', :id => o}},
                :author => nil

-  attr_protected :status, :enabled_module_names
+  attr_protected :status
  
  validates_presence_of :name, :identifier
-  validates_uniqueness_of :name, :identifier
+  validates_uniqueness_of :identifier
  validates_associated :repository, :wiki
-  validates_length_of :name, :maximum => 30
+  validates_length_of :name, :maximum => 255
  validates_length_of :homepage, :maximum => 255
-  validates_length_of :identifier, :in => 1..20
+  validates_length_of :identifier, :in => 1..IDENTIFIER_MAX_LENGTH
  # donwcase letters, digits, dashes but not digits only
  validates_format_of :identifier, :with => /^(?!\d+$)[a-z0-9\-]*$/, :if => Proc.new { |p| p.identifier_changed? }
  # reserved words
@@ -81,6 +86,24 @@ class Project < ActiveRecord::Base
  named_scope :all_public, { :conditions => { :is_public => true } }
  named_scope :visible, lambda { { :conditions => Project.visible_by(User.current) } }
  
+  def initialize(attributes = nil)
+    super
+    
+    initialized = (attributes || {}).stringify_keys
+    if !initialized.key?('identifier') && Setting.sequential_project_identifiers? 
+      self.identifier = Project.next_identifier
+    end
+    if !initialized.key?('is_public')
+      self.is_public = Setting.default_projects_public?
+    end
+    if !initialized.key?('enabled_module_names')
+      self.enabled_module_names = Setting.default_projects_modules
+    end
+    if !initialized.key?('trackers') && !initialized.key?('tracker_ids')
+      self.trackers = Tracker.all
+    end
+  end
+  
  def identifier=(identifier)
    super unless identifier_frozen?
  end
@@ -220,6 +243,10 @@ class Project < ActiveRecord::Base
    self.status == STATUS_ACTIVE
  end
  
+  def archived?
+    self.status == STATUS_ARCHIVED
+  end
+  
  # Archives the project and its descendants
  def archive
    # Check that there is no issue of a non descendant project that is assigned
@@ -382,12 +409,13 @@ class Project < ActiveRecord::Base
  
  # Returns the mail adresses of users that should be always notified on project events
  def recipients
-    members.select {|m| m.mail_notification? || m.user.mail_notification?}.collect {|m| m.user.mail}
+    notified_users.collect {|user| user.mail}
  end
  
  # Returns the users that should be notified on project events
  def notified_users
-    members.select {|m| m.mail_notification? || m.user.mail_notification?}.collect {|m| m.user}
+    # TODO: User part should be extracted to User#notify_about?
+    members.select {|m| m.mail_notification? || m.user.mail_notification == 'all'}.collect {|m| m.user}
  end
  
  # Returns an array of all custom fields enabled for project issues
@@ -412,6 +440,54 @@ class Project < ActiveRecord::Base
  def short_description(length = 255)
    description.gsub(/^(.{#{length}}[^\n\r]*).*$/m, '\1...').strip if description
  end
+
+  def css_classes
+    s = 'project'
+    s << ' root' if root?
+    s << ' child' if child?
+    s << (leaf? ? ' leaf' : ' parent')
+    s
+  end
+
+  # The earliest start date of a project, based on it's issues and versions
+  def start_date
+    [
+     issues.minimum('start_date'),
+     shared_versions.collect(&:effective_date),
+     shared_versions.collect(&:start_date)
+    ].flatten.compact.min
+  end
+
+  # The latest due date of an issue or version
+  def due_date
+    [
+     issues.maximum('due_date'),
+     shared_versions.collect(&:effective_date),
+     shared_versions.collect {|v| v.fixed_issues.maximum('due_date')}
+    ].flatten.compact.max
+  end
+
+  def overdue?
+    active? && !due_date.nil? && (due_date < Date.today)
+  end
+
+  # Returns the percent completed for this project, based on the
+  # progress on it's versions.
+  def completed_percent(options={:include_subprojects => false})
+    if options.delete(:include_subprojects)
+      total = self_and_descendants.collect(&:completed_percent).sum
+
+      total / self_and_descendants.count
+    else
+      if versions.count > 0
+        total = versions.collect(&:completed_pourcent).sum
+
+        total / versions.count
+      else
+        100
+      end
+    end
+  end
  
  # Return true if this project is allowed to do the specified action.
  # action can be:
@@ -432,7 +508,7 @@ class Project < ActiveRecord::Base
  
  def enabled_module_names=(module_names)
    if module_names && module_names.is_a?(Array)
-      module_names = module_names.collect(&:to_s)
+      module_names = module_names.collect(&:to_s).reject(&:blank?)
      # remove disabled modules
      enabled_modules.each {|mod| mod.destroy unless module_names.include?(mod.name)}
      # add new modules
@@ -442,6 +518,33 @@ class Project < ActiveRecord::Base
    end
  end
  
+  # Returns an array of the enabled modules names
+  def enabled_module_names
+    enabled_modules.collect(&:name)
+  end
+  
+  safe_attributes 'name',
+    'description',
+    'homepage',
+    'is_public',
+    'identifier',
+    'custom_field_values',
+    'custom_fields',
+    'tracker_ids',
+    'issue_custom_field_ids'
+
+  safe_attributes 'enabled_module_names',
+    :if => lambda {|project, user| project.new_record? || user.allowed_to?(:select_project_modules, project) }
+  
+  # Returns an array of projects that are in this project's hierarchy
+  #
+  # Example: parents, children, siblings
+  def hierarchy
+    parents = project.self_and_ancestors || []
+    descendants = project.descendants || []
+    project_hierarchy = parents | descendants # Set union
+  end
+  
  # Returns an auto-generated project identifier based on the last identifier used
  def self.next_identifier
    p = Project.find(:first, :order => 'created_on DESC')
@@ -503,6 +606,18 @@ class Project < ActiveRecord::Base
      return nil
    end
  end
+
+  # Yields the given block for each project with its level in the tree
+  def self.project_tree(projects, &block)
+    ancestors = []
+    projects.sort_by(&:lft).each do |project|
+      while (ancestors.any? && !project.is_descendant_of?(ancestors.last)) 
+        ancestors.pop
+      end
+      yield project, ancestors.size
+      ancestors << project
+    end
+  end
  
  private
  
@@ -588,12 +703,20 @@ class Project < ActiveRecord::Base
      end
      
      self.issues << new_issue
-      issues_map[issue.id] = new_issue
+      if new_issue.new_record?
+        logger.info "Project#copy_issues: issue ##{issue.id} could not be copied: #{new_issue.errors.full_messages}" if logger && logger.info
+      else
+        issues_map[issue.id] = new_issue unless new_issue.new_record?
+      end
    end

    # Relations after in case issues related each other
    project.issues.each do |issue|
      new_issue = issues_map[issue.id]
+      unless new_issue
+        # Issue was not copied
+        next
+      end
      
      # Relations
      issue.relations_from.each do |source_relation|
@@ -620,7 +743,12 @@ class Project < ActiveRecord::Base

  # Copies members from +project+
  def copy_members(project)
-    project.memberships.each do |member|
+    # Copy users first, then groups to handle members with inherited and given roles
+    members_to_copy = []
+    members_to_copy += project.memberships.select {|m| m.principal.is_a?(User)}
+    members_to_copy += project.memberships.select {|m| !m.principal.is_a?(User)}
+    
+    members_to_copy.each do |member|
      new_member = Member.new
      new_member.attributes = member.attributes.dup.except("id", "project_id", "created_on")
      # only copy non inherited roles
--- a/app/models/query.rb
+++ b/app/models/query.rb
@@ -187,14 +187,28 @@ class Query < ActiveRecord::Base
    if project
      user_values += project.users.sort.collect{|s| [s.name, s.id.to_s] }
    else
-      project_ids = User.current.projects.collect(&:id)
-      if project_ids.any?
-        # members of the user's projects
-        user_values += User.active.find(:all, :conditions => ["#{User.table_name}.id IN (SELECT DISTINCT user_id FROM members WHERE project_id IN (?))", project_ids]).sort.collect{|s| [s.name, s.id.to_s] }
+      all_projects = Project.visible.all
+      if all_projects.any?
+        # members of visible projects
+        user_values += User.active.find(:all, :conditions => ["#{User.table_name}.id IN (SELECT DISTINCT user_id FROM members WHERE project_id IN (?))", all_projects.collect(&:id)]).sort.collect{|s| [s.name, s.id.to_s] }
+          
+        # project filter
+        project_values = []
+        Project.project_tree(all_projects) do |p, level|
+          prefix = (level > 0 ? ('--' * level + ' ') : '')
+          project_values << ["#{prefix}#{p.name}", p.id.to_s]
+        end
+        @available_filters["project_id"] = { :type => :list, :order => 1, :values => project_values} unless project_values.empty?
      end
    end
    @available_filters["assigned_to_id"] = { :type => :list_optional, :order => 4, :values => user_values } unless user_values.empty?
    @available_filters["author_id"] = { :type => :list, :order => 5, :values => user_values } unless user_values.empty?
+
+    group_values = Group.all.collect {|g| [g.name, g.id.to_s] }
+    @available_filters["member_of_group"] = { :type => :list_optional, :order => 6, :values => group_values } unless group_values.empty?
+
+    role_values = Role.givable.collect {|r| [r.name, r.id.to_s] }
+    @available_filters["assigned_to_role"] = { :type => :list_optional, :order => 7, :values => role_values } unless role_values.empty?
    
