##// END OF EJS Templates
jro_apps » redmine
RSS
Fixed that requesting a message from an invalid forum should respond with 404 (#13232)....
Jean-Philippe Lang -
r11216:d1244b31a4c2
parent child
Show More
Side by Side Unified
Context file:
r11216:d1244b31a4c2 Loading diff...:
Show file before | Show file after | Hide comments
@@ -1,141 +1,142
1 1 # Redmine - project management software
2 2 # Copyright (C) 2006-2013 Jean-Philippe Lang
3 3 #
4 4 # This program is free software; you can redistribute it and/or
5 5 # modify it under the terms of the GNU General Public License
6 6 # as published by the Free Software Foundation; either version 2
7 7 # of the License, or (at your option) any later version.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU General Public License
15 15 # along with this program; if not, write to the Free Software
16 16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17 17
18 18 class MessagesController < ApplicationController
19 19 menu_item :boards
20 20 default_search_scope :messages
21 21 before_filter :find_board, :only => [:new, :preview]
22 22 before_filter :find_attachments, :only => [:preview]
23 23 before_filter :find_message, :except => [:new, :preview]
24 24 before_filter :authorize, :except => [:preview, :edit, :destroy]
25 25
26 26 helper :boards
27 27 helper :watchers
28 28 helper :attachments
29 29 include AttachmentsHelper
30 30
31 31 REPLIES_PER_PAGE = 25 unless const_defined?(:REPLIES_PER_PAGE)
32 32
33 33 # Show a topic and its replies
34 34 def show
35 35 page = params[:page]
36 36 # Find the page of the requested reply
37 37 if params[:r] && page.nil?
38 38 offset = @topic.children.count(:conditions => ["#{Message.table_name}.id < ?", params[:r].to_i])
39 39 page = 1 + offset / REPLIES_PER_PAGE
40 40 end
41 41
42 42 @reply_count = @topic.children.count
43 43 @reply_pages = Paginator.new @reply_count, REPLIES_PER_PAGE, page
44 44 @replies = @topic.children.
45 45 includes(:author, :attachments, {:board => :project}).
46 46 reorder("#{Message.table_name}.created_on ASC").
47 47 limit(@reply_pages.per_page).
48 48 offset(@reply_pages.offset).
49 49 all
50 50
51 51 @reply = Message.new(:subject => "RE: #{@message.subject}")
52 52 render :action => "show", :layout => false if request.xhr?
53 53 end
54 54
55 55 # Create a new topic
56 56 def new
57 57 @message = Message.new
58 58 @message.author = User.current
59 59 @message.board = @board
60 60 @message.safe_attributes = params[:message]
61 61 if request.post?
62 62 @message.save_attachments(params[:attachments])
63 63 if @message.save
64 64 call_hook(:controller_messages_new_after_save, { :params => params, :message => @message})
65 65 render_attachment_warning_if_needed(@message)
66 66 redirect_to board_message_path(@board, @message)
67 67 end
68 68 end
69 69 end
70 70
71 71 # Reply to a topic
72 72 def reply
73 73 @reply = Message.new
74 74 @reply.author = User.current
75 75 @reply.board = @board
76 76 @reply.safe_attributes = params[:reply]
77 77 @topic.children << @reply
78 78 if !@reply.new_record?
79 79 call_hook(:controller_messages_reply_after_save, { :params => params, :message => @reply})
80 80 attachments = Attachment.attach_files(@reply, params[:attachments])
81 81 render_attachment_warning_if_needed(@reply)
82 82 end
83 83 redirect_to board_message_path(@board, @topic, :r => @reply)
84 84 end
85 85
86 86 # Edit a message
87 87 def edit
88 88 (render_403; return false) unless @message.editable_by?(User.current)
89 89 @message.safe_attributes = params[:message]
90 90 if request.post? && @message.save
91 91 attachments = Attachment.attach_files(@message, params[:attachments])
92 92 render_attachment_warning_if_needed(@message)
93 93 flash[:notice] = l(:notice_successful_update)
94 94 @message.reload
95 95 redirect_to board_message_path(@message.board, @message.root, :r => (@message.parent_id && @message.id))
96 96 end
97 97 end
98 98
99 99 # Delete a messages
100 100 def destroy
101 101 (render_403; return false) unless @message.destroyable_by?(User.current)
102 102 r = @message.to_param
103 103 @message.destroy
104 104 if @message.parent
105 105 redirect_to board_message_path(@board, @message.parent, :r => r)
106 106 else
107 107 redirect_to project_board_path(@project, @board)
108 108 end
109 109 end
110 110
111 111 def quote
112 112 @subject = @message.subject
