tagged version 1.0.4

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/tags/1.0.4@4448 e93f8b46-1217-0410-a6f0-8f06a7374b81
Updates for 1.0.4 release.
2010-11-28 12:57:17 +00:00 · 2010-11-28 12:47:36 +00:00 · 2010-11-27 16:45:07 +00:00 · 2010-11-27 15:48:30 +00:00 · 2010-11-27 15:16:26 +00:00 · 2010-11-27 14:47:31 +00:00
841 changed files with 16484 additions and 65673 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -1,7 +1,4 @@
-/.project
-/.loadpath
 /config/additional_environment.rb
-/config/configuration.yml
 /config/database.yml
 /config/email.yml
 /config/initializers/session_store.rb
@@ -10,8 +7,6 @@
 /db/*.sqlite3
 /db/schema.rb
 /files/*
-/lib/redmine/scm/adapters/mercurial/redminehelper.pyc
-/lib/redmine/scm/adapters/mercurial/redminehelper.pyo
 /log/*.log*
 /log/mongrel_debug
 /public/dispatch.*
--- a/.hgignore
+++ b/.hgignore
@@ -1,29 +0,0 @@
-syntax: glob
-
-.project
-.loadpath
-config/additional_environment.rb
-config/configuration.yml
-config/database.yml
-config/email.yml
-config/initializers/session_store.rb
-coverage
-db/*.db
-db/*.sqlite3
-db/schema.rb
-files/*
-lib/redmine/scm/adapters/mercurial/redminehelper.pyc
-lib/redmine/scm/adapters/mercurial/redminehelper.pyo
-log/*.log*
-log/mongrel_debug
-public/dispatch.*
-public/plugin_assets
-tmp/*
-tmp/cache/*
-tmp/sessions/*
-tmp/sockets/*
-tmp/test/*
-vendor/rails
-*.rbc
-.svn/
-.git/
--- a/app/controllers/account_controller.rb
+++ b/app/controllers/account_controller.rb
@@ -203,24 +203,12 @@ class AccountController < ApplicationController
    self.logged_user = user
    # generate a key and set cookie if autologin
    if params[:autologin] && Setting.autologin?
-      set_autologin_cookie(user)
+      token = Token.create(:user => user, :action => 'autologin')
+      cookies[:autologin] = { :value => token.value, :expires => 1.year.from_now }
    end
    call_hook(:controller_account_success_authentication_after, {:user => user })
    redirect_back_or_default :controller => 'my', :action => 'page'
  end
-  
-  def set_autologin_cookie(user)
-    token = Token.create(:user => user, :action => 'autologin')
-    cookie_name = Redmine::Configuration['autologin_cookie_name'] || 'autologin'
-    cookie_options = {
-      :value => token.value,
-      :expires => 1.year.from_now,
-      :path => (Redmine::Configuration['autologin_cookie_path'] || '/'),
-      :secure => (Redmine::Configuration['autologin_cookie_secure'] ? true : false),
-      :httponly => true
-    }
-    cookies[cookie_name] = cookie_options
-  end

  # Onthefly creation failed, display the registration form to fill/fix attributes
  def onthefly_creation_failed(user, auth_source_options = { })
--- a/app/controllers/activities_controller.rb
+++ b/app/controllers/activities_controller.rb
@@ -1,28 +1,11 @@
-# Redmine - project management software
-# Copyright (C) 2006-2011  Jean-Philippe Lang
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
-
 class ActivitiesController < ApplicationController
  menu_item :activity
  before_filter :find_optional_project
-  accept_rss_auth :index
+  accept_key_auth :index

  def index
    @days = Setting.activity_days_default.to_i
-
+    
    if params[:from]
      begin; @date_to = params[:from].to_date + 1; rescue; end
    end
@@ -31,18 +14,18 @@ class ActivitiesController < ApplicationController
    @date_from = @date_to - @days
    @with_subprojects = params[:with_subprojects].nil? ? Setting.display_subprojects_issues? : (params[:with_subprojects] == '1')
    @author = (params[:user_id].blank? ? nil : User.active.find(params[:user_id]))
-
-    @activity = Redmine::Activity::Fetcher.new(User.current, :project => @project,
+    
+    @activity = Redmine::Activity::Fetcher.new(User.current, :project => @project, 
                                                             :with_subprojects => @with_subprojects,
                                                             :author => @author)
    @activity.scope_select {|t| !params["show_#{t}"].nil?}
    @activity.scope = (@author.nil? ? :default : :all) if @activity.scope.empty?

    events = @activity.events(@date_from, @date_to)
-
-    if events.empty? || stale?(:etag => [@activity.scope, @date_to, @date_from, @with_subprojects, @author, events.first, User.current, current_language])
+    
+    if events.empty? || stale?(:etag => [events.first, User.current])
      respond_to do |format|
-        format.html {
+        format.html { 
          @events_by_day = events.group_by(&:event_date)
          render :layout => false if request.xhr?
        }
@@ -57,7 +40,7 @@ class ActivitiesController < ApplicationController
        }
      end
    end
-
+    
  rescue ActiveRecord::RecordNotFound
    render_404
  end
@@ -72,4 +55,5 @@ class ActivitiesController < ApplicationController
  rescue ActiveRecord::RecordNotFound
    render_404
  end
+
 end
--- a/app/controllers/admin_controller.rb
+++ b/app/controllers/admin_controller.rb
@@ -17,7 +17,9 @@

 class AdminController < ApplicationController
  layout 'admin'
+  
  before_filter :require_admin
+
  helper :sort
  include SortHelper	

@@ -28,20 +30,22 @@ class AdminController < ApplicationController
  def projects
    @status = params[:status] ? params[:status].to_i : 1
    c = ARCondition.new(@status == 0 ? "status <> 0" : ["status = ?", @status])
+    
    unless params[:name].blank?
      name = "%#{params[:name].strip.downcase}%"
      c << ["LOWER(identifier) LIKE ? OR LOWER(name) LIKE ?", name, name]
    end
+    
    @projects = Project.find :all, :order => 'lft',
                                   :conditions => c.conditions

    render :action => "projects", :layout => false if request.xhr?
  end
-
+  
  def plugins
    @plugins = Redmine::Plugin.all
  end
-
+  
  # Loads the default configuration
  # (roles, trackers, statuses, workflow, enumerations)
  def default_configuration
@@ -55,7 +59,7 @@ class AdminController < ApplicationController
    end
    redirect_to :action => 'index'
  end
-
+  
  def test_email
    raise_delivery_errors = ActionMailer::Base.raise_delivery_errors
    # Force ActionMailer to raise delivery errors so we can catch it
@@ -69,16 +73,14 @@ class AdminController < ApplicationController
    ActionMailer::Base.raise_delivery_errors = raise_delivery_errors
    redirect_to :controller => 'settings', :action => 'edit', :tab => 'notifications'
  end
-
+  
  def info
    @db_adapter_name = ActiveRecord::Base.connection.adapter_name
    @checklist = [
-      [:text_default_administrator_account_changed,
-          User.find(:first,
-                    :conditions => ["login=? and hashed_password=?", 'admin', User.hash_password('admin')]).nil?],
+      [:text_default_administrator_account_changed, User.find(:first, :conditions => ["login=? and hashed_password=?", 'admin', User.hash_password('admin')]).nil?],
      [:text_file_repository_writable, File.writable?(Attachment.storage_path)],
-      [:text_plugin_assets_writable,   File.writable?(Engines.public_directory)],
-      [:text_rmagick_available,        Object.const_defined?(:Magick)]
+      [:text_plugin_assets_writable, File.writable?(Engines.public_directory)],
+      [:text_rmagick_available, Object.const_defined?(:Magick)]
    ]
-  end
+  end  
 end
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -1,16 +1,16 @@
-# Redmine - project management software
-# Copyright (C) 2006-2011  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006-2007  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
@@ -18,37 +18,34 @@
 require 'uri'
 require 'cgi'

-class Unauthorized < Exception; end
-
 class ApplicationController < ActionController::Base
  include Redmine::I18n

  layout 'base'
-  exempt_from_layout 'builder', 'rsb'
-
+  exempt_from_layout 'builder'
+  
  # Remove broken cookie after upgrade from 0.8.x (#4292)
  # See https://rails.lighthouseapp.com/projects/8994/tickets/3360
  # TODO: remove it when Rails is fixed
  before_filter :delete_broken_cookies
  def delete_broken_cookies
    if cookies['_redmine_session'] && cookies['_redmine_session'] !~ /--/
-      cookies.delete '_redmine_session'
+      cookies.delete '_redmine_session'    
      redirect_to home_path
      return false
    end
  end
-
+  
  before_filter :user_setup, :check_if_login_required, :set_localization
  filter_parameter_logging :password
  protect_from_forgery
-
+  
  rescue_from ActionController::InvalidAuthenticityToken, :with => :invalid_authenticity_token
-  rescue_from ::Unauthorized, :with => :deny_access
-
+  
  include Redmine::Search::Controller
  include Redmine::MenuManager::MenuController
  helper Redmine::MenuManager::MenuHelper
-
+  
  Redmine::Scm::Base.all.each do |scm|
    require_dependency "repository/#{scm.underscore}"
  end
@@ -59,7 +56,7 @@ class ApplicationController < ActionController::Base
    # Find the current user
    User.current = find_current_user
  end
-
+  
  # Returns the current user or nil if no user is logged in
  # and starts a session if needed
  def find_current_user
@@ -71,13 +68,13 @@ class ApplicationController < ActionController::Base
      user = User.try_to_autologin(cookies[:autologin])
      session[:user_id] = user.id if user
      user
-    elsif params[:format] == 'atom' && params[:key] && request.get? && accept_rss_auth?
+    elsif params[:format] == 'atom' && params[:key] && accept_key_auth_actions.include?(params[:action])
      # RSS key authentication does not start a session
      User.find_by_rss_key(params[:key])
-    elsif Setting.rest_api_enabled? && accept_api_auth?
-      if (key = api_key_from_request)
+    elsif Setting.rest_api_enabled? && ['xml', 'json'].include?(params[:format])
+      if params[:key].present? && accept_key_auth_actions.include?(params[:action])
        # Use API key
-        User.find_by_api_key(key)
+        User.find_by_api_key(params[:key])
      else
        # HTTP Basic, either username/password or API key/random
        authenticate_with_http_basic do |username, password|
@@ -97,14 +94,14 @@ class ApplicationController < ActionController::Base
      User.current = User.anonymous
    end
  end
-
+  
  # check if login is globally required to access the application
  def check_if_login_required
    # no check needed if user is already logged in
    return true if User.current.logged?
    require_login if Setting.login_required?
-  end
-
+  end 
+  
  def set_localization
    lang = nil
    if User.current.logged?
@@ -120,7 +117,7 @@ class ApplicationController < ActionController::Base
    lang ||= Setting.default_language
    set_language_if_valid(lang)
  end
-
+  
  def require_login
    if !User.current.logged?
      # Extract only the basic url parameters on non-GET requests
@@ -149,23 +146,15 @@ class ApplicationController < ActionController::Base
    end
    true
  end
-
+  
  def deny_access
    User.current.logged? ? render_403 : require_login
  end

  # Authorize the user for the requested action
  def authorize(ctrl = params[:controller], action = params[:action], global = false)
-    allowed = User.current.allowed_to?({:controller => ctrl, :action => action}, @project || @projects, :global => global)
-    if allowed
-      true
-    else
-      if @project && @project.archived?
-        render_403 :message => :notice_not_authorized_archived_project
-      else
-        deny_access
-      end
-    end
+    allowed = User.current.allowed_to?({:controller => ctrl, :action => action}, @project, :global => global)
+    allowed ? true : deny_access
  end

  # Authorize the user for the requested action outside a project
@@ -180,13 +169,6 @@ class ApplicationController < ActionController::Base
    render_404
  end

-  # Find project of id params[:project_id]
-  def find_project_by_project_id
-    @project = Project.find(params[:project_id])
-  rescue ActiveRecord::RecordNotFound
-    render_404
-  end
-
  # Find a project based on params[:project_id]
  # TODO: some subclasses override this, see about merging their logic
  def find_optional_project
@@ -200,7 +182,7 @@ class ApplicationController < ActionController::Base
  # Finds and sets @project based on @object.project
  def find_project_from_association
    render_404 unless @object.present?
-
+    
    @project = @object.project
  rescue ActiveRecord::RecordNotFound
    render_404
@@ -224,25 +206,18 @@ class ApplicationController < ActionController::Base
  def find_issues
    @issues = Issue.find_all_by_id(params[:id] || params[:ids])
    raise ActiveRecord::RecordNotFound if @issues.empty?
-    if @issues.detect {|issue| !issue.visible?}
-      deny_access
-      return
-    end
-    @projects = @issues.collect(&:project).compact.uniq
-    @project = @projects.first if @projects.size == 1
-  rescue ActiveRecord::RecordNotFound
-    render_404
-  end
-
-  # Check if project is unique before bulk operations
-  def check_project_uniqueness
-    unless @project
+    projects = @issues.collect(&:project).compact.uniq
+    if projects.size == 1
+      @project = projects.first
+    else
      # TODO: let users bulk edit/move/destroy issues from different projects
      render_error 'Can not bulk edit/move/destroy issues from different projects'
      return false
    end
+  rescue ActiveRecord::RecordNotFound
+    render_404
  end
-
+  
  # make sure that the user is a member of the project (or admin) if project is private
  # used as a before_filter for actions that do not require any particular permission on the project
  def check_project_privacy
@@ -278,36 +253,41 @@ class ApplicationController < ActionController::Base
      end
    end
    redirect_to default
-    false
  end
-
-  def render_403(options={})
+  
+  def render_403
    @project = nil
-    render_error({:message => :notice_not_authorized, :status => 403}.merge(options))
-    return false
-  end
-
-  def render_404(options={})
-    render_error({:message => :notice_file_not_found, :status => 404}.merge(options))
-    return false
-  end
-
-  # Renders an error response
-  def render_error(arg)
-    arg = {:message => arg} unless arg.is_a?(Hash)
-
-    @message = arg[:message]
-    @message = l(@message) if @message.is_a?(Symbol)
-    @status = arg[:status] || 500
-
    respond_to do |format|
-      format.html {
-        render :template => 'common/error', :layout => use_layout, :status => @status
+      format.html { render :template => "common/403", :layout => use_layout, :status => 403 }
+      format.atom { head 403 }
+      format.xml { head 403 }
+      format.js { head 403 }
+      format.json { head 403 }
+    end
+    return false
+  end
+    
+  def render_404
+    respond_to do |format|
+      format.html { render :template => "common/404", :layout => use_layout, :status => 404 }
+      format.atom { head 404 }
+      format.xml { head 404 }
+      format.js { head 404 }
+      format.json { head 404 }
+    end
+    return false
+  end
+  
+  def render_error(msg)
+    respond_to do |format|
+      format.html { 
+        flash.now[:error] = msg
+        render :text => '', :layout => use_layout, :status => 500
      }
-      format.atom { head @status }
-      format.xml { head @status }
-      format.js { head @status }
-      format.json { head @status }
+      format.atom { head 500 }
+      format.xml { head 500 }
+      format.js { head 500 }
+      format.json { head 500 }
    end
  end

@@ -317,15 +297,15 @@ class ApplicationController < ActionController::Base
  def use_layout
    request.xhr? ? false : 'base'
  end
-
+  
  def invalid_authenticity_token
    if api_request?
      logger.error "Form authenticity token is missing or is invalid. API calls must include a proper Content-type header (text/xml or text/json)."
    end
    render_error "Invalid form authenticity token."
  end
-
-  def render_feed(items, options={})
+  
+  def render_feed(items, options={})    
    @items = items || []
    @items.sort! {|x,y| y.event_datetime <=> x.event_datetime }
    @items = @items.slice(0, Setting.feeds_limit.to_i)
@@ -333,42 +313,15 @@ class ApplicationController < ActionController::Base
    render :template => "common/feed.atom.rxml", :layout => false, :content_type => 'application/atom+xml'
  end
  
-  # TODO: remove in Redmine 1.4
  def self.accept_key_auth(*actions)
-    ActiveSupport::Deprecation.warn "ApplicationController.accept_key_auth is deprecated and will be removed in Redmine 1.4. Use accept_rss_auth (or accept_api_auth) instead."
-    accept_rss_auth(*actions)
+    actions = actions.flatten.map(&:to_s)
+    write_inheritable_attribute('accept_key_auth_actions', actions)
  end
-
-  # TODO: remove in Redmine 1.4
+  
  def accept_key_auth_actions
-    ActiveSupport::Deprecation.warn "ApplicationController.accept_key_auth_actions is deprecated and will be removed in Redmine 1.4. Use accept_rss_auth (or accept_api_auth) instead."
-    self.class.accept_rss_auth
+    self.class.read_inheritable_attribute('accept_key_auth_actions') || []
  end
  
-  def self.accept_rss_auth(*actions)
-    if actions.any?
-      write_inheritable_attribute('accept_rss_auth_actions', actions)
-    else
-      read_inheritable_attribute('accept_rss_auth_actions') || []
-    end
-  end
-  
-  def accept_rss_auth?(action=action_name)
-    self.class.accept_rss_auth.include?(action.to_sym)
-  end
-  
-  def self.accept_api_auth(*actions)
-    if actions.any?
-      write_inheritable_attribute('accept_api_auth_actions', actions)
-    else
-      read_inheritable_attribute('accept_api_auth_actions') || []
-    end
-  end
-  
-  def accept_api_auth?(action=action_name)
-    self.class.accept_api_auth.include?(action.to_sym)
-  end
-
  # Returns the number of objects that should be displayed
  # on the paginated list
  def per_page_option
@@ -384,30 +337,6 @@ class ApplicationController < ActionController::Base
    per_page
  end

-  # Returns offset and limit used to retrieve objects
-  # for an API response based on offset, limit and page parameters
-  def api_offset_and_limit(options=params)
-    if options[:offset].present?
-      offset = options[:offset].to_i
-      if offset < 0
-        offset = 0
-      end
-    end
-    limit = options[:limit].to_i
-    if limit < 1
-      limit = 25
-    elsif limit > 100
-      limit = 100
-    end
-    if offset.nil? && options[:page].present?
-      offset = (options[:page].to_i - 1) * limit
-      offset = 0 if offset < 0
-    end
-    offset ||= 0
-
-    [offset, limit]
-  end
-
  # qvalues http header parser
  # code taken from webrick
  def parse_qvalues(value)
@@ -428,25 +357,16 @@ class ApplicationController < ActionController::Base
  rescue
    nil
  end
-
+  
  # Returns a string that can be used as filename value in Content-Disposition header
  def filename_for_content_disposition(name)
    request.env['HTTP_USER_AGENT'] =~ %r{MSIE} ? ERB::Util.url_encode(name) : name
  end
-
+  
  def api_request?
    %w(xml json).include? params[:format]
  end

-  # Returns the API key present in the request
-  def api_key_from_request
-    if params[:key].present?
-      params[:key]
-    elsif request.headers["X-Redmine-API-Key"].present?
-      request.headers["X-Redmine-API-Key"]
-    end
-  end
-
  # Renders a warning flash if obj has unsaved attachments
  def render_attachment_warning_if_needed(obj)
    flash[:warning] = l(:warning_attachments_not_saved, obj.unsaved_attachments.size) if obj.unsaved_attachments.present?
@@ -481,37 +401,5 @@ class ApplicationController < ActionController::Base
      { attribute => error }
    end.to_json
  end
-
-  # Renders API response on validation failure
-  def render_validation_errors(object)
-    options = { :status => :unprocessable_entity, :layout => false }
-    options.merge!(case params[:format]
-      when 'xml';  { :xml =>  object.errors }
-      when 'json'; { :json => {'errors' => object.errors} } # ActiveResource client compliance
-      else
-        raise "Unknown format #{params[:format]} in #render_validation_errors"
-      end
-    )
-    render options
-  end
-
-  # Overrides #default_template so that the api template
-  # is used automatically if it exists
-  def default_template(action_name = self.action_name)
-    if api_request?
-      begin
-        return self.view_paths.find_template(default_template_name(action_name), 'api')
-      rescue ::ActionView::MissingTemplate
-        # the api template was not found
-        # fallback to the default behaviour
-      end
-    end
-    super
-  end
-
-  # Overrides #pick_layout so that #render with no arguments
-  # doesn't use the layout for api requests
-  def pick_layout(*args)
-    api_request? ? nil : super
-  end
+  
 end
--- a/app/controllers/attachments_controller.rb
+++ b/app/controllers/attachments_controller.rb
@@ -1,16 +1,16 @@
 # Redmine - project management software
-# Copyright (C) 2006-2011  Jean-Philippe Lang
+# Copyright (C) 2006-2008  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
@@ -19,9 +19,9 @@ class AttachmentsController < ApplicationController
  before_filter :find_project
  before_filter :file_readable, :read_authorize, :except => :destroy
  before_filter :delete_authorize, :only => :destroy
-
+  
  verify :method => :post, :only => :destroy
-
+  
  def show
    if @attachment.is_diff?
      @diff = File.new(@attachment.diskfile, "rb").read
@@ -33,19 +33,19 @@ class AttachmentsController < ApplicationController
      download
    end
  end
-
+  
  def download
    if @attachment.container.is_a?(Version) || @attachment.container.is_a?(Project)
      @attachment.increment_download
    end
-
+    
    # images are sent inline
    send_file @attachment.diskfile, :filename => filename_for_content_disposition(@attachment.filename),
-                                    :type => detect_content_type(@attachment),
+                                    :type => detect_content_type(@attachment), 
                                    :disposition => (@attachment.image? ? 'inline' : 'attachment')
-
+   
  end
-
+  
  def destroy
    # Make sure association callbacks are called
    @attachment.container.attachments.delete(@attachment)
@@ -53,7 +53,7 @@ class AttachmentsController < ApplicationController
  rescue ::ActionController::RedirectBackError
    redirect_to :controller => 'projects', :action => 'show', :id => @project
  end
-
+  
 private
  def find_project
    @attachment = Attachment.find(params[:id])
@@ -63,20 +63,20 @@ private
  rescue ActiveRecord::RecordNotFound
    render_404
  end
-
+  
  # Checks that the file exists and is readable
  def file_readable
    @attachment.readable? ? true : render_404
  end
-
+  
  def read_authorize
    @attachment.visible? ? true : deny_access
  end
-
+  
  def delete_authorize
    @attachment.deletable? ? true : deny_access
  end
-
+  
  def detect_content_type(attachment)
    content_type = attachment.content_type
    if content_type.blank?
--- a/app/controllers/auto_completes_controller.rb
+++ b/app/controllers/auto_completes_controller.rb
@@ -4,14 +4,12 @@ class AutoCompletesController < ApplicationController
  def issues
    @issues = []
    q = params[:q].to_s
-    query = (params[:scope] == "all" && Setting.cross_project_issue_relations?) ? Issue : @project.issues
    if q.match(/^\d+$/)
-      @issues << query.visible.find_by_id(q.to_i)
+      @issues << @project.issues.visible.find_by_id(q.to_i)
    end
    unless q.blank?
-      @issues += query.visible.find(:all, :conditions => ["LOWER(#{Issue.table_name}.subject) LIKE ?", "%#{q.downcase}%"], :limit => 10)
+      @issues += @project.issues.visible.find(:all, :conditions => ["LOWER(#{Issue.table_name}.subject) LIKE ?", "%#{q.downcase}%"], :limit => 10)
    end
-    @issues.compact!
    render :layout => false
  end

--- a/app/controllers/boards_controller.rb
+++ b/app/controllers/boards_controller.rb
@@ -1,5 +1,5 @@
-# Redmine - project management software
-# Copyright (C) 2006-2011  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006-2007  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -18,7 +18,7 @@
 class BoardsController < ApplicationController
  default_search_scope :messages
  before_filter :find_project, :find_board_if_available, :authorize
-  accept_rss_auth :index, :show
+  accept_key_auth :index, :show

  helper :messages
  include MessagesHelper
--- a/app/controllers/calendars_controller.rb
+++ b/app/controllers/calendars_controller.rb
@@ -1,20 +1,3 @@
-# Redmine - project management software
-# Copyright (C) 2006-2011  Jean-Philippe Lang
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-# 
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-# 
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
-
 class CalendarsController < ApplicationController
  menu_item :calendar
  before_filter :find_optional_project
@@ -51,6 +34,8 @@ class CalendarsController < ApplicationController
      @calendar.events = events
    end
    
-    render :action => 'show', :layout => false if request.xhr?
+    render :layout => false if request.xhr?
  end
+  
+
 end
--- a/app/controllers/comments_controller.rb
+++ b/app/controllers/comments_controller.rb
@@ -1,36 +0,0 @@
-class CommentsController < ApplicationController
-  default_search_scope :news
-  model_object News
-  before_filter :find_model_object
-  before_filter :find_project_from_association
-  before_filter :authorize
-
-  verify :method => :post, :only => :create, :render => {:nothing => true, :status => :method_not_allowed }
-  def create
-    @comment = Comment.new(params[:comment])
-    @comment.author = User.current
-    if @news.comments << @comment
-      flash[:notice] = l(:label_comment_added)
-    end
-    
-    redirect_to :controller => 'news', :action => 'show', :id => @news
-  end
-
-  verify :method => :delete, :only => :destroy, :render => {:nothing => true, :status => :method_not_allowed }
-  def destroy
-    @news.comments.find(params[:comment_id]).destroy
-    redirect_to :controller => 'news', :action => 'show', :id => @news
-  end
-
-  private
-
-  # ApplicationController's find_model_object sets it based on the controller
-  # name so it needs to be overriden and set to @news instead
-  def find_model_object
-    super
-    @news = @object
-    @comment = nil
-    @news
-  end
-  
-end
--- a/app/controllers/context_menus_controller.rb
+++ b/app/controllers/context_menus_controller.rb
@@ -1,10 +1,8 @@
 class ContextMenusController < ApplicationController
  helper :watchers
-  helper :issues
  
  def issues
-    @issues = Issue.visible.all(:conditions => {:id => params[:ids]}, :include => :project)
-    
+    @issues = Issue.find_all_by_id(params[:ids], :include => :project)
    if (@issues.size == 1)
      @issue = @issues.first
      @allowed_statuses = @issue.new_statuses_allowed_to(User.current)
@@ -18,21 +16,17 @@ class ContextMenusController < ApplicationController
    @projects = @issues.collect(&:project).compact.uniq
    @project = @projects.first if @projects.size == 1

-    @can = {:edit => User.current.allowed_to?(:edit_issues, @projects),
+    @can = {:edit => (@project && User.current.allowed_to?(:edit_issues, @project)),
            :log_time => (@project && User.current.allowed_to?(:log_time, @project)),
-            :update => (User.current.allowed_to?(:edit_issues, @projects) || (User.current.allowed_to?(:change_status, @projects) && !@allowed_statuses.blank?)),
+            :update => (@project && (User.current.allowed_to?(:edit_issues, @project) || (User.current.allowed_to?(:change_status, @project) && @allowed_statuses && !@allowed_statuses.empty?))),
            :move => (@project && User.current.allowed_to?(:move_issues, @project)),
            :copy => (@issue && @project.trackers.include?(@issue.tracker) && User.current.allowed_to?(:add_issues, @project)),
-            :delete => User.current.allowed_to?(:delete_issues, @projects)
+            :delete => (@project && User.current.allowed_to?(:delete_issues, @project))
            }
    if @project
      @assignables = @project.assignable_users
      @assignables << @issue.assigned_to if @issue && @issue.assigned_to && !@assignables.include?(@issue.assigned_to)
      @trackers = @project.trackers
-    else
-      #when multiple projects, we only keep the intersection of each set
-      @assignables = @projects.map(&:assignable_users).inject{|memo,a| memo & a}
-      @trackers = @projects.map(&:trackers).inject{|memo,t| memo & t}
    end
    
    @priorities = IssuePriority.all.reverse
@@ -41,17 +35,5 @@ class ContextMenusController < ApplicationController
    
    render :layout => false
  end
-
-  def time_entries
-    @time_entries = TimeEntry.all(
-       :conditions => {:id => params[:ids]}, :include => :project)
-    @projects = @time_entries.collect(&:project).compact.uniq
-    @project = @projects.first if @projects.size == 1
-    @activities = TimeEntryActivity.shared.active
-    @can = {:edit   => User.current.allowed_to?(:edit_time_entries, @projects),
-            :delete => User.current.allowed_to?(:edit_time_entries, @projects)
-            }
-    @back = back_url
-    render :layout => false
-  end  
+  
 end
--- a/app/controllers/custom_fields_controller.rb
+++ b/app/controllers/custom_fields_controller.rb
@@ -38,9 +38,8 @@ class CustomFieldsController < ApplicationController
      flash[:notice] = l(:notice_successful_create)
      call_hook(:controller_custom_fields_new_after_save, :params => params, :custom_field => @custom_field)
      redirect_to :action => 'index', :tab => @custom_field.class.name
-    else
-      @trackers = Tracker.find(:all, :order => 'position')
    end
+    @trackers = Tracker.find(:all, :order => 'position')
  end

  def edit
@@ -49,9 +48,8 @@ class CustomFieldsController < ApplicationController
      flash[:notice] = l(:notice_successful_update)
      call_hook(:controller_custom_fields_edit_after_save, :params => params, :custom_field => @custom_field)
      redirect_to :action => 'index', :tab => @custom_field.class.name
-    else
-      @trackers = Tracker.find(:all, :order => 'position')
    end
+    @trackers = Tracker.find(:all, :order => 'position')
  end
  
  def destroy
--- a/app/controllers/enumerations_controller.rb
+++ b/app/controllers/enumerations_controller.rb
@@ -75,12 +75,10 @@ class EnumerationsController < ApplicationController
      # No associated objects
      @enumeration.destroy
      redirect_to :action => 'index'
-      return
    elsif params[:reassign_to_id]
      if reassign_to = @enumeration.class.find_by_id(params[:reassign_to_id])
        @enumeration.destroy(reassign_to)
        redirect_to :action => 'index'
-        return
      end
    end
    @enumerations = @enumeration.class.find(:all) - [@enumeration]
--- a/app/controllers/files_controller.rb
+++ b/app/controllers/files_controller.rb
@@ -1,7 +1,7 @@
 class FilesController < ApplicationController
  menu_item :files

-  before_filter :find_project_by_project_id
+  before_filter :find_project
  before_filter :authorize

  helper :sort
@@ -13,24 +13,25 @@ class FilesController < ApplicationController
                'created_on' => "#{Attachment.table_name}.created_on",
                'size' => "#{Attachment.table_name}.filesize",
                'downloads' => "#{Attachment.table_name}.downloads"
-
+                
    @containers = [ Project.find(@project.id, :include => :attachments, :order => sort_clause)]
    @containers += @project.versions.find(:all, :include => :attachments, :order => sort_clause).sort.reverse
    render :layout => !request.xhr?
  end

+  # TODO: split method into new (GET) and create (POST)
  def new
+    if request.post?
+      container = (params[:version_id].blank? ? @project : @project.versions.find_by_id(params[:version_id]))
+      attachments = Attachment.attach_files(container, params[:attachments])
+      render_attachment_warning_if_needed(container)
+
+      if !attachments.empty? && !attachments[:files].blank? && Setting.notified_events.include?('file_added')
+        Mailer.deliver_attachments_added(attachments[:files])
+      end
+      redirect_to :controller => 'files', :action => 'index', :id => @project
+      return
+    end
    @versions = @project.versions.sort
  end
-
-  def create
-    container = (params[:version_id].blank? ? @project : @project.versions.find_by_id(params[:version_id]))
-    attachments = Attachment.attach_files(container, params[:attachments])
-    render_attachment_warning_if_needed(container)
-
-    if !attachments.empty? && !attachments[:files].blank? && Setting.notified_events.include?('file_added')
-      Mailer.deliver_attachments_added(attachments[:files])
-    end
-    redirect_to project_files_path(@project)
-  end
 end
--- a/app/controllers/gantts_controller.rb
+++ b/app/controllers/gantts_controller.rb
@@ -1,27 +1,9 @@
-# Redmine - project management software
-# Copyright (C) 2006-2011  Jean-Philippe Lang
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-# 
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-# 
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
-
 class GanttsController < ApplicationController
  menu_item :gantt
  before_filter :find_optional_project

  rescue_from Query::StatementInvalid, :with => :query_statement_invalid

-  helper :gantt
  helper :issues
  helper :projects
  helper :queries
@@ -32,17 +14,33 @@ class GanttsController < ApplicationController
  
  def show
    @gantt = Redmine::Helpers::Gantt.new(params)
-    @gantt.project = @project
    retrieve_query
    @query.group_by = nil
-    @gantt.query = @query if @query.valid?
+    if @query.valid?
+      events = []
+      # Issues that have start and due dates
+      events += @query.issues(:include => [:tracker, :assigned_to, :priority],
+                              :order => "start_date, due_date",
+                              :conditions => ["(((start_date>=? and start_date<=?) or (due_date>=? and due_date<=?) or (start_date<? and due_date>?)) and start_date is not null and due_date is not null)", @gantt.date_from, @gantt.date_to, @gantt.date_from, @gantt.date_to, @gantt.date_from, @gantt.date_to]
+                              )
+      # Issues that don't have a due date but that are assigned to a version with a date
+      events += @query.issues(:include => [:tracker, :assigned_to, :priority, :fixed_version],
+                              :order => "start_date, effective_date",
+                              :conditions => ["(((start_date>=? and start_date<=?) or (effective_date>=? and effective_date<=?) or (start_date<? and effective_date>?)) and start_date is not null and due_date is null and effective_date is not null)", @gantt.date_from, @gantt.date_to, @gantt.date_from, @gantt.date_to, @gantt.date_from, @gantt.date_to]
+                              )
+      # Versions
+      events += @query.versions(:conditions => ["effective_date BETWEEN ? AND ?", @gantt.date_from, @gantt.date_to])
+                                   
+      @gantt.events = events
+    end
    
    basename = (@project ? "#{@project.identifier}-" : '') + 'gantt'
    
    respond_to do |format|
      format.html { render :action => "show", :layout => !request.xhr? }
-      format.png  { send_data(@gantt.to_image, :disposition => 'inline', :type => 'image/png', :filename => "#{basename}.png") } if @gantt.respond_to?('to_image')
-      format.pdf  { send_data(@gantt.to_pdf, :type => 'application/pdf', :filename => "#{basename}.pdf") }
+      format.png  { send_data(@gantt.to_image(@project), :disposition => 'inline', :type => 'image/png', :filename => "#{basename}.png") } if @gantt.respond_to?('to_image')
+      format.pdf  { send_data(gantt_to_pdf(@gantt, @project), :type => 'application/pdf', :filename => "#{basename}.pdf") }
    end
  end
+
 end
--- a/app/controllers/groups_controller.rb
+++ b/app/controllers/groups_controller.rb
@@ -132,7 +132,7 @@ class GroupsController < ApplicationController
  
  def autocomplete_for_user
    @group = Group.find(params[:id])
-    @users = User.active.not_in_group(@group).like(params[:q]).all(:limit => 100)
+    @users = User.active.like(params[:q]).find(:all, :limit => 100) - @group.users
    render :layout => false
  end
  
--- a/app/controllers/issue_categories_controller.rb
+++ b/app/controllers/issue_categories_controller.rb
@@ -65,12 +65,10 @@ class IssueCategoriesController < ApplicationController
      # No issue assigned to this category
      @category.destroy
      redirect_to :controller => 'projects', :action => 'settings', :id => @project, :tab => 'categories'
-      return
    elsif params[:todo]
      reassign_to = @project.issue_categories.find_by_id(params[:reassign_to_id]) if params[:todo] == 'reassign'
      @category.destroy(reassign_to)
      redirect_to :controller => 'projects', :action => 'settings', :id => @project, :tab => 'categories'
-      return
    end
    @categories = @project.issue_categories - [@category]
  end
--- a/app/controllers/issue_moves_controller.rb
+++ b/app/controllers/issue_moves_controller.rb
@@ -1,8 +1,8 @@
 class IssueMovesController < ApplicationController
  default_search_scope :issues
-  before_filter :find_issues, :check_project_uniqueness
+  before_filter :find_issues
  before_filter :authorize
-
+  
  def new
    prepare_for_issue_move
    render :layout => false if request.xhr?
@@ -48,7 +48,7 @@ class IssueMovesController < ApplicationController
    @copy = params[:copy_options] && params[:copy_options][:copy]
    @allowed_projects = Issue.allowed_target_projects_on_move
    @target_project = @allowed_projects.detect {|p| p.id.to_s == params[:new_project_id]} if params[:new_project_id]
-    @target_project ||= @project
+    @target_project ||= @project    
    @trackers = @target_project.trackers
    @available_statuses = Workflow.available_statuses(@project)
    @notes = params[:notes]
--- a/app/controllers/issue_relations_controller.rb
+++ b/app/controllers/issue_relations_controller.rb
@@ -1,4 +1,4 @@
-# Redmine - project management software
+# redMine - project management software
 # Copyright (C) 2006-2007  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
@@ -28,7 +28,6 @@ class IssueRelationsController < ApplicationController
    respond_to do |format|
      format.html { redirect_to :controller => 'issues', :action => 'show', :id => @issue }
      format.js do
-        @relations = @issue.relations.select {|r| r.other_issue(@issue) && r.other_issue(@issue).visible? }
        render :update do |page|
          page.replace_html "relations", :partial => 'issues/relations'
          if @relation.errors.empty?
@@ -48,10 +47,7 @@ class IssueRelationsController < ApplicationController
    end
    respond_to do |format|
      format.html { redirect_to :controller => 'issues', :action => 'show', :id => @issue }
-      format.js {
-        @relations = @issue.relations.select {|r| r.other_issue(@issue) && r.other_issue(@issue).visible? }
-        render(:update) {|page| page.replace_html "relations", :partial => 'issues/relations'}
-      }
+      format.js { render(:update) {|page| page.replace_html "relations", :partial => 'issues/relations'} }
    end
  end
  
--- a/app/controllers/issues_controller.rb
+++ b/app/controllers/issues_controller.rb
@@ -1,16 +1,16 @@
 # Redmine - project management software
-# Copyright (C) 2006-2011  Jean-Philippe Lang
+# Copyright (C) 2006-2008  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
@@ -18,23 +18,21 @@
 class IssuesController < ApplicationController
  menu_item :new_issue, :only => [:new, :create]
  default_search_scope :issues
-
+  
  before_filter :find_issue, :only => [:show, :edit, :update]
  before_filter :find_issues, :only => [:bulk_edit, :bulk_update, :move, :perform_move, :destroy]
-  before_filter :check_project_uniqueness, :only => [:move, :perform_move]
  before_filter :find_project, :only => [:new, :create]
  before_filter :authorize, :except => [:index]
  before_filter :find_optional_project, :only => [:index]
  before_filter :check_for_default_issue_status, :only => [:new, :create]
  before_filter :build_new_issue_from_params, :only => [:new, :create]
-  accept_rss_auth :index, :show
-  accept_api_auth :index, :show, :create, :update, :destroy
+  accept_key_auth :index, :show, :create, :update, :destroy

  rescue_from Query::StatementInvalid, :with => :query_statement_invalid
-
+  
  helper :journals
  helper :projects
-  include ProjectsHelper
+  include ProjectsHelper   
  helper :custom_fields
  include CustomFieldsHelper
  helper :issue_relations
@@ -45,13 +43,10 @@ class IssuesController < ApplicationController
  include AttachmentsHelper
  helper :queries
  include QueriesHelper
-  helper :repositories
-  include RepositoriesHelper
  helper :sort
  include SortHelper
  include IssuesHelper
  helper :timelog
-  helper :gantt
  include Redmine::Export::PDF

  verify :method => [:post, :delete],
@@ -61,36 +56,34 @@ class IssuesController < ApplicationController
  verify :method => :post, :only => :create, :render => {:nothing => true, :status => :method_not_allowed }
  verify :method => :post, :only => :bulk_update, :render => {:nothing => true, :status => :method_not_allowed }
  verify :method => :put, :only => :update, :render => {:nothing => true, :status => :method_not_allowed }
-
+  
  def index
    retrieve_query
    sort_init(@query.sort_criteria.empty? ? [['id', 'desc']] : @query.sort_criteria)
    sort_update(@query.sortable_columns)
-
+    
    if @query.valid?
-      case params[:format]
+      limit = case params[:format]
      when 'csv', 'pdf'
-        @limit = Setting.issues_export_limit.to_i
+        Setting.issues_export_limit.to_i
      when 'atom'
-        @limit = Setting.feeds_limit.to_i
-      when 'xml', 'json'
-        @offset, @limit = api_offset_and_limit
+        Setting.feeds_limit.to_i
      else
-        @limit = per_page_option
+        per_page_option
      end
-
+      
      @issue_count = @query.issue_count
-      @issue_pages = Paginator.new self, @issue_count, @limit, params['page']
-      @offset ||= @issue_pages.current.offset
+      @issue_pages = Paginator.new self, @issue_count, limit, params['page']
      @issues = @query.issues(:include => [:assigned_to, :tracker, :priority, :category, :fixed_version],
-                              :order => sort_clause,
-                              :offset => @offset,
-                              :limit => @limit)
+                              :order => sort_clause, 
+                              :offset => @issue_pages.current.offset, 
+                              :limit => limit)
      @issue_count_by_group = @query.issue_count_by_group
-
+      
      respond_to do |format|
        format.html { render :template => 'issues/index.rhtml', :layout => !request.xhr? }
-        format.api
+        format.xml  { render :layout => false }
+        format.json { render :text => @issues.to_json, :layout => false }
        format.atom { render_feed(@issues, :title => "#{@project || Setting.app_title}: #{l(:label_issue_plural)}") }
        format.csv  { send_data(issues_to_csv(@issues, @project), :type => 'text/csv; header=present', :filename => 'export.csv') }
        format.pdf  { send_data(issues_to_pdf(@issues, @project, @query), :type => 'application/pdf', :filename => 'export.pdf') }
@@ -102,25 +95,21 @@ class IssuesController < ApplicationController
  rescue ActiveRecord::RecordNotFound
    render_404
  end
-
+  
  def show
    @journals = @issue.journals.find(:all, :include => [:user, :details], :order => "#{Journal.table_name}.created_on ASC")
    @journals.each_with_index {|j,i| j.indice = i+1}
    @journals.reverse! if User.current.wants_comments_in_reverse_order?
-
-    if User.current.allowed_to?(:view_changesets, @project)
-      @changesets = @issue.changesets.visible.all
-      @changesets.reverse! if User.current.wants_comments_in_reverse_order?
-    end
-
-    @relations = @issue.relations.select {|r| r.other_issue(@issue) && r.other_issue(@issue).visible? }
+    @changesets = @issue.changesets.visible.all
+    @changesets.reverse! if User.current.wants_comments_in_reverse_order?
    @allowed_statuses = @issue.new_statuses_allowed_to(User.current)
    @edit_allowed = User.current.allowed_to?(:edit_issues, @project)
    @priorities = IssuePriority.all
-    @time_entry = TimeEntry.new(:issue => @issue, :project => @issue.project)
+    @time_entry = TimeEntry.new
    respond_to do |format|
      format.html { render :template => 'issues/show.rhtml' }
-      format.api
+      format.xml  { render :layout => false }
+      format.json { render :text => @issue.to_json, :layout => false }
      format.atom { render :template => 'journals/index', :layout => false, :content_type => 'application/atom+xml' }
      format.pdf  { send_data(issue_to_pdf(@issue), :type => 'application/pdf', :filename => "#{@project.identifier}-#{@issue.id}.pdf") }
    end
@@ -147,17 +136,23 @@ class IssuesController < ApplicationController
          redirect_to(params[:continue] ?  { :action => 'new', :project_id => @project, :issue => {:tracker_id => @issue.tracker, :parent_issue_id => @issue.parent_issue_id}.reject {|k,v| v.nil?} } :
                      { :action => 'show', :id => @issue })
        }
-        format.api  { render :action => 'show', :status => :created, :location => issue_url(@issue) }
+        format.xml  { render :action => 'show', :status => :created, :location => url_for(:controller => 'issues', :action => 'show', :id => @issue) }
+        format.json { render :text => @issue.to_json, :status => :created, :location => url_for(:controller => 'issues', :action => 'show'), :layout => false }
      end
      return
    else
      respond_to do |format|
        format.html { render :action => 'new' }
-        format.api  { render_validation_errors(@issue) }
+        format.xml  { render(:xml => @issue.errors, :status => :unprocessable_entity); return }
+        format.json { render :text => object_errors_to_json(@issue), :status => :unprocessable_entity, :layout => false }
      end
    end
  end
-
+  
+  # Attributes that can be updated on workflow transition (without :edit permission)
+  # TODO: make it configurable (at least per role)
+  UPDATABLE_ATTRS_ON_TRANSITION = %w(status_id assigned_to_id fixed_version_id done_ratio) unless const_defined?(:UPDATABLE_ATTRS_ON_TRANSITION)
+  
  def edit
    update_issue_from_params

@@ -178,7 +173,8 @@ class IssuesController < ApplicationController

      respond_to do |format|
        format.html { redirect_back_or_default({:action => 'show', :id => @issue}) }
-        format.api  { head :ok }
+        format.xml  { head :ok }
+        format.json  { head :ok }
      end
    else
      render_attachment_warning_if_needed(@issue)
@@ -187,7 +183,8 @@ class IssuesController < ApplicationController

      respond_to do |format|
        format.html { render :action => 'edit' }
-        format.api  { render_validation_errors(@issue) }
+        format.xml  { render :xml => @issue.errors, :status => :unprocessable_entity }
+        format.json { render :text => object_errors_to_json(@issue), :status => :unprocessable_entity, :layout => false }
      end
    end
  end
@@ -195,10 +192,8 @@ class IssuesController < ApplicationController
  # Bulk edit a set of issues
  def bulk_edit
    @issues.sort!
-    @available_statuses = @projects.map{|p|Workflow.available_statuses(p)}.inject{|memo,w|memo & w}
-    @custom_fields = @projects.map{|p|p.all_issue_custom_fields}.inject{|memo,c|memo & c}
-    @assignables = @projects.map(&:assignable_users).inject{|memo,a| memo & a}
-    @trackers = @projects.map(&:trackers).inject{|memo,t| memo & t}
+    @available_statuses = Workflow.available_statuses(@project)
+    @custom_fields = @project.all_issue_custom_fields
  end

  def bulk_update
@@ -219,7 +214,7 @@ class IssuesController < ApplicationController
    set_flash_from_bulk_issue_save(@issues, unsaved_issue_ids)
    redirect_back_or_default({:controller => 'issues', :action => 'index', :project_id => @project})
  end
-
+  
  def destroy
    @hours = TimeEntry.sum(:hours, :conditions => ['issue_id IN (?)', @issues]).to_f
    if @hours > 0
@@ -237,44 +232,35 @@ class IssuesController < ApplicationController
          TimeEntry.update_all("issue_id = #{reassign_to.id}", ['issue_id IN (?)', @issues])
        end
      else
-        # display the destroy form if it's a user request
-        return unless api_request?
-      end
-    end
-    @issues.each do |issue|
-      begin
-        issue.reload.destroy
-      rescue ::ActiveRecord::RecordNotFound # raised by #reload if issue no longer exists
-        # nothing to do, issue was already deleted (eg. by a parent)
+        unless params[:format] == 'xml' || params[:format] == 'json'
+          # display the destroy form if it's a user request
+          return
+        end
      end
    end
+    @issues.each(&:destroy)
    respond_to do |format|
-      format.html { redirect_back_or_default(:action => 'index', :project_id => @project) }
-      format.api  { head :ok }
+      format.html { redirect_to :action => 'index', :project_id => @project }
+      format.xml  { head :ok }
+      format.json  { head :ok }
    end
  end

 private
  def find_issue
-    # Issue.visible.find(...) can not be used to redirect user to the login form
-    # if the issue actually exists but requires authentication
    @issue = Issue.find(params[:id], :include => [:project, :tracker, :status, :author, :priority, :category])
-    unless @issue.visible?
-      deny_access
-      return
-    end
    @project = @issue.project
  rescue ActiveRecord::RecordNotFound
    render_404
  end
-
+  
  def find_project
    project_id = (params[:issue] && params[:issue][:project_id]) || params[:project_id]
    @project = Project.find(project_id)
  rescue ActiveRecord::RecordNotFound
    render_404
  end
-
+  
  # Used by #edit and #update to set some common instance variables
  # from the params
  # TODO: Refactor, not everything in here is needed by #edit
@@ -282,12 +268,18 @@ private
    @allowed_statuses = @issue.new_statuses_allowed_to(User.current)
    @priorities = IssuePriority.all
    @edit_allowed = User.current.allowed_to?(:edit_issues, @project)
-    @time_entry = TimeEntry.new(:issue => @issue, :project => @issue.project)
-    @time_entry.attributes = params[:time_entry]
-
+    @time_entry = TimeEntry.new
+    
    @notes = params[:notes] || (params[:issue].present? ? params[:issue][:notes] : nil)
    @issue.init_journal(User.current, @notes)
-    @issue.safe_attributes = params[:issue]
+    # User can change issue attributes only if he has :edit permission or if a workflow transition is allowed
+    if (@edit_allowed || !@allowed_statuses.empty?) && params[:issue]
+      attrs = params[:issue].dup
+      attrs.delete_if {|k,v| !UPDATABLE_ATTRS_ON_TRANSITION.include?(k) } unless @edit_allowed
+      attrs.delete(:status_id) unless @allowed_statuses.detect {|s| s.id.to_s == attrs[:status_id].to_s}
+      @issue.safe_attributes = attrs
+    end
+
  end

  # TODO: Refactor, lots of extra code in here
@@ -300,9 +292,8 @@ private
    else
      @issue = @project.issues.visible.find(params[:id])
    end
-
+    
    @issue.project = @project
-    @issue.author = User.current
    # Tracker must be set before custom field values
    @issue.tracker ||= @project.trackers.find((params[:issue] && params[:issue][:tracker_id]) || params[:tracker_id] || :first)
    if @issue.tracker.nil?
@@ -316,6 +307,7 @@ private
        @issue.watcher_user_ids = params[:issue]['watcher_user_ids']
      end
    end
+    @issue.author = User.current
    @priorities = IssuePriority.all
    @allowed_statuses = @issue.new_statuses_allowed_to(User.current, true)
  end
--- a/app/controllers/journals_controller.rb
+++ b/app/controllers/journals_controller.rb
@@ -1,5 +1,5 @@
-# Redmine - project management software
-# Copyright (C) 2006-2011  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006-2008  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -16,15 +16,12 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class JournalsController < ApplicationController
-  before_filter :find_journal, :only => [:edit, :diff]
+  before_filter :find_journal, :only => [:edit]
  before_filter :find_issue, :only => [:new]
  before_filter :find_optional_project, :only => [:index]
-  before_filter :authorize, :only => [:new, :edit, :diff]
-  accept_rss_auth :index
-  menu_item :issues
-  
+  accept_key_auth :index
+
  helper :issues
-  helper :custom_fields
  helper :queries
  include QueriesHelper
  helper :sort
@@ -45,17 +42,6 @@ class JournalsController < ApplicationController
    render_404
  end
  
