| @@ -90,10 +90,8 class JournalsController < ApplicationController | |||
|
|
90 | 90 | |
|
|
91 | 91 | def update |
|
|
92 | 92 | (render_403; return false) unless @journal.editable_by?(User.current) |
|
|
93 | @journal.notes = params[:notes] if params[:notes] | |
|
|
94 | @journal.private_notes = params[:private_notes].present? | |
|
|
95 | (render_403; return false) if @journal.private_notes_changed? && User.current.allowed_to?(:set_notes_private, @journal.issue.project) == false | |
|
|
96 | @journal.save if @journal.changed? | |
|
|
93 | @journal.safe_attributes = params[:journal] | |
|
|
94 | @journal.save | |
|
|
97 | 95 | @journal.destroy if @journal.details.empty? && @journal.notes.blank? |
|
|
98 | 96 | call_hook(:controller_journals_edit_post, { :journal => @journal, :params => params}) |
|
|
99 | 97 | respond_to do |format| |
| @@ -45,7 +45,7 module JournalsHelper | |||
|
|
45 | 45 | :class => 'icon-only icon-edit' |
|
|
46 | 46 | ) if editable |
|
|
47 | 47 | links << link_to(l(:button_delete), |
|
|
48 | journal_path(journal, :notes => ""), | |
|
|
48 | journal_path(journal, :journal => {:notes => ""}), | |
|
|
49 | 49 | :remote => true, |
|
|
50 | 50 | :method => 'put', :data => {:confirm => l(:text_are_you_sure)}, |
|
|
51 | 51 | :title => l(:button_delete), |
| @@ -16,6 +16,8 | |||
|
|
16 | 16 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
|
|
17 | 17 | |
|
|
18 | 18 | class Journal < ActiveRecord::Base |
|
|
19 | include Redmine::SafeAttributes | |
|
|
20 | ||
|
|
19 | 21 | belongs_to :journalized, :polymorphic => true |
|
|
20 | 22 | # added as a quick fix to allow eager loading of the polymorphic association |
|
|
21 | 23 | # since always associated to an issue, for now |
| @@ -50,6 +52,11 class Journal < ActiveRecord::Base | |||
|
|
50 | 52 | where("(#{Journal.table_name}.private_notes = ? OR (#{Project.allowed_to_condition(user, :view_private_notes, *args)}))", false) |
|
|
51 | 53 | } |
|
|
52 | 54 | |
|
|
55 | safe_attributes 'notes', | |
|
|
56 | :if => lambda {|journal, user| journal.new_record? || journal.editable_by?(user)} | |
|
|
57 | safe_attributes 'private_notes', | |
|
|
58 | :if => lambda {|journal, user| user.allowed_to?(:set_notes_private, journal.project)} | |
|
|
59 | ||
|
|
53 | 60 | def initialize(*args) |
|
|
54 | 61 | super |
|
|
55 | 62 | if journalized |
| @@ -3,12 +3,14 | |||
|
|
3 | 3 | :method => 'put', |
|
|
4 | 4 | :id => "journal-#{@journal.id}-form") do %> |
|
|
5 | 5 | <%= label_tag "notes", l(:description_notes), :class => "hidden-for-sighted" %> |
|
|
6 |
<%= text_area_tag |
|
|
|
6 | <%= text_area_tag 'journal[notes]', @journal.notes, | |
|
|
7 | 7 | :id => "journal_#{@journal.id}_notes", |
|
|
8 | 8 | :class => 'wiki-edit', |
|
|
9 | 9 | :rows => (@journal.notes.blank? ? 10 : [[10, @journal.notes.length / 50].max, 100].min) %> |
|
|
10 |
<% if @journal. |
|
|
|
11 | <%= check_box_tag 'private_notes', '1', @journal.private_notes, :id => "journal_#{@journal.id}_private_notes" %> <label for="journal_<%= @journal.id %>_private_notes"><%= l(:field_private_notes) %></label> | |
|
|
10 | <% if @journal.safe_attribute? 'private_notes' %> | |
|
|
11 | <%= hidden_field_tag 'journal[private_notes]', '0' %> | |
|
|
12 | <%= check_box_tag 'journal[private_notes]', '1', @journal.private_notes, :id => "journal_#{@journal.id}_private_notes" %> | |
