| @@ -90,10 +90,8 class JournalsController < ApplicationController | |||||
| 90 |
|
90 | |||
| 91 | def update |
|
91 | def update | |
| 92 | (render_403; return false) unless @journal.editable_by?(User.current) |
|
92 | (render_403; return false) unless @journal.editable_by?(User.current) | |
| 93 | @journal.notes = params[:notes] if params[:notes] |
|
93 | @journal.safe_attributes = params[:journal] | |
| 94 | @journal.private_notes = params[:private_notes].present? |
|
94 | @journal.save | |
| 95 | (render_403; return false) if @journal.private_notes_changed? && User.current.allowed_to?(:set_notes_private, @journal.issue.project) == false |
|
|||
| 96 | @journal.save if @journal.changed? |
|
|||
| 97 | @journal.destroy if @journal.details.empty? && @journal.notes.blank? |
|
95 | @journal.destroy if @journal.details.empty? && @journal.notes.blank? | |
| 98 | call_hook(:controller_journals_edit_post, { :journal => @journal, :params => params}) |
|
96 | call_hook(:controller_journals_edit_post, { :journal => @journal, :params => params}) | |
| 99 | respond_to do |format| |
|
97 | respond_to do |format| | |
| @@ -45,7 +45,7 module JournalsHelper | |||||
| 45 | :class => 'icon-only icon-edit' |
|
45 | :class => 'icon-only icon-edit' | |
| 46 | ) if editable |
|
46 | ) if editable | |
| 47 | links << link_to(l(:button_delete), |
|
47 | links << link_to(l(:button_delete), | |
| 48 | journal_path(journal, :notes => ""), |
|
48 | journal_path(journal, :journal => {:notes => ""}), | |
| 49 | :remote => true, |
|
49 | :remote => true, | |
| 50 | :method => 'put', :data => {:confirm => l(:text_are_you_sure)}, |
|
50 | :method => 'put', :data => {:confirm => l(:text_are_you_sure)}, | |
| 51 | :title => l(:button_delete), |
|
51 | :title => l(:button_delete), | |
| @@ -16,6 +16,8 | |||||
| 16 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
|
16 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. | |
| 17 |
|
17 | |||
| 18 | class Journal < ActiveRecord::Base |
|
18 | class Journal < ActiveRecord::Base | |
|
|
19 | include Redmine::SafeAttributes | |||
|
|
20 | ||||
| 19 | belongs_to :journalized, :polymorphic => true |
|
21 | belongs_to :journalized, :polymorphic => true | |
| 20 | # added as a quick fix to allow eager loading of the polymorphic association |
|
22 | # added as a quick fix to allow eager loading of the polymorphic association | |
| 21 | # since always associated to an issue, for now |
|
23 | # since always associated to an issue, for now | |
| @@ -50,6 +52,11 class Journal < ActiveRecord::Base | |||||
| 50 | where("(#{Journal.table_name}.private_notes = ? OR (#{Project.allowed_to_condition(user, :view_private_notes, *args)}))", false) |
|
52 | where("(#{Journal.table_name}.private_notes = ? OR (#{Project.allowed_to_condition(user, :view_private_notes, *args)}))", false) | |
| 51 | } |
|
53 | } | |
| 52 |
|
54 | |||
|
|
55 | safe_attributes 'notes', | |||
|
|
56 | :if => lambda {|journal, user| journal.new_record? || journal.editable_by?(user)} | |||
|
|
57 | safe_attributes 'private_notes', | |||
|
|
58 | :if => lambda {|journal, user| user.allowed_to?(:set_notes_private, journal.project)} | |||
|
|
59 | ||||
| 53 | def initialize(*args) |
|
60 | def initialize(*args) | |
| 54 | super |
|
61 | super | |
| 55 | if journalized |
|
62 | if journalized | |
| @@ -3,12 +3,14 | |||||
| 3 | :method => 'put', |
|
3 | :method => 'put', | |
| 4 | :id => "journal-#{@journal.id}-form") do %> |
|
4 | :id => "journal-#{@journal.id}-form") do %> | |
| 5 | <%= label_tag "notes", l(:description_notes), :class => "hidden-for-sighted" %> |
|
5 | <%= label_tag "notes", l(:description_notes), :class => "hidden-for-sighted" %> | |
| 6 |
<%= text_area_tag |
|
6 | <%= text_area_tag 'journal[notes]', @journal.notes, | |
| 7 | :id => "journal_#{@journal.id}_notes", |
|
7 | :id => "journal_#{@journal.id}_notes", | |
| 8 | :class => 'wiki-edit', |
|
8 | :class => 'wiki-edit', | |
| 9 | :rows => (@journal.notes.blank? ? 10 : [[10, @journal.notes.length / 50].max, 100].min) %> |
|
9 | :rows => (@journal.notes.blank? ? 10 : [[10, @journal.notes.length / 50].max, 100].min) %> | |
| 10 |
<% if @journal. |
|
10 | <% if @journal.safe_attribute? 'private_notes' %> | |
| 11 | <%= check_box_tag 'private_notes', '1', @journal.private_notes, :id => "journal_#{@journal.id}_private_notes" %> <label for="journal_<%= @journal.id %>_private_notes"><%= l(:field_private_notes) %></label> |
|
11 | <%= hidden_field_tag 'journal[private_notes]', '0' %> | |
|
|
12 | <%= check_box_tag 'journal[private_notes]', '1', @journal.private_notes, :id => "journal_#{@journal.id}_private_notes" %> | |||
