| @@ -47,7 +47,8 class DocumentsController < ApplicationController | |||||
| 47 | end |
|
47 | end | |
| 48 |
|
48 | |||
| 49 | def new |
|
49 | def new | |
| 50 |
@document = @project.documents.build |
|
50 | @document = @project.documents.build | |
|
|
51 | @document.safe_attributes = params[:document] | |||
| 51 | if request.post? and @document.save |
|
52 | if request.post? and @document.save | |
| 52 | attachments = Attachment.attach_files(@document, params[:attachments]) |
|
53 | attachments = Attachment.attach_files(@document, params[:attachments]) | |
| 53 | render_attachment_warning_if_needed(@document) |
|
54 | render_attachment_warning_if_needed(@document) | |
| @@ -58,7 +59,8 class DocumentsController < ApplicationController | |||||
| 58 |
|
59 | |||
| 59 | def edit |
|
60 | def edit | |
| 60 | @categories = DocumentCategory.active #TODO: use it in the views |
|
61 | @categories = DocumentCategory.active #TODO: use it in the views | |
| 61 |
|
|
62 | @document.safe_attributes = params[:document] | |
|
|
63 | if request.post? and @document.save | |||
| 62 | flash[:notice] = l(:notice_successful_update) |
|
64 | flash[:notice] = l(:notice_successful_update) | |
| 63 | redirect_to :action => 'show', :id => @document |
|
65 | redirect_to :action => 'show', :id => @document | |
| 64 | end |
|
66 | end | |
| @@ -16,6 +16,7 | |||||
| 16 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
|
16 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. | |
| 17 |
|
17 | |||
| 18 | class Document < ActiveRecord::Base |
|
18 | class Document < ActiveRecord::Base | |
|
|
19 | include Redmine::SafeAttributes | |||
| 19 | belongs_to :project |
|
20 | belongs_to :project | |
| 20 | belongs_to :category, :class_name => "DocumentCategory", :foreign_key => "category_id" |
|
21 | belongs_to :category, :class_name => "DocumentCategory", :foreign_key => "category_id" | |
| 21 | acts_as_attachable :delete_permission => :manage_documents |
|
22 | acts_as_attachable :delete_permission => :manage_documents | |
| @@ -32,6 +33,8 class Document < ActiveRecord::Base | |||||
| 32 | named_scope :visible, lambda {|*args| { :include => :project, |
|
33 | named_scope :visible, lambda {|*args| { :include => :project, | |
| 33 | :conditions => Project.allowed_to_condition(args.shift || User.current, :view_documents, *args) } } |
|
34 | :conditions => Project.allowed_to_condition(args.shift || User.current, :view_documents, *args) } } | |
| 34 |
|
35 | |||
|
|
36 | safe_attributes 'category_id', 'title', 'description' | |||
|
|
37 | ||||
| 35 | def visible?(user=User.current) |
|
38 | def visible?(user=User.current) | |
| 36 | !user.nil? && user.allowed_to?(:view_documents, project) |
|
39 | !user.nil? && user.allowed_to?(:view_documents, project) | |
| 37 | end |
|
40 | end | |
General Comments 0
You need to be logged in to leave comments.
Login now