-  def diff
-    @issue = @journal.issue
-    if params[:detail_id].present?
-      @detail = @journal.details.find_by_id(params[:detail_id])
-    else
-      @detail = @journal.details.detect {|d| d.prop_key == 'description'}
-    end
-    (render_404; return false) unless @issue && @detail
-    @diff = Redmine::Helpers::Diff.new(@detail.value, @detail.old_value)
-  end
-  
  def new
    journal = Journal.find(params[:journal_id]) if params[:journal_id]
    if journal
@@ -80,7 +66,6 @@ class JournalsController < ApplicationController
  end
  
  def edit
-    (render_403; return false) unless @journal.editable_by?(User.current)
    if request.post?
      @journal.update_attributes(:notes => params[:notes]) if params[:notes]
      @journal.destroy if @journal.details.empty? && @journal.notes.blank?
@@ -89,21 +74,13 @@ class JournalsController < ApplicationController
        format.html { redirect_to :controller => 'issues', :action => 'show', :id => @journal.journalized_id }
        format.js { render :action => 'update' }
      end
-    else
-      respond_to do |format|
-        format.html {
-          # TODO: implement non-JS journal update
-          render :nothing => true 
-        }
-        format.js
-      end
    end
  end
  
-  private
-  
+private
  def find_journal
    @journal = Journal.find(params[:id])
+    (render_403; return false) unless @journal.editable_by?(User.current)
    @project = @journal.journalized.project
  rescue ActiveRecord::RecordNotFound
    render_404
--- a/app/controllers/mail_handler_controller.rb
+++ b/app/controllers/mail_handler_controller.rb
@@ -1,27 +1,27 @@
-# Redmine - project management software
-# Copyright (C) 2006-2011  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006-2008  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class MailHandlerController < ActionController::Base
  before_filter :check_credential
-
+  
  verify :method => :post,
         :only => :index,
         :render => { :nothing => true, :status => 405 }
-
+         
  # Submits an incoming email to MailHandler
  def index
    options = params.dup
@@ -32,9 +32,9 @@ class MailHandlerController < ActionController::Base
      render :nothing => true, :status => :unprocessable_entity
    end
  end
-
+  
  private
-
+  
  def check_credential
    User.current = nil
    unless Setting.mail_handler_api_enabled? && params[:key].to_s == Setting.mail_handler_api_key
--- a/app/controllers/my_controller.rb
+++ b/app/controllers/my_controller.rb
@@ -19,7 +19,6 @@ class MyController < ApplicationController
  before_filter :require_login

  helper :issues
-  helper :users
  helper :custom_fields

  BLOCKS = { 'issuesassignedtome' => :label_assigned_to_me_issues,
@@ -54,18 +53,25 @@ class MyController < ApplicationController
    @user = User.current
    @pref = @user.pref
    if request.post?
-      @user.safe_attributes = params[:user]
+      @user.attributes = params[:user]
+      @user.mail_notification = (params[:notification_option] == 'all')
      @user.pref.attributes = params[:pref]
      @user.pref[:no_self_notified] = (params[:no_self_notified] == '1')
      if @user.save
        @user.pref.save
-        @user.notified_project_ids = (@user.mail_notification == 'selected' ? params[:notified_project_ids] : [])
+        @user.notified_project_ids = (params[:notification_option] == 'selected' ? params[:notified_project_ids] : [])
        set_language_if_valid @user.language
        flash[:notice] = l(:notice_account_updated)
        redirect_to :action => 'account'
        return
      end
    end
+    @notification_options = [[l(:label_user_mail_option_all), 'all'],
+                             [l(:label_user_mail_option_none), 'none']]
+    # Only users that belong to more than 1 project can select projects for which they are notified
+    # Note that @user.membership.size would fail since AR ignores :include association option when doing a count
+    @notification_options.insert 1, [l(:label_user_mail_option_selected), 'selected'] if @user.memberships.length > 1
+    @notification_option = @user.mail_notification? ? 'all' : (@user.notified_projects_ids.empty? ? 'none' : 'selected')    
  end

  # Manage user's password
--- a/app/controllers/news_controller.rb
+++ b/app/controllers/news_controller.rb
@@ -1,5 +1,5 @@
-# Redmine - project management software
-# Copyright (C) 2006-2011  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -18,37 +18,23 @@
 class NewsController < ApplicationController
  default_search_scope :news
  model_object News
-  before_filter :find_model_object, :except => [:new, :create, :index]
-  before_filter :find_project_from_association, :except => [:new, :create, :index]
-  before_filter :find_project, :only => [:new, :create]
-  before_filter :authorize, :except => [:index]
+  before_filter :find_model_object, :except => [:new, :index, :preview]
+  before_filter :find_project_from_association, :except => [:new, :index, :preview]
+  before_filter :find_project, :only => [:new, :preview]
+  before_filter :authorize, :except => [:index, :preview]
  before_filter :find_optional_project, :only => :index
-  accept_rss_auth :index
-  accept_api_auth :index
-  
-  helper :watchers
+  accept_key_auth :index
  
  def index
-    case params[:format]
-    when 'xml', 'json'
-      @offset, @limit = api_offset_and_limit
-    else
-      @limit =  10
-    end
-    
-    scope = @project ? @project.news.visible : News.visible
-    
-    @news_count = scope.count
-    @news_pages = Paginator.new self, @news_count, @limit, params['page']
-    @offset ||= @news_pages.current.offset
-    @newss = scope.all(:include => [:author, :project],
-                                       :order => "#{News.table_name}.created_on DESC",
-                                       :offset => @offset,
-                                       :limit => @limit)
-    
+    @news_pages, @newss = paginate :news,
+                                   :per_page => 10,
+                                   :conditions => Project.allowed_to_condition(User.current, :view_news, :project => @project),
+                                   :include => [:author, :project],
+                                   :order => "#{News.table_name}.created_on DESC"    
    respond_to do |format|
      format.html { render :layout => false if request.xhr? }
-      format.api
+      format.xml { render :xml => @newss.to_xml }
+      format.json { render :json => @newss.to_json }
      format.atom { render_feed(@newss, :title => (@project ? @project.name : Setting.app_title) + ": #{l(:label_news_plural)}") }
    end
  end
@@ -60,38 +46,49 @@ class NewsController < ApplicationController

  def new
    @news = News.new(:project => @project, :author => User.current)
-  end
-
-  def create
-    @news = News.new(:project => @project, :author => User.current)
    if request.post?
      @news.attributes = params[:news]
      if @news.save
        flash[:notice] = l(:notice_successful_create)
        redirect_to :controller => 'news', :action => 'index', :project_id => @project
-      else
-        render :action => 'new'
      end
    end
  end
-
-  def edit
-  end
  
-  def update
-    if request.put? and @news.update_attributes(params[:news])
+  def edit
+    if request.post? and @news.update_attributes(params[:news])
      flash[:notice] = l(:notice_successful_update)
      redirect_to :action => 'show', :id => @news
-    else
-      render :action => 'edit'
    end
  end
+  
+  def add_comment
+    @comment = Comment.new(params[:comment])
+    @comment.author = User.current
+    if @news.comments << @comment
+      flash[:notice] = l(:label_comment_added)
+      redirect_to :action => 'show', :id => @news
+    else
+      show
+      render :action => 'show'
+    end
+  end
+
+  def destroy_comment
+    @news.comments.find(params[:comment_id]).destroy
+    redirect_to :action => 'show', :id => @news
+  end

  def destroy
    @news.destroy
    redirect_to :action => 'index', :project_id => @project
  end
  
+  def preview
+    @text = (params[:news] ? params[:news][:description] : nil)
+    render :partial => 'common/preview'
+  end
+  
 private
  def find_project
    @project = Project.find(params[:project_id])
--- a/app/controllers/previews_controller.rb
+++ b/app/controllers/previews_controller.rb
@@ -1,20 +1,3 @@
-# Redmine - project management software
-# Copyright (C) 2006-2011  Jean-Philippe Lang
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-# 
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-# 
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
-
 class PreviewsController < ApplicationController
  before_filter :find_project

@@ -33,11 +16,6 @@ class PreviewsController < ApplicationController
    render :layout => false
  end

-  def news
-    @text = (params[:news] ? params[:news][:description] : nil)
-    render :partial => 'common/preview'
-  end
-
  private
  
  def find_project
--- a/app/controllers/project_enumerations_controller.rb
+++ b/app/controllers/project_enumerations_controller.rb
@@ -1,9 +1,9 @@
 class ProjectEnumerationsController < ApplicationController
-  before_filter :find_project_by_project_id
+  before_filter :find_project
  before_filter :authorize
  
-  def update
-    if request.put? && params[:enumerations]
+  def save
+    if request.post? && params[:enumerations]
      Project.transaction do
        params[:enumerations].each do |id, activity|
          @project.update_or_create_time_entry_activity(id, activity)
--- a/app/controllers/projects_controller.rb
+++ b/app/controllers/projects_controller.rb
@@ -1,5 +1,5 @@
 # Redmine - project management software
-# Copyright (C) 2006-2011  Jean-Philippe Lang
+# Copyright (C) 2006-2009  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -24,8 +24,7 @@ class ProjectsController < ApplicationController
  before_filter :authorize, :except => [ :index, :list, :new, :create, :copy, :archive, :unarchive, :destroy]
  before_filter :authorize_global, :only => [:new, :create]
  before_filter :require_admin, :only => [ :copy, :archive, :unarchive, :destroy ]
-  accept_rss_auth :index
-  accept_api_auth :index, :show, :create, :update, :destroy
+  accept_key_auth :index, :show, :create, :update, :destroy

  after_filter :only => [:create, :edit, :update, :archive, :unarchive, :destroy] do |controller|
    if controller.request.post?
@@ -33,6 +32,9 @@ class ProjectsController < ApplicationController
    end
  end

+  # TODO: convert to PUT only
+  verify :method => [:post, :put], :only => :update, :render => {:nothing => true, :status => :method_not_allowed }
+
  helper :sort
  include SortHelper
  helper :custom_fields
@@ -50,10 +52,8 @@ class ProjectsController < ApplicationController
      format.html { 
        @projects = Project.visible.find(:all, :order => 'lft') 
      }
-      format.api  {
-        @offset, @limit = api_offset_and_limit
-        @project_count = Project.visible.count
-        @projects = Project.visible.all(:offset => @offset, :limit => @limit, :order => 'lft')
+      format.xml  {
+        @projects = Project.visible.find(:all, :order => 'lft')
      }
      format.atom {
        projects = Project.visible.find(:all, :order => 'created_on DESC',
@@ -67,15 +67,19 @@ class ProjectsController < ApplicationController
    @issue_custom_fields = IssueCustomField.find(:all, :order => "#{CustomField.table_name}.position")
    @trackers = Tracker.all
    @project = Project.new(params[:project])
+
+    @project.identifier = Project.next_identifier if Setting.sequential_project_identifiers?
+    @project.trackers = Tracker.all
+    @project.is_public = Setting.default_projects_public?
+    @project.enabled_module_names = Setting.default_projects_modules
  end

-  verify :method => :post, :only => :create, :render => {:nothing => true, :status => :method_not_allowed }
  def create
    @issue_custom_fields = IssueCustomField.find(:all, :order => "#{CustomField.table_name}.position")
    @trackers = Tracker.all
-    @project = Project.new
-    @project.safe_attributes = params[:project]
+    @project = Project.new(params[:project])

+    @project.enabled_module_names = params[:enabled_modules]
    if validate_parent_id && @project.save
      @project.set_allowed_parent!(params[:project]['parent_id']) if params[:project].has_key?('parent_id')
      # Add current user as a project member if he is not admin
@@ -89,12 +93,12 @@ class ProjectsController < ApplicationController
          flash[:notice] = l(:notice_successful_create)
          redirect_to :controller => 'projects', :action => 'settings', :id => @project
        }
-        format.api  { render :action => 'show', :status => :created, :location => url_for(:controller => 'projects', :action => 'show', :id => @project.id) }
+        format.xml  { render :action => 'show', :status => :created, :location => url_for(:controller => 'projects', :action => 'show', :id => @project.id) }
      end
    else
      respond_to do |format|
        format.html { render :action => 'new' }
-        format.api  { render_validation_errors(@project) }
+        format.xml  { render :xml => @project.errors, :status => :unprocessable_entity }
      end
    end
    
@@ -116,18 +120,18 @@ class ProjectsController < ApplicationController
      end  
    else
      Mailer.with_deliveries(params[:notifications] == '1') do
-        @project = Project.new
-        @project.safe_attributes = params[:project]
+        @project = Project.new(params[:project])
+        @project.enabled_module_names = params[:enabled_modules]
        if validate_parent_id && @project.copy(@source_project, :only => params[:only])
          @project.set_allowed_parent!(params[:project]['parent_id']) if params[:project].has_key?('parent_id')
          flash[:notice] = l(:notice_successful_create)
-          redirect_to :controller => 'projects', :action => 'settings', :id => @project
+          redirect_to :controller => 'projects', :action => 'settings'
        elsif !@project.new_record?
          # Project was created
          # But some objects were not copied due to validation failures
          # (eg. issues from disabled trackers)
          # TODO: inform about that
-          redirect_to :controller => 'projects', :action => 'settings', :id => @project
+          redirect_to :controller => 'projects', :action => 'settings'
        end
      end
    end
@@ -143,7 +147,7 @@ class ProjectsController < ApplicationController
    end
    
    @users_by_role = @project.users_by_role
-    @subprojects = @project.children.visible.all
+    @subprojects = @project.children.visible
    @news = @project.news.find(:all, :limit => 5, :include => [ :author, :project ], :order => "#{News.table_name}.created_on DESC")
    @trackers = @project.rolled_up_trackers
    
@@ -156,15 +160,16 @@ class ProjectsController < ApplicationController
                                            :include => [:project, :status, :tracker],
                                            :conditions => cond)
    
-    if User.current.allowed_to?(:view_time_entries, @project)
-      @total_hours = TimeEntry.visible.sum(:hours, :include => :project, :conditions => cond).to_f
+    TimeEntry.visible_by(User.current) do
+      @total_hours = TimeEntry.sum(:hours, 
+                                   :include => :project,
+                                   :conditions => cond).to_f
    end
-    
    @key = User.current.rss_key
    
    respond_to do |format|
      format.html
-      format.api
+      format.xml
    end
  end

@@ -180,10 +185,8 @@ class ProjectsController < ApplicationController
  def edit
  end

-  # TODO: convert to PUT only
-  verify :method => [:post, :put], :only => :update, :render => {:nothing => true, :status => :method_not_allowed }
  def update
-    @project.safe_attributes = params[:project]
+    @project.attributes = params[:project]
    if validate_parent_id && @project.save
      @project.set_allowed_parent!(params[:project]['parent_id']) if params[:project].has_key?('parent_id')
      respond_to do |format|
@@ -191,7 +194,7 @@ class ProjectsController < ApplicationController
          flash[:notice] = l(:notice_successful_update)
          redirect_to :action => 'settings', :id => @project
        }
-        format.api  { head :ok }
+        format.xml  { head :ok }
      end
    else
      respond_to do |format|
@@ -199,14 +202,13 @@ class ProjectsController < ApplicationController
          settings
          render :action => 'settings'
        }
-        format.api  { render_validation_errors(@project) }
+        format.xml  { render :xml => @project.errors, :status => :unprocessable_entity }
      end
    end
  end
-
-  verify :method => :post, :only => :modules, :render => {:nothing => true, :status => :method_not_allowed }
+  
  def modules
-    @project.enabled_module_names = params[:enabled_module_names]
+    @project.enabled_module_names = params[:enabled_modules]
    flash[:notice] = l(:notice_successful_update)
    redirect_to :action => 'settings', :id => @project, :tab => 'modules'
  end
@@ -231,11 +233,11 @@ class ProjectsController < ApplicationController
    if request.get?
      # display confirmation view
    else
-      if api_request? || params[:confirm]
+      if params[:format] == 'xml' || params[:confirm]
        @project_to_destroy.destroy
        respond_to do |format|
          format.html { redirect_to :controller => 'admin', :action => 'projects' }
-          format.api  { head :ok }
+          format.xml  { head :ok }
        end
      end
    end
--- a/app/controllers/queries_controller.rb
+++ b/app/controllers/queries_controller.rb
@@ -25,12 +25,11 @@ class QueriesController < ApplicationController
    @query.project = params[:query_is_for_all] ? nil : @project
    @query.user = User.current
    @query.is_public = false unless User.current.allowed_to?(:manage_public_queries, @project) || User.current.admin?
-    
-    @query.add_filters(params[:fields] || params[:f], params[:operators] || params[:op], params[:values] || params[:v]) if params[:fields] || params[:f]
-    @query.group_by ||= params[:group_by]
-    @query.column_names = params[:c] if params[:c]
    @query.column_names = nil if params[:default_columns]
    
+    @query.add_filters(params[:fields], params[:operators], params[:values]) if params[:fields]
+    @query.group_by ||= params[:group_by]
+    
    if request.post? && params[:confirm] && @query.save
      flash[:notice] = l(:notice_successful_create)
      redirect_to :controller => 'issues', :action => 'index', :project_id => @project, :query_id => @query
@@ -42,12 +41,10 @@ class QueriesController < ApplicationController
  def edit
    if request.post?
      @query.filters = {}
-      @query.add_filters(params[:fields] || params[:f], params[:operators] || params[:op], params[:values] || params[:v]) if params[:fields] || params[:f]
+      @query.add_filters(params[:fields], params[:operators], params[:values]) if params[:fields]
      @query.attributes = params[:query]
      @query.project = nil if params[:query_is_for_all]
      @query.is_public = false unless User.current.allowed_to?(:manage_public_queries, @project) || User.current.admin?
-      @query.group_by ||= params[:group_by]
-      @query.column_names = params[:c] if params[:c]
      @query.column_names = nil if params[:default_columns]
      
      if @query.save
--- a/app/controllers/repositories_controller.rb
+++ b/app/controllers/repositories_controller.rb
@@ -1,16 +1,16 @@
 # Redmine - project management software
-# Copyright (C) 2006-2011  Jean-Philippe Lang
+# Copyright (C) 2006-2009  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
@@ -26,45 +26,33 @@ class RepositoriesController < ApplicationController
  menu_item :repository
  menu_item :settings, :only => :edit
  default_search_scope :changesets
-
+  
  before_filter :find_repository, :except => :edit
  before_filter :find_project, :only => :edit
  before_filter :authorize
-  accept_rss_auth :revisions
-
+  accept_key_auth :revisions
+  
  rescue_from Redmine::Scm::Adapters::CommandFailed, :with => :show_error_command_failed
-
+  
  def edit
    @repository = @project.repository
-    if !@repository && !params[:repository_scm].blank?
+    if !@repository
      @repository = Repository.factory(params[:repository_scm])
      @repository.project = @project if @repository
    end
    if request.post? && @repository
-      p1 = params[:repository]
-      p       = {}
-      p_extra = {}
-      p1.each do |k, v|
-        if k =~ /^extra_/
-          p_extra[k] = v
-        else
-          p[k] = v
-        end
-      end
-      @repository.attributes = p
-      @repository.merge_extra_info(p_extra)
+      @repository.attributes = params[:repository]
      @repository.save
    end
    render(:update) do |page|
-      page.replace_html "tab-content-repository",
-                        :partial => 'projects/settings/repository'
+      page.replace_html "tab-content-repository", :partial => 'projects/settings/repository'
      if @repository && !@project.repository
-        @project.reload # needed to reload association
+        @project.reload #needed to reload association
        page.replace_html "main-menu", render_main_menu(@project)
      end
    end
  end
-
+  
  def committers
    @committers = @repository.committers
    @users = @project.users
@@ -79,20 +67,16 @@ class RepositoriesController < ApplicationController
      redirect_to :action => 'committers', :id => @project
    end
  end
-
+  
  def destroy
    @repository.destroy
-    redirect_to :controller => 'projects',
-                :action     => 'settings',
-                :id         => @project,
-                :tab        => 'repository'
+    redirect_to :controller => 'projects', :action => 'settings', :id => @project, :tab => 'repository'
  end
-
-  def show
+  
+  def show 
    @repository.fetch_changesets if Setting.autofetch_changesets? && @path.empty?

    @entries = @repository.entries(@path, @rev)
-    @changeset = @repository.find_changeset_by_name(@rev)
    if request.xhr?
      @entries ? render(:partial => 'dir_list_content') : render(:nothing => true)
    else
@@ -104,31 +88,30 @@ class RepositoriesController < ApplicationController
  end

  alias_method :browse, :show
-
+  
  def changes
    @entry = @repository.entry(@path, @rev)
    (show_error_not_found; return) unless @entry
    @changesets = @repository.latest_changesets(@path, @rev, Setting.repository_log_display_limit.to_i)
    @properties = @repository.properties(@path, @rev)
-    @changeset = @repository.find_changeset_by_name(@rev)
  end
-
+  
  def revisions
    @changeset_count = @repository.changesets.count
    @changeset_pages = Paginator.new self, @changeset_count,
-                                     per_page_option,
-                                     params['page']
+								      per_page_option,
+								      params['page']								
    @changesets = @repository.changesets.find(:all,
-                       :limit  =>  @changeset_pages.items_per_page,
-                       :offset =>  @changeset_pages.current.offset,
-                       :include => [:user, :repository])
+						:limit  =>  @changeset_pages.items_per_page,
+						:offset =>  @changeset_pages.current.offset,
+            :include => [:user, :repository])

    respond_to do |format|
      format.html { render :layout => false if request.xhr? }
      format.atom { render_feed(@changesets, :title => "#{@project.name}: #{l(:label_revision_plural)}") }
    end
  end
-
+  
  def entry
    @entry = @repository.entry(@path, @rev)
    (show_error_not_found; return) unless @entry
@@ -138,46 +121,24 @@ class RepositoriesController < ApplicationController

    @content = @repository.cat(@path, @rev)
    (show_error_not_found; return) unless @content
-    if 'raw' == params[:format] ||
-         (@content.size && @content.size > Setting.file_max_size_displayed.to_i.kilobyte) ||
-         ! is_entry_text_data?(@content, @path)
+    if 'raw' == params[:format] || @content.is_binary_data? || (@entry.size && @entry.size > Setting.file_max_size_displayed.to_i.kilobyte)
      # Force the download
-      send_opt = { :filename => filename_for_content_disposition(@path.split('/').last) }
-      send_type = Redmine::MimeType.of(@path)
-      send_opt[:type] = send_type.to_s if send_type
-      send_data @content, send_opt
+      send_data @content, :filename => @path.split('/').last
    else
      # Prevent empty lines when displaying a file with Windows style eol
-      # TODO: UTF-16
-      # Is this needs? AttachmentsController reads file simply.
      @content.gsub!("\r\n", "\n")
-      @changeset = @repository.find_changeset_by_name(@rev)
-    end
+   end
  end
-
-  def is_entry_text_data?(ent, path)
-    # UTF-16 contains "\x00".
-    # It is very strict that file contains less than 30% of ascii symbols
-    # in non Western Europe.
-    return true if Redmine::MimeType.is_type?('text', path)
-    # Ruby 1.8.6 has a bug of integer divisions.
-    # http://apidock.com/ruby/v1_8_6_287/String/is_binary_data%3F
-    return false if ent.is_binary_data?
-    true
-  end
-  private :is_entry_text_data?
-
+  
  def annotate
    @entry = @repository.entry(@path, @rev)
    (show_error_not_found; return) unless @entry
-
+    
    @annotate = @repository.scm.annotate(@path, @rev)
    (render_error l(:error_scm_annotate); return) if @annotate.nil? || @annotate.empty?
-    @changeset = @repository.find_changeset_by_name(@rev)
  end
-
+  
  def revision
-    raise ChangesetNotFound if @rev.blank?
    @changeset = @repository.find_changeset_by_name(@rev)
    raise ChangesetNotFound unless @changeset

@@ -188,7 +149,7 @@ class RepositoriesController < ApplicationController
  rescue ChangesetNotFound
    show_error_not_found
  end
-
+  
  def diff
    if params[:format] == 'diff'
      @diff = @repository.diff(@path, @rev, @rev_to)
@@ -201,30 +162,26 @@ class RepositoriesController < ApplicationController
    else
      @diff_type = params[:type] || User.current.pref[:diff_type] || 'inline'
      @diff_type = 'inline' unless %w(inline sbs).include?(@diff_type)
-
+      
      # Save diff type as user preference
      if User.current.logged? && @diff_type != User.current.pref[:diff_type]
        User.current.pref[:diff_type] = @diff_type
        User.current.preference.save
      end
-      @cache_key = "repositories/diff/#{@repository.id}/" + 
-                      Digest::MD5.hexdigest("#{@path}-#{@rev}-#{@rev_to}-#{@diff_type}-#{current_language}")
+      
+      @cache_key = "repositories/diff/#{@repository.id}/" + Digest::MD5.hexdigest("#{@path}-#{@rev}-#{@rev_to}-#{@diff_type}")    
      unless read_fragment(@cache_key)
        @diff = @repository.diff(@path, @rev, @rev_to)
        show_error_not_found unless @diff
      end
-
-      @changeset = @repository.find_changeset_by_name(@rev)
-      @changeset_to = @rev_to ? @repository.find_changeset_by_name(@rev_to) : nil
-      @diff_format_revisions = @repository.diff_format_revisions(@changeset, @changeset_to)
    end
  end
-
-  def stats
+  
+  def stats  
  end
-
+  
  def graph
-    data = nil
+    data = nil    
    case params[:graph]
    when "commits_per_month"
      data = graph_commits_per_month(@repository)
@@ -238,11 +195,8 @@ class RepositoriesController < ApplicationController
      render_404
    end
  end
-
-  private
-
-  REV_PARAM_RE = %r{\A[a-f0-9]*\Z}i
-
+  
+private
  def find_repository
    @project = Project.find(params[:id])
    @repository = @project.repository
@@ -251,12 +205,6 @@ class RepositoriesController < ApplicationController
    @path ||= ''
    @rev = params[:rev].blank? ? @repository.default_branch : params[:rev].strip
    @rev_to = params[:rev_to]
-
-    unless @rev.to_s.match(REV_PARAM_RE) && @rev_to.to_s.match(REV_PARAM_RE)
-      if @repository.branches.blank?
-        raise InvalidRevisionParam
-      end
-    end
  rescue ActiveRecord::RecordNotFound
    render_404
  rescue InvalidRevisionParam
@@ -264,33 +212,29 @@ class RepositoriesController < ApplicationController
  end

  def show_error_not_found
-    render_error :message => l(:error_scm_not_found), :status => 404
+    render_error l(:error_scm_not_found)
  end
-
+  
  # Handler for Redmine::Scm::Adapters::CommandFailed exception
  def show_error_command_failed(exception)
    render_error l(:error_scm_command_failed, exception.message)
  end
-
+  
  def graph_commits_per_month(repository)
    @date_to = Date.today
    @date_from = @date_to << 11
    @date_from = Date.civil(@date_from.year, @date_from.month, 1)
-    commits_by_day = repository.changesets.count(
-                          :all, :group => :commit_date,
-                          :conditions => ["commit_date BETWEEN ? AND ?", @date_from, @date_to])
+    commits_by_day = repository.changesets.count(:all, :group => :commit_date, :conditions => ["commit_date BETWEEN ? AND ?", @date_from, @date_to])
    commits_by_month = [0] * 12
    commits_by_day.each {|c| commits_by_month[c.first.to_date.months_ago] += c.last }

-    changes_by_day = repository.changes.count(
-                          :all, :group => :commit_date,
-                          :conditions => ["commit_date BETWEEN ? AND ?", @date_from, @date_to])
+    changes_by_day = repository.changes.count(:all, :group => :commit_date, :conditions => ["commit_date BETWEEN ? AND ?", @date_from, @date_to])
    changes_by_month = [0] * 12
    changes_by_day.each {|c| changes_by_month[c.first.to_date.months_ago] += c.last }
-
+   
    fields = []
    12.times {|m| fields << month_name(((Date.today.month - 1 - m) % 12) + 1)}
-
+  
    graph = SVG::Graph::Bar.new(
      :height => 300,
      :width => 800,
@@ -302,7 +246,7 @@ class RepositoriesController < ApplicationController
      :graph_title => l(:label_commits_per_month),
      :show_graph_title => true
    )
-
+    
    graph.add_data(
      :data => commits_by_month[0..11].reverse,
      :title => l(:label_revision_plural)
@@ -312,7 +256,7 @@ class RepositoriesController < ApplicationController
      :data => changes_by_month[0..11].reverse,
      :title => l(:label_change_plural)
    )
-
+    
    graph.burn
  end

@@ -322,18 +266,18 @@ class RepositoriesController < ApplicationController

    changes_by_author = repository.changes.count(:all, :group => :committer)
    h = changes_by_author.inject({}) {|o, i| o[i.first] = i.last; o}
-
+    
    fields = commits_by_author.collect {|r| r.first}
    commits_data = commits_by_author.collect {|r| r.last}
    changes_data = commits_by_author.collect {|r| h[r.first] || 0}
-
+    
    fields = fields + [""]*(10 - fields.length) if fields.length<10
    commits_data = commits_data + [0]*(10 - commits_data.length) if commits_data.length<10
    changes_data = changes_data + [0]*(10 - changes_data.length) if changes_data.length<10
-
+    
    # Remove email adress in usernames
    fields = fields.collect {|c| c.gsub(%r{<.+@.+>}, '') }
-
+    
    graph = SVG::Graph::BarHorizontal.new(
      :height => 400,
      :width => 800,
@@ -345,18 +289,22 @@ class RepositoriesController < ApplicationController
      :graph_title => l(:label_commits_per_author),
      :show_graph_title => true
    )
+    
    graph.add_data(
      :data => commits_data,
      :title => l(:label_revision_plural)
    )
+
    graph.add_data(
      :data => changes_data,
      :title => l(:label_change_plural)
    )
+       
    graph.burn
  end
-end

+end
+  
 class Date
  def months_ago(date = Date.today)
    (date.year - self.year)*12 + (date.month - self.month)
--- a/app/controllers/roles_controller.rb
+++ b/app/controllers/roles_controller.rb
@@ -38,10 +38,9 @@ class RolesController < ApplicationController
      end
      flash[:notice] = l(:notice_successful_create)
      redirect_to :action => 'index'
-    else
-      @permissions = @role.setable_permissions
-      @roles = Role.find :all, :order => 'builtin, position'
    end
+    @permissions = @role.setable_permissions
+    @roles = Role.find :all, :order => 'builtin, position'
  end

  def edit
@@ -49,9 +48,8 @@ class RolesController < ApplicationController
    if request.post? and @role.update_attributes(params[:role])
      flash[:notice] = l(:notice_successful_update)
      redirect_to :action => 'index'
-    else
-      @permissions = @role.setable_permissions  
    end
+    @permissions = @role.setable_permissions
  end

  def destroy
--- a/app/controllers/search_controller.rb
+++ b/app/controllers/search_controller.rb
@@ -1,5 +1,5 @@
-# Redmine - project management software
-# Copyright (C) 2006-2011  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -24,8 +24,8 @@ class SearchController < ApplicationController
  def index
    @question = params[:q] || ""
    @question.strip!
-    @all_words = params[:all_words] ? params[:all_words].present? : true
-    @titles_only = params[:titles_only] ? params[:titles_only].present? : false
+    @all_words = params[:all_words] || (params[:submit] ? false : true)
+    @titles_only = !params[:titles_only].nil?
    
    projects_to_search =
      case params[:scope]
--- a/app/controllers/settings_controller.rb
+++ b/app/controllers/settings_controller.rb
@@ -1,5 +1,5 @@
-# Redmine - project management software
-# Copyright (C) 2006-2011  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006-2007  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -17,7 +17,7 @@

 class SettingsController < ApplicationController
  layout 'admin'
-
+  
  before_filter :require_admin

  def index
@@ -26,7 +26,7 @@ class SettingsController < ApplicationController
  end

  def edit
-    @notifiables = Redmine::Notifiable.all
+    @notifiables = %w(issue_added issue_updated news_added document_added file_added message_posted wiki_content_added wiki_content_updated)
    if request.post? && params[:settings] && params[:settings].is_a?(Hash)
      settings = (params[:settings] || {}).dup.symbolize_keys
      settings.each do |name, value|
@@ -36,16 +36,14 @@ class SettingsController < ApplicationController
      end
      flash[:notice] = l(:notice_successful_update)
      redirect_to :action => 'edit', :tab => params[:tab]
-    else
-      @options = {}
-      @options[:user_format] = User::USER_FORMATS.keys.collect {|f| [User.current.name(f), f.to_s] }
-      @deliveries = ActionMailer::Base.perform_deliveries
-
-      @guessed_host_and_path = request.host_with_port.dup
-      @guessed_host_and_path << ('/'+ Redmine::Utils.relative_url_root.gsub(%r{^\/}, '')) unless Redmine::Utils.relative_url_root.blank?
-
-      Redmine::Themes.rescan
+      return
    end
+    @options = {}
+    @options[:user_format] = User::USER_FORMATS.keys.collect {|f| [User.current.name(f), f.to_s] }
+    @deliveries = ActionMailer::Base.perform_deliveries
+
+    @guessed_host_and_path = request.host_with_port.dup
+    @guessed_host_and_path << ('/'+ Redmine::Utils.relative_url_root.gsub(%r{^\/}, '')) unless Redmine::Utils.relative_url_root.blank?
  end

  def plugin
@@ -54,10 +52,9 @@ class SettingsController < ApplicationController
      Setting["plugin_#{@plugin.id}"] = params[:settings]
      flash[:notice] = l(:notice_successful_update)
      redirect_to :action => 'plugin', :id => @plugin.id
-    else
-      @partial = @plugin.settings[:partial]
-      @settings = Setting["plugin_#{@plugin.id}"]
    end
+    @partial = @plugin.settings[:partial]
+    @settings = Setting["plugin_#{@plugin.id}"]
  rescue Redmine::PluginNotFound
    render_404
  end
--- a/app/controllers/sys_controller.rb
+++ b/app/controllers/sys_controller.rb
@@ -20,8 +20,7 @@ class SysController < ActionController::Base
  
  def projects
    p = Project.active.has_module(:repository).find(:all, :include => :repository, :order => 'identifier')
-    # extra_info attribute from repository breaks activeresource client
-    render :xml => p.to_xml(:only => [:id, :identifier, :name, :is_public, :status], :include => {:repository => {:only => [:id, :url]}})
+    render :xml => p.to_xml(:include => :repository)
  end
  
  def create_project_repository
@@ -32,7 +31,7 @@ class SysController < ActionController::Base
      logger.info "Repository for #{project.name} was reported to be created by #{request.remote_ip}."
      project.repository = Repository.factory(params[:vendor], params[:repository])
      if project.repository && project.repository.save
-        render :xml => project.repository.to_xml(:only => [:id, :url]), :status => 201
+        render :xml => project.repository, :status => 201
      else
        render :nothing => true, :status => 422
      end
--- a/app/controllers/time_entry_reports_controller.rb
+++ b/app/controllers/time_entry_reports_controller.rb
@@ -1,209 +0,0 @@
-class TimeEntryReportsController < ApplicationController
-  menu_item :issues
-  before_filter :find_optional_project
-  before_filter :load_available_criterias
-
-  helper :sort
-  include SortHelper
-  helper :issues
-  helper :timelog
-  include TimelogHelper
-  helper :custom_fields
-  include CustomFieldsHelper
-
-  def report
-    @criterias = params[:criterias] || []
-    @criterias = @criterias.select{|criteria| @available_criterias.has_key? criteria}
-    @criterias.uniq!
-    @criterias = @criterias[0,3]
-    
-    @columns = (params[:columns] && %w(year month week day).include?(params[:columns])) ? params[:columns] : 'month'
-    
-    retrieve_date_range
-    
-    unless @criterias.empty?
-      sql_select = @criterias.collect{|criteria| @available_criterias[criteria][:sql] + " AS " + criteria}.join(', ')
-      sql_group_by = @criterias.collect{|criteria| @available_criterias[criteria][:sql]}.join(', ')
-      sql_condition = ''
-      
-      if @project.nil?
-        sql_condition = Project.allowed_to_condition(User.current, :view_time_entries)
-      elsif @issue.nil?
-        sql_condition = @project.project_condition(Setting.display_subprojects_issues?)
-      else
-        sql_condition = "#{Issue.table_name}.root_id = #{@issue.root_id} AND #{Issue.table_name}.lft >= #{@issue.lft} AND #{Issue.table_name}.rgt <= #{@issue.rgt}"
-      end
-
-      sql = "SELECT #{sql_select}, tyear, tmonth, tweek, spent_on, SUM(hours) AS hours"
-      sql << " FROM #{TimeEntry.table_name}"
-      sql << time_report_joins
-      sql << " WHERE"
-      sql << " (%s) AND" % sql_condition
-      sql << " (spent_on BETWEEN '%s' AND '%s')" % [ActiveRecord::Base.connection.quoted_date(@from), ActiveRecord::Base.connection.quoted_date(@to)]
-      sql << " GROUP BY #{sql_group_by}, tyear, tmonth, tweek, spent_on"
-      
-      @hours = ActiveRecord::Base.connection.select_all(sql)
-      
-      @hours.each do |row|
-        case @columns
-        when 'year'
-          row['year'] = row['tyear']
-        when 'month'
-          row['month'] = "#{row['tyear']}-#{row['tmonth']}"
-        when 'week'
-          row['week'] = "#{row['tyear']}-#{row['tweek']}"
-        when 'day'
-          row['day'] = "#{row['spent_on']}"
-        end
-      end
-      
-      @total_hours = @hours.inject(0) {|s,k| s = s + k['hours'].to_f}
-      
-      @periods = []
-      # Date#at_beginning_of_ not supported in Rails 1.2.x
-      date_from = @from.to_time
-      # 100 columns max
-      while date_from <= @to.to_time && @periods.length < 100
-        case @columns
-        when 'year'
-          @periods << "#{date_from.year}"
-          date_from = (date_from + 1.year).at_beginning_of_year
-        when 'month'
-          @periods << "#{date_from.year}-#{date_from.month}"
-          date_from = (date_from + 1.month).at_beginning_of_month
-        when 'week'
-          @periods << "#{date_from.year}-#{date_from.to_date.cweek}"
-          date_from = (date_from + 7.day).at_beginning_of_week
-        when 'day'
-          @periods << "#{date_from.to_date}"
-          date_from = date_from + 1.day
-        end
-      end
-    end
-    
-    respond_to do |format|
-      format.html { render :layout => !request.xhr? }
-      format.csv  { send_data(report_to_csv(@criterias, @periods, @hours), :type => 'text/csv; header=present', :filename => 'timelog.csv') }
-    end
-  end
-  
-  private
-
-  # TODO: duplicated in TimelogController
-  def find_optional_project
-    if !params[:issue_id].blank?
-      @issue = Issue.find(params[:issue_id])
-      @project = @issue.project
-    elsif !params[:project_id].blank?
-      @project = Project.find(params[:project_id])
-    end
-    deny_access unless User.current.allowed_to?(:view_time_entries, @project, :global => true)
-  end
-
-  # Retrieves the date range based on predefined ranges or specific from/to param dates
-  # TODO: duplicated in TimelogController
-  def retrieve_date_range
-    @free_period = false
-    @from, @to = nil, nil
-
-    if params[:period_type] == '1' || (params[:period_type].nil? && !params[:period].nil?)
-      case params[:period].to_s
-      when 'today'
-        @from = @to = Date.today
-      when 'yesterday'
-        @from = @to = Date.today - 1
-      when 'current_week'
-        @from = Date.today - (Date.today.cwday - 1)%7
-        @to = @from + 6
-      when 'last_week'
-        @from = Date.today - 7 - (Date.today.cwday - 1)%7
-        @to = @from + 6
-      when '7_days'
-        @from = Date.today - 7
-        @to = Date.today
-      when 'current_month'
-        @from = Date.civil(Date.today.year, Date.today.month, 1)
-        @to = (@from >> 1) - 1
-      when 'last_month'
-        @from = Date.civil(Date.today.year, Date.today.month, 1) << 1
-        @to = (@from >> 1) - 1
-      when '30_days'
-        @from = Date.today - 30
-        @to = Date.today
-      when 'current_year'
-        @from = Date.civil(Date.today.year, 1, 1)
-        @to = Date.civil(Date.today.year, 12, 31)
-      end
-    elsif params[:period_type] == '2' || (params[:period_type].nil? && (!params[:from].nil? || !params[:to].nil?))
-      begin; @from = params[:from].to_s.to_date unless params[:from].blank?; rescue; end
-      begin; @to = params[:to].to_s.to_date unless params[:to].blank?; rescue; end
-      @free_period = true
-    else
-      # default
-    end
-    
-    @from, @to = @to, @from if @from && @to && @from > @to
-    @from ||= (TimeEntry.earilest_date_for_project(@project) || Date.today)
-    @to   ||= (TimeEntry.latest_date_for_project(@project) || Date.today)
-  end
-
-  def load_available_criterias
-    @available_criterias = { 'project' => {:sql => "#{TimeEntry.table_name}.project_id",
-                                          :klass => Project,
-                                          :label => :label_project},
-                             'version' => {:sql => "#{Issue.table_name}.fixed_version_id",
-                                          :klass => Version,
-                                          :label => :label_version},
-                             'category' => {:sql => "#{Issue.table_name}.category_id",
-                                            :klass => IssueCategory,
-                                            :label => :field_category},
-                             'member' => {:sql => "#{TimeEntry.table_name}.user_id",
-                                         :klass => User,
-                                         :label => :label_member},
-                             'tracker' => {:sql => "#{Issue.table_name}.tracker_id",
-                                          :klass => Tracker,
-                                          :label => :label_tracker},
-                             'activity' => {:sql => "#{TimeEntry.table_name}.activity_id",
-                                           :klass => TimeEntryActivity,
-                                           :label => :label_activity},
-                             'issue' => {:sql => "#{TimeEntry.table_name}.issue_id",
-                                         :klass => Issue,
-                                         :label => :label_issue}
-                           }
-    
-    # Add list and boolean custom fields as available criterias
-    custom_fields = (@project.nil? ? IssueCustomField.for_all : @project.all_issue_custom_fields)
-    custom_fields.select {|cf| %w(list bool).include? cf.field_format }.each do |cf|
-      @available_criterias["cf_#{cf.id}"] = {:sql => "(SELECT c.value FROM #{CustomValue.table_name} c WHERE c.custom_field_id = #{cf.id} AND c.customized_type = 'Issue' AND c.customized_id = #{Issue.table_name}.id)",
-                                             :format => cf.field_format,
-                                             :label => cf.name}
-    end if @project
-    
-    # Add list and boolean time entry custom fields
-    TimeEntryCustomField.find(:all).select {|cf| %w(list bool).include? cf.field_format }.each do |cf|
-      @available_criterias["cf_#{cf.id}"] = {:sql => "(SELECT c.value FROM #{CustomValue.table_name} c WHERE c.custom_field_id = #{cf.id} AND c.customized_type = 'TimeEntry' AND c.customized_id = #{TimeEntry.table_name}.id)",
-                                             :format => cf.field_format,
-                                             :label => cf.name}
-    end
-
-    # Add list and boolean time entry activity custom fields
-    TimeEntryActivityCustomField.find(:all).select {|cf| %w(list bool).include? cf.field_format }.each do |cf|
-      @available_criterias["cf_#{cf.id}"] = {:sql => "(SELECT c.value FROM #{CustomValue.table_name} c WHERE c.custom_field_id = #{cf.id} AND c.customized_type = 'Enumeration' AND c.customized_id = #{TimeEntry.table_name}.activity_id)",
-                                             :format => cf.field_format,
-                                             :label => cf.name}
-    end
-
-    call_hook(:controller_timelog_available_criterias, { :available_criterias => @available_criterias, :project => @project })
-    @available_criterias
-  end
-
-  def time_report_joins
-    sql = ''
-    sql << " LEFT JOIN #{Issue.table_name} ON #{TimeEntry.table_name}.issue_id = #{Issue.table_name}.id"
-    sql << " LEFT JOIN #{Project.table_name} ON #{TimeEntry.table_name}.project_id = #{Project.table_name}.id"
-    # TODO: rename hook
-    call_hook(:controller_timelog_time_report_joins, {:sql => sql} )
-    sql
-  end
-
-end
--- a/app/controllers/timelog_controller.rb
+++ b/app/controllers/timelog_controller.rb
@@ -1,5 +1,5 @@
-# Redmine - project management software
-# Copyright (C) 2006-2011  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006-2007  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -17,13 +17,11 @@

 class TimelogController < ApplicationController
  menu_item :issues
-  before_filter :find_project, :only => [:new, :create]
-  before_filter :find_time_entry, :only => [:show, :edit, :update]
-  before_filter :find_time_entries, :only => [:bulk_edit, :bulk_update, :destroy]
-  before_filter :authorize, :except => [:index]
-  before_filter :find_optional_project, :only => [:index]
-  accept_rss_auth :index
-  accept_api_auth :index, :show, :create, :update, :destroy
+  before_filter :find_project, :authorize, :only => [:edit, :destroy]
+  before_filter :find_optional_project, :only => [:report, :details]
+  before_filter :load_available_criterias, :only => [:report]
+
+  verify :method => :post, :only => :destroy, :redirect_to => { :action => :details }
  
  helper :sort
  include SortHelper
@@ -32,7 +30,83 @@ class TimelogController < ApplicationController
  helper :custom_fields
  include CustomFieldsHelper
  
-  def index
+  def report
+    @criterias = params[:criterias] || []
+    @criterias = @criterias.select{|criteria| @available_criterias.has_key? criteria}
+    @criterias.uniq!
+    @criterias = @criterias[0,3]
+    
+    @columns = (params[:columns] && %w(year month week day).include?(params[:columns])) ? params[:columns] : 'month'
+    
+    retrieve_date_range
+    
+    unless @criterias.empty?
+      sql_select = @criterias.collect{|criteria| @available_criterias[criteria][:sql] + " AS " + criteria}.join(', ')
+      sql_group_by = @criterias.collect{|criteria| @available_criterias[criteria][:sql]}.join(', ')
+      sql_condition = ''
+      
+      if @project.nil?
+        sql_condition = Project.allowed_to_condition(User.current, :view_time_entries)
+      elsif @issue.nil?
+        sql_condition = @project.project_condition(Setting.display_subprojects_issues?)
+      else
+        sql_condition = "#{Issue.table_name}.root_id = #{@issue.root_id} AND #{Issue.table_name}.lft >= #{@issue.lft} AND #{Issue.table_name}.rgt <= #{@issue.rgt}"
+      end
+
+      sql = "SELECT #{sql_select}, tyear, tmonth, tweek, spent_on, SUM(hours) AS hours"
+      sql << " FROM #{TimeEntry.table_name}"
+      sql << time_report_joins
+      sql << " WHERE"
+      sql << " (%s) AND" % sql_condition
+      sql << " (spent_on BETWEEN '%s' AND '%s')" % [ActiveRecord::Base.connection.quoted_date(@from), ActiveRecord::Base.connection.quoted_date(@to)]
+      sql << " GROUP BY #{sql_group_by}, tyear, tmonth, tweek, spent_on"
+      
+      @hours = ActiveRecord::Base.connection.select_all(sql)
+      
+      @hours.each do |row|
+        case @columns
+        when 'year'
+          row['year'] = row['tyear']
+        when 'month'
+          row['month'] = "#{row['tyear']}-#{row['tmonth']}"
+        when 'week'
+          row['week'] = "#{row['tyear']}-#{row['tweek']}"
+        when 'day'
+          row['day'] = "#{row['spent_on']}"
+        end
+      end
+      
+      @total_hours = @hours.inject(0) {|s,k| s = s + k['hours'].to_f}
+      
+      @periods = []
+      # Date#at_beginning_of_ not supported in Rails 1.2.x
+      date_from = @from.to_time
+      # 100 columns max
+      while date_from <= @to.to_time && @periods.length < 100
+        case @columns
+        when 'year'
+          @periods << "#{date_from.year}"
+          date_from = (date_from + 1.year).at_beginning_of_year
+        when 'month'
+          @periods << "#{date_from.year}-#{date_from.month}"
+          date_from = (date_from + 1.month).at_beginning_of_month
+        when 'week'
+          @periods << "#{date_from.year}-#{date_from.to_date.cweek}"
+          date_from = (date_from + 7.day).at_beginning_of_week
+        when 'day'
+          @periods << "#{date_from.to_date}"
+          date_from = date_from + 1.day
+        end
+      end
+    end
+    
+    respond_to do |format|
+      format.html { render :layout => !request.xhr? }
+      format.csv  { send_data(report_to_csv(@criterias, @periods, @hours), :type => 'text/csv; header=present', :filename => 'timelog.csv') }
+    end
+  end
+  
+  def details
    sort_init 'spent_on', 'desc'
    sort_update 'spent_on' => 'spent_on',
                'user' => 'user_id',
@@ -42,215 +116,90 @@ class TimelogController < ApplicationController
                'hours' => 'hours'
    
    cond = ARCondition.new
-    if @issue
-      cond << "#{Issue.table_name}.root_id = #{@issue.root_id} AND #{Issue.table_name}.lft >= #{@issue.lft} AND #{Issue.table_name}.rgt <= #{@issue.rgt}"
-    elsif @project
+    if @project.nil?
+      cond << Project.allowed_to_condition(User.current, :view_time_entries)
+    elsif @issue.nil?
      cond << @project.project_condition(Setting.display_subprojects_issues?)
+    else
+      cond << "#{Issue.table_name}.root_id = #{@issue.root_id} AND #{Issue.table_name}.lft >= #{@issue.lft} AND #{Issue.table_name}.rgt <= #{@issue.rgt}"
    end
    
    retrieve_date_range
    cond << ['spent_on BETWEEN ? AND ?', @from, @to]

