jro_apps/redmine Commit - r2017:7a05f8ed6691

0

app/controllers/messages_controller.rb +5 -3

                menu_item :boards
                before_filter :find_board, :only => [:new, :preview]
                before_filter :find_message, :except => [:new, :preview]
-               before_filter :authorize, :except => :preview
+               before_filter :authorize, :except => [:preview, :edit, :destroy]
                verify :method => :post, :only => [ :reply, :destroy ], :redirect_to => { :action => :show }
                verify :xhr => true, :only => :quote
                # Show a topic and its replies
                def show
-                 @replies = @topic.children
+                 @replies = @topic.children.find(:all, :include => [:author, :attachments, {:board => :project}])
                  @replies.reverse! if User.current.wants_comments_in_reverse_order?
                  @reply = Message.new(:subject => "RE: #{@message.subject}")
                  render :action => "show", :layout => false if request.xhr?
                # Edit a message
                def edit
-                 if params[:message] && User.current.allowed_to?(:edit_messages, @project)
+                 render_403 and return false unless @message.editable_by?(User.current)
+                 if params[:message]
                    @message.locked = params[:message]['locked']
                    @message.sticky = params[:message]['sticky']
                  end
                # Delete a messages
                def destroy
+                 render_403 and return false unless @message.destroyable_by?(User.current)
                  @message.destroy
                  redirect_to @message.parent.nil? ?
                    { :controller => 'boards', :action => 'show', :project_id => @project, :id => @board } :

0

app/models/message.rb +8 0

                def project
                  board.project
                end
+               def editable_by?(usr)
+                 usr && usr.logged? && (usr.allowed_to?(:edit_messages, project) || (self.author == usr && usr.allowed_to?(:edit_own_messages, project)))
+               end
+               def destroyable_by?(usr)
+                 usr && usr.logged? && (usr.allowed_to?(:delete_messages, project) || (self.author == usr && usr.allowed_to?(:delete_own_messages, project)))
+               end
                private

0

app/views/messages/show.rhtml +4 -4

              <div class="contextual">
                  <%= watcher_tag(@topic, User.current) %>
                  <%= link_to_remote_if_authorized l(:button_quote), { :url => {:action => 'quote', :id => @topic} }, :class => 'icon icon-comment' %>
-                 <%= link_to_if_authorized l(:button_edit), {:action => 'edit', :id => @topic}, :class => 'icon icon-edit' %>
-                 <%= link_to_if_authorized l(:button_delete), {:action => 'destroy', :id => @topic}, :method => :post, :confirm => l(:text_are_you_sure), :class => 'icon icon-del' %>
+                 <%= link_to(l(:button_edit), {:action => 'edit', :id => @topic}, :class => 'icon icon-edit') if @message.editable_by?(User.current) %>
+                 <%= link_to(l(:button_delete), {:action => 'destroy', :id => @topic}, :method => :post, :confirm => l(:text_are_you_sure), :class => 'icon icon-del') if @message.destroyable_by?(User.current) %>
              </div>
              <h2><%=h @topic.subject %></h2>
                <a name="<%= "message-#{message.id}" %>"></a>
                <div class="contextual">
                  <%= link_to_remote_if_authorized image_tag('comment.png'), { :url => {:action => 'quote', :id => message} }, :title => l(:button_quote) %>
-                 <%= link_to_if_authorized image_tag('edit.png'), {:action => 'edit', :id => message}, :title => l(:button_edit) %>
-                 <%= link_to_if_authorized image_tag('delete.png'), {:action => 'destroy', :id => message}, :method => :post, :confirm => l(:text_are_you_sure), :title => l(:button_delete) %>
+                 <%= link_to(image_tag('edit.png'), {:action => 'edit', :id => message}, :title => l(:button_edit)) if message.editable_by?(User.current) %>
+                 <%= link_to(image_tag('delete.png'), {:action => 'destroy', :id => message}, :method => :post, :confirm => l(:text_are_you_sure), :title => l(:button_delete)) if message.destroyable_by?(User.current) %>
                </div>
                <div class="message reply">
                <h4><%=h message.subject %> - <%= authoring message.created_on, message.author %></h4>

