| @@ -17,7 +17,7 | |||||
| 17 |
|
17 | |||
| 18 | class AttachmentsController < ApplicationController |
|
18 | class AttachmentsController < ApplicationController | |
| 19 | before_action :find_attachment, :only => [:show, :download, :thumbnail, :destroy] |
|
19 | before_action :find_attachment, :only => [:show, :download, :thumbnail, :destroy] | |
| 20 | before_action :find_editable_attachments, :only => [:edit, :update] |
|
20 | before_action :find_editable_attachments, :only => [:edit_all, :update_all] | |
| 21 | before_action :file_readable, :read_authorize, :only => [:show, :download, :thumbnail] |
|
21 | before_action :file_readable, :read_authorize, :only => [:show, :download, :thumbnail] | |
| 22 | before_action :delete_authorize, :only => :destroy |
|
22 | before_action :delete_authorize, :only => :destroy | |
| 23 | before_action :authorize_global, :only => :upload |
|
23 | before_action :authorize_global, :only => :upload | |
| @@ -26,7 +26,7 class AttachmentsController < ApplicationController | |||||
| 26 | # MIME type text/javascript. |
|
26 | # MIME type text/javascript. | |
| 27 | skip_after_filter :verify_same_origin_request, :only => :download |
|
27 | skip_after_filter :verify_same_origin_request, :only => :download | |
| 28 |
|
28 | |||
| 29 | accept_api_auth :show, :download, :thumbnail, :upload, :destroy |
|
29 | accept_api_auth :show, :download, :thumbnail, :upload, :update, :destroy | |
| 30 |
|
30 | |||
| 31 | def show |
|
31 | def show | |
| 32 | respond_to do |format| |
|
32 | respond_to do |format| | |
| @@ -107,17 +107,19 class AttachmentsController < ApplicationController | |||||
| 107 | end |
|
107 | end | |
| 108 | end |
|
108 | end | |
| 109 |
|
109 | |||
| 110 | def edit |
|
110 | # Edit all the attachments of a container | |
|
|
111 | def edit_all | |||
| 111 | end |
|
112 | end | |
| 112 |
|
113 | |||
| 113 | def update |
|
114 | # Update all the attachments of a container | |
|
|
115 | def update_all | |||
| 114 | if params[:attachments].is_a?(Hash) |
|
116 | if params[:attachments].is_a?(Hash) | |
| 115 | if Attachment.update_attachments(@attachments, params[:attachments]) |
|
117 | if Attachment.update_attachments(@attachments, params[:attachments]) | |
| 116 | redirect_back_or_default home_path |
|
118 | redirect_back_or_default home_path | |
| 117 | return |
|
119 | return | |
| 118 | end |
|
120 | end | |
| 119 | end |
|
121 | end | |
| 120 | render :action => 'edit' |
|
122 | render :action => 'edit_all' | |
| 121 | end |
|
123 | end | |
| 122 |
|
124 | |||
| 123 | def destroy |
|
125 | def destroy | |
| 1 | NO CONTENT: file renamed from app/views/attachments/edit.html.erb to app/views/attachments/edit_all.html.erb |
|
NO CONTENT: file renamed from app/views/attachments/edit.html.erb to app/views/attachments/edit_all.html.erb |
| @@ -294,8 +294,8 Rails.application.routes.draw do | |||||
| 294 | get 'attachments/download/:id', :to => 'attachments#download', :id => /\d+/ |
|
294 | get 'attachments/download/:id', :to => 'attachments#download', :id => /\d+/ | |
| 295 | get 'attachments/thumbnail/:id(/:size)', :to => 'attachments#thumbnail', :id => /\d+/, :size => /\d+/, :as => 'thumbnail' |
|
295 | get 'attachments/thumbnail/:id(/:size)', :to => 'attachments#thumbnail', :id => /\d+/, :size => /\d+/, :as => 'thumbnail' | |
| 296 | resources :attachments, :only => [:show, :destroy] |
|
296 | resources :attachments, :only => [:show, :destroy] | |
| 297 | get 'attachments/:object_type/:object_id/edit', :to => 'attachments#edit', :as => :object_attachments_edit |
|
297 | get 'attachments/:object_type/:object_id/edit', :to => 'attachments#edit_all', :as => :object_attachments_edit | |
| 298 | patch 'attachments/:object_type/:object_id', :to => 'attachments#update', :as => :object_attachments |
|
298 | patch 'attachments/:object_type/:object_id', :to => 'attachments#update_all', :as => :object_attachments | |
| 299 |
|
299 | |||
| 300 | resources :groups do |
|
300 | resources :groups do | |
| 301 | resources :memberships, :controller => 'principal_memberships' |
|
301 | resources :memberships, :controller => 'principal_memberships' | |
| @@ -354,9 +354,9 class AttachmentsControllerTest < Redmine::ControllerTest | |||||
| 354 | puts '(ImageMagick convert not available)' |
|
354 | puts '(ImageMagick convert not available)' | |
| 355 | end |
|
355 | end | |
| 356 |
|
356 | |||
| 357 | def test_edit |
|
357 | def test_edit_all | |
| 358 | @request.session[:user_id] = 2 |
|
358 | @request.session[:user_id] = 2 | |
| 359 | get :edit, :object_type => 'issues', :object_id => '2' |
|
359 | get :edit_all, :object_type => 'issues', :object_id => '2' | |
| 360 | assert_response :success |
|
360 | assert_response :success | |
| 361 |
|
361 | |||
| 362 | assert_select 'form[action=?]', '/attachments/issues/2' do |
|
362 | assert_select 'form[action=?]', '/attachments/issues/2' do | |
| @@ -371,24 +371,24 class AttachmentsControllerTest < Redmine::ControllerTest | |||||
| 371 | end |
|
371 | end | |
| 372 | end |
|
372 | end | |
| 373 |
|
373 | |||
| 374 | def test_edit_invalid_container_class_should_return_404 |
|
374 | def test_edit_all_with_invalid_container_class_should_return_404 | |
| 375 | get :edit, :object_type => 'nuggets', :object_id => '3' |
|
375 | get :edit_all, :object_type => 'nuggets', :object_id => '3' | |
| 376 | assert_response 404 |
|
376 | assert_response 404 | |
| 377 | end |
|
377 | end | |
| 378 |
|
378 | |||
| 379 | def test_edit_invalid_object_should_return_404 |
|
379 | def test_edit_all_with_invalid_object_should_return_404 | |
| 380 | get :edit, :object_type => 'issues', :object_id => '999' |
|
380 | get :edit_all, :object_type => 'issues', :object_id => '999' | |
| 381 | assert_response 404 |
|
381 | assert_response 404 | |
| 382 | end |
|
382 | end | |
| 383 |
|
383 | |||
| 384 | def test_edit_for_object_that_is_not_visible_should_return_403 |
|
384 | def test_edit_all_for_object_that_is_not_visible_should_return_403 | |
| 385 | get :edit, :object_type => 'issues', :object_id => '4' |
|
385 | get :edit_all, :object_type => 'issues', :object_id => '4' | |
| 386 | assert_response 403 |
|
386 | assert_response 403 | |
| 387 | end |
|
387 | end | |
| 388 |
|
388 | |||
| 389 | def test_update |
|
389 | def test_update_all | |
| 390 | @request.session[:user_id] = 2 |
|
390 | @request.session[:user_id] = 2 | |
| 391 | patch :update, :object_type => 'issues', :object_id => '2', :attachments => { |
|
391 | patch :update_all, :object_type => 'issues', :object_id => '2', :attachments => { | |
| 392 | '1' => {:filename => 'newname.text', :description => ''}, |
|
392 | '1' => {:filename => 'newname.text', :description => ''}, | |
| 393 | '4' => {:filename => 'newname.rb', :description => 'Renamed'}, |
|
393 | '4' => {:filename => 'newname.rb', :description => 'Renamed'}, | |
| 394 | } |
|
394 | } | |
| @@ -399,9 +399,9 class AttachmentsControllerTest < Redmine::ControllerTest | |||||
| 399 | assert_equal 'Renamed', attachment.description |
|
399 | assert_equal 'Renamed', attachment.description | |
| 400 | end |
|
400 | end | |
| 401 |
|
401 | |||
| 402 | def test_update_with_failure |
|
402 | def test_update_all_with_failure | |
| 403 | @request.session[:user_id] = 2 |
|
403 | @request.session[:user_id] = 2 | |
| 404 | patch :update, :object_type => 'issues', :object_id => '3', :attachments => { |
|
404 | patch :update_all, :object_type => 'issues', :object_id => '3', :attachments => { | |
| 405 | '1' => {:filename => '', :description => ''}, |
|
405 | '1' => {:filename => '', :description => ''}, | |
| 406 | '4' => {:filename => 'newname.rb', :description => 'Renamed'}, |
|
406 | '4' => {:filename => 'newname.rb', :description => 'Renamed'}, | |
| 407 | } |
|
407 | } | |
General Comments 0
You need to be logged in to leave comments.
Login now