-    respond_to do |format|
-      format.html {
-        # Paginate results
-        @entry_count = TimeEntry.visible.count(:include => [:project, :issue], :conditions => cond.conditions)
-        @entry_pages = Paginator.new self, @entry_count, per_page_option, params['page']
-        @entries = TimeEntry.visible.find(:all, 
-                                  :include => [:project, :activity, :user, {:issue => :tracker}],
-                                  :conditions => cond.conditions,
-                                  :order => sort_clause,
-                                  :limit  =>  @entry_pages.items_per_page,
-                                  :offset =>  @entry_pages.current.offset)
-        @total_hours = TimeEntry.visible.sum(:hours, :include => [:project, :issue], :conditions => cond.conditions).to_f
-
-        render :layout => !request.xhr?
-      }
-      format.api  {
-        @entry_count = TimeEntry.visible.count(:include => [:project, :issue], :conditions => cond.conditions)
-        @offset, @limit = api_offset_and_limit
-        @entries = TimeEntry.visible.find(:all, 
-                                  :include => [:project, :activity, :user, {:issue => :tracker}],
-                                  :conditions => cond.conditions,
-                                  :order => sort_clause,
-                                  :limit  => @limit,
-                                  :offset => @offset)
-      }
-      format.atom {
-        entries = TimeEntry.visible.find(:all,
-                                 :include => [:project, :activity, :user, {:issue => :tracker}],
-                                 :conditions => cond.conditions,
-                                 :order => "#{TimeEntry.table_name}.created_on DESC",
-                                 :limit => Setting.feeds_limit.to_i)
-        render_feed(entries, :title => l(:label_spent_time))
-      }
-      format.csv {
-        # Export all entries
-        @entries = TimeEntry.visible.find(:all, 
-                                  :include => [:project, :activity, :user, {:issue => [:tracker, :assigned_to, :priority]}],
-                                  :conditions => cond.conditions,
-                                  :order => sort_clause)
-        send_data(entries_to_csv(@entries), :type => 'text/csv; header=present', :filename => 'timelog.csv')
-      }
-    end
-  end
-  
-  def show
-    respond_to do |format|
-      # TODO: Implement html response
-      format.html { render :nothing => true, :status => 406 }
-      format.api
-    end
-  end
-
-  def new
-    @time_entry ||= TimeEntry.new(:project => @project, :issue => @issue, :user => User.current, :spent_on => User.current.today)
-    @time_entry.attributes = params[:time_entry]
-    
-    call_hook(:controller_timelog_edit_before_save, { :params => params, :time_entry => @time_entry })
-    render :action => 'edit'
-  end
-
-  verify :method => :post, :only => :create, :render => {:nothing => true, :status => :method_not_allowed }
-  def create
-    @time_entry ||= TimeEntry.new(:project => @project, :issue => @issue, :user => User.current, :spent_on => User.current.today)
-    @time_entry.attributes = params[:time_entry]
-    
-    call_hook(:controller_timelog_edit_before_save, { :params => params, :time_entry => @time_entry })
-    
-    if @time_entry.save
+    TimeEntry.visible_by(User.current) do
      respond_to do |format|
        format.html {
-          flash[:notice] = l(:notice_successful_update)
-          redirect_back_or_default :action => 'index', :project_id => @time_entry.project
+          # Paginate results
+          @entry_count = TimeEntry.count(:include => [:project, :issue], :conditions => cond.conditions)
+          @entry_pages = Paginator.new self, @entry_count, per_page_option, params['page']
+          @entries = TimeEntry.find(:all, 
+                                    :include => [:project, :activity, :user, {:issue => :tracker}],
+                                    :conditions => cond.conditions,
+                                    :order => sort_clause,
+                                    :limit  =>  @entry_pages.items_per_page,
+                                    :offset =>  @entry_pages.current.offset)
+          @total_hours = TimeEntry.sum(:hours, :include => [:project, :issue], :conditions => cond.conditions).to_f
+
+          render :layout => !request.xhr?
+        }
+        format.atom {
+          entries = TimeEntry.find(:all,
+                                   :include => [:project, :activity, :user, {:issue => :tracker}],
+                                   :conditions => cond.conditions,
+                                   :order => "#{TimeEntry.table_name}.created_on DESC",
+                                   :limit => Setting.feeds_limit.to_i)
+          render_feed(entries, :title => l(:label_spent_time))
+        }
+        format.csv {
+          # Export all entries
+          @entries = TimeEntry.find(:all, 
+                                    :include => [:project, :activity, :user, {:issue => [:tracker, :assigned_to, :priority]}],
+                                    :conditions => cond.conditions,
+                                    :order => sort_clause)
+          send_data(entries_to_csv(@entries), :type => 'text/csv; header=present', :filename => 'timelog.csv')
        }
-        format.api  { render :action => 'show', :status => :created, :location => time_entry_url(@time_entry) }
      end
-    else
-      respond_to do |format|
-        format.html { render :action => 'edit' }
-        format.api  { render_validation_errors(@time_entry) }
-      end
-    end    
+    end
  end
  
  def edit
-    @time_entry.attributes = params[:time_entry]
-    
-    call_hook(:controller_timelog_edit_before_save, { :params => params, :time_entry => @time_entry })
-  end
-
-  verify :method => :put, :only => :update, :render => {:nothing => true, :status => :method_not_allowed }
-  def update
+    (render_403; return) if @time_entry && !@time_entry.editable_by?(User.current)
+    @time_entry ||= TimeEntry.new(:project => @project, :issue => @issue, :user => User.current, :spent_on => User.current.today)
    @time_entry.attributes = params[:time_entry]
    
    call_hook(:controller_timelog_edit_before_save, { :params => params, :time_entry => @time_entry })
    
-    if @time_entry.save
-      respond_to do |format|
-        format.html {
-          flash[:notice] = l(:notice_successful_update)
-          redirect_back_or_default :action => 'index', :project_id => @time_entry.project
-        }
-        format.api  { head :ok }
-      end
-    else
-      respond_to do |format|
-        format.html { render :action => 'edit' }
-        format.api  { render_validation_errors(@time_entry) }
-      end
+    if request.post? and @time_entry.save
+      flash[:notice] = l(:notice_successful_update)
+      redirect_back_or_default :action => 'details', :project_id => @time_entry.project
+      return
    end    
  end
-
-  def bulk_edit
-    @available_activities = TimeEntryActivity.shared.active
-    @custom_fields = TimeEntry.first.available_custom_fields
-  end
-
-  def bulk_update
-    attributes = parse_params_for_bulk_time_entry_attributes(params)
-
-    unsaved_time_entry_ids = []
-    @time_entries.each do |time_entry|
-      time_entry.reload
-      time_entry.attributes = attributes
-      call_hook(:controller_time_entries_bulk_edit_before_save, { :params => params, :time_entry => time_entry })
-      unless time_entry.save
-        # Keep unsaved time_entry ids to display them in flash error
-        unsaved_time_entry_ids << time_entry.id
-      end
-    end
-    set_flash_from_bulk_time_entry_save(@time_entries, unsaved_time_entry_ids)
-    redirect_back_or_default({:controller => 'timelog', :action => 'index', :project_id => @projects.first})
-  end
-
-  verify :method => :delete, :only => :destroy, :render => {:nothing => true, :status => :method_not_allowed }
+  
  def destroy
-    @time_entries.each do |t| 
-      begin
-        unless t.destroy && t.destroyed?
-          respond_to do |format|
-            format.html {
-              flash[:error] = l(:notice_unable_delete_time_entry)
-              redirect_to :back
-            }
-            format.api  { render_validation_errors(t) }
-          end
-          return
-        end
-      rescue ::ActionController::RedirectBackError
-        redirect_to :action => 'index', :project_id => @projects.first
-        return
-      end
-    end
-
-    respond_to do |format|
-      format.html {
-        flash[:notice] = l(:notice_successful_delete)
-        redirect_back_or_default(:action => 'index', :project_id => @projects.first)
-      }
-      format.api  { head :ok }
+    (render_404; return) unless @time_entry
+    (render_403; return) unless @time_entry.editable_by?(User.current)
+    if @time_entry.destroy && @time_entry.destroyed?
+      flash[:notice] = l(:notice_successful_delete)
+    else
+      flash[:error] = l(:notice_unable_delete_time_entry)
    end
+    redirect_to :back
+  rescue ::ActionController::RedirectBackError
+    redirect_to :action => 'details', :project_id => @time_entry.project
  end

 private
-  def find_time_entry
-    @time_entry = TimeEntry.find(params[:id])
-    unless @time_entry.editable_by?(User.current)
-      render_403
-      return false
-    end
-    @project = @time_entry.project
-  rescue ActiveRecord::RecordNotFound
-    render_404
-  end
-
-  def find_time_entries
-    @time_entries = TimeEntry.find_all_by_id(params[:id] || params[:ids])
-    raise ActiveRecord::RecordNotFound if @time_entries.empty?
-    @projects = @time_entries.collect(&:project).compact.uniq
-    @project = @projects.first if @projects.size == 1
-  rescue ActiveRecord::RecordNotFound
-    render_404
-  end
-
-  def set_flash_from_bulk_time_entry_save(time_entries, unsaved_time_entry_ids)
-    if unsaved_time_entry_ids.empty?
-      flash[:notice] = l(:notice_successful_update) unless time_entries.empty?
-    else
-      flash[:error] = l(:notice_failed_to_save_time_entries,
-                        :count => unsaved_time_entry_ids.size,
-                        :total => time_entries.size,
-                        :ids => '#' + unsaved_time_entry_ids.join(', #'))
-    end
-  end
-
  def find_project
-    if (issue_id = (params[:issue_id] || params[:time_entry] && params[:time_entry][:issue_id])).present?
-      @issue = Issue.find(issue_id)
+    if params[:id]
+      @time_entry = TimeEntry.find(params[:id])
+      @project = @time_entry.project
+    elsif params[:issue_id]
+      @issue = Issue.find(params[:issue_id])
      @project = @issue.project
-    elsif (project_id = (params[:project_id] || params[:time_entry] && params[:time_entry][:project_id])).present?
-      @project = Project.find(project_id)
+    elsif params[:project_id]
+      @project = Project.find(params[:project_id])
    else
      render_404
      return false
@@ -315,10 +264,61 @@ private
    @to   ||= (TimeEntry.latest_date_for_project(@project) || Date.today)
  end

-  def parse_params_for_bulk_time_entry_attributes(params)
-    attributes = (params[:time_entry] || {}).reject {|k,v| v.blank?}
-    attributes.keys.each {|k| attributes[k] = '' if attributes[k] == 'none'}
-    attributes[:custom_field_values].reject! {|k,v| v.blank?} if attributes[:custom_field_values]
-    attributes
+  def load_available_criterias
+    @available_criterias = { 'project' => {:sql => "#{TimeEntry.table_name}.project_id",
+                                          :klass => Project,
+                                          :label => :label_project},
+                             'version' => {:sql => "#{Issue.table_name}.fixed_version_id",
+                                          :klass => Version,
+                                          :label => :label_version},
+                             'category' => {:sql => "#{Issue.table_name}.category_id",
+                                            :klass => IssueCategory,
+                                            :label => :field_category},
+                             'member' => {:sql => "#{TimeEntry.table_name}.user_id",
+                                         :klass => User,
+                                         :label => :label_member},
+                             'tracker' => {:sql => "#{Issue.table_name}.tracker_id",
+                                          :klass => Tracker,
+                                          :label => :label_tracker},
+                             'activity' => {:sql => "#{TimeEntry.table_name}.activity_id",
+                                           :klass => TimeEntryActivity,
+                                           :label => :label_activity},
+                             'issue' => {:sql => "#{TimeEntry.table_name}.issue_id",
+                                         :klass => Issue,
+                                         :label => :label_issue}
+                           }
+    
+    # Add list and boolean custom fields as available criterias
+    custom_fields = (@project.nil? ? IssueCustomField.for_all : @project.all_issue_custom_fields)
+    custom_fields.select {|cf| %w(list bool).include? cf.field_format }.each do |cf|
+      @available_criterias["cf_#{cf.id}"] = {:sql => "(SELECT c.value FROM #{CustomValue.table_name} c WHERE c.custom_field_id = #{cf.id} AND c.customized_type = 'Issue' AND c.customized_id = #{Issue.table_name}.id)",
+                                             :format => cf.field_format,
+                                             :label => cf.name}
+    end if @project
+    
+    # Add list and boolean time entry custom fields
+    TimeEntryCustomField.find(:all).select {|cf| %w(list bool).include? cf.field_format }.each do |cf|
+      @available_criterias["cf_#{cf.id}"] = {:sql => "(SELECT c.value FROM #{CustomValue.table_name} c WHERE c.custom_field_id = #{cf.id} AND c.customized_type = 'TimeEntry' AND c.customized_id = #{TimeEntry.table_name}.id)",
+                                             :format => cf.field_format,
+                                             :label => cf.name}
+    end
+
+    # Add list and boolean time entry activity custom fields
+    TimeEntryActivityCustomField.find(:all).select {|cf| %w(list bool).include? cf.field_format }.each do |cf|
+      @available_criterias["cf_#{cf.id}"] = {:sql => "(SELECT c.value FROM #{CustomValue.table_name} c WHERE c.custom_field_id = #{cf.id} AND c.customized_type = 'Enumeration' AND c.customized_id = #{TimeEntry.table_name}.activity_id)",
+                                             :format => cf.field_format,
+                                             :label => cf.name}
+    end
+
+    call_hook(:controller_timelog_available_criterias, { :available_criterias => @available_criterias, :project => @project })
+    @available_criterias
+  end
+
+  def time_report_joins
+    sql = ''
+    sql << " LEFT JOIN #{Issue.table_name} ON #{TimeEntry.table_name}.issue_id = #{Issue.table_name}.id"
+    sql << " LEFT JOIN #{Project.table_name} ON #{TimeEntry.table_name}.project_id = #{Project.table_name}.id"
+    call_hook(:controller_timelog_time_report_joins, {:sql => sql} )
+    sql
  end
 end
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -1,5 +1,5 @@
 # Redmine - project management software
-# Copyright (C) 2006-2011  Jean-Philippe Lang
+# Copyright (C) 2006-2009  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -19,8 +19,6 @@ class UsersController < ApplicationController
  layout 'admin'
  
  before_filter :require_admin, :except => :show
-  before_filter :find_user, :only => [:show, :edit, :update, :destroy, :edit_membership, :destroy_membership]
-  accept_api_auth :index, :show, :create, :update, :destroy

  helper :sort
  include SortHelper
@@ -31,16 +29,6 @@ class UsersController < ApplicationController
    sort_init 'login', 'asc'
    sort_update %w(login firstname lastname mail admin created_on last_login_on)
    
-    case params[:format]
-    when 'xml', 'json'
-      @offset, @limit = api_offset_and_limit
-    else
-      @limit = per_page_option
-    end
-    
-    scope = User
-    scope = scope.in_group(params[:group_id].to_i) if params[:group_id].present?
-    
    @status = params[:status] ? params[:status].to_i : 1
    c = ARCondition.new(@status == 0 ? "status <> 0" : ["status = ?", @status])

@@ -49,27 +37,24 @@ class UsersController < ApplicationController
      c << ["LOWER(login) LIKE ? OR LOWER(firstname) LIKE ? OR LOWER(lastname) LIKE ? OR LOWER(mail) LIKE ?", name, name, name, name]
    end
    
-    @user_count = scope.count(:conditions => c.conditions)
-    @user_pages = Paginator.new self, @user_count, @limit, params['page']
-    @offset ||= @user_pages.current.offset
-    @users =  scope.find :all,
-                        :order => sort_clause,
+    @user_count = User.count(:conditions => c.conditions)
+    @user_pages = Paginator.new self, @user_count,
+								per_page_option,
+								params['page']								
+    @users =  User.find :all,:order => sort_clause,
                        :conditions => c.conditions,
-                        :limit  =>  @limit,
-                        :offset =>  @offset
+						:limit  =>  @user_pages.items_per_page,
+						:offset =>  @user_pages.current.offset

-    respond_to do |format|
-      format.html {
-        @groups = Group.all.sort
-        render :layout => !request.xhr?
-      }
-      format.api
-    end	
+    render :layout => !request.xhr?	
  end
  
  def show
+    @user = User.find(params[:id])
+    @custom_values = @user.custom_values
+    
    # show projects based on current user visibility
-    @memberships = @user.memberships.all(:conditions => Project.visible_condition(User.current))
+    @memberships = @user.memberships.all(:conditions => Project.visible_by(User.current))
    
    events = Redmine::Activity::Fetcher.new(User.current, :author => @user).events(nil, nil, :limit => 10)
    @events_by_day = events.group_by(&:event_date)
@@ -80,119 +65,61 @@ class UsersController < ApplicationController
        return
      end
    end
-    
-    respond_to do |format|
-      format.html { render :layout => 'base' }
-      format.api
-    end
+    render :layout => 'base'
+
+  rescue ActiveRecord::RecordNotFound
+    render_404
  end

-  def new
-    @user = User.new(:language => Setting.default_language, :mail_notification => Setting.default_notification_option)
-    @auth_sources = AuthSource.find(:all)
-  end
-  
-  verify :method => :post, :only => :create, :render => {:nothing => true, :status => :method_not_allowed }
-  def create
-    @user = User.new(:language => Setting.default_language, :mail_notification => Setting.default_notification_option)
-    @user.safe_attributes = params[:user]
-    @user.admin = params[:user][:admin] || false
-    @user.login = params[:user][:login]
-    @user.password, @user.password_confirmation = params[:user][:password], params[:user][:password_confirmation] unless @user.auth_source_id
-
-    # TODO: Similar to My#account
-    @user.pref.attributes = params[:pref]
-    @user.pref[:no_self_notified] = (params[:no_self_notified] == '1')
-
-    if @user.save
-      @user.pref.save
-      @user.notified_project_ids = (@user.mail_notification == 'selected' ? params[:notified_project_ids] : [])
-
-      Mailer.deliver_account_information(@user, params[:user][:password]) if params[:send_information]
-      
-      respond_to do |format|
-        format.html {
-          flash[:notice] = l(:notice_successful_create)
-          redirect_to(params[:continue] ? 
-            {:controller => 'users', :action => 'new'} : 
-            {:controller => 'users', :action => 'edit', :id => @user}
-          )
-        }
-        format.api  { render :action => 'show', :status => :created, :location => user_url(@user) }
-      end
+  def add
+    if request.get?
+      @user = User.new(:language => Setting.default_language)
    else
-      @auth_sources = AuthSource.find(:all)
-      # Clear password input
-      @user.password = @user.password_confirmation = nil
-
-      respond_to do |format|
-        format.html { render :action => 'new' }
-        format.api  { render_validation_errors(@user) }
+      @user = User.new(params[:user])
+      @user.admin = params[:user][:admin] || false
+      @user.login = params[:user][:login]
+      @user.password, @user.password_confirmation = params[:password], params[:password_confirmation] unless @user.auth_source_id
+      if @user.save
+        Mailer.deliver_account_information(@user, params[:password]) if params[:send_information]
+        flash[:notice] = l(:notice_successful_create)
+        redirect_to(params[:continue] ? {:controller => 'users', :action => 'add'} : 
+                                        {:controller => 'users', :action => 'edit', :id => @user})
+        return
      end
    end
+    @auth_sources = AuthSource.find(:all)
  end

  def edit
+    @user = User.find(params[:id])
+    if request.post?
+      @user.admin = params[:user][:admin] if params[:user][:admin]
+      @user.login = params[:user][:login] if params[:user][:login]
+      if params[:password].present? && (@user.auth_source_id.nil? || params[:user][:auth_source_id].blank?)
+        @user.password, @user.password_confirmation = params[:password], params[:password_confirmation]
+      end
+      @user.group_ids = params[:user][:group_ids] if params[:user][:group_ids]
+      @user.attributes = params[:user]
+      # Was the account actived ? (do it before User#save clears the change)
+      was_activated = (@user.status_change == [User::STATUS_REGISTERED, User::STATUS_ACTIVE])
+      if @user.save
+        if was_activated
+          Mailer.deliver_account_activated(@user)
+        elsif @user.active? && params[:send_information] && !params[:password].blank? && @user.auth_source_id.nil?
+          Mailer.deliver_account_information(@user, params[:password])
+        end
+        flash[:notice] = l(:notice_successful_update)
+        redirect_to :back
+      end
+    end
    @auth_sources = AuthSource.find(:all)
    @membership ||= Member.new
-  end
-  
-  verify :method => :put, :only => :update, :render => {:nothing => true, :status => :method_not_allowed }
-  def update
-    @user.admin = params[:user][:admin] if params[:user][:admin]
-    @user.login = params[:user][:login] if params[:user][:login]
-    if params[:user][:password].present? && (@user.auth_source_id.nil? || params[:user][:auth_source_id].blank?)
-      @user.password, @user.password_confirmation = params[:user][:password], params[:user][:password_confirmation]
-    end
-    @user.safe_attributes = params[:user]
-    # Was the account actived ? (do it before User#save clears the change)
-    was_activated = (@user.status_change == [User::STATUS_REGISTERED, User::STATUS_ACTIVE])
-    # TODO: Similar to My#account
-    @user.pref.attributes = params[:pref]
-    @user.pref[:no_self_notified] = (params[:no_self_notified] == '1')
-
-    if @user.save
-      @user.pref.save
-      @user.notified_project_ids = (@user.mail_notification == 'selected' ? params[:notified_project_ids] : [])
-
-      if was_activated
-        Mailer.deliver_account_activated(@user)
-      elsif @user.active? && params[:send_information] && !params[:user][:password].blank? && @user.auth_source_id.nil?
-        Mailer.deliver_account_information(@user, params[:user][:password])
-      end
-      
-      respond_to do |format|
-        format.html {
-          flash[:notice] = l(:notice_successful_update)
-          redirect_to :back
-        }
-        format.api  { head :ok }
-      end
-    else
-      @auth_sources = AuthSource.find(:all)
-      @membership ||= Member.new
-      # Clear password input
-      @user.password = @user.password_confirmation = nil
-
-      respond_to do |format|
-        format.html { render :action => :edit }
-        format.api  { render_validation_errors(@user) }
-      end
-    end
  rescue ::ActionController::RedirectBackError
    redirect_to :controller => 'users', :action => 'edit', :id => @user
  end
-
-  verify :method => :delete, :only => :destroy, :render => {:nothing => true, :status => :method_not_allowed }
-  def destroy
-    @user.destroy
-    respond_to do |format|
-      format.html { redirect_to(users_url) }
-      format.api  { head :ok }
-    end
-  end
-
+  
  def edit_membership
+    @user = User.find(params[:id])
    @membership = Member.edit_membership(params[:membership_id], params[:membership], @user)
    @membership.save if request.post?
    respond_to do |format|
@@ -215,6 +142,7 @@ class UsersController < ApplicationController
  end
  
  def destroy_membership
+    @user = User.find(params[:id])
    @membership = Member.find(params[:membership_id])
    if request.post? && @membership.deletable?
      @membership.destroy
@@ -224,17 +152,4 @@ class UsersController < ApplicationController
      format.js { render(:update) {|page| page.replace_html "tab-content-memberships", :partial => 'users/memberships'} }
    end
  end
-  
-  private
-  
-  def find_user
-    if params[:id] == 'current'
-      require_login || return
-      @user = User.current
-    else
-      @user = User.find(params[:id])
-    end
-  rescue ActiveRecord::RecordNotFound
-    render_404
-  end
 end
--- a/app/controllers/versions_controller.rb
+++ b/app/controllers/versions_controller.rb
@@ -103,7 +103,7 @@ class VersionsController < ApplicationController
  end
  
  def update
-    if request.put? && params[:version]
+    if request.post? && params[:version]
      attributes = params[:version].dup
      attributes.delete('sharing') unless @version.allowed_sharings.include?(attributes['sharing'])
      if @version.update_attributes(attributes)
@@ -118,7 +118,7 @@ class VersionsController < ApplicationController
  end
  
  def close_completed
-    if request.put?
+    if request.post?
      @project.close_completed_versions
    end
    redirect_to :controller => 'projects', :action => 'settings', :tab => 'versions', :id => @project
--- a/app/controllers/watchers_controller.rb
+++ b/app/controllers/watchers_controller.rb
@@ -1,5 +1,5 @@
-# Redmine - project management software
-# Copyright (C) 2006-2011  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006-2007  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -76,13 +76,21 @@ private
  
  def set_watcher(user, watching)
    @watched.set_watcher(user, watching)
+    if params[:replace].present?
+      if params[:replace].is_a? Array
+        replace_ids = params[:replace]
+      else
+        replace_ids = [params[:replace]]
+      end
+    else
+      replace_ids = ['watcher']
+    end
    respond_to do |format|
      format.html { redirect_to :back }
      format.js do
        render(:update) do |page|
-          c = watcher_css(@watched)
-          page.select(".#{c}").each do |item|
-            page.replace_html item, watcher_link(@watched, user)
+          replace_ids.each do |replace_id|
+            page.replace_html replace_id, watcher_link(@watched, user, :replace => replace_ids)
          end
        end
      end
--- a/app/controllers/wiki_controller.rb
+++ b/app/controllers/wiki_controller.rb
@@ -1,60 +1,37 @@
-# Redmine - project management software
-# Copyright (C) 2006-2011  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006-2007  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 require 'diff'

-# The WikiController follows the Rails REST controller pattern but with
-# a few differences
-#
-# * index - shows a list of WikiPages grouped by page or date
-# * new - not used
-# * create - not used
-# * show - will also show the form for creating a new wiki page
-# * edit - used to edit an existing or new page
-# * update - used to save a wiki page update to the database, including new pages
-# * destroy - normal
-#
-# Other member and collection methods are also used
-#
-# TODO: still being worked on
 class WikiController < ApplicationController
  default_search_scope :wiki_pages
  before_filter :find_wiki, :authorize
-  before_filter :find_existing_or_new_page, :only => [:show, :edit, :update]
  before_filter :find_existing_page, :only => [:rename, :protect, :history, :diff, :annotate, :add_attachment, :destroy]
+  
+  verify :method => :post, :only => [:destroy, :protect], :redirect_to => { :action => :index }

  helper :attachments
-  include AttachmentsHelper
+  include AttachmentsHelper   
  helper :watchers
-
-  # List of pages, sorted alphabetically and by parent (hierarchy)
-  def index
-    load_pages_for_index
-    @pages_by_parent_id = @pages.group_by(&:parent_id)
-  end
-
-  # List of page, by last update
-  def date_index
-    load_pages_for_index
-    @pages_by_date = @pages.group_by {|p| p.updated_on.to_date}
-  end
-
+  
  # display a page (in editing mode if it doesn't exist)
-  def show
+  def index
+    page_title = params[:page]
+    @page = @wiki.find_or_new_page(page_title)
    if @page.new_record?
      if User.current.allowed_to?(:edit_wiki_pages, @project) && editable?
        edit
@@ -83,57 +60,45 @@ class WikiController < ApplicationController
    @editable = editable?
    render :action => 'show'
  end
-
+  
  # edit an existing page or a new one
  def edit
+    @page = @wiki.find_or_new_page(params[:page])    
    return render_403 unless editable?
    @page.content = WikiContent.new(:page => @page) if @page.new_record?
-
+    
    @content = @page.content_for_version(params[:version])
    @content.text = initial_page_content(@page) if @content.text.blank?
    # don't keep previous comment
    @content.comments = nil
-
-    # To prevent StaleObjectError exception when reverting to a previous version
-    @content.version = @page.content.version
-  end
-
-  verify :method => :put, :only => :update, :render => {:nothing => true, :status => :method_not_allowed }
-  # Creates a new page or updates an existing one
-  def update
-    return render_403 unless editable?
-    @page.content = WikiContent.new(:page => @page) if @page.new_record?
-
-    @content = @page.content_for_version(params[:version])
-    @content.text = initial_page_content(@page) if @content.text.blank?
-    # don't keep previous comment
-    @content.comments = nil
-
-    if !@page.new_record? && params[:content].present? && @content.text == params[:content][:text]
-      attachments = Attachment.attach_files(@page, params[:attachments])
-      render_attachment_warning_if_needed(@page)
-      # don't save if text wasn't changed
-      redirect_to :action => 'show', :project_id => @project, :id => @page.title
-      return
-    end
-    @content.attributes = params[:content]
-    @content.author = User.current
-    # if page is new @page.save will also save content, but not if page isn't a new record
-    if (@page.new_record? ? @page.save : @content.save)
-      attachments = Attachment.attach_files(@page, params[:attachments])
-      render_attachment_warning_if_needed(@page)
-      call_hook(:controller_wiki_edit_after_save, { :params => params, :page => @page})
-      redirect_to :action => 'show', :project_id => @project, :id => @page.title
+    if request.get?
+      # To prevent StaleObjectError exception when reverting to a previous version
+      @content.version = @page.content.version
    else
-      render :action => 'edit'
+      if !@page.new_record? && @content.text == params[:content][:text]
+        attachments = Attachment.attach_files(@page, params[:attachments])
+        render_attachment_warning_if_needed(@page)
+        # don't save if text wasn't changed
+        redirect_to :action => 'index', :id => @project, :page => @page.title
+        return
+      end
+      #@content.text = params[:content][:text]
+      #@content.comments = params[:content][:comments]
+      @content.attributes = params[:content]
+      @content.author = User.current
+      # if page is new @page.save will also save content, but not if page isn't a new record
+      if (@page.new_record? ? @page.save : @content.save)
+        attachments = Attachment.attach_files(@page, params[:attachments])
+        render_attachment_warning_if_needed(@page)
+        call_hook(:controller_wiki_edit_after_save, { :params => params, :page => @page})
+        redirect_to :action => 'index', :id => @project, :page => @page.title
+      end
    end
-
  rescue ActiveRecord::StaleObjectError
    # Optimistic locking exception
-    flash.now[:error] = l(:notice_locking_conflict)
-    render :action => 'edit'
+    flash[:error] = l(:notice_locking_conflict)
  end
-
+  
  # rename a page
  def rename
    return render_403 unless editable?
@@ -142,22 +107,21 @@ class WikiController < ApplicationController
    @original_title = @page.pretty_title
    if request.post? && @page.update_attributes(params[:wiki_page])
      flash[:notice] = l(:notice_successful_update)
-      redirect_to :action => 'show', :project_id => @project, :id => @page.title
+      redirect_to :action => 'index', :id => @project, :page => @page.title
    end
  end
-
-  verify :method => :post, :only => :protect, :redirect_to => { :action => :show }
+  
  def protect
    @page.update_attribute :protected, params[:protected]
-    redirect_to :action => 'show', :project_id => @project, :id => @page.title
+    redirect_to :action => 'index', :id => @project, :page => @page.title
  end

  # show page history
  def history
    @version_count = @page.content.versions.count
    @version_pages = Paginator.new self, @version_count, per_page_option, params['p']
-    # don't load text
-    @versions = @page.content.versions.find :all,
+    # don't load text    
+    @versions = @page.content.versions.find :all, 
                                            :select => "id, author_id, comments, updated_on, version",
                                            :order => 'version DESC',
                                            :limit  =>  @version_pages.items_per_page + 1,
@@ -165,23 +129,22 @@ class WikiController < ApplicationController

    render :layout => false if request.xhr?
  end
-
+  
  def diff
    @diff = @page.diff(params[:version], params[:version_from])
    render_404 unless @diff
  end
-
+  
  def annotate
    @annotate = @page.annotate(params[:version])
    render_404 unless @annotate
  end
-
-  verify :method => :delete, :only => [:destroy], :redirect_to => { :action => :show }
+  
  # Removes a wiki page and its history
  # Children can be either set as root pages, removed or reassigned to another parent page
  def destroy
    return render_403 unless editable?
-
+    
    @descendants_count = @page.descendants.size
    if @descendants_count > 0
      case params[:todo]
@@ -203,22 +166,41 @@ class WikiController < ApplicationController
      end
    end
    @page.destroy
-    redirect_to :action => 'index', :project_id => @project
+    redirect_to :action => 'special', :id => @project, :page => 'Page_index'
  end

-  # Export wiki to a single html file
-  def export
-    if User.current.allowed_to?(:export_wiki_pages, @project)
-      @pages = @wiki.pages.find :all, :order => 'title'
-      export = render_to_string :action => 'export_multiple', :layout => false
-      send_data(export, :type => 'text/html', :filename => "wiki.html")
+  # display special pages
+  def special
+    page_title = params[:page].downcase
+    case page_title
+    # show pages index, sorted by title
+    when 'page_index', 'date_index'
+      # eager load information about last updates, without loading text
+      @pages = @wiki.pages.find :all, :select => "#{WikiPage.table_name}.*, #{WikiContent.table_name}.updated_on",
+                                      :joins => "LEFT JOIN #{WikiContent.table_name} ON #{WikiContent.table_name}.page_id = #{WikiPage.table_name}.id",
+                                      :order => 'title'
+      @pages_by_date = @pages.group_by {|p| p.updated_on.to_date}
+      @pages_by_parent_id = @pages.group_by(&:parent_id)
+    # export wiki to a single html file
+    when 'export'
+      if User.current.allowed_to?(:export_wiki_pages, @project)
+        @pages = @wiki.pages.find :all, :order => 'title'
+        export = render_to_string :action => 'export_multiple', :layout => false
+        send_data(export, :type => 'text/html', :filename => "wiki.html")
+      else
+        redirect_to :action => 'index', :id => @project, :page => nil
+      end
+      return      
    else
-      redirect_to :action => 'show', :project_id => @project, :id => nil
+      # requested special page doesn't exist, redirect to default page
+      redirect_to :action => 'index', :id => @project, :page => nil
+      return
    end
+    render :action => "special_#{page_title}"
  end
-
+  
  def preview
-    page = @wiki.find_page(params[:id])
+    page = @wiki.find_page(params[:page])
    # page is nil when previewing a new page
    return render_403 unless page.nil? || editable?(page)
    if page
@@ -233,39 +215,25 @@ class WikiController < ApplicationController
    return render_403 unless editable?
    attachments = Attachment.attach_files(@page, params[:attachments])
    render_attachment_warning_if_needed(@page)
-    redirect_to :action => 'show', :id => @page.title, :project_id => @project
+    redirect_to :action => 'index', :page => @page.title
  end

 private
-
+  
  def find_wiki
-    @project = Project.find(params[:project_id])
+    @project = Project.find(params[:id])
    @wiki = @project.wiki
    render_404 unless @wiki
  rescue ActiveRecord::RecordNotFound
    render_404
  end
-
-  # Finds the requested page or a new page if it doesn't exist
-  def find_existing_or_new_page
-    @page = @wiki.find_or_new_page(params[:id])
-    if @wiki.page_found_with_redirect?
-      redirect_to params.update(:id => @page.title)
-    end
-  end
-
+  
  # Finds the requested page and returns a 404 error if it doesn't exist
  def find_existing_page
-    @page = @wiki.find_page(params[:id])
-    if @page.nil?
-      render_404
-      return
-    end
-    if @wiki.page_found_with_redirect?
-      redirect_to params.update(:id => @page.title)
-    end
+    @page = @wiki.find_page(params[:page])
+    render_404 if @page.nil?
  end
-
+  
  # Returns true if the current user is allowed to edit the page, otherwise false
  def editable?(page = @page)
    page.editable_by?(User.current)
@@ -277,8 +245,4 @@ private
    extend helper unless self.instance_of?(helper)
    helper.instance_method(:initial_page_content).bind(self).call(page)
  end
-
-  def load_pages_for_index
-    @pages = @wiki.pages.with_updated_on.all(:order => 'title', :include => {:wiki => :project})
-  end
 end
--- a/app/controllers/workflows_controller.rb
+++ b/app/controllers/workflows_controller.rb
@@ -32,17 +32,14 @@ class WorkflowsController < ApplicationController
    
    if request.post?
      Workflow.destroy_all( ["role_id=? and tracker_id=?", @role.id, @tracker.id])
-      (params[:issue_status] || []).each { |status_id, transitions|
-        transitions.each { |new_status_id, options|
-          author = options.is_a?(Array) && options.include?('author') && !options.include?('always')
-          assignee = options.is_a?(Array) && options.include?('assignee') && !options.include?('always')
-          @role.workflows.build(:tracker_id => @tracker.id, :old_status_id => status_id, :new_status_id => new_status_id, :author => author, :assignee => assignee) 
+      (params[:issue_status] || []).each { |old, news| 
+        news.each { |new| 
+          @role.workflows.build(:tracker_id => @tracker.id, :old_status_id => old, :new_status_id => new) 
        }
      }
      if @role.save
        flash[:notice] = l(:notice_successful_update)
        redirect_to :action => 'edit', :role_id => @role, :tracker_id => @tracker
-        return
      end
    end
    
@@ -51,14 +48,6 @@ class WorkflowsController < ApplicationController
      @statuses = @tracker.issue_statuses
    end
    @statuses ||= IssueStatus.find(:all, :order => 'position')
-    
-    if @tracker && @role && @statuses.any?
-      workflows = Workflow.all(:conditions => {:role_id => @role.id, :tracker_id => @tracker.id})
-      @workflows = {}
-      @workflows['always'] = workflows.select {|w| !w.author && !w.assignee}
-      @workflows['author'] = workflows.select {|w| w.author}
-      @workflows['assignee'] = workflows.select {|w| w.assignee}
-    end
  end
  
  def copy
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@@ -1,5 +1,5 @@
-# Redmine - project management software
-# Copyright (C) 2006-2011  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006-2007  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -63,7 +63,7 @@ module ApplicationHelper

  # Displays a link to +issue+ with its subject.
  # Examples:
-  #
+  # 
  #   link_to_issue(issue)                        # => Defect #6: This is the subject
  #   link_to_issue(issue, :truncate => 6)        # => Defect #6: This i...
  #   link_to_issue(issue, :subject => false)     # => Defect #6
@@ -80,7 +80,7 @@ module ApplicationHelper
        subject = truncate(subject, :length => options[:truncate])
      end
    end
-    s = link_to "#{issue.tracker} ##{issue.id}", {:controller => "issues", :action => "show", :id => issue},
+    s = link_to "#{issue.tracker} ##{issue.id}", {:controller => "issues", :action => "show", :id => issue}, 
                                                 :class => issue.css_classes,
                                                 :title => title
    s << ": #{h subject}" if subject
@@ -104,29 +104,13 @@ module ApplicationHelper
  # * :text - Link text (default to the formatted revision)
  def link_to_revision(revision, project, options={})
    text = options.delete(:text) || format_revision(revision)
-    rev = revision.respond_to?(:identifier) ? revision.identifier : revision

-    link_to(text, {:controller => 'repositories', :action => 'revision', :id => project, :rev => rev},
-            :title => l(:label_revision_id, format_revision(revision)))
-  end
-
-  # Generates a link to a message
-  def link_to_message(message, options={}, html_options = nil)
-    link_to(
-      h(truncate(message.subject, :length => 60)),
-      { :controller => 'messages', :action => 'show',
-        :board_id => message.board_id,
-        :id => message.root,
-        :r => (message.parent_id && message.id),
-        :anchor => (message.parent_id ? "message-#{message.id}" : nil)
-      }.merge(options),
-      html_options
-    )
+    link_to(text, {:controller => 'repositories', :action => 'revision', :id => project, :rev => revision}, :title => l(:label_revision_id, revision))
  end

  # Generates a link to a project if active
  # Examples:
-  #
+  # 
  #   link_to_project(project)                          # => link to the specified project overview
  #   link_to_project(project, :action=>'settings')     # => link to project settings
  #   link_to_project(project, {:only_path => false}, :class => "project") # => 3rd arg adds html options
@@ -160,15 +144,15 @@ module ApplicationHelper
    html_options[:onclick] = "promptToRemote('#{text}', '#{param}', '#{url_for(url)}'); return false;"
    link_to name, {}, html_options
  end
-
+  
  def format_activity_title(text)
    h(truncate_single_line(text, :length => 100))
  end
-
+  
  def format_activity_day(date)
    date == Date.today ? l(:label_today).titleize : format_date(date)
  end
-
+  
  def format_activity_description(text)
    h(truncate(text.to_s, :length => 120).gsub(%r{[\r\n]*<(pre|code)>.*$}m, '...')).gsub(/[\r\n]+/, "<br />")
  end
@@ -180,29 +164,29 @@ module ApplicationHelper
      h("#{version.project} - #{version}")
    end
  end
-
+  
  def due_date_distance_in_words(date)
    if date
      l((date < Date.today ? :label_roadmap_overdue : :label_roadmap_due_in), distance_of_date_in_words(Date.today, date))
    end
  end

-  def render_page_hierarchy(pages, node=nil, options={})
+  def render_page_hierarchy(pages, node=nil)
    content = ''
    if pages[node]
      content << "<ul class=\"pages-hierarchy\">\n"
      pages[node].each do |page|
        content << "<li>"
-        content << link_to(h(page.pretty_title), {:controller => 'wiki', :action => 'show', :project_id => page.project, :id => page.title},
-                           :title => (options[:timestamp] && page.updated_on ? l(:label_updated_time, distance_of_time_in_words(Time.now, page.updated_on)) : nil))
-        content << "\n" + render_page_hierarchy(pages, page.id, options) if pages[page.id]
+        content << link_to(h(page.pretty_title), {:controller => 'wiki', :action => 'index', :id => page.project, :page => page.title},
+                           :title => (page.respond_to?(:updated_on) ? l(:label_updated_time, distance_of_time_in_words(Time.now, page.updated_on)) : nil))
+        content << "\n" + render_page_hierarchy(pages, page.id) if pages[page.id]
        content << "</li>\n"
      end
      content << "</ul>\n"
    end
    content
  end
-
+  
  # Renders flash messages
  def render_flash_messages
    s = ''
@@ -211,7 +195,7 @@ module ApplicationHelper
    end
    s
  end
-
+  
  # Renders tabs and their content
  def render_tabs(tabs)
    if tabs.any?
@@ -220,11 +204,11 @@ module ApplicationHelper
      content_tag 'p', l(:label_no_data), :class => "nodata"
    end
  end
-
+  
  # Renders the project quick-jump box
  def render_project_jump_box
-    return unless User.current.logged?
-    projects = User.current.memberships.collect(&:project).compact.uniq
+    # Retrieve them now to avoid a COUNT query
+    projects = User.current.projects.all
    if projects.any?
      s = '<select onchange="if (this.value != \'\') { window.location = this.value; }">' +
            "<option value=''>#{ l(:label_jump_to_a_project) }</option>" +
@@ -236,7 +220,7 @@ module ApplicationHelper
      s
    end
  end
-
+  
  def project_tree_options_for_select(projects, options = {})
    s = ''
    project_tree(projects) do |project, level|
@@ -252,14 +236,19 @@ module ApplicationHelper
    end
    s
  end
-
+  
  # Yields the given block for each project with its level in the tree
-  #
-  # Wrapper for Project#project_tree
  def project_tree(projects, &block)
-    Project.project_tree(projects, &block)
+    ancestors = []
+    projects.sort_by(&:lft).each do |project|
+      while (ancestors.any? && !project.is_descendant_of?(ancestors.last)) 
+        ancestors.pop
+      end
+      yield project, ancestors.size
+      ancestors << project
+    end
  end
-
+  
  def project_nested_ul(projects, &block)
    s = ''
    if projects.any?
@@ -270,7 +259,7 @@ module ApplicationHelper
        else
          ancestors.pop
          s << "</li>"
-          while (ancestors.any? && !project.is_descendant_of?(ancestors.last))
+          while (ancestors.any? && !project.is_descendant_of?(ancestors.last)) 
            ancestors.pop
            s << "</ul></li>\n"
          end
@@ -283,20 +272,20 @@ module ApplicationHelper
    end
    s
  end
-
+  
  def principals_check_box_tags(name, principals)
    s = ''
    principals.sort.each do |principal|
      s << "<label>#{ check_box_tag name, principal.id, false } #{h principal}</label>\n"
    end
-    s
+    s 
  end

  # Truncates and returns the string as a single line
  def truncate_single_line(string, *args)
    truncate(string.to_s, *args).gsub(%r{[\r\n]+}m, ' ')
  end
-
+  
  # Truncates at line break after 250 characters or options[:length]
  def truncate_lines(string, options={})
    length = options[:length] || 250
@@ -314,7 +303,7 @@ module ApplicationHelper
  def authoring(created, author, options={})
    l(options[:label] || :label_added_time_by, :author => link_to_user(author), :age => time_tag(created))
  end
-
+  
  def time_tag(time)
    text = distance_of_time_in_words(Time.now, time)
    if @project
@@ -336,18 +325,20 @@ module ApplicationHelper
    page_param = options.delete(:page_param) || :page
    per_page_links = options.delete(:per_page_links)
    url_param = params.dup
+    # don't reuse query params if filters are present
+    url_param.merge!(:fields => nil, :values => nil, :operators => nil) if url_param.delete(:set_filter)

    html = ''
    if paginator.current.previous
-      html << link_to_content_update('&#171; ' + l(:label_previous), url_param.merge(page_param => paginator.current.previous)) + ' '
+      html << link_to_remote_content_update('&#171; ' + l(:label_previous), url_param.merge(page_param => paginator.current.previous)) + ' '
    end

    html << (pagination_links_each(paginator, options) do |n|
-      link_to_content_update(n.to_s, url_param.merge(page_param => n))
+      link_to_remote_content_update(n.to_s, url_param.merge(page_param => n))
    end || '')
-
+    
    if paginator.current.next
-      html << ' ' + link_to_content_update((l(:label_next) + ' &#187;'), url_param.merge(page_param => paginator.current.next))
+      html << ' ' + link_to_remote_content_update((l(:label_next) + ' &#187;'), url_param.merge(page_param => paginator.current.next))
    end

    unless count.nil?
@@ -359,14 +350,20 @@ module ApplicationHelper

    html
  end
-
+  
  def per_page_links(selected=nil)
+    url_param = params.dup
+    url_param.clear if url_param.has_key?(:set_filter)
+
    links = Setting.per_page_options_array.collect do |n|
-      n == selected ? n : link_to_content_update(n, params.merge(:per_page => n))
+      n == selected ? n : link_to_remote(n, {:update => "content",
+                                             :url => params.dup.merge(:per_page => n),
+                                             :method => :get},
+                                            {:href => url_for(url_param.merge(:per_page => n))})
    end
    links.size > 1 ? l(:label_display_per_page, links.join(', ')) : nil
  end
-
+  
  def reorder_links(name, url)
    link_to(image_tag('2uparrow.png',   :alt => l(:label_sort_highest)), url.merge({"#{name}[move_to]" => 'highest'}), :method => :post, :title => l(:label_sort_highest)) +
    link_to(image_tag('1uparrow.png',   :alt => l(:label_sort_higher)),  url.merge({"#{name}[move_to]" => 'higher'}),  :method => :post, :title => l(:label_sort_higher)) +
@@ -378,19 +375,19 @@ module ApplicationHelper
    elements = args.flatten
    elements.any? ? content_tag('p', args.join(' &#187; ') + ' &#187; ', :class => 'breadcrumb') : nil
  end
-
+  
  def other_formats_links(&block)
    concat('<p class="other-formats">' + l(:label_export_to))
    yield Redmine::Views::OtherFormatsBuilder.new(self)
    concat('</p>')
  end
-
+  
  def page_header_title
    if @project.nil? || @project.new_record?
      h(Setting.app_title)
    else
      b = []
-      ancestors = (@project.root? ? [] : @project.ancestors.visible.all)
+      ancestors = (@project.root? ? [] : @project.ancestors.visible)
      if ancestors.any?
        root = ancestors.shift
        b << link_to_project(root, {:jump => current_menu_item}, :class => 'root')
@@ -457,21 +454,14 @@ module ApplicationHelper
    only_path = options.delete(:only_path) == false ? false : true

    text = Redmine::WikiFormatting.to_html(Setting.text_formatting, text, :object => obj, :attribute => attr) { |macro, args| exec_macro(macro, obj, args) }
-
-    @parsed_headings = []
-    text = parse_non_pre_blocks(text) do |text|
-      [:parse_inline_attachments, :parse_wiki_links, :parse_redmine_links, :parse_headings].each do |method_name|
+      
+    parse_non_pre_blocks(text) do |text|
+      [:parse_inline_attachments, :parse_wiki_links, :parse_redmine_links].each do |method_name|
        send method_name, text, project, obj, attr, only_path, options
      end
    end
-
-    if @parsed_headings.any?
-      replace_toc(text, @parsed_headings)
-    end
-
-    text
  end
-
+  
  def parse_non_pre_blocks(text)
    s = StringScanner.new(text)
    tags = []
@@ -500,13 +490,13 @@ module ApplicationHelper
    end
    parsed
  end
-
+  
  def parse_inline_attachments(text, project, obj, attr, only_path, options)
    # when using an image link, try to use an attachment, if possible
    if options[:attachments] || (obj && obj.respond_to?(:attachments))
      attachments = nil
      text.gsub!(/src="([^\/"]+\.(bmp|gif|jpg|jpeg|png))"(\s+alt="([^"]*)")?/i) do |m|
-        filename, ext, alt, alttext = $1.downcase, $2, $3, $4
+        filename, ext, alt, alttext = $1.downcase, $2, $3, $4 
        attachments ||= (options[:attachments] || obj.attachments).sort_by(&:created_on).reverse
        # search for the picture in attachments
        if found = attachments.detect { |att| att.filename.downcase == filename }
@@ -539,7 +529,7 @@ module ApplicationHelper
      esc, all, page, title = $1, $2, $3, $5
      if esc.nil?
        if page =~ /^([^\:]+)\:(.*)$/
-          link_project = Project.find_by_identifier($1) || Project.find_by_name($1)
+          link_project = Project.find_by_name($1) || Project.find_by_identifier($1)
          page = $2
          title ||= $1 if page.blank?
        end
@@ -550,20 +540,14 @@ module ApplicationHelper
          if page =~ /^(.+?)\#(.+)$/
            page, anchor = $1, $2
          end
-          anchor = sanitize_anchor_name(anchor) if anchor.present?
          # check if page exists
          wiki_page = link_project.wiki.find_page(page)
-          url = if anchor.present? && wiki_page.present? && (obj.is_a?(WikiContent) || obj.is_a?(WikiContent::Version)) && obj.page == wiki_page
-            "##{anchor}"
-          else
-            case options[:wiki_links]
-            when :local; "#{page.present? ? Wiki.titleize(page) : ''}.html" + (anchor.present? ? "##{anchor}" : '')
+          url = case options[:wiki_links]
+            when :local; "#{title}.html"
            when :anchor; "##{title}"   # used for single-file wiki export
            else
-              wiki_page_id = page.present? ? Wiki.titleize(page) : nil
-              url_for(:only_path => only_path, :controller => 'wiki', :action => 'show', :project_id => link_project, :id => wiki_page_id, :anchor => anchor)
+              url_for(:only_path => only_path, :controller => 'wiki', :action => 'index', :id => link_project, :page => Wiki.titleize(page), :anchor => anchor)
            end
-          end
          link_to((title || page), url, :class => ('wiki-page' + (wiki_page ? '' : ' new')))
        else
          # project or wiki doesn't exist
@@ -574,7 +558,7 @@ module ApplicationHelper
      end
    end
  end
-
+  
  # Redmine links
  #
  # Examples:
@@ -599,26 +583,16 @@ module ApplicationHelper
  #     source:some/file#L120 -> Link to line 120 of the file
  #     source:some/file@52#L120 -> Link to line 120 of the file's revision 52
  #     export:some/file -> Force the download of the file
-  #   Forum messages:
+  #  Forum messages:
  #     message#1218 -> Link to message with id 1218
-  #
-  #   Links can refer other objects from other projects, using project identifier:
-  #     identifier:r52
-  #     identifier:document:"Some document"
-  #     identifier:version:1.0.0
-  #     identifier:source:some/file
  def parse_redmine_links(text, project, obj, attr, only_path, options)
-    text.gsub!(%r{([\s\(,\-\[\>]|^)(!)?(([a-z0-9\-]+):)?(attachment|document|version|commit|source|export|message|project)?((#|r)(\d+)|(:)([^"\s<>][^\s<>]*?|"[^"]+?"))(?=(?=[[:punct:]]\W)|,|\s|\]|<|$)}) do |m|
-      leading, esc, project_prefix, project_identifier, prefix, sep, identifier = $1, $2, $3, $4, $5, $7 || $9, $8 || $10
+    text.gsub!(%r{([\s\(,\-\[\>]|^)(!)?(attachment|document|version|commit|source|export|message|project)?((#|r)(\d+)|(:)([^"\s<>][^\s<>]*?|"[^"]+?"))(?=(?=[[:punct:]]\W)|,|\s|\]|<|$)}) do |m|
+      leading, esc, prefix, sep, identifier = $1, $2, $3, $5 || $7, $6 || $8
      link = nil
-      if project_identifier
-        project = Project.visible.find_by_identifier(project_identifier)
-      end
      if esc.nil?
        if prefix.nil? && sep == 'r'
-          # project.changesets.visible raises an SQL error because of a double join on repositories
-          if project && project.repository && (changeset = Changeset.visible.find_by_repository_id_and_revision(project.repository.id, identifier))
-            link = link_to("#{project_prefix}r#{identifier}", {:only_path => only_path, :controller => 'repositories', :action => 'revision', :id => project, :rev => changeset.revision},
+          if project && (changeset = project.changesets.find_by_revision(identifier))
+            link = link_to("r#{identifier}", {:only_path => only_path, :controller => 'repositories', :action => 'revision', :id => project, :rev => changeset.revision},
                                      :class => 'changeset',
                                      :title => truncate_single_line(changeset.comments, :length => 100))
          end
@@ -632,18 +606,24 @@ module ApplicationHelper
                                        :title => "#{truncate(issue.subject, :length => 100)} (#{issue.status.name})")
            end
          when 'document'
-            if document = Document.visible.find_by_id(oid)
+            if document = Document.find_by_id(oid, :include => [:project], :conditions => Project.visible_by(User.current))
              link = link_to h(document.title), {:only_path => only_path, :controller => 'documents', :action => 'show', :id => document},
                                                :class => 'document'
            end
          when 'version'
-            if version = Version.visible.find_by_id(oid)
+            if version = Version.find_by_id(oid, :include => [:project], :conditions => Project.visible_by(User.current))
              link = link_to h(version.name), {:only_path => only_path, :controller => 'versions', :action => 'show', :id => version},
                                              :class => 'version'
            end
          when 'message'
-            if message = Message.visible.find_by_id(oid, :include => :parent)
-              link = link_to_message(message, {:only_path => only_path}, :class => 'message')
+            if message = Message.find_by_id(oid, :include => [:parent, {:board => :project}], :conditions => Project.visible_by(User.current))
+              link = link_to h(truncate(message.subject, :length => 60)), {:only_path => only_path,
+                                                                :controller => 'messages',
+                                                                :action => 'show',
+                                                                :board_id => message.board,
+                                                                :id => message.root,
+                                                                :anchor => (message.parent ? "message-#{message.id}" : nil)},
+                                                 :class => 'message'
            end
          when 'project'
            if p = Project.visible.find_by_id(oid)
@@ -655,26 +635,26 @@ module ApplicationHelper
          name = identifier.gsub(%r{^"(.*)"$}, "\\1")
          case prefix
          when 'document'
-            if project && document = project.documents.visible.find_by_title(name)
+            if project && document = project.documents.find_by_title(name)
              link = link_to h(document.title), {:only_path => only_path, :controller => 'documents', :action => 'show', :id => document},
                                                :class => 'document'
            end
          when 'version'
-            if project && version = project.versions.visible.find_by_name(name)
+            if project && version = project.versions.find_by_name(name)
              link = link_to h(version.name), {:only_path => only_path, :controller => 'versions', :action => 'show', :id => version},
                                              :class => 'version'
            end
          when 'commit'
-            if project && project.repository && (changeset = Changeset.visible.find(:first, :conditions => ["repository_id = ? AND scmid LIKE ?", project.repository.id, "#{name}%"]))
-              link = link_to h("#{project_prefix}#{name}"), {:only_path => only_path, :controller => 'repositories', :action => 'revision', :id => project, :rev => changeset.identifier},
+            if project && (changeset = project.changesets.find(:first, :conditions => ["scmid LIKE ?", "#{name}%"]))
+              link = link_to h("#{name}"), {:only_path => only_path, :controller => 'repositories', :action => 'revision', :id => project, :rev => changeset.revision},
                                           :class => 'changeset',
                                           :title => truncate_single_line(changeset.comments, :length => 100)
            end
          when 'source', 'export'
-            if project && project.repository && User.current.allowed_to?(:browse_repository, project)
+            if project && project.repository
              name =~ %r{^[/\\]*(.*?)(@([0-9a-f]+))?(#(L\d+))?$}
              path, rev, anchor = $1, $3, $5
-              link = link_to h("#{project_prefix}#{prefix}:#{name}"), {:controller => 'repositories', :action => 'entry', :id => project,
+              link = link_to h("#{prefix}:#{name}"), {:controller => 'repositories', :action => 'entry', :id => project,
                                                      :path => to_path_param(path),
                                                      :rev => rev,
                                                      :anchor => anchor,
@@ -694,56 +674,7 @@ module ApplicationHelper
          end
        end
      end
-      leading + (link || "#{project_prefix}#{prefix}#{sep}#{identifier}")
-    end
-  end
-
-  HEADING_RE = /<h(1|2|3|4)( [^>]+)?>(.+?)<\/h(1|2|3|4)>/i unless const_defined?(:HEADING_RE)
-
-  # Headings and TOC
-  # Adds ids and links to headings unless options[:headings] is set to false
-  def parse_headings(text, project, obj, attr, only_path, options)
-    return if options[:headings] == false
-
-    text.gsub!(HEADING_RE) do
-      level, attrs, content = $1.to_i, $2, $3
-      item = strip_tags(content).strip
-      anchor = sanitize_anchor_name(item)
-      @parsed_headings << [level, anchor, item]
-      "<a name=\"#{anchor}\"></a>\n<h#{level} #{attrs}>#{content}<a href=\"##{anchor}\" class=\"wiki-anchor\">&para;</a></h#{level}>"
-    end
-  end
-
-  TOC_RE = /<p>\{\{([<>]?)toc\}\}<\/p>/i unless const_defined?(:TOC_RE)
-
-  # Renders the TOC with given headings
-  def replace_toc(text, headings)
-    text.gsub!(TOC_RE) do
-      if headings.empty?
-        ''
-      else
-        div_class = 'toc'
-        div_class << ' right' if $1 == '>'
-        div_class << ' left' if $1 == '<'
-        out = "<ul class=\"#{div_class}\"><li>"
-        root = headings.map(&:first).min
-        current = root
-        started = false
-        headings.each do |level, anchor, item|
-          if level > current
-            out << '<ul><li>' * (level - current)
-          elsif level < current
-            out << "</li></ul>\n" * (current - level) + "</li><li>"
-          elsif started
-            out << '</li><li>'
-          end
-          out << "<a href=\"##{anchor}\">#{item}</a>"
-          current = level
-          started = true
-        end
-        out << '</li></ul>' * (current - root)
-        out << '</li></ul>'
-      end
+      leading + (link || "#{prefix}#{sep}#{identifier}")
    end
  end