    if User.current.logged?
      @available_filters["watcher_id"] = { :type => :list, :order => 15, :values => [["<< #{l(:label_me)} >>", "me"]] }
@@ -246,8 +260,10 @@ class Query < ActiveRecord::Base

  # Add multiple filters using +add_filter+
  def add_filters(fields, operators, values)
-    fields.each do |field|
-      add_filter(field, operators[field], values[field])
+    if fields.is_a?(Array) && operators.is_a?(Hash) && values.is_a?(Hash)
+      fields.each do |field|
+        add_filter(field, operators[field], values[field])
+      end
    end
  end
  
@@ -362,15 +378,15 @@ class Query < ActiveRecord::Base
  
  # Returns true if the query is a grouped query
  def grouped?
-    !group_by.blank?
+    !group_by_column.nil?
  end
  
  def group_by_column
-    groupable_columns.detect {|c| c.name.to_s == group_by}
+    groupable_columns.detect {|c| c.groupable && c.name.to_s == group_by}
  end
  
  def group_by_statement
-    group_by_column.groupable
+    group_by_column.try(:groupable)
  end
  
  def project_statement
@@ -426,6 +442,47 @@ class Query < ActiveRecord::Base
        db_field = 'user_id'
        sql << "#{Issue.table_name}.id #{ operator == '=' ? 'IN' : 'NOT IN' } (SELECT #{db_table}.watchable_id FROM #{db_table} WHERE #{db_table}.watchable_type='Issue' AND "
        sql << sql_for_field(field, '=', v, db_table, db_field) + ')'
+      elsif field == "member_of_group" # named field
+        if operator == '*' # Any group
+          groups = Group.all
+          operator = '=' # Override the operator since we want to find by assigned_to
+        elsif operator == "!*"
+          groups = Group.all
+          operator = '!' # Override the operator since we want to find by assigned_to
+        else
+          groups = Group.find_all_by_id(v)
+        end
+        groups ||= []
+
+        members_of_groups = groups.inject([]) {|user_ids, group|
+          if group && group.user_ids.present?
+            user_ids << group.user_ids
+          end
+          user_ids.flatten.uniq.compact
+        }.sort.collect(&:to_s)
+        
+        sql << '(' + sql_for_field("assigned_to_id", operator, members_of_groups, Issue.table_name, "assigned_to_id", false) + ')'
+
+      elsif field == "assigned_to_role" # named field
+        if operator == "*" # Any Role
+          roles = Role.givable
+          operator = '=' # Override the operator since we want to find by assigned_to
+        elsif operator == "!*" # No role
+          roles = Role.givable
+          operator = '!' # Override the operator since we want to find by assigned_to
+        else
+          roles = Role.givable.find_all_by_id(v)
+        end
+        roles ||= []
+        
+        members_of_roles = roles.inject([]) {|user_ids, role|
+          if role && role.members
+            user_ids << role.members.collect(&:user_id)
+          end
+          user_ids.flatten.uniq.compact
+        }.sort.collect(&:to_s)
+        
+        sql << '(' + sql_for_field("assigned_to_id", operator, members_of_roles, Issue.table_name, "assigned_to_id", false) + ')'
      else
        # regular field
        db_table = Issue.table_name
--- a/app/models/repository/git.rb
+++ b/app/models/repository/git.rb
@@ -29,6 +29,16 @@ class Repository::Git < Repository
    'Git'
  end

+  # Returns the identifier for the given git changeset
+  def self.changeset_identifier(changeset)
+    changeset.scmid
+  end
+
+  # Returns the readable identifier for the given git changeset
+  def self.format_changeset_identifier(changeset)
+    changeset.revision[0, 8]
+  end
+
  def branches
    scm.branches
  end
--- a/app/models/repository/mercurial.rb
+++ b/app/models/repository/mercurial.rb
@@ -18,6 +18,9 @@
 require 'redmine/scm/adapters/mercurial_adapter'

 class Repository::Mercurial < Repository
+  # sort changesets by revision number
+  has_many :changesets, :order => "#{Changeset.table_name}.id DESC", :foreign_key => 'repository_id'
+
  attr_protected :root_url
  validates_presence_of :url

@@ -52,6 +55,18 @@ class Repository::Mercurial < Repository
    entries
  end

+  # Returns the latest changesets for +path+; sorted by revision number
+  def latest_changesets(path, rev, limit=10)
+    if path.blank?
+      changesets.find(:all, :include => :user, :limit => limit)
+    else
+      changes.find(:all, :include => {:changeset => :user},
+                         :conditions => ["path = ?", path.with_leading_slash],
+                         :order => "#{Changeset.table_name}.id DESC",
+                         :limit => limit).collect(&:changeset)
+    end
+  end
+
  def fetch_changesets
    scm_info = scm.info
    if scm_info
--- a/app/models/time_entry.rb
+++ b/app/models/time_entry.rb
@@ -27,7 +27,7 @@ class TimeEntry < ActiveRecord::Base

  acts_as_customizable
  acts_as_event :title => Proc.new {|o| "#{l_hours(o.hours)} (#{(o.issue || o.project).event_title})"},
-                :url => Proc.new {|o| {:controller => 'timelog', :action => 'details', :project_id => o.project, :issue_id => o.issue}},
+                :url => Proc.new {|o| {:controller => 'timelog', :action => 'index', :project_id => o.project, :issue_id => o.issue}},
                :author => :user,
                :description => :comments

@@ -81,4 +81,20 @@ class TimeEntry < ActiveRecord::Base
      yield
    end
  end
+
+  def self.earilest_date_for_project(project=nil)
+    finder_conditions = ARCondition.new(Project.allowed_to_condition(User.current, :view_time_entries))
+    if project
+      finder_conditions << ["project_id IN (?)", project.hierarchy.collect(&:id)]
+    end
+    TimeEntry.minimum(:spent_on, :include => :project, :conditions => finder_conditions.conditions)
+  end
+
+  def self.latest_date_for_project(project=nil)
+    finder_conditions = ARCondition.new(Project.allowed_to_condition(User.current, :view_time_entries))
+    if project
+      finder_conditions << ["project_id IN (?)", project.hierarchy.collect(&:id)]
+    end
+    TimeEntry.maximum(:spent_on, :include => :project, :conditions => finder_conditions.conditions)
+  end
 end
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -18,7 +18,8 @@
 require "digest/sha1"

 class User < Principal
-
+  include Redmine::SafeAttributes
+  
  # Account statuses
  STATUS_ANONYMOUS  = 0
  STATUS_ACTIVE     = 1
@@ -33,6 +34,15 @@ class User < Principal
    :username => '#{login}'
  }

+  MAIL_NOTIFICATION_OPTIONS = [
+    ['all', :label_user_mail_option_all],
+    ['selected', :label_user_mail_option_selected],
+    ['only_my_events', :label_user_mail_option_only_my_events],
+    ['only_assigned', :label_user_mail_option_only_assigned],
+    ['only_owner', :label_user_mail_option_only_owner],
+    ['none', :label_user_mail_option_none]
+  ]
+
  has_and_belongs_to_many :groups, :after_add => Proc.new {|user, group| group.user_added(user)},
                                   :after_remove => Proc.new {|user, group| group.user_removed(user)}
  has_many :issue_categories, :foreign_key => 'assigned_to_id', :dependent => :nullify
@@ -50,7 +60,7 @@ class User < Principal
  attr_accessor :password, :password_confirmation
  attr_accessor :last_before_login_on
  # Prevents unauthorized assignments
-  attr_protected :login, :admin, :password, :password_confirmation, :hashed_password, :group_ids
+  attr_protected :login, :admin, :password, :password_confirmation, :hashed_password
 	
  validates_presence_of :login, :firstname, :lastname, :mail, :if => Proc.new { |user| !user.is_a?(AnonymousUser) }
  validates_uniqueness_of :login, :if => Proc.new { |user| !user.login.blank? }, :case_sensitive => false
@@ -63,9 +73,10 @@ class User < Principal
  validates_format_of :mail, :with => /^([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})$/i, :allow_nil => true
  validates_length_of :mail, :maximum => 60, :allow_nil => true
  validates_confirmation_of :password, :allow_nil => true
+  validates_inclusion_of :mail_notification, :in => MAIL_NOTIFICATION_OPTIONS.collect(&:first), :allow_blank => true

  def before_create
-    self.mail_notification = false
+    self.mail_notification = Setting.default_notification_option if self.mail_notification.blank?
    true
  end
  
@@ -79,6 +90,10 @@ class User < Principal
    super
  end
  
+  def mail=(arg)
+    write_attribute(:mail, arg.to_s.strip)
+  end
+  
  def identity_url=(url)
    if url.blank?
      write_attribute(:identity_url, '')
@@ -160,6 +175,30 @@ class User < Principal
    self.status == STATUS_LOCKED
  end

+  def activate
+    self.status = STATUS_ACTIVE
+  end
+
+  def register
+    self.status = STATUS_REGISTERED
+  end
+
+  def lock
+    self.status = STATUS_LOCKED
+  end
+
+  def activate!
+    update_attribute(:status, STATUS_ACTIVE)
+  end
+
+  def register!
+    update_attribute(:status, STATUS_REGISTERED)
+  end
+
+  def lock!
+    update_attribute(:status, STATUS_LOCKED)
+  end
+
  def check_password?(clear_password)
    if auth_source_id.present?
      auth_source.authenticate(self.login, clear_password)
@@ -222,6 +261,17 @@ class User < Principal
    notified_projects_ids
  end

