OpenProject is the leading open source project management software.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

OpenProject::Application.routes.draw do
root to: 'homescreen#index', as: 'home'
rails_relative_url_root = OpenProject::Configuration['rails_relative_url_root'] || ''
# Route for health_checks
get '/health_check' => 'ok_computer/ok_computer#show', check: 'web'
# Override the default `all` checks route to return the full check
get '/health_checks/all' => 'ok_computer/ok_computer#show', check: 'full'
mount OkComputer::Engine, at: "/health_checks"
# Redirect deprecated issue links to new work packages uris
get '/issues(/)' => redirect("#{rails_relative_url_root}/work_packages")
# The URI.escape doesn't escape / unless you ask it to.
# see
get '/issues/*rest' => redirect { |params, _req|
# Respond with 410 gone for APIV2 calls
match '/api/v2(/*unmatched_route)', to: proc { [410, {}, ['']] }, via: :all
match '/assets/', to: proc { [404, {}, ['']] }, via: :all
# Redirect wp short url for work packages to full URL
get '/wp(/)' => redirect("#{rails_relative_url_root}/work_packages")
get '/wp/*rest' => redirect { |params, _req|
# Add catch method for Rack OmniAuth to allow route helpers
# Note: This renders a 404 in rails but is caught by omniauth in Rack before
get '/auth/failure', to: 'account#omniauth_failure'
get '/auth/:provider', to: proc { [404, {}, ['']] }, as: 'omniauth_start'
match '/auth/:provider/callback', to: 'account#omniauth_login', as: 'omniauth_login', via: %i[get post]
# In case assets are actually delivered by a node server (e.g. in test env)
# forward requests to the proxy
if FrontendAssetHelper.assets_proxied?
match '/assets/frontend/*appendix',
to: redirect(FrontendAssetHelper.cli_proxy + "/assets/frontend/%{appendix}", status: 307),
format: false,
via: :all
scope controller: 'account' do
get '/account/force_password_change', action: 'force_password_change'
post '/account/change_password', action: 'change_password'
match '/account/lost_password', action: 'lost_password', via: %i[get post]
match '/account/register', action: 'register', via: %i[get post patch]
get '/account/activate', action: 'activate'
match '/login', action: 'login', as: 'signin', via: %i[get post]
get '/logout', action: 'logout', as: 'signout'
get '/sso', action: 'auth_source_sso_failed', as: 'sso_failure'
get '/login/:stage/failure', action: 'stage_failure', as: 'stage_failure'
get '/login/:stage/:secret', action: 'stage_success', as: 'stage_success'
get '/account/consent', action: 'consent', as: 'account_consent'
get '/account/decline_consent', action: 'decline_consent', as: 'account_decline_consent'
post '/account/confirm_consent', action: 'confirm_consent', as: 'account_confirm_consent'