@@ -798,13 +729,13 @@ module ApplicationHelper
      ), :class => 'progress', :style => "width: #{width};") +
      content_tag('p', legend, :class => 'pourcent')
  end
-
+  
  def checked_image(checked=true)
    if checked
      image_tag 'toggle_check.png'
    end
  end
-
+  
  def context_menu(url)
    unless @context_menu_included
      content_for :header_tags do
@@ -852,15 +783,13 @@ module ApplicationHelper
          'Calendar._FD = 1;' # Monday
        when 7
          'Calendar._FD = 0;' # Sunday
-        when 6
-          'Calendar._FD = 6;' # Saturday
        else
          '' # use language
        end
-
+        
        javascript_include_tag('calendar/calendar') +
        javascript_include_tag("calendar/lang/calendar-#{current_language.to_s.downcase}.js") +
-        javascript_tag(start_of_week) +
+        javascript_tag(start_of_week) +  
        javascript_include_tag('calendar/calendar-setup') +
        stylesheet_link_tag('calendar')
      end
@@ -889,54 +818,13 @@ module ApplicationHelper
        email = $1
      end
      return gravatar(email.to_s.downcase, options) unless email.blank? rescue nil
-    else
-      ''
    end
  end

-  def sanitize_anchor_name(anchor)
-    anchor.gsub(%r{[^\w\s\-]}, '').gsub(%r{\s+(\-+\s*)?}, '-')
-  end
-
-  # Returns the javascript tags that are included in the html layout head
-  def javascript_heads
-    tags = javascript_include_tag(:defaults)
-    unless User.current.pref.warn_on_leaving_unsaved == '0'
-      tags << "\n" + javascript_tag("Event.observe(window, 'load', function(){ new WarnLeavingUnsaved('#{escape_javascript( l(:text_warn_on_leaving_unsaved) )}'); });")
-    end
-    tags
-  end
-
  def favicon
    "<link rel='shortcut icon' href='#{image_path('/favicon.ico')}' />"
  end

-  def robot_exclusion_tag
-    '<meta name="robots" content="noindex,follow,noarchive" />'
-  end
-
-  # Returns true if arg is expected in the API response
-  def include_in_api_response?(arg)
-    unless @included_in_api_response
-      param = params[:include]
-      @included_in_api_response = param.is_a?(Array) ? param.collect(&:to_s) : param.to_s.split(',')
-      @included_in_api_response.collect!(&:strip)
-    end
-    @included_in_api_response.include?(arg.to_s)
-  end
-
-  # Returns options or nil if nometa param or X-Redmine-Nometa header
-  # was set in the request
-  def api_meta(options)
-    if params[:nometa].present? || request.headers['X-Redmine-Nometa']
-      # compatibility mode for activeresource clients that raise
-      # an error when unserializing an array with attributes
-      nil
-    else
-      options
-    end
-  end
-
  private

  def wiki_helper
@@ -944,8 +832,12 @@ module ApplicationHelper
    extend helper
    return self
  end
-
-  def link_to_content_update(text, url_params = {}, html_options = {})
-    link_to(text, url_params, html_options)
+  
+  def link_to_remote_content_update(text, url_params)
+    link_to_remote(text,
+      {:url => url_params, :method => :get, :update => 'content', :complete => 'window.scrollTo(0,0)'},
+      {:href => url_for(:params => url_params)}
+    )
  end
+  
 end
--- a/app/helpers/attachments_helper.rb
+++ b/app/helpers/attachments_helper.rb
@@ -1,16 +1,16 @@
-# Redmine - project management software
-# Copyright (C) 2006-2011  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006-2007  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
@@ -21,26 +21,14 @@ module AttachmentsHelper
  #   :author -- author names are not displayed if set to false
  def link_to_attachments(container, options = {})
    options.assert_valid_keys(:author)
-
+    
    if container.attachments.any?
      options = {:deletable => container.attachments_deletable?, :author => true}.merge(options)
      render :partial => 'attachments/links', :locals => {:attachments => container.attachments, :options => options}
    end
  end
-
+  
  def to_utf8(str)
-    if str.respond_to?(:force_encoding)
-      str.force_encoding('UTF-8')
-      return str if str.valid_encoding?
-    else
-      return str if /\A[\r\n\t\x20-\x7e]*\Z/n.match(str) # for us-ascii
-    end
-
-    begin
-      Iconv.conv('UTF-8//IGNORE', 'UTF-8', str + '  ')[0..-3]
-    rescue Iconv::InvalidEncoding
-      # "UTF-8//IGNORE" is not supported on some OS
-      str
-    end
+    str
  end
 end
--- a/app/helpers/calendars_helper.rb
+++ b/app/helpers/calendars_helper.rb
@@ -1,5 +1,5 @@
 module CalendarsHelper
-  def link_to_previous_month(year, month, options={})
+  def link_to_previous_month(year, month)
    target_year, target_month = if month == 1
                                  [year - 1, 12]
                                else
@@ -11,11 +11,13 @@ module CalendarsHelper
           else
             "#{month_name(target_month)}"
           end
-
-    link_to_month(('&#171; ' + name), target_year, target_month, options)
+    
+     link_to_remote ('&#171; ' + name),
+                        {:update => "content", :url => { :year => target_year, :month => target_month }},
+                        {:href => url_for(:action => 'show', :year => target_year, :month => target_month)}
  end

-  def link_to_next_month(year, month, options={})
+  def link_to_next_month(year, month)
    target_year, target_month = if month == 12
                                  [year + 1, 1]
                                else
@@ -28,10 +30,9 @@ module CalendarsHelper
             "#{month_name(target_month)}"
           end

-    link_to_month((name + ' &#187;'), target_year, target_month, options)
-  end
+    link_to_remote (name + ' &#187;'), 
+                        {:update => "content", :url => { :year => target_year, :month => target_month }},
+                        {:href => url_for(:action => 'show', :year => target_year, :month =>target_month)}

-  def link_to_month(link_name, year, month, options={})
-    link_to_content_update(link_name, params.merge(:year => year, :month => month))
  end
 end
--- a/app/helpers/custom_fields_helper.rb
+++ b/app/helpers/custom_fields_helper.rb
@@ -1,5 +1,5 @@
-# Redmine - project management software
-# Copyright (C) 2006-2011  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -37,7 +37,7 @@ module CustomFieldsHelper
    field_id = "#{name}_custom_field_values_#{custom_field.id}"

    field_format = Redmine::CustomFieldFormat.find_by_name(custom_field.field_format)
-    case field_format.try(:edit_as)
+    case field_format.edit_as
    when "date"
      text_field_tag(field_name, custom_value.value, :id => field_id, :size => 10) + 
      calendar_for(field_id)
@@ -49,7 +49,7 @@ module CustomFieldsHelper
      blank_option = custom_field.is_required? ?
                       (custom_field.default_value.blank? ? "<option value=\"\">--- #{l(:actionview_instancetag_blank_option)} ---</option>" : '') : 
                       '<option></option>'
-      select_tag(field_name, blank_option + options_for_select(custom_field.possible_values_options(custom_value.customized), custom_value.value), :id => field_id)
+      select_tag(field_name, blank_option + options_for_select(custom_field.possible_values, custom_value.value), :id => field_id)
    else
      text_field_tag(field_name, custom_value.value, :id => field_id)
    end
@@ -68,11 +68,11 @@ module CustomFieldsHelper
    custom_field_label_tag(name, custom_value) + custom_field_tag(name, custom_value)
  end
  
-  def custom_field_tag_for_bulk_edit(name, custom_field, projects=nil)
+  def custom_field_tag_for_bulk_edit(name, custom_field)
    field_name = "#{name}[custom_field_values][#{custom_field.id}]"
    field_id = "#{name}_custom_field_values_#{custom_field.id}"
    field_format = Redmine::CustomFieldFormat.find_by_name(custom_field.field_format)
-    case field_format.try(:edit_as)
+    case field_format.edit_as
      when "date"
        text_field_tag(field_name, '', :id => field_id, :size => 10) + 
        calendar_for(field_id)
@@ -83,7 +83,7 @@ module CustomFieldsHelper
                                                   [l(:general_text_yes), '1'],
                                                   [l(:general_text_no), '0']]), :id => field_id)
      when "list"
-        select_tag(field_name, options_for_select([[l(:label_no_change_option), '']] + custom_field.possible_values_options(projects)), :id => field_id)
+        select_tag(field_name, options_for_select([[l(:label_no_change_option), '']] + custom_field.possible_values), :id => field_id)
      else
        text_field_tag(field_name, '', :id => field_id)
    end
@@ -101,18 +101,7 @@ module CustomFieldsHelper
  end

  # Return an array of custom field formats which can be used in select_tag
-  def custom_field_formats_for_select(custom_field)
-    Redmine::CustomFieldFormat.as_select(custom_field.class.customized_class.name)
-  end
-  
-  # Renders the custom_values in api views
-  def render_api_custom_values(custom_values, api)
-    api.array :custom_fields do
-      custom_values.each do |custom_value|
-        api.custom_field :id => custom_value.custom_field_id, :name => custom_value.custom_field.name do
-          api.value custom_value.value
-        end
-      end
-    end unless custom_values.empty?
+  def custom_field_formats_for_select
+    Redmine::CustomFieldFormat.as_select
  end
 end
--- a/app/helpers/gantt_helper.rb
+++ b/app/helpers/gantt_helper.rb
@@ -1,41 +0,0 @@
-# Redmine - project management software
-# Copyright (C) 2006-2011  Jean-Philippe Lang
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-# 
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-# 
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
-
-module GanttHelper
-
-  def gantt_zoom_link(gantt, in_or_out)
-    case in_or_out
-    when :in
-      if gantt.zoom < 4
-        link_to_content_update l(:text_zoom_in),
-          params.merge(gantt.params.merge(:zoom => (gantt.zoom+1))),
-          :class => 'icon icon-zoom-in'
-      else
-        content_tag('span', l(:text_zoom_in), :class => 'icon icon-zoom-in')
-      end
-      
-    when :out
-      if gantt.zoom > 1
-        link_to_content_update l(:text_zoom_out),
-          params.merge(gantt.params.merge(:zoom => (gantt.zoom-1))),
-          :class => 'icon icon-zoom-out'
-      else
-        content_tag('span', l(:text_zoom_out), :class => 'icon icon-zoom-out')
-      end
-    end
-  end
-end
--- a/app/helpers/issues_helper.rb
+++ b/app/helpers/issues_helper.rb
@@ -1,16 +1,16 @@
-# Redmine - project management software
-# Copyright (C) 2006-2011  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
@@ -44,40 +44,28 @@ module IssuesHelper
    @cached_label_due_date ||= l(:field_due_date)
    @cached_label_assigned_to ||= l(:field_assigned_to)
    @cached_label_priority ||= l(:field_priority)
-    @cached_label_project ||= l(:field_project)
-
+    
    link_to_issue(issue) + "<br /><br />" +
-      "<strong>#{@cached_label_project}</strong>: #{link_to_project(issue.project)}<br />" +
      "<strong>#{@cached_label_status}</strong>: #{issue.status.name}<br />" +
      "<strong>#{@cached_label_start_date}</strong>: #{format_date(issue.start_date)}<br />" +
      "<strong>#{@cached_label_due_date}</strong>: #{format_date(issue.due_date)}<br />" +
      "<strong>#{@cached_label_assigned_to}</strong>: #{issue.assigned_to}<br />" +
      "<strong>#{@cached_label_priority}</strong>: #{issue.priority.name}"
  end
-
-  def issue_heading(issue)
-    h("#{issue.tracker} ##{issue.id}")
-  end
-
+    
  def render_issue_subject_with_tree(issue)
    s = ''
-    ancestors = issue.root? ? [] : issue.ancestors.visible.all
-    ancestors.each do |ancestor|
+    issue.ancestors.each do |ancestor|
      s << '<div>' + content_tag('p', link_to_issue(ancestor))
    end
-    s << '<div>'
-    subject = h(issue.subject)
-    if issue.is_private?
-      subject = content_tag('span', l(:field_is_private), :class => 'private') + ' ' + subject
-    end
-    s << content_tag('h3', subject)
-    s << '</div>' * (ancestors.size + 1)
+    s << '<div>' + content_tag('h3', h(issue.subject))
+    s << '</div>' * (issue.ancestors.size + 1)
    s
  end
-
+  
  def render_descendants_tree(issue)
    s = '<form><table class="list issues">'
-    issue_list(issue.descendants.visible.sort_by(&:lft)) do |child, level|
+    issue_list(issue.descendants.sort_by(&:lft)) do |child, level|
      s << content_tag('tr',
             content_tag('td', check_box_tag("ids[]", child.id, false, :id => nil), :class => 'checkbox') +
             content_tag('td', link_to_issue(child, :truncate => 60), :class => 'subject') +
@@ -89,7 +77,7 @@ module IssuesHelper
    s << '</form></table>'
    s
  end
-
+  
  def render_custom_fields_rows(issue)
    return if issue.custom_field_values.empty?
    ordered_values = []
@@ -108,58 +96,21 @@ module IssuesHelper
    s << "</tr>\n"
    s
  end
-
-  def issues_destroy_confirmation_message(issues)
-    issues = [issues] unless issues.is_a?(Array)
-    message = l(:text_issues_destroy_confirmation)
-    descendant_count = issues.inject(0) {|memo, i| memo += (i.right - i.left - 1)/2}
-    if descendant_count > 0
-      issues.each do |issue|
-        next if issue.root?
-        issues.each do |other_issue|
-          descendant_count -= 1 if issue.is_descendant_of?(other_issue)
-        end
-      end
-      if descendant_count > 0
-        message << "\n" + l(:text_issues_destroy_descendants_confirmation, :count => descendant_count)
-      end
-    end
-    message
-  end
-
+  
  def sidebar_queries
    unless @sidebar_queries
      # User can see public queries and his own queries
      visible = ARCondition.new(["is_public = ? OR user_id = ?", true, (User.current.logged? ? User.current.id : 0)])
      # Project specific queries and global queries
      visible << (@project.nil? ? ["project_id IS NULL"] : ["project_id IS NULL OR project_id = ?", @project.id])
-      @sidebar_queries = Query.find(:all,
-                                    :select => 'id, name, is_public',
+      @sidebar_queries = Query.find(:all, 
+                                    :select => 'id, name',
                                    :order => "name ASC",
                                    :conditions => visible.conditions)
    end
    @sidebar_queries
  end

-  def query_links(title, queries)
-    # links to #index on issues/show
-    url_params = controller_name == 'issues' ? {:controller => 'issues', :action => 'index', :project_id => @project} : params
-
-    content_tag('h3', title) +
-      queries.collect {|query|
-          link_to(h(query.name), url_params.merge(:query_id => query))
-        }.join('<br />')
-  end
-
-  def render_sidebar_queries
-    out = ''
-    queries = sidebar_queries.select {|q| !q.is_public?}
-    out << query_links(l(:label_my_queries), queries) if queries.any?
-    queries = sidebar_queries.select {|q| q.is_public?}
-    out << query_links(l(:label_query_plural), queries) if queries.any?
-    out
-  end
-
  def show_detail(detail, no_html=false)
    case detail.property
    when 'attr'
@@ -182,10 +133,6 @@ module IssuesHelper
        label = l(:field_parent_issue)
        value = "##{detail.value}" unless detail.value.blank?
        old_value = "##{detail.old_value}" unless detail.old_value.blank?
-
-      when detail.prop_key == 'is_private'
-        value = l(detail.value == "0" ? :general_text_No : :general_text_Yes) unless detail.value.blank?
-        old_value = l(detail.old_value == "0" ? :general_text_No : :general_text_Yes) unless detail.old_value.blank?
      end
    when 'cf'
      custom_field = CustomField.find_by_id(detail.prop_key)
@@ -202,7 +149,7 @@ module IssuesHelper
    label ||= detail.prop_key
    value ||= detail.value
    old_value ||= detail.old_value
-
+    
    unless no_html
      label = content_tag('strong', label)
      old_value = content_tag("i", h(old_value)) if detail.old_value
@@ -214,17 +161,8 @@ module IssuesHelper
        value = content_tag("i", h(value)) if value
      end
    end
-
-    if detail.property == 'attr' && detail.prop_key == 'description'
-      s = l(:text_journal_changed_no_detail, :label => label)
-      unless no_html
-        diff_link = link_to 'diff',
-          {:controller => 'journals', :action => 'diff', :id => detail.journal_id, :detail_id => detail.id},
-          :title => l(:label_view_diff)
-        s << " (#{ diff_link })"
-      end
-      s
-    elsif !detail.value.blank?
+    
+    if !detail.value.blank?
      case detail.property
      when 'attr', 'cf'
        if !detail.old_value.blank?
@@ -248,28 +186,14 @@ module IssuesHelper
      return record.name if record
    end
  end
-
-  # Renders issue children recursively
-  def render_api_issue_children(issue, api)
-    return if issue.leaf?
-    api.array :children do
-      issue.children.each do |child|
-        api.issue(:id => child.id) do
-          api.tracker(:id => child.tracker_id, :name => child.tracker.name) unless child.tracker.nil?
-          api.subject child.subject
-          render_api_issue_children(child, api)
-        end
-      end
-    end
-  end
-
+  
  def issues_to_csv(issues, project = nil)
-    ic = Iconv.new(l(:general_csv_encoding), 'UTF-8')
+    ic = Iconv.new(l(:general_csv_encoding), 'UTF-8')    
    decimal_separator = l(:general_csv_decimal_separator)
    export = FCSV.generate(:col_sep => l(:general_csv_separator)) do |csv|
      # csv header fields
      headers = [ "#",
-                  l(:field_status),
+                  l(:field_status), 
                  l(:field_project),
                  l(:field_tracker),
                  l(:field_priority),
@@ -296,9 +220,9 @@ module IssuesHelper
      # csv lines
      issues.each do |issue|
        fields = [issue.id,
-                  issue.status.name,
+                  issue.status.name, 
                  issue.project.name,
-                  issue.tracker.name,
+                  issue.tracker.name, 
                  issue.priority.name,
                  issue.subject,
                  issue.assigned_to,
@@ -310,7 +234,7 @@ module IssuesHelper
                  issue.done_ratio,
                  issue.estimated_hours.to_s.gsub('.', decimal_separator),
                  issue.parent_id,
-                  format_time(issue.created_on),
+                  format_time(issue.created_on),  
                  format_time(issue.updated_on)
                  ]
        custom_fields.each {|f| fields << show_value(issue.custom_value_for(f)) }
@@ -320,4 +244,30 @@ module IssuesHelper
    end
    export
  end
+
+  def gantt_zoom_link(gantt, in_or_out)
+    img_attributes = {:style => 'height:1.4em; width:1.4em; margin-left: 3px;'} # em for accessibility
+
+    case in_or_out
+    when :in
+      if gantt.zoom < 4
+        link_to_remote(l(:text_zoom_in) + image_tag('zoom_in.png', img_attributes.merge(:alt => l(:text_zoom_in))),
+                       {:url => gantt.params.merge(:zoom => (gantt.zoom+1)), :update => 'content'},
+                       {:href => url_for(gantt.params.merge(:zoom => (gantt.zoom+1)))})
+      else
+        l(:text_zoom_in) +
+          image_tag('zoom_in_g.png', img_attributes.merge(:alt => l(:text_zoom_in)))
+      end
+      
+    when :out
+      if gantt.zoom > 1
+        link_to_remote(l(:text_zoom_out) + image_tag('zoom_out.png', img_attributes.merge(:alt => l(:text_zoom_out))),
+                       {:url => gantt.params.merge(:zoom => (gantt.zoom-1)), :update => 'content'},
+                       {:href => url_for(gantt.params.merge(:zoom => (gantt.zoom-1)))})
+      else
+        l(:text_zoom_out) +
+          image_tag('zoom_out_g.png', img_attributes.merge(:alt => l(:text_zoom_out)))
+      end
+    end
+  end
 end
--- a/app/helpers/messages_helper.rb
+++ b/app/helpers/messages_helper.rb
@@ -16,4 +16,14 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 module MessagesHelper
+
+  def link_to_message(message)
+    return '' unless message
+    link_to h(truncate(message.subject, :length => 60)), :controller => 'messages',
+                                           :action => 'show',
+                                           :board_id => message.board_id,
+                                           :id => message.root,
+                                           :r => (message.parent_id && message.id),
+                                           :anchor => (message.parent_id ? "message-#{message.id}" : nil)
+  end
 end
--- a/app/helpers/projects_helper.rb
+++ b/app/helpers/projects_helper.rb
@@ -1,16 +1,16 @@
-# Redmine - project management software
-# Copyright (C) 2006-2011  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
@@ -20,7 +20,7 @@ module ProjectsHelper
    return '' unless version && version.is_a?(Version)
    link_to_if version.visible?, format_version_name(version), { :controller => 'versions', :action => 'show', :id => version }, options
  end
-
+  
  def project_settings_tabs
    tabs = [{:name => 'info', :action => :edit_project, :partial => 'projects/edit', :label => :label_information_plural},
            {:name => 'modules', :action => :select_project_modules, :partial => 'projects/settings/modules', :label => :label_module_plural},
@@ -32,9 +32,9 @@ module ProjectsHelper
            {:name => 'boards', :action => :manage_boards, :partial => 'projects/settings/boards', :label => :label_board_plural},
            {:name => 'activities', :action => :manage_project_activities, :partial => 'projects/settings/activities', :label => :enumeration_activities}
            ]
-    tabs.select {|tab| User.current.allowed_to?(tab[:action], @project)}
+    tabs.select {|tab| User.current.allowed_to?(tab[:action], @project)}     
  end
-
+  
  def parent_project_select_tag(project)
    selected = project.parent
    # retrieve the requested parent project
@@ -42,13 +42,13 @@ module ProjectsHelper
    if parent_id
      selected = (parent_id.blank? ? nil : Project.find(parent_id))
    end
-
+    
    options = ''
    options << "<option value=''></option>" if project.allowed_parents.include?(nil)
    options << project_tree_options_for_select(project.allowed_parents.compact, :selected => selected)
    content_tag('select', options, :name => 'project[parent_id]', :id => 'project_parent_id')
  end
-
+  
  # Renders a tree of projects as a nested set of unordered lists
  # The given collection may be a subset of the whole project tree
  # (eg. some intermediate nodes are private and can not be seen)
@@ -65,7 +65,7 @@ module ProjectsHelper
        else
          ancestors.pop
          s << "</li>"
-          while (ancestors.any? && !project.is_descendant_of?(ancestors.last))
+          while (ancestors.any? && !project.is_descendant_of?(ancestors.last)) 
            ancestors.pop
            s << "</ul></li>\n"
          end
@@ -93,7 +93,7 @@ module ProjectsHelper
    if selected && !versions.include?(selected)
      grouped[selected.project.name] << [selected.name, selected.id]
    end
-
+    
    if grouped.keys.size > 1
      grouped_options_for_select(grouped, selected && selected.id)
    else
--- a/app/helpers/queries_helper.rb
+++ b/app/helpers/queries_helper.rb
@@ -1,5 +1,5 @@
-# Redmine - project management software
-# Copyright (C) 2006-2011  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006-2007  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -70,7 +70,6 @@ module QueriesHelper
      cond = "project_id IS NULL"
      cond << " OR project_id = #{@project.id}" if @project
      @query = Query.find(params[:query_id], :conditions => cond)
-      raise ::Unauthorized unless @query.visible?
      @query.project = @project
      session[:query] = {:id => @query.id, :project_id => @query.project_id}
      sort_clear
@@ -79,16 +78,17 @@ module QueriesHelper
        # Give it a name, required to be valid
        @query = Query.new(:name => "_")
        @query.project = @project
-        if params[:fields] || params[:f]
-          @query.filters = {}
-          @query.add_filters(params[:fields] || params[:f], params[:operators] || params[:op], params[:values] || params[:v])
+        if params[:fields] and params[:fields].is_a? Array
+          params[:fields].each do |field|
+            @query.add_filter(field, params[:operators][field], params[:values][field])
+          end
        else
          @query.available_filters.keys.each do |field|
            @query.add_short_filter(field, params[field]) if params[field]
          end
        end
        @query.group_by = params[:group_by]
-        @query.column_names = params[:c] || (params[:query] && params[:query][:column_names])
+        @query.column_names = params[:query] && params[:query][:column_names]
        session[:query] = {:project_id => @query.project_id, :filters => @query.filters, :group_by => @query.group_by, :column_names => @query.column_names}
      else
        @query = Query.find_by_id(session[:query][:id]) if session[:query][:id]
--- a/app/helpers/reports_helper.rb
+++ b/app/helpers/reports_helper.rb
@@ -1,22 +1,22 @@
-# Redmine - project management software
-# Copyright (C) 2006-2011  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 module ReportsHelper
-
+  
  def aggregate(data, criteria)
    a = 0
    data.each { |row|
@@ -28,9 +28,9 @@ module ReportsHelper
    } unless data.nil?
    a
  end
-
+  
  def aggregate_link(data, criteria, *args)
    a = aggregate data, criteria
    a > 0 ? link_to(a, *args) : '-'
-  end
+  end  
 end
--- a/app/helpers/repositories_helper.rb
+++ b/app/helpers/repositories_helper.rb
@@ -1,38 +1,33 @@
-# Redmine - project management software
-# Copyright (C) 2006-2011  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 require 'iconv'
-require 'redmine/codeset_util'

 module RepositoriesHelper
-  def format_revision(revision)
-    if revision.respond_to? :format_identifier
-      revision.format_identifier
-    else
-      revision.to_s
-    end
+  def format_revision(txt)
+    txt.to_s[0,8]
  end
-
+  
  def truncate_at_line_break(text, length = 255)
    if text
      text.gsub(%r{^(.{#{length}}[^\n]*)\n.+$}m, '\\1...')
    end
  end
-
+  
  def render_properties(properties)
    unless properties.nil? || properties.empty?
      content = ''
@@ -42,15 +37,14 @@ module RepositoriesHelper
      content_tag('ul', content, :class => 'properties')
    end
  end
-
+  
  def render_changeset_changes
    changes = @changeset.changes.find(:all, :limit => 1000, :order => 'path').collect do |change|
      case change.action
      when 'A'
        # Detects moved/copied files
        if !change.from_path.blank?
-          change.action =
-             @changeset.changes.detect {|c| c.action == 'D' && c.path == change.from_path} ? 'R' : 'C'
+          change.action = @changeset.changes.detect {|c| c.action == 'D' && c.path == change.from_path} ? 'R' : 'C'
        end
        change
      when 'D'
@@ -58,8 +52,8 @@ module RepositoriesHelper
      else
        change
      end
-    end.compact
-
+   end.compact
+    
    tree = { }
    changes.each do |change|
      p = tree
@@ -74,11 +68,13 @@ module RepositoriesHelper
      end
      p[:c] = change
    end
+    
    render_changes_tree(tree[:s])
  end
-
+  
  def render_changes_tree(tree)
    return '' if tree.nil?
+    
    output = ''
    output << '<ul>'
    tree.keys.sort.each do |file|
@@ -91,7 +87,7 @@ module RepositoriesHelper
                             :action => 'show',
                             :id => @project,
                             :path => path_param,
-                             :rev => @changeset.identifier)
+                             :rev => @changeset.revision)
        output << "<li class='#{style}'>#{text}</li>"
        output << render_changes_tree(s)
      elsif c = tree[file][:c]
@@ -101,13 +97,13 @@ module RepositoriesHelper
                             :action => 'entry',
                             :id => @project,
                             :path => path_param,
-                             :rev => @changeset.identifier) unless c.action == 'D'
+                             :rev => @changeset.revision) unless c.action == 'D'
        text << " - #{c.revision}" unless c.revision.blank?
        text << ' (' + link_to('diff', :controller => 'repositories',
                                       :action => 'diff',
                                       :id => @project,
                                       :path => path_param,
-                                       :rev => @changeset.identifier) + ') ' if c.action == 'M'
+                                       :rev => @changeset.revision) + ') ' if c.action == 'M'
        text << ' ' + content_tag('span', c.from_path, :class => 'copied-from') unless c.from_path.blank?
        output << "<li class='#{style}'>#{text}</li>"
      end
@@ -115,26 +111,9 @@ module RepositoriesHelper
    output << '</ul>'
    output
  end
-
+  
  def to_utf8(str)
-    return str if str.nil?
-    str = to_utf8_internal(str)
-    if str.respond_to?(:force_encoding)
-      str.force_encoding('UTF-8')
-    end
-    str
-  end
-
-  def to_utf8_internal(str)
-    return str if str.nil?
-    if str.respond_to?(:force_encoding)
-      str.force_encoding('ASCII-8BIT')
-    end
-    return str if str.empty?
    return str if /\A[\r\n\t\x20-\x7e]*\Z/n.match(str) # for us-ascii
-    if str.respond_to?(:force_encoding)
-      str.force_encoding('UTF-8')
-    end
    @encodings ||= Setting.repositories_encodings.split(',').collect(&:strip)
    @encodings.each do |encoding|
      begin
@@ -143,142 +122,67 @@ module RepositoriesHelper
        # do nothing here and try the next encoding
      end
    end
-    str = Redmine::CodesetUtil.replace_invalid_utf8(str)
+    str
  end
-  private :to_utf8_internal
-
-  def repository_field_tags(form, repository)
+  
+  def repository_field_tags(form, repository)    
    method = repository.class.name.demodulize.underscore + "_field_tags"
-    if repository.is_a?(Repository) &&
-        respond_to?(method) && method != 'repository_field_tags'
-      send(method, form, repository)
-    end
+    send(method, form, repository) if repository.is_a?(Repository) && respond_to?(method) && method != 'repository_field_tags'
  end
-
+  
  def scm_select_tag(repository)
    scm_options = [["--- #{l(:actionview_instancetag_blank_option)} ---", '']]
    Redmine::Scm::Base.all.each do |scm|
-    if Setting.enabled_scm.include?(scm) ||
-          (repository && repository.class.name.demodulize == scm)
-        scm_options << ["Repository::#{scm}".constantize.scm_name, scm]
-      end
+      scm_options << ["Repository::#{scm}".constantize.scm_name, scm] if Setting.enabled_scm.include?(scm) || (repository && repository.class.name.demodulize == scm)
    end
-    select_tag('repository_scm',
+    
+    select_tag('repository_scm', 
               options_for_select(scm_options, repository.class.name.demodulize),
               :disabled => (repository && !repository.new_record?),
-               :onchange => remote_function(
-                  :url => {
-                      :controller => 'repositories',
-                      :action     => 'edit',
-                      :id         => @project
-                   },
-               :method => :get,
-               :with   => "Form.serialize(this.form)")
-             )
+               :onchange => remote_function(:url => { :controller => 'repositories', :action => 'edit', :id => @project }, :method => :get, :with => "Form.serialize(this.form)")
+               )
  end
-
+  
  def with_leading_slash(path)
    path.to_s.starts_with?('/') ? path : "/#{path}"
  end
-
+  
  def without_leading_slash(path)
    path.gsub(%r{^/+}, '')
  end

  def subversion_field_tags(form, repository)
-      content_tag('p', form.text_field(:url, :size => 60, :required => true,
-                       :disabled => (repository && !repository.root_url.blank?)) +
+      content_tag('p', form.text_field(:url, :size => 60, :required => true, :disabled => (repository && !repository.root_url.blank?)) +
                       '<br />(file:///, http://, https://, svn://, svn+[tunnelscheme]://)') +
      content_tag('p', form.text_field(:login, :size => 30)) +
-      content_tag('p', form.password_field(
-                            :password, :size => 30, :name => 'ignore',
-                            :value => ((repository.new_record? || repository.password.blank?) ? '' : ('x'*15)),
-                            :onfocus => "this.value=''; this.name='repository[password]';",
-                            :onchange => "this.name='repository[password]';"))
+      content_tag('p', form.password_field(:password, :size => 30, :name => 'ignore',
+                                           :value => ((repository.new_record? || repository.password.blank?) ? '' : ('x'*15)),
+                                           :onfocus => "this.value=''; this.name='repository[password]';",
+                                           :onchange => "this.name='repository[password]';"))
  end

  def darcs_field_tags(form, repository)
-    content_tag('p', form.text_field(
-                     :url, :label => l(:field_path_to_repository),
-                     :size => 60, :required => true,
-                     :disabled => (repository && !repository.new_record?))) +
-    content_tag('p', form.select(
-                     :log_encoding, [nil] + Setting::ENCODINGS,
-                     :label => l(:field_commit_logs_encoding), :required => true))
+      content_tag('p', form.text_field(:url, :label => 'Root directory', :size => 60, :required => true, :disabled => (repository && !repository.new_record?)))
  end
-
+  
  def mercurial_field_tags(form, repository)
-    content_tag('p', form.text_field(
-                       :url, :label => l(:field_path_to_repository),
-                       :size => 60, :required => true,
-                       :disabled => (repository && !repository.root_url.blank?)
-                         ) +
-                     '<br />' + l(:text_mercurial_repository_note)) +
-    content_tag('p', form.select(
-                        :path_encoding, [nil] + Setting::ENCODINGS,
-                        :label => l(:field_scm_path_encoding)
-                        ) +
-                     '<br />' + l(:text_scm_path_encoding_note))
+      content_tag('p', form.text_field(:url, :label => 'Root directory', :size => 60, :required => true, :disabled => (repository && !repository.root_url.blank?)))
  end

  def git_field_tags(form, repository)
-    content_tag('p', form.text_field(
-                       :url, :label => l(:field_path_to_repository),
-                       :size => 60, :required => true,
-                       :disabled => (repository && !repository.root_url.blank?)
-                         ) +
-                      '<br />' + l(:text_git_repository_note)) +
-    content_tag('p', form.select(
-                        :path_encoding, [nil] + Setting::ENCODINGS,
-                        :label => l(:field_scm_path_encoding)
-                        ) +
-                     '<br />' + l(:text_scm_path_encoding_note)) +
-    content_tag('p', form.check_box(
-                        :extra_report_last_commit,
-                        :label => l(:label_git_report_last_commit)
-                         ))
+      content_tag('p', form.text_field(:url, :label => 'Path to .git directory', :size => 60, :required => true, :disabled => (repository && !repository.root_url.blank?)))
  end

  def cvs_field_tags(form, repository)
-    content_tag('p', form.text_field(
-                     :root_url,
-                     :label => l(:field_cvsroot),
-                     :size => 60, :required => true,
-                     :disabled => !repository.new_record?)) +
-    content_tag('p', form.text_field(
-                     :url,
-                     :label => l(:field_cvs_module),
-                     :size => 30, :required => true,
-                     :disabled => !repository.new_record?)) +
-    content_tag('p', form.select(
-                     :log_encoding, [nil] + Setting::ENCODINGS,
-                     :label => l(:field_commit_logs_encoding), :required => true)) +
-    content_tag('p', form.select(
-                        :path_encoding, [nil] + Setting::ENCODINGS,
-                        :label => l(:field_scm_path_encoding)
-                        ) +
-                     '<br />' + l(:text_scm_path_encoding_note))
+      content_tag('p', form.text_field(:root_url, :label => 'CVSROOT', :size => 60, :required => true, :disabled => !repository.new_record?)) +
+      content_tag('p', form.text_field(:url, :label => 'Module', :size => 30, :required => true, :disabled => !repository.new_record?))
  end

  def bazaar_field_tags(form, repository)
-    content_tag('p', form.text_field(
-                     :url, :label => l(:field_path_to_repository),
-                     :size => 60, :required => true,
-                     :disabled => (repository && !repository.new_record?))) +
-    content_tag('p', form.select(
-                     :log_encoding, [nil] + Setting::ENCODINGS,
-                     :label => l(:field_commit_logs_encoding), :required => true))
+      content_tag('p', form.text_field(:url, :label => 'Root directory', :size => 60, :required => true, :disabled => (repository && !repository.new_record?)))
  end
-
+  
  def filesystem_field_tags(form, repository)
-    content_tag('p', form.text_field(
-                     :url, :label => l(:field_root_directory),
-                     :size => 60, :required => true,
-                     :disabled => (repository && !repository.root_url.blank?))) +
-    content_tag('p', form.select(
-                        :path_encoding, [nil] + Setting::ENCODINGS,
-                        :label => l(:field_scm_path_encoding)
-                        ) +
-                     '<br />' + l(:text_scm_path_encoding_note))
+    content_tag('p', form.text_field(:url, :label => 'Root directory', :size => 60, :required => true, :disabled => (repository && !repository.root_url.blank?)))
  end
 end
--- a/app/helpers/search_helper.rb
+++ b/app/helpers/search_helper.rb
@@ -1,5 +1,5 @@
-# Redmine - project management software
-# Copyright (C) 2006-2011  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006-2007  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -39,7 +39,7 @@ module SearchHelper
  end
  
  def type_label(t)
-    l("label_#{t.singularize}_plural", :default => t.to_s.humanize)
+    l("label_#{t.singularize}_plural")
  end
  
  def project_select_tag
@@ -57,7 +57,7 @@ module SearchHelper
      c = results_by_type[t]
      next if c == 0
      text = "#{type_label(t)} (#{c})"
-      links << link_to(text, :q => params[:q], :titles_only => params[:titles_only], :all_words => params[:all_words], :scope => params[:scope], t => 1)
+      links << link_to(text, :q => params[:q], :titles_only => params[:title_only], :all_words => params[:all_words], :scope => params[:scope], t => 1)
    end
    ('<ul>' + links.map {|link| content_tag('li', link)}.join(' ') + '</ul>') unless links.empty?
  end
--- a/app/helpers/settings_helper.rb
+++ b/app/helpers/settings_helper.rb
@@ -1,16 +1,16 @@
 # Redmine - project management software
-# Copyright (C) 2006-2011  Jean-Philippe Lang
+# Copyright (C) 2006-2009  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
@@ -27,65 +27,48 @@ module SettingsHelper
            {:name => 'repositories', :partial => 'settings/repositories', :label => :label_repository_plural}
            ]
  end
-
+  
  def setting_select(setting, choices, options={})
    if blank_text = options.delete(:blank)
      choices = [[blank_text.is_a?(Symbol) ? l(blank_text) : blank_text, '']] + choices
    end
    setting_label(setting, options) +
-      select_tag("settings[#{setting}]",
-                 options_for_select(choices, Setting.send(setting).to_s),
-                 options)
+      select_tag("settings[#{setting}]", options_for_select(choices, Setting.send(setting).to_s), options)
  end
-
+  
  def setting_multiselect(setting, choices, options={})
    setting_values = Setting.send(setting)
    setting_values = [] unless setting_values.is_a?(Array)
-
+      
    setting_label(setting, options) +
      hidden_field_tag("settings[#{setting}][]", '') +
      choices.collect do |choice|
-        text, value = (choice.is_a?(Array) ? choice : [choice, choice])
-        content_tag(
-          'label',
-          check_box_tag(
-             "settings[#{setting}][]",
-             value,
-             Setting.send(setting).include?(value)
-           ) + text.to_s,
+        text, value = (choice.is_a?(Array) ? choice : [choice, choice]) 
+        content_tag('label',
+          check_box_tag("settings[#{setting}][]", value, Setting.send(setting).include?(value)) + text.to_s,
          :class => 'block'
-         )
+        )
      end.join
  end
-
+  
  def setting_text_field(setting, options={})
    setting_label(setting, options) +
      text_field_tag("settings[#{setting}]", Setting.send(setting), options)
  end
-
+  
  def setting_text_area(setting, options={})
    setting_label(setting, options) +
      text_area_tag("settings[#{setting}]", Setting.send(setting), options)
  end
-
+  
  def setting_check_box(setting, options={})
    setting_label(setting, options) +
      hidden_field_tag("settings[#{setting}]", 0) +
-        check_box_tag("settings[#{setting}]", 1, Setting.send("#{setting}?"), options)
+      check_box_tag("settings[#{setting}]", 1, Setting.send("#{setting}?"), options)
  end
-
+  
  def setting_label(setting, options={})
    label = options.delete(:label)
    label != false ? content_tag("label", l(label || "setting_#{setting}")) : ''
  end
-
-  # Renders a notification field for a Redmine::Notifiable option
-  def notification_field(notifiable)
-    return content_tag(:label,
-                       check_box_tag('settings[notified_events][]',
-                                     notifiable.name,
-                                     Setting.notified_events.include?(notifiable.name)) +
-                         l_or_humanize(notifiable.name, :prefix => 'label_'),
-                       :class => notifiable.parent.present? ? "parent" : '')
-  end
 end
--- a/app/helpers/sort_helper.rb
+++ b/app/helpers/sort_helper.rb
@@ -200,12 +200,16 @@ module SortHelper
    caption = column.to_s.humanize unless caption
    
    sort_options = { :sort => @sort_criteria.add(column.to_s, order).to_param }
-    url_options = params.merge(sort_options)
+    # don't reuse params if filters are present
+    url_options = params.has_key?(:set_filter) ? sort_options : params.merge(sort_options)
    
     # Add project_id to url_options
    url_options = url_options.merge(:project_id => params[:project_id]) if params.has_key?(:project_id)

-    link_to_content_update(caption, url_options, :class => css)
+    link_to_remote(caption,
+                  {:update => "content", :url => url_options, :method => :get},
+                  {:href => url_for(url_options),
+                   :class => css})
  end

  # Returns a table header <th> tag with a sort link for the named column
--- a/app/helpers/users_helper.rb
+++ b/app/helpers/users_helper.rb
@@ -33,19 +33,15 @@ module UsersHelper
    options
  end
  
-  def user_mail_notification_options(user)
-    user.valid_notification_options.collect {|o| [l(o.last), o.first]}
-  end
-  
  def change_status_link(user)
-    url = {:controller => 'users', :action => 'update', :id => user, :page => params[:page], :status => params[:status], :tab => nil}
+    url = {:controller => 'users', :action => 'edit', :id => user, :page => params[:page], :status => params[:status], :tab => nil}
    
    if user.locked?
-      link_to l(:button_unlock), url.merge(:user => {:status => User::STATUS_ACTIVE}), :method => :put, :class => 'icon icon-unlock'
+      link_to l(:button_unlock), url.merge(:user => {:status => User::STATUS_ACTIVE}), :method => :post, :class => 'icon icon-unlock'
    elsif user.registered?
-      link_to l(:button_activate), url.merge(:user => {:status => User::STATUS_ACTIVE}), :method => :put, :class => 'icon icon-unlock'
+      link_to l(:button_activate), url.merge(:user => {:status => User::STATUS_ACTIVE}), :method => :post, :class => 'icon icon-unlock'
    elsif user != User.current
-      link_to l(:button_lock), url.merge(:user => {:status => User::STATUS_LOCKED}), :method => :put, :class => 'icon icon-lock'
+      link_to l(:button_lock), url.merge(:user => {:status => User::STATUS_LOCKED}), :method => :post, :class => 'icon icon-lock'
    end
  end
  
