| @@ -63,7 +63,8 class GroupsController < ApplicationController | |||
|
|
63 | 63 | # POST /groups |
|
|
64 | 64 | # POST /groups.xml |
|
|
65 | 65 | def create |
|
|
66 |
@group = Group.new |
|
|
|
66 | @group = Group.new | |
|
|
67 | @group.safe_attributes = params[:group] | |
|
|
67 | 68 | |
|
|
68 | 69 | respond_to do |format| |
|
|
69 | 70 | if @group.save |
| @@ -83,9 +84,10 class GroupsController < ApplicationController | |||
|
|
83 | 84 | # PUT /groups/1.xml |
|
|
84 | 85 | def update |
|
|
85 | 86 | @group = Group.find(params[:id]) |
|
|
87 | @group.safe_attributes = params[:group] | |
|
|
86 | 88 | |
|
|
87 | 89 | respond_to do |format| |
|
|
88 | if @group.update_attributes(params[:group]) | |
|
|
90 | if @group.save | |
|
|
89 | 91 | flash[:notice] = l(:notice_successful_update) |
|
|
90 | 92 | format.html { redirect_to(groups_path) } |
|
|
91 | 93 | format.xml { head :ok } |
| @@ -16,6 +16,8 | |||
|
|
16 | 16 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
|
|
17 | 17 | |
|
|
18 | 18 | class Group < Principal |
|
|
19 | include Redmine::SafeAttributes | |
|
|
20 | ||
|
|
19 | 21 | has_and_belongs_to_many :users, :after_add => :user_added, |
|
|
20 | 22 | :after_remove => :user_removed |
|
|
21 | 23 | |
| @@ -27,6 +29,11 class Group < Principal | |||
|
|
27 | 29 | |
|
|
28 | 30 | before_destroy :remove_references_before_destroy |
|
|
29 | 31 | |
|
|
32 | safe_attributes 'name', | |
|
|
33 | 'custom_field_values', | |
|
|
34 | 'custom_fields', | |
|
|
35 | :if => lambda {|group, user| user.admin?} | |
|
|
36 | ||
|
|
30 | 37 | def to_s |
|
|
31 | 38 | lastname.to_s |
|
|
32 | 39 | end |
General Comments 0
You need to be logged in to leave comments.
Login now