From f8f6ff065eccc6ede4d35ed87a09bb962b84ca25 Mon Sep 17 00:00:00 2001
From: Nihad Abbasov <narkoz.2008@gmail.com>
Date: Thu, 31 May 2012 23:42:02 -0700
Subject: [PATCH 1/2] add projects atom feed

---
 app/controllers/projects_controller.rb |  9 +++++--
 app/views/layouts/_head.html.haml      |  3 ++-
 app/views/projects/index.atom.builder  | 36 ++++++++++++++++++++++++++
 spec/requests/projects_spec.rb         |  9 ++++++-
 4 files changed, 53 insertions(+), 4 deletions(-)
 create mode 100644 app/views/projects/index.atom.builder

diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb
index d73072f2..35938167 100644
--- a/app/controllers/projects_controller.rb
+++ b/app/controllers/projects_controller.rb
@@ -14,6 +14,11 @@ class ProjectsController < ApplicationController
     @projects = current_user.projects.includes(:events).order("events.created_at DESC")
     @projects = @projects.page(params[:page]).per(40)
     @events = Event.where(:project_id => current_user.projects.map(&:id)).recent.limit(20)
+
+    respond_to do |format|
+      format.html
+      format.atom { render :layout => false }
+    end
   end
 
   def new
@@ -31,7 +36,7 @@ class ProjectsController < ApplicationController
       @project.save!
       @project.users_projects.create!(:project_access => UsersProject::MASTER, :user => current_user)
 
-      # when project saved no team member exist so 
+      # when project saved no team member exist so
       # project repository should be updated after first user add
       @project.update_repository
     end
@@ -72,7 +77,7 @@ class ProjectsController < ApplicationController
     @events = @project.events.recent.limit(limit)
 
     respond_to do |format|
-      format.html do 
+      format.html do
          if @project.repo_exists? && @project.has_commits?
            render :show
          else
diff --git a/app/views/layouts/_head.html.haml b/app/views/layouts/_head.html.haml
index 3debf5c9..e609557b 100644
--- a/app/views/layouts/_head.html.haml
+++ b/app/views/layouts/_head.html.haml
@@ -8,10 +8,11 @@
   = javascript_include_tag "application"
 
   -# Atom feed
+  - if controller_name == 'projects' && action_name == 'index'
+    = auto_discovery_link_tag :atom, projects_url(:atom, :private_token => current_user.private_token), :title => "Dashboard feed"
   - if @project && !@project.new_record?
     - if current_page?(tree_project_ref_path(@project, @project.root_ref)) || current_page?(project_commits_path(@project))
       = auto_discovery_link_tag(:atom, project_commits_url(@project, :atom, :ref => @ref, :private_token => current_user.private_token), :title => "Recent commits to #{@project.name}:#{@ref}")
     - if request.path == project_issues_path(@project)
       = auto_discovery_link_tag(:atom, project_issues_url(@project, :atom, :private_token => current_user.private_token), :title => "#{@project.name} issues")
   = csrf_meta_tags
-
diff --git a/app/views/projects/index.atom.builder b/app/views/projects/index.atom.builder
new file mode 100644
index 00000000..706b808e
--- /dev/null
+++ b/app/views/projects/index.atom.builder
@@ -0,0 +1,36 @@
+xml.instruct!
+xml.feed "xmlns" => "http://www.w3.org/2005/Atom", "xmlns:media" => "http://search.yahoo.com/mrss/" do
+  xml.title   "Dashboard feed#{" - #{current_user.name}" if current_user.name.present?}"
+  xml.link    :href => projects_url(:atom), :rel => "self", :type => "application/atom+xml"
+  xml.link    :href => projects_url, :rel => "alternate", :type => "text/html"
+  xml.id      projects_url
+  xml.updated @events.maximum(:updated_at).strftime("%Y-%m-%dT%H:%M:%SZ") if @events.any?
+
+  @events.each do |event|
+    if event.allowed?
+      xml.entry do
+        if event.issue?
+          event_link  = project_issue_url(event.project, event.issue)
+          event_title = event.issue_title
+        elsif event.merge_request?
+          event_link  = project_merge_request_url(event.project, event.merge_request)
+          event_title = event.merge_request_title
+        elsif event.push?
+          event_link  = project_commits_url(event.project, :ref => event.ref_name)
+          event_title = event.ref_name
+        end
+
+        xml.id      "tag:#{request.host},#{event.created_at.strftime("%Y-%m-%d")}:#{event.id}"
+        xml.link    :href => event_link
+        xml.title   truncate(event_title, :length => 80)
+        xml.updated event.created_at.strftime("%Y-%m-%dT%H:%M:%SZ")
+        xml.media   :thumbnail, :width => "40", :height => "40", :url => gravatar_icon(event.author_email)
+        xml.author do |author|
+          xml.name event.author_name
+          xml.email event.author_email
+        end
+        xml.summary event_title
+      end
+    end
+  end
+end
diff --git a/spec/requests/projects_spec.rb b/spec/requests/projects_spec.rb
index 1805b629..bde0ab83 100644
--- a/spec/requests/projects_spec.rb
+++ b/spec/requests/projects_spec.rb
@@ -18,9 +18,16 @@ describe "Projects" do
       page.should have_content("New Project")
     end
 
-    it "should have project" do 
+    it "should have project" do
       page.should have_content(@project.name)
     end
+
+    it "should render projects atom feed via private token" do
+      logout
+
+      visit projects_path(:atom, :private_token => @user.private_token)
+      page.body.should have_selector("feed title")
+    end
   end
 
   describe "GET /projects/new" do

From cc3c6ad0ef3fed3451513f3f7f19e45ea0b77152 Mon Sep 17 00:00:00 2001
From: Nihad Abbasov <narkoz.2008@gmail.com>
Date: Fri, 1 Jun 2012 06:56:28 -0700
Subject: [PATCH 2/2] allow login via private token only for atom feeds

---
 app/controllers/application_controller.rb | 11 +++++++++--
 spec/requests/projects_spec.rb            |  7 +++++++
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index a96c59b6..56792f26 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -1,7 +1,7 @@
 class ApplicationController < ActionController::Base
   before_filter :authenticate_user!
   before_filter :reject_blocked!
-  before_filter :set_current_user_for_mailer
+  before_filter :set_current_user_for_mailer, :check_token_auth
   protect_from_forgery
   helper_method :abilities, :can?
 
@@ -17,9 +17,16 @@ class ApplicationController < ActionController::Base
 
   protected
 
+  def check_token_auth
+    # Redirect to login page if not atom feed
+    if params[:private_token].present? && params[:format] != 'atom'
+      redirect_to new_user_session_path
+    end
+  end
+
   def reject_blocked!
     if current_user && current_user.blocked
-      sign_out current_user 
+      sign_out current_user
       flash[:alert] = "Your account was blocked"
       redirect_to new_user_session_path
     end
diff --git a/spec/requests/projects_spec.rb b/spec/requests/projects_spec.rb
index bde0ab83..79c94955 100644
--- a/spec/requests/projects_spec.rb
+++ b/spec/requests/projects_spec.rb
@@ -28,6 +28,13 @@ describe "Projects" do
       visit projects_path(:atom, :private_token => @user.private_token)
       page.body.should have_selector("feed title")
     end
+
+    it "should not render projects page via private token" do
+      logout
+
+      visit projects_path(:private_token => @user.private_token)
+      current_path.should == new_user_session_path
+    end
   end
 
   describe "GET /projects/new" do