--- a/app/helpers/versions_helper.rb
+++ b/app/helpers/versions_helper.rb
@@ -1,5 +1,5 @@
-# Redmine - project management software
-# Copyright (C) 2006-2011  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -17,10 +17,11 @@

 module VersionsHelper

-  STATUS_BY_CRITERIAS = %w(category tracker status priority author assigned_to)
+  STATUS_BY_CRITERIAS = %w(category tracker priority author assigned_to)
  
  def render_issue_status_by(version, criteria)
-    criteria = 'category' unless STATUS_BY_CRITERIAS.include?(criteria)
+    criteria ||= 'category'
+    raise 'Unknown criteria' unless STATUS_BY_CRITERIAS.include?(criteria)
    
    h = Hash.new {|k,v| k[v] = [0, 0]}
    begin
--- a/app/helpers/watchers_helper.rb
+++ b/app/helpers/watchers_helper.rb
@@ -1,5 +1,5 @@
-# Redmine - project management software
-# Copyright (C) 2006-2011  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006-2007  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -16,18 +16,28 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 module WatchersHelper
-  
-  def watcher_tag(object, user, options={})
-    content_tag("span", watcher_link(object, user), :class => watcher_css(object))
+
+  # Valid options
+  # * :id - the element id
+  # * :replace - a string or array of element ids that will be
+  #   replaced
+  def watcher_tag(object, user, options={:replace => 'watcher'})
+    id = options[:id]
+    id ||= options[:replace] if options[:replace].is_a? String
+    content_tag("span", watcher_link(object, user, options), :id => id)
  end
  
-  def watcher_link(object, user)
+  # Valid options
+  # * :replace - a string or array of element ids that will be
+  #   replaced
+  def watcher_link(object, user, options={:replace => 'watcher'})
    return '' unless user && user.logged? && object.respond_to?('watched_by?')
    watched = object.watched_by?(user)
    url = {:controller => 'watchers',
           :action => (watched ? 'unwatch' : 'watch'),
           :object_type => object.class.to_s.underscore,
-           :object_id => object.id}
+           :object_id => object.id,
+           :replace => options[:replace]}
    link_to_remote((watched ? l(:button_unwatch) : l(:button_watch)),
                   {:url => url},
                   :href => url_for(url),
@@ -35,11 +45,6 @@ module WatchersHelper
  
  end
  
-  # Returns the css class used to identify watch links for a given +object+
-  def watcher_css(object)
-    "#{object.class.to_s.underscore}-#{object.id}-watcher"
-  end
-  
  # Returns a comma separated list of users watching the given object
  def watchers_list(object)
    remove_allowed = User.current.allowed_to?("delete_#{object.class.name.underscore}_watchers".to_sym, object.project)
--- a/app/helpers/wiki_helper.rb
+++ b/app/helpers/wiki_helper.rb
@@ -1,5 +1,5 @@
-# Redmine - project management software
-# Copyright (C) 2006-2011  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006-2007  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -18,18 +18,52 @@
 module WikiHelper
  
  def wiki_page_options_for_select(pages, selected = nil, parent = nil, level = 0)
-    pages = pages.group_by(&:parent) unless pages.is_a?(Hash)
    s = ''
-    if pages.has_key?(parent)
-      pages[parent].each do |page|
-        attrs = "value='#{page.id}'"
-        attrs << " selected='selected'" if selected == page
-        indent = (level > 0) ? ('&nbsp;' * level * 2 + '&#187; ') : nil
-        
-        s << "<option #{attrs}>#{indent}#{h page.pretty_title}</option>\n" + 
-               wiki_page_options_for_select(pages, selected, page, level + 1)
-      end
+    pages.select {|p| p.parent == parent}.each do |page|
+      attrs = "value='#{page.id}'"
+      attrs << " selected='selected'" if selected == page
+      indent = (level > 0) ? ('&nbsp;' * level * 2 + '&#187; ') : nil
+      
+      s << "<option value='#{page.id}'>#{indent}#{h page.pretty_title}</option>\n" + 
+             wiki_page_options_for_select(pages, selected, page, level + 1)
    end
    s
  end
+  
+  def html_diff(wdiff)
+    words = wdiff.words.collect{|word| h(word)}
+    words_add = 0
+    words_del = 0
+    dels = 0
+    del_off = 0
+    wdiff.diff.diffs.each do |diff|
+      add_at = nil
+      add_to = nil
+      del_at = nil
+      deleted = ""	    
+      diff.each do |change|
+        pos = change[1]
+        if change[0] == "+"
+          add_at = pos + dels unless add_at
+          add_to = pos + dels
+          words_add += 1
+        else
+          del_at = pos unless del_at
+          deleted << ' ' + h(change[2])
+          words_del	 += 1
+        end
+      end
+      if add_at
+        words[add_at] = '<span class="diff_in">' + words[add_at]
+        words[add_to] = words[add_to] + '</span>'
+      end
+      if del_at
+        words.insert del_at - del_off + dels + words_add, '<span class="diff_out">' + deleted + '</span>'
+        dels += 1
+        del_off += words_del
+        words_del = 0
+      end
+    end
+    simple_format_without_paragraph(words.join(' '))
+  end
 end
--- a/app/models/attachment.rb
+++ b/app/models/attachment.rb
@@ -1,16 +1,16 @@
-# Redmine - project management software
-# Copyright (C) 2006-2011  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006-2007  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
@@ -20,7 +20,7 @@ require "digest/md5"
 class Attachment < ActiveRecord::Base
  belongs_to :container, :polymorphic => true
  belongs_to :author, :class_name => "User", :foreign_key => "author_id"
-
+  
  validates_presence_of :container, :filename, :author
  validates_length_of :filename, :maximum => 255
  validates_length_of :disk_filename, :maximum => 255
@@ -31,20 +31,20 @@ class Attachment < ActiveRecord::Base
  acts_as_activity_provider :type => 'files',
                            :permission => :view_files,
                            :author_key => :author_id,
-                            :find_options => {:select => "#{Attachment.table_name}.*",
+                            :find_options => {:select => "#{Attachment.table_name}.*", 
                                              :joins => "LEFT JOIN #{Version.table_name} ON #{Attachment.table_name}.container_type='Version' AND #{Version.table_name}.id = #{Attachment.table_name}.container_id " +
                                                        "LEFT JOIN #{Project.table_name} ON #{Version.table_name}.project_id = #{Project.table_name}.id OR ( #{Attachment.table_name}.container_type='Project' AND #{Attachment.table_name}.container_id = #{Project.table_name}.id )"}
-
+  
  acts_as_activity_provider :type => 'documents',
                            :permission => :view_documents,
                            :author_key => :author_id,
-                            :find_options => {:select => "#{Attachment.table_name}.*",
+                            :find_options => {:select => "#{Attachment.table_name}.*", 
                                              :joins => "LEFT JOIN #{Document.table_name} ON #{Attachment.table_name}.container_type='Document' AND #{Document.table_name}.id = #{Attachment.table_name}.container_id " +
                                                        "LEFT JOIN #{Project.table_name} ON #{Document.table_name}.project_id = #{Project.table_name}.id"}

  cattr_accessor :storage_path
-  @@storage_path = Redmine::Configuration['attachments_storage_path'] || "#{RAILS_ROOT}/files"
-
+  @@storage_path = "#{RAILS_ROOT}/files"
+  
  def validate
    if self.filesize > Setting.attachment_max_size.to_i.kilobytes
      errors.add(:base, :too_long, :count => Setting.attachment_max_size.to_i.kilobytes)
@@ -76,7 +76,7 @@ class Attachment < ActiveRecord::Base
    if @temp_file && (@temp_file.size > 0)
      logger.debug("saving '#{self.diskfile}'")
      md5 = Digest::MD5.new
-      File.open(diskfile, "wb") do |f|
+      File.open(diskfile, "wb") do |f| 
        buffer = ""
        while (buffer = @temp_file.read(8192))
          f.write(buffer)
@@ -100,7 +100,7 @@ class Attachment < ActiveRecord::Base
  def diskfile
    "#{@@storage_path}/#{self.disk_filename}"
  end
-
+  
  def increment_download
    increment!(:downloads)
  end
@@ -108,27 +108,27 @@ class Attachment < ActiveRecord::Base
  def project
    container.project
  end
-
+  
  def visible?(user=User.current)
    container.attachments_visible?(user)
  end
-
+  
  def deletable?(user=User.current)
    container.attachments_deletable?(user)
  end
-
+  
  def image?
    self.filename =~ /\.(jpe?g|gif|png)$/i
  end
-
+  
  def is_text?
    Redmine::MimeType.is_type?('text', filename)
  end
-
+  
  def is_diff?
    self.filename =~ /\.(patch|diff)$/i
  end
-
+  
  # Returns true if the file is readable
  def readable?
    File.readable?(diskfile)
@@ -145,7 +145,7 @@ class Attachment < ActiveRecord::Base
      attachments.each_value do |attachment|
        file = attachment['file']
        next unless file && file.size > 0
-        a = Attachment.create(:container => obj,
+        a = Attachment.create(:container => obj, 
                              :file => file,
                              :description => attachment['description'].to_s.strip,
                              :author => User.current)
@@ -160,18 +160,18 @@ class Attachment < ActiveRecord::Base
    end
    {:files => attached, :unsaved => obj.unsaved_attachments}
  end
-
+  
 private
  def sanitize_filename(value)
    # get only the filename, not the whole path
    just_filename = value.gsub(/^.*(\\|\/)/, '')
    # NOTE: File.basename doesn't work right with Windows paths on Unix
-    # INCORRECT: just_filename = File.basename(value.gsub('\\\\', '/'))
+    # INCORRECT: just_filename = File.basename(value.gsub('\\\\', '/')) 

    # Finally, replace all non alphanumeric, hyphens or periods with underscore
-    @filename = just_filename.gsub(/[^\w\.\-]/,'_')
+    @filename = just_filename.gsub(/[^\w\.\-]/,'_') 
  end
-
+  
  # Returns an ASCII or hashed filename
  def self.disk_filename(filename)
    timestamp = DateTime.now.strftime("%y%m%d%H%M%S")
--- a/app/models/auth_source.rb
+++ b/app/models/auth_source.rb
@@ -16,8 +16,6 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class AuthSource < ActiveRecord::Base
-  include Redmine::Ciphering
-  
  has_many :users
  
  validates_presence_of :name
@@ -33,14 +31,6 @@ class AuthSource < ActiveRecord::Base
  def auth_method_name
    "Abstract"
  end
-  
-  def account_password
-    read_ciphered_attribute(:account_password)
-  end
-  
-  def account_password=(arg)
-    write_ciphered_attribute(:account_password, arg)
-  end

  def allow_password_changes?
    self.class.allow_password_changes?
--- a/app/models/auth_source_ldap.rb
+++ b/app/models/auth_source_ldap.rb
@@ -20,8 +20,8 @@ require 'iconv'

 class AuthSourceLdap < AuthSource 
  validates_presence_of :host, :port, :attr_login
-  validates_length_of :name, :host, :maximum => 60, :allow_nil => true
-  validates_length_of :account, :account_password, :base_dn, :maximum => 255, :allow_nil => true
+  validates_length_of :name, :host, :account_password, :maximum => 60, :allow_nil => true
+  validates_length_of :account, :base_dn, :maximum => 255, :allow_nil => true
  validates_length_of :attr_login, :attr_firstname, :attr_lastname, :attr_mail, :maximum => 30, :allow_nil => true
  validates_numericality_of :port, :only_integer => true
  
--- a/app/models/change.rb
+++ b/app/models/change.rb
@@ -1,35 +1,30 @@
-# Redmine - project management software
-# Copyright (C) 2006-2011  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006-2007  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class Change < ActiveRecord::Base
  belongs_to :changeset
-
+  
  validates_presence_of :changeset_id, :action, :path
  before_save :init_path
-
+  
  def relative_path
    changeset.repository.relative_path(path)
  end
-
-  def before_validation
-    self.path      = Redmine::CodesetUtil.replace_invalid_utf8(self.path)
-    self.from_path = Redmine::CodesetUtil.replace_invalid_utf8(self.from_path)
-  end
-
+  
  def init_path
    self.path ||= ""
  end
--- a/app/models/changeset.rb
+++ b/app/models/changeset.rb
@@ -1,16 +1,16 @@
 # Redmine - project management software
-# Copyright (C) 2006-2011  Jean-Philippe Lang
+# Copyright (C) 2006-2010  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
@@ -23,221 +23,155 @@ class Changeset < ActiveRecord::Base
  has_many :changes, :dependent => :delete_all
  has_and_belongs_to_many :issues

-  acts_as_event :title => Proc.new {|o| "#{l(:label_revision)} #{o.format_identifier}" + (o.short_comments.blank? ? '' : (': ' + o.short_comments))},
+  acts_as_event :title => Proc.new {|o| "#{l(:label_revision)} #{o.revision}" + (o.short_comments.blank? ? '' : (': ' + o.short_comments))},
                :description => :long_comments,
                :datetime => :committed_on,
-                :url => Proc.new {|o| {:controller => 'repositories', :action => 'revision', :id => o.repository.project, :rev => o.identifier}}
-
+                :url => Proc.new {|o| {:controller => 'repositories', :action => 'revision', :id => o.repository.project, :rev => o.revision}}
+                
  acts_as_searchable :columns => 'comments',
                     :include => {:repository => :project},
                     :project_key => "#{Repository.table_name}.project_id",
                     :date_column => 'committed_on'
-
+                     
  acts_as_activity_provider :timestamp => "#{table_name}.committed_on",
                            :author_key => :user_id,
                            :find_options => {:include => [:user, {:repository => :project}]}
-
+  
  validates_presence_of :repository_id, :revision, :committed_on, :commit_date
  validates_uniqueness_of :revision, :scope => :repository_id
  validates_uniqueness_of :scmid, :scope => :repository_id, :allow_nil => true
-
+  
  named_scope :visible, lambda {|*args| { :include => {:repository => :project},
-                                          :conditions => Project.allowed_to_condition(args.shift || User.current, :view_changesets, *args) } }
-
+                                          :conditions => Project.allowed_to_condition(args.first || User.current, :view_changesets) } }
+                                          
  def revision=(r)
    write_attribute :revision, (r.nil? ? nil : r.to_s)
  end
-
-  # Returns the identifier of this changeset; depending on repository backends
-  def identifier
-    if repository.class.respond_to? :changeset_identifier
-      repository.class.changeset_identifier self
-    else
-      revision.to_s
-    end
+  
+  def comments=(comment)
+    write_attribute(:comments, Changeset.normalize_comments(comment))
  end

  def committed_on=(date)
    self.commit_date = date
    super
  end
-
-  # Returns the readable identifier
-  def format_identifier
-    if repository.class.respond_to? :format_changeset_identifier
-      repository.class.format_changeset_identifier self
-    else
-      identifier
-    end
+  
+  def committer=(arg)
+    write_attribute(:committer, self.class.to_utf8(arg.to_s))
  end

  def project
    repository.project
  end
-
+  
  def author
    user || committer.to_s.split('<').first
  end
-
+  
  def before_create
-    self.committer = self.class.to_utf8(self.committer, repository.repo_log_encoding)
-    self.comments  = self.class.normalize_comments(
-                       self.comments, repository.repo_log_encoding)
-    self.user = repository.find_committer_user(self.committer)
+    self.user = repository.find_committer_user(committer)
  end
-
+  
  def after_create
    scan_comment_for_issue_ids
  end
-
-  TIMELOG_RE = /
-    (
-    ((\d+)(h|hours?))((\d+)(m|min)?)?
-    |
-    ((\d+)(h|hours?|m|min))
-    |
-    (\d+):(\d+)
-    |
-    (\d+([\.,]\d+)?)h?
-    )
-    /x
-
+  
  def scan_comment_for_issue_ids
    return if comments.blank?
    # keywords used to reference issues
    ref_keywords = Setting.commit_ref_keywords.downcase.split(",").collect(&:strip)
-    ref_keywords_any = ref_keywords.delete('*')
    # keywords used to fix issues
    fix_keywords = Setting.commit_fix_keywords.downcase.split(",").collect(&:strip)
-
+    
    kw_regexp = (ref_keywords + fix_keywords).collect{|kw| Regexp.escape(kw)}.join("|")
-
+    return if kw_regexp.blank?
+    
    referenced_issues = []
-
-    comments.scan(/([\s\(\[,-]|^)((#{kw_regexp})[\s:]+)?(#\d+(\s+@#{TIMELOG_RE})?([\s,;&]+#\d+(\s+@#{TIMELOG_RE})?)*)(?=[[:punct:]]|\s|<|$)/i) do |match|
-      action, refs = match[2], match[3]
-      next unless action.present? || ref_keywords_any
-
-      refs.scan(/#(\d+)(\s+@#{TIMELOG_RE})?/).each do |m|
-        issue, hours = find_referenced_issue_by_id(m[0].to_i), m[2]
-        if issue
-          referenced_issues << issue
-          fix_issue(issue) if fix_keywords.include?(action.to_s.downcase)
-          log_time(issue, hours) if hours && Setting.commit_logtime_enabled?
+    
+    if ref_keywords.delete('*')
+      # find any issue ID in the comments
+      target_issue_ids = []
+      comments.scan(%r{([\s\(\[,-]|^)#(\d+)(?=[[:punct:]]|\s|<|$)}).each { |m| target_issue_ids << m[1] }
+      referenced_issues += find_referenced_issues_by_id(target_issue_ids)
+    end
+    
+    comments.scan(Regexp.new("(#{kw_regexp})[\s:]+(([\s,;&]*#?\\d+)+)", Regexp::IGNORECASE)).each do |match|
+      action = match[0]
+      target_issue_ids = match[1].scan(/\d+/)
+      target_issues = find_referenced_issues_by_id(target_issue_ids)
+      if fix_keywords.include?(action.downcase) && fix_status = IssueStatus.find_by_id(Setting.commit_fix_status_id)
+        # update status of issues
+        logger.debug "Issues fixed by changeset #{self.revision}: #{issue_ids.join(', ')}." if logger && logger.debug?
+        target_issues.each do |issue|
+          # the issue may have been updated by the closure of another one (eg. duplicate)
+          issue.reload
+          # don't change the status is the issue is closed
+          next if issue.status.is_closed?
+          csettext = "r#{self.revision}"
+          if self.scmid && (! (csettext =~ /^r[0-9]+$/))
+            csettext = "commit:\"#{self.scmid}\""
+          end
+          journal = issue.init_journal(user || User.anonymous, ll(Setting.default_language, :text_status_changed_by_changeset, csettext))
+          issue.status = fix_status
+          unless Setting.commit_fix_done_ratio.blank?
+            issue.done_ratio = Setting.commit_fix_done_ratio.to_i
+          end
+          Redmine::Hook.call_hook(:model_changeset_scan_commit_for_issue_ids_pre_issue_update,
+                                  { :changeset => self, :issue => issue })
+          issue.save
        end
      end
+      referenced_issues += target_issues
    end
-
+    
    referenced_issues.uniq!
    self.issues = referenced_issues unless referenced_issues.empty?
  end
-
+  
  def short_comments
    @short_comments || split_comments.first
  end
-
+  
  def long_comments
    @long_comments || split_comments.last
  end
-
-  def text_tag
-    if scmid?
-      "commit:#{scmid}"
-    else
-      "r#{revision}"
-    end
-  end
-
+  
  # Returns the previous changeset
  def previous
-    @previous ||= Changeset.find(:first,
-                    :conditions => ['id < ? AND repository_id = ?',
-                                    self.id, self.repository_id],
-                    :order => 'id DESC')
+    @previous ||= Changeset.find(:first, :conditions => ['id < ? AND repository_id = ?', self.id, self.repository_id], :order => 'id DESC')
  end

  # Returns the next changeset
  def next
-    @next ||= Changeset.find(:first,
-                    :conditions => ['id > ? AND repository_id = ?',
-                                    self.id, self.repository_id],
-                    :order => 'id ASC')
+    @next ||= Changeset.find(:first, :conditions => ['id > ? AND repository_id = ?', self.id, self.repository_id], :order => 'id ASC')
+  end
+  
+  # Strips and reencodes a commit log before insertion into the database
+  def self.normalize_comments(str)
+    to_utf8(str.to_s.strip)
  end

  # Creates a new Change from it's common parameters
  def create_change(change)
-    Change.create(:changeset     => self,
-                  :action        => change[:action],
-                  :path          => change[:path],
-                  :from_path     => change[:from_path],
+    Change.create(:changeset => self,
+                  :action => change[:action],
+                  :path => change[:path],
+                  :from_path => change[:from_path],
                  :from_revision => change[:from_revision])
  end
-
+  
  private

-  # Finds an issue that can be referenced by the commit message
-  # i.e. an issue that belong to the repository project, a subproject or a parent project
-  def find_referenced_issue_by_id(id)
-    return nil if id.blank?
-    issue = Issue.find_by_id(id.to_i, :include => :project)
-    if issue
-      unless issue.project &&
-                (project == issue.project || project.is_ancestor_of?(issue.project) ||
-                 project.is_descendant_of?(issue.project))
-        issue = nil
-      end
-    end
-    issue
+  # Finds issues that can be referenced by the commit message
+  # i.e. issues that belong to the repository project, a subproject or a parent project
+  def find_referenced_issues_by_id(ids)
+    return [] if ids.compact.empty?
+    Issue.find_all_by_id(ids, :include => :project).select {|issue|
+      project == issue.project || project.is_ancestor_of?(issue.project) || project.is_descendant_of?(issue.project)
+    }
  end
-
-  def fix_issue(issue)
-    status = IssueStatus.find_by_id(Setting.commit_fix_status_id.to_i)
-    if status.nil?
-      logger.warn("No status matches commit_fix_status_id setting (#{Setting.commit_fix_status_id})") if logger
-      return issue
-    end
-
-    # the issue may have been updated by the closure of another one (eg. duplicate)
-    issue.reload
-    # don't change the status is the issue is closed
-    return if issue.status && issue.status.is_closed?
-
-    journal = issue.init_journal(user || User.anonymous, ll(Setting.default_language, :text_status_changed_by_changeset, text_tag))
-    issue.status = status
-    unless Setting.commit_fix_done_ratio.blank?
-      issue.done_ratio = Setting.commit_fix_done_ratio.to_i
-    end
-    Redmine::Hook.call_hook(:model_changeset_scan_commit_for_issue_ids_pre_issue_update,
-                            { :changeset => self, :issue => issue })
-    unless issue.save
-      logger.warn("Issue ##{issue.id} could not be saved by changeset #{id}: #{issue.errors.full_messages}") if logger
-    end
-    issue
-  end
-
-  def log_time(issue, hours)
-    time_entry = TimeEntry.new(
-      :user => user,
-      :hours => hours,
-      :issue => issue,
-      :spent_on => commit_date,
-      :comments => l(:text_time_logged_by_changeset, :value => text_tag,
-                     :locale => Setting.default_language)
-      )
-    time_entry.activity = log_time_activity unless log_time_activity.nil?
-
-    unless time_entry.save
-      logger.warn("TimeEntry could not be created by changeset #{id}: #{time_entry.errors.full_messages}") if logger
-    end
-    time_entry
-  end
-
-  def log_time_activity
-    if Setting.commit_logtime_activity_id.to_i > 0
-      TimeEntryActivity.find_by_id(Setting.commit_logtime_activity_id.to_i)
-    end
-  end
-
+  
  def split_comments
    comments =~ /\A(.+?)\r?\n(.*)$/m
    @short_comments = $1 || comments
@@ -245,47 +179,22 @@ class Changeset < ActiveRecord::Base
    return @short_comments, @long_comments
  end

-  public
-
-  # Strips and reencodes a commit log before insertion into the database
-  def self.normalize_comments(str, encoding)
-    Changeset.to_utf8(str.to_s.strip, encoding)
-  end
-
-  def self.to_utf8(str, encoding)
-    return str if str.nil?
-    str.force_encoding("ASCII-8BIT") if str.respond_to?(:force_encoding)
-    if str.empty?
-      str.force_encoding("UTF-8") if str.respond_to?(:force_encoding)
-      return str
-    end
-    enc = encoding.blank? ? "UTF-8" : encoding
-    if str.respond_to?(:force_encoding)
-      if enc.upcase != "UTF-8"
-        str.force_encoding(enc)
-        str = str.encode("UTF-8", :invalid => :replace,
-              :undef => :replace, :replace => '?')
-      else
-        str.force_encoding("UTF-8")
-        if ! str.valid_encoding?
-          str = str.encode("US-ASCII", :invalid => :replace,
-                :undef => :replace, :replace => '?').encode("UTF-8")
-        end
-      end
-    else
-      ic = Iconv.new('UTF-8', enc)
-      txtar = ""
+  def self.to_utf8(str)
+    return str if /\A[\r\n\t\x20-\x7e]*\Z/n.match(str) # for us-ascii
+    encoding = Setting.commit_logs_encoding.to_s.strip
+    unless encoding.blank? || encoding == 'UTF-8'
      begin
-        txtar += ic.iconv(str)
-      rescue Iconv::IllegalSequence
-        txtar += $!.success
-        str = '?' + $!.failed[1,$!.failed.length]
-        retry
-      rescue
-        txtar += $!.success
+        str = Iconv.conv('UTF-8', encoding, str)
+      rescue Iconv::Failure
+        # do nothing here
      end
-      str = txtar
    end
-    str
+    # removes invalid UTF8 sequences
+    begin
+      Iconv.conv('UTF-8//IGNORE', 'UTF-8', str + '  ')[0..-3]
+    rescue Iconv::InvalidEncoding
+      # "UTF-8//IGNORE" is not supported on some OS
+      str
+    end
  end
 end
--- a/app/models/comment_observer.rb
+++ b/app/models/comment_observer.rb
@@ -1,24 +0,0 @@
-# Redmine - project management software
-# Copyright (C) 2006-2011  Jean-Philippe Lang
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-# 
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-# 
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
-
-class CommentObserver < ActiveRecord::Observer
-  def after_create(comment)
-    if comment.commented.is_a?(News) && Setting.notified_events.include?('news_comment_added')
-      Mailer.deliver_news_comment_added(comment)
-    end
-  end
-end
--- a/app/models/custom_field.rb
+++ b/app/models/custom_field.rb
@@ -1,5 +1,5 @@
-# Redmine - project management software
-# Copyright (C) 2006-2011  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -23,6 +23,7 @@ class CustomField < ActiveRecord::Base
  validates_presence_of :name, :field_format
  validates_uniqueness_of :name, :scope => :type
  validates_length_of :name, :maximum => 30
+  validates_format_of :name, :with => /^[\w\s\.\'\-]*$/i
  validates_inclusion_of :field_format, :in => Redmine::CustomFieldFormat.available_formats

  def initialize(attributes = nil)
@@ -42,49 +43,12 @@ class CustomField < ActiveRecord::Base
      errors.add(:possible_values, :invalid) unless self.possible_values.is_a? Array
    end
    
-    if regexp.present?
-      begin
-        Regexp.new(regexp)
-      rescue
-        errors.add(:regexp, :invalid)
-      end
-    end
-    
    # validate default value
    v = CustomValue.new(:custom_field => self.clone, :value => default_value, :customized => nil)
    v.custom_field.is_required = false
    errors.add(:default_value, :invalid) unless v.valid?
  end
  
-  def possible_values_options(obj=nil)
-    case field_format
-    when 'user', 'version'
-      if obj.respond_to?(:project) && obj.project
-        case field_format
-        when 'user'
-          obj.project.users.sort.collect {|u| [u.to_s, u.id.to_s]}
-        when 'version'
-          obj.project.shared_versions.sort.collect {|u| [u.to_s, u.id.to_s]}
-        end
-      elsif obj.is_a?(Array)
-        obj.collect {|o| possible_values_options(o)}.inject {|memo, v| memo & v}
-      else
-        []
-      end
-    else
-      read_attribute :possible_values
-    end
-  end
-  
-  def possible_values(obj=nil)
-    case field_format
-    when 'user', 'version'
-      possible_values_options(obj).collect(&:last)
-    else
-      read_attribute :possible_values
-    end
-  end
-  
  # Makes possible_values accept a multiline string
  def possible_values=(arg)
    if arg.is_a?(Array)
@@ -108,8 +72,6 @@ class CustomField < ActiveRecord::Base
        casted = value.to_i
      when 'float'
        casted = value.to_f
-      when 'user', 'version'
-        casted = (value.blank? ? nil : field_format.classify.constantize.find_by_id(value.to_i))
      end
    end
    casted
--- a/app/models/custom_value.rb
+++ b/app/models/custom_value.rb
@@ -34,10 +34,6 @@ class CustomValue < ActiveRecord::Base
    custom_field.editable?
  end
  
-  def visible?
-    custom_field.visible?
-  end
-  
  def required?
    custom_field.is_required?
  end
@@ -62,7 +58,7 @@ protected
      when 'float'
        begin; Kernel.Float(value); rescue; errors.add(:value, :invalid) end
      when 'date'
-        errors.add(:value, :not_a_date) unless value =~ /^\d{4}-\d{2}-\d{2}$/ && begin; value.to_date; rescue; false end
+        errors.add(:value, :not_a_date) unless value =~ /^\d{4}-\d{2}-\d{2}$/
      when 'list'
        errors.add(:value, :inclusion) unless custom_field.possible_values.include?(value)
      end
--- a/app/models/document.rb
+++ b/app/models/document.rb
@@ -1,16 +1,16 @@
-# RedMine - project management software
-# Copyright (C) 2006-2011  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
@@ -25,23 +25,20 @@ class Document < ActiveRecord::Base
                :author => Proc.new {|o| (a = o.attachments.find(:first, :order => "#{Attachment.table_name}.created_on ASC")) ? a.author : nil },
                :url => Proc.new {|o| {:controller => 'documents', :action => 'show', :id => o.id}}
  acts_as_activity_provider :find_options => {:include => :project}
-
+  
  validates_presence_of :project, :title, :category
  validates_length_of :title, :maximum => 60
-
-  named_scope :visible, lambda {|*args| { :include => :project,
-                                          :conditions => Project.allowed_to_condition(args.shift || User.current, :view_documents, *args) } }
-
+  
  def visible?(user=User.current)
    !user.nil? && user.allowed_to?(:view_documents, project)
  end
-
+  
  def after_initialize
    if new_record?
      self.category ||= DocumentCategory.default
    end
  end
-
+  
  def updated_on
    unless @updated_on
      a = attachments.find(:first, :order => 'created_on DESC')
--- a/app/models/document_category.rb
+++ b/app/models/document_category.rb
@@ -1,16 +1,16 @@
-# Redmine - project management software
-# Copyright (C) 2006-2011  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
--- a/app/models/document_category_custom_field.rb
+++ b/app/models/document_category_custom_field.rb
@@ -1,16 +1,16 @@
-# Redmine - project management software
-# Copyright (C) 2006-2011  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
@@ -20,3 +20,4 @@ class DocumentCategoryCustomField < CustomField
    :enumeration_doc_categories
  end
 end
+
--- a/app/models/document_observer.rb
+++ b/app/models/document_observer.rb
@@ -1,16 +1,16 @@
-# Redmine - project management software
-# Copyright (C) 2006-2011  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006-2007  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
--- a/app/models/enabled_module.rb
+++ b/app/models/enabled_module.rb
@@ -1,30 +1,30 @@
 # Redmine - project management software
-# Copyright (C) 2006-2011  Jean-Philippe Lang
+# Copyright (C) 2006-2009  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class EnabledModule < ActiveRecord::Base
  belongs_to :project
-
+  
  validates_presence_of :name
  validates_uniqueness_of :name, :scope => :project_id
-
+  
  after_create :module_enabled
-
+  
  private
-
+  
  # after_create callback used to do things when a module is enabled
  def module_enabled
    case name
--- a/app/models/enumeration.rb
+++ b/app/models/enumeration.rb
@@ -32,7 +32,6 @@ class Enumeration < ActiveRecord::Base

  named_scope :shared, :conditions => { :project_id => nil }
  named_scope :active, :conditions => { :active => true }
-  named_scope :named, lambda {|arg| { :conditions => ["LOWER(#{table_name}.name) = LOWER(?)", arg.to_s.strip]}}

  def self.default
    # Creates a fake default scope so Enumeration.default will check
--- a/app/models/issue.rb
+++ b/app/models/issue.rb
@@ -1,23 +1,21 @@
-# Redmine - project management software
-# Copyright (C) 2006-2011  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006-2007  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class Issue < ActiveRecord::Base
-  include Redmine::SafeAttributes
-
  belongs_to :project
  belongs_to :tracker
  belongs_to :status, :class_name => 'IssueStatus', :foreign_key => 'status_id'
@@ -30,11 +28,11 @@ class Issue < ActiveRecord::Base
  has_many :journals, :as => :journalized, :dependent => :destroy
  has_many :time_entries, :dependent => :delete_all
  has_and_belongs_to_many :changesets, :order => "#{Changeset.table_name}.committed_on ASC, #{Changeset.table_name}.id ASC"
-
+  
  has_many :relations_from, :class_name => 'IssueRelation', :foreign_key => 'issue_from_id', :dependent => :delete_all
  has_many :relations_to, :class_name => 'IssueRelation', :foreign_key => 'issue_to_id', :dependent => :delete_all
-
-  acts_as_nested_set :scope => 'root_id', :dependent => :destroy
+  
+  acts_as_nested_set :scope => 'root_id'
  acts_as_attachable :after_remove => :attachment_removed
  acts_as_customizable
  acts_as_watchable
@@ -45,7 +43,7 @@ class Issue < ActiveRecord::Base
  acts_as_event :title => Proc.new {|o| "#{o.tracker.name} ##{o.id} (#{o.status}): #{o.subject}"},
                :url => Proc.new {|o| {:controller => 'issues', :action => 'show', :id => o.id}},
                :type => Proc.new {|o| 'issue' + (o.closed? ? ' closed' : '') }
-
+  
  acts_as_activity_provider :find_options => {:include => [:project, :author, :tracker]},
                            :author_key => :author_id

@@ -60,64 +58,26 @@ class Issue < ActiveRecord::Base
  validates_numericality_of :estimated_hours, :allow_nil => true

  named_scope :visible, lambda {|*args| { :include => :project,
-                                          :conditions => Issue.visible_condition(args.shift || User.current, *args) } }
-
+                                          :conditions => Project.allowed_to_condition(args.first || User.current, :view_issues) } }
+  
  named_scope :open, :conditions => ["#{IssueStatus.table_name}.is_closed = ?", false], :include => :status

-  named_scope :recently_updated, :order => "#{Issue.table_name}.updated_on DESC"
+  named_scope :recently_updated, :order => "#{self.table_name}.updated_on DESC"
  named_scope :with_limit, lambda { |limit| { :limit => limit} }
  named_scope :on_active_project, :include => [:status, :project, :tracker],
                                  :conditions => ["#{Project.table_name}.status=#{Project::STATUS_ACTIVE}"]

-  named_scope :without_version, lambda {
-    {
-      :conditions => { :fixed_version_id => nil}
-    }
-  }
-
-  named_scope :with_query, lambda {|query|
-    {
-      :conditions => Query.merge_conditions(query.statement)
-    }
-  }
-
  before_create :default_assign
  before_save :close_duplicates, :update_done_ratio_from_issue_status
  after_save :reschedule_following_issues, :update_nested_set_attributes, :update_parent_attributes, :create_journal
+  after_destroy :destroy_children
  after_destroy :update_parent_attributes
-
-  # Returns a SQL conditions string used to find all issues visible by the specified user
-  def self.visible_condition(user, options={})
-    Project.allowed_to_condition(user, :view_issues, options) do |role, user|
-      case role.issues_visibility
-      when 'all'
-        nil
-      when 'default'
-        "(#{table_name}.is_private = #{connection.quoted_false} OR #{table_name}.author_id = #{user.id} OR #{table_name}.assigned_to_id = #{user.id})"
-      when 'own'
-        "(#{table_name}.author_id = #{user.id} OR #{table_name}.assigned_to_id = #{user.id})"
-      else
-        '1=0'
-      end
-    end
-  end
-
+  
  # Returns true if usr or current user is allowed to view the issue
  def visible?(usr=nil)
-    (usr || User.current).allowed_to?(:view_issues, self.project) do |role, user|
-      case role.issues_visibility
-      when 'all'
-        true
-      when 'default'
-        !self.is_private? || self.author == user || self.assigned_to == user
-      when 'own'
-        self.author == user || self.assigned_to == user
-      else
-        false
-      end
-    end
+    (usr || User.current).allowed_to?(:view_issues, self.project)
  end
-
+  
  def after_initialize
    if new_record?
      # set default values for new records only
@@ -125,12 +85,12 @@ class Issue < ActiveRecord::Base
      self.priority ||= IssuePriority.default
    end
  end
-
+  
  # Overrides Redmine::Acts::Customizable::InstanceMethods#available_custom_fields
  def available_custom_fields
-    (project && tracker) ? (project.all_issue_custom_fields & tracker.custom_fields.all) : []
+    (project && tracker) ? project.all_issue_custom_fields.select {|c| tracker.custom_fields.include? c } : []
  end
-
+  
  def copy_from(arg)
    issue = arg.is_a?(Issue) ? arg : Issue.visible.find(arg)
    self.attributes = issue.attributes.dup.except("id", "root_id", "parent_id", "lft", "rgt", "created_on", "updated_on")
@@ -138,7 +98,7 @@ class Issue < ActiveRecord::Base
    self.status = issue.status
    self
  end
-
+  
  # Moves/copies an issue to a new project and tracker
  # Returns the moved/copied issue on success, false on failure
  def move_to_project(*args)
@@ -146,11 +106,11 @@ class Issue < ActiveRecord::Base
      move_to_project_without_transaction(*args) || raise(ActiveRecord::Rollback)
    end || false
  end
-
+  
  def move_to_project_without_transaction(new_project, new_tracker = nil, options = {})
    options ||= {}
    issue = options[:copy] ? self.class.new.copy_from(self) : self
-
+    
    if new_project && issue.project_id != new_project.id
      # delete issue relations
      unless Setting.cross_project_issue_relations?
@@ -175,7 +135,6 @@ class Issue < ActiveRecord::Base
      issue.reset_custom_values!
    end
    if options[:copy]
-      issue.author = User.current
      issue.custom_field_values = self.custom_field_values.inject({}) {|h,v| h[v.custom_field_id] = v.value; h}
      issue.status = if options[:attributes] && options[:attributes][:status_id]
                       IssueStatus.find_by_id(options[:attributes][:status_id])
@@ -188,16 +147,10 @@ class Issue < ActiveRecord::Base
      issue.attributes = options[:attributes]
    end
    if issue.save
-      if options[:copy]
-        if current_journal && current_journal.notes.present?
-          issue.init_journal(current_journal.user, current_journal.notes)
-          issue.current_journal.notify = false
-          issue.save
-        end
-      else
+      unless options[:copy]
        # Manually update project_id on related time entries
        TimeEntry.update_all("project_id = #{new_project.id}", {:issue_id => id})
-
+        
        issue.children.each do |child|
          unless child.move_to_project_without_transaction(new_project)
            # Move failed and transaction was rollback'd
@@ -215,7 +168,7 @@ class Issue < ActiveRecord::Base
    self.status = nil
    write_attribute(:status_id, sid)
  end
-
+  
  def priority_id=(pid)
    self.priority = nil
    write_attribute(:priority_id, pid)
@@ -228,13 +181,6 @@ class Issue < ActiveRecord::Base
    result
  end
  
-  def description=(arg)
-    if arg.is_a?(String)
-      arg = arg.gsub(/(\r\n|\n|\r)/, "\r\n")
-    end
-    write_attribute(:description, arg)
-  end
-
  # Overrides attributes= so that tracker_id gets assigned first
  def attributes_with_tracker_first=(new_attributes, *args)
    return if new_attributes.nil?
@@ -246,68 +192,47 @@ class Issue < ActiveRecord::Base
  end
  # Do not redefine alias chain on reload (see #4838)
  alias_method_chain(:attributes=, :tracker_first) unless method_defined?(:attributes_without_tracker_first=)
-
+  
  def estimated_hours=(h)
    write_attribute :estimated_hours, (h.is_a?(String) ? h.to_hours : h)
  end
-
-  safe_attributes 'tracker_id',
-    'status_id',
-    'parent_issue_id',
-    'category_id',
-    'assigned_to_id',
-    'priority_id',
-    'fixed_version_id',
-    'subject',
-    'description',
-    'start_date',
-    'due_date',
-    'done_ratio',
-    'estimated_hours',
-    'custom_field_values',
-    'custom_fields',
-    'lock_version',
-    :if => lambda {|issue, user| issue.new_record? || user.allowed_to?(:edit_issues, issue.project) }
-
-  safe_attributes 'status_id',
-    'assigned_to_id',
-    'fixed_version_id',
-    'done_ratio',
-    :if => lambda {|issue, user| issue.new_statuses_allowed_to(user).any? }
-
-  safe_attributes 'is_private',
-    :if => lambda {|issue, user|
-      user.allowed_to?(:set_issues_private, issue.project) ||
-        (issue.author == user && user.allowed_to?(:set_own_issues_private, issue.project))
-    }
-
+  
+  SAFE_ATTRIBUTES = %w(
+    tracker_id
+    status_id
+    parent_issue_id
+    category_id
+    assigned_to_id
+    priority_id
+    fixed_version_id
+    subject
+    description
+    start_date
+    due_date
+    done_ratio
+    estimated_hours
+    custom_field_values
+    lock_version
+  ) unless const_defined?(:SAFE_ATTRIBUTES)
+  
  # Safely sets attributes
  # Should be called from controllers instead of #attributes=
  # attr_accessible is too rough because we still want things like
  # Issue.new(:project => foo) to work
  # TODO: move workflow/permission checks from controllers to here
  def safe_attributes=(attrs, user=User.current)
-    return unless attrs.is_a?(Hash)
-
-    # User can change issue attributes only if he has :edit permission or if a workflow transition is allowed
-    attrs = delete_unsafe_attributes(attrs, user)
-    return if attrs.empty?
-
-    # Tracker must be set before since new_statuses_allowed_to depends on it.
-    if t = attrs.delete('tracker_id')
-      self.tracker_id = t
-    end
-
+    return if attrs.nil?
+    attrs = attrs.reject {|k,v| !SAFE_ATTRIBUTES.include?(k)}
    if attrs['status_id']
      unless new_statuses_allowed_to(user).collect(&:id).include?(attrs['status_id'].to_i)
        attrs.delete('status_id')
      end
    end
-
+    
    unless leaf?
      attrs.reject! {|k,v| %w(priority_id done_ratio start_date due_date estimated_hours).include?(k)}
    end
-
+    
    if attrs.has_key?('parent_issue_id')
      if !user.allowed_to?(:manage_subtasks, project)
        attrs.delete('parent_issue_id')
@@ -315,10 +240,10 @@ class Issue < ActiveRecord::Base
        attrs.delete('parent_issue_id') unless Issue.visible(user).exists?(attrs['parent_issue_id'].to_i)
      end
    end
-
+    
    self.attributes = attrs
  end
-
+  
  def done_ratio
    if Issue.use_status_for_done_ratio? && status && status.default_done_ratio
      status.default_done_ratio
@@ -334,20 +259,20 @@ class Issue < ActiveRecord::Base
  def self.use_field_for_done_ratio?
    Setting.issue_done_ratio == 'issue_field'
  end
-
+  
  def validate
    if self.due_date.nil? && @attributes['due_date'] && !@attributes['due_date'].empty?
      errors.add :due_date, :not_a_date
    end
-
+    
    if self.due_date and self.start_date and self.due_date < self.start_date
      errors.add :due_date, :greater_than_start_date
    end
-
+    
    if start_date && soonest_start && start_date < soonest_start
      errors.add :start_date, :invalid
    end
-
+    
    if fixed_version
      if !assignable_versions.include?(fixed_version)
        errors.add :fixed_version_id, :inclusion
@@ -355,14 +280,14 @@ class Issue < ActiveRecord::Base
        errors.add_to_base I18n.t(:error_can_not_reopen_issue_on_closed_version)
      end
    end
-
+    
    # Checks that the issue can not be added/moved to a disabled tracker
    if project && (tracker_id_changed? || project_id_changed?)
      unless project.trackers.include?(tracker)
        errors.add :tracker_id, :inclusion
      end
    end
-
+    
    # Checks parent issue assignment
    if @parent_issue
      if @parent_issue.project_id != project_id
@@ -379,7 +304,7 @@ class Issue < ActiveRecord::Base
      end
    end
  end
-
+  
  # Set the done_ratio using the status if that setting is set.  This will keep the done_ratios
  # even if the user turns off the setting later
  def update_done_ratio_from_issue_status
@@ -387,7 +312,7 @@ class Issue < ActiveRecord::Base
      self.done_ratio = status.default_done_ratio
    end
  end
-
+  
  def init_journal(user, notes = "")
    @current_journal ||= Journal.new(:journalized => self, :user => user, :notes => notes)
    @issue_before_change = self.clone
@@ -398,12 +323,12 @@ class Issue < ActiveRecord::Base
    updated_on_will_change!
    @current_journal
  end
-
+  
  # Return true if the issue is closed, otherwise false
  def closed?
    self.status.is_closed?
  end
-
+  
  # Return true if the issue is being reopened
  def reopened?
    if !new_record? && status_id_changed?
@@ -427,69 +352,55 @@ class Issue < ActiveRecord::Base
    end
    false
  end
-
+  
  # Returns true if the issue is overdue
  def overdue?
    !due_date.nil? && (due_date < Date.today) && !status.is_closed?
  end

-  # Is the amount of work done less than it should for the due date
-  def behind_schedule?
-    return false if start_date.nil? || due_date.nil?
-    done_date = start_date + ((due_date - start_date+1)* done_ratio/100).floor
-    return done_date <= Date.today
-  end
-
  # Does this issue have children?
  def children?
    !leaf?
  end
-
+  
  # Users the issue can be assigned to
  def assignable_users
    users = project.assignable_users
    users << author if author
-    users << assigned_to if assigned_to
    users.uniq.sort
  end
-
+  
  # Versions that the issue can be assigned to
  def assignable_versions
    @assignable_versions ||= (project.shared_versions.open + [Version.find_by_id(fixed_version_id_was)]).compact.uniq.sort
  end
-
+  
  # Returns true if this issue is blocked by another issue that is still open
  def blocked?
    !relations_to.detect {|ir| ir.relation_type == 'blocks' && !ir.issue_from.closed?}.nil?
  end
-
+  
  # Returns an array of status that user is able to apply
  def new_statuses_allowed_to(user, include_default=false)
-    statuses = status.find_new_statuses_allowed_to(
-      user.roles_for_project(project),
-      tracker,
-      author == user,
-      assigned_to_id_changed? ? assigned_to_id_was == user.id : assigned_to_id == user.id
-      )
+    statuses = status.find_new_statuses_allowed_to(user.roles_for_project(project), tracker)
    statuses << status unless statuses.empty?
    statuses << IssueStatus.default if include_default
    statuses = statuses.uniq.sort
    blocked? ? statuses.reject {|s| s.is_closed?} : statuses
  end
-
+  
  # Returns the mail adresses of users that should be notified
  def recipients
    notified = project.notified_users
-    # Author and assignee are always notified unless they have been
-    # locked or don't want to be notified
-    notified << author if author && author.active? && author.notify_about?(self)
-    notified << assigned_to if assigned_to && assigned_to.active? && assigned_to.notify_about?(self)
+    # Author and assignee are always notified unless they have been locked
+    notified << author if author && author.active?
+    notified << assigned_to if assigned_to && assigned_to.active?
    notified.uniq!
    # Remove users that can not view the issue
    notified.reject! {|user| !visible?(user)}
    notified.collect(&:mail)
  end
-
+  
  # Returns the total number of hours spent on this issue and its descendants
  #
  # Example:
@@ -498,50 +409,47 @@ class Issue < ActiveRecord::Base
  def spent_hours
    @spent_hours ||= self_and_descendants.sum("#{TimeEntry.table_name}.hours", :include => :time_entries).to_f || 0.0
  end
-
+  
  def relations
    (relations_from + relations_to).sort
  end
-
-  def all_dependent_issues(except=[])
-    except << self
+  
+  def all_dependent_issues
    dependencies = []
    relations_from.each do |relation|
-      if relation.issue_to && !except.include?(relation.issue_to)
-        dependencies << relation.issue_to
-        dependencies += relation.issue_to.all_dependent_issues(except)
-      end
+      dependencies << relation.issue_to
+      dependencies += relation.issue_to.all_dependent_issues
    end
    dependencies
  end
-
+  
  # Returns an array of issues that duplicate this one
  def duplicates
    relations_to.select {|r| r.relation_type == IssueRelation::TYPE_DUPLICATES}.collect {|r| r.issue_from}
  end
-
+  
  # Returns the due date or the target due date if any
  # Used on gantt chart
  def due_before
    due_date || (fixed_version ? fixed_version.effective_date : nil)
  end
-
+  
  # Returns the time scheduled for this issue.
-  #
+  # 
  # Example:
  #   Start Date: 2/26/09, End Date: 3/04/09
  #   duration => 6
  def duration
    (start_date && due_date) ? due_date - start_date : 0
  end
-
+  
  def soonest_start
    @soonest_start ||= (
        relations_to.collect{|relation| relation.successor_soonest_start} +
        ancestors.collect(&:soonest_start)
      ).compact.max
  end
-
+  
  def reschedule_after(date)
    return if date.nil?
    if leaf?
@@ -555,7 +463,7 @@ class Issue < ActiveRecord::Base
      end
    end
  end
-
+  
  def <=>(issue)
    if issue.nil?
      -1
@@ -565,19 +473,16 @@ class Issue < ActiveRecord::Base
      (lft || 0) <=> (issue.lft || 0)
    end
  end
-
+  
  def to_s
    "#{tracker} ##{id}: #{subject}"
  end
-
+  
  # Returns a string of css classes that apply to the issue
  def css_classes
    s = "issue status-#{status.position} priority-#{priority.position}"
    s << ' closed' if closed?
    s << ' overdue' if overdue?
-    s << ' child' if child?
-    s << ' parent' unless leaf?
-    s << ' private' if is_private?
    s << ' created-by-me' if User.current.logged? && author_id == User.current.id
    s << ' assigned-to-me' if User.current.logged? && assigned_to_id == User.current.id
    s
@@ -587,7 +492,7 @@ class Issue < ActiveRecord::Base
  # Returns false if save fails
  def save_issue_with_child_records(params, existing_time_entry=nil)
    Issue.transaction do
-      if params[:time_entry] && (params[:time_entry][:hours].present? || params[:time_entry][:comments].present?) && User.current.allowed_to?(:log_time, project)
+      if params[:time_entry] && params[:time_entry][:hours].present? && User.current.allowed_to?(:log_time, project)
        @time_entry = existing_time_entry || TimeEntry.new
        @time_entry.project = project
        @time_entry.issue = self
@@ -596,10 +501,10 @@ class Issue < ActiveRecord::Base
        @time_entry.attributes = params[:time_entry]
        self.time_entries << @time_entry
      end
-
+  
      if valid?
        attachments = Attachment.attach_files(self, params[:attachments])
-
+  
        attachments[:files].each {|a| @current_journal.details << JournalDetail.new(:property => 'attachment', :prop_key => a.id, :value => a.filename)}
        # TODO: Rename hook
        Redmine::Hook.call_hook(:controller_issues_edit_before_save, { :params => params, :issue => self, :time_entry => @time_entry, :journal => @current_journal})
@@ -624,7 +529,7 @@ class Issue < ActiveRecord::Base
    # Update issues assigned to the version
    update_versions(["#{Issue.table_name}.fixed_version_id = ?", version.id])
  end
-
+  
  # Unassigns issues from versions that are no longer shared
  # after +project+ was moved
  def self.update_versions_from_hierarchy_change(project)
@@ -642,7 +547,7 @@ class Issue < ActiveRecord::Base
      nil
    end
  end
-
+  
  def parent_issue_id
    if instance_variable_defined? :@parent_issue
      @parent_issue.nil? ? nil : @parent_issue.id
@@ -691,19 +596,17 @@ class Issue < ActiveRecord::Base
  def self.by_subproject(project)
    ActiveRecord::Base.connection.select_all("select    s.id as status_id, 
                                                s.is_closed as closed, 
-                                                #{Issue.table_name}.project_id as project_id,
-                                                count(#{Issue.table_name}.id) as total 
+                                                i.project_id as project_id,
+                                                count(i.id) as total 
                                              from 
-                                                #{Issue.table_name}, #{Project.table_name}, #{IssueStatus.table_name} s
+                                                #{Issue.table_name} i, #{IssueStatus.table_name} s
                                              where 
-                                                #{Issue.table_name}.status_id=s.id
-                                                and #{Issue.table_name}.project_id = #{Project.table_name}.id
-                                                and #{visible_condition(User.current, :project => project, :with_subprojects => true)}
-                                                and #{Issue.table_name}.project_id <> #{project.id}
-                                              group by s.id, s.is_closed, #{Issue.table_name}.project_id") if project.descendants.active.any?
+                                                i.status_id=s.id 
+                                                and i.project_id IN (#{project.descendants.active.collect{|p| p.id}.join(',')})
+                                              group by s.id, s.is_closed, i.project_id") if project.descendants.active.any?
  end
  # End ReportsController extraction
-
+  
  # Returns an array of projects that current user can move issues to
  def self.allowed_target_projects_on_move
    projects = []
@@ -719,9 +622,9 @@ class Issue < ActiveRecord::Base
    end
    projects
  end
-
+   
  private
-
+  
  def update_nested_set_attributes
    if root_id.nil?
      # issue was just created
@@ -768,7 +671,7 @@ class Issue < ActiveRecord::Base
    end
    remove_instance_variable(:@parent_issue) if instance_variable_defined?(:@parent_issue)
  end
-
+  
  def update_parent_attributes
    recalculate_attributes_for(parent_id) if parent_id
  end
@@ -779,14 +682,14 @@ class Issue < ActiveRecord::Base
      if priority_position = p.children.maximum("#{IssuePriority.table_name}.position", :include => :priority)
        p.priority = IssuePriority.find_by_position(priority_position)
      end
-
+      
      # start/due dates = lowest/highest dates of children
      p.start_date = p.children.minimum(:start_date)
      p.due_date = p.children.maximum(:due_date)
      if p.start_date && p.due_date && p.due_date < p.start_date
        p.start_date, p.due_date = p.due_date, p.start_date
      end
-
+      
      # done ratio = weighted average ratio of leaves
      unless Issue.use_status_for_done_ratio? && p.status && p.status.default_done_ratio
        leaves_count = p.leaves.count
@@ -800,16 +703,24 @@ class Issue < ActiveRecord::Base
          p.done_ratio = progress.round
        end
      end
-
+      
      # estimate = sum of leaves estimates
      p.estimated_hours = p.leaves.sum(:estimated_hours).to_f
      p.estimated_hours = nil if p.estimated_hours == 0.0
-
+      
      # ancestors will be recursively updated
      p.save(false)
    end
  end
-
+  
+  def destroy_children
+    unless leaf?
+      children.each do |child|
+        child.destroy
+      end
+    end
+  end
+  
  # Update issues so their versions are not pointing to a
  # fixed_version that is not shared with the issue's project
  def self.update_versions(conditions=nil)
@@ -829,7 +740,7 @@ class Issue < ActiveRecord::Base
      end
    end
  end
-
+  
  # Callback on attachment deletion
  def attachment_removed(obj)
    journal = init_journal(User.current)
@@ -838,7 +749,7 @@ class Issue < ActiveRecord::Base
                                         :old_value => obj.filename)
    journal.save
  end
-
+  
  # Default assignment based on category
  def default_assign
    if assigned_to.nil? && category && category.assigned_to
@@ -871,30 +782,27 @@ class Issue < ActiveRecord::Base
      end
    end
  end
-
+  
  # Saves the changes in a Journal
  # Called after_save
  def create_journal
    if @current_journal
      # attributes changes
-      (Issue.column_names - %w(id root_id lft rgt lock_version created_on updated_on)).each {|c|
-        before = @issue_before_change.send(c)
-        after = send(c)
-        next if before == after || (before.blank? && after.blank?)
+      (Issue.column_names - %w(id description root_id lft rgt lock_version created_on updated_on)).each {|c|
        @current_journal.details << JournalDetail.new(:property => 'attr',
                                                      :prop_key => c,
                                                      :old_value => @issue_before_change.send(c),
-                                                      :value => send(c))
+                                                      :value => send(c)) unless send(c)==@issue_before_change.send(c)
      }
      # custom fields changes
      custom_values.each {|c|
        next if (@custom_values_before_change[c.custom_field_id]==c.value ||
                  (@custom_values_before_change[c.custom_field_id].blank? && c.value.blank?))
-        @current_journal.details << JournalDetail.new(:property => 'cf',
+        @current_journal.details << JournalDetail.new(:property => 'cf', 
                                                      :prop_key => c.custom_field_id,
                                                      :old_value => @custom_values_before_change[c.custom_field_id],
                                                      :value => c.value)
-      }
+      }      
      @current_journal.save
      # reset current journal
      init_journal @current_journal.user, @current_journal.notes
@@ -913,19 +821,20 @@ class Issue < ActiveRecord::Base
    select_field = options.delete(:field)
    joins = options.delete(:joins)