+  # Only users that belong to more than 1 project can select projects for which they are notified
+  def valid_notification_options
+    # Note that @user.membership.size would fail since AR ignores
+    # :include association option when doing a count
+    if memberships.length < 1
+      MAIL_NOTIFICATION_OPTIONS.delete_if {|option| option.first == 'selected'}
+    else
+      MAIL_NOTIFICATION_OPTIONS
+    end
+  end
+
  # Find a user account by matching the exact login and then a case-insensitive
  # version.  Exact matches will be given priority.
  def self.find_by_login(login)
@@ -296,23 +346,35 @@ class User < Principal
    !roles_for_project(project).detect {|role| role.member?}.nil?
  end
  
-  # Return true if the user is allowed to do the specified action on project
-  # action can be:
+  # Return true if the user is allowed to do the specified action on a specific context
+  # Action can be:
  # * a parameter-like Hash (eg. :controller => 'projects', :action => 'edit')
  # * a permission Symbol (eg. :edit_project)
-  def allowed_to?(action, project, options={})
-    if project
+  # Context can be:
+  # * a project : returns true if user is allowed to do the specified action on this project
+  # * a group of projects : returns true if user is allowed on every project
+  # * nil with options[:global] set : check if user has at least one role allowed for this action, 
+  #   or falls back to Non Member / Anonymous permissions depending if the user is logged
+  def allowed_to?(action, context, options={})
+    if context && context.is_a?(Project)
      # No action allowed on archived projects
-      return false unless project.active?
+      return false unless context.active?
      # No action allowed on disabled modules
-      return false unless project.allows_to?(action)
+      return false unless context.allows_to?(action)
      # Admin users are authorized for anything else
      return true if admin?
      
-      roles = roles_for_project(project)
+      roles = roles_for_project(context)
      return false unless roles
-      roles.detect {|role| (project.is_public? || role.member?) && role.allowed_to?(action)}
+      roles.detect {|role| (context.is_public? || role.member?) && role.allowed_to?(action)}
      
+    elsif context && context.is_a?(Array)
+      # Authorize if user is authorized on every element of the array
+      context.map do |project|
+        allowed_to?(action,project,options)
+      end.inject do |memo,allowed|
+        memo && allowed
+      end
    elsif options[:global]
      # Admin users are always authorized
      return true if admin?
@@ -324,6 +386,64 @@ class User < Principal
      false
    end
  end
+
+  # Is the user allowed to do the specified action on any project?
+  # See allowed_to? for the actions and valid options.
+  def allowed_to_globally?(action, options)
+    allowed_to?(action, nil, options.reverse_merge(:global => true))
+  end
+
+  safe_attributes 'login',
+    'firstname',
+    'lastname',
+    'mail',
+    'mail_notification',
+    'language',
+    'custom_field_values',
+    'custom_fields',
+    'identity_url'
+  
+  safe_attributes 'status',
+    'auth_source_id',
+    :if => lambda {|user, current_user| current_user.admin?}
+  
+  safe_attributes 'group_ids',
+    :if => lambda {|user, current_user| current_user.admin? && !user.new_record?}
+  
+  # Utility method to help check if a user should be notified about an
+  # event.
+  #
+  # TODO: only supports Issue events currently
+  def notify_about?(object)
+    case mail_notification
+    when 'all'
+      true
+    when 'selected'
+      # Handled by the Project
+    when 'none'
+      false
+    when 'only_my_events'
+      if object.is_a?(Issue) && (object.author == self || object.assigned_to == self)
+        true
+      else
+        false
+      end
+    when 'only_assigned'
+      if object.is_a?(Issue) && object.assigned_to == self
+        true
+      else
+        false
+      end
+    when 'only_owner'
+      if object.is_a?(Issue) && object.author == self
+        true
+      else
+        false
+      end
+    else
+      false
+    end
+  end
  
  def self.current=(user)
    @current_user = user
--- a/app/models/version.rb
+++ b/app/models/version.rb
@@ -43,7 +43,7 @@ class Version < ActiveRecord::Base
  end
  
  def start_date
-    effective_date
+    @start_date ||= fixed_issues.minimum('start_date')
  end
  
  def due_date
@@ -73,6 +73,17 @@ class Version < ActiveRecord::Base
  def completed?
    effective_date && (effective_date <= Date.today) && (open_issues_count == 0)
  end
+
+  def behind_schedule?
+    if completed_pourcent == 100
+      return false
+    elsif due_date && start_date
+      done_date = start_date + ((due_date - start_date+1)* completed_pourcent/100).floor
+      return done_date <= Date.today
+    else
+      false # No issues so it's not late
+    end
+  end
  
  # Returns the completion percentage of this version based on the amount of open/closed issues
  # and the time spent on the open issues.
@@ -123,6 +134,10 @@ class Version < ActiveRecord::Base
  end
  
  def to_s; name end
+
+  def to_s_with_project
+    "#{project} - #{name}"
+  end
  
  # Versions are sorted by effective_date and "Project Name - Version name"
  # Those with no effective_date are at the end, sorted by "Project Name - Version name"
--- a/app/models/wiki.rb
+++ b/app/models/wiki.rb
@@ -45,11 +45,11 @@ class Wiki < ActiveRecord::Base
  # find the page with the given title
  def find_page(title, options = {})
    title = start_page if title.blank?
-    title = Wiki.titleize(title)
-    page = pages.find_by_title(title)
+    title = Wiki.titleize(title).downcase
+    page = pages.first(:conditions => ["LOWER(title) LIKE ?", title])
    if !page && !(options[:with_redirect] == false)
      # search for a redirect
-      redirect = redirects.find_by_title(title)
+      redirect = redirects.first(:conditions => ["LOWER(title) LIKE ?", title])
      page = find_page(redirect.redirects_to, :with_redirect => false) if redirect
    end
    page
--- a/app/models/wiki_content.rb
+++ b/app/models/wiki_content.rb
@@ -54,7 +54,7 @@ class WikiContent < ActiveRecord::Base
                  :description => :comments,
                  :datetime => :updated_on,
                  :type => 'wiki-page',
-                  :url => Proc.new {|o| {:controller => 'wiki', :id => o.page.wiki.project_id, :page => o.page.title, :version => o.version}}
+                  :url => Proc.new {|o| {:controller => 'wiki', :action => 'show', :project_id => o.page.wiki.project, :id => o.page.title, :version => o.version}}

    acts_as_activity_provider :type => 'wiki_edits',
                              :timestamp => "#{WikiContent.versioned_table_name}.updated_on",
--- a/app/models/wiki_page.rb
+++ b/app/models/wiki_page.rb
@@ -28,7 +28,7 @@ class WikiPage < ActiveRecord::Base
  acts_as_event :title => Proc.new {|o| "#{l(:label_wiki)}: #{o.title}"},
                :description => :text,
                :datetime => :created_on,
-                :url => Proc.new {|o| {:controller => 'wiki', :id => o.wiki.project, :page => o.title}}
+                :url => Proc.new {|o| {:controller => 'wiki', :action => 'show', :project_id => o.wiki.project, :id => o.title}}

  acts_as_searchable :columns => ['title', 'text'],
                     :include => [{:wiki => :project}, :content],
@@ -139,7 +139,7 @@ class WikiPage < ActiveRecord::Base
    parent_page = t.blank? ? nil : self.wiki.find_page(t)
    self.parent = parent_page
  end
-  
+
  protected
  
  def validate
--- a/app/views/activities/index.html.erb
+++ b/app/views/activities/index.html.erb
--- a/app/views/admin/_menu.rhtml
+++ b/app/views/admin/_menu.rhtml
@@ -1,20 +1,5 @@
 <div id="admin-menu">
-	<ul>
-		<li><%= link_to l(:label_project_plural), {:controller => 'admin', :action => 'projects'}, :class => 'projects' %></li>
-		<li><%= link_to l(:label_user_plural), {:controller => 'users'}, :class => 'users' %></li>
-		<li><%= link_to l(:label_group_plural), {:controller => 'groups'}, :class => 'groups' %></li>
-        <li><%= link_to l(:label_ldap_authentication), :controller => 'ldap_auth_sources', :action => 'index' %></li>
-		<li><%= link_to l(:label_role_and_permissions), {:controller => 'roles'}, :class => 'roles' %></li>
-		<li><%= link_to l(:label_tracker_plural), {:controller => 'trackers'}, :class => 'trackers' %></li>
-		<li><%= link_to l(:label_issue_status_plural), {:controller => 'issue_statuses'}, :class => 'issue_statuses' %></li>
-		<li><%= link_to l(:label_workflow), {:controller => 'workflows', :action => 'edit'}, :class => 'workflows' %></li>
-		<li><%= link_to l(:label_custom_field_plural), {:controller => 'custom_fields'}, :class => 'custom_fields' %></li>
-		<li><%= link_to l(:label_enumerations), {:controller => 'enumerations'}, :class => 'enumerations' %></li>
-		<li><%= link_to l(:label_settings), {:controller => 'settings'}, :class => 'settings' %></li>
-		<% menu_items_for(:admin_menu) do |item| -%>
-			<li><%= link_to h(item.caption), item.url, item.html_options %></li>
-		<% end -%>
-		<li><%= link_to l(:label_plugins), {:controller => 'admin', :action => 'plugins'}, :class => 'plugins' %></li>
-		<li><%= link_to l(:label_information_plural), {:controller => 'admin', :action => 'info'}, :class => 'info' %></li>
-	</ul>
+  <ul>
+    <%= render_menu :admin_menu %>
+  </ul>
 </div>
--- a/app/views/admin/projects.rhtml
+++ b/app/views/admin/projects.rhtml
@@ -1,5 +1,5 @@
 <div class="contextual">
-<%= link_to l(:label_project_new), {:controller => 'projects', :action => 'add'}, :class => 'icon icon-add' %>
+<%= link_to l(:label_project_new), {:controller => 'projects', :action => 'new'}, :class => 'icon icon-add' %>
 </div>