# Because of this has to be
# placed behind handling the deprecated v1 because otherwise, a 405 is
# returned for all routes for which the v3 has also resources. Grape does
# remove the prefix (v3) before checking whether the method is supported. I
# don't understand why that should make sense.
mount API::Root => '/api'
# OAuth authorization routes
use_doorkeeper do
# Do not add global application controller
skip_controllers :applications, :authorized_applications
get '/roles/workflow/:id/:role_id/:type_id' => 'roles#workflow'
get '/types/:id/edit/:tab' => "types#edit",
as: "edit_type_tab"
match '/types/:id/update/:tab' => "types#update",
as: "update_type_tab",
via: %i[post patch]
resources :types do
post 'move/:id', action: 'move', on: :collection
resources :statuses, except: :show do
collection do
post 'update_work_package_done_ratio'
get 'custom_style/:digest/logo/:filename' => 'custom_styles#logo_download',
as: 'custom_style_logo',
constraints: { filename: /[^\/]*/ }
get 'custom_style/:digest/favicon/:filename' => 'custom_styles#favicon_download',
as: 'custom_style_favicon',
constraints: { filename: /[^\/]*/ }
get 'custom_style/:digest/touch-icon/:filename' => 'custom_styles#touch_icon_download',
as: 'custom_style_touch_icon',
constraints: { filename: /[^\/]*/ }
get 'highlighting/styles(/:version_tag)' => 'highlighting#styles',
as: 'highlighting_css_styles'
resources :custom_fields, except: :show do
member do
match "options/:option_id",
to: "custom_fields#delete_option",
via: :delete,
as: :delete_option_of
Merge branch 'dev' into feature/rails4 Signed-off-by: Alex Coles <> Conflicts: app/controllers/api/v2/authentication_controller.rb app/controllers/api/v2/planning_element_journals_controller.rb app/controllers/api/v2/planning_element_type_colors_controller.rb app/controllers/api/v2/project_associations_controller.rb app/controllers/api/v2/project_types_controller.rb app/controllers/api/v2/projects_controller.rb app/controllers/api/v2/reported_project_statuses_controller.rb app/controllers/api/v2/reportings_controller.rb app/controllers/api/v2/timelines_controller.rb app/controllers/api/v2/users_controller.rb app/controllers/copy_projects_controller.rb app/controllers/custom_fields_controller.rb app/controllers/projects_controller.rb app/controllers/time_entries/reports_controller.rb app/controllers/types_controller.rb app/controllers/versions_controller.rb app/controllers/workflows_controller.rb app/helpers/types_helper.rb app/models/project.rb app/models/query.rb app/models/timeline.rb app/models/type.rb app/models/work_package.rb app/models/workflow.rb app/services/planning_comparison_service.rb config/initializers/10-patches.rb config/routes.rb db/seeds/production.rb features/step_definitions/general_steps.rb features/step_definitions/issue_steps.rb features/step_definitions/timelines_given_steps.rb features/step_definitions/type_steps.rb features/step_definitions/work_package_steps.rb lib/redmine/default_data/loader.rb lib/tasks/ci.rake lib/tasks/documentation.rake spec/controllers/api/v2/planning_elements_controller_spec.rb spec/factories/type_factory.rb spec/views/api/v2/custom_fields/index_api_rabl_spec.rb spec/views/api/v2/planning_elements/show_api_json_spec.rb spec/views/api/v2/projects/show_api_json_spec.rb
get '(projects/:project_id)/search' => 'search#index', as: 'search'
# only providing routes for journals when there are multiple subclasses of journals
# all subclasses will look for the journals routes
resources :journals, only: :index do
get 'diff/:field', action: :diff, on: :member, as: 'diff'
# REVIEW: review those wiki routes
scope 'projects/:project_id/wiki/:id' do
resource :wiki_menu_item, only: %i[edit update]
# generic route for adding/removing watchers.
# Models declared as acts_as_watchable will be automatically added to
# OpenProject::Acts::Watchable::Routes.watched
scope ':object_type/:object_id', constraints: OpenProject::Acts::Watchable::Routes do
match '/watch' => 'watchers#watch', via: :post
match '/unwatch' => 'watchers#unwatch', via: :delete
resources :projects, except: %i[show edit] do
member do
ProjectSettingsHelper.project_settings_tabs.each do |tab|
get "settings/#{tab[:name]}", controller: "project_settings/#{tab[:name]}", action: 'show', as: "settings_#{tab[:name]}"
get "settings", controller: "project_settings/generic", action: 'show', as: "project_settings"
get 'identifier', action: 'identifier'
patch 'identifier', action: 'update_identifier'