-    where = "#{Issue.table_name}.#{select_field}=j.id"
-
+    where = "i.#{select_field}=j.id"
+    
    ActiveRecord::Base.connection.select_all("select    s.id as status_id, 
                                                s.is_closed as closed, 
                                                j.id as #{select_field},
-                                                count(#{Issue.table_name}.id) as total 
+                                                count(i.id) as total 
                                              from 
-                                                  #{Issue.table_name}, #{Project.table_name}, #{IssueStatus.table_name} s, #{joins} j
+                                                  #{Issue.table_name} i, #{IssueStatus.table_name} s, #{joins} j
                                              where 
-                                                #{Issue.table_name}.status_id=s.id 
+                                                i.status_id=s.id 
                                                and #{where}
-                                                and #{Issue.table_name}.project_id=#{Project.table_name}.id
-                                                and #{visible_condition(User.current, :project => project)}
+                                                and i.project_id=#{project.id}
                                              group by s.id, s.is_closed, j.id")
  end
+  
+
 end
--- a/app/models/issue_category.rb
+++ b/app/models/issue_category.rb
@@ -1,5 +1,5 @@
-# Redmine - project management software
-# Copyright (C) 2006-2011  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -24,8 +24,6 @@ class IssueCategory < ActiveRecord::Base
  validates_uniqueness_of :name, :scope => [:project_id]
  validates_length_of :name, :maximum => 30
  
-  named_scope :named, lambda {|arg| { :conditions => ["LOWER(#{table_name}.name) = LOWER(?)", arg.to_s.strip]}}
-  
  alias :destroy_without_reassign :destroy
  
  # Destroy the category
--- a/app/models/issue_relation.rb
+++ b/app/models/issue_relation.rb
@@ -47,12 +47,7 @@ class IssueRelation < ActiveRecord::Base
    if issue_from && issue_to
      errors.add :issue_to_id, :invalid if issue_from_id == issue_to_id
      errors.add :issue_to_id, :not_same_project unless issue_from.project_id == issue_to.project_id || Setting.cross_project_issue_relations?
-      #detect circular dependencies depending wether the relation should be reversed
-      if TYPES.has_key?(relation_type) && TYPES[relation_type][:reverse]
-        errors.add_to_base :circular_dependency if issue_from.all_dependent_issues.include? issue_to
-      else
-        errors.add_to_base :circular_dependency if issue_to.all_dependent_issues.include? issue_from
-      end
+      errors.add_to_base :circular_dependency if issue_to.all_dependent_issues.include? issue_from
      errors.add_to_base :cant_link_an_issue_with_a_descendant if issue_from.is_descendant_of?(issue_to) || issue_from.is_ancestor_of?(issue_to)
    end
  end
@@ -89,15 +84,14 @@ class IssueRelation < ActiveRecord::Base
  
  def set_issue_to_dates
    soonest_start = self.successor_soonest_start
-    if soonest_start && issue_to
+    if soonest_start
      issue_to.reschedule_after(soonest_start)
    end
  end
  
  def successor_soonest_start
-    if (TYPE_PRECEDES == self.relation_type) && delay && issue_from && (issue_from.start_date || issue_from.due_date)
-      (issue_from.due_date || issue_from.start_date) + 1 + delay
-    end
+    return nil unless (TYPE_PRECEDES == self.relation_type) && (issue_from.start_date || issue_from.due_date)
+    (issue_from.due_date || issue_from.start_date) + 1 + delay
  end
  
  def <=>(relation)
--- a/app/models/issue_status.rb
+++ b/app/models/issue_status.rb
@@ -25,9 +25,8 @@ class IssueStatus < ActiveRecord::Base
  validates_presence_of :name
  validates_uniqueness_of :name
  validates_length_of :name, :maximum => 30
+  validates_format_of :name, :with => /^[\w\s\'\-]*$/i
  validates_inclusion_of :default_done_ratio, :in => 0..100, :allow_nil => true
-  
-  named_scope :named, lambda {|arg| { :conditions => ["LOWER(#{table_name}.name) = LOWER(?)", arg.to_s.strip]}}

  def after_save
    IssueStatus.update_all("is_default=#{connection.quoted_false}", ['id <> ?', id]) if self.is_default?
@@ -52,15 +51,10 @@ class IssueStatus < ActiveRecord::Base

  # Returns an array of all statuses the given role can switch to
  # Uses association cache when called more than one time
-  def new_statuses_allowed_to(roles, tracker, author=false, assignee=false)
+  def new_statuses_allowed_to(roles, tracker)
    if roles && tracker
      role_ids = roles.collect(&:id)
-      transitions = workflows.select do |w|
-        role_ids.include?(w.role_id) &&
-        w.tracker_id == tracker.id && 
-        ((!w.author && !w.assignee) || (author && w.author) || (assignee && w.assignee))
-      end
-      transitions.collect{|w| w.new_status}.compact.sort
+      new_statuses = workflows.select {|w| role_ids.include?(w.role_id) && w.tracker_id == tracker.id}.collect{|w| w.new_status}.compact.sort
    else
      []
    end
@@ -68,22 +62,24 @@ class IssueStatus < ActiveRecord::Base
  
  # Same thing as above but uses a database query
  # More efficient than the previous method if called just once
-  def find_new_statuses_allowed_to(roles, tracker, author=false, assignee=false)
-    if roles.present? && tracker
-      conditions = "(author = :false AND assignee = :false)"
-      conditions << " OR author = :true" if author
-      conditions << " OR assignee = :true" if assignee
-      
+  def find_new_statuses_allowed_to(roles, tracker)
+    if roles && tracker
      workflows.find(:all,
-        :include => :new_status,
-        :conditions => ["role_id IN (:role_ids) AND tracker_id = :tracker_id AND (#{conditions})", 
-          {:role_ids => roles.collect(&:id), :tracker_id => tracker.id, :true => true, :false => false}
-          ]
-        ).collect{|w| w.new_status}.compact.sort
+                     :include => :new_status,
+                     :conditions => { :role_id => roles.collect(&:id), 
+                                      :tracker_id => tracker.id}).collect{ |w| w.new_status }.compact.sort
    else
      []
    end
  end
+  
+  def new_status_allowed_to?(status, roles, tracker)
+    if status && roles && tracker
+      !workflows.find(:first, :conditions => {:new_status_id => status.id, :role_id => roles.collect(&:id), :tracker_id => tracker.id}).nil?
+    else
+      false
+    end
+  end

  def <=>(status)
    position <=> status.position
--- a/app/models/journal.rb
+++ b/app/models/journal.rb
@@ -1,5 +1,5 @@
-# Redmine - project management software
-# Copyright (C) 2006-2011  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -32,16 +32,12 @@ class Journal < ActiveRecord::Base
                :url => Proc.new {|o| {:controller => 'issues', :action => 'show', :id => o.issue.id, :anchor => "change-#{o.id}"}}

  acts_as_activity_provider :type => 'issues',
+                            :permission => :view_issues,
                            :author_key => :user_id,
                            :find_options => {:include => [{:issue => :project}, :details, :user],
                                              :conditions => "#{Journal.table_name}.journalized_type = 'Issue' AND" +
                                                             " (#{JournalDetail.table_name}.prop_key = 'status_id' OR #{Journal.table_name}.notes <> '')"}
  
-  named_scope :visible, lambda {|*args| {
-    :include => {:issue => :project},
-    :conditions => Issue.visible_condition(args.shift || User.current, *args)
-  }}
-  
  def save(*args)
    # Do not save an empty journal
    (details.empty? && notes.blank?) ? false : super
@@ -77,12 +73,4 @@ class Journal < ActiveRecord::Base
    s << ' has-details' unless details.blank?
    s
  end
-  
-  def notify?
-    @notify != false
-  end
-  
-  def notify=(arg)
-    @notify = arg
-  end
 end
--- a/app/models/journal_detail.rb
+++ b/app/models/journal_detail.rb
@@ -1,5 +1,5 @@
-# Redmine - project management software
-# Copyright (C) 2006-2011  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -17,22 +17,9 @@

 class JournalDetail < ActiveRecord::Base
  belongs_to :journal
-  before_save :normalize_values
  
-  private
-  
-  def normalize_values
-    self.value = normalize(value)
-    self.old_value = normalize(old_value)
-  end
-  
-  def normalize(v)
-    if v == true
-      "1"
-    elsif v == false
-      "0"
-    else
-      v
-    end
+  def before_save
+    self.value = value[0..254] if value && value.is_a?(String)
+    self.old_value = old_value[0..254] if old_value && old_value.is_a?(String)
  end
 end
--- a/app/models/journal_observer.rb
+++ b/app/models/journal_observer.rb
@@ -1,5 +1,5 @@
-# Redmine - project management software
-# Copyright (C) 2006-2011  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006-2007  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -17,13 +17,6 @@

 class JournalObserver < ActiveRecord::Observer
  def after_create(journal)
-    if journal.notify? &&
-        (Setting.notified_events.include?('issue_updated') ||
-          (Setting.notified_events.include?('issue_note_added') && journal.notes.present?) ||
-          (Setting.notified_events.include?('issue_status_updated') && journal.new_status.present?) ||
-          (Setting.notified_events.include?('issue_priority_updated') && journal.new_value_for('priority_id').present?)
-        )
-      Mailer.deliver_issue_edit(journal)
-    end
+    Mailer.deliver_issue_edit(journal) if Setting.notified_events.include?('issue_updated')
  end
 end
--- a/app/models/mail_handler.rb
+++ b/app/models/mail_handler.rb
@@ -1,45 +1,44 @@
-# Redmine - project management software
-# Copyright (C) 2006-2011  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006-2007  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class MailHandler < ActionMailer::Base
  include ActionView::Helpers::SanitizeHelper
-  include Redmine::I18n

  class UnauthorizedAction < StandardError; end
  class MissingInformation < StandardError; end
-
+  
  attr_reader :email, :user

  def self.receive(email, options={})
    @@handler_options = options.dup
-
+    
    @@handler_options[:issue] ||= {}
-
+    
    @@handler_options[:allow_override] = @@handler_options[:allow_override].split(',').collect(&:strip) if @@handler_options[:allow_override].is_a?(String)
    @@handler_options[:allow_override] ||= []
    # Project needs to be overridable if not specified
    @@handler_options[:allow_override] << 'project' unless @@handler_options[:issue].has_key?(:project)
    # Status overridable by default
-    @@handler_options[:allow_override] << 'status' unless @@handler_options[:issue].has_key?(:status)
-
+    @@handler_options[:allow_override] << 'status' unless @@handler_options[:issue].has_key?(:status)    
+    
    @@handler_options[:no_permission_check] = (@@handler_options[:no_permission_check].to_s == '1' ? true : false)
    super email
  end
-
+  
  # Processes incoming emails
  # Returns the created object (eg. an issue, a message) or false
  def receive(email)
@@ -78,13 +77,13 @@ class MailHandler < ActionMailer::Base
    User.current = @user
    dispatch
  end
-
+  
  private

  MESSAGE_ID_RE = %r{^<redmine\.([a-z0-9_]+)\-(\d+)\.\d+@}
  ISSUE_REPLY_SUBJECT_RE = %r{\[[^\]]*#(\d+)\]}
  MESSAGE_REPLY_SUBJECT_RE = %r{\[[^\]]*msg(\d+)\]}
-
+  
  def dispatch
    headers = [email.in_reply_to, email.references].flatten.compact
    if headers.detect {|h| h.to_s =~ MESSAGE_ID_RE}
@@ -100,7 +99,7 @@ class MailHandler < ActionMailer::Base
    elsif m = email.subject.match(MESSAGE_REPLY_SUBJECT_RE)
      receive_message_reply(m[1].to_i)
    else
-      dispatch_to_default
+      receive_issue
    end
  rescue ActiveRecord::RecordInvalid => e
    # TODO: send a email to the user
@@ -113,28 +112,40 @@ class MailHandler < ActionMailer::Base
    logger.error "MailHandler: unauthorized attempt from #{user}" if logger
    false
  end
-
-  def dispatch_to_default
-    receive_issue
-  end
-
+  
  # Creates a new issue
  def receive_issue
    project = target_project
+    tracker = (get_keyword(:tracker) && project.trackers.find_by_name(get_keyword(:tracker))) || project.trackers.find(:first)
+    category = (get_keyword(:category) && project.issue_categories.find_by_name(get_keyword(:category)))
+    priority = (get_keyword(:priority) && IssuePriority.find_by_name(get_keyword(:priority)))
+    status =  (get_keyword(:status) && IssueStatus.find_by_name(get_keyword(:status)))
+    assigned_to = (get_keyword(:assigned_to, :override => true) && find_user_from_keyword(get_keyword(:assigned_to, :override => true)))
+    due_date = get_keyword(:due_date, :override => true)
+    start_date = get_keyword(:start_date, :override => true)
+
    # check permission
    unless @@handler_options[:no_permission_check]
      raise UnauthorizedAction unless user.allowed_to?(:add_issues, project)
    end

-    issue = Issue.new(:author => user, :project => project)
-    issue.safe_attributes = issue_attributes_from_keywords(issue)
-    issue.safe_attributes = {'custom_field_values' => custom_field_values_from_keywords(issue)}
-    issue.subject = email.subject.to_s.chomp[0,255]
+    issue = Issue.new(:author => user, :project => project, :tracker => tracker, :category => category, :priority => priority, :due_date => due_date, :start_date => start_date, :assigned_to => assigned_to)
+    # check workflow
+    if status && issue.new_statuses_allowed_to(user).include?(status)
+      issue.status = status
+    end
+    issue.subject = email.subject.chomp[0,255]
    if issue.subject.blank?
      issue.subject = '(no subject)'
    end
+    # custom fields
+    issue.custom_field_values = issue.available_custom_fields.inject({}) do |h, c|
+      if value = get_keyword(c.name, :override => true)
+        h[c.id] = value
+      end
+      h
+    end
    issue.description = cleaned_up_text_body
-
    # add To and Cc as watchers before saving so the watchers can reply to Redmine
    add_watchers(issue)
    issue.save!
@@ -142,29 +153,47 @@ class MailHandler < ActionMailer::Base
    logger.info "MailHandler: issue ##{issue.id} created by #{user}" if logger && logger.info
    issue
  end
-
+  
+  def target_project
+    # TODO: other ways to specify project:
+    # * parse the email To field
+    # * specific project (eg. Setting.mail_handler_target_project)
+    target = Project.find_by_identifier(get_keyword(:project))
+    raise MissingInformation.new('Unable to determine target project') if target.nil?
+    target
+  end
+  
  # Adds a note to an existing issue
  def receive_issue_reply(issue_id)
+    status =  (get_keyword(:status) && IssueStatus.find_by_name(get_keyword(:status)))
+    due_date = get_keyword(:due_date, :override => true)
+    start_date = get_keyword(:start_date, :override => true)
+    assigned_to = (get_keyword(:assigned_to, :override => true) && find_user_from_keyword(get_keyword(:assigned_to, :override => true)))
+    
    issue = Issue.find_by_id(issue_id)
    return unless issue
    # check permission
    unless @@handler_options[:no_permission_check]
      raise UnauthorizedAction unless user.allowed_to?(:add_issue_notes, issue.project) || user.allowed_to?(:edit_issues, issue.project)
+      raise UnauthorizedAction unless status.nil? || user.allowed_to?(:edit_issues, issue.project)
    end

-    # ignore CLI-supplied defaults for new issues
-    @@handler_options[:issue].clear
-
-    journal = issue.init_journal(user)
-    issue.safe_attributes = issue_attributes_from_keywords(issue)
-    issue.safe_attributes = {'custom_field_values' => custom_field_values_from_keywords(issue)}
-    journal.notes = cleaned_up_text_body
+    # add the note
+    journal = issue.init_journal(user, cleaned_up_text_body)
    add_attachments(issue)
+    # check workflow
+    if status && issue.new_statuses_allowed_to(user).include?(status)
+      issue.status = status
+    end
+    issue.start_date = start_date if start_date
+    issue.due_date = due_date if due_date
+    issue.assigned_to = assigned_to if assigned_to
+    
    issue.save!
    logger.info "MailHandler: issue ##{issue.id} updated by #{user}" if logger && logger.info
    journal
  end
-
+  
  # Reply will be added to the issue
  def receive_journal_reply(journal_id)
    journal = Journal.find_by_id(journal_id)
@@ -172,17 +201,17 @@ class MailHandler < ActionMailer::Base
      receive_issue_reply(journal.journalized_id)
    end
  end
-
+  
  # Receives a reply to a forum message
  def receive_message_reply(message_id)
    message = Message.find_by_id(message_id)
    if message
      message = message.root
-
+      
      unless @@handler_options[:no_permission_check]
        raise UnauthorizedAction unless user.allowed_to?(:add_messages, message.project)
      end
-
+      
      if !message.locked?
        reply = Message.new(:subject => email.subject.gsub(%r{^.*msg\d+\]}, '').strip,
                            :content => cleaned_up_text_body)
@@ -196,9 +225,9 @@ class MailHandler < ActionMailer::Base
      end
    end
  end
-
+  
  def add_attachments(obj)
-    if email.attachments && email.attachments.any?
+    if email.has_attachments?
      email.attachments.each do |attachment|
        Attachment.create(:container => obj,
                          :file => attachment,
@@ -207,7 +236,7 @@ class MailHandler < ActionMailer::Base
      end
    end
  end
-
+  
  # Adds To and Cc as watchers of the given object if the sender has the
  # appropriate permission
  def add_watchers(obj)
@@ -219,81 +248,22 @@ class MailHandler < ActionMailer::Base
      end
    end
  end
-
+  
  def get_keyword(attr, options={})
    @keywords ||= {}
    if @keywords.has_key?(attr)
      @keywords[attr]
    else
      @keywords[attr] = begin
-        if (options[:override] || @@handler_options[:allow_override].include?(attr.to_s)) && (v = extract_keyword!(plain_text_body, attr, options[:format]))
-          v
+        if (options[:override] || @@handler_options[:allow_override].include?(attr.to_s)) && plain_text_body.gsub!(/^#{attr.to_s.humanize}[ \t]*:[ \t]*(.+)\s*$/i, '')
+          $1.strip
        elsif !@@handler_options[:issue][attr].blank?
          @@handler_options[:issue][attr]
        end
      end
    end
  end
-
-  # Destructively extracts the value for +attr+ in +text+
-  # Returns nil if no matching keyword found
-  def extract_keyword!(text, attr, format=nil)
-    keys = [attr.to_s.humanize]
-    if attr.is_a?(Symbol)
-      keys << l("field_#{attr}", :default => '', :locale =>  user.language) if user && user.language.present?
-      keys << l("field_#{attr}", :default => '', :locale =>  Setting.default_language) if Setting.default_language.present?
-    end
-    keys.reject! {|k| k.blank?}
-    keys.collect! {|k| Regexp.escape(k)}
-    format ||= '.+'
-    text.gsub!(/^(#{keys.join('|')})[ \t]*:[ \t]*(#{format})\s*$/i, '')
-    $2 && $2.strip
-  end
-
-  def target_project
-    # TODO: other ways to specify project:
-    # * parse the email To field
-    # * specific project (eg. Setting.mail_handler_target_project)
-    target = Project.find_by_identifier(get_keyword(:project))
-    raise MissingInformation.new('Unable to determine target project') if target.nil?
-    target
-  end
-
-  # Returns a Hash of issue attributes extracted from keywords in the email body
-  def issue_attributes_from_keywords(issue)
-    assigned_to = (k = get_keyword(:assigned_to, :override => true)) && find_user_from_keyword(k)
-    assigned_to = nil if assigned_to && !issue.assignable_users.include?(assigned_to)
-
-    attrs = {
-      'tracker_id' => (k = get_keyword(:tracker)) && issue.project.trackers.named(k).first.try(:id),
-      'status_id' =>  (k = get_keyword(:status)) && IssueStatus.named(k).first.try(:id),
-      'priority_id' => (k = get_keyword(:priority)) && IssuePriority.named(k).first.try(:id),
-      'category_id' => (k = get_keyword(:category)) && issue.project.issue_categories.named(k).first.try(:id),
-      'assigned_to_id' => assigned_to.try(:id),
-      'fixed_version_id' => (k = get_keyword(:fixed_version, :override => true)) && issue.project.shared_versions.named(k).first.try(:id),
-      'start_date' => get_keyword(:start_date, :override => true, :format => '\d{4}-\d{2}-\d{2}'),
-      'due_date' => get_keyword(:due_date, :override => true, :format => '\d{4}-\d{2}-\d{2}'),
-      'estimated_hours' => get_keyword(:estimated_hours, :override => true),
-      'done_ratio' => get_keyword(:done_ratio, :override => true, :format => '(\d|10)?0')
-    }.delete_if {|k, v| v.blank? }
-
-    if issue.new_record? && attrs['tracker_id'].nil?
-      attrs['tracker_id'] = issue.project.trackers.find(:first).try(:id)
-    end
-
-    attrs
-  end
-
-  # Returns a Hash of issue custom field values extracted from keywords in the email body
-  def custom_field_values_from_keywords(customized)
-    customized.custom_field_values.inject({}) do |h, v|
-      if value = get_keyword(v.custom_field.name, :override => true)
-        h[v.custom_field.id.to_s] = value
-      end
-      h
-    end
-  end
-
+  
  # Returns the text/plain part of the email
  # If not found (eg. HTML-only email), returns the body with tags removed
  def plain_text_body
@@ -314,7 +284,7 @@ class MailHandler < ActionMailer::Base
    @plain_text_body.strip!
    @plain_text_body
  end
-
+  
  def cleaned_up_text_body
    cleanup_body(plain_text_body)
  end
@@ -322,19 +292,19 @@ class MailHandler < ActionMailer::Base
  def self.full_sanitizer
    @full_sanitizer ||= HTML::FullSanitizer.new
  end
-
+  
  # Creates a user account for the +email+ sender
  def self.create_user_from_email(email)
    addr = email.from_addrs.to_a.first
    if addr && !addr.spec.blank?
      user = User.new
      user.mail = addr.spec
-
+      
      names = addr.name.blank? ? addr.spec.gsub(/@.*$/, '').split('.') : addr.name.split
      user.firstname = names.shift
      user.lastname = names.join(' ')
      user.lastname = '-' if user.lastname.blank?
-
+      
      user.login = user.mail
      user.password = ActiveSupport::SecureRandom.hex(5)
      user.language = Setting.default_language
@@ -343,12 +313,12 @@ class MailHandler < ActionMailer::Base
  end

  private
-
+  
  # Removes the email body of text after the truncation configurations.
  def cleanup_body(body)
    delimiters = Setting.mail_handler_body_delimiters.to_s.split(/[\r\n]+/).reject(&:blank?).map {|s| Regexp.escape(s)}
    unless delimiters.empty?
-      regex = Regexp.new("^[> ]*(#{ delimiters.join('|') })\s*[\r\n].*", Regexp::MULTILINE)
+      regex = Regexp.new("^(#{ delimiters.join('|') })\s*[\r\n].*", Regexp::MULTILINE)
      body = body.gsub(regex, '')
    end
    body.strip
--- a/app/models/mailer.rb
+++ b/app/models/mailer.rb
@@ -1,5 +1,5 @@
-# Redmine - project management software
-# Copyright (C) 2006-2011  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006-2007  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -31,7 +31,7 @@ class Mailer < ActionMailer::Base
    h = h.to_s.gsub(%r{\/.*$}, '') unless Redmine::Utils.relative_url_root.blank?
    { :host => h, :protocol => Setting.protocol }
  end
-
+  
  # Builds a tmail object used to email recipients of the added issue.
  #
  # Example:
@@ -85,7 +85,7 @@ class Mailer < ActionMailer::Base
    subject l(:mail_subject_reminder, :count => issues.size, :days => days)
    body :issues => issues,
         :days => days,
-         :issues_url => url_for(:controller => 'issues', :action => 'index', :set_filter => 1, :assigned_to_id => user.id, :sort => 'due_date:asc')
+         :issues_url => url_for(:controller => 'issues', :action => 'index', :set_filter => 1, :assigned_to_id => user.id, :sort_key => 'due_date', :sort_order => 'asc')
    render_multipart('reminder', body)
  end

@@ -114,11 +114,11 @@ class Mailer < ActionMailer::Base
    added_to_url = ''
    case container.class.name
    when 'Project'
-      added_to_url = url_for(:controller => 'files', :action => 'index', :project_id => container)
+      added_to_url = url_for(:controller => 'projects', :action => 'list_files', :id => container)
      added_to = "#{l(:label_project)}: #{container}"
      recipients container.project.notified_users.select {|user| user.allowed_to?(:view_files, container.project)}.collect  {|u| u.mail}
    when 'Version'
-      added_to_url = url_for(:controller => 'files', :action => 'index', :project_id => container.project)
+      added_to_url = url_for(:controller => 'projects', :action => 'list_files', :id => container.project_id)
      added_to = "#{l(:label_version)}: #{container.name}"
      recipients container.project.notified_users.select {|user| user.allowed_to?(:view_files, container.project)}.collect  {|u| u.mail}
    when 'Document'
@@ -133,7 +133,7 @@ class Mailer < ActionMailer::Base
         :added_to_url => added_to_url
    render_multipart('attachments_added', body)
  end
-
+  
  # Builds a tmail object used to email recipients of a news' project when a news item is added.
  #
  # Example:
@@ -149,25 +149,7 @@ class Mailer < ActionMailer::Base
    render_multipart('news_added', body)
  end

-  # Builds a tmail object used to email recipients of a news' project when a news comment is added.
-  #
-  # Example:
-  #   news_comment_added(comment) => tmail object
-  #   Mailer.news_comment_added(comment) => sends an email to the news' project recipients
-  def news_comment_added(comment)
-    news = comment.commented
-    redmine_headers 'Project' => news.project.identifier
-    message_id comment
-    recipients news.recipients
-    cc news.watcher_recipients
-    subject "Re: [#{news.project.name}] #{l(:label_news)}: #{news.title}"
-    body :news => news,
-         :comment => comment,
-         :news_url => url_for(:controller => 'news', :action => 'show', :id => news)
-    render_multipart('news_comment_added', body)
-  end
-
-  # Builds a tmail object used to email the recipients of the specified message that was posted.
+  # Builds a tmail object used to email the recipients of the specified message that was posted. 
  #
  # Example:
  #   message_posted(message) => tmail object
@@ -184,8 +166,8 @@ class Mailer < ActionMailer::Base
         :message_url => url_for(message.event_url)
    render_multipart('message_posted', body)
  end
-
-  # Builds a tmail object used to email the recipients of a project of the specified wiki content was added.
+  
+  # Builds a tmail object used to email the recipients of a project of the specified wiki content was added. 
  #
  # Example:
  #   wiki_content_added(wiki_content) => tmail object
@@ -196,13 +178,13 @@ class Mailer < ActionMailer::Base
    message_id wiki_content
    recipients wiki_content.recipients
    cc(wiki_content.page.wiki.watcher_recipients - recipients)
-    subject "[#{wiki_content.project.name}] #{l(:mail_subject_wiki_content_added, :id => wiki_content.page.pretty_title)}"
+    subject "[#{wiki_content.project.name}] #{l(:mail_subject_wiki_content_added, :page => wiki_content.page.pretty_title)}"
    body :wiki_content => wiki_content,
-         :wiki_content_url => url_for(:controller => 'wiki', :action => 'show', :project_id => wiki_content.project, :id => wiki_content.page.title)
+         :wiki_content_url => url_for(:controller => 'wiki', :action => 'index', :id => wiki_content.project, :page => wiki_content.page.title)
    render_multipart('wiki_content_added', body)
  end
-
-  # Builds a tmail object used to email the recipients of a project of the specified wiki content was updated.
+  
+  # Builds a tmail object used to email the recipients of a project of the specified wiki content was updated. 
  #
  # Example:
  #   wiki_content_updated(wiki_content) => tmail object
@@ -213,10 +195,10 @@ class Mailer < ActionMailer::Base
    message_id wiki_content
    recipients wiki_content.recipients
    cc(wiki_content.page.wiki.watcher_recipients + wiki_content.page.watcher_recipients - recipients)
-    subject "[#{wiki_content.project.name}] #{l(:mail_subject_wiki_content_updated, :id => wiki_content.page.pretty_title)}"
+    subject "[#{wiki_content.project.name}] #{l(:mail_subject_wiki_content_updated, :page => wiki_content.page.pretty_title)}"
    body :wiki_content => wiki_content,
-         :wiki_content_url => url_for(:controller => 'wiki', :action => 'show', :project_id => wiki_content.project, :id => wiki_content.page.title),
-         :wiki_diff_url => url_for(:controller => 'wiki', :action => 'diff', :project_id => wiki_content.project, :id => wiki_content.page.title, :version => wiki_content.version)
+         :wiki_content_url => url_for(:controller => 'wiki', :action => 'index', :id => wiki_content.project, :page => wiki_content.page.title),
+         :wiki_diff_url => url_for(:controller => 'wiki', :action => 'diff', :id => wiki_content.project, :page => wiki_content.page.title, :version => wiki_content.version)
    render_multipart('wiki_content_updated', body)
  end

@@ -296,7 +278,7 @@ class Mailer < ActionMailer::Base
    return false if (recipients.nil? || recipients.empty?) &&
                    (cc.nil? || cc.empty?) &&
                    (bcc.nil? || bcc.empty?)
-
+                    
    # Set Message-Id and References
    if @message_id_object
      mail.message_id = self.class.message_id_for(@message_id_object)
@@ -304,7 +286,7 @@ class Mailer < ActionMailer::Base
    if @references_objects
      mail.references = @references_objects.collect {|o| self.class.message_id_for(o)}
    end
-
+    
    # Log errors when raise_delivery_errors is set to false, Rails does not
    raise_errors = self.class.raise_delivery_errors
    self.class.raise_delivery_errors = true
@@ -314,7 +296,7 @@ class Mailer < ActionMailer::Base
      if raise_errors
        raise e
      elsif mylogger
-        mylogger.error "The following error occured while sending email notification: \"#{e.message}\". Check your configuration in config/configuration.yml."
+        mylogger.error "The following error occured while sending email notification: \"#{e.message}\". Check your configuration in config/email.yml."
      end
    ensure
      self.class.raise_delivery_errors = raise_errors
@@ -344,10 +326,10 @@ class Mailer < ActionMailer::Base
                                          :conditions => s.conditions
                                    ).group_by(&:assigned_to)
    issues_by_assignee.each do |assignee, issues|
-      deliver_reminder(assignee, issues, days) if assignee && assignee.active?
+      deliver_reminder(assignee, issues, days) unless assignee.nil?
    end
  end
-
+  
  # Activates/desactivates email deliveries during +block+
  def self.with_deliveries(enabled = true, &block)
    was_enabled = ActionMailer::Base.perform_deliveries
@@ -363,7 +345,7 @@ class Mailer < ActionMailer::Base
    @initial_language = current_language
    set_language_if_valid Setting.default_language
    from Setting.mail_from
-
+    
    # Common headers
    headers 'X-Mailer' => 'Redmine',
            'X-Redmine-Host' => Setting.host_name,
@@ -386,11 +368,11 @@ class Mailer < ActionMailer::Base
      recipients.delete(@author.mail) if recipients
      cc.delete(@author.mail) if cc
    end
-
+    
    notified_users = [recipients, cc].flatten.compact.uniq
    # Rails would log recipients only, not cc and bcc
    mylogger.info "Sending email notification to: #{notified_users.join(', ')}" if mylogger
-
+    
    # Blind carbon copy recipients
    if Setting.bcc_recipients?
      bcc(notified_users)
@@ -406,7 +388,7 @@ class Mailer < ActionMailer::Base
  #
  # https://rails.lighthouseapp.com/projects/8994/tickets/2338-actionmailer-mailer-views-and-content-type
  # https://rails.lighthouseapp.com/projects/8994/tickets/1799-actionmailer-doesnt-set-template_format-when-rendering-layouts
-
+  
  def render_multipart(method_name, body)
    if Setting.plain_text_mail?
      content_type "text/plain"
@@ -422,29 +404,29 @@ class Mailer < ActionMailer::Base
  def self.controller_path
    ''
  end unless respond_to?('controller_path')
-
+  
  # Returns a predictable Message-Id for the given object
  def self.message_id_for(object)
    # id + timestamp should reduce the odds of a collision
    # as far as we don't send multiple emails for the same object
-    timestamp = object.send(object.respond_to?(:created_on) ? :created_on : :updated_on)
+    timestamp = object.send(object.respond_to?(:created_on) ? :created_on : :updated_on) 
    hash = "redmine.#{object.class.name.demodulize.underscore}-#{object.id}.#{timestamp.strftime("%Y%m%d%H%M%S")}"
    host = Setting.mail_from.to_s.gsub(%r{^.*@}, '')
    host = "#{::Socket.gethostname}.redmine" if host.empty?
    "<#{hash}@#{host}>"
  end
-
+  
  private
-
+  
  def message_id(object)
    @message_id_object = object
  end
-
+  
  def references(object)
    @references_objects ||= []
    @references_objects << object
  end
-
+    
  def mylogger
    RAILS_DEFAULT_LOGGER
  end
--- a/app/models/message.rb
+++ b/app/models/message.rb
@@ -1,16 +1,16 @@
-# Redmine - project management software
-# Copyright (C) 2006-2011  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006-2007  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
@@ -21,10 +21,10 @@ class Message < ActiveRecord::Base
  acts_as_tree :counter_cache => :replies_count, :order => "#{Message.table_name}.created_on ASC"
  acts_as_attachable
  belongs_to :last_reply, :class_name => 'Message', :foreign_key => 'last_reply_id'
-
+  
  acts_as_searchable :columns => ['subject', 'content'],
                     :include => {:board => :project},
-                     :project_key => "#{Board.table_name}.project_id",
+                     :project_key => 'project_id',
                     :date_column => "#{table_name}.created_on"
  acts_as_event :title => Proc.new {|o| "#{o.board.name}: #{o.subject}"},
                :description => :content,
@@ -35,32 +35,29 @@ class Message < ActiveRecord::Base
  acts_as_activity_provider :find_options => {:include => [{:board => :project}, :author]},
                            :author_key => :author_id
  acts_as_watchable
-
+    
  attr_protected :locked, :sticky
  validates_presence_of :board, :subject, :content
  validates_length_of :subject, :maximum => 255
-
+  
  after_create :add_author_as_watcher
-
-  named_scope :visible, lambda {|*args| { :include => {:board => :project},
-                                          :conditions => Project.allowed_to_condition(args.shift || User.current, :view_messages, *args) } }
-
+  
  def visible?(user=User.current)
    !user.nil? && user.allowed_to?(:view_messages, project)
  end
-
+  
  def validate_on_create
    # Can not reply to a locked topic
    errors.add_to_base 'Topic is locked' if root.locked? && self != root
  end
-
+  
  def after_create
    if parent
      parent.reload.update_attribute(:last_reply_id, self.id)
    end
    board.reset_counters!
  end
-
+  
  def after_update
    if board_id_changed?
      Message.update_all("board_id = #{board_id}", ["id = ? OR parent_id = ?", root.id, root.id])
@@ -68,19 +65,19 @@ class Message < ActiveRecord::Base
      Board.reset_counters!(board_id)
    end
  end
-
+  
  def after_destroy
    board.reset_counters!
  end
-
+  
  def sticky=(arg)
    write_attribute :sticky, (arg == true || arg.to_s == '1' ? 1 : 0)
  end
-
+  
  def sticky?
    sticky == 1
  end
-
+  
  def project
    board.project
  end
@@ -92,9 +89,9 @@ class Message < ActiveRecord::Base
  def destroyable_by?(usr)
    usr && usr.logged? && (usr.allowed_to?(:delete_messages, project) || (self.author == usr && usr.allowed_to?(:delete_own_messages, project)))
  end
-
+  
  private
-
+  
  def add_author_as_watcher
    Watcher.create(:watchable => self.root, :user => author)
  end
--- a/app/models/message_observer.rb
+++ b/app/models/message_observer.rb
@@ -1,16 +1,16 @@
-# Redmine - project management software
-# Copyright (C) 2006-2011  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006-2007  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
--- a/app/models/news.rb
+++ b/app/models/news.rb
@@ -1,16 +1,16 @@
 # Redmine - project management software
-# Copyright (C) 2006-2011  Jean-Philippe Lang
+# Copyright (C) 2006-2008  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
@@ -19,7 +19,7 @@ class News < ActiveRecord::Base
  belongs_to :project
  belongs_to :author, :class_name => 'User', :foreign_key => 'author_id'
  has_many :comments, :as => :commented, :dependent => :delete_all, :order => "created_on"
-
+  
  validates_presence_of :title, :description
  validates_length_of :title, :maximum => 60
  validates_length_of :summary, :maximum => 255
@@ -28,27 +28,13 @@ class News < ActiveRecord::Base
  acts_as_event :url => Proc.new {|o| {:controller => 'news', :action => 'show', :id => o.id}}
  acts_as_activity_provider :find_options => {:include => [:project, :author]},
                            :author_key => :author_id
-  acts_as_watchable
-
-  after_create :add_author_as_watcher
-
-  named_scope :visible, lambda {|*args| {
-    :include => :project,
-    :conditions => Project.allowed_to_condition(args.shift || User.current, :view_news, *args)
-  }}
-
+  
  def visible?(user=User.current)
    !user.nil? && user.allowed_to?(:view_news, project)
  end
-
+  
  # returns latest news for projects visible by user
  def self.latest(user = User.current, count = 5)
    find(:all, :limit => count, :conditions => Project.allowed_to_condition(user, :view_news), :include => [ :author, :project ], :order => "#{News.table_name}.created_on DESC")	
  end
-
-  private
-
-  def add_author_as_watcher
-    Watcher.create(:watchable => self, :user => author)
-  end
 end
--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -1,5 +1,5 @@
-# Redmine - project management software
-# Copyright (C) 2006-2011  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -16,15 +16,10 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class Project < ActiveRecord::Base
-  include Redmine::SafeAttributes
-  
  # Project statuses
  STATUS_ACTIVE     = 1
  STATUS_ARCHIVED   = 9
  
-  # Maximum length for project identifiers
-  IDENTIFIER_MAX_LENGTH = 100
-  
  # Specific overidden Activities
  has_many :time_entry_activities
  has_many :members, :include => [:user, :roles], :conditions => "#{User.table_name}.type='User' AND #{User.table_name}.status=#{User::STATUS_ACTIVE}"
@@ -43,7 +38,7 @@ class Project < ActiveRecord::Base
  has_many :time_entries, :dependent => :delete_all
  has_many :queries, :dependent => :delete_all
  has_many :documents, :dependent => :destroy
-  has_many :news, :dependent => :destroy, :include => :author
+  has_many :news, :dependent => :delete_all, :include => :author
  has_many :issue_categories, :dependent => :delete_all, :order => "#{IssueCategory.table_name}.name"
  has_many :boards, :dependent => :destroy, :order => "position ASC"
  has_one :repository, :dependent => :destroy
@@ -56,7 +51,7 @@ class Project < ActiveRecord::Base
                          :join_table => "#{table_name_prefix}custom_fields_projects#{table_name_suffix}",
                          :association_foreign_key => 'custom_field_id'
                          
-  acts_as_nested_set :order => 'name', :dependent => :destroy
+  acts_as_nested_set :order => 'name'
  acts_as_attachable :view_permission => :view_files,
                     :delete_permission => :manage_files

@@ -66,43 +61,25 @@ class Project < ActiveRecord::Base
                :url => Proc.new {|o| {:controller => 'projects', :action => 'show', :id => o}},
                :author => nil

-  attr_protected :status
+  attr_protected :status, :enabled_module_names
  
  validates_presence_of :name, :identifier
-  validates_uniqueness_of :identifier
+  validates_uniqueness_of :name, :identifier
  validates_associated :repository, :wiki
-  validates_length_of :name, :maximum => 255
+  validates_length_of :name, :maximum => 30
  validates_length_of :homepage, :maximum => 255
-  validates_length_of :identifier, :in => 1..IDENTIFIER_MAX_LENGTH
+  validates_length_of :identifier, :in => 1..20
  # donwcase letters, digits, dashes but not digits only
  validates_format_of :identifier, :with => /^(?!\d+$)[a-z0-9\-]*$/, :if => Proc.new { |p| p.identifier_changed? }
  # reserved words
  validates_exclusion_of :identifier, :in => %w( new )

-  before_destroy :delete_all_members
+  before_destroy :delete_all_members, :destroy_children

  named_scope :has_module, lambda { |mod| { :conditions => ["#{Project.table_name}.id IN (SELECT em.project_id FROM #{EnabledModule.table_name} em WHERE em.name=?)", mod.to_s] } }
  named_scope :active, { :conditions => "#{Project.table_name}.status = #{STATUS_ACTIVE}"}
  named_scope :all_public, { :conditions => { :is_public => true } }
-  named_scope :visible, lambda {|*args| {:conditions => Project.visible_condition(args.shift || User.current, *args) }}
-  
-  def initialize(attributes = nil)
-    super
-    
-    initialized = (attributes || {}).stringify_keys
-    if !initialized.key?('identifier') && Setting.sequential_project_identifiers? 
-      self.identifier = Project.next_identifier
-    end
-    if !initialized.key?('is_public')
-      self.is_public = Setting.default_projects_public?
-    end
-    if !initialized.key?('enabled_module_names')
-      self.enabled_module_names = Setting.default_projects_modules
-    end
-    if !initialized.key?('trackers') && !initialized.key?('tracker_ids')
-      self.trackers = Tracker.all
-    end
-  end
+  named_scope :visible, lambda { { :conditions => Project.visible_by(User.current) } }
  
  def identifier=(identifier)
    super unless identifier_frozen?
@@ -115,36 +92,27 @@ class Project < ActiveRecord::Base
  # returns latest created projects
  # non public projects will be returned only if user is a member of those
  def self.latest(user=nil, count=5)
-    visible(user).find(:all, :limit => count, :order => "created_on DESC")	
+    find(:all, :limit => count, :conditions => visible_by(user), :order => "created_on DESC")	
  end	

-  # Returns true if the project is visible to +user+ or to the current user.
-  def visible?(user=User.current)
-    user.allowed_to?(:view_project, self)
-  end
-  
-  def self.visible_by(user=nil)
-    ActiveSupport::Deprecation.warn "Project.visible_by is deprecated and will be removed in Redmine 1.3.0. Use Project.visible_condition instead."
-    visible_condition(user || User.current)
-  end
-  
-  # Returns a SQL conditions string used to find all projects visible by the specified user.
+  # Returns a SQL :conditions string used to find all active projects for the specified user.
  #
  # Examples:
-  #   Project.visible_condition(admin)        => "projects.status = 1"
-  #   Project.visible_condition(normal_user)  => "((projects.status = 1) AND (projects.is_public = 1 OR projects.id IN (1,3,4)))"
-  #   Project.visible_condition(anonymous)    => "((projects.status = 1) AND (projects.is_public = 1))"
-  def self.visible_condition(user, options={})
-    allowed_to_condition(user, :view_project, options)
+  #     Projects.visible_by(admin)        => "projects.status = 1"
+  #     Projects.visible_by(normal_user)  => "projects.status = 1 AND projects.is_public = 1"
+  def self.visible_by(user=nil)
+    user ||= User.current
+    if user && user.admin?
+      return "#{Project.table_name}.status=#{Project::STATUS_ACTIVE}"
+    elsif user && user.memberships.any?
+      return "#{Project.table_name}.status=#{Project::STATUS_ACTIVE} AND (#{Project.table_name}.is_public = #{connection.quoted_true} or #{Project.table_name}.id IN (#{user.memberships.collect{|m| m.project_id}.join(',')}))"
+    else
+      return "#{Project.table_name}.status=#{Project::STATUS_ACTIVE} AND #{Project.table_name}.is_public = #{connection.quoted_true}"
+    end
  end
  
