| @@ -73,7 +73,8 class VersionsController < ApplicationController | |||
|
|
73 | 73 | end |
|
|
74 | 74 | |
|
|
75 | 75 | def new |
|
|
76 |
@version = @project.versions.build |
|
|
|
76 | @version = @project.versions.build | |
|
|
77 | @version.safe_attributes = params[:version] | |
|
|
77 | 78 | |
|
|
78 | 79 | respond_to do |format| |
|
|
79 | 80 | format.html |
| @@ -92,7 +93,7 class VersionsController < ApplicationController | |||
|
|
92 | 93 | if params[:version] |
|
|
93 | 94 | attributes = params[:version].dup |
|
|
94 | 95 | attributes.delete('sharing') unless attributes