| @@ -73,7 +73,8 class VersionsController < ApplicationController | |||||
| 73 | end |
|
73 | end | |
| 74 |
|
74 | |||
| 75 | def new |
|
75 | def new | |
| 76 |
@version = @project.versions.build |
|
76 | @version = @project.versions.build | |
|
|
77 | @version.safe_attributes = params[:version] | |||
| 77 |
|
78 | |||
| 78 | respond_to do |format| |
|
79 | respond_to do |format| | |
| 79 | format.html |
|
80 | format.html | |
| @@ -92,7 +93,7 class VersionsController < ApplicationController | |||||
| 92 | if params[:version] |
|
93 | if params[:version] | |
| 93 | attributes = params[:version].dup |
|
94 | attributes = params[:version].dup | |
| 94 | attributes.delete('sharing') unless attributes.nil? || @version.allowed_sharings.include?(attributes['sharing']) |
|
95 | attributes.delete('sharing') unless attributes.nil? || @version.allowed_sharings.include?(attributes['sharing']) | |
| 95 | @version.attributes = attributes |
|
96 | @version.safe_attributes = attributes | |
| 96 | end |
|
97 | end | |
| 97 |
|
98 | |||
| 98 | if request.post? |
|
99 | if request.post? | |
| @@ -136,7 +137,8 class VersionsController < ApplicationController | |||||
| 136 | if request.put? && params[:version] |
|
137 | if request.put? && params[:version] | |
| 137 | attributes = params[:version].dup |
|
138 | attributes = params[:version].dup | |
| 138 | attributes.delete('sharing') unless @version.allowed_sharings.include?(attributes['sharing']) |
|
139 | attributes.delete('sharing') unless @version.allowed_sharings.include?(attributes['sharing']) | |
| 139 |
|
|
140 | @version.safe_attributes = attributes | |
|
|
141 | if @version.save | |||
| 140 | respond_to do |format| |
|
142 | respond_to do |format| | |
| 141 | format.html { |
|
143 | format.html { | |
| 142 | flash[:notice] = l(:notice_successful_update) |
|
144 | flash[:notice] = l(:notice_successful_update) | |
| @@ -16,6 +16,7 | |||||
| 16 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
|
16 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. | |
| 17 |
|
17 | |||
| 18 | class Version < ActiveRecord::Base |
|
18 | class Version < ActiveRecord::Base | |
|
|
19 | include Redmine::SafeAttributes | |||
| 19 | after_update :update_issues_from_sharing_change |
|
20 | after_update :update_issues_from_sharing_change | |
| 20 | belongs_to :project |
|
21 | belongs_to :project | |
| 21 | has_many :fixed_issues, :class_name => 'Issue', :foreign_key => 'fixed_version_id', :dependent => :nullify |
|
22 | has_many :fixed_issues, :class_name => 'Issue', :foreign_key => 'fixed_version_id', :dependent => :nullify | |
| @@ -38,6 +39,15 class Version < ActiveRecord::Base | |||||
| 38 | named_scope :visible, lambda {|*args| { :include => :project, |
|
39 | named_scope :visible, lambda {|*args| { :include => :project, | |
| 39 | :conditions => Project.allowed_to_condition(args.first || User.current, :view_issues) } } |
|
40 | :conditions => Project.allowed_to_condition(args.first || User.current, :view_issues) } } | |
| 40 |
|
41 | |||
|
|
42 | safe_attributes 'name', | |||
|
|
43 | 'description', | |||
|
|
44 | 'effective_date', | |||
|
|
45 | 'due_date', | |||
|
|
46 | 'wiki_page_title', | |||
|
|
47 | 'status', | |||
|
|
48 | 'sharing', | |||
|
|
49 | 'custom_field_values' | |||
|
|
50 | ||||
| 41 | # Returns true if +user+ or current user is allowed to view the version |
|
51 | # Returns true if +user+ or current user is allowed to view the version | |
| 42 | def visible?(user=User.current) |
|
52 | def visible?(user=User.current) | |
| 43 | user.allowed_to?(:view_issues, self.project) |
|
53 | user.allowed_to?(:view_issues, self.project) | |
General Comments 0
You need to be logged in to leave comments.
Login now