0

lang/bg.yml +2 0

              setting_gravatar_enabled: Use Gravatar user icons
              label_example: Example
              text_repository_usernames_mapping: "Select ou update the Redmine user mapped to each username found in the repository log.\nUsers with the same Redmine and repository username or email are automatically mapped."
+             permission_edit_own_messages: Edit own messages
+             permission_delete_won_messages: Delete own messages

0

lang/ca.yml +2 0

              setting_gravatar_enabled: Use Gravatar user icons
              label_example: Example
              text_repository_usernames_mapping: "Select ou update the Redmine user mapped to each username found in the repository log.\nUsers with the same Redmine and repository username or email are automatically mapped."
+             permission_edit_own_messages: Edit own messages
+             permission_delete_won_messages: Delete own messages

0

lang/cs.yml +2 0

              setting_gravatar_enabled: Use Gravatar user icons
              label_example: Example
              text_repository_usernames_mapping: "Select ou update the Redmine user mapped to each username found in the repository log.\nUsers with the same Redmine and repository username or email are automatically mapped."
+             permission_edit_own_messages: Edit own messages
+             permission_delete_won_messages: Delete own messages

0

lang/da.yml +2 0

              setting_gravatar_enabled: Use Gravatar user icons
              label_example: Example
              text_repository_usernames_mapping: "Select ou update the Redmine user mapped to each username found in the repository log.\nUsers with the same Redmine and repository username or email are automatically mapped."
+             permission_edit_own_messages: Edit own messages
+             permission_delete_won_messages: Delete own messages

0

lang/de.yml +2 0

              setting_gravatar_enabled: Use Gravatar user icons
              label_example: Example
              text_repository_usernames_mapping: "Select ou update the Redmine user mapped to each username found in the repository log.\nUsers with the same Redmine and repository username or email are automatically mapped."
+             permission_edit_own_messages: Edit own messages
+             permission_delete_won_messages: Delete own messages

0

lang/en.yml +2 0

              permission_view_messages: View messages
              permission_add_messages: Post messages
              permission_edit_messages: Edit messages
+             permission_edit_own_messages: Edit own messages
              permission_delete_messages: Delete messages
+             permission_delete_won_messages: Delete own messages
              project_module_issue_tracking: Issue tracking
              project_module_time_tracking: Time tracking

0

lang/es.yml +2 0

              setting_gravatar_enabled: Use Gravatar user icons
              label_example: Example
              text_repository_usernames_mapping: "Select ou update the Redmine user mapped to each username found in the repository log.\nUsers with the same Redmine and repository username or email are automatically mapped."
+             permission_edit_own_messages: Edit own messages
+             permission_delete_won_messages: Delete own messages

0

lang/fi.yml +2 0

              setting_gravatar_enabled: Use Gravatar user icons
              label_example: Example
              text_repository_usernames_mapping: "Select ou update the Redmine user mapped to each username found in the repository log.\nUsers with the same Redmine and repository username or email are automatically mapped."
+             permission_edit_own_messages: Edit own messages
+             permission_delete_won_messages: Delete own messages

0

lang/fr.yml +2 0

              permission_view_messages: Voir les messages
              permission_add_messages: Poster un message
              permission_edit_messages: Modifier les messages
+             permission_edit_own_messages: Modifier ses propres messages
              permission_delete_messages: Supprimer les messages
+             permission_delete_won_messages: Supprimer ses propres messages
              project_module_issue_tracking: Suivi des demandes
              project_module_time_tracking: Suivi du temps passé

