jro_apps/redmine Commit - r15238:7918285ac2e6

Enable updating private_notes property on journal edit form (#22575)....

Jean-Philippe Lang -

r15238:7918285ac2e6

parent child

Context file:

r15238:7918285ac2e6

Collapse all files

app/controllers/journals_controller.rb +4 -1

             # Redmine - project management software
             # Copyright (C) 2006-2016  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             class JournalsController < ApplicationController
               before_filter :find_journal, :only => [:edit, :update, :diff]
               before_filter :find_issue, :only => [:new]
               before_filter :find_optional_project, :only => [:index]
               before_filter :authorize, :only => [:new, :edit, :update, :diff]
               accept_rss_auth :index
               menu_item :issues
               helper :issues
               helper :custom_fields
               helper :queries
               include QueriesHelper
               helper :sort
               include SortHelper
               def index
                 retrieve_query
                 sort_init 'id', 'desc'
                 sort_update(@query.sortable_columns)
                 if @query.valid?
                   @journals = @query.journals(:order => "#{Journal.table_name}.created_on DESC",
                                               :limit => 25)
                 end
                 @title = (@project ? @project.name : Setting.app_title) + ": " + (@query.new_record? ? l(:label_changes_details) : @query.name)
                 render :layout => false, :content_type => 'application/atom+xml'
               rescue ActiveRecord::RecordNotFound
                 render_404
               end
               def diff
                 @issue = @journal.issue
                 if params[:detail_id].present?
                   @detail = @journal.details.find_by_id(params[:detail_id])
                 else
                   @detail = @journal.details.detect {|d| d.property == 'attr' && d.prop_key == 'description'}
                 end
                 unless @issue && @detail
                   render_404
                   return false
                 end
                 if @detail.property == 'cf'
                   unless @detail.custom_field && @detail.custom_field.visible_by?(@issue.project, User.current)
                     raise ::Unauthorized
                   end
                 end
                 @diff = Redmine::Helpers::Diff.new(@detail.value, @detail.old_value)
               end
               def new
                 @journal = Journal.visible.find(params[:journal_id]) if params[:journal_id]
                 if @journal
                   user = @journal.user
                   text = @journal.notes
                 else
                   user = @issue.author
                   text = @issue.description
                 end
                 # Replaces pre blocks with [...]
                 text = text.to_s.strip.gsub(%r{<pre>(.*?)</pre>}m, '[...]')
                 @content = "#{ll(Setting.default_language, :text_user_wrote, user)}\n> "
                 @content << text.gsub(/(\r?\n|\r\n?)/, "\n> ") + "\n\n"
               rescue ActiveRecord::RecordNotFound
                 render_404
               end
               def edit
                 (render_403; return false) unless @journal.editable_by?(User.current)
                 respond_to do |format|
                   # TODO: implement non-JS journal update
                   format.js
                 end
               end
               def update
                 (render_403; return false) unless @journal.editable_by?(User.current)
-                @journal.update_attributes(:notes => params[:notes]) if params[:notes]
+                @journal.notes = params[:notes] if params[:notes]
+                @journal.private_notes = params[:private_notes].present?
+                (render_403; return false) if @journal.private_notes_changed? && User.current.allowed_to?(:set_notes_private, @journal.issue.project) == false
+                @journal.save if @journal.changed?
                 @journal.destroy if @journal.details.empty? && @journal.notes.blank?
                 call_hook(:controller_journals_edit_post, { :journal => @journal, :params => params})
                 respond_to do |format|
                   format.html { redirect_to issue_path(@journal.journalized) }
                   format.js
                 end
               end
               private
               def find_journal
                 @journal = Journal.visible.find(params[:id])
                 @project = @journal.journalized.project
               rescue ActiveRecord::RecordNotFound
                 render_404
               end
             end

