| @@ -7,7 +7,8 class CommentsController < ApplicationController | |||||
| 7 |
|
7 | |||
| 8 | verify :method => :post, :only => :create, :render => {:nothing => true, :status => :method_not_allowed } |
|
8 | verify :method => :post, :only => :create, :render => {:nothing => true, :status => :method_not_allowed } | |
| 9 | def create |
|
9 | def create | |
| 10 |
@comment = Comment.new |
|
10 | @comment = Comment.new | |
|
|
11 | @comment.safe_attributes = params[:comment] | |||
| 11 | @comment.author = User.current |
|
12 | @comment.author = User.current | |
| 12 | if @news.comments << @comment |
|
13 | if @news.comments << @comment | |
| 13 | flash[:notice] = l(:label_comment_added) |
|
14 | flash[:notice] = l(:label_comment_added) | |
| @@ -16,8 +16,11 | |||||
| 16 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
|
16 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. | |
| 17 |
|
17 | |||
| 18 | class Comment < ActiveRecord::Base |
|
18 | class Comment < ActiveRecord::Base | |
|
|
19 | include Redmine::SafeAttributes | |||
| 19 | belongs_to :commented, :polymorphic => true, :counter_cache => true |
|
20 | belongs_to :commented, :polymorphic => true, :counter_cache => true | |
| 20 | belongs_to :author, :class_name => 'User', :foreign_key => 'author_id' |
|
21 | belongs_to :author, :class_name => 'User', :foreign_key => 'author_id' | |
| 21 |
|
22 | |||
| 22 | validates_presence_of :commented, :author, :comments |
|
23 | validates_presence_of :commented, :author, :comments | |
|
|
24 | ||||
|
|
25 | safe_attributes 'comments' | |||
| 23 | end |
|
26 | end | |
General Comments 0
You need to be logged in to leave comments.
Login now