0

lang/he.yml +2 0

              setting_gravatar_enabled: Use Gravatar user icons
              label_example: Example
              text_repository_usernames_mapping: "Select ou update the Redmine user mapped to each username found in the repository log.\nUsers with the same Redmine and repository username or email are automatically mapped."
+             permission_edit_own_messages: Edit own messages
+             permission_delete_won_messages: Delete own messages

0

lang/hu.yml +2 0

              setting_gravatar_enabled: Felhasználói fényképek engedélyezése
              label_example: Example
              text_repository_usernames_mapping: "Select ou update the Redmine user mapped to each username found in the repository log.\nUsers with the same Redmine and repository username or email are automatically mapped."
+             permission_edit_own_messages: Edit own messages
+             permission_delete_won_messages: Delete own messages

0

lang/it.yml +2 0

              setting_gravatar_enabled: Usa icone utente Gravatar
              label_example: Example
              text_repository_usernames_mapping: "Select ou update the Redmine user mapped to each username found in the repository log.\nUsers with the same Redmine and repository username or email are automatically mapped."
+             permission_edit_own_messages: Edit own messages
+             permission_delete_won_messages: Delete own messages

0

lang/ja.yml +2 0

              setting_gravatar_enabled: Use Gravatar user icons
              label_example: Example
              text_repository_usernames_mapping: "Select ou update the Redmine user mapped to each username found in the repository log.\nUsers with the same Redmine and repository username or email are automatically mapped."
+             permission_edit_own_messages: Edit own messages
+             permission_delete_won_messages: Delete own messages

0

lang/ko.yml +2 0

              setting_gravatar_enabled: Use Gravatar user icons
              label_example: Example
              text_repository_usernames_mapping: "Select ou update the Redmine user mapped to each username found in the repository log.\nUsers with the same Redmine and repository username or email are automatically mapped."
+             permission_edit_own_messages: Edit own messages
+             permission_delete_won_messages: Delete own messages

0

lang/lt.yml +2 0

              setting_gravatar_enabled: Use Gravatar user icons
              label_example: Example
              text_repository_usernames_mapping: "Select ou update the Redmine user mapped to each username found in the repository log.\nUsers with the same Redmine and repository username or email are automatically mapped."
+             permission_edit_own_messages: Edit own messages
+             permission_delete_won_messages: Delete own messages

0

lang/nl.yml +2 0

              setting_gravatar_enabled: Use Gravatar user icons
              label_example: Example
              text_repository_usernames_mapping: "Select ou update the Redmine user mapped to each username found in the repository log.\nUsers with the same Redmine and repository username or email are automatically mapped."
+             permission_edit_own_messages: Edit own messages
+             permission_delete_won_messages: Delete own messages

0

lang/no.yml +2 0

              setting_gravatar_enabled: Use Gravatar user icons
              label_example: Example
              text_repository_usernames_mapping: "Select ou update the Redmine user mapped to each username found in the repository log.\nUsers with the same Redmine and repository username or email are automatically mapped."
+             permission_edit_own_messages: Edit own messages
+             permission_delete_won_messages: Delete own messages

0

lang/pl.yml +2 0

              label_example: Example
              text_repository_usernames_mapping: "Select ou update the Redmine user mapped to each username found in the repository log.\nUsers with the same Redmine and repository username or email are automatically mapped."
+             permission_edit_own_messages: Edit own messages
+             permission_delete_won_messages: Delete own messages

0

lang/pt-br.yml +2 0

              setting_gravatar_enabled: Usar ícones do Gravatar
              label_example: Exemplo
              text_repository_usernames_mapping: "Seleciona ou atualiza os usuários do Redmine mapeando para cada usuário encontrado no log do repositório.\nUsuários com o mesmo login ou email no Redmine e no repositório serão mapeados automaticamente."
+             permission_edit_own_messages: Edit own messages
+             permission_delete_won_messages: Delete own messages