-  # Returns a SQL conditions string used to find all projects for which +user+ has the given +permission+
-  #
-  # Valid options:
-  # * :project => limit the condition to project
-  # * :with_subprojects => limit the condition to project and its subprojects
-  # * :member => limit the condition to the user projects
  def self.allowed_to_condition(user, permission, options={})
+    statements = []
    base_statement = "#{Project.table_name}.status=#{Project::STATUS_ACTIVE}"
    if perm = Redmine::AccessControl.permission(permission)
      unless perm.project_module.nil?
@@ -157,37 +125,24 @@ class Project < ActiveRecord::Base
      project_statement << " OR (#{Project.table_name}.lft > #{options[:project].lft} AND #{Project.table_name}.rgt < #{options[:project].rgt})" if options[:with_subprojects]
      base_statement = "(#{project_statement}) AND (#{base_statement})"
    end
-    
    if user.admin?
-      base_statement
+      # no restriction
    else
-      statement_by_role = {}
-      unless options[:member]
-        role = user.logged? ? Role.non_member : Role.anonymous
-        if role.allowed_to?(permission)
-          statement_by_role[role] = "#{Project.table_name}.is_public = #{connection.quoted_true}"
-        end
-      end
+      statements << "1=0"
      if user.logged?
-        user.projects_by_role.each do |role, projects|
-          if role.allowed_to?(permission)
-            statement_by_role[role] = "#{Project.table_name}.id IN (#{projects.collect(&:id).join(',')})"
-          end
+        if Role.non_member.allowed_to?(permission) && !options[:member]
+          statements << "#{Project.table_name}.is_public = #{connection.quoted_true}"
        end
-      end
-      if statement_by_role.empty?
-        "1=0"
+        allowed_project_ids = user.memberships.select {|m| m.roles.detect {|role| role.allowed_to?(permission)}}.collect {|m| m.project_id}
+        statements << "#{Project.table_name}.id IN (#{allowed_project_ids.join(',')})" if allowed_project_ids.any?
      else
-        if block_given?
-          statement_by_role.each do |role, statement|
-            if s = yield(role, user)
-              statement_by_role[role] = "(#{statement} AND (#{s}))"
-            end
-          end
-        end
-        "((#{base_statement}) AND (#{statement_by_role.values.join(' OR ')}))"
+        if Role.anonymous.allowed_to?(permission) && !options[:member]
+          # anonymous user allowed on public project
+          statements << "#{Project.table_name}.is_public = #{connection.quoted_true}"
+        end 
      end
    end
+    statements.empty? ? base_statement : "((#{base_statement}) AND (#{statements.join(' OR ')}))"
  end

  # Returns the Systemwide and project specific activities
@@ -265,10 +220,6 @@ class Project < ActiveRecord::Base
    self.status == STATUS_ACTIVE
  end
  
-  def archived?
-    self.status == STATUS_ARCHIVED
-  end
-  
  # Archives the project and its descendants
  def archive
    # Check that there is no issue of a non descendant project that is assigned
@@ -369,7 +320,7 @@ class Project < ActiveRecord::Base
  # Returns an array of the trackers used by the project and its active sub projects
  def rolled_up_trackers
    @rolled_up_trackers ||=
-      Tracker.find(:all, :joins => :projects,
+      Tracker.find(:all, :include => :projects,
                         :select => "DISTINCT #{Tracker.table_name}.*",
                         :conditions => ["#{Project.table_name}.lft >= ? AND #{Project.table_name}.rgt <= ? AND #{Project.table_name}.status = #{STATUS_ACTIVE}", lft, rgt],
                         :order => "#{Tracker.table_name}.position")
@@ -395,17 +346,15 @@ class Project < ActiveRecord::Base
  
  # Returns a scope of the Versions used by the project
  def shared_versions
-    @shared_versions ||= begin
-      r = root? ? self : root
+    @shared_versions ||= 
      Version.scoped(:include => :project,
                     :conditions => "#{Project.table_name}.id = #{id}" +
                                    " OR (#{Project.table_name}.status = #{Project::STATUS_ACTIVE} AND (" +
                                          " #{Version.table_name}.sharing = 'system'" +
-                                          " OR (#{Project.table_name}.lft >= #{r.lft} AND #{Project.table_name}.rgt <= #{r.rgt} AND #{Version.table_name}.sharing = 'tree')" +
+                                          " OR (#{Project.table_name}.lft >= #{root.lft} AND #{Project.table_name}.rgt <= #{root.rgt} AND #{Version.table_name}.sharing = 'tree')" +
                                          " OR (#{Project.table_name}.lft < #{lft} AND #{Project.table_name}.rgt > #{rgt} AND #{Version.table_name}.sharing IN ('hierarchy', 'descendants'))" +
                                          " OR (#{Project.table_name}.lft > #{lft} AND #{Project.table_name}.rgt < #{rgt} AND #{Version.table_name}.sharing = 'hierarchy')" +
                                          "))")
-    end
  end

  # Returns a hash of project users grouped by role
@@ -433,13 +382,12 @@ class Project < ActiveRecord::Base
  
  # Returns the mail adresses of users that should be always notified on project events
  def recipients
-    notified_users.collect {|user| user.mail}
+    members.select {|m| m.mail_notification? || m.user.mail_notification?}.collect {|m| m.user.mail}
  end
  
  # Returns the users that should be notified on project events
  def notified_users
-    # TODO: User part should be extracted to User#notify_about?
-    members.select {|m| m.mail_notification? || m.user.mail_notification == 'all'}.collect {|m| m.user}
+    members.select {|m| m.mail_notification? || m.user.mail_notification?}.collect {|m| m.user}
  end
  
  # Returns an array of all custom fields enabled for project issues
@@ -447,12 +395,6 @@ class Project < ActiveRecord::Base
  def all_issue_custom_fields
    @all_issue_custom_fields ||= (IssueCustomField.for_all + issue_custom_fields).uniq.sort
  end
-
-  # Returns an array of all custom fields enabled for project time entries
-  # (explictly associated custom fields and custom fields enabled for all projects)
-  def all_time_entry_custom_fields
-    @all_time_entry_custom_fields ||= (TimeEntryCustomField.for_all + time_entry_custom_fields).uniq.sort
-  end
  
  def project
    self
@@ -479,46 +421,6 @@ class Project < ActiveRecord::Base
    s
  end

-  # The earliest start date of a project, based on it's issues and versions
-  def start_date
-    [
-     issues.minimum('start_date'),
-     shared_versions.collect(&:effective_date),
-     shared_versions.collect(&:start_date)
-    ].flatten.compact.min
-  end
-
-  # The latest due date of an issue or version
-  def due_date
-    [
-     issues.maximum('due_date'),
-     shared_versions.collect(&:effective_date),
-     shared_versions.collect {|v| v.fixed_issues.maximum('due_date')}
-    ].flatten.compact.max
-  end
-
-  def overdue?
-    active? && !due_date.nil? && (due_date < Date.today)
-  end
-
-  # Returns the percent completed for this project, based on the
-  # progress on it's versions.
-  def completed_percent(options={:include_subprojects => false})
-    if options.delete(:include_subprojects)
-      total = self_and_descendants.collect(&:completed_percent).sum
-
-      total / self_and_descendants.count
-    else
-      if versions.count > 0
-        total = versions.collect(&:completed_pourcent).sum
-
-        total / versions.count
-      else
-        100
-      end
-    end
-  end
-  
  # Return true if this project is allowed to do the specified action.
  # action can be:
  # * a parameter-like Hash (eg. :controller => 'projects', :action => 'edit')
@@ -538,51 +440,16 @@ class Project < ActiveRecord::Base
  
  def enabled_module_names=(module_names)
    if module_names && module_names.is_a?(Array)
-      module_names = module_names.collect(&:to_s).reject(&:blank?)
-      self.enabled_modules = module_names.collect {|name| enabled_modules.detect {|mod| mod.name == name} || EnabledModule.new(:name => name)}
+      module_names = module_names.collect(&:to_s)
+      # remove disabled modules
+      enabled_modules.each {|mod| mod.destroy unless module_names.include?(mod.name)}
+      # add new modules
+      module_names.reject {|name| module_enabled?(name)}.each {|name| enabled_modules << EnabledModule.new(:name => name)}
    else
      enabled_modules.clear
    end
  end
-  
-  # Returns an array of the enabled modules names
-  def enabled_module_names
-    enabled_modules.collect(&:name)
-  end

-  # Enable a specific module
-  #
-  # Examples:
-  #   project.enable_module!(:issue_tracking)
-  #   project.enable_module!("issue_tracking")
-  def enable_module!(name)
-    enabled_modules << EnabledModule.new(:name => name.to_s) unless module_enabled?(name)
-  end
-
-  # Disable a module if it exists
-  #
-  # Examples:
-  #   project.disable_module!(:issue_tracking)
-  #   project.disable_module!("issue_tracking")
-  #   project.disable_module!(project.enabled_modules.first)
-  def disable_module!(target)
-    target = enabled_modules.detect{|mod| target.to_s == mod.name} unless enabled_modules.include?(target)
-    target.destroy unless target.blank?
-  end
-
-  safe_attributes 'name',
-    'description',
-    'homepage',
-    'is_public',
-    'identifier',
-    'custom_field_values',
-    'custom_fields',
-    'tracker_ids',
-    'issue_custom_field_ids'
-
-  safe_attributes 'enabled_module_names',
-    :if => lambda {|project, user| project.new_record? || user.allowed_to?(:select_project_modules, project) }
-  
  # Returns an array of projects that are in this project's hierarchy
  #
  # Example: parents, children, siblings
@@ -653,21 +520,16 @@ class Project < ActiveRecord::Base
      return nil
    end
  end
-
-  # Yields the given block for each project with its level in the tree
-  def self.project_tree(projects, &block)
-    ancestors = []
-    projects.sort_by(&:lft).each do |project|
-      while (ancestors.any? && !project.is_descendant_of?(ancestors.last)) 
-        ancestors.pop
-      end
-      yield project, ancestors.size
-      ancestors << project
-    end
-  end
  
  private
  
+  # Destroys children before destroying self
+  def destroy_children
+    children.each do |child|
+      child.destroy
+    end
+  end
+  
  # Copies wiki from +project+
  def copy_wiki(project)
    # Check that the source project has a wiki first
@@ -714,7 +576,6 @@ class Project < ActiveRecord::Base
  end
  
  # Copies issues from +project+
-  # Note: issues assigned to a closed version won't be copied due to validation rules
  def copy_issues(project)
    # Stores the source issue id as a key and the copied issues as the
    # value.  Used to map the two togeather for issue relations.
@@ -744,20 +605,12 @@ class Project < ActiveRecord::Base
      end
      
      self.issues << new_issue
-      if new_issue.new_record?
-        logger.info "Project#copy_issues: issue ##{issue.id} could not be copied: #{new_issue.errors.full_messages}" if logger && logger.info
-      else
-        issues_map[issue.id] = new_issue unless new_issue.new_record?
-      end
+      issues_map[issue.id] = new_issue
    end

    # Relations after in case issues related each other
    project.issues.each do |issue|
      new_issue = issues_map[issue.id]
-      unless new_issue
-        # Issue was not copied
-        next
-      end
      
      # Relations
      issue.relations_from.each do |source_relation|
@@ -784,12 +637,7 @@ class Project < ActiveRecord::Base

  # Copies members from +project+
  def copy_members(project)
-    # Copy users first, then groups to handle members with inherited and given roles
-    members_to_copy = []
-    members_to_copy += project.memberships.select {|m| m.principal.is_a?(User)}
-    members_to_copy += project.memberships.select {|m| !m.principal.is_a?(User)}
-    
-    members_to_copy.each do |member|
+    project.memberships.each do |member|
      new_member = Member.new
      new_member.attributes = member.attributes.dup.except("id", "project_id", "created_on")
      # only copy non inherited roles
@@ -809,7 +657,6 @@ class Project < ActiveRecord::Base
      new_query.attributes = query.attributes.dup.except("id", "project_id", "sort_criteria")
      new_query.sort_criteria = query.sort_criteria if query.sort_criteria
      new_query.project = self
-      new_query.user_id = query.user_id
      self.queries << new_query
    end
  end
--- a/app/models/query.rb
+++ b/app/models/query.rb
@@ -1,24 +1,24 @@
 # Redmine - project management software
-# Copyright (C) 2006-2011  Jean-Philippe Lang
+# Copyright (C) 2006-2008  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

-class QueryColumn
+class QueryColumn  
  attr_accessor :name, :sortable, :groupable, :default_order
  include Redmine::I18n
-
+  
  def initialize(name, options={})
    self.name = name
    self.sortable = options[:sortable]
@@ -29,23 +29,19 @@ class QueryColumn
    self.default_order = options[:default_order]
    @caption_key = options[:caption] || "field_#{name}"
  end
-
+  
  def caption
    l(@caption_key)
  end
-
+  
  # Returns true if the column is sortable, otherwise false
  def sortable?
    !sortable.nil?
  end
-
+  
  def value(issue)
    issue.send name
  end
-
-  def css_classes
-    name
-  end
 end

 class QueryCustomFieldColumn < QueryColumn
@@ -59,41 +55,37 @@ class QueryCustomFieldColumn < QueryColumn
    self.groupable ||= false
    @cf = custom_field
  end
-
+  
  def caption
    @cf.name
  end
-
+  
  def custom_field
    @cf
  end
-
+  
  def value(issue)
    cv = issue.custom_values.detect {|v| v.custom_field_id == @cf.id}
    cv && @cf.cast_value(cv.value)
  end
-
-  def css_classes
-    @css_classes ||= "#{name} #{@cf.field_format}"
-  end
 end

 class Query < ActiveRecord::Base
  class StatementInvalid < ::ActiveRecord::StatementInvalid
  end
-
+  
  belongs_to :project
  belongs_to :user
  serialize :filters
  serialize :column_names
  serialize :sort_criteria, Array
-
+  
  attr_protected :project_id, :user_id
-
+  
  validates_presence_of :name, :on => :save
  validates_length_of :name, :maximum => 255
-
-  @@operators = { "="   => :label_equals,
+    
+  @@operators = { "="   => :label_equals, 
                  "!"   => :label_not_equals,
                  "o"   => :label_open_issues,
                  "c"   => :label_closed_issues,
@@ -113,7 +105,7 @@ class Query < ActiveRecord::Base
                  "!~"  => :label_not_contains }

  cattr_reader :operators
-
+    
  @@operators_by_filter_type = { :list => [ "=", "!" ],
                                 :list_status => [ "o", "=", "!", "c", "*" ],
                                 :list_optional => [ "=", "!", "!*", "*" ],
@@ -145,32 +137,27 @@ class Query < ActiveRecord::Base
    QueryColumn.new(:created_on, :sortable => "#{Issue.table_name}.created_on", :default_order => 'desc'),
  ]
  cattr_reader :available_columns
-
+  
  def initialize(attributes = nil)
    super attributes
    self.filters ||= { 'status_id' => {:operator => "o", :values => [""]} }
  end
-
+  
  def after_initialize
    # Store the fact that project is nil (used in #editable_by?)
    @is_for_all = project.nil?
  end
-
+  
  def validate
    filters.each_key do |field|
-      errors.add label_for(field), :blank unless
+      errors.add label_for(field), :blank unless 
          # filter requires one or more values
-          (values_for(field) and !values_for(field).first.blank?) or
+          (values_for(field) and !values_for(field).first.blank?) or 
          # filter doesn't require any value
          ["o", "c", "!*", "*", "t", "w"].include? operator_for(field)
    end if filters
  end
  
-  # Returns true if the query is visible to +user+ or the current user.
-  def visible?(user=User.current)
-    self.is_public? || self.user_id == user.id
-  end
-
  def editable_by?(user)
    return false unless user
    # Admin can edit them all and regular users can edit their private queries
@@ -178,70 +165,51 @@ class Query < ActiveRecord::Base
    # Members can not edit public queries that are for all project (only admin is allowed to)
    is_public && !@is_for_all && user.allowed_to?(:manage_public_queries, project)
  end
-
+  
  def available_filters
    return @available_filters if @available_filters
-
+    
    trackers = project.nil? ? Tracker.find(:all, :order => 'position') : project.rolled_up_trackers
-
-    @available_filters = { "status_id" => { :type => :list_status, :order => 1, :values => IssueStatus.find(:all, :order => 'position').collect{|s| [s.name, s.id.to_s] } },
-                           "tracker_id" => { :type => :list, :order => 2, :values => trackers.collect{|s| [s.name, s.id.to_s] } },
+    
+    @available_filters = { "status_id" => { :type => :list_status, :order => 1, :values => IssueStatus.find(:all, :order => 'position').collect{|s| [s.name, s.id.to_s] } },       
+                           "tracker_id" => { :type => :list, :order => 2, :values => trackers.collect{|s| [s.name, s.id.to_s] } },                                                                                                                
                           "priority_id" => { :type => :list, :order => 3, :values => IssuePriority.all.collect{|s| [s.name, s.id.to_s] } },
-                           "subject" => { :type => :text, :order => 8 },
-                           "created_on" => { :type => :date_past, :order => 9 },
+                           "subject" => { :type => :text, :order => 8 },  
+                           "created_on" => { :type => :date_past, :order => 9 },                        
                           "updated_on" => { :type => :date_past, :order => 10 },
                           "start_date" => { :type => :date, :order => 11 },
                           "due_date" => { :type => :date, :order => 12 },
                           "estimated_hours" => { :type => :integer, :order => 13 },
                           "done_ratio" =>  { :type => :integer, :order => 14 }}
-
+    
    user_values = []
    user_values << ["<< #{l(:label_me)} >>", "me"] if User.current.logged?
    if project
      user_values += project.users.sort.collect{|s| [s.name, s.id.to_s] }
    else
-      all_projects = Project.visible.all
-      if all_projects.any?
-        # members of visible projects
-        user_values += User.active.find(:all, :conditions => ["#{User.table_name}.id IN (SELECT DISTINCT user_id FROM members WHERE project_id IN (?))", all_projects.collect(&:id)]).sort.collect{|s| [s.name, s.id.to_s] }
-
-        # project filter
-        project_values = []
-        Project.project_tree(all_projects) do |p, level|
-          prefix = (level > 0 ? ('--' * level + ' ') : '')
-          project_values << ["#{prefix}#{p.name}", p.id.to_s]
-        end
-        @available_filters["project_id"] = { :type => :list, :order => 1, :values => project_values} unless project_values.empty?
+      project_ids = Project.all(:conditions => Project.visible_by(User.current)).collect(&:id)
+      if project_ids.any?
+        # members of the user's projects
+        user_values += User.active.find(:all, :conditions => ["#{User.table_name}.id IN (SELECT DISTINCT user_id FROM members WHERE project_id IN (?))", project_ids]).sort.collect{|s| [s.name, s.id.to_s] }
      end
    end
    @available_filters["assigned_to_id"] = { :type => :list_optional, :order => 4, :values => user_values } unless user_values.empty?
    @available_filters["author_id"] = { :type => :list, :order => 5, :values => user_values } unless user_values.empty?
-
-    group_values = Group.all.collect {|g| [g.name, g.id.to_s] }
-    @available_filters["member_of_group"] = { :type => :list_optional, :order => 6, :values => group_values } unless group_values.empty?
-
-    role_values = Role.givable.collect {|r| [r.name, r.id.to_s] }
-    @available_filters["assigned_to_role"] = { :type => :list_optional, :order => 7, :values => role_values } unless role_values.empty?
-
+    
    if User.current.logged?
      @available_filters["watcher_id"] = { :type => :list, :order => 15, :values => [["<< #{l(:label_me)} >>", "me"]] }
    end
-
+  
    if project
      # project specific filters
-      categories = @project.issue_categories.all
-      unless categories.empty?
-        @available_filters["category_id"] = { :type => :list_optional, :order => 6, :values => categories.collect{|s| [s.name, s.id.to_s] } }
+      unless @project.issue_categories.empty?
+        @available_filters["category_id"] = { :type => :list_optional, :order => 6, :values => @project.issue_categories.collect{|s| [s.name, s.id.to_s] } }
      end
-      versions = @project.shared_versions.all
-      unless versions.empty?
-        @available_filters["fixed_version_id"] = { :type => :list_optional, :order => 7, :values => versions.sort.collect{|s| ["#{s.project.name} - #{s.name}", s.id.to_s] } }
+      unless @project.shared_versions.empty?
+        @available_filters["fixed_version_id"] = { :type => :list_optional, :order => 7, :values => @project.shared_versions.sort.collect{|s| ["#{s.project.name} - #{s.name}", s.id.to_s] } }
      end
-      unless @project.leaf?
-        subprojects = @project.descendants.visible.all
-        unless subprojects.empty?
-          @available_filters["subproject_id"] = { :type => :list_subprojects, :order => 13, :values => subprojects.collect{|s| [s.name, s.id.to_s] } }
-        end
+      unless @project.descendants.active.empty?
+        @available_filters["subproject_id"] = { :type => :list_subprojects, :order => 13, :values => @project.descendants.visible.collect{|s| [s.name, s.id.to_s] } }
      end
      add_custom_fields_filters(@project.all_issue_custom_fields)
    else
@@ -251,10 +219,16 @@ class Query < ActiveRecord::Base
        @available_filters["fixed_version_id"] = { :type => :list_optional, :order => 7, :values => system_shared_versions.sort.collect{|s| ["#{s.project.name} - #{s.name}", s.id.to_s] } }
      end
      add_custom_fields_filters(IssueCustomField.find(:all, :conditions => {:is_filter => true, :is_for_all => true}))
+      # project filter
+      project_values = Project.all(:conditions => Project.visible_by(User.current), :order => 'lft').map do |p|
+        pre = (p.level > 0 ? ('--' * p.level + ' ') : '')
+        ["#{pre}#{p.name}",p.id.to_s]
+      end
+      @available_filters["project_id"] = { :type => :list, :order => 1, :values => project_values}
    end
    @available_filters
  end
-
+  
  def add_filter(field, operator, values)
    # values must be an array
    return unless values and values.is_a? Array # and !values.first.empty?
@@ -269,7 +243,7 @@ class Query < ActiveRecord::Base
      filters[field] = {:operator => operator, :values => values }
    end
  end
-
+  
  def add_short_filter(field, expression)
    return unless expression
    parms = expression.scan(/^(o|c|!\*|!|\*)?(.*)$/).first
@@ -278,25 +252,23 @@ class Query < ActiveRecord::Base

  # Add multiple filters using +add_filter+
  def add_filters(fields, operators, values)
-    if fields.is_a?(Array) && operators.is_a?(Hash) && values.is_a?(Hash)
-      fields.each do |field|
-        add_filter(field, operators[field], values[field])
-      end
+    fields.each do |field|
+      add_filter(field, operators[field], values[field])
    end
  end
-
+  
  def has_filter?(field)
    filters and filters[field]
  end
-
+  
  def operator_for(field)
    has_filter?(field) ? filters[field][:operator] : nil
  end
-
+  
  def values_for(field)
    has_filter?(field) ? filters[field][:values] : nil
  end
-
+  
  def label_for(field)
    label = available_filters[field][:name] if available_filters.has_key?(field)
    label ||= field.gsub(/\_id$/, "")
@@ -308,17 +280,17 @@ class Query < ActiveRecord::Base
    @available_columns += (project ? 
                            project.all_issue_custom_fields :
                            IssueCustomField.find(:all)
-                           ).collect {|cf| QueryCustomFieldColumn.new(cf) }
+                           ).collect {|cf| QueryCustomFieldColumn.new(cf) }      
  end

  def self.available_columns=(v)
    self.available_columns = (v)
  end
-
+  
  def self.add_available_column(column)
    self.available_columns << (column) if column.is_a?(QueryColumn)
  end
-
+  
  # Returns an array of columns that can be used to group the results
  def groupable_columns
    available_columns.select {|c| c.groupable}
@@ -331,42 +303,39 @@ class Query < ActiveRecord::Base
                                               h
                                             })
  end
-
+  
  def columns
-    # preserve the column_names order
-    (has_default_columns? ? default_columns_names : column_names).collect do |name|
-       available_columns.find { |col| col.name == name }
-    end.compact
-  end
-
-  def default_columns_names
-    @default_columns_names ||= begin
-      default_columns = Setting.issue_list_default_columns.map(&:to_sym)
-
-      project.present? ? default_columns : [:project] | default_columns
+    if has_default_columns?
+      available_columns.select do |c|
+        # Adds the project column by default for cross-project lists
+        Setting.issue_list_default_columns.include?(c.name.to_s) || (c.name == :project && project.nil?)
+      end
+    else
+      # preserve the column_names order
+      column_names.collect {|name| available_columns.find {|col| col.name == name}}.compact
    end
  end
-
+  
  def column_names=(names)
    if names
      names = names.select {|n| n.is_a?(Symbol) || !n.blank? }
      names = names.collect {|n| n.is_a?(Symbol) ? n : n.to_sym }
      # Set column_names to nil if default columns
-      if names == default_columns_names
+      if names.map(&:to_s) == Setting.issue_list_default_columns
        names = nil
      end
    end
    write_attribute(:column_names, names)
  end
-
+  
  def has_column?(column)
    column_names && column_names.include?(column.name)
  end
-
+  
  def has_default_columns?
    column_names.nil? || column_names.empty?
  end
-
+  
  def sort_criteria=(arg)
    c = []
    if arg.is_a?(Hash)
@@ -375,19 +344,19 @@ class Query < ActiveRecord::Base
    c = arg.select {|k,o| !k.to_s.blank?}.slice(0,3).collect {|k,o| [k.to_s, o == 'desc' ? o : 'asc']}
    write_attribute(:sort_criteria, c)
  end
-
+  
  def sort_criteria
    read_attribute(:sort_criteria) || []
  end
-
+  
  def sort_criteria_key(arg)
    sort_criteria && sort_criteria[arg] && sort_criteria[arg].first
  end
-
+  
  def sort_criteria_order(arg)
    sort_criteria && sort_criteria[arg] && sort_criteria[arg].last
  end
-
+  
  # Returns the SQL sort order that should be prepended for grouping
  def group_by_sort_order
    if grouped? && (column = group_by_column)
@@ -396,20 +365,20 @@ class Query < ActiveRecord::Base
        "#{column.sortable} #{column.default_order}"
    end
  end
-
+  
  # Returns true if the query is a grouped query
  def grouped?
-    !group_by_column.nil?
+    !group_by.blank?
  end
-
+  
  def group_by_column
-    groupable_columns.detect {|c| c.groupable && c.name.to_s == group_by}
+    groupable_columns.detect {|c| c.name.to_s == group_by}
  end
-
+  
  def group_by_statement
-    group_by_column.try(:groupable)
+    group_by_column.groupable
  end
-
+  
  def project_statement
    project_clauses = []
    if project && !@project.descendants.active.empty?
@@ -432,7 +401,8 @@ class Query < ActiveRecord::Base
    elsif project
      project_clauses << "#{Project.table_name}.id = %d" % project.id
    end
-    project_clauses.any? ? project_clauses.join(' AND ') : nil
+    project_clauses <<  Project.allowed_to_condition(User.current, :view_issues)
+    project_clauses.join(' AND ')
  end

  def statement
@@ -443,12 +413,12 @@ class Query < ActiveRecord::Base
      v = values_for(field).clone
      next unless v and !v.empty?
      operator = operator_for(field)
-
+      
      # "me" value subsitution
      if %w(assigned_to_id author_id watcher_id).include?(field)
        v.push(User.current.logged? ? User.current.id.to_s : "0") if v.delete("me")
      end
-
+      
      sql = ''
      if field =~ /^cf_(\d+)$/
        # custom field
@@ -462,47 +432,6 @@ class Query < ActiveRecord::Base
        db_field = 'user_id'
        sql << "#{Issue.table_name}.id #{ operator == '=' ? 'IN' : 'NOT IN' } (SELECT #{db_table}.watchable_id FROM #{db_table} WHERE #{db_table}.watchable_type='Issue' AND "
        sql << sql_for_field(field, '=', v, db_table, db_field) + ')'
-      elsif field == "member_of_group" # named field
-        if operator == '*' # Any group
-          groups = Group.all
-          operator = '=' # Override the operator since we want to find by assigned_to
-        elsif operator == "!*"
-          groups = Group.all
-          operator = '!' # Override the operator since we want to find by assigned_to
-        else
-          groups = Group.find_all_by_id(v)
-        end
-        groups ||= []
-
-        members_of_groups = groups.inject([]) {|user_ids, group|
-          if group && group.user_ids.present?
-            user_ids << group.user_ids
-          end
-          user_ids.flatten.uniq.compact
-        }.sort.collect(&:to_s)
-
-        sql << '(' + sql_for_field("assigned_to_id", operator, members_of_groups, Issue.table_name, "assigned_to_id", false) + ')'
-
-      elsif field == "assigned_to_role" # named field
-        if operator == "*" # Any Role
-          roles = Role.givable
-          operator = '=' # Override the operator since we want to find by assigned_to
-        elsif operator == "!*" # No role
-          roles = Role.givable
-          operator = '!' # Override the operator since we want to find by assigned_to
-        else
-          roles = Role.givable.find_all_by_id(v)
-        end
-        roles ||= []
-
-        members_of_roles = roles.inject([]) {|user_ids, role|
-          if role && role.members
-            user_ids << role.members.collect(&:user_id)
-          end
-          user_ids.flatten.uniq.compact
-        }.sort.collect(&:to_s)
-
-        sql << '(' + sql_for_field("assigned_to_id", operator, members_of_roles, Issue.table_name, "assigned_to_id", false) + ')'
      else
        # regular field
        db_table = Issue.table_name
@@ -510,29 +439,26 @@ class Query < ActiveRecord::Base
        sql << '(' + sql_for_field(field, operator, v, db_table, db_field) + ')'
      end
      filters_clauses << sql
-
+      
    end if filters and valid?
-
-    filters_clauses << project_statement
-    filters_clauses.reject!(&:blank?)
-
-    filters_clauses.any? ? filters_clauses.join(' AND ') : nil
+    
+    (filters_clauses << project_statement).join(' AND ')
  end
-
+  
  # Returns the issue count
  def issue_count
-    Issue.visible.count(:include => [:status, :project], :conditions => statement)
+    Issue.count(:include => [:status, :project], :conditions => statement)
  rescue ::ActiveRecord::StatementInvalid => e
    raise StatementInvalid.new(e.message)
  end
-
+  
  # Returns the issue count by group or nil if query is not grouped
  def issue_count_by_group
    r = nil
    if grouped?
      begin
        # Rails will raise an (unexpected) RecordNotFound if there's only a nil group value
-        r = Issue.visible.count(:group => group_by_statement, :include => [:status, :project], :conditions => statement)
+        r = Issue.count(:group => group_by_statement, :include => [:status, :project], :conditions => statement)
      rescue ActiveRecord::RecordNotFound
        r = {nil => issue_count}
      end
@@ -545,14 +471,14 @@ class Query < ActiveRecord::Base
  rescue ::ActiveRecord::StatementInvalid => e
    raise StatementInvalid.new(e.message)
  end
-
+  
  # Returns the issues
  # Valid options are :order, :offset, :limit, :include, :conditions
  def issues(options={})
    order_option = [group_by_sort_order, options[:order]].reject {|s| s.blank?}.join(',')
    order_option = nil if order_option.blank?
-
-    Issue.visible.find :all, :include => ([:status, :project] + (options[:include] || [])).uniq,
+    
+    Issue.find :all, :include => ([:status, :project] + (options[:include] || [])).uniq,
                     :conditions => Query.merge_conditions(statement, options[:conditions]),
                     :order => order_option,
                     :limit  => options[:limit],
@@ -564,7 +490,7 @@ class Query < ActiveRecord::Base
  # Returns the journals
  # Valid options are :order, :offset, :limit
  def journals(options={})
-    Journal.visible.find :all, :include => [:details, :user, {:issue => [:project, :author, :tracker, :status]}],
+    Journal.find :all, :include => [:details, :user, {:issue => [:project, :author, :tracker, :status]}],
                       :conditions => statement,
                       :order => options[:order],
                       :limit => options[:limit],
@@ -572,36 +498,26 @@ class Query < ActiveRecord::Base
  rescue ::ActiveRecord::StatementInvalid => e
    raise StatementInvalid.new(e.message)
  end
-
+  
  # Returns the versions
  # Valid options are :conditions
  def versions(options={})
-    Version.visible.find :all, :include => :project,
+    Version.find :all, :include => :project,
                       :conditions => Query.merge_conditions(project_statement, options[:conditions])
  rescue ::ActiveRecord::StatementInvalid => e
    raise StatementInvalid.new(e.message)
  end
-
+  
  private
-
+  
  # Helper method to generate the WHERE sql for a +field+, +operator+ and a +value+
  def sql_for_field(field, operator, value, db_table, db_field, is_custom_filter=false)
    sql = ''
    case operator
    when "="
-      if value.any?
-        sql = "#{db_table}.#{db_field} IN (" + value.collect{|val| "'#{connection.quote_string(val)}'"}.join(",") + ")"
-      else
-        # IN an empty set
-        sql = "1=0"
-      end
+      sql = "#{db_table}.#{db_field} IN (" + value.collect{|val| "'#{connection.quote_string(val)}'"}.join(",") + ")"
    when "!"
-      if value.any?
-        sql = "(#{db_table}.#{db_field} IS NULL OR #{db_table}.#{db_field} NOT IN (" + value.collect{|val| "'#{connection.quote_string(val)}'"}.join(",") + "))"
-      else
-        # NOT IN an empty set
-        sql = "1=1"
-      end
+      sql = "(#{db_table}.#{db_field} IS NULL OR #{db_table}.#{db_field} NOT IN (" + value.collect{|val| "'#{connection.quote_string(val)}'"}.join(",") + "))"
    when "!*"
      sql = "#{db_table}.#{db_field} IS NULL"
      sql << " OR #{db_table}.#{db_field} = ''" if is_custom_filter
@@ -631,22 +547,24 @@ class Query < ActiveRecord::Base
    when "t"
      sql = date_range_clause(db_table, db_field, 0, 0)
    when "w"
-      first_day_of_week = l(:general_first_day_of_week).to_i
-      day_of_week = Date.today.cwday
-      days_ago = (day_of_week >= first_day_of_week ? day_of_week - first_day_of_week : day_of_week + 7 - first_day_of_week)
-      sql = date_range_clause(db_table, db_field, - days_ago, - days_ago + 6)
+      from = l(:general_first_day_of_week) == '7' ?
+      # week starts on sunday
+      ((Date.today.cwday == 7) ? Time.now.at_beginning_of_day : Time.now.at_beginning_of_week - 1.day) :
+        # week starts on monday (Rails default)
+        Time.now.at_beginning_of_week
+      sql = "#{db_table}.#{db_field} BETWEEN '%s' AND '%s'" % [connection.quoted_date(from), connection.quoted_date(from + 7.days)]
    when "~"
      sql = "LOWER(#{db_table}.#{db_field}) LIKE '%#{connection.quote_string(value.first.to_s.downcase)}%'"
    when "!~"
      sql = "LOWER(#{db_table}.#{db_field}) NOT LIKE '%#{connection.quote_string(value.first.to_s.downcase)}%'"
    end
-
+    
    return sql
  end
-
+  
  def add_custom_fields_filters(custom_fields)
    @available_filters ||= {}
-
+    
    custom_fields.select(&:is_filter?).each do |field|
      case field.field_format
      when "text"
@@ -657,16 +575,13 @@ class Query < ActiveRecord::Base
        options = { :type => :date, :order => 20 }
      when "bool"
        options = { :type => :list, :values => [[l(:general_text_yes), "1"], [l(:general_text_no), "0"]], :order => 20 }
-      when "user", "version"
-        next unless project
-        options = { :type => :list_optional, :values => field.possible_values_options(project), :order => 20}
      else
        options = { :type => :string, :order => 20 }
      end
      @available_filters["cf_#{field.id}"] = options.merge({ :name => field.name })
    end
  end
-
+  
  # Returns a SQL clause for a date or datetime field.
  def date_range_clause(table, field, from, to)
    s = []
--- a/app/models/repository.rb
+++ b/app/models/repository.rb
@@ -1,89 +1,52 @@
-# Redmine - project management software
-# Copyright (C) 2006-2011  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006-2007  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class Repository < ActiveRecord::Base
-  include Redmine::Ciphering
-
  belongs_to :project
  has_many :changesets, :order => "#{Changeset.table_name}.committed_on DESC, #{Changeset.table_name}.id DESC"
  has_many :changes, :through => :changesets
-
-  serialize :extra_info
-
+  
  # Raw SQL to delete changesets and changes in the database
  # has_many :changesets, :dependent => :destroy is too slow for big repositories
  before_destroy :clear_changesets
-
-  validates_length_of :password, :maximum => 255, :allow_nil => true
+  
  # Checks if the SCM is enabled when creating a repository
  validate_on_create { |r| r.errors.add(:type, :invalid) unless Setting.enabled_scm.include?(r.class.name.demodulize) }
-
-  def self.human_attribute_name(attribute_key_name)
-    attr_name = attribute_key_name
-    if attr_name == "log_encoding"
-      attr_name = "commit_logs_encoding"
-    end
-    super(attr_name)
-  end
-
+  
  # Removes leading and trailing whitespace
  def url=(arg)
    write_attribute(:url, arg ? arg.to_s.strip : nil)
  end
-
+  
  # Removes leading and trailing whitespace
  def root_url=(arg)
    write_attribute(:root_url, arg ? arg.to_s.strip : nil)
  end

-  def password
-    read_ciphered_attribute(:password)
-  end
-
-  def password=(arg)
-    write_ciphered_attribute(:password, arg)
-  end
-
-  def scm_adapter
-    self.class.scm_adapter_class
-  end
-
  def scm
-    @scm ||= self.scm_adapter.new(url, root_url,
-                                  login, password, path_encoding)
+    @scm ||= self.scm_adapter.new url, root_url, login, password
    update_attribute(:root_url, @scm.root_url) if root_url.blank?
    @scm
  end
-
+  
  def scm_name
    self.class.scm_name
  end
-
-  def merge_extra_info(arg)
-    h = extra_info || {}
-    return h if arg.nil?
-    h.merge!(arg)
-    write_attribute(:extra_info, h)
-  end
-
-  def report_last_commit
-    true
-  end
-
+  
  def supports_cat?
    scm.supports_cat?
  end
@@ -91,19 +54,11 @@ class Repository < ActiveRecord::Base
  def supports_annotate?
    scm.supports_annotate?
  end
-
-  def supports_all_revisions?
-    true
-  end
-
-  def supports_directory_revisions?
-    false
-  end
-
+  
  def entry(path=nil, identifier=nil)
    scm.entry(path, identifier)
  end
-
+  
  def entries(path=nil, identifier=nil)
    scm.entries(path, identifier)
  end
@@ -117,40 +72,31 @@ class Repository < ActiveRecord::Base
  end

  def default_branch
-    nil
+    scm.default_branch
  end
-
+  
  def properties(path, identifier=nil)
    scm.properties(path, identifier)
  end
-
+  
  def cat(path, identifier=nil)
    scm.cat(path, identifier)
  end
-
+  
  def diff(path, rev, rev_to)
    scm.diff(path, rev, rev_to)
  end
-
-  def diff_format_revisions(cs, cs_to, sep=':')
-    text = ""
-    text << cs_to.format_identifier + sep if cs_to
-    text << cs.format_identifier if cs
-    text
-  end
-
+  
  # Returns a path relative to the url of the repository
  def relative_path(path)
    path
  end
-
+  
  # Finds and returns a revision with a number or the beginning of a hash
  def find_changeset_by_name(name)
-    return nil if name.blank?
-    changesets.find(:first, :conditions => (name.match(/^\d*$/) ?
-          ["revision = ?", name.to_s] : ["revision LIKE ?", name + '%']))
+    changesets.find(:first, :conditions => (name.match(/^\d*$/) ? ["revision = ?", name.to_s] : ["revision LIKE ?", name + '%']))
  end
-
+  
  def latest_changeset
    @latest_changeset ||= changesets.find(:first)
  end
@@ -159,32 +105,26 @@ class Repository < ActiveRecord::Base
  # Default behaviour is to search in cached changesets
  def latest_changesets(path, rev, limit=10)
    if path.blank?
-      changesets.find(
-         :all,
-         :include => :user,
-         :order => "#{Changeset.table_name}.committed_on DESC, #{Changeset.table_name}.id DESC",
-         :limit => limit)
+      changesets.find(:all, :include => :user,
+                            :order => "#{Changeset.table_name}.committed_on DESC, #{Changeset.table_name}.id DESC",
+                            :limit => limit)
    else
-      changes.find(
-         :all,
-         :include => {:changeset => :user},
-         :conditions => ["path = ?", path.with_leading_slash],
-         :order => "#{Changeset.table_name}.committed_on DESC, #{Changeset.table_name}.id DESC",
-         :limit => limit
-       ).collect(&:changeset)
+      changes.find(:all, :include => {:changeset => :user}, 
+                         :conditions => ["path = ?", path.with_leading_slash],
+                         :order => "#{Changeset.table_name}.committed_on DESC, #{Changeset.table_name}.id DESC",
+                         :limit => limit).collect(&:changeset)
    end
  end
-
+    
  def scan_changesets_for_issue_ids
    self.changesets.each(&:scan_comment_for_issue_ids)
  end

  # Returns an array of committers usernames and associated user_id
  def committers
-    @committers ||= Changeset.connection.select_rows(
-         "SELECT DISTINCT committer, user_id FROM #{Changeset.table_name} WHERE repository_id = #{id}")
+    @committers ||= Changeset.connection.select_rows("SELECT DISTINCT committer, user_id FROM #{Changeset.table_name} WHERE repository_id = #{id}")
  end
-
+  
  # Maps committers username to a user ids
  def committer_ids=(h)
    if h.is_a?(Hash)
@@ -192,19 +132,17 @@ class Repository < ActiveRecord::Base
        new_user_id = h[committer]
        if new_user_id && (new_user_id.to_i != user_id.to_i)
          new_user_id = (new_user_id.to_i > 0 ? new_user_id.to_i : nil)
-          Changeset.update_all(
-               "user_id = #{ new_user_id.nil? ? 'NULL' : new_user_id }",
-               ["repository_id = ? AND committer = ?", id, committer])
+          Changeset.update_all("user_id = #{ new_user_id.nil? ? 'NULL' : new_user_id }", ["repository_id = ? AND committer = ?", id, committer])
        end
      end
-      @committers            = nil
+      @committers = nil
      @found_committer_users = nil
      true
    else
      false
    end
  end
-
+  
  # Returns the Redmine User corresponding to the given +committer+
  # It will return nil if the committer is not yet mapped and if no User
  # with the same username or email was found
@@ -212,7 +150,7 @@ class Repository < ActiveRecord::Base
    unless committer.blank?
      @found_committer_users ||= {}
      return @found_committer_users[committer] if @found_committer_users.has_key?(committer)
-
+      
      user = nil
      c = changesets.find(:first, :conditions => {:committer => committer}, :include => :user)
      if c && c.user
@@ -227,27 +165,18 @@ class Repository < ActiveRecord::Base
      user
    end
  end
-
-  def repo_log_encoding
-    encoding = log_encoding.to_s.strip
-    encoding.blank? ? 'UTF-8' : encoding
-  end
-
+  
  # Fetches new changesets for all repositories of active projects
  # Can be called periodically by an external script
  # eg. ruby script/runner "Repository.fetch_changesets"
  def self.fetch_changesets
    Project.active.has_module(:repository).find(:all, :include => :repository).each do |project|
      if project.repository
-        begin
-          project.repository.fetch_changesets
-        rescue Redmine::Scm::Adapters::CommandFailed => e
-          logger.error "scm: error during fetching changesets: #{e.message}"
-        end
+        project.repository.fetch_changesets
      end
    end
  end
-
+  
  # scan changeset comments to find related and fixed issues for all repositories
  def self.scan_changesets_for_issue_ids
    find(:all).each(&:scan_changesets_for_issue_ids)
@@ -256,61 +185,27 @@ class Repository < ActiveRecord::Base
  def self.scm_name
    'Abstract'
  end
-
+  
  def self.available_scm
    subclasses.collect {|klass| [klass.scm_name, klass.name]}
  end
-
+  
  def self.factory(klass_name, *args)
    klass = "Repository::#{klass_name}".constantize
    klass.new(*args)
  rescue
    nil
  end
-
-  def self.scm_adapter_class
-    nil
-  end
-
-  def self.scm_command
-    ret = ""
-    begin
-      ret = self.scm_adapter_class.client_command if self.scm_adapter_class
-    rescue Exception => e
-      logger.error "scm: error during get command: #{e.message}"
-    end
-    ret
-  end
-
-  def self.scm_version_string
-    ret = ""
-    begin
-      ret = self.scm_adapter_class.client_version_string if self.scm_adapter_class
-    rescue Exception => e
-      logger.error "scm: error during get version string: #{e.message}"
-    end
-    ret
-  end
-
-  def self.scm_available
-    ret = false
-    begin
-      ret = self.scm_adapter_class.client_available if self.scm_adapter_class
-    rescue Exception => e
-      logger.error "scm: error during get scm available: #{e.message}"
-    end
-    ret
-  end
-
+  
  private
-
+  
  def before_save
    # Strips url and root_url
    url.strip!
    root_url.strip!
    true
  end
-
+  
  def clear_changesets
    cs, ch, ci = Changeset.table_name, Change.table_name, "#{table_name_prefix}changesets_issues#{table_name_suffix}"
    connection.delete("DELETE FROM #{ch} WHERE #{ch}.changeset_id IN (SELECT #{cs}.id FROM #{cs} WHERE #{cs}.repository_id = #{id})")
--- a/app/models/repository/bazaar.rb
+++ b/app/models/repository/bazaar.rb
@@ -1,16 +1,16 @@
-# Redmine - project management software
-# Copyright (C) 2006-2011  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006-2007  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
@@ -19,24 +19,16 @@ require 'redmine/scm/adapters/bazaar_adapter'

 class Repository::Bazaar < Repository
  attr_protected :root_url
-  validates_presence_of :url, :log_encoding
+  validates_presence_of :url

-  def self.human_attribute_name(attribute_key_name)
-    attr_name = attribute_key_name
-    if attr_name == "url"
-      attr_name = "path_to_repository"
-    end
-    super(attr_name)
-  end
-
-  def self.scm_adapter_class
+  def scm_adapter
    Redmine::Scm::Adapters::BazaarAdapter
  end
-
+  
  def self.scm_name
    'Bazaar'
  end
-
+  
  def entries(path=nil, identifier=nil)
    entries = scm.entries(path, identifier)
    if entries
@@ -47,24 +39,19 @@ class Repository::Bazaar < Repository
          full_path = File.join(root_url, e.path)
          e.size = File.stat(full_path).size if File.file?(full_path)
        end
-        c = Change.find(
-               :first,
-               :include    => :changeset,
-               :conditions => [
-                   "#{Change.table_name}.revision = ? and #{Changeset.table_name}.repository_id = ?",
-                   e.lastrev.revision,
-                   id
-                   ],
-               :order => "#{Changeset.table_name}.revision DESC")
+        c = Change.find(:first,
+                        :include => :changeset,
+                        :conditions => ["#{Change.table_name}.revision = ? and #{Changeset.table_name}.repository_id = ?", e.lastrev.revision, id],
+                        :order => "#{Changeset.table_name}.revision DESC")
        if c
          e.lastrev.identifier = c.changeset.revision
-          e.lastrev.name       = c.changeset.revision
-          e.lastrev.author     = c.changeset.committer
+          e.lastrev.name = c.changeset.revision
+          e.lastrev.author = c.changeset.committer
        end
      end
    end
  end
-
+  
  def fetch_changesets
    scm_info = scm.info
    if scm_info
@@ -81,18 +68,18 @@ class Repository::Bazaar < Repository
          revisions = scm.revisions('', identifier_to, identifier_from, :with_paths => true)
          transaction do
            revisions.reverse_each do |revision|
-              changeset = Changeset.create(:repository   => self,
-                                           :revision     => revision.identifier,
-                                           :committer    => revision.author,
+              changeset = Changeset.create(:repository => self,
+                                           :revision => revision.identifier, 
+                                           :committer => revision.author, 
                                           :committed_on => revision.time,
-                                           :scmid        => revision.scmid,
-                                           :comments     => revision.message)
-
+                                           :scmid => revision.scmid,
+                                           :comments => revision.message)
+              
              revision.paths.each do |change|
                Change.create(:changeset => changeset,
-                              :action    => change[:action],
-                              :path      => change[:path],
-                              :revision  => change[:revision])
+                              :action => change[:action],
+                              :path => change[:path],
+                              :revision => change[:revision])
              end
            end
          end unless revisions.nil?
--- a/app/models/repository/cvs.rb
+++ b/app/models/repository/cvs.rb
@@ -1,16 +1,16 @@
-# Redmine - project management software
-# Copyright (C) 2006-2011  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006-2007  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
@@ -19,95 +19,67 @@ require 'redmine/scm/adapters/cvs_adapter'
 require 'digest/sha1'

 class Repository::Cvs < Repository
-  validates_presence_of :url, :root_url, :log_encoding
+  validates_presence_of :url, :root_url

