##// END OF EJS Templates
jro_apps » redmine
RSS
Use safe_attributes for custom field enumerations....
Jean-Philippe Lang -
r15308:cf22053dd583
parent child
Show More
Side by Side Unified
Context file:
r15308:cf22053dd583 Loading diff...:
Show file before | Show file after | Hide comments
@@ -1,71 +1,75
1 1 # Redmine - project management software
2 2 # Copyright (C) 2006-2016 Jean-Philippe Lang
3 3 #
4 4 # This program is free software; you can redistribute it and/or
5 5 # modify it under the terms of the GNU General Public License
6 6 # as published by the Free Software Foundation; either version 2
7 7 # of the License, or (at your option) any later version.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU General Public License
15 15 # along with this program; if not, write to the Free Software
16 16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17 17
18 18 class CustomFieldEnumerationsController < ApplicationController
19 19 layout 'admin'
20 20
21 21 before_action :require_admin
22 22 before_action :find_custom_field
23 23 before_action :find_enumeration, :only => :destroy
24 24
25 25 helper :custom_fields
26 26
27 27 def index
28 28 @values = @custom_field.enumerations.order(:position)
29 29 end
30 30
31 31 def create
32 @value = @custom_field.enumerations.build(params[:custom_field_enumeration])
32 @value = @custom_field.enumerations.build
33 @value.safe_attributes = params[:custom_field_enumeration]
33 34 @value.save
34 35 respond_to do |format|
35 36 format.html { redirect_to custom_field_enumerations_path(@custom_field) }
36 37 format.js
37 38 end
38 39 end
39 40
40 41 def update_each
41 if CustomFieldEnumeration.update_each(@custom_field, params[:custom_field_enumerations])
42 saved = CustomFieldEnumeration.update_each(@custom_field, params[:custom_field_enumerations]) do |enumeration, enumeration_attributes|
43 enumeration.safe_attributes = enumeration_attributes
44 end
45 if saved
42 46 flash[:notice] = l(:notice_successful_update)
43 47 end
44 48 redirect_to :action => 'index'
45 49 end
46 50
47 51 def destroy
48 52 reassign_to = @custom_field.enumerations.find_by_id(params[:reassign_to_id])
49 53 if reassign_to.nil? && @value.in_use?
50 54 @enumerations = @custom_field.enumerations - [@value]
51 55 render :action => 'destroy'
52 56 return
53 57 end
54 58 @value.destroy(reassign_to)
55 59 redirect_to custom_field_enumerations_path(@custom_field)
56 60 end
57 61
58 62 private
59 63
60 64 def find_custom_field
61 65 @custom_field = CustomField.find(params[:custom_field_id])
62 66 rescue ActiveRecord::RecordNotFound
63 67 render_404
64 68 end
65 69
66 70 def find_enumeration
67 71 @value = @custom_field.enumerations.find(params[:id])
68 72 rescue ActiveRecord::RecordNotFound
69 73 render_404
70 74 end
71 75 end
Show file before | Show file after | Hide comments
@@ -1,80 +1,90
1 1 # Redmine - project management software
2 2 # Copyright (C) 2006-2016 Jean-Philippe Lang
3 3 #
4 4 # This program is free software; you can redistribute it and/or
5 5 # modify it under the terms of the GNU General Public License
6 6 # as published by the Free Software Foundation; either version 2
7 7 # of the License, or (at your option) any later version.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU General Public License
15 15 # along with this program; if not, write to the Free Software
16 16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17 17
18 18 class CustomFieldEnumeration < ActiveRecord::Base
19 include Redmine::SafeAttributes
20
19 21 belongs_to :custom_field
20 22 attr_accessible :name, :active, :position
21 23
22 24 validates_presence_of :name, :position, :custom_field_id
23 25 validates_length_of :name, :maximum => 60
24 26 validates_numericality_of :position, :only_integer => true
25 27 before_create :set_position
26 28
27 29 scope :active, lambda { where(:active => true) }
28 30
31 safe_attributes 'name',
32 'active',
33 'position'
34
29 35 def to_s
30 36 name.to_s
31 37 end
32 38
33 39 def objects_count
34 40 custom_values.count
35 41 end
36 42
37 43 def in_use?
38 44 objects_count > 0
39 45 end
40 46
41 47 alias :destroy_without_reassign :destroy
42 48 def destroy(reassign_to=nil)
43 49 if reassign_to
44 50 custom_values.update_all(:value => reassign_to.id.to_s)
45 51 end
46 52 destroy_without_reassign
47 53 end
48 54
49 55 def custom_values
50 56 custom_field.custom_values.where(:value => id.to_s)
51 57 end
52 58
53 59 def self.update_each(custom_field, attributes)
54 60 return unless attributes.is_a?(Hash)
55 61 transaction do
56 62 attributes.each do |enumeration_id, enumeration_attributes|
57 63 enumeration = custom_field.enumerations.find_by_id(enumeration_id)
58 64 if enumeration
59 enumeration.attributes = enumeration_attributes
65 if block_given?
66 yield enumeration, enumeration_attributes
67 else
68 enumeration.attributes = enumeration_attributes
69 end
60 70 unless enumeration.save
61 71 raise ActiveRecord::Rollback
62 72 end
63 73 end
64 74 end
65 75 end
66 76 end
67 77
68 78 def self.fields_for_order_statement(table=nil)
69 79 table ||= table_name
70 80 columns = ['position']
71 81 columns.uniq.map {|field| "#{table}.#{field}"}
72 82 end
73 83
74 84 private
75 85
76 86 def set_position
77 87 max = self.class.where(:custom_field_id => custom_field_id).maximum(:position) || 0
78 88 self.position = max + 1
79 89 end
80 90 end
General Comments 0
You need to be logged in to leave comments. Login now