| @@ -1,3 +1,20 | |||||
|
|
1 | # Redmine - project management software | |||
|
|
2 | # Copyright (C) 2006-2012 Jean-Philippe Lang | |||
|
|
3 | # | |||
|
|
4 | # This program is free software; you can redistribute it and/or | |||
|
|
5 | # modify it under the terms of the GNU General Public License | |||
|
|
6 | # as published by the Free Software Foundation; either version 2 | |||
|
|
7 | # of the License, or (at your option) any later version. | |||
|
|
8 | # | |||
|
|
9 | # This program is distributed in the hope that it will be useful, | |||
|
|
10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |||
|
|
11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |||
|
|
12 | # GNU General Public License for more details. | |||
|
|
13 | # | |||
|
|
14 | # You should have received a copy of the GNU General Public License | |||
|
|
15 | # along with this program; if not, write to the Free Software | |||
|
|
16 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. | |||
|
|
17 | ||||
| 1 | class CommentsController < ApplicationController |
|
18 | class CommentsController < ApplicationController | |
| 2 | default_search_scope :news |
|
19 | default_search_scope :news | |
| 3 | model_object News |
|
20 | model_object News | |
| @@ -7,6 +24,8 class CommentsController < ApplicationController | |||||
| 7 |
|
24 | |||
| 8 | verify :method => :post, :only => :create, :render => {:nothing => true, :status => :method_not_allowed } |
|
25 | verify :method => :post, :only => :create, :render => {:nothing => true, :status => :method_not_allowed } | |
| 9 | def create |
|
26 | def create | |
|
|
27 | raise Unauthorized unless @news.commentable? | |||
|
|
28 | ||||
| 10 | @comment = Comment.new(params[:comment]) |
|
29 | @comment = Comment.new(params[:comment]) | |
| 11 | @comment.author = User.current |
|
30 | @comment.author = User.current | |
| 12 | if @news.comments << @comment |
|
31 | if @news.comments << @comment | |
| @@ -32,5 +51,4 class CommentsController < ApplicationController | |||||
| 32 | @comment = nil |
|
51 | @comment = nil | |
| 33 | @news |
|
52 | @news | |
| 34 | end |
|
53 | end | |
| 35 |
|
||||
| 36 | end |
|
54 | end | |
| @@ -42,6 +42,11 class News < ActiveRecord::Base | |||||
| 42 | !user.nil? && user.allowed_to?(:view_news, project) |
|
42 | !user.nil? && user.allowed_to?(:view_news, project) | |
| 43 | end |
|
43 | end | |
| 44 |
|
44 | |||
|
|
45 | # Returns true if the news can be commented by user | |||
|
|
46 | def commentable?(user=User.current) | |||
|
|
47 | user.allowed_to?(:comment_news, project) | |||
|
|
48 | end | |||
|
|
49 | ||||
| 45 | # returns latest news for projects visible by user |
|
50 | # returns latest news for projects visible by user | |
| 46 | def self.latest(user = User.current, count = 5) |
|
51 | def self.latest(user = User.current, count = 5) | |
| 47 | find(:all, :limit => count, |
|
52 | find(:all, :limit => count, | |
| @@ -53,7 +53,7 | |||||
| 53 | <% end if @comments.any? %> |
|
53 | <% end if @comments.any? %> | |
| 54 | </div> |
|
54 | </div> | |
| 55 |
|
55 | |||
| 56 | <% if authorize_for 'comments', 'create' %> |
|
56 | <% if @news.commentable? %> | |
| 57 | <p><%= toggle_link l(:label_comment_add), "add_comment_form", :focus => "comment_comments" %></p> |
|
57 | <p><%= toggle_link l(:label_comment_add), "add_comment_form", :focus => "comment_comments" %></p> | |
| 58 | <% form_tag({:controller => 'comments', :action => 'create', :id => @news}, :id => "add_comment_form", :style => "display:none;") do %> |
|
58 | <% form_tag({:controller => 'comments', :action => 'create', :id => @news}, :id => "add_comment_form", :style => "display:none;") do %> | |
| 59 | <div class="box"> |
|
59 | <div class="box"> | |
| @@ -44,6 +44,15 class CommentsControllerTest < ActionController::TestCase | |||||
| 44 | end |
|
44 | end | |
| 45 | end |
|
45 | end | |
| 46 |
|
46 | |||
|
|
47 | def test_create_should_be_denied_if_news_is_not_commentable | |||
|
|
48 | News.any_instance.stubs(:commentable?).returns(false) | |||
|
|
49 | @request.session[:user_id] = 2 | |||
|
|
50 | assert_no_difference 'Comment.count' do | |||
|
|
51 | post :create, :id => 1, :comment => { :comments => 'This is a test comment' } | |||
|
|
52 | assert_response 403 | |||
|
|
53 | end | |||
|
|
54 | end | |||
|
|
55 | ||||
| 47 | def test_destroy_comment |
|
56 | def test_destroy_comment | |
| 48 | comments_count = News.find(1).comments.size |
|
57 | comments_count = News.find(1).comments.size | |
| 49 | @request.session[:user_id] = 2 |
|
58 | @request.session[:user_id] = 2 | |
General Comments 0
You need to be logged in to leave comments.
Login now