113 113 @subject = "RE: #{@subject}" unless @subject.starts_with?('RE:')
114 114
115 115 @content = "#{ll(Setting.default_language, :text_user_wrote, @message.author)}\n> "
116 116 @content << @message.content.to_s.strip.gsub(%r{<pre>((.|\s)*?)</pre>}m, '[...]').gsub(/(\r?\n|\r\n?)/, "\n> ") + "\n\n"
117 117 end
118 118
119 119 def preview
120 120 message = @board.messages.find_by_id(params[:id])
121 121 @text = (params[:message] || params[:reply])[:content]
122 122 @previewed = message
123 123 render :partial => 'common/preview'
124 124 end
125 125
126 126 private
127 127 def find_message
128 find_board
128 return unless find_board
129 129 @message = @board.messages.find(params[:id], :include => :parent)
130 130 @topic = @message.root
131 131 rescue ActiveRecord::RecordNotFound
132 132 render_404
133 133 end
134 134
135 135 def find_board
136 136 @board = Board.find(params[:board_id], :include => :project)
137 137 @project = @board.project
138 138 rescue ActiveRecord::RecordNotFound
139 139 render_404
140 nil
140 141 end
141 142 end
Show file before | Show file after | Hide comments
@@ -1,212 +1,217
1 1 # Redmine - project management software
2 2 # Copyright (C) 2006-2013 Jean-Philippe Lang
3 3 #
4 4 # This program is free software; you can redistribute it and/or
5 5 # modify it under the terms of the GNU General Public License
6 6 # as published by the Free Software Foundation; either version 2
7 7 # of the License, or (at your option) any later version.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU General Public License
15 15 # along with this program; if not, write to the Free Software
16 16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17 17
18 18 require File.expand_path('../../test_helper', __FILE__)
19 19
20 20 class MessagesControllerTest < ActionController::TestCase
21 21 fixtures :projects, :users, :members, :member_roles, :roles, :boards, :messages, :enabled_modules
22 22
23 23 def setup
24 24 User.current = nil
25 25 end
26 26
27 27 def test_show
28 28 get :show, :board_id => 1, :id => 1
29 29 assert_response :success
30 30 assert_template 'show'
31 31 assert_not_nil assigns(:board)
32 32 assert_not_nil assigns(:project)
33 33 assert_not_nil assigns(:topic)
34 34 end
35 35
36 36 def test_show_should_contain_reply_field_tags_for_quoting
37 37 @request.session[:user_id] = 2
38 38 get :show, :board_id => 1, :id => 1
39 39 assert_response :success
40 40
41 41 # tags required by MessagesController#quote
42 42 assert_tag 'input', :attributes => {:id => 'message_subject'}
43 43 assert_tag 'textarea', :attributes => {:id => 'message_content'}
44 44 assert_tag 'div', :attributes => {:id => 'reply'}
45 45 end
46 46
47 47 def test_show_with_pagination
48 48 message = Message.find(1)
49 49 assert_difference 'Message.count', 30 do
50 50 30.times do
51 51 message.children << Message.new(:subject => 'Reply', :content => 'Reply body', :author_id => 2, :board_id => 1)
52 52 end
53 53 end
54 54 get :show, :board_id => 1, :id => 1, :r => message.children.last(:order => 'id').id
55 55 assert_response :success
56 56 assert_template 'show'
57 57 replies = assigns(:replies)
58 58 assert_not_nil replies
59 59 assert !replies.include?(message.children.first(:order => 'id'))
60 60 assert replies.include?(message.children.last(:order => 'id'))
61 61 end
62 62
63 63 def test_show_with_reply_permission
64 64 @request.session[:user_id] = 2
65 65 get :show, :board_id => 1, :id => 1
66 66 assert_response :success
67 67 assert_template 'show'
68 68 assert_tag :div, :attributes => { :id => 'reply' },
69 69 :descendant => { :tag => 'textarea', :attributes => { :id => 'message_content' } }
70 70 end
71 71
72 72 def test_show_message_not_found
73 73 get :show, :board_id => 1, :id => 99999
74 74 assert_response 404
75 75 end
76 76
77 def test_show_message_from_invalid_board_should_respond_with_404
78 get :show, :board_id => 999, :id => 1
79 assert_response 404
80 end
81
77 82 def test_get_new
78 83 @request.session[:user_id] = 2
79 84 get :new, :board_id => 1
80 85 assert_response :success
81 86 assert_template 'new'
82 87 end
83 88
84 89 def test_get_new_with_invalid_board
85 90 @request.session[:user_id] = 2
86 91 get :new, :board_id => 99
87 92 assert_response 404
88 93 end
89 94
90 95 def test_post_new
91 96 @request.session[:user_id] = 2
92 97 ActionMailer::Base.deliveries.clear
93 98