 <h2><%=l(:label_project_plural)%></h2>
@@ -19,23 +19,21 @@
 <table class="list">
  <thead><tr>
 	<th><%=l(:label_project)%></th>
-	<th><%=l(:field_description)%></th>
 	<th><%=l(:field_is_public)%></th>
 	<th><%=l(:field_created_on)%></th>
  <th></th>
  </tr></thead>
  <tbody>
 <% project_tree(@projects) do |project, level| %>
-  <tr class="<%= cycle("odd", "even") %> <%= css_project_classes(project) %> <%= level > 0 ? "idnt idnt-#{level}" : nil %>">
-	<td class="name"><%= project.active? ? link_to(h(project.name), :controller => 'projects', :action => 'settings', :id => project) : h(project.name) %></td>
-	<td><%= textilizable project.short_description, :project => project %></td>
+  <tr class="<%= cycle("odd", "even") %> <%= project.css_classes %> <%= level > 0 ? "idnt idnt-#{level}" : nil %>">
+	<td class="name"><span><%= link_to_project(project, {:action => 'settings'}, :title => project.short_description) %></span></td>
 	<td align="center"><%= checked_image project.is_public? %></td>
 	<td align="center"><%= format_date(project.created_on) %></td>
  <td class="buttons">
    <%= link_to(l(:button_archive), { :controller => 'projects', :action => 'archive', :id => project, :status => params[:status] }, :confirm => l(:text_are_you_sure), :method => :post, :class => 'icon icon-lock') if project.active? %>
    <%= link_to(l(:button_unarchive), { :controller => 'projects', :action => 'unarchive', :id => project, :status => params[:status] }, :method => :post, :class => 'icon icon-unlock') if !project.active? && (project.parent.nil? || project.parent.active?) %>
    <%= link_to(l(:button_copy), { :controller => 'projects', :action => 'copy', :id => project }, :class => 'icon icon-copy') %>
-    <%= link_to(l(:button_delete), { :controller => 'projects', :action => 'destroy', :id => project }, :class => 'icon icon-del') %>
+    <%= link_to(l(:button_delete), project_destroy_confirm_path(project), :class => 'icon icon-del') %>
  </td>
  </tr>
 <% end %>
--- a/app/views/attachments/_form.rhtml
+++ b/app/views/attachments/_form.rhtml
@@ -1,6 +1,5 @@
 <span id="attachments_fields">
-<%= file_field_tag 'attachments[1][file]', :size => 30, :id => nil  -%>
-<label class="inline"><span id="attachment_description_label_content"><%= l(:label_optional_description) %></span><%= text_field_tag 'attachments[1][description]', '', :size => 60, :id => nil %>
+<%= file_field_tag 'attachments[1][file]', :size => 30, :id => nil  -%><label class="inline"><span id="attachment_description_label_content"><%= l(:label_optional_description) %></span><%= text_field_tag 'attachments[1][description]', '', :size => 60, :id => nil %>
 </label>
 </span>
 <br />
--- a/app/views/auto_completes/issues.html.erb
+++ b/app/views/auto_completes/issues.html.erb
--- a/app/views/boards/index.rhtml
+++ b/app/views/boards/index.rhtml
@@ -30,11 +30,11 @@
 </table>

 <% other_formats_links do |f| %>
-	<%= f.link_to 'Atom', :url => {:controller => 'projects', :action => 'activity', :id => @project, :show_messages => 1, :key => User.current.rss_key} %>
+	<%= f.link_to 'Atom', :url => {:controller => 'activities', :action => 'index', :id => @project, :show_messages => 1, :key => User.current.rss_key} %>
 <% end %>

 <% content_for :header_tags do %>
-  <%= auto_discovery_link_tag(:atom, {:controller => 'projects', :action => 'activity', :id => @project, :format => 'atom', :show_messages => 1, :key => User.current.rss_key}) %>
+  <%= auto_discovery_link_tag(:atom, {:controller => 'activities', :action => 'index', :id => @project, :format => 'atom', :show_messages => 1, :key => User.current.rss_key}) %>
 <% end %>

 <% html_title l(:label_board_plural) %>
--- a/app/views/calendars/show.html.erb
+++ b/app/views/calendars/show.html.erb
@@ -1,6 +1,7 @@
 <h2><%= l(:label_calendar) %></h2>

-<% form_tag({}, :id => 'query_form') do %>
+<% form_tag(calendar_path, :method => :put, :id => 'query_form') do %>
+  <%= hidden_field_tag('project_id', @project.to_param) if @project%>
 <fieldset id="filters" class="collapsible">
  <legend onclick="toggleFieldset(this);"><%= l(:label_filter_plural) %></legend>
  <div>
@@ -9,14 +10,7 @@
 </fieldset>

 <p style="float:right;">
-<%= link_to_remote ('&#171; ' + (@month==1 ? "#{month_name(12)} #{@year-1}" : "#{month_name(@month-1)}")), 
-                        {:update => "content", :url => { :year => (@month==1 ? @year-1 : @year), :month =>(@month==1 ? 12 : @month-1) }},
-                        {:href => url_for(:action => 'show', :year => (@month==1 ? @year-1 : @year), :month =>(@month==1 ? 12 : @month-1))}
-                        %> |
-<%= link_to_remote ((@month==12 ? "#{month_name(1)} #{@year+1}" : "#{month_name(@month+1)}") + ' &#187;'), 
-                        {:update => "content", :url => { :year => (@month==12 ? @year+1 : @year), :month =>(@month==12 ? 1 : @month+1) }},
-                        {:href => url_for(:action => 'show', :year => (@month==12 ? @year+1 : @year), :month =>(@month==12 ? 1 : @month+1))}
-                        %>
+  <%= link_to_previous_month(@year, @month, :project => @project) %> | <%= link_to_next_month(@year, @month, :project => @project) %>
 </p>

 <p class="buttons">
@@ -32,7 +26,8 @@
                   }, :class => 'icon icon-checked' %>
                   
 <%= link_to_remote l(:button_clear),
-                   { :url => { :set_filter => (@query.new_record? ? 1 : nil) }, 
+                   { :url => { :project_id => @project, :set_filter => (@query.new_record? ? 1 : nil) }, 
+                     :method => :put,
                     :update => "content",
                   }, :class => 'icon icon-reload' if @query.new_record? %>
 </p>
@@ -43,9 +38,9 @@
 <%= render :partial => 'common/calendar', :locals => {:calendar => @calendar} %>

 <p class="legend cal">
-	<span class="starting"><%= l(:text_tip_task_begin_day) %></span>
-	<span class="ending"><%= l(:text_tip_task_end_day) %></span>
-	<span class="starting ending"><%= l(:text_tip_task_begin_end_day) %></span>
+	<span class="starting"><%= l(:text_tip_issue_begin_day) %></span>
+	<span class="ending"><%= l(:text_tip_issue_end_day) %></span>
+	<span class="starting ending"><%= l(:text_tip_issue_begin_end_day) %></span>
 </p>
 <% end %>

--- a/app/views/common/403.rhtml
+++ b/app/views/common/403.rhtml
@@ -1,6 +0,0 @@
-<h2>403</h2>
-
-<p><%= l(:notice_not_authorized) %></p>
-<p><a href="javascript:history.back()">Back</a></p>
-
-<% html_title '403' %>
--- a/app/views/common/404.rhtml
+++ b/app/views/common/404.rhtml
@@ -1,6 +0,0 @@
-<h2>404</h2>
-
-<p><%= l(:notice_file_not_found) %></p>
-<p><a href="javascript:history.back()">Back</a></p>
-
-<% html_title '404' %>
--- a/app/views/common/error.html.erb
+++ b/app/views/common/error.html.erb
@@ -0,0 +1,6 @@
+<h2><%=h @status %></h2>
+
+<p id="errorExplanation"><%=h @message %></p>
+<p><a href="javascript:history.back()">Back</a></p>
+
+<% html_title @status %>
--- a/app/views/context_menus/issues.html.erb
+++ b/app/views/context_menus/issues.html.erb
@@ -4,20 +4,23 @@
 <% if !@issue.nil? -%>
 	<li><%= context_menu_link l(:button_edit), {:controller => 'issues', :action => 'edit', :id => @issue},
 	        :class => 'icon-edit', :disabled => !@can[:edit] %></li>
-	<li class="folder">			
-		<a href="#" class="submenu" onclick="return false;"><%= l(:field_status) %></a>
-		<ul>
-		<% @statuses.each do |s| -%>
-		    <li><%= context_menu_link s.name, {:controller => 'issues', :action => 'edit', :id => @issue, :issue => {:status_id => s}, :back_url => @back}, :method => :post,
-		                              :selected => (s == @issue.status), :disabled => !(@can[:update] && @allowed_statuses.include?(s)) %></li>
-		<% end -%>
-		</ul>
-	</li>
 <% else %>
 	<li><%= context_menu_link l(:button_edit), {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id)},
 	        :class => 'icon-edit', :disabled => !@can[:edit] %></li>
 <% end %>

