@@ -312,12 +312,8 private | |||||
312 | return false |
|
312 | return false | |
313 | end |
|
313 | end | |
314 | @issue.start_date ||= Date.today if Setting.default_issue_start_date_to_creation_date? |
|
314 | @issue.start_date ||= Date.today if Setting.default_issue_start_date_to_creation_date? | |
315 | if params[:issue].is_a?(Hash) |
|
315 | @issue.safe_attributes = params[:issue] | |
316 | @issue.safe_attributes = params[:issue] |
|
316 | ||
317 | if User.current.allowed_to?(:add_issue_watchers, @project) && @issue.new_record? |
|
|||
318 | @issue.watcher_user_ids = params[:issue]['watcher_user_ids'] |
|
|||
319 | end |
|
|||
320 | end |
|
|||
321 | @priorities = IssuePriority.active |
|
317 | @priorities = IssuePriority.active | |
322 | @allowed_statuses = @issue.new_statuses_allowed_to(User.current, true) |
|
318 | @allowed_statuses = @issue.new_statuses_allowed_to(User.current, true) | |
323 | end |
|
319 | end |
@@ -282,6 +282,9 class Issue < ActiveRecord::Base | |||||
282 | 'done_ratio', |
|
282 | 'done_ratio', | |
283 | :if => lambda {|issue, user| issue.new_statuses_allowed_to(user).any? } |
|
283 | :if => lambda {|issue, user| issue.new_statuses_allowed_to(user).any? } | |
284 |
|
284 | |||
|
285 | safe_attributes 'watcher_user_ids', | |||
|
286 | :if => lambda {|issue, user| issue.new_record? && user.allowed_to?(:add_issue_watchers, issue.project)} | |||
|
287 | ||||
285 | safe_attributes 'is_private', |
|
288 | safe_attributes 'is_private', | |
286 | :if => lambda {|issue, user| |
|
289 | :if => lambda {|issue, user| | |
287 | user.allowed_to?(:set_issues_private, issue.project) || |
|
290 | user.allowed_to?(:set_issues_private, issue.project) || | |
@@ -323,7 +326,8 class Issue < ActiveRecord::Base | |||||
323 | end |
|
326 | end | |
324 | end |
|
327 | end | |
325 |
|
328 | |||
326 | self.attributes = attrs |
|
329 | # mass-assignment security bypass | |
|
330 | self.send :attributes=, attrs, false | |||
327 | end |
|
331 | end | |
328 |
|
332 | |||
329 | def done_ratio |
|
333 | def done_ratio |
General Comments 0
You need to be logged in to leave comments.
Login now