|
|
13 | <label for="journal_<%= @journal.id %>_private_notes"><%= l(:field_private_notes) %></label> | |
|
|
12 | 14 | <% end %> |
|
|
13 | 15 | <%= call_hook(:view_journals_notes_form_after_notes, { :journal => @journal}) %> |
|
|
14 | 16 | <p><%= submit_tag l(:button_save) %> |
| @@ -199,7 +199,7 class JournalsControllerTest < ActionController::TestCase | |||
|
|
199 | 199 | |
|
|
200 | 200 | def test_update_xhr |
|
|
201 | 201 | @request.session[:user_id] = 1 |
|
|
202 | xhr :post, :update, :id => 2, :notes => 'Updated notes' | |
|
|
202 | xhr :post, :update, :id => 2, :journal => {:notes => 'Updated notes'} | |
|
|
203 | 203 | assert_response :success |
|
|
204 | 204 | assert_template 'update' |
|
|
205 | 205 | assert_equal 'text/javascript', response.content_type |
| @@ -209,7 +209,7 class JournalsControllerTest < ActionController::TestCase | |||
|
|
209 | 209 | |
|
|
210 | 210 | def test_update_xhr_with_private_notes_checked |
|
|
211 | 211 | @request.session[:user_id] = 1 |
|
|
212 | xhr :post, :update, :id => 2, :private_notes => '1' | |
|
|
212 | xhr :post, :update, :id => 2, :journal => {:private_notes => '1'} | |
|
|
213 | 213 | assert_response :success |
|
|
214 | 214 | assert_template 'update' |
|
|
215 | 215 | assert_equal 'text/javascript', response.content_type |
| @@ -221,7 +221,7 class JournalsControllerTest < ActionController::TestCase | |||
|
|
221 | 221 | def test_update_xhr_with_private_notes_unchecked |
|
|
222 | 222 | Journal.find(2).update_attributes(:private_notes => true) |
|
|
223 | 223 | @request.session[:user_id] = 1 |
|
|
224 | xhr :post, :update, :id => 2 | |
|
|
224 | xhr :post, :update, :id => 2, :journal => {:private_notes => '0'} | |
|
|
225 | 225 | assert_response :success |
|
|
226 | 226 | assert_template 'update' |
|
|
227 | 227 | assert_equal 'text/javascript', response.content_type |
| @@ -230,20 +230,21 class JournalsControllerTest < ActionController::TestCase | |||
|
|
230 | 230 | assert_include 'journal-2-private_notes', response.body |
|
|
231 | 231 | end |
|
|
232 | 232 | |
|
|
233 |
def test_update_xhr_with |
|
|
|
233 | def test_update_xhr_without_set_private_notes_permission_should_ignore_private_notes | |
|
|
234 | 234 | @request.session[:user_id] = 2 |
|
|
235 | 235 | Role.find(1).add_permission! :edit_issue_notes |
|
|
236 | 236 | Role.find(1).add_permission! :view_private_notes |
|
|
237 | 237 | Role.find(1).remove_permission! :set_notes_private |
|
|
238 | 238 | |
|
|
239 | xhr :post, :update, :id => 2, :private_notes => '1' | |
|
|
240 |
assert_response |
|
|
|
239 | xhr :post, :update, :id => 2, :journal => {:private_notes => '1'} | |
|
|
240 | assert_response :success | |
|
|
241 | assert_equal false, Journal.find(2).private_notes | |
|
|
241 | 242 | end |
|
|
242 | 243 | |
|
|
243 | 244 | def test_update_xhr_with_empty_notes_should_delete_the_journal |
|
|
244 | 245 | @request.session[:user_id] = 1 |
|
|
245 | 246 | assert_difference 'Journal.count', -1 do |
|
|
246 | xhr :post, :update, :id => 2, :notes => '' | |
|
|
247 | xhr :post, :update, :id => 2, :journal => {:notes => ''} | |
|
|
247 | 248 | assert_response :success |
|
|
248 | 249 | assert_template 'update' |
|
|
249 | 250 | assert_equal 'text/javascript', response.content_type |
General Comments 0
You need to be logged in to leave comments.
Login now