+  <% if @allowed_statuses.present? %>
+	<li class="folder">			
+		<a href="#" class="submenu" onclick="return false;"><%= l(:field_status) %></a>
+		<ul>
+		<% @statuses.each do |s| -%>
+		    <li><%= context_menu_link s.name, {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), :issue => {:status_id => s}, :back_url => @back}, :method => :post,
+		                              :selected => (@issue && s == @issue.status), :disabled => !(@can[:update] && @allowed_statuses.include?(s)) %></li>
+		<% end -%>
+		</ul>
+	</li>
+  <% end %>
+
 	<% unless @trackers.nil? %>
 	<li class="folder">			
 		<a href="#" class="submenu"><%= l(:field_tracker) %></a>
@@ -29,15 +32,18 @@
 		</ul>
 	</li>
 	<% end %>
+
 	<li class="folder">			
 		<a href="#" class="submenu"><%= l(:field_priority) %></a>
 		<ul>
 		<% @priorities.each do |p| -%>
 		    <li><%= context_menu_link p.name, {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), :issue => {'priority_id' => p}, :back_url => @back}, :method => :post,
-		                              :selected => (@issue && p == @issue.priority), :disabled => !@can[:edit] %></li>
+		                              :selected => (@issue && p == @issue.priority), :disabled => (!@can[:edit] || @issues.detect {|i| !i.leaf?}) %></li>
 		<% end -%>
 		</ul>
 	</li>
+
+  <% #TODO: allow editing versions when multiple projects %>
 	<% unless @project.nil? || @project.shared_versions.open.empty? -%>
 	<li class="folder">			
 		<a href="#" class="submenu"><%= l(:field_fixed_version) %></a>
@@ -51,7 +57,7 @@
 		</ul>
 	</li>
 	<% end %>
-	<% unless @assignables.nil? || @assignables.empty? -%>
+	<% if @assignables.present? -%>
 	<li class="folder">			
 		<a href="#" class="submenu"><%= l(:field_assigned_to) %></a>
 		<ul>
@@ -77,20 +83,22 @@
 		</ul>
 	</li>
 	<% end -%>
+
  <% if Issue.use_field_for_done_ratio? %>
 	<li class="folder">
 		<a href="#" class="submenu"><%= l(:field_done_ratio) %></a>
 		<ul>
 		<% (0..10).map{|x|x*10}.each do |p| -%>
 		    <li><%= context_menu_link "#{p}%", {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), :issue => {'done_ratio' => p}, :back_url => @back}, :method => :post,
-		                                  :selected => (@issue && p == @issue.done_ratio), :disabled => !@can[:edit] %></li>
+		                                  :selected => (@issue && p == @issue.done_ratio), :disabled => (!@can[:edit] || @issues.detect {|i| !i.leaf?}) %></li>
 		<% end -%>
 		</ul>
 	</li>
  <% end %>
+
 <% if !@issue.nil? %>
 	<% if @can[:log_time] -%>
-	<li><%= context_menu_link l(:button_log_time), {:controller => 'timelog', :action => 'edit', :issue_id => @issue},
+	<li><%= context_menu_link l(:button_log_time), {:controller => 'timelog', :action => 'new', :issue_id => @issue},
 	        :class => 'icon-time-add' %></li>
 	<% end %>
 	<% if User.current.logged? %>
@@ -102,11 +110,11 @@
  <li><%= context_menu_link l(:button_duplicate), {:controller => 'issues', :action => 'new', :project_id => @project, :copy_from => @issue},
 	        :class => 'icon-duplicate', :disabled => !@can[:copy] %></li>
 <% end %>
-  <li><%= context_menu_link l(:button_copy), {:controller => 'issues', :action => 'move', :ids => @issues.collect(&:id), :copy_options => {:copy => 't'}},
+  <li><%= context_menu_link l(:button_copy), new_issue_move_path(:ids => @issues.collect(&:id), :copy_options => {:copy => 't'}),
 	                        :class => 'icon-copy', :disabled => !@can[:move]  %></li>
-  <li><%= context_menu_link l(:button_move), {:controller => 'issues', :action => 'move', :ids => @issues.collect(&:id)},
+  <li><%= context_menu_link l(:button_move), new_issue_move_path(:ids => @issues.collect(&:id)),
 	                        :class => 'icon-move', :disabled => !@can[:move]  %></li>
-  <li><%= context_menu_link l(:button_delete), {:controller => 'issues', :action => 'destroy', :ids => @issues.collect(&:id)},
+  <li><%= context_menu_link l(:button_delete), {:controller => 'issues', :action => 'destroy', :ids => @issues.collect(&:id), :back_url => @back},
                            :method => :post, :confirm => l(:text_issues_destroy_confirmation), :class => 'icon-del', :disabled => !@can[:delete] %></li>

  <%= call_hook(:view_issues_context_menu_end, {:issues => @issues, :can => @can, :back => @back }) %>
--- a/app/views/custom_fields/_form.rhtml
+++ b/app/views/custom_fields/_form.rhtml
@@ -86,10 +86,12 @@ when "IssueCustomField" %>
    
 <% when "UserCustomField" %>
    <p><%= f.check_box :is_required %></p>
+    <p><%= f.check_box :visible %></p>
    <p><%= f.check_box :editable %></p>

 <% when "ProjectCustomField" %>
    <p><%= f.check_box :is_required %></p>
+    <p><%= f.check_box :visible %></p>
    <p><%= f.check_box :searchable %></p>

 <% when "TimeEntryCustomField" %>
--- a/app/views/projects/list_files.rhtml
+++ b/app/views/projects/list_files.rhtml
@@ -1,5 +1,5 @@
 <div class="contextual">
-<%= link_to_if_authorized l(:label_attachment_new), {:controller => 'projects', :action => 'add_file', :id => @project}, :class => 'icon icon-add' %>
+<%= link_to(l(:label_attachment_new), new_project_file_path(@project), :class => 'icon icon-add') if User.current.allowed_to?(:manage_files, @project) %>
 </div>

 <h2><%=l(:label_attachment_plural)%></h2>
--- a/app/views/projects/add_file.rhtml
+++ b/app/views/projects/add_file.rhtml
@@ -2,7 +2,7 @@

 <%= error_messages_for 'attachment' %>
 <div class="box">
-<% form_tag({ :action => 'add_file', :id => @project }, :multipart => true, :class => "tabular") do %>
+<% form_tag(project_files_path(@project), :multipart => true, :class => "tabular") do %>

 <% if @versions.any? %>
 <p><label for="version_id"><%=l(:field_version)%></label>
--- a/app/views/gantts/show.html.erb
+++ b/app/views/gantts/show.html.erb
@@ -1,6 +1,8 @@
+<% @gantt.view = self %>
 <h2><%= l(:label_gantt) %></h2>

-<% form_tag(params.merge(:month => nil, :year => nil, :months => nil), :id => 'query_form') do %>
+<% form_tag(gantt_path(:month => params[:month], :year => params[:year], :months => params[:months]), :method => :put, :id => 'query_form') do %>
+  <%= hidden_field_tag('project_id', @project.to_param) if @project%>
 <fieldset id="filters" class="collapsible">
  <legend onclick="toggleFieldset(this);"><%= l(:label_filter_plural) %></legend>
 	<div>
@@ -8,7 +10,7 @@
  </div>
 </fieldset>

-<p style="float:right;">
+<p class="contextual">
  <%= gantt_zoom_link(@gantt, :in) %>
  <%= gantt_zoom_link(@gantt, :out) %>
 </p>
@@ -27,7 +29,8 @@
                   }, :class => 'icon icon-checked' %>
                   
 <%= link_to_remote l(:button_clear),
-                   { :url => { :set_filter => (@query.new_record? ? 1 : nil) }, 
+                   { :url => { :project_id => @project, :set_filter => (@query.new_record? ? 1 : nil) }, 
+                   	 :method => :put,
                     :update => "content",
                   }, :class => 'icon icon-reload' if @query.new_record? %>
 </p>
@@ -54,11 +57,21 @@ if @gantt.zoom >1
    end
 end

+# Width of the entire chart    
 g_width = (@gantt.date_to - @gantt.date_from + 1)*zoom
-g_height = [(20 * @gantt.events.length + 6)+150, 206].max
+
+@gantt.render(:top => headers_height + 8, :zoom => zoom, :g_width => g_width)
+
+g_height = [(20 * (@gantt.number_of_rows + 6))+150, 206].max
 t_height = g_height + headers_height
+
+
 %>