app/helpers/journals_helper.rb +6 0

             # encoding: utf-8
             #
             # Redmine - project management software
             # Copyright (C) 2006-2016  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             module JournalsHelper
               # Returns the attachments of a journal that are displayed as thumbnails
               def journal_thumbnail_attachments(journal)
                 ids = journal.details.select {|d| d.property == 'attachment' && d.value.present?}.map(&:prop_key)
                 ids.any? ? Attachment.where(:id => ids).select(&:thumbnailable?) : []
               end
               def render_notes(issue, journal, options={})
                 content = ''
                 editable = User.current.logged? && (User.current.allowed_to?(:edit_issue_notes, issue.project) || (journal.user == User.current && User.current.allowed_to?(:edit_own_issue_notes, issue.project)))
                 links = []
                 if !journal.notes.blank?
                   links << link_to(l(:button_quote),
                                    quoted_issue_path(issue, :journal_id => journal),
                                    :remote => true,
                                    :method => 'post',
                                    :title => l(:button_quote),
                                    :class => 'icon-only icon-comment'
                                   ) if options[:reply_links]
                   links << link_to(l(:button_edit),
                                    edit_journal_path(journal),
                                    :remote => true,
                                    :method => 'get',
                                    :title => l(:button_edit),
                                    :class => 'icon-only icon-edit'
                                   ) if editable
                   links << link_to(l(:button_delete),
                                    journal_path(journal, :notes => ""),
                                    :remote => true,
                                    :method => 'put', :data => {:confirm => l(:text_are_you_sure)},
                                    :title => l(:button_delete),
                                    :class => 'icon-only icon-del'
                                   ) if editable
                 end
                 content << content_tag('div', links.join(' ').html_safe, :class => 'contextual') unless links.empty?
                 content << textilizable(journal, :notes)
                 css_classes = "wiki"
                 css_classes << " editable" if editable
                 content_tag('div', content.html_safe, :id => "journal-#{journal.id}-notes", :class => css_classes)
               end
+              def render_private_notes(journal)
+                content = journal.private_notes? ? l(:field_is_private) : ''
+                css_classes = journal.private_notes? ? 'private' : ''
+                content_tag('span', content.html_safe, :id => "journal-#{journal.id}-private_notes", :class => css_classes)
+              end
             end

app/views/issues/_history.html.erb +1 -1

             <% reply_links = issue.notes_addable? -%>
             <% for journal in journals %>
               <div id="change-<%= journal.id %>" class="<%= journal.css_classes %>">
                 <div id="note-<%= journal.indice %>">
                 <h4><a href="#note-<%= journal.indice %>" class="journal-link">#<%= journal.indice %></a>
                 <%= avatar(journal.user, :size => "24") %>
                 <%= authoring journal.created_on, journal.user, :label => :label_updated_time_by %>
-                <%= content_tag('span', l(:field_is_private), :class => 'private') if journal.private_notes? %></h4>
+                <%= render_private_notes(journal) %></h4>
                 <% if journal.details.any? %>
                 <ul class="details">
                   <% details_to_strings(journal.visible_details).each do |string| %>
                    <li><%= string %></li>
                   <% end %>
                 </ul>
                 <% if Setting.thumbnails_enabled? && (thumbnail_attachments = journal_thumbnail_attachments(journal)).any? %>
                   <div class="thumbnails">
                     <% thumbnail_attachments.each do |attachment| %>
                       <div><%= thumbnail_tag(attachment) %></div>
                     <% end %>
                   </div>
                 <% end %>
                 <% end %>
                 <%= render_notes(issue, journal, :reply_links => reply_links) unless journal.notes.blank? %>
                 </div>
               </div>
               <%= call_hook(:view_issues_history_journal_bottom, { :journal => journal }) %>
             <% end %>
             <% heads_for_wiki_formatter if User.current.allowed_to?(:edit_issue_notes, issue.project) || User.current.allowed_to?(:edit_own_issue_notes, issue.project) %>