-  def self.human_attribute_name(attribute_key_name)
-    attr_name = attribute_key_name
-    if attr_name == "root_url"
-      attr_name = "cvsroot"
-    elsif attr_name == "url"
-      attr_name = "cvs_module"
-    end
-    super(attr_name)
-  end
-
-  def self.scm_adapter_class
+  def scm_adapter
    Redmine::Scm::Adapters::CvsAdapter
  end
-
+  
  def self.scm_name
    'CVS'
  end
-
+  
  def entry(path=nil, identifier=nil)
    rev = identifier.nil? ? nil : changesets.find_by_revision(identifier)
    scm.entry(path, rev.nil? ? nil : rev.committed_on)
  end
-
+  
  def entries(path=nil, identifier=nil)
-    rev = nil
-    if ! identifier.nil?
-      rev = changesets.find_by_revision(identifier)
-      return nil if rev.nil?
-    end
+    rev = identifier.nil? ? nil : changesets.find_by_revision(identifier)
    entries = scm.entries(path, rev.nil? ? nil : rev.committed_on)
    if entries
      entries.each() do |entry|
-        if ( ! entry.lastrev.nil? ) && ( ! entry.lastrev.revision.nil? )
-          change=changes.find_by_revision_and_path(
-                     entry.lastrev.revision,
-                     scm.with_leading_slash(entry.path) )
+        unless entry.lastrev.nil? || entry.lastrev.identifier
+          change=changes.find_by_revision_and_path( entry.lastrev.revision, scm.with_leading_slash(entry.path) )
          if change
-            entry.lastrev.identifier = change.changeset.revision
-            entry.lastrev.revision   = change.changeset.revision
-            entry.lastrev.author     = change.changeset.committer
-            # entry.lastrev.branch     = change.branch
+            entry.lastrev.identifier=change.changeset.revision
+            entry.lastrev.author=change.changeset.committer
+            entry.lastrev.revision=change.revision
+            entry.lastrev.branch=change.branch
          end
        end
      end
    end
    entries
  end
-
+  
  def cat(path, identifier=nil)
-    rev = nil
-    if ! identifier.nil?
-      rev = changesets.find_by_revision(identifier)
-      return nil if rev.nil?
-    end
+    rev = identifier.nil? ? nil : changesets.find_by_revision(identifier)
    scm.cat(path, rev.nil? ? nil : rev.committed_on)
  end
-
-  def annotate(path, identifier=nil)
-    rev = nil
-    if ! identifier.nil?
-      rev = changesets.find_by_revision(identifier)
-      return nil if rev.nil?
-    end
-    scm.annotate(path, rev.nil? ? nil : rev.committed_on)
-  end
-
+  
  def diff(path, rev, rev_to)
-    # convert rev to revision. CVS can't handle changesets here
+    #convert rev to revision. CVS can't handle changesets here
    diff=[]
-    changeset_from = changesets.find_by_revision(rev)
-    if rev_to.to_i > 0
-      changeset_to = changesets.find_by_revision(rev_to)
+    changeset_from=changesets.find_by_revision(rev)
+    if rev_to.to_i > 0 
+      changeset_to=changesets.find_by_revision(rev_to)
    end
    changeset_from.changes.each() do |change_from|
-      revision_from = nil
-      revision_to   = nil
-      if path.nil? || (change_from.path.starts_with? scm.with_leading_slash(path))
-        revision_from = change_from.revision
-      end
+      
+      revision_from=nil
+      revision_to=nil      
+      
+      revision_from=change_from.revision if path.nil? || (change_from.path.starts_with? scm.with_leading_slash(path))
+      
      if revision_from
        if changeset_to
          changeset_to.changes.each() do |change_to|
-            revision_to = change_to.revision if change_to.path == change_from.path
+            revision_to=change_to.revision if change_to.path==change_from.path 
          end
        end
        unless revision_to
-          revision_to = scm.get_previous_revision(revision_from)
+          revision_to=scm.get_previous_revision(revision_from)
        end
        file_diff = scm.diff(change_from.path, revision_from, revision_to)
        diff = diff + file_diff unless file_diff.nil?
@@ -115,91 +87,75 @@ class Repository::Cvs < Repository
    end
    return diff
  end
-
+  
  def fetch_changesets
    # some nifty bits to introduce a commit-id with cvs
-    # natively cvs doesn't provide any kind of changesets,
-    # there is only a revision per file.
+    # natively cvs doesn't provide any kind of changesets, there is only a revision per file.
    # we now take a guess using the author, the commitlog and the commit-date.
-
-    # last one is the next step to take. the commit-date is not equal for all
+    
+    # last one is the next step to take. the commit-date is not equal for all 
    # commits in one changeset. cvs update the commit-date when the *,v file was touched. so
    # we use a small delta here, to merge all changes belonging to _one_ changeset
-    time_delta  = 10.seconds
+    time_delta=10.seconds
+    
    fetch_since = latest_changeset ? latest_changeset.committed_on : nil
    transaction do
      tmp_rev_num = 1
-      scm.revisions('', fetch_since, nil, :log_encoding => repo_log_encoding) do |revision|
+      scm.revisions('', fetch_since, nil, :with_paths => true) do |revision|
        # only add the change to the database, if it doen't exists. the cvs log
-        # is not exclusive at all.
-        tmp_time = revision.time.clone
-        unless changes.find_by_path_and_revision(
-	                         scm.with_leading_slash(revision.paths[0][:path]),
-	                         revision.paths[0][:revision]
-	                           )
-          cmt = Changeset.normalize_comments(revision.message, repo_log_encoding)
-          author_utf8 = Changeset.to_utf8(revision.author, repo_log_encoding)
-          cs  = changesets.find(
-            :first,
-            :conditions => {
-                :committed_on => tmp_time - time_delta .. tmp_time + time_delta,
-                :committer    => author_utf8,
-                :comments     => cmt
-                }
-             )
-          # create a new changeset....
+        # is not exclusive at all. 
+        unless changes.find_by_path_and_revision(scm.with_leading_slash(revision.paths[0][:path]), revision.paths[0][:revision])
+          revision
+          cs = changesets.find(:first, :conditions=>{
+            :committed_on=>revision.time-time_delta..revision.time+time_delta,
+            :committer=>revision.author,
+            :comments=>Changeset.normalize_comments(revision.message)
+          })
+        
+          # create a new changeset.... 
          unless cs
            # we use a temporaray revision number here (just for inserting)
            # later on, we calculate a continous positive number
-            tmp_time2 = tmp_time.clone.gmtime
-            branch    = revision.paths[0][:branch]
-            scmid     = branch + "-" + tmp_time2.strftime("%Y%m%d-%H%M%S")
-            cs = Changeset.create(:repository   => self,
-                                  :revision     => "tmp#{tmp_rev_num}",
-                                  :scmid        => scmid,
-                                  :committer    => revision.author,
-                                  :committed_on => tmp_time,
-                                  :comments     => revision.message)
+            latest = changesets.find(:first, :order => 'id DESC')
+            cs = Changeset.create(:repository => self,
+                                  :revision => "_#{tmp_rev_num}", 
+                                  :committer => revision.author, 
+                                  :committed_on => revision.time,
+                                  :comments => revision.message)
            tmp_rev_num += 1
          end
-          # convert CVS-File-States to internal Action-abbrevations
-          # default action is (M)odified
-          action = "M"
-          if revision.paths[0][:action] == "Exp" && revision.paths[0][:revision] == "1.1"
-            action = "A" # add-action always at first revision (= 1.1)
-          elsif revision.paths[0][:action] == "dead"
-            action = "D" # dead-state is similar to Delete
+        
+          #convert CVS-File-States to internal Action-abbrevations
+          #default action is (M)odified
+          action="M"
+          if revision.paths[0][:action]=="Exp" && revision.paths[0][:revision]=="1.1"
+            action="A" #add-action always at first revision (= 1.1)
+          elsif revision.paths[0][:action]=="dead"
+            action="D" #dead-state is similar to Delete
          end
-          Change.create(
-             :changeset => cs,
-             :action    => action,
-             :path      => scm.with_leading_slash(revision.paths[0][:path]),
-             :revision  => revision.paths[0][:revision],
-             :branch    => revision.paths[0][:branch]
-              )
+        
+          Change.create(:changeset => cs,
+          :action => action,
+          :path => scm.with_leading_slash(revision.paths[0][:path]),
+          :revision => revision.paths[0][:revision],
+          :branch => revision.paths[0][:branch]
+          )
        end
      end
-
+      
      # Renumber new changesets in chronological order
-      changesets.find(
-              :all,
-              :order => 'committed_on ASC, id ASC',
-              :conditions => "revision LIKE 'tmp%'"
-           ).each do |changeset|
+      changesets.find(:all, :order => 'committed_on ASC, id ASC', :conditions => "revision LIKE '_%'").each do |changeset|
        changeset.update_attribute :revision, next_revision_number
      end
    end # transaction
-    @current_revision_number = nil
  end
-
+  
  private
-
+  
  # Returns the next revision number to assign to a CVS changeset
  def next_revision_number
    # Need to retrieve existing revision numbers to sort them as integers
-    sql = "SELECT revision FROM #{Changeset.table_name} "
-    sql << "WHERE repository_id = #{id} AND revision NOT LIKE 'tmp%'"
-    @current_revision_number ||= (connection.select_values(sql).collect(&:to_i).max || 0)
+    @current_revision_number ||= (connection.select_values("SELECT revision FROM #{Changeset.table_name} WHERE repository_id = #{id} AND revision NOT LIKE '_%'").collect(&:to_i).max || 0)
    @current_revision_number += 1
  end
 end
--- a/app/models/repository/darcs.rb
+++ b/app/models/repository/darcs.rb
@@ -1,16 +1,16 @@
-# Redmine - project management software
-# Copyright (C) 2006-2011  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006-2007  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
@@ -18,62 +18,44 @@
 require 'redmine/scm/adapters/darcs_adapter'

 class Repository::Darcs < Repository
-  validates_presence_of :url, :log_encoding
+  validates_presence_of :url

-  def self.human_attribute_name(attribute_key_name)
-    attr_name = attribute_key_name
-    if attr_name == "url"
-      attr_name = "path_to_repository"
-    end
-    super(attr_name)
-  end
-
-  def self.scm_adapter_class
+  def scm_adapter
    Redmine::Scm::Adapters::DarcsAdapter
  end
-
+  
  def self.scm_name
    'Darcs'
  end
-
-  def supports_directory_revisions?
-    true
-  end
-
+  
  def entry(path=nil, identifier=nil)
    patch = identifier.nil? ? nil : changesets.find_by_revision(identifier)
    scm.entry(path, patch.nil? ? nil : patch.scmid)
  end
-
+  
  def entries(path=nil, identifier=nil)
-    patch = nil
-    if ! identifier.nil?
-      patch = changesets.find_by_revision(identifier)
-      return nil if patch.nil?
-    end
+    patch = identifier.nil? ? nil : changesets.find_by_revision(identifier)
    entries = scm.entries(path, patch.nil? ? nil : patch.scmid)
    if entries
      entries.each do |entry|
        # Search the DB for the entry's last change
-        if entry.lastrev && !entry.lastrev.scmid.blank?
-          changeset = changesets.find_by_scmid(entry.lastrev.scmid)
-        end
+        changeset = changesets.find_by_scmid(entry.lastrev.scmid) if entry.lastrev && !entry.lastrev.scmid.blank?
        if changeset
          entry.lastrev.identifier = changeset.revision
-          entry.lastrev.name       = changeset.revision
-          entry.lastrev.time       = changeset.committed_on
-          entry.lastrev.author     = changeset.committer
+          entry.lastrev.name = changeset.revision
+          entry.lastrev.time = changeset.committed_on
+          entry.lastrev.author = changeset.committer
        end
      end
    end
    entries
  end
-
+  
  def cat(path, identifier=nil)
    patch = identifier.nil? ? nil : changesets.find_by_revision(identifier.to_s)
    scm.cat(path, patch.nil? ? nil : patch.scmid)
  end
-
+  
  def diff(path, rev, rev_to)
    patch_from = changesets.find_by_revision(rev)
    return nil if patch_from.nil?
@@ -83,24 +65,25 @@ class Repository::Darcs < Repository
    end
    patch_from ? scm.diff(path, patch_from.scmid, patch_to ? patch_to.scmid : nil) : nil
  end
-
+  
  def fetch_changesets
    scm_info = scm.info
    if scm_info
      db_last_id = latest_changeset ? latest_changeset.scmid : nil
-      next_rev   = latest_changeset ? latest_changeset.revision.to_i + 1 : 1
+      next_rev = latest_changeset ? latest_changeset.revision.to_i + 1 : 1      
      # latest revision in the repository
-      scm_revision = scm_info.lastrev.scmid
+      scm_revision = scm_info.lastrev.scmid      
      unless changesets.find_by_scmid(scm_revision)
        revisions = scm.revisions('', db_last_id, nil, :with_path => true)
        transaction do
          revisions.reverse_each do |revision|
-            changeset = Changeset.create(:repository   => self,
-                                         :revision     => next_rev,
-                                         :scmid        => revision.scmid,
-                                         :committer    => revision.author,
+            changeset = Changeset.create(:repository => self,
+                                         :revision => next_rev,
+                                         :scmid => revision.scmid,
+                                         :committer => revision.author, 
                                         :committed_on => revision.time,
-                                         :comments     => revision.message)
+                                         :comments => revision.message)
+                                         
            revision.paths.each do |change|
              changeset.create_change(change)
            end
--- a/app/models/repository/filesystem.rb
+++ b/app/models/repository/filesystem.rb
@@ -1,5 +1,5 @@
-# Redmine - project management software
-# Copyright (C) 2006-2011  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006-2007  Jean-Philippe Lang
 #
 # FileSystem adapter
 # File written by Paul Rivier, at Demotera.
@@ -8,12 +8,12 @@
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
@@ -24,26 +24,14 @@ class Repository::Filesystem < Repository
  attr_protected :root_url
  validates_presence_of :url

-  def self.human_attribute_name(attribute_key_name)
-    attr_name = attribute_key_name
-    if attr_name == "url"
-      attr_name = "root_directory"
-    end
-    super(attr_name)
-  end
-
-  def self.scm_adapter_class
+  def scm_adapter
    Redmine::Scm::Adapters::FilesystemAdapter
  end
-
+  
  def self.scm_name
    'Filesystem'
  end
-
-  def supports_all_revisions?
-    false
-  end
-
+  
  def entries(path=nil, identifier=nil)
    scm.entries(path, identifier)
  end
@@ -51,4 +39,5 @@ class Repository::Filesystem < Repository
  def fetch_changesets
    nil
  end
+  
 end
--- a/app/models/repository/git.rb
+++ b/app/models/repository/git.rb
@@ -1,17 +1,16 @@
-# Redmine - project management software
-# Copyright (C) 2006-2011  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006-2007  Jean-Philippe Lang
 # Copyright (C) 2007  Patrick Aljord patcito@ŋmail.com
-#
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
@@ -22,51 +21,14 @@ class Repository::Git < Repository
  attr_protected :root_url
  validates_presence_of :url

-  def self.human_attribute_name(attribute_key_name)
-    attr_name = attribute_key_name
-    if attr_name == "url"
-      attr_name = "path_to_repository"
-    end
-    super(attr_name)
-  end
-
-  def self.scm_adapter_class
+  def scm_adapter
    Redmine::Scm::Adapters::GitAdapter
  end
-
+  
  def self.scm_name
    'Git'
  end

-  def report_last_commit
-    extra_report_last_commit
-  end
-
-  def extra_report_last_commit
-    return false if extra_info.nil?
-    v = extra_info["extra_report_last_commit"]
-    return false if v.nil?
-    v.to_s != '0'
-  end
-
-  def supports_directory_revisions?
-    true
-  end
-
-  def repo_log_encoding
-    'UTF-8'
-  end
-
-  # Returns the identifier for the given git changeset
-  def self.changeset_identifier(changeset)
-    changeset.scmid
-  end
-
-  # Returns the readable identifier for the given git changeset
-  def self.format_changeset_identifier(changeset)
-    changeset.revision[0, 8]
-  end
-
  def branches
    scm.branches
  end
@@ -75,114 +37,42 @@ class Repository::Git < Repository
    scm.tags
  end

-  def default_branch
-    scm.default_branch
-  end
-
-  def find_changeset_by_name(name)
-    return nil if name.nil? || name.empty?
-    e = changesets.find(:first, :conditions => ['revision = ?', name.to_s])
-    return e if e
-    changesets.find(:first, :conditions => ['scmid LIKE ?', "#{name}%"])
-  end
-
-  def entries(path=nil, identifier=nil)
-    scm.entries(path,
-                identifier,
-                options = {:report_last_commit => extra_report_last_commit})
-  end
-
-  # With SCMs that have a sequential commit numbering,
-  # such as Subversion and Mercurial,
-  # Redmine is able to be clever and only fetch changesets
-  # going forward from the most recent one it knows about.
-  # 
-  # However, Git does not have a sequential commit numbering.
-  #
-  # In order to fetch only new adding revisions,
-  # Redmine needs to parse revisions per branch.
-  # Branch "last_scmid" is for this requirement.
-  #
-  # In Git and Mercurial, revisions are not in date order.
-  # Redmine Mercurial fixed issues.
-  #    * Redmine Takes Too Long On Large Mercurial Repository
-  #      http://www.redmine.org/issues/3449
-  #    * Sorting for changesets might go wrong on Mercurial repos
-  #      http://www.redmine.org/issues/3567
-  #
-  # Database revision column is text, so Redmine can not sort by revision.
-  # Mercurial has revision number, and revision number guarantees revision order.
-  # Redmine Mercurial model stored revisions ordered by database id to database.
-  # So, Redmine Mercurial model can use correct ordering revisions.
-  #
-  # Redmine Mercurial adapter uses "hg log -r 0:tip --limit 10"
-  # to get limited revisions from old to new.
-  # But, Git 1.7.3.4 does not support --reverse with -n or --skip.
-  #
+  # With SCM's that have a sequential commit numbering, redmine is able to be
+  # clever and only fetch changesets going forward from the most recent one
+  # it knows about.  However, with git, you never know if people have merged
+  # commits into the middle of the repository history, so we should parse
+  # the entire log. Since it's way too slow for large repositories, we only
+  # parse 1 week before the last known commit.
  # The repository can still be fully reloaded by calling #clear_changesets
  # before fetching changesets (eg. for offline resync)
  def fetch_changesets
-    scm_brs = branches
-    return if scm_brs.nil? || scm_brs.empty?
-    h1 = extra_info || {}
-    h  = h1.dup
-    h["branches"]       ||= {}
-    h["db_consistent"]  ||= {}
-    if changesets.count == 0
-      h["db_consistent"]["ordering"] = 1
-      merge_extra_info(h)
-      self.save
-    elsif ! h["db_consistent"].has_key?("ordering")
-      h["db_consistent"]["ordering"] = 0
-      merge_extra_info(h)
-      self.save
-    end
-    scm_brs.each do |br|
-      from_scmid = nil
-      from_scmid = h["branches"][br]["last_scmid"] if h["branches"][br]
-      h["branches"][br] ||= {}
-      scm.revisions('', from_scmid, br, {:reverse => true}) do |rev|
-        db_rev = find_changeset_by_name(rev.revision)
-        transaction do
-          if db_rev.nil?
-            save_revision(rev)
-          end
-          h["branches"][br]["last_scmid"] = rev.scmid
-          merge_extra_info(h)
-          self.save
-        end
-      end
-    end
-  end
+    c = changesets.find(:first, :order => 'committed_on DESC')
+    since = (c ? c.committed_on - 7.days : nil)

-  def save_revision(rev)
-    changeset = Changeset.new(
-              :repository   => self,
-              :revision     => rev.identifier,
-              :scmid        => rev.scmid,
-              :committer    => rev.author,
-              :committed_on => rev.time,
-              :comments     => rev.message
-              )
-    if changeset.save
-      rev.paths.each do |file|
-        Change.create(
-                  :changeset => changeset,
-                  :action    => file[:action],
-                  :path      => file[:path])
-      end
-    end
+    revisions = scm.revisions('', nil, nil, :all => true, :since => since)
+    return if revisions.nil? || revisions.empty?
+
+    recent_changesets = changesets.find(:all, :conditions => ['committed_on >= ?', since])
+
+    # Clean out revisions that are no longer in git
+    recent_changesets.each {|c| c.destroy unless revisions.detect {|r| r.scmid.to_s == c.scmid.to_s }}
+
+    # Subtract revisions that redmine already knows about
+    recent_revisions = recent_changesets.map{|c| c.scmid}
+    revisions.reject!{|r| recent_revisions.include?(r.scmid)}
+
+    # Save the remaining ones to the database
+    revisions.each{|r| r.save(self)} unless revisions.nil?
  end
-  private :save_revision

  def latest_changesets(path,rev,limit=10)
    revisions = scm.revisions(path, nil, rev, :limit => limit, :all => false)
    return [] if revisions.nil? || revisions.empty?

    changesets.find(
-      :all,
+      :all, 
      :conditions => [
-        "scmid IN (?)",
+        "scmid IN (?)", 
        revisions.map!{|c| c.scmid}
      ],
      :order => 'committed_on DESC'
--- a/app/models/repository/mercurial.rb
+++ b/app/models/repository/mercurial.rb
@@ -1,16 +1,16 @@
-# Redmine - project management software
-# Copyright (C) 2006-2011  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006-2007  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
@@ -18,130 +18,73 @@
 require 'redmine/scm/adapters/mercurial_adapter'

 class Repository::Mercurial < Repository
-  # sort changesets by revision number
-  has_many :changesets, :order => "#{Changeset.table_name}.id DESC", :foreign_key => 'repository_id'
-
  attr_protected :root_url
  validates_presence_of :url

-  FETCH_AT_ONCE = 100  # number of changesets to fetch at once
-
-  def self.human_attribute_name(attribute_key_name)
-    attr_name = attribute_key_name
-    if attr_name == "url"
-      attr_name = "path_to_repository"
-    end
-    super(attr_name)
-  end
-
-  def self.scm_adapter_class
+  def scm_adapter
    Redmine::Scm::Adapters::MercurialAdapter
  end
-
+  
  def self.scm_name
    'Mercurial'
  end
-
-  def supports_directory_revisions?
-    true
-  end
-
-  def repo_log_encoding
-    'UTF-8'
-  end
-
-  # Returns the readable identifier for the given mercurial changeset
-  def self.format_changeset_identifier(changeset)
-    "#{changeset.revision}:#{changeset.scmid}"
-  end
-
-  # Returns the identifier for the given Mercurial changeset
-  def self.changeset_identifier(changeset)
-    changeset.scmid
-  end
-
-  def diff_format_revisions(cs, cs_to, sep=':')
-    super(cs, cs_to, ' ')
-  end
-
-  # Finds and returns a revision with a number or the beginning of a hash
-  def find_changeset_by_name(name)
-    return nil if name.nil? || name.empty?
-    if /[^\d]/ =~ name or name.to_s.size > 8
-      e = changesets.find(:first, :conditions => ['scmid = ?', name.to_s])
-    else
-      e = changesets.find(:first, :conditions => ['revision = ?', name.to_s])
-    end
-    return e if e
-    changesets.find(:first, :conditions => ['scmid LIKE ?', "#{name}%"])  # last ditch
-  end
-
-  # Returns the latest changesets for +path+; sorted by revision number
-  #
-  # Because :order => 'id DESC' is defined at 'has_many',
-  # there is no need to set 'order'.
-  # But, MySQL test fails.
-  # Sqlite3 and PostgreSQL pass.
-  # Is this MySQL bug?
-  def latest_changesets(path, rev, limit=10)
-    changesets.find(:all, :include => :user,
-                    :conditions => latest_changesets_cond(path, rev, limit),
-                    :limit => limit, :order => "#{Changeset.table_name}.id DESC")
-  end
-
-  def latest_changesets_cond(path, rev, limit)
-    cond, args = [], []
-    if scm.branchmap.member? rev
-      # Mercurial named branch is *stable* in each revision.
-      # So, named branch can be stored in database.
-      # Mercurial provides *bookmark* which is equivalent with git branch.
-      # But, bookmark is not implemented.
-      cond << "#{Changeset.table_name}.scmid IN (?)"
-      # Revisions in root directory and sub directory are not equal.
-      # So, in order to get correct limit, we need to get all revisions.
-      # But, it is very heavy.
-      # Mercurial does not treat direcotry.
-      # So, "hg log DIR" is very heavy.
-      branch_limit = path.blank? ? limit : ( limit * 5 )
-      args << scm.nodes_in_branch(rev, :limit => branch_limit)
-    elsif last = rev ? find_changeset_by_name(scm.tagmap[rev] || rev) : nil
-      cond << "#{Changeset.table_name}.id <= ?"
-      args << last.id
-    end
-
-    unless path.blank?
-      cond << "EXISTS (SELECT * FROM #{Change.table_name}
-                 WHERE #{Change.table_name}.changeset_id = #{Changeset.table_name}.id
-                 AND (#{Change.table_name}.path = ?
-                       OR #{Change.table_name}.path LIKE ? ESCAPE ?))"
-      args << path.with_leading_slash
-      args << "#{path.with_leading_slash.gsub(/[%_\\]/) { |s| "\\#{s}" }}/%" << '\\'
-    end
-
-    [cond.join(' AND '), *args] unless cond.empty?
-  end
-  private :latest_changesets_cond
-
-  def fetch_changesets
-    return if scm.info.nil?
-    scm_rev = scm.info.lastrev.revision.to_i
-    db_rev = latest_changeset ? latest_changeset.revision.to_i : -1
-    return unless db_rev < scm_rev  # already up-to-date
-
-    logger.debug "Fetching changesets for repository #{url}" if logger
-    (db_rev + 1).step(scm_rev, FETCH_AT_ONCE) do |i|
-      transaction do
-        scm.each_revision('', i, [i + FETCH_AT_ONCE - 1, scm_rev].min) do |re|
-          cs = Changeset.create(:repository => self,
-                                :revision => re.revision,
-                                :scmid => re.scmid,
-                                :committer => re.author,
-                                :committed_on => re.time,
-                                :comments => re.message)
-          re.paths.each { |e| cs.create_change(e) }
+  
+  def entries(path=nil, identifier=nil)
+    entries=scm.entries(path, identifier)
+    if entries
+      entries.each do |entry|
+        next unless entry.is_file?
+        # Set the filesize unless browsing a specific revision
+        if identifier.nil?
+          full_path = File.join(root_url, entry.path)
+          entry.size = File.stat(full_path).size if File.file?(full_path)
+        end
+        # Search the DB for the entry's last change
+        change = changes.find(:first, :conditions => ["path = ?", scm.with_leading_slash(entry.path)], :order => "#{Changeset.table_name}.committed_on DESC")
+        if change
+          entry.lastrev.identifier = change.changeset.revision
+          entry.lastrev.name = change.changeset.revision
+          entry.lastrev.author = change.changeset.committer
+          entry.lastrev.revision = change.revision
+        end
+      end
+    end
+    entries
+  end
+
+  def fetch_changesets
+    scm_info = scm.info
+    if scm_info
+      # latest revision found in database
+      db_revision = latest_changeset ? latest_changeset.revision.to_i : -1
+      # latest revision in the repository
+      latest_revision = scm_info.lastrev
+      return if latest_revision.nil?
+      scm_revision = latest_revision.identifier.to_i
+      if db_revision < scm_revision
+        logger.debug "Fetching changesets for repository #{url}" if logger && logger.debug?
+        identifier_from = db_revision + 1
+        while (identifier_from <= scm_revision)
+          # loads changesets by batches of 100
+          identifier_to = [identifier_from + 99, scm_revision].min
+          revisions = scm.revisions('', identifier_from, identifier_to, :with_paths => true)
+          transaction do
+            revisions.each do |revision|
+              changeset = Changeset.create(:repository => self,
+                                           :revision => revision.identifier,
+                                           :scmid => revision.scmid,
+                                           :committer => revision.author, 
+                                           :committed_on => revision.time,
+                                           :comments => revision.message)
+              
+              revision.paths.each do |change|
+                changeset.create_change(change)
+              end
+            end
+          end unless revisions.nil?
+          identifier_from = identifier_to + 1
        end
      end
    end
-    self
  end
 end
--- a/app/models/repository/subversion.rb
+++ b/app/models/repository/subversion.rb
@@ -1,16 +1,16 @@
-# Redmine - project management software
-# Copyright (C) 2006-2011  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006-2007  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
@@ -22,32 +22,24 @@ class Repository::Subversion < Repository
  validates_presence_of :url
  validates_format_of :url, :with => /^(http|https|svn(\+[^\s:\/\\]+)?|file):\/\/.+/i

-  def self.scm_adapter_class
+  def scm_adapter
    Redmine::Scm::Adapters::SubversionAdapter
  end
-
+  
  def self.scm_name
    'Subversion'
  end

-  def supports_directory_revisions?
-    true
-  end
-
-  def repo_log_encoding
-    'UTF-8'
-  end
-
  def latest_changesets(path, rev, limit=10)
    revisions = scm.revisions(path, rev, nil, :limit => limit)
    revisions ? changesets.find_all_by_revision(revisions.collect(&:identifier), :order => "committed_on DESC", :include => :user) : []
  end
-
+  
  # Returns a path relative to the url of the repository
  def relative_path(path)
    path.gsub(Regexp.new("^\/?#{Regexp.escape(relative_url)}"), '')
  end
-
+  
  def fetch_changesets
    scm_info = scm.info
    if scm_info
@@ -64,12 +56,12 @@ class Repository::Subversion < Repository
          revisions = scm.revisions('', identifier_to, identifier_from, :with_paths => true)
          revisions.reverse_each do |revision|
            transaction do
-              changeset = Changeset.create(:repository   => self,
-                                           :revision     => revision.identifier,
-                                           :committer    => revision.author,
+              changeset = Changeset.create(:repository => self,
+                                           :revision => revision.identifier, 
+                                           :committer => revision.author, 
                                           :committed_on => revision.time,
-                                           :comments     => revision.message)
-
+                                           :comments => revision.message)
+              
              revision.paths.each do |change|
                changeset.create_change(change)
              end unless changeset.new_record?
@@ -80,9 +72,9 @@ class Repository::Subversion < Repository
      end
    end
  end
-
+  
  private
-
+  
  # Returns the relative url of the repository
  # Eg: root_url = file:///var/svn/foo
  #     url      = file:///var/svn/foo/bar
--- a/app/models/role.rb
+++ b/app/models/role.rb
@@ -1,5 +1,5 @@
-# Redmine - project management software
-# Copyright (C) 2006-2011  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -19,12 +19,6 @@ class Role < ActiveRecord::Base
  # Built-in roles
  BUILTIN_NON_MEMBER = 1
  BUILTIN_ANONYMOUS  = 2
-  
-  ISSUES_VISIBILITY_OPTIONS = [
-    ['all', :label_issues_visibility_all],
-    ['default', :label_issues_visibility_public],
-    ['own', :label_issues_visibility_own]
-  ]

  named_scope :givable, { :conditions => "builtin = 0", :order => 'position' }
  named_scope :builtin, lambda { |*args|
@@ -49,10 +43,8 @@ class Role < ActiveRecord::Base
  validates_presence_of :name
  validates_uniqueness_of :name
  validates_length_of :name, :maximum => 30
-  validates_inclusion_of :issues_visibility,
-    :in => ISSUES_VISIBILITY_OPTIONS.collect(&:first),
-    :if => lambda {|role| role.respond_to?(:issues_visibility)}
-  
+  validates_format_of :name, :with => /^[\w\s\'\-]*$/i
+
  def permissions
    read_attribute(:permissions) || []
  end
@@ -93,14 +85,6 @@ class Role < ActiveRecord::Base
    name
  end
  
-  def name
-    case builtin
-    when 1; l(:label_role_non_member, :default => read_attribute(:name))
-    when 2; l(:label_role_anonymous,  :default => read_attribute(:name))
-    else; read_attribute(:name)
-    end
-  end
-  
  # Return true if the role is a builtin role
  def builtin?
    self.builtin != 0
--- a/app/models/setting.rb
+++ b/app/models/setting.rb
@@ -1,16 +1,16 @@
-# Redmine - project management software
-# Copyright (C) 2006-2011  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006-2007  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
@@ -28,12 +28,12 @@ class Setting < ActiveRecord::Base
 	'%b %d, %Y',
 	'%B %d, %Y'
    ]
-
+    
  TIME_FORMATS = [
    '%H:%M',
    '%I:%M %p'
    ]
-
+    
  ENCODINGS = %w(US-ASCII
                  windows-1250
                  windows-1251
@@ -65,7 +65,6 @@ class Setting < ActiveRecord::Base
                  UTF-16LE
                  EUC-JP
                  Shift_JIS
-                  CP932
                  GB18030
                  GBK
                  ISCII91
@@ -73,22 +72,22 @@ class Setting < ActiveRecord::Base
                  Big5
                  Big5-HKSCS
                  TIS-620)
-
+  
  cattr_accessor :available_settings
  @@available_settings = YAML::load(File.open("#{RAILS_ROOT}/config/settings.yml"))
  Redmine::Plugin.all.each do |plugin|
    next unless plugin.settings
-    @@available_settings["plugin_#{plugin.id}"] = {'default' => plugin.settings[:default], 'serialized' => true}
+    @@available_settings["plugin_#{plugin.id}"] = {'default' => plugin.settings[:default], 'serialized' => true}    
  end
-
+  
  validates_uniqueness_of :name
  validates_inclusion_of :name, :in => @@available_settings.keys
-  validates_numericality_of :value, :only_integer => true, :if => Proc.new { |setting| @@available_settings[setting.name]['format'] == 'int' }
+  validates_numericality_of :value, :only_integer => true, :if => Proc.new { |setting| @@available_settings[setting.name]['format'] == 'int' }  

  # Hash used to cache setting values
  @cached_settings = {}
  @cached_cleared_on = Time.now
-
+  
  def value
    v = read_attribute(:value)
    # Unserialize serialized settings
@@ -96,18 +95,18 @@ class Setting < ActiveRecord::Base
    v = v.to_sym if @@available_settings[name]['format'] == 'symbol' && !v.blank?
    v
  end
-
+  
  def value=(v)
    v = v.to_yaml if v && @@available_settings[name] && @@available_settings[name]['serialized']
    write_attribute(:value, v.to_s)
  end
-
+  
  # Returns the value of the setting named name
  def self.[](name)
    v = @cached_settings[name]
    v ? v : (@cached_settings[name] = find_or_default(name).value)
  end
-
+  
  def self.[]=(name, v)
    setting = find_or_default(name)
    setting.value = (v ? v : "")
@@ -115,7 +114,7 @@ class Setting < ActiveRecord::Base
    setting.save
    setting.value
  end
-
+  
  # Defines getter and setter for each setting
  # Then setting values can be read using: Setting.some_setting_name
  # or set using Setting.some_setting_name = "some value"
@@ -135,16 +134,16 @@ class Setting < ActiveRecord::Base
    END_SRC
    class_eval src, __FILE__, __LINE__
  end
-
+  
  # Helper that returns an array based on per_page_options setting
  def self.per_page_options_array
    per_page_options.split(%r{[\s,]}).collect(&:to_i).select {|n| n > 0}.sort
  end
-
+  
  def self.openid?
    Object.const_defined?(:OpenID) && self[:openid].to_i > 0
  end
-
+  
  # Checks if settings have changed since the values were read
  # and clears the cache hash if it's the case
  # Called once per request
@@ -156,13 +155,13 @@ class Setting < ActiveRecord::Base
      logger.info "Settings cache cleared." if logger
    end
  end
-
+  
 private
  # Returns the Setting instance for the setting named name
  # (record found in database or new record with default value)
  def self.find_or_default(name)
    name = name.to_s
-    raise "There's no setting named #{name}" unless @@available_settings.has_key?(name)
+    raise "There's no setting named #{name}" unless @@available_settings.has_key?(name)    
    setting = find_by_name(name)
    setting ||= new(:name => name, :value => @@available_settings[name]['default']) if @@available_settings.has_key? name
  end
--- a/app/models/time_entry.rb
+++ b/app/models/time_entry.rb
@@ -1,16 +1,16 @@
-# Redmine - project management software
-# Copyright (C) 2006-2011  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006-2008  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
@@ -22,28 +22,23 @@ class TimeEntry < ActiveRecord::Base
  belongs_to :issue
  belongs_to :user
  belongs_to :activity, :class_name => 'TimeEntryActivity', :foreign_key => 'activity_id'
-
+  
  attr_protected :project_id, :user_id, :tyear, :tmonth, :tweek

  acts_as_customizable
  acts_as_event :title => Proc.new {|o| "#{l_hours(o.hours)} (#{(o.issue || o.project).event_title})"},
-                :url => Proc.new {|o| {:controller => 'timelog', :action => 'index', :project_id => o.project, :issue_id => o.issue}},
+                :url => Proc.new {|o| {:controller => 'timelog', :action => 'details', :project_id => o.project, :issue_id => o.issue}},
                :author => :user,
                :description => :comments

  acts_as_activity_provider :timestamp => "#{table_name}.created_on",
                            :author_key => :user_id,
-                            :find_options => {:include => :project}
+                            :find_options => {:include => :project} 

  validates_presence_of :user_id, :activity_id, :project_id, :hours, :spent_on
  validates_numericality_of :hours, :allow_nil => true, :message => :invalid
  validates_length_of :comments, :maximum => 255, :allow_nil => true

-  named_scope :visible, lambda {|*args| {
-    :include => :project,
-    :conditions => Project.allowed_to_condition(args.shift || User.current, :view_time_entries, *args)
-  }}
-
  def after_initialize
    if new_record? && self.activity.nil?
      if default_activity = TimeEntryActivity.default
@@ -52,41 +47,36 @@ class TimeEntry < ActiveRecord::Base
      self.hours = nil if hours == 0
    end
  end
-
+  
  def before_validation
    self.project = issue.project if issue && project.nil?
  end
-
+  
  def validate
    errors.add :hours, :invalid if hours && (hours < 0 || hours >= 1000)
    errors.add :project_id, :invalid if project.nil?
    errors.add :issue_id, :invalid if (issue_id && !issue) || (issue && project!=issue.project)
  end
-
+  
  def hours=(h)
    write_attribute :hours, (h.is_a?(String) ? (h.to_hours || h) : h)
  end
-
+  
  # tyear, tmonth, tweek assigned where setting spent_on attributes
  # these attributes make time aggregations easier
  def spent_on=(date)
    super
-    if spent_on.is_a?(Time)
-      self.spent_on = spent_on.to_date
-    end
    self.tyear = spent_on ? spent_on.year : nil
    self.tmonth = spent_on ? spent_on.month : nil
    self.tweek = spent_on ? Date.civil(spent_on.year, spent_on.month, spent_on.day).cweek : nil
  end
-
+  
  # Returns true if the time entry can be edited by usr, otherwise false
  def editable_by?(usr)
    (usr == user && usr.allowed_to?(:edit_own_time_entries, project)) || usr.allowed_to?(:edit_time_entries, project)
  end
-
-  # TODO: remove this method in 1.3.0
+  
  def self.visible_by(usr)
-    ActiveSupport::Deprecation.warn "TimeEntry.visible_by is deprecated and will be removed in Redmine 1.3.0. Use the visible scope instead."
    with_scope(:find => { :conditions => Project.allowed_to_condition(usr, :view_time_entries) }) do
      yield
    end
--- a/app/models/tracker.rb
+++ b/app/models/tracker.rb
@@ -31,9 +31,8 @@ class Tracker < ActiveRecord::Base
  validates_presence_of :name
  validates_uniqueness_of :name
  validates_length_of :name, :maximum => 30
+  validates_format_of :name, :with => /^[\w\s\'\-]*$/i

-  named_scope :named, lambda {|arg| { :conditions => ["LOWER(#{table_name}.name) = LOWER(?)", arg.to_s.strip]}}
-  
  def to_s; name end
  
  def <=>(tracker)
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -1,5 +1,5 @@
 # Redmine - project management software
-# Copyright (C) 2006-2011  Jean-Philippe Lang
+# Copyright (C) 2006-2009  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -18,8 +18,7 @@
 require "digest/sha1"

 class User < Principal
-  include Redmine::SafeAttributes
-  
+
  # Account statuses
  STATUS_ANONYMOUS  = 0
  STATUS_ACTIVE     = 1
@@ -34,22 +33,13 @@ class User < Principal
    :username => '#{login}'
  }

-  MAIL_NOTIFICATION_OPTIONS = [
-    ['all', :label_user_mail_option_all],
-    ['selected', :label_user_mail_option_selected],
-    ['only_my_events', :label_user_mail_option_only_my_events],
-    ['only_assigned', :label_user_mail_option_only_assigned],
-    ['only_owner', :label_user_mail_option_only_owner],
-    ['none', :label_user_mail_option_none]
-  ]
-
  has_and_belongs_to_many :groups, :after_add => Proc.new {|user, group| group.user_added(user)},
                                   :after_remove => Proc.new {|user, group| group.user_removed(user)}
  has_many :issue_categories, :foreign_key => 'assigned_to_id', :dependent => :nullify
  has_many :changesets, :dependent => :nullify
  has_one :preference, :dependent => :destroy, :class_name => 'UserPreference'
-  has_one :rss_token, :class_name => 'Token', :conditions => "action='feeds'"
-  has_one :api_token, :class_name => 'Token', :conditions => "action='api'"
+  has_one :rss_token, :dependent => :destroy, :class_name => 'Token', :conditions => "action='feeds'"
+  has_one :api_token, :dependent => :destroy, :class_name => 'Token', :conditions => "action='api'"
  belongs_to :auth_source
  
  # Active non-anonymous users scope
@@ -60,7 +50,7 @@ class User < Principal
  attr_accessor :password, :password_confirmation
  attr_accessor :last_before_login_on
  # Prevents unauthorized assignments
-  attr_protected :login, :admin, :password, :password_confirmation, :hashed_password
+  attr_protected :login, :admin, :password, :password_confirmation, :hashed_password, :group_ids
 	
  validates_presence_of :login, :firstname, :lastname, :mail, :if => Proc.new { |user| !user.is_a?(AnonymousUser) }
  validates_uniqueness_of :login, :if => Proc.new { |user| !user.login.blank? }, :case_sensitive => false
@@ -68,38 +58,24 @@ class User < Principal
  # Login must contain lettres, numbers, underscores only
  validates_format_of :login, :with => /^[a-z0-9_\-@\.]*$/i
  validates_length_of :login, :maximum => 30
+  validates_format_of :firstname, :lastname, :with => /^[\w\s\'\-\.]*$/i
  validates_length_of :firstname, :lastname, :maximum => 30
  validates_format_of :mail, :with => /^([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})$/i, :allow_nil => true
  validates_length_of :mail, :maximum => 60, :allow_nil => true
  validates_confirmation_of :password, :allow_nil => true
-  validates_inclusion_of :mail_notification, :in => MAIL_NOTIFICATION_OPTIONS.collect(&:first), :allow_blank => true

-  before_destroy :remove_references_before_destroy
-  
-  named_scope :in_group, lambda {|group|
-    group_id = group.is_a?(Group) ? group.id : group.to_i
-    { :conditions => ["#{User.table_name}.id IN (SELECT gu.user_id FROM #{table_name_prefix}groups_users#{table_name_suffix} gu WHERE gu.group_id = ?)", group_id] }
-  }
-  named_scope :not_in_group, lambda {|group|
-    group_id = group.is_a?(Group) ? group.id : group.to_i
-    { :conditions => ["#{User.table_name}.id NOT IN (SELECT gu.user_id FROM #{table_name_prefix}groups_users#{table_name_suffix} gu WHERE gu.group_id = ?)", group_id] }
-  }
-  
  def before_create
-    self.mail_notification = Setting.default_notification_option if self.mail_notification.blank?
+    self.mail_notification = false
    true
  end
  
  def before_save
    # update hashed_password if password was set
-    if self.password && self.auth_source_id.blank?
-      salt_password(password)
-    end
+    self.hashed_password = User.hash_password(self.password) if self.password && self.auth_source_id.blank?
  end
  
  def reload(*args)
    @name = nil
-    @projects_by_role = nil
    super
  end
  
@@ -133,7 +109,7 @@ class User < Principal
        return nil unless user.auth_source.authenticate(login, password)
      else
        # authentication with local password
-        return nil unless user.check_password?(password)
+        return nil unless User.hash_password(password) == user.hashed_password        
      end
    else
      # user is not yet registered, try to authenticate with available sources
@@ -212,21 +188,13 @@ class User < Principal
    update_attribute(:status, STATUS_LOCKED)
  end

-  # Returns true if +clear_password+ is the correct user's password, otherwise false
  def check_password?(clear_password)
    if auth_source_id.present?
      auth_source.authenticate(self.login, clear_password)
    else
-      User.hash_password("#{salt}#{User.hash_password clear_password}") == hashed_password
+      User.hash_password(clear_password) == self.hashed_password
    end
  end
-  
-  # Generates a random salt and computes hashed_password for +clear_password+
-  # The hashed password is stored in the following form: SHA1(salt + SHA1(password))
-  def salt_password(clear_password)
-    self.salt = User.generate_salt
-    self.hashed_password = User.hash_password("#{salt}#{User.hash_password clear_password}")
-  end

  # Does the backend storage allow this user to change their password?
  def change_password_allowed?
@@ -282,21 +250,6 @@ class User < Principal
    notified_projects_ids
  end

-  def valid_notification_options
-    self.class.valid_notification_options(self)
-  end
-
-  # Only users that belong to more than 1 project can select projects for which they are notified
-  def self.valid_notification_options(user=nil)
-    # Note that @user.membership.size would fail since AR ignores
-    # :include association option when doing a count
-    if user.nil? || user.memberships.length < 1
-      MAIL_NOTIFICATION_OPTIONS.reject {|option| option.first == 'selected'}
-    else
-      MAIL_NOTIFICATION_OPTIONS
-    end
-  end
-
  # Find a user account by matching the exact login and then a case-insensitive
  # version.  Exact matches will be given priority.
  def self.find_by_login(login)
@@ -371,66 +324,30 @@ class User < Principal
    !roles_for_project(project).detect {|role| role.member?}.nil?
  end
  
-  # Returns a hash of user's projects grouped by roles
-  def projects_by_role
-    return @projects_by_role if @projects_by_role
-    
-    @projects_by_role = Hash.new {|h,k| h[k]=[]}
-    memberships.each do |membership|
-      membership.roles.each do |role|
-        @projects_by_role[role] << membership.project if membership.project
-      end
-    end
-    @projects_by_role.each do |role, projects|
-      projects.uniq!
-    end
-  
-    @projects_by_role
-  end
-  
-  # Return true if the user is allowed to do the specified action on a specific context
-  # Action can be:
+  # Return true if the user is allowed to do the specified action on project
+  # action can be:
  # * a parameter-like Hash (eg. :controller => 'projects', :action => 'edit')
  # * a permission Symbol (eg. :edit_project)
-  # Context can be:
-  # * a project : returns true if user is allowed to do the specified action on this project
-  # * an array of projects : returns true if user is allowed on every project
-  # * nil with options[:global] set : check if user has at least one role allowed for this action, 
-  #   or falls back to Non Member / Anonymous permissions depending if the user is logged
-  def allowed_to?(action, context, options={}, &block)
-    if context && context.is_a?(Project)
+  def allowed_to?(action, project, options={})
+    if project
      # No action allowed on archived projects
-      return false unless context.active?
+      return false unless project.active?
      # No action allowed on disabled modules
-      return false unless context.allows_to?(action)
+      return false unless project.allows_to?(action)
      # Admin users are authorized for anything else
      return true if admin?
      
-      roles = roles_for_project(context)
+      roles = roles_for_project(project)
      return false unless roles
-      roles.detect {|role|
-        (context.is_public? || role.member?) &&
-        role.allowed_to?(action) &&
-        (block_given? ? yield(role, self) : true)
-      }
-    elsif context && context.is_a?(Array)
-      # Authorize if user is authorized on every element of the array
-      context.map do |project|
-        allowed_to?(action, project, options, &block)
-      end.inject do |memo,allowed|
-        memo && allowed
-      end
+      roles.detect {|role| (project.is_public? || role.member?) && role.allowed_to?(action)}
+      
    elsif options[:global]
      # Admin users are always authorized
      return true if admin?
      
      # authorize if user has at least one role that has this permission
      roles = memberships.collect {|m| m.roles}.flatten.uniq
-      roles << (self.logged? ? Role.non_member : Role.anonymous)
-      roles.detect {|role|
-        role.allowed_to?(action) &&
-        (block_given? ? yield(role, self) : true)
-      }
+      roles.detect {|r| r.allowed_to?(action)} || (self.logged? ? Role.non_member.allowed_to?(action) : Role.anonymous.allowed_to?(action))
    else
      false
    end
@@ -438,65 +355,8 @@ class User < Principal

  # Is the user allowed to do the specified action on any project?
  # See allowed_to? for the actions and valid options.
-  def allowed_to_globally?(action, options, &block)
-    allowed_to?(action, nil, options.reverse_merge(:global => true), &block)
-  end
-
-  safe_attributes 'login',
-    'firstname',
-    'lastname',
-    'mail',
-    'mail_notification',
-    'language',
-    'custom_field_values',
-    'custom_fields',
-    'identity_url'
-  
-  safe_attributes 'status',
-    'auth_source_id',
-    :if => lambda {|user, current_user| current_user.admin?}
-  
-  safe_attributes 'group_ids',
-    :if => lambda {|user, current_user| current_user.admin? && !user.new_record?}
-  
-  # Utility method to help check if a user should be notified about an
-  # event.
-  #
-  # TODO: only supports Issue events currently
-  def notify_about?(object)
-    case mail_notification
-    when 'all'
-      true
-    when 'selected'
-      # user receives notifications for created/assigned issues on unselected projects
-      if object.is_a?(Issue) && (object.author == self || object.assigned_to == self)
-        true
-      else
-        false
-      end
-    when 'none'
-      false
-    when 'only_my_events'
-      if object.is_a?(Issue) && (object.author == self || object.assigned_to == self)
-        true
-      else
-        false
-      end
-    when 'only_assigned'
-      if object.is_a?(Issue) && object.assigned_to == self
-        true
-      else
-        false
-      end
-    when 'only_owner'
-      if object.is_a?(Issue) && object.author == self
-        true
-      else
-        false
-      end
-    else
-      false
-    end
+  def allowed_to_globally?(action, options)
+    allowed_to?(action, nil, options.reverse_merge(:global => true))
  end
  
  def self.current=(user)
@@ -517,20 +377,6 @@ class User < Principal
    end
    anonymous_user
  end
-
-  # Salts all existing unsalted passwords
-  # It changes password storage scheme from SHA1(password) to SHA1(salt + SHA1(password))
-  # This method is used in the SaltPasswords migration and is to be kept as is
-  def self.salt_unsalted_passwords!
-    transaction do
-      User.find_each(:conditions => "salt IS NULL OR salt = ''") do |user|
-        next if user.hashed_password.blank?
-        salt = User.generate_salt
-        hashed_password = User.hash_password("#{salt}#{user.hashed_password}")
-        User.update_all("salt = '#{salt}', hashed_password = '#{hashed_password}'", ["id = ?", user.id] )
-      end
-    end
-  end
  
  protected
  
@@ -542,42 +388,11 @@ class User < Principal
  end
  
  private
-  
-  # Removes references that are not handled by associations
-  # Things that are not deleted are reassociated with the anonymous user
-  def remove_references_before_destroy
-    return if self.id.nil?
-    
-    substitute = User.anonymous
-    Attachment.update_all ['author_id = ?', substitute.id], ['author_id = ?', id]
-    Comment.update_all ['author_id = ?', substitute.id], ['author_id = ?', id]
-    Issue.update_all ['author_id = ?', substitute.id], ['author_id = ?', id]
-    Issue.update_all 'assigned_to_id = NULL', ['assigned_to_id = ?', id]
-    Journal.update_all ['user_id = ?', substitute.id], ['user_id = ?', id]
-    JournalDetail.update_all ['old_value = ?', substitute.id.to_s], ["property = 'attr' AND prop_key = 'assigned_to_id' AND old_value = ?", id.to_s]
-    JournalDetail.update_all ['value = ?', substitute.id.to_s], ["property = 'attr' AND prop_key = 'assigned_to_id' AND value = ?", id.to_s]
-    Message.update_all ['author_id = ?', substitute.id], ['author_id = ?', id]
-    News.update_all ['author_id = ?', substitute.id], ['author_id = ?', id]
-    # Remove private queries and keep public ones
-    Query.delete_all ['user_id = ? AND is_public = ?', id, false]
-    Query.update_all ['user_id = ?', substitute.id], ['user_id = ?', id]
-    TimeEntry.update_all ['user_id = ?', substitute.id], ['user_id = ?', id]
-    Token.delete_all ['user_id = ?', id]
-    Watcher.delete_all ['user_id = ?', id]
-    WikiContent.update_all ['author_id = ?', substitute.id], ['author_id = ?', id]
-    WikiContent::Version.update_all ['author_id = ?', substitute.id], ['author_id = ?', id]
-  end
    
  # Return password digest
  def self.hash_password(clear_password)
    Digest::SHA1.hexdigest(clear_password || "")
  end
-  
-  # Returns a 128bits random salt as a hex string (32 chars long)
-  def self.generate_salt
-    ActiveSupport::SecureRandom.hex(16)
-  end
-  
 end

 class AnonymousUser < User
@@ -598,9 +413,4 @@ class AnonymousUser < User
  def mail; nil end
  def time_zone; nil end
  def rss_key; nil end
-  
-  # Anonymous user can not be destroyed
-  def destroy
-    false
-  end
 end
--- a/Show More
+++ b/Show More