##// END OF EJS Templates
jro_apps » redmine
RSS
Warning "Can't mass-assign protected attributes for IssueRelation: issue_to_id" (#21695)....
Jean-Philippe Lang -
r14681:b3663ee5c4bf
parent child
Show More
Side by Side Unified
Context file:
r14681:b3663ee5c4bf Loading diff...:
Show file before | Show file after | Hide comments
@@ -40,11 +40,9 class IssueRelationsController < ApplicationController
40 40 end
41 41
42 42 def create
43 @relation = IssueRelation.new(params[:relation])
43 @relation = IssueRelation.new
44 44 @relation.issue_from = @issue
45 if params[:relation] && m = params[:relation][:issue_to_id].to_s.strip.match(/^#?(\d+)$/)
46 @relation.issue_to = Issue.visible.find_by_id(m[1].to_i)
47 end
45 @relation.safe_attributes = params[:relation]
48 46 @relation.init_journals(User.current)
49 47 saved = @relation.save
50 48
Show file before | Show file after | Hide comments
@@ -30,6 +30,8 class IssueRelation < ActiveRecord::Base
30 30 end
31 31 end
32 32
33 include Redmine::SafeAttributes
34
33 35 belongs_to :issue_from, :class_name => 'Issue'
34 36 belongs_to :issue_to, :class_name => 'Issue'
35 37
@@ -75,6 +77,24 class IssueRelation < ActiveRecord::Base
75 77 after_create :call_issues_relation_added_callback
76 78 after_destroy :call_issues_relation_removed_callback
77 79
80 safe_attributes 'relation_type',
81 'delay',
82 'issue_to_id'
83
84 def safe_attributes=(attrs, user=User.current)
85 return unless attrs.is_a?(Hash)
86 attrs = attrs.deep_dup
87
88 if issue_id = attrs.delete('issue_to_id')
89 if issue_id.to_s.strip.match(/\A#?(\d+)\z/)
90 issue_id = $1.to_i
91 self.issue_to = Issue.visible(user).find_by_id(issue_id)
92 end
93 end
94
95 super(attrs)
96 end
97
78 98 def visible?(user=User.current)
79 99 (issue_from.nil? || issue_from.visible?(user)) && (issue_to.nil? || issue_to.visible?(user))
80 100 end
General Comments 0
You need to be logged in to leave comments. Login now