|
|
13 | <label for="journal_<%= @journal.id %>_private_notes"><%= l(:field_private_notes) %></label> | |||
| 12 | <% end %> |
|
14 | <% end %> | |
| 13 | <%= call_hook(:view_journals_notes_form_after_notes, { :journal => @journal}) %> |
|
15 | <%= call_hook(:view_journals_notes_form_after_notes, { :journal => @journal}) %> | |
| 14 | <p><%= submit_tag l(:button_save) %> |
|
16 | <p><%= submit_tag l(:button_save) %> | |
| @@ -199,7 +199,7 class JournalsControllerTest < ActionController::TestCase | |||||
| 199 |
|
199 | |||
| 200 | def test_update_xhr |
|
200 | def test_update_xhr | |
| 201 | @request.session[:user_id] = 1 |
|
201 | @request.session[:user_id] = 1 | |
| 202 | xhr :post, :update, :id => 2, :notes => 'Updated notes' |
|
202 | xhr :post, :update, :id => 2, :journal => {:notes => 'Updated notes'} | |
| 203 | assert_response :success |
|
203 | assert_response :success | |
| 204 | assert_template 'update' |
|
204 | assert_template 'update' | |
| 205 | assert_equal 'text/javascript', response.content_type |
|
205 | assert_equal 'text/javascript', response.content_type | |
| @@ -209,7 +209,7 class JournalsControllerTest < ActionController::TestCase | |||||
| 209 |
|
209 | |||
| 210 | def test_update_xhr_with_private_notes_checked |
|
210 | def test_update_xhr_with_private_notes_checked | |
| 211 | @request.session[:user_id] = 1 |
|
211 | @request.session[:user_id] = 1 | |
| 212 | xhr :post, :update, :id => 2, :private_notes => '1' |
|
212 | xhr :post, :update, :id => 2, :journal => {:private_notes => '1'} | |
| 213 | assert_response :success |
|
213 | assert_response :success | |
| 214 | assert_template 'update' |
|
214 | assert_template 'update' | |
| 215 | assert_equal 'text/javascript', response.content_type |
|
215 | assert_equal 'text/javascript', response.content_type | |
| @@ -221,7 +221,7 class JournalsControllerTest < ActionController::TestCase | |||||
| 221 | def test_update_xhr_with_private_notes_unchecked |
|
221 | def test_update_xhr_with_private_notes_unchecked | |
| 222 | Journal.find(2).update_attributes(:private_notes => true) |
|
222 | Journal.find(2).update_attributes(:private_notes => true) | |
| 223 | @request.session[:user_id] = 1 |
|
223 | @request.session[:user_id] = 1 | |
| 224 | xhr :post, :update, :id => 2 |
|
224 | xhr :post, :update, :id => 2, :journal => {:private_notes => '0'} | |
| 225 | assert_response :success |
|
225 | assert_response :success | |
| 226 | assert_template 'update' |
|
226 | assert_template 'update' | |
| 227 | assert_equal 'text/javascript', response.content_type |
|
227 | assert_equal 'text/javascript', response.content_type | |
| @@ -230,20 +230,21 class JournalsControllerTest < ActionController::TestCase | |||||
| 230 | assert_include 'journal-2-private_notes', response.body |
|
230 | assert_include 'journal-2-private_notes', response.body | |
| 231 | end |
|
231 | end | |
| 232 |
|
232 | |||
| 233 |
def test_update_xhr_with |
|
233 | def test_update_xhr_without_set_private_notes_permission_should_ignore_private_notes | |
| 234 | @request.session[:user_id] = 2 |
|
234 | @request.session[:user_id] = 2 | |
| 235 | Role.find(1).add_permission! :edit_issue_notes |
|
235 | Role.find(1).add_permission! :edit_issue_notes | |
| 236 | Role.find(1).add_permission! :view_private_notes |
|
236 | Role.find(1).add_permission! :view_private_notes | |
| 237 | Role.find(1).remove_permission! :set_notes_private |
|
237 | Role.find(1).remove_permission! :set_notes_private | |
| 238 |
|
238 | |||
| 239 | xhr :post, :update, :id => 2, :private_notes => '1' |
|
239 | xhr :post, :update, :id => 2, :journal => {:private_notes => '1'} | |
| 240 |
assert_response |
|
240 | assert_response :success | |
|
|
241 | assert_equal false, Journal.find(2).private_notes | |||
| 241 | end |
|
242 | end | |
| 242 |
|
243 | |||
| 243 | def test_update_xhr_with_empty_notes_should_delete_the_journal |
|
244 | def test_update_xhr_with_empty_notes_should_delete_the_journal | |
| 244 | @request.session[:user_id] = 1 |
|
245 | @request.session[:user_id] = 1 | |
| 245 | assert_difference 'Journal.count', -1 do |
|
246 | assert_difference 'Journal.count', -1 do | |
| 246 | xhr :post, :update, :id => 2, :notes => '' |
|
247 | xhr :post, :update, :id => 2, :journal => {:notes => ''} | |
| 247 | assert_response :success |
|
248 | assert_response :success | |
| 248 | assert_template 'update' |
|
249 | assert_template 'update' | |
| 249 | assert_equal 'text/javascript', response.content_type |
|
250 | assert_equal 'text/javascript', response.content_type | |
General Comments 0
You need to be logged in to leave comments.
Login now