0

lang/pt.yml +2 0

              setting_gravatar_enabled: Use Gravatar user icons
              label_example: Example
              text_repository_usernames_mapping: "Select ou update the Redmine user mapped to each username found in the repository log.\nUsers with the same Redmine and repository username or email are automatically mapped."
+             permission_edit_own_messages: Edit own messages
+             permission_delete_won_messages: Delete own messages

0

lang/ro.yml +2 0

              setting_gravatar_enabled: Use Gravatar user icons
              label_example: Example
              text_repository_usernames_mapping: "Select ou update the Redmine user mapped to each username found in the repository log.\nUsers with the same Redmine and repository username or email are automatically mapped."
+             permission_edit_own_messages: Edit own messages
+             permission_delete_won_messages: Delete own messages

0

lang/ru.yml +2 0

              text_wiki_destroy_confirmation: Вы уверены, что хотите удалить данную Wiki и все ее содержимое?
              text_workflow_edit: Выберите роль и трекер для редактирования последовательности состояний
              text_repository_usernames_mapping: "Select ou update the Redmine user mapped to each username found in the repository log.\nUsers with the same Redmine and repository username or email are automatically mapped."
+             permission_edit_own_messages: Edit own messages
+             permission_delete_won_messages: Delete own messages

0

lang/sk.yml +2 0

              setting_gravatar_enabled: Použitie uživateľských Gravatar ikon
              label_example: Example
              text_repository_usernames_mapping: "Select ou update the Redmine user mapped to each username found in the repository log.\nUsers with the same Redmine and repository username or email are automatically mapped."
+             permission_edit_own_messages: Edit own messages
+             permission_delete_won_messages: Delete own messages

0

lang/sr.yml +2 0

              setting_gravatar_enabled: Use Gravatar user icons
              label_example: Example
              text_repository_usernames_mapping: "Select ou update the Redmine user mapped to each username found in the repository log.\nUsers with the same Redmine and repository username or email are automatically mapped."
+             permission_edit_own_messages: Edit own messages
+             permission_delete_won_messages: Delete own messages

0

lang/sv.yml +2 0

              setting_gravatar_enabled: Use Gravatar user icons
              label_example: Example
              text_repository_usernames_mapping: "Select ou update the Redmine user mapped to each username found in the repository log.\nUsers with the same Redmine and repository username or email are automatically mapped."
+             permission_edit_own_messages: Edit own messages
+             permission_delete_won_messages: Delete own messages

0

lang/th.yml +2 0

              setting_gravatar_enabled: Use Gravatar user icons
              label_example: Example
              text_repository_usernames_mapping: "Select ou update the Redmine user mapped to each username found in the repository log.\nUsers with the same Redmine and repository username or email are automatically mapped."
+             permission_edit_own_messages: Edit own messages
+             permission_delete_won_messages: Delete own messages

0

lang/tr.yml +2 0

              setting_gravatar_enabled: Use Gravatar user icons
              label_example: Example
              text_repository_usernames_mapping: "Select ou update the Redmine user mapped to each username found in the repository log.\nUsers with the same Redmine and repository username or email are automatically mapped."
+             permission_edit_own_messages: Edit own messages
+             permission_delete_won_messages: Delete own messages

0

lang/uk.yml +2 0

              setting_gravatar_enabled: Use Gravatar user icons
              label_example: Example
              text_repository_usernames_mapping: "Select ou update the Redmine user mapped to each username found in the repository log.\nUsers with the same Redmine and repository username or email are automatically mapped."
+             permission_edit_own_messages: Edit own messages
+             permission_delete_won_messages: Delete own messages

0

lang/vn.yml +2 0

              permission_edit_own_time_entries: Edit own time logs
              label_example: Example
              text_repository_usernames_mapping: "Select ou update the Redmine user mapped to each username found in the repository log.\nUsers with the same Redmine and repository username or email are automatically mapped."
+             permission_edit_own_messages: Edit own messages
+             permission_delete_won_messages: Delete own messages

