Index: PATCH
===================================================================
--- PATCH (revision 0)
+++ PATCH (revision 0)
@@ -0,0 +1,17 @@
+Patch for Railfrog README
+
+This PATCH is submitted under the same license agreement as the rest of eXPlainPMT.
+
+Purpose: This patch is to add in a guest account to eXPlainPMT that will allow read-only access.
+
+Summary:
+This PATCH adds a new method (require_user_privileges) that is now called on from all the controllers as a :before_filter. This will allow read-only access to the majority of the system. Due to the lack of time and the fact this patch is an "ugly hack" there are not functional/unit tests for this, though not tests were harmed in the making of this patch.... ok well maybe one but he was a jerk anyways.
+
+Installation:
+0. Make sure you are running eXPlainPMT ver 1.3.3
+1. First make a backup of your database and files just in case.
+2. Apply the patch to the source while in the root directory (the RAILS_ROOT, where you see directories like "app", "db", and "public"
+3. Run the new sql file (db/patch.sql). All this does is alter the users table to allow a guest flag and add in a user 'guest'. You may use any MySQL administrative program to to the same goal.
+4. Startup your webserver and test that you can login as an admin/user/guest. As a guest make sure you cannot ADD/CREATE/DESTROY/MODIFTY anything in the system.
+
+Coded, Written, and Crafted by Eric Davis edavis10 (at) gmail (dot) com
Index: app/controllers/application.rb
===================================================================
--- app/controllers/application.rb (revision 12)
+++ app/controllers/application.rb (working copy)
@@ -77,7 +77,19 @@
return false
end
end
+
+ # This method is the same as the last one, but it checks to make sure the
+ # guest flag is not set in the Database. ED
+ def require_user_privileges
+ unless not @session[:current_user].guest?
+ flash[:error] = "You must be logged in as a user to perform " +
+ "the requested action."
+ redirect_to :controller => 'error', :action => 'index'
+ return false
+ end
+ end
+
# Used as a before_filter to ensure that the currently logged in user is
# allowed to access the current project by determining whether he is an
# administrator or if he is on the project team.
Index: app/controllers/iterations_controller.rb
===================================================================
--- app/controllers/iterations_controller.rb (revision 12)
+++ app/controllers/iterations_controller.rb (working copy)
@@ -22,6 +22,7 @@
before_filter :require_current_project
popups :new, :create, :edit, :update, :select_stories, :assign_stories
+ before_filter :require_user_privileges, :except => [:index, :show]
# If the project has no iterations, displays a page with a message to that
# effect. Otherwise, tries to find either (in order of preference) a current
Index: app/controllers/users_controller.rb
===================================================================
--- app/controllers/users_controller.rb (revision 12)
+++ app/controllers/users_controller.rb (working copy)
@@ -21,6 +21,8 @@
before_filter :require_admin_privileges, :except => [:index, :project]
popups :new, :create, :edit, :update
+ before_filter :require_user_privileges, :except => [:index]
+
# If the 'project_id' request parameter is set, this will display the
# project's team members. Otherwise, it shows all users on the system.
def index
Index: app/controllers/milestones_controller.rb
===================================================================
--- app/controllers/milestones_controller.rb (revision 12)
+++ app/controllers/milestones_controller.rb (working copy)
@@ -21,6 +21,7 @@
before_filter :require_current_project, :except => [:milestones_calendar]
popups :new, :create, :show, :edit, :update
+ before_filter :require_user_privileges, :except => [:index, :show, :list, :milestones_calendar]
# Lists the milestones for the project.
def index
@page_title = "Milestones"
Index: app/controllers/stories_controller.rb
===================================================================
--- app/controllers/stories_controller.rb (revision 12)
+++ app/controllers/stories_controller.rb (working copy)
@@ -22,7 +22,9 @@
popups :new, :create, :edit, :update, :show
helper :collection_table
+ before_filter :require_user_privileges, :except => [:index, :show]
+
# Lists all of the stories in the project 'Backlog' (stories that have no
# iteration). Stories with a "cancelled" status are hidden by default. They
# can be displayed by passing the request parameter 'show_cancelled' (with any
Index: app/controllers/projects_controller.rb
===================================================================
--- app/controllers/projects_controller.rb (revision 12)
+++ app/controllers/projects_controller.rb (working copy)
@@ -26,7 +26,9 @@
:update, :remove_user,
:delete, :index ]
popups :new, :create, :add_users, :update_users, :edit, :update
+ before_filter :require_user_privileges, :except => [:index, :my_projects_list]
+
# Lists all of the projects that exist on the system.
def index
@page_title = "Projects"
Index: app/views/session/login.rhtml
===================================================================
--- app/views/session/login.rhtml (revision 12)
+++ app/views/session/login.rhtml (working copy)
@@ -48,10 +48,18 @@