+<% if @gantt.truncated %>
+	<p class="warning"><%= l(:notice_gantt_chart_truncated, :max => @gantt.max_rows) %></p>
+<% end %>
+
 <table width="100%" style="border:0; border-collapse: collapse;">
 <tr>
 <td style="width:<%= subject_width %>px; padding:0px;">
@@ -66,26 +79,11 @@ t_height = g_height + headers_height
 <div style="position:relative;height:<%= t_height + 24 %>px;width:<%= subject_width + 1 %>px;">
 <div style="right:-2px;width:<%= subject_width %>px;height:<%= headers_height %>px;background: #eee;" class="gantt_hdr"></div>
 <div style="right:-2px;width:<%= subject_width %>px;height:<%= t_height %>px;border-left: 1px solid #c0c0c0;overflow:hidden;" class="gantt_hdr"></div>
-<%
-#
-# Tasks subjects
-#
-top = headers_height + 8
-@gantt.events.each do |i|
-left = 4 + (i.is_a?(Issue) ? i.level * 16 : 0)
- %>
-    <div style="position: absolute;line-height:1.2em;height:16px;top:<%= top %>px;left:<%= left %>px;overflow:hidden;"><small>    
-    <% if i.is_a? Issue %>
-      	<%= h("#{i.project} -") unless @project && @project == i.project %>
-      	<%= link_to_issue i %>
-  	<% else %>
-		<span class="icon icon-package">
-	      	<%= link_to_version i %>
-		</span>
-  	<% end %>  	
-  	</small></div>
-    <% top = top + 20
-end %>
+
+<div class="gantt_subjects">
+<%= @gantt.subjects %>
+</div>
+
 </div>
 </td>
 <td>
@@ -163,53 +161,7 @@ if show_days
 	end
 end %>

-<%
-#
-# Tasks
-#
-top = headers_height + 10
-@gantt.events.each do |i| 
-  if i.is_a? Issue 
-	i_start_date = (i.start_date >= @gantt.date_from ? i.start_date : @gantt.date_from )
-	i_end_date = (i.due_before <= @gantt.date_to ? i.due_before : @gantt.date_to )
-	
-	i_done_date = i.start_date + ((i.due_before - i.start_date+1)*i.done_ratio/100).floor
-	i_done_date = (i_done_date <= @gantt.date_from ? @gantt.date_from : i_done_date )
-	i_done_date = (i_done_date >= @gantt.date_to ? @gantt.date_to : i_done_date )
-	
-	i_late_date = [i_end_date, Date.today].min if i_start_date < Date.today
-	
-	i_left = ((i_start_date - @gantt.date_from)*zoom).floor 	
-	i_width = ((i_end_date - i_start_date + 1)*zoom).floor - 2                  # total width of the issue (- 2 for left and right borders)
-	d_width = ((i_done_date - i_start_date)*zoom).floor - 2                     # done width
-	l_width = i_late_date ? ((i_late_date - i_start_date+1)*zoom).floor - 2 : 0 # delay width
-  css = "task " + (i.leaf? ? 'leaf' : 'parent')
-	%>
-	<div style="top:<%= top %>px;left:<%= i_left %>px;width:<%= i_width %>px;" class="<%= css %> task_todo"><div class="left"></div>&nbsp;<div class="right"></div></div>
-	<% if l_width > 0 %>
-	    <div style="top:<%= top %>px;left:<%= i_left %>px;width:<%= l_width %>px;" class="<%= css %> task_late">&nbsp;</div>
-	<% end %>
-	<% if d_width > 0 %>
-	    <div style="top:<%= top %>px;left:<%= i_left %>px;width:<%= d_width %>px;" class="<%= css %> task_done">&nbsp;</div>
-	<% end %>
-	<div style="top:<%= top %>px;left:<%= i_left + i_width + 8 %>px;background:#fff;" class="<%= css %>">
-	<%= i.status.name %>
-	<%= (i.done_ratio).to_i %>%
-	</div>
-	<div class="tooltip" style="position: absolute;top:<%= top %>px;left:<%= i_left %>px;width:<%= i_width %>px;height:12px;">
-	<span class="tip">
-    <%= render_issue_tooltip i %>
-	</span></div>
-<% else 
-    i_left = ((i.start_date - @gantt.date_from)*zoom).floor
-    %>
-    <div style="top:<%= top %>px;left:<%= i_left %>px;width:15px;" class="task milestone">&nbsp;</div>
-	<div style="top:<%= top %>px;left:<%= i_left + 12 %>px;background:#fff;" class="task">
-		<strong><%= format_version_name i %></strong>
-	</div>
-<% end %>
-	<% top = top + 20
-end %>
+<%= @gantt.lines %>

 <%
 #
@@ -226,8 +178,8 @@ if Date.today >= @gantt.date_from and Date.today <= @gantt.date_to %>

 <table width="100%">
 <tr>
-<td align="left"><%= link_to_remote ('&#171; ' + l(:label_previous)), {:url => @gantt.params_previous, :update => 'content', :complete => 'window.scrollTo(0,0)'}, {:href => url_for(@gantt.params_previous)} %></td>
-<td align="right"><%= link_to_remote (l(:label_next) + ' &#187;'), {:url => @gantt.params_next, :update => 'content', :complete => 'window.scrollTo(0,0)'}, {:href => url_for(@gantt.params_next)} %></td>
+<td align="left"><%= link_to_remote ('&#171; ' + l(:label_previous)), {:url => @gantt.params_previous, :method => :get, :update => 'content', :complete => 'window.scrollTo(0,0)'}, {:href => url_for(@gantt.params_previous)} %></td>
+<td align="right"><%= link_to_remote (l(:label_next) + ' &#187;'), {:url => @gantt.params_next, :method => :get, :update => 'content', :complete => 'window.scrollTo(0,0)'}, {:href => url_for(@gantt.params_next)} %></td>
 </tr>
 </table>

--- a/app/views/groups/_users.html.erb
+++ b/app/views/groups/_users.html.erb
@@ -29,7 +29,7 @@
  <% remote_form_for(:group, @group, :url => {:controller => 'groups', :action => 'add_users', :id => @group}, :method => :post) do |f| %>
    <fieldset><legend><%=l(:label_user_new)%></legend>
    
-		<p><%= text_field_tag 'user_search', nil %></p>
+		<p><%= label_tag "user_search", l(:label_user_search) %><%= text_field_tag 'user_search', nil %></p>
 		<%= observe_field(:user_search,
                 :frequency => 0.5,
                 :update => :users,
--- a/app/views/issue_categories/_form.rhtml
+++ b/app/views/issue_categories/_form.rhtml
@@ -2,5 +2,5 @@

 <div class="box">
 <p><%= f.text_field :name, :size => 30, :required => true %></p>
-<p><%= f.select :assigned_to_id, @project.users.collect{|u| [u.name, u.id]}, :include_blank => true %></p>
+<p><%= f.select :assigned_to_id, @project.users.sort.collect{|u| [u.name, u.id]}, :include_blank => true %></p>
 </div>
--- a/app/views/issue_moves/new.rhtml
+++ b/app/views/issue_moves/new.rhtml
@@ -6,14 +6,18 @@
 <% end -%>
 </ul>

-<% form_tag({}, :id => 'move_form') do %>
+<% form_tag({:action => 'create'}, :id => 'move_form') do %>
 <%= @issues.collect {|i| hidden_field_tag('ids[]', i.id)}.join %>

 <div class="box tabular">
+<fieldset class="attributes">
+<legend><%= l(:label_change_properties) %></legend>
+
+<div class="splitcontentleft">
 <p><label for="new_project_id"><%=l(:field_project)%>:</label>
 <%= select_tag "new_project_id",
               project_tree_options_for_select(@allowed_projects, :selected => @target_project),
-               :onchange => remote_function(:url => { :action => 'move' },
+               :onchange => remote_function(:url => { :action => 'new' },
                                            :method => :get,
                                            :update => 'content',
                                            :with => "Form.serialize('move_form')") %></p>
@@ -21,18 +25,25 @@
 <p><label for="new_tracker_id"><%=l(:field_tracker)%>:</label>
 <%= select_tag "new_tracker_id", "<option value=\"\">#{l(:label_no_change_option)}</option>" + options_from_collection_for_select(@trackers, "id", "name") %></p>

+<p>
+  <label><%= l(:field_status) %></label>
+  <%= select_tag('status_id', "<option value=\"\">#{l(:label_no_change_option)}</option>" + options_from_collection_for_select(@available_statuses, :id, :name)) %>
+</p>
+
+<p>
+  <label><%= l(:field_priority) %></label>
+  <%= select_tag('priority_id', "<option value=\"\">#{l(:label_no_change_option)}</option>" + options_from_collection_for_select(IssuePriority.all, :id, :name)) %>
+</p>
+
 <p>
  <label><%= l(:field_assigned_to) %></label>
  <%= select_tag('assigned_to_id', content_tag('option', l(:label_no_change_option), :value => '') +
                                   content_tag('option', l(:label_nobody), :value => 'none') +
                                   options_from_collection_for_select(@target_project.assignable_users, :id, :name)) %>
 </p>
+</div>

-<p>
-  <label><%= l(:field_status) %></label>
-  <%= select_tag('status_id', "<option value=\"\">#{l(:label_no_change_option)}</option>" + options_from_collection_for_select(@available_statuses, :id, :name)) %>
-</p>
-
+<div class="splitcontentright">
 <p>
  <label><%= l(:field_start_date) %></label>
  <%= text_field_tag 'start_date', '', :size => 10 %><%= calendar_for('start_date') %>
@@ -42,6 +53,14 @@
  <label><%= l(:field_due_date) %></label>
  <%= text_field_tag 'due_date', '', :size => 10 %><%= calendar_for('due_date') %>
 </p>
+</div>
+
+</fieldset>
+
+<fieldset><legend><%= l(:field_notes) %></legend>
+<%= text_area_tag 'notes', @notes, :cols => 60, :rows => 10, :class => 'wiki-edit' %>
+<%= wikitoolbar_for 'notes' %>
+</fieldset>