app/views/journals/_notes_form.html.erb +3 0

             <%= form_tag(journal_path(@journal),
                          :remote => true,
                          :method => 'put',
                          :id => "journal-#{@journal.id}-form") do %>
                 <%= label_tag "notes", l(:description_notes), :class => "hidden-for-sighted" %>
                 <%= text_area_tag :notes, @journal.notes,
                       :id => "journal_#{@journal.id}_notes",
                       :class => 'wiki-edit',
                       :rows => (@journal.notes.blank? ? 10 : [[10, @journal.notes.length / 50].max, 100].min) %>
+                <% if @journal.issue.safe_attribute? 'private_notes' %>
+                  <%= check_box_tag 'private_notes', '1', @journal.private_notes, :id => "journal_#{@journal.id}_private_notes" %> <label for="journal_<%= @journal.id %>_private_notes"><%= l(:field_private_notes) %></label>
+                <% end %>
                 <%= call_hook(:view_journals_notes_form_after_notes, { :journal => @journal}) %>
                 <p><%= submit_tag l(:button_save) %>
                 <%= preview_link preview_edit_issue_path(:project_id => @project, :id => @journal.issue),
                                  "journal-#{@journal.id}-form",
                                  "journal_#{@journal.id}_preview" %> |
                 <%= link_to l(:button_cancel), '#', :onclick => "$('#journal-#{@journal.id}-form').remove(); $('#journal-#{@journal.id}-notes').show(); return false;" %></p>
                 <div id="journal_<%= @journal.id %>_preview" class="wiki"></div>
             <% end %>
             <%= wikitoolbar_for "journal_#{@journal.id}_notes" %>

app/views/journals/update.js.erb +2 0

             <% if @journal.frozen? %>
               $("#change-<%= @journal.id %>").remove();
             <% else %>
+              $("#change-<%= @journal.id %>").attr('class', '<%= @journal.css_classes %>');
               $("#journal-<%= @journal.id %>-notes").replaceWith('<%= escape_javascript(render_notes(@journal.issue, @journal, :reply_links => authorize_for('issues', 'edit'))) %>');
+              $("#journal-<%= @journal.id %>-private_notes").replaceWith('<%= escape_javascript(render_private_notes(@journal)) %>');
               $("#journal-<%= @journal.id %>-notes").show();
               $("#journal-<%= @journal.id %>-form").remove();
             <% end %>
             <%= call_hook(:view_journals_update_js_bottom, { :journal => @journal }) %>