94 99 with_settings :notified_events => %w(message_posted) do
95 100 post :new, :board_id => 1,
96 101 :message => { :subject => 'Test created message',
97 102 :content => 'Message body'}
98 103 end
99 104 message = Message.find_by_subject('Test created message')
100 105 assert_not_nil message
101 106 assert_redirected_to "/boards/1/topics/#{message.to_param}"
102 107 assert_equal 'Message body', message.content
103 108 assert_equal 2, message.author_id
104 109 assert_equal 1, message.board_id
105 110
106 111 mail = ActionMailer::Base.deliveries.last
107 112 assert_not_nil mail
108 113 assert_equal "[#{message.board.project.name} - #{message.board.name} - msg#{message.root.id}] Test created message", mail.subject
109 114 assert_mail_body_match 'Message body', mail
110 115 # author
111 116 assert mail.bcc.include?('jsmith@somenet.foo')
112 117 # project member
113 118 assert mail.bcc.include?('dlopper@somenet.foo')
114 119 end
115 120
116 121 def test_get_edit
117 122 @request.session[:user_id] = 2
118 123 get :edit, :board_id => 1, :id => 1
119 124 assert_response :success
120 125 assert_template 'edit'
121 126 end
122 127
123 128 def test_post_edit
124 129 @request.session[:user_id] = 2
125 130 post :edit, :board_id => 1, :id => 1,
126 131 :message => { :subject => 'New subject',
127 132 :content => 'New body'}
128 133 assert_redirected_to '/boards/1/topics/1'
129 134 message = Message.find(1)
130 135 assert_equal 'New subject', message.subject
131 136 assert_equal 'New body', message.content
132 137 end
133 138
134 139 def test_post_edit_sticky_and_locked
135 140 @request.session[:user_id] = 2
136 141 post :edit, :board_id => 1, :id => 1,
137 142 :message => { :subject => 'New subject',
138 143 :content => 'New body',
139 144 :locked => '1',
140 145 :sticky => '1'}
141 146 assert_redirected_to '/boards/1/topics/1'
142 147 message = Message.find(1)
143 148 assert_equal true, message.sticky?
144 149 assert_equal true, message.locked?
145 150 end
146 151
147 152 def test_post_edit_should_allow_to_change_board
148 153 @request.session[:user_id] = 2
149 154 post :edit, :board_id => 1, :id => 1,
150 155 :message => { :subject => 'New subject',
151 156 :content => 'New body',
152 157 :board_id => 2}
153 158 assert_redirected_to '/boards/2/topics/1'
154 159 message = Message.find(1)
155 160 assert_equal Board.find(2), message.board
156 161 end
157 162
158 163 def test_reply
159 164 @request.session[:user_id] = 2
160 165 post :reply, :board_id => 1, :id => 1, :reply => { :content => 'This is a test reply', :subject => 'Test reply' }
161 166 reply = Message.order('id DESC').first
162 167 assert_redirected_to "/boards/1/topics/1?r=#{reply.id}"
163 168 assert Message.find_by_subject('Test reply')
164 169 end
165 170
166 171 def test_destroy_topic
167 172 @request.session[:user_id] = 2
168 173 assert_difference 'Message.count', -3 do
169 174 post :destroy, :board_id => 1, :id => 1
170 175 end
171 176 assert_redirected_to '/projects/ecookbook/boards/1'
172 177 assert_nil Message.find_by_id(1)
173 178 end
174 179
175 180 def test_destroy_reply
176 181 @request.session[:user_id] = 2
177 182 assert_difference 'Message.count', -1 do
178 183 post :destroy, :board_id => 1, :id => 2
179 184 end
180 185 assert_redirected_to '/boards/1/topics/1?r=2'
181 186 assert_nil Message.find_by_id(2)
182 187 end
183 188
184 189 def test_quote
185 190 @request.session[:user_id] = 2
186 191 xhr :get, :quote, :board_id => 1, :id => 3
187 192 assert_response :success
188 193 assert_equal 'text/javascript', response.content_type
189 194 assert_template 'quote'
190 195 assert_include 'RE: First post', response.body
191 196 assert_include '> An other reply', response.body
192 197 end
193 198
194 199 def test_preview_new
195 200 @request.session[:user_id] = 2
196 201 post :preview,
197 202 :board_id => 1,
198 203 :message => {:subject => "", :content => "Previewed text"}
199 204 assert_response :success
200 205 assert_template 'common/_preview'
201 206 end
202 207
203 208 def test_preview_edit
204 209 @request.session[:user_id] = 2
205 210 post :preview,
206 211 :id => 4,
207 212 :board_id => 1,
208 213 :message => {:subject => "", :content => "Previewed text"}
209 214 assert_response :success
210 215 assert_template 'common/_preview'
211 216 end
212 217 end
General Comments 0
You need to be logged in to leave comments. Login now