 <%= call_hook(:view_issues_move_bottom, :issues => @issues, :target_project => @target_project, :copy => !!@copy) %>
 </div>
--- a/app/views/issue_relations/_form.rhtml
+++ b/app/views/issue_relations/_form.rhtml
@@ -1,7 +1,9 @@
 <%= error_messages_for 'relation' %>

 <p><%= f.select :relation_type, collection_for_relation_type_select, {}, :onchange => "setPredecessorFieldsVisibility();" %>
-<%= l(:label_issue) %> #<%= f.text_field :issue_to_id, :size => 6 %>
+<%= l(:label_issue) %> #<%= f.text_field :issue_to_id, :size => 10 %>
+<div id="related_issue_candidates" class="autocomplete"></div>
+<%= javascript_tag "observeRelatedIssueField('#{auto_complete_issues_path(:id => @issue, :project_id => @project) }')" %>
 <span id="predecessor_fields" style="display:none;">
 <%= l(:field_delay) %>: <%= f.text_field :delay, :size => 3 %> <%= l(:label_day_plural) %>
 </span>
--- a/app/views/issues/_action_menu.rhtml
+++ b/app/views/issues/_action_menu.rhtml
@@ -1,10 +1,10 @@
 <div class="contextual">
 <%= link_to_if_authorized(l(:button_update), {:controller => 'issues', :action => 'edit', :id => @issue }, :onclick => 'showAndScrollTo("update", "notes"); return false;', :class => 'icon icon-edit', :accesskey => accesskey(:edit)) %>
-<%= link_to_if_authorized l(:button_log_time), {:controller => 'timelog', :action => 'edit', :issue_id => @issue}, :class => 'icon icon-time-add' %>
+<%= link_to_if_authorized l(:button_log_time), {:controller => 'timelog', :action => 'new', :issue_id => @issue}, :class => 'icon icon-time-add' %>
 <% replace_watcher ||= 'watcher' %>
 <%= watcher_tag(@issue, User.current, {:id => replace_watcher, :replace => ['watcher','watcher2']}) %>
 <%= link_to_if_authorized l(:button_duplicate), {:controller => 'issues', :action => 'new', :project_id => @project, :copy_from => @issue }, :class => 'icon icon-duplicate' %>
-<%= link_to_if_authorized l(:button_copy), {:controller => 'issues', :action => 'move', :id => @issue, :copy_options => {:copy => 't'} }, :class => 'icon icon-copy' %>
-<%= link_to_if_authorized l(:button_move), {:controller => 'issues', :action => 'move', :id => @issue }, :class => 'icon icon-move' %>
-<%= link_to_if_authorized l(:button_delete), {:controller => 'issues', :action => 'destroy', :id => @issue}, :confirm => l(:text_are_you_sure), :method => :post, :class => 'icon icon-del' %>
+<%= link_to_if_authorized l(:button_copy), {:controller => 'issue_moves', :action => 'new', :id => @issue, :copy_options => {:copy => 't'}}, :class => 'icon icon-copy' %>
+<%= link_to_if_authorized l(:button_move), {:controller => 'issue_moves', :action => 'new', :id => @issue}, :class => 'icon icon-move' %>
+<%= link_to_if_authorized l(:button_delete), {:controller => 'issues', :action => 'destroy', :id => @issue}, :confirm => (@issue.leaf? ? l(:text_are_you_sure) : l(:text_are_you_sure_with_children)), :method => :post, :class => 'icon icon-del' %>
 </div>
--- a/app/views/issues/_attributes.rhtml
+++ b/app/views/issues/_attributes.rhtml
@@ -23,7 +23,7 @@
 <%= prompt_to_remote(image_tag('add.png', :style => 'vertical-align: middle;'),
                     l(:label_version_new),
                     'version[name]', 
-                     {:controller => 'versions', :action => 'new', :project_id => @project},
+                     {:controller => 'versions', :action => 'create', :project_id => @project},
                     :title => l(:label_version_new), 
                     :tabindex => 200) if authorize_for('versions', 'new') %>
 </p>
@@ -40,6 +40,6 @@
 </div>

 <div style="clear:both;"> </div>
-<%= render :partial => 'form_custom_fields' %>
+<%= render :partial => 'issues/form_custom_fields' %>

 <% end %>
--- a/app/views/issues/_changesets.rhtml
+++ b/app/views/issues/_changesets.rhtml
@@ -1,8 +1,10 @@
 <% changesets.each do |changeset| %>
    <div class="changeset <%= cycle('odd', 'even') %>">
-    <p><%= link_to("#{l(:label_revision)} #{changeset.revision}",
-                :controller => 'repositories', :action => 'revision', :id => changeset.project, :rev => changeset.revision) %><br />
+    <p><%= link_to_revision(changeset, changeset.project,
+                            :text => "#{l(:label_revision)} #{changeset.format_identifier}") %><br />
        <span class="author"><%= authoring(changeset.committed_on, changeset.author) %></span></p>
-    <%= textilizable(changeset, :comments) %>
+    <div class="changeset-changes">
+        <%= textilizable(changeset, :comments) %>
+    </div>
    </div>
 <% end %>
--- a/app/views/issues/_edit.rhtml
+++ b/app/views/issues/_edit.rhtml
@@ -44,7 +44,7 @@
    <%= f.hidden_field :lock_version %>
    <%= submit_tag l(:button_submit) %>
    <%= link_to_remote l(:label_preview), 
-                       { :url => { :controller => 'issues', :action => 'preview', :project_id => @project, :id => @issue },
+                       { :url => preview_issue_path(:project_id => @project, :id => @issue),
                         :method => 'post',
                         :update => 'preview',
                         :with => 'Form.serialize("issue-form")',
--- a/app/views/issues/_form.rhtml
+++ b/app/views/issues/_form.rhtml
@@ -1,18 +1,17 @@
+<%= call_hook(:view_issues_form_details_top, { :issue => @issue, :form => f }) %>
+
 <div id="issue_descr_fields" <%= 'style="display:none"' unless @issue.new_record? || @issue.errors.any? %>>
 <p><%= f.select :tracker_id, @project.trackers.collect {|t| [t.name, t.id]}, :required => true %></p>
-<%= observe_field :issue_tracker_id, :url => { :action => :update_form, :project_id => @project, :id => @issue },
+<%= observe_field :issue_tracker_id, :url => { :action => :new, :project_id => @project, :id => @issue },
                                     :update => :attributes,
                                     :with => "Form.serialize('issue-form')" %>

 <p><%= f.text_field :subject, :size => 80, :required => true %></p>
                                     
-<% unless (@issue.new_record? && @issue.parent_issue_id.nil?) || !User.current.allowed_to?(:manage_subtasks, @project) %>
-<p><%= f.text_field :parent_issue_id, :size => 10 %></p>
+<% if User.current.allowed_to?(:manage_subtasks, @project) %>
+<p id="parent_issue"><%= f.text_field :parent_issue_id, :size => 10 %></p>
 <div id="parent_issue_candidates" class="autocomplete"></div>
-<%= javascript_tag "observeParentIssueField('#{url_for(:controller => :issues,
-                                                       :action => :auto_complete,
-                                                       :id => @issue,
-                                                       :project_id => @project) }')" %>
+<%= javascript_tag "observeParentIssueField('#{auto_complete_issues_path(:id => @issue, :project_id => @project) }')" %>
 <% end %>

 <p><%= f.text_area :description,
@@ -23,15 +22,15 @@
 </div>

 <div id="attributes" class="attributes">
-	<%= render :partial => 'attributes' %>
+	<%= render :partial => 'issues/attributes' %>
 </div>

 <% if @issue.new_record? %>
-<p><%= label_tag('attachments[1][file]', l(:label_attachment_plural))%><%= render :partial => 'attachments/form' %></p>
+<p id="attachments_form"><%= label_tag('attachments[1][file]', l(:label_attachment_plural))%><%= render :partial => 'attachments/form' %></p>
 <% end %>

