| @@ -31,13 +31,15 class TrackersController < ApplicationController | |||||
| 31 | end |
|
31 | end | |
| 32 |
|
32 | |||
| 33 | def new |
|
33 | def new | |
| 34 |
@tracker ||= Tracker.new |
|
34 | @tracker ||= Tracker.new | |
|
|
35 | @tracker.safe_attributes = params[:tracker] | |||
| 35 | @trackers = Tracker.sorted.to_a |
|
36 | @trackers = Tracker.sorted.to_a | |
| 36 | @projects = Project.all |
|
37 | @projects = Project.all | |
| 37 | end |
|
38 | end | |
| 38 |
|
39 | |||
| 39 | def create |
|
40 | def create | |
| 40 |
@tracker = Tracker.new |
|
41 | @tracker = Tracker.new | |
|
|
42 | @tracker.safe_attributes = params[:tracker] | |||
| 41 | if @tracker.save |
|
43 | if @tracker.save | |
| 42 | # workflow copy |
|
44 | # workflow copy | |
| 43 | if !params[:copy_workflow_from].blank? && (copy_from = Tracker.find_by_id(params[:copy_workflow_from])) |
|
45 | if !params[:copy_workflow_from].blank? && (copy_from = Tracker.find_by_id(params[:copy_workflow_from])) | |
| @@ -58,7 +60,8 class TrackersController < ApplicationController | |||||
| 58 |
|
60 | |||
| 59 | def update |
|
61 | def update | |
| 60 | @tracker = Tracker.find(params[:id]) |
|
62 | @tracker = Tracker.find(params[:id]) | |
| 61 |
|
|
63 | @tracker.safe_attributes = params[:tracker] | |
|
|
64 | if @tracker.save | |||
| 62 | respond_to do |format| |
|
65 | respond_to do |format| | |
| 63 | format.html { |
|
66 | format.html { | |
| 64 | flash[:notice] = l(:notice_successful_update) |
|
67 | flash[:notice] = l(:notice_successful_update) | |
| @@ -16,6 +16,7 | |||||
| 16 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
|
16 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. | |
| 17 |
|
17 | |||
| 18 | class Tracker < ActiveRecord::Base |
|
18 | class Tracker < ActiveRecord::Base | |
|
|
19 | include Redmine::SafeAttributes | |||
| 19 |
|
20 | |||
| 20 | CORE_FIELDS_UNDISABLABLE = %w(project_id tracker_id subject description priority_id is_private).freeze |
|
21 | CORE_FIELDS_UNDISABLABLE = %w(project_id tracker_id subject description priority_id is_private).freeze | |
| 21 | # Fields that can be disabled |
|
22 | # Fields that can be disabled | |
| @@ -69,6 +70,14 class Tracker < ActiveRecord::Base | |||||
| 69 | joins(:projects).where(condition).distinct |
|
70 | joins(:projects).where(condition).distinct | |
| 70 | } |
|
71 | } | |
| 71 |
|
72 | |||
|
|
73 | safe_attributes 'name', | |||
|
|
74 | 'default_status_id', | |||
|
|
75 | 'is_in_roadmap', | |||
|
|
76 | 'core_fields', | |||
|
|
77 | 'position', | |||
|
|
78 | 'custom_field_ids', | |||
|
|
79 | 'project_ids' | |||
|
|
80 | ||||
| 72 | def to_s; name end |
|
81 | def to_s; name end | |
| 73 |
|
82 | |||
| 74 | def <=>(tracker) |
|
83 | def <=>(tracker) | |
General Comments 0
You need to be logged in to leave comments.
Login now