test/functional/journals_controller_test.rb +33 0

             # Redmine - project management software
             # Copyright (C) 2006-2016  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             require File.expand_path('../../test_helper', __FILE__)
             class JournalsControllerTest < ActionController::TestCase
               fixtures :projects, :users, :members, :member_roles, :roles, :issues, :journals, :journal_details, :enabled_modules,
                 :trackers, :issue_statuses, :enumerations, :custom_fields, :custom_values, :custom_fields_projects, :projects_trackers
               def setup
                 User.current = nil
               end
               def test_index
                 get :index, :project_id => 1
                 assert_response :success
                 assert_not_nil assigns(:journals)
                 assert_equal 'application/atom+xml', @response.content_type
               end
               def test_index_with_invalid_query_id
                 get :index, :project_id => 1, :query_id => 999
                 assert_response 404
               end
               def test_index_should_return_privates_notes_with_permission_only
                 journal = Journal.create!(:journalized => Issue.find(2), :notes => 'Privates notes', :private_notes => true, :user_id => 1)
                 @request.session[:user_id] = 2
                 get :index, :project_id => 1
                 assert_response :success
                 assert_include journal, assigns(:journals)
                 Role.find(1).remove_permission! :view_private_notes
                 get :index, :project_id => 1
                 assert_response :success
                 assert_not_include journal, assigns(:journals)
               end
               def test_index_should_show_visible_custom_fields_only
                 Issue.destroy_all
                 field_attributes = {:field_format => 'string', :is_for_all => true, :is_filter => true, :trackers => Tracker.all}
                 @fields = []
                 @fields << (@field1 = IssueCustomField.create!(field_attributes.merge(:name => 'Field 1', :visible => true)))
                 @fields << (@field2 = IssueCustomField.create!(field_attributes.merge(:name => 'Field 2', :visible => false, :role_ids => [1, 2])))
                 @fields << (@field3 = IssueCustomField.create!(field_attributes.merge(:name => 'Field 3', :visible => false, :role_ids => [1, 3])))
                 @issue = Issue.generate!(
                   :author_id => 1,
                   :project_id => 1,
                   :tracker_id => 1,
                   :custom_field_values => {@field1.id => 'Value0', @field2.id => 'Value1', @field3.id => 'Value2'}
                 )
                 @issue.init_journal(User.find(1))
                 @issue.update_attribute :custom_field_values, {@field1.id => 'NewValue0', @field2.id => 'NewValue1', @field3.id => 'NewValue2'}
                 user_with_role_on_other_project = User.generate!
                 User.add_to_project(user_with_role_on_other_project, Project.find(2), Role.find(3))
                 users_to_test = {
                   User.find(1) => [@field1, @field2, @field3],
                   User.find(3) => [@field1, @field2],
                   user_with_role_on_other_project => [@field1], # should see field1 only on Project 1
                   User.generate! => [@field1],
                   User.anonymous => [@field1]
                 }
                 users_to_test.each do |user, visible_fields|
                   get :index, :format => 'atom', :key => user.rss_key
                   @fields.each_with_index do |field, i|
                     if visible_fields.include?(field)
                       assert_select "content[type=html]", { :text => /NewValue#{i}/, :count => 1 }, "User #{user.id} was not able to view #{field.name} in API"
                     else
                       assert_select "content[type=html]", { :text => /NewValue#{i}/, :count => 0 }, "User #{user.id} was able to view #{field.name} in API"
                     end
                   end
                 end
               end
               def test_diff_for_description_change
                 get :diff, :id => 3, :detail_id => 4
                 assert_response :success
                 assert_template 'diff'
                 assert_select 'span.diff_out', :text => /removed/
                 assert_select 'span.diff_in', :text => /added/
               end
               def test_diff_for_custom_field
                 field = IssueCustomField.create!(:name => "Long field", :field_format => 'text')
                 journal = Journal.create!(:journalized => Issue.find(2), :notes => 'Notes', :user_id => 1)
                 detail = JournalDetail.create!(:journal => journal, :property => 'cf', :prop_key => field.id,
                   :old_value => 'Foo', :value => 'Bar')
                 get :diff, :id => journal.id, :detail_id => detail.id
                 assert_response :success
                 assert_template 'diff'
                 assert_select 'span.diff_out', :text => /Foo/
                 assert_select 'span.diff_in', :text => /Bar/
               end
               def test_diff_for_custom_field_should_be_denied_if_custom_field_is_not_visible
                 field = IssueCustomField.create!(:name => "Long field", :field_format => 'text', :visible => false, :role_ids => [1])
                 journal = Journal.create!(:journalized => Issue.find(2), :notes => 'Notes', :user_id => 1)
                 detail = JournalDetail.create!(:journal => journal, :property => 'cf', :prop_key => field.id,
                   :old_value => 'Foo', :value => 'Bar')
                 get :diff, :id => journal.id, :detail_id => detail.id
                 assert_response 302
               end