match 'copy_project_from_(:coming_from)' => 'copy_projects#copy_project', via: :get, as: :copy_from,
constraints: { coming_from: /(admin|settings)/ }
match 'copy_from_(:coming_from)' => 'copy_projects#copy', via: :post, as: :copy,
constraints: { coming_from: /(admin|settings)/ }
put :modules
put :custom_fields
put :archive
put :unarchive
patch :types
get 'column_sums', controller: 'work_packages'
# Destroy uses a get request to prompt the user before the actual DELETE request
get :destroy_info, as: 'confirm_destroy'
collection do
get :level_list
resource :time_entry_activities, controller: 'projects/time_entry_activities', only: %i[update]
resources :versions, only: %i[new create] do
collection do
put :close_completed
# this is only another name for versions#index
# For nice "road in the url for the index action
# this could probably be rewritten with a resource as: 'roadmap'
match '/roadmap' => 'versions#index', via: :get
resources :news, only: %i[index new create]
# Match everything to be the ID of the wiki page except the part that
# is reserved for the format. This assumes that we have only two formats:
# .txt and .html
resources :wiki,
constraints: { id: /([^\/]+(?=\.markdown)|[^\/]+)/ },
except: %i[index create] do
collection do
post '/new' => 'wiki#create', as: 'create'
get :export
get :date_index
get '/index' => 'wiki#index'
member do
get '/new' => 'wiki#new_child', as: 'new_child'
get '/diff/:version/vs/:version_from' => 'wiki#diff', as: 'wiki_diff_compare'
get '/diff(/:version)' => 'wiki#diff', as: 'wiki_diff'
get '/annotate/:version' => 'wiki#annotate', as: 'wiki_annotate'
get '/toc' => 'wiki#index'
match :rename, via: %i[get patch]
get :parent_page, action: 'edit_parent_page'
patch :parent_page, action: 'update_parent_page'
get :history
post :protect
get :select_main_menu_item, to: 'wiki_menu_items#select_main_menu_item'
post :replace_main_menu_item, to: 'wiki_menu_items#replace_main_menu_item'
# as routes for index and show are swapped
# it is necessary to define the show action later
# than any other route as it otherwise would
# work as a catchall for everything under /wiki
get 'wiki' => 'wiki#show'
namespace :work_packages do
resources :calendar, controller: 'calendars', only: [:index]
resources :work_packages, only: [] do
collection do
get '/report/:detail' => 'work_packages/reports#report_details'
get '/report' => 'work_packages/reports#report'
# states managed by client-side routing on work_package#index
get '(/*state)' => 'work_packages#index', on: :collection, as: ''
get '/create_new' => 'work_packages#index', on: :collection, as: 'new_split'
get '/new' => 'work_packages#index', on: :collection, as: 'new'
# state for show view in project context
get '(/*state)' => 'work_packages#show', on: :member, as: ''
resources :activity, :activities, only: :index, controller: 'activities'
resources :forums do
member do
get :confirm_destroy
get :move
post :move
resources :categories, except: %i[index show], shallow: true
resources :members, only: %i[index create update destroy], shallow: true do
collection do
match :autocomplete_for_member, via: %i[get]
resource :repository, controller: 'repositories', except: [:new] do
# Destroy uses a get request to prompt the user before the actual DELETE request
get :destroy_info
get :committers
post :committers
get :graph
get :revisions
get '/statistics', action: :stats, as: 'stats'
get '(/revisions/:rev)/diff.:format', action: :diff
get '(/revisions/:rev)/diff(/*repo_path)',
action: :diff,
format: 'html',
constraints: { rev: /[\w0-9\.\-_]+/, repo_path: /.*/ }
get '(/revisions/:rev)/:format/*repo_path',
action: :entry,
format: /raw/,
rev: /[\w0-9\.\-_]+/
%w{diff annotate changes entry browse}.each do |action|
get "(/revisions/:rev)/#{action}(/*repo_path)",
format: 'html',
action: action,
constraints: { rev: /[\w0-9\.\-_]+/, repo_path: /.*/ },
as: "#{action}_revision"
get '/revision(/:rev)', rev: /[\w0-9\.\-_]+/,
action: :revision,
as: 'show_revision'
get '(/revisions/:rev)(/*repo_path)',
action: :show,
format: 'html',
constraints: { rev: /[\w0-9\.\-_]+/, repo_path: /.*/ },
as: 'show_revisions_path'
resources :admin, controller: :admin, only: :index do
collection do
get :plugins
get :info
post :force_user_language
post :test_email
scope 'admin' do
resource :announcements, only: %i[edit update]
constraints(Enterprise) do
resource :enterprise, only: %i[show create destroy]
scope controller: 'enterprises' do
post 'enterprise/save_trial_key' => 'enterprises#save_trial_key'
delete 'enterprise/delete_trial_key' => 'enterprises#delete_trial_key'
resources :enumerations
delete 'design/logo' => 'custom_styles#logo_delete', as: 'custom_style_logo_delete'
delete 'design/favicon' => 'custom_styles#favicon_delete', as: 'custom_style_favicon_delete'
delete 'design/touch_icon' => 'custom_styles#touch_icon_delete', as: 'custom_style_touch_icon_delete'
get 'design/upsale' => 'custom_styles#upsale', as: 'custom_style_upsale'
post 'design/colors' => 'custom_styles#update_colors', as: 'update_design_colors'
post 'design/themes' => 'custom_styles#update_themes', as: 'update_design_themes'
resource :custom_style, only: %i[update show create], path: 'design'
resources :attribute_help_texts, only: %i(index new create edit update destroy)
resources :groups do
member do
# this should be put into it's own resource
match '/members' => 'groups#add_users', via: :post, as: 'members_of'
match '/members/:user_id' => 'groups#remove_user', via: :delete, as: 'member_of'
# this should be put into it's own resource
match '/memberships/:membership_id' => 'groups#edit_membership', via: :put, as: 'membership_of'
match '/memberships/:membership_id' => 'groups#destroy_membership', via: :delete
match '/memberships' => 'groups#create_memberships', via: :post, as: 'memberships_of'
resources :roles, except: %i[show] do
collection do
put '/' => 'roles#bulk_update'
get :report
resources :auth_sources, :ldap_auth_sources do
member do
get :test_connection
resources :custom_actions, except: :show
namespace :oauth do
resources :applications
namespace :admin do
resource :incoming_mails, only: %i[show update]
resource :mail_notifications, only: %i[show update]
resource :settings, only: %i(update show) do
SettingsHelper.system_settings_tabs.each do |tab|
get tab[:name], controller: "settings/#{tab[:name]}", action: 'show', as: "#{tab[:name]}"
patch tab[:name], controller: "settings/#{tab[:name]}", action: 'update', as: "update_#{tab[:name]}"
# We should fix this crappy routing (split up and rename controller methods)
collection do
match 'plugin/:id', action: 'plugin', via: %i[get post]
resource :workflows, only: %i[edit update show] do
member do
# We should fix this crappy routing (split up and rename controller methods)
match 'copy', action: 'copy', via: %i[get post]
namespace :work_packages do
match 'auto_complete' => 'auto_completes#index', via: %i[get post]
resources :calendar, controller: 'calendars', only: [:index]
resource :bulk, controller: 'bulk', only: %i[edit update destroy]
# FIXME: this is kind of evil!! We need to remove this soonest and
# cover the functionality. Route is being used in work-package-service.js:331
get '/bulk' => 'bulk#destroy'
scope controller: 'work_packages/settings' do
get 'work_package_tracking' => 'work_packages/settings#index'
post 'work_package_tracking' => 'work_packages/settings#edit'
resources :work_packages, only: [:index] do
# move bulk of wps
get 'move/new' => 'work_packages/moves#new', on: :collection, as: 'new_move'
post 'move' => 'work_packages/moves#create', on: :collection, as: 'move'
# move individual wp
resource :move, controller: 'work_packages/moves', only: %i[new create]
# states managed by client-side routing on work_package#index
get 'details/*state' => 'work_packages#index', on: :collection, as: :details
# states managed by client-side (angular) routing on work_package#show
get '/' => 'work_packages#index', on: :collection, as: 'index'
get '/create_new' => 'work_packages#index', on: :collection, as: 'new_split'
get '/new' => 'work_packages#index', on: :collection, as: 'new', state: 'new'
# We do not want to match the work package export routes
get '(/*state)' => 'work_packages#show', on: :member, as: '', constraints: { id: /\d+/ }
get '/edit' => 'work_packages#show', on: :member, as: 'edit'
resources :versions, only: %i[show edit update destroy] do
member do
get :status_by
resources :activity, :activities, only: :index, controller: 'activities'
resources :users do
resources :memberships, controller: 'users/memberships', only: %i[update create destroy]
member do
match '/edit/:tab' => 'users#edit', via: :get, as: 'tab_edit'
match '/change_status/:change_action' => 'users#change_status_info', via: :get, as: 'change_status_info'
post :change_status
post :resend_invitation
get :deletion_info
Converted routing and urls to follow the Rails REST convention. Patch supplied by commits from Gerrit Kaiser on Github. Existing routes will still work (backwards compatible) but any new urls will be generated using the new routing rules. Changes listed below: * made the URLs for some project tabs and project settings follow the new rails RESTful conventions of /collection/:id/subcollection/:sub_id * prettier URL for project roadmap * more nice project URLs * use GET for filtering form * prettified URLs used on issues tab * custom route for activity atom feeds * prettier repository urls * fixed broken route definition * fixed failing tests for issuecontroller that were hardcoding the url string * more RESTful routes for boards and messages * RESTful routes for wiki pages * RESTful routes for documents * moved old routes that are retained for compatibility to the bottom and grouped them together * added RESTful URIs for issues * RESTfulness for the news section * fixed route order * changed hardcoded URLs in tests * fixed badly written tests * fixed forgotten parameter in routes * changed hardcoded URLS to new scheme * changed project add url to the standard POST to collection * create new issue by POSTing to collection * changed hardcoded URLs in integrations tests * made project add form work again * restful routes for project deletion * prettier routes for project (un)archival * made routes table more readable * fixed note quoting * user routing * fixed bug * always sort by GET * Fixed: cross-project issue list should not show issues of projects for which the issue tracking module was disabled. * prettified URLs used on issues tab * urls for time log * fixed reply routing * eliminate revision query paremeter for diff and entry actions * fixed test failures with hard-coded urls * ensure ajax links always use get * refactored ajax link generation into separate method #1901 git-svn-id: svn+ssh:// e93f8b46-1217-0410-a6f0-8f06a7374b81
scope controller: 'users_settings' do
get 'users_settings' => 'users_settings#index'
post 'users_settings' => 'users_settings#edit'
resources :forums, only: [] do
resources :topics, controller: 'messages', except: [:index], shallow: true do
member do
get :quote
post :reply, as: 'reply_to'
resources :news, only: %i[index destroy update edit show] do
resources :comments, controller: 'news/comments', only: %i[create destroy], shallow: true
# redirect for backwards compatibility
scope 'attachments',
constraints: { id: /\d+/, filename: /[^\/]*/ },
format: false do
get '/download/:id/:filename',
to: redirect("#{rails_relative_url_root}/attachments/%{id}/%{filename}")
get '/download/:id',
to: redirect("#{rails_relative_url_root}/attachments/%{id}")
scope ':id' do
get '(/:filename)',
to: redirect("#{rails_relative_url_root}/api/v3/attachments/%{id}/content")
delete '',
to: redirect("#{rails_relative_url_root}/api/v3/attachments/%{id}")
resource :help, controller: :help, only: [] do
member do
get :keyboard_shortcuts
get :text_formatting
scope controller: 'sys' do
match '/sys/repo_auth', action: 'repo_auth', via: %i[get post]
get '/sys/projects', action: 'projects'
get '/sys/fetch_changesets', action: 'fetch_changesets'
get '/sys/projects/:id/repository/update_storage', action: 'update_required_storage'
# alternate routes for the current user
scope 'my' do
match '/deletion_info' => 'users#deletion_info', via: :get, as: 'delete_my_account_info'
match '/oauth/revoke_application/:application_id' => 'oauth/grants#revoke_application', via: :post, as: 'revoke_my_oauth_application'
scope controller: 'my' do
get '/my/password', action: 'password'
post '/my/change_password', action: 'change_password'
get '/my/account', action: 'account'
get '/my/settings', action: 'settings'
get '/my/mail_notifications', action: 'mail_notifications'
patch '/my/account', action: 'update_account'
patch '/my/settings', action: 'update_settings'
patch '/my/mail_notifications', action: 'update_mail_notifications'
post '/my/generate_rss_key', action: 'generate_rss_key'
post '/my/generate_api_key', action: 'generate_api_key'
get '/my/access_token', action: 'access_token'
scope controller: 'onboarding' do
patch 'user_settings', action: 'user_settings'
scope controller: 'authentication' do
get 'authentication' => 'authentication#index'
get 'authentication_settings' => 'authentication#authentication_settings'
post 'authentication_settings' => 'authentication#edit'
resources :colors do
member do
get :confirm_destroy
get :move
post :move
get '/robots' => 'homescreen#robots', defaults: { format: :txt }
root to: 'account#login'
# Development route for styleguide
if Rails.env.development?
get '/styleguide' => redirect('/assets/styleguide.html')