| @@ -1,3 +1,20 | |||
|
|
1 | # Redmine - project management software | |
|
|
2 | # Copyright (C) 2006-2012 Jean-Philippe Lang | |
|
|
3 | # | |
|
|
4 | # This program is free software; you can redistribute it and/or | |
|
|
5 | # modify it under the terms of the GNU General Public License | |
|
|
6 | # as published by the Free Software Foundation; either version 2 | |
|
|
7 | # of the License, or (at your option) any later version. | |
|
|
8 | # | |
|
|
9 | # This program is distributed in the hope that it will be useful, | |
|
|
10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
|
|
11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
|
|
12 | # GNU General Public License for more details. | |
|
|
13 | # | |
|
|
14 | # You should have received a copy of the GNU General Public License | |
|
|
15 | # along with this program; if not, write to the Free Software | |
|
|
16 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. | |
|
|
17 | ||
|
|
1 | 18 | class CommentsController < ApplicationController |
|
|
2 | 19 | default_search_scope :news |
|
|
3 | 20 | model_object News |
| @@ -7,6 +24,8 class CommentsController < ApplicationController | |||
|
|
7 | 24 | |
|
|
8 | 25 | verify :method => :post, :only => :create, :render => {:nothing => true, :status => :method_not_allowed } |
|
|
9 | 26 | def create |
|
|
27 | raise Unauthorized unless @news.commentable? | |
|
|
28 | ||
|
|
10 | 29 | @comment = Comment.new(params[:comment]) |
|
|
11 | 30 | @comment.author = User.current |
|
|
12 | 31 | if @news.comments << @comment |
| @@ -32,5 +51,4 class CommentsController < ApplicationController | |||
|
|
32 | 51 | @comment = nil |
|
|
33 | 52 | @news |
|
|
34 | 53 | end |
|
|
35 | ||
|
|
36 | 54 | end |
| @@ -42,6 +42,11 class News < ActiveRecord::Base | |||
|
|
42 | 42 | !user.nil? && user.allowed_to?(:view_news, project) |
|
|
43 | 43 | end |
|
|
44 | 44 | |
|
|
45 | # Returns true if the news can be commented by user | |
|
|
46 | def commentable?(user=User.current) | |
|
|
47 | user.allowed_to?(:comment_news, project) | |
|
|
48 | end | |
|
|
49 | ||
|
|
45 | 50 | # returns latest news for projects visible by user |
|
|
46 | 51 | def self.latest(user = User.current, count = 5) |
|
|
47 | 52 | find(:all, :limit => count, |
| @@ -53,7 +53,7 | |||
|
|
53 | 53 | <% end if @comments.any? %> |
|
|
54 | 54 | </div> |
|
|
55 | 55 | |
|
|
56 | <% if authorize_for 'comments', 'create' %> | |
|
|
56 | <% if @news.commentable? %> | |
|
|
57 | 57 | <p><%= toggle_link l(:label_comment_add), "add_comment_form", :focus => "comment_comments" %></p> |
|
|
58 | 58 | <% form_tag({:controller => 'comments', :action => 'create', :id => @news}, :id => "add_comment_form", :style => "display:none;") do %> |
|
|
59 | 59 | <div class="box"> |
| @@ -44,6 +44,15 class CommentsControllerTest < ActionController::TestCase | |||
|
|
44 | 44 | end |
|
|
45 | 45 | end |
|
|
46 | 46 | |
|
|
47 | def test_create_should_be_denied_if_news_is_not_commentable | |
|
|
48 | News.any_instance.stubs(:commentable?).returns(false) | |
|
|
49 | @request.session[:user_id] = 2 | |
|
|
50 | assert_no_difference 'Comment.count' do | |
|
|
51 | post :create, :id => 1, :comment => { :comments => 'This is a test comment' } | |
|
|
52 | assert_response 403 | |
|
|
53 | end | |
|
|
54 | end | |
|
|
55 | ||
|
|
47 | 56 | def test_destroy_comment |
|
|
48 | 57 | comments_count = News.find(1).comments.size |
|
|
49 | 58 | @request.session[:user_id] = 2 |
General Comments 0
You need to be logged in to leave comments.
Login now