               def test_diff_should_default_to_description_diff
                 get :diff, :id => 3
                 assert_response :success
                 assert_template 'diff'
                 assert_select 'span.diff_out', :text => /removed/
                 assert_select 'span.diff_in', :text => /added/
               end
               def test_reply_to_issue
                 @request.session[:user_id] = 2
                 xhr :get, :new, :id => 6
                 assert_response :success
                 assert_template 'new'
                 assert_equal 'text/javascript', response.content_type
                 assert_include '> This is an issue', response.body
               end
               def test_reply_to_issue_without_permission
                 @request.session[:user_id] = 7
                 xhr :get, :new, :id => 6
                 assert_response 403
               end
               def test_reply_to_note
                 @request.session[:user_id] = 2
                 xhr :get, :new, :id => 6, :journal_id => 4
                 assert_response :success
                 assert_template 'new'
                 assert_equal 'text/javascript', response.content_type
                 assert_include '> A comment with a private version', response.body
               end
               def test_reply_to_private_note_should_fail_without_permission
                 journal = Journal.create!(:journalized => Issue.find(2), :notes => 'Privates notes', :private_notes => true)
                 @request.session[:user_id] = 2
                 xhr :get, :new, :id => 2, :journal_id => journal.id
                 assert_response :success
                 assert_template 'new'
                 assert_equal 'text/javascript', response.content_type
                 assert_include '> Privates notes', response.body
                 Role.find(1).remove_permission! :view_private_notes
                 xhr :get, :new, :id => 2, :journal_id => journal.id
                 assert_response 404
               end
               def test_edit_xhr
                 @request.session[:user_id] = 1
                 xhr :get, :edit, :id => 2
                 assert_response :success
                 assert_template 'edit'
                 assert_equal 'text/javascript', response.content_type
                 assert_include 'textarea', response.body
               end
               def test_edit_private_note_should_fail_without_permission
                 journal = Journal.create!(:journalized => Issue.find(2), :notes => 'Privates notes', :private_notes => true)
                 @request.session[:user_id] = 2
                 Role.find(1).add_permission! :edit_issue_notes
                 xhr :get, :edit, :id => journal.id
                 assert_response :success
                 assert_template 'edit'
                 assert_equal 'text/javascript', response.content_type
                 assert_include 'textarea', response.body
                 Role.find(1).remove_permission! :view_private_notes
                 xhr :get, :edit, :id => journal.id
                 assert_response 404
               end
               def test_update_xhr
                 @request.session[:user_id] = 1
                 xhr :post, :update, :id => 2, :notes => 'Updated notes'
                 assert_response :success
                 assert_template 'update'
                 assert_equal 'text/javascript', response.content_type
                 assert_equal 'Updated notes', Journal.find(2).notes
                 assert_include 'journal-2-notes', response.body
               end
+              def test_update_xhr_with_private_notes_checked
+                @request.session[:user_id] = 1
+                xhr :post, :update, :id => 2, :private_notes => '1'
+                assert_response :success
+                assert_template 'update'
+                assert_equal 'text/javascript', response.content_type
+                assert_equal true, Journal.find(2).private_notes
+                assert_include 'change-2', response.body
+                assert_include 'journal-2-private_notes', response.body
+              end
+              def test_update_xhr_with_private_notes_unchecked
+                Journal.find(2).update_attributes(:private_notes => true)
+                @request.session[:user_id] = 1
+                xhr :post, :update, :id => 2
+                assert_response :success
+                assert_template 'update'
+                assert_equal 'text/javascript', response.content_type
+                assert_equal false, Journal.find(2).private_notes
+                assert_include 'change-2', response.body
+                assert_include 'journal-2-private_notes', response.body
+              end
+              def test_update_xhr_with_private_notes_changes_and_without_set_private_notes_permission
+                @request.session[:user_id] = 2
+                Role.find(1).add_permission! :edit_issue_notes
+                Role.find(1).add_permission! :view_private_notes
+                Role.find(1).remove_permission! :set_notes_private
+                xhr :post, :update, :id => 2, :private_notes => '1'
+                assert_response 403
+              end
               def test_update_xhr_with_empty_notes_should_delete_the_journal
                 @request.session[:user_id] = 1
                 assert_difference 'Journal.count', -1 do
                   xhr :post, :update, :id => 2, :notes => ''
                   assert_response :success
                   assert_template 'update'
                   assert_equal 'text/javascript', response.content_type
                 end
                 assert_nil Journal.find_by_id(2)
                 assert_include 'change-2', response.body
               end
             end

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages