| @@ -47,7 +47,8 class DocumentsController < ApplicationController | |||
|
|
47 | 47 | end |
|
|
48 | 48 | |
|
|
49 | 49 | def new |
|
|
50 |
@document = @project.documents.build |
|
|
|
50 | @document = @project.documents.build | |
|
|
51 | @document.safe_attributes = params[:document] | |
|
|
51 | 52 | if request.post? and @document.save |
|
|
52 | 53 | attachments = Attachment.attach_files(@document, params[:attachments]) |
|
|
53 | 54 | render_attachment_warning_if_needed(@document) |
| @@ -58,7 +59,8 class DocumentsController < ApplicationController | |||
|
|
58 | 59 | |
|
|
59 | 60 | def edit |
|
|
60 | 61 | @categories = DocumentCategory.active #TODO: use it in the views |
|
|
61 |
|
|
|
|
62 | @document.safe_attributes = params[:document] | |
|
|
63 | if request.post? and @document.save | |
|
|
62 | 64 | flash[:notice] = l(:notice_successful_update) |
|
|
63 | 65 | redirect_to :action => 'show', :id => @document |
|
|
64 | 66 | end |
| @@ -16,6 +16,7 | |||
|
|
16 | 16 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
|
|
17 | 17 | |
|
|
18 | 18 | class Document < ActiveRecord::Base |
|
|
19 | include Redmine::SafeAttributes | |
|
|
19 | 20 | belongs_to :project |
|
|
20 | 21 | belongs_to :category, :class_name => "DocumentCategory", :foreign_key => "category_id" |
|
|
21 | 22 | acts_as_attachable :delete_permission => :manage_documents |
| @@ -32,6 +33,8 class Document < ActiveRecord::Base | |||
|
|
32 | 33 | named_scope :visible, lambda {|*args| { :include => :project, |
|
|
33 | 34 | :conditions => Project.allowed_to_condition(args.shift || User.current, :view_documents, *args) } } |
|
|
34 | 35 | |
|
|
36 | safe_attributes 'category_id', 'title', 'description' | |
|
|
37 | ||
|
|
35 | 38 | def visible?(user=User.current) |
|
|
36 | 39 | !user.nil? && user.allowed_to?(:view_documents, project) |
|
|
37 | 40 | end |
General Comments 0
You need to be logged in to leave comments.
Login now