 <% if @issue.new_record? && User.current.allowed_to?(:add_issue_watchers, @project) -%>
-<p><label><%= l(:label_issue_watchers) %></label>
+<p id="watchers_form"><label><%= l(:label_issue_watchers) %></label>
 <% @issue.project.users.sort.each do |user| -%>
 <label class="floating"><%= check_box_tag 'issue[watcher_user_ids][]', user.id, @issue.watched_by?(user) %> <%=h user %></label>
 <% end -%>
--- a/app/views/issues/_history.rhtml
+++ b/app/views/issues/_history.rhtml
@@ -1,7 +1,7 @@
 <% reply_links = authorize_for('issues', 'edit') -%>
 <% for journal in journals %>
-  <div id="change-<%= journal.id %>" class="journal">
-    <h4><div style="float:right;"><%= link_to "##{journal.indice}", :anchor => "note-#{journal.indice}" %></div>
+  <div id="change-<%= journal.id %>" class="<%= journal.css_classes %>">
+    <h4><div class="journal-link"><%= link_to "##{journal.indice}", :anchor => "note-#{journal.indice}" %></div>
    <%= avatar(journal.user, :size => "24") %>
    <%= content_tag('a', '', :name => "note-#{journal.indice}")%>
 		<%= authoring journal.created_on, journal.user, :label => :label_updated_time_by %></h4>
--- a/app/views/issues/_list.rhtml
+++ b/app/views/issues/_list.rhtml
@@ -3,7 +3,7 @@
 <div class="autoscroll">
 <table class="list issues">
    <thead><tr>
-        <th><%= link_to image_tag('toggle_check.png'), {}, :onclick => 'toggleIssuesSelection(Element.up(this, "form")); return false;',
+        <th class="checkbox hide-when-print"><%= link_to image_tag('toggle_check.png'), {}, :onclick => 'toggleIssuesSelection(Element.up(this, "form")); return false;',
                                                           :title => "#{l(:button_check_all)}/#{l(:button_uncheck_all)}" %>
        </th>
 		<%= sort_header_tag('id', :caption => '#', :default_order => 'desc') %>
@@ -25,7 +25,7 @@
 		<% previous_group = group %>
  <% end %>
 	<tr id="issue-<%= issue.id %>" class="hascontextmenu <%= cycle('odd', 'even') %> <%= issue.css_classes %> <%= level > 0 ? "idnt idnt-#{level}" : nil %>">
-	    <td class="checkbox"><%= check_box_tag("ids[]", issue.id, false, :id => nil) %></td>
+	  <td class="checkbox hide-when-print"><%= check_box_tag("ids[]", issue.id, false, :id => nil) %></td>
 		<td class="id"><%= link_to issue.id, :controller => 'issues', :action => 'show', :id => issue %></td>
        <% query.columns.each do |column| %><%= content_tag 'td', column_content(column, issue), :class => column.name %><% end %>
 	</tr>
--- a/app/views/issues/_list_simple.rhtml
+++ b/app/views/issues/_list_simple.rhtml
@@ -14,7 +14,7 @@
 			  <%= check_box_tag("ids[]", issue.id, false, :style => 'display:none;') %>
 				<%= link_to issue.id, :controller => 'issues', :action => 'show', :id => issue %>
 			</td>
-			<td class="project"><%= link_to(h(issue.project), :controller => 'projects', :action => 'show', :id => issue.project) %></td>
+			<td class="project"><%= link_to_project(issue.project) %></td>
 			<td class="tracker"><%=h issue.tracker %></td>
 			<td class="subject">
        <%= link_to h(truncate(issue.subject, :length => 60)), :controller => 'issues', :action => 'show', :id => issue %> (<%=h issue.status %>)
--- a/app/views/issues/_relations.rhtml
+++ b/app/views/issues/_relations.rhtml
@@ -1,6 +1,6 @@
 <div class="contextual">
 <% if authorize_for('issue_relations', 'new') %>
-    <%= toggle_link l(:button_add), 'new-relation-form'%>
+  <%= toggle_link l(:button_add), 'new-relation-form', {:focus => 'relation_issue_to_id'} %>
 <% end %>
 </div>

@@ -28,6 +28,7 @@
 <% remote_form_for(:relation, @relation, 
                 :url => {:controller => 'issue_relations', :action => 'new', :issue_id => @issue},
                 :method => :post,
+                 :complete => "Form.Element.focus('relation_issue_to_id');",
                 :html => {:id => 'new-relation-form', :style => (@relation ? '' : 'display: none;')}) do |f| %>
 <%= render :partial => 'issue_relations/form', :locals => {:f => f}%>
 <% end %>
--- a/app/views/issues/_sidebar.rhtml
+++ b/app/views/issues/_sidebar.rhtml
@@ -6,7 +6,7 @@
 <%= call_hook(:view_issues_sidebar_issues_bottom) %>

 <% if User.current.allowed_to?(:view_calendar, @project, :global => true) %>
-	<%= link_to(l(:label_calendar), :controller => 'issues', :action => 'calendar', :project_id => @project) %><br />
+	<%= link_to(l(:label_calendar), :controller => 'calendars', :action => 'show', :project_id => @project) %><br />
 <% end %>
 <% if User.current.allowed_to?(:view_gantt, @project, :global => true) %>
 	<%= link_to(l(:label_gantt), :controller => 'gantts', :action => 'show', :project_id => @project) %><br />
--- a/app/views/issues/bulk_edit.rhtml
+++ b/app/views/issues/bulk_edit.rhtml
@@ -2,7 +2,7 @@

 <ul><%= @issues.collect {|i| content_tag('li', link_to(h("#{i.tracker} ##{i.id}"), { :action => 'show', :id => i }) + h(": #{i.subject}")) }.join("\n") %></ul>

-<% form_tag() do %>
+<% form_tag(:action => 'bulk_update') do %>
 <%= @issues.collect {|i| hidden_field_tag('ids[]', i.id)}.join %>
 <div class="box tabular">
 <fieldset class="attributes">
@@ -11,7 +11,7 @@
 <div class="splitcontentleft">
 <p>
 	<label><%= l(:field_tracker) %></label>
-	<%= select_tag('issue[tracker_id]', "<option value=\"\">#{l(:label_no_change_option)}</option>" + options_from_collection_for_select(@project.trackers, :id, :name)) %>
+	<%= select_tag('issue[tracker_id]', "<option value=\"\">#{l(:label_no_change_option)}</option>" + options_from_collection_for_select(@trackers, :id, :name)) %>
 </p>
 <% if @available_statuses.any? %>
 <p>
@@ -27,20 +27,25 @@
 	<label><%= l(:field_assigned_to) %></label> 
 	<%= select_tag('issue[assigned_to_id]', content_tag('option', l(:label_no_change_option), :value => '') +
                                 content_tag('option', l(:label_nobody), :value => 'none') +
-                                 options_from_collection_for_select(@project.assignable_users, :id, :name)) %>
+                                 options_from_collection_for_select(@assignables, :id, :name)) %>
 </p>
+<% if @project %>
 <p>
 	<label><%= l(:field_category) %></label> 
 	<%= select_tag('issue[category_id]', content_tag('option', l(:label_no_change_option), :value => '') +
                                content_tag('option', l(:label_none), :value => 'none') +
                                options_from_collection_for_select(@project.issue_categories, :id, :name)) %>
 </p>
+<% end %>
+<% #TODO: allow editing versions when multiple projects %>
+<% if @project %>
 <p>
 	<label><%= l(:field_fixed_version) %></label> 
 	<%= select_tag('issue[fixed_version_id]', content_tag('option', l(:label_no_change_option), :value => '') +
                                   content_tag('option', l(:label_none), :value => 'none') +
-                                   version_options_for_select(@project.shared_versions.open)) %>
+                                   version_options_for_select(@project.shared_versions.open.sort)) %>
 </p>
+<% end %>

 <% @custom_fields.each do |custom_field| %>
 	<p><label><%= h(custom_field.name) %></label> <%= custom_field_tag_for_bulk_edit('issue', custom_field) %></p>
--- a/app/views/issues/index.api.rsb
+++ b/app/views/issues/index.api.rsb
@@ -0,0 +1,28 @@
+api.array :issues, api_meta(:total_count => @issue_count, :offset => @offset, :limit => @limit) do
+  @issues.each do |issue|
+    api.issue do
+      api.id issue.id
+      api.project(:id => issue.project_id, :name => issue.project.name) unless issue.project.nil?
+      api.tracker(:id => issue.tracker_id, :name => issue.tracker.name) unless issue.tracker.nil?
+      api.status(:id => issue.status_id, :name => issue.status.name) unless issue.status.nil?
+      api.priority(:id => issue.priority_id, :name => issue.priority.name) unless issue.priority.nil?
+      api.author(:id => issue.author_id, :name => issue.author.name) unless issue.author.nil?
+      api.assigned_to(:id => issue.assigned_to_id, :name => issue.assigned_to.name) unless issue.assigned_to.nil?
+      api.category(:id => issue.category_id, :name => issue.category.name) unless issue.category.nil?
+      api.fixed_version(:id => issue.fixed_version_id, :name => issue.fixed_version.name) unless issue.fixed_version.nil?
+      api.parent(:id => issue.parent_id) unless issue.parent.nil?
+      
+      api.subject 		issue.subject
+      api.description issue.description
+      api.start_date 	issue.start_date
+      api.due_date 		issue.due_date
+      api.done_ratio 	issue.done_ratio
+      api.estimated_hours issue.estimated_hours
+      
+      render_api_custom_values issue.custom_field_values, api
+      
+      api.created_on issue.created_on
+      api.updated_on issue.updated_on
+    end
+  end
+end
--- a/app/views/issues/index.rhtml
+++ b/app/views/issues/index.rhtml
@@ -39,6 +39,7 @@
                       { :url => { :set_filter => 1 },
                         :before => 'selectAllOptions("selected_columns");',
                         :update => "content",
+                         :complete => "apply_filters_observer()",
                         :with => "Form.serialize('query_form')"
                       }, :class => 'icon icon-checked' %>
                       
@@ -78,7 +79,7 @@

 <% content_for :header_tags do %>
    <%= auto_discovery_link_tag(:atom, {:query_id => @query, :format => 'atom', :page => nil, :key => User.current.rss_key}, :title => l(:label_issue_plural)) %>
-    <%= auto_discovery_link_tag(:atom, {:action => 'changes', :query_id => @query, :format => 'atom', :page => nil, :key => User.current.rss_key}, :title => l(:label_changes_details)) %>
+    <%= auto_discovery_link_tag(:atom, {:controller => 'journals', :action => 'index', :query_id => @query, :format => 'atom', :page => nil, :key => User.current.rss_key}, :title => l(:label_changes_details)) %>
 <% end %>

-<%= context_menu :controller => 'issues', :action => 'context_menu' %>
+<%= context_menu issues_context_menu_path %>
--- a/Show More
+++ b/Show More