0

lang/zh-tw.yml +2 0

              enumeration_doc_categories: 文件分類
              enumeration_activities: 活動 (時間追蹤)
              text_repository_usernames_mapping: "Select ou update the Redmine user mapped to each username found in the repository log.\nUsers with the same Redmine and repository username or email are automatically mapped."
+             permission_edit_own_messages: Edit own messages
+             permission_delete_won_messages: Delete own messages

0

lang/zh.yml +2 0

              enumeration_activities: 活动（时间跟踪）
              label_example: Example
              text_repository_usernames_mapping: "Select ou update the Redmine user mapped to each username found in the repository log.\nUsers with the same Redmine and repository username or email are automatically mapped."
+             permission_edit_own_messages: Edit own messages
+             permission_delete_won_messages: Delete own messages

0

lib/redmine.rb +2 0

                  map.permission :view_messages, {:boards => [:index, :show], :messages => [:show]}, :public => true
                  map.permission :add_messages, {:messages => [:new, :reply, :quote]}
                  map.permission :edit_messages, {:messages => :edit}, :require => :member
+                 map.permission :edit_own_messages, {:messages => :edit}, :require => :loggedin
                  map.permission :delete_messages, {:messages => :destroy}, :require => :member
+                 map.permission :delete_own_messages, {:messages => :destroy}, :require => :loggedin
                end
              end

0

lib/redmine/default_data/loader.rb +2 0

                                                                    :edit_wiki_pages,
                                                                    :delete_wiki_pages,
                                                                    :add_messages,
+                                                                   :edit_own_messages,
                                                                    :view_files,
                                                                    :manage_files,
                                                                    :browse_repository,
                                                                  :view_wiki_pages,
                                                                  :view_wiki_edits,
                                                                  :add_messages,
+                                                                 :edit_own_messages,
                                                                  :view_files,
                                                                  :browse_repository,
                                                                  :view_changesets]

0

test/fixtures/messages.yml +13 -2

                updated_on: 2007-08-12 17:15:32 +02:00
                subject: Post 2
                id: 4
-               replies_count: 1
-               last_reply_id: 5
+               replies_count: 2
+               last_reply_id: 6
                content: "This is an other post"
                author_id:
                parent_id:
                author_id: 1
                parent_id: 4
                board_id: 1
+             messages_006:
+               created_on: <%= 2.days.ago.to_date.to_s(:db) %>
+               updated_on: <%= 2.days.ago.to_date.to_s(:db) %>
+               subject: 'RE: post 2'
+               id: 6
+               replies_count: 0
+               last_reply_id:
+               content: "Another reply to the second post"
+               author_id: 3
+               parent_id: 4
+               board_id: 1

0

test/fixtures/roles.yml +2 0

                  - :protect_wiki_pages
                  - :delete_wiki_pages
                  - :add_messages
+                 - :edit_own_messages
+                 - :delete_own_messages
                  - :manage_boards
                  - :view_files
                  - :manage_files

0

test/unit/message_test.rb +19 -1

              require File.dirname(__FILE__) + '/../test_helper'
              class MessageTest < Test::Unit::TestCase
-               fixtures :projects, :boards, :messages, :users, :watchers
+               fixtures :projects, :roles, :members, :boards, :messages, :users, :watchers
                def setup
                  @board = Board.find(1)
                  assert_equal topics_count, board.topics_count
                  assert_equal messages_count - 1, board.messages_count
                end
+               def test_editable_by
+                 message = Message.find(6)
+                 author = message.author
+                 assert message.editable_by?(author)
+                 author.role_for_project(message.project).remove_permission!(:edit_own_messages)
+                 assert !message.reload.editable_by?(author.reload)
+               end
+               def test_destroyable_by
+                 message = Message.find(6)
+                 author = message.author
+                 assert message.destroyable_by?(author)
+                 author.role_for_project(message.project).remove_permission!(:delete_own_messages)
+                 assert !message.reload.destroyable_by?(author.reload)
+               end
              end

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages