##// END OF EJS Templates
jro_apps » redmine
RSS
Do not render hidden news edit form if user is not allowed to edit (closes #4068)....
Jean-Philippe Lang -
r2840:04ae25f6b0ce
parent child
Show More
Side by Side Unified
Context file:
r2840:04ae25f6b0ce Loading diff...:
Show file before | Show file after | Hide comments
@@ -1,63 +1,65
1 <div class="contextual">
1 <div class="contextual">
2 <%= link_to_if_authorized l(:button_edit),
2 <%= link_to_if_authorized l(:button_edit),
3 {:controller => 'news', :action => 'edit', :id => @news},
3 {:controller => 'news', :action => 'edit', :id => @news},
4 :class => 'icon icon-edit',
4 :class => 'icon icon-edit',
5 :accesskey => accesskey(:edit),
5 :accesskey => accesskey(:edit),
6 :onclick => 'Element.show("edit-news"); return false;' %>
6 :onclick => 'Element.show("edit-news"); return false;' %>
7 <%= link_to_if_authorized l(:button_delete), {:controller => 'news', :action => 'destroy', :id => @news}, :confirm => l(:text_are_you_sure), :method => :post, :class => 'icon icon-del' %>
7 <%= link_to_if_authorized l(:button_delete), {:controller => 'news', :action => 'destroy', :id => @news}, :confirm => l(:text_are_you_sure), :method => :post, :class => 'icon icon-del' %>
8 </div>
8 </div>
9
9
10 <h2><%=h @news.title %></h2>
10 <h2><%=h @news.title %></h2>
11
11
12 <% if authorize_for('news', 'edit') %>
12 <div id="edit-news" style="display:none;">
13 <div id="edit-news" style="display:none;">
13 <% labelled_tabular_form_for :news, @news, :url => { :action => "edit", :id => @news },
14 <% labelled_tabular_form_for :news, @news, :url => { :action => "edit", :id => @news },
14 :html => { :id => 'news-form' } do |f| %>
15 :html => { :id => 'news-form' } do |f| %>
15 <%= render :partial => 'form', :locals => { :f => f } %>
16 <%= render :partial => 'form', :locals => { :f => f } %>
16 <%= submit_tag l(:button_save) %>
17 <%= submit_tag l(:button_save) %>
17 <%= link_to_remote l(:label_preview),
18 <%= link_to_remote l(:label_preview),
18 { :url => { :controller => 'news', :action => 'preview', :project_id => @project },
19 { :url => { :controller => 'news', :action => 'preview', :project_id => @project },
19 :method => 'post',
20 :method => 'post',
20 :update => 'preview',
21 :update => 'preview',
21 :with => "Form.serialize('news-form')"
22 :with => "Form.serialize('news-form')"
22 }, :accesskey => accesskey(:preview) %> |
23 }, :accesskey => accesskey(:preview) %> |
23 <%= link_to l(:button_cancel), "#", :onclick => 'Element.hide("edit-news")' %>
24 <%= link_to l(:button_cancel), "#", :onclick => 'Element.hide("edit-news"); return false;' %>
24 <% end %>
25 <% end %>
25 <div id="preview" class="wiki"></div>
26 <div id="preview" class="wiki"></div>
26 </div>
27 </div>
28 <% end %>
27
29
28 <p><em><% unless @news.summary.blank? %><%=h @news.summary %><br /><% end %>
30 <p><em><% unless @news.summary.blank? %><%=h @news.summary %><br /><% end %>
29 <span class="author"><%= authoring @news.created_on, @news.author %></span></em></p>
31 <span class="author"><%= authoring @news.created_on, @news.author %></span></em></p>
30 <div class="wiki">
32 <div class="wiki">
31 <%= textilizable(@news.description) %>
33 <%= textilizable(@news.description) %>
32 </div>
34 </div>
33 <br />
35 <br />
34
36
35 <div id="comments" style="margin-bottom:16px;">
37 <div id="comments" style="margin-bottom:16px;">
36 <h3 class="icon22 icon22-comment"><%= l(:label_comment_plural) %></h3>
38 <h3 class="icon22 icon22-comment"><%= l(:label_comment_plural) %></h3>
37 <% @comments.each do |comment| %>
39 <% @comments.each do |comment| %>
38 <% next if comment.new_record? %>
40 <% next if comment.new_record? %>
39 <div class="contextual">
41 <div class="contextual">
40 <%= link_to_if_authorized image_tag('delete.png'), {:controller => 'news', :action => 'destroy_comment', :id => @news, :comment_id => comment},
42 <%= link_to_if_authorized image_tag('delete.png'), {:controller => 'news', :action => 'destroy_comment', :id => @news, :comment_id => comment},
41 :confirm => l(:text_are_you_sure), :method => :post, :title => l(:button_delete) %>
43 :confirm => l(:text_are_you_sure), :method => :post, :title => l(:button_delete) %>
42 </div>
44 </div>
43 <h4><%= authoring comment.created_on, comment.author %></h4>
45 <h4><%= authoring comment.created_on, comment.author %></h4>
44 <%= textilizable(comment.comments) %>
46 <%= textilizable(comment.comments) %>
45 <% end if @comments.any? %>
47 <% end if @comments.any? %>
46 </div>
48 </div>
47
49
48 <% if authorize_for 'news', 'add_comment' %>
50 <% if authorize_for 'news', 'add_comment' %>
49 <p><%= toggle_link l(:label_comment_add), "add_comment_form", :focus => "comment_comments" %></p>
51 <p><%= toggle_link l(:label_comment_add), "add_comment_form", :focus => "comment_comments" %></p>
50 <% form_tag({:action => 'add_comment', :id => @news}, :id => "add_comment_form", :style => "display:none;") do %>
52 <% form_tag({:action => 'add_comment', :id => @news}, :id => "add_comment_form", :style => "display:none;") do %>
51 <div class="box">
53 <div class="box">
52 <%= text_area 'comment', 'comments', :cols => 80, :rows => 15, :class => 'wiki-edit' %>
54 <%= text_area 'comment', 'comments', :cols => 80, :rows => 15, :class => 'wiki-edit' %>
53 <%= wikitoolbar_for 'comment_comments' %>
55 <%= wikitoolbar_for 'comment_comments' %>
54 </div>
56 </div>
55 <p><%= submit_tag l(:button_add) %></p>
57 <p><%= submit_tag l(:button_add) %></p>
56 <% end %>
58 <% end %>
57 <% end %>
59 <% end %>
58
60
59 <% html_title @news.title -%>
61 <% html_title @news.title -%>
60
62
61 <% content_for :header_tags do %>
63 <% content_for :header_tags do %>
62 <%= stylesheet_link_tag 'scm' %>
64 <%= stylesheet_link_tag 'scm' %>
63 <% end %>
65 <% end %>
General Comments 0
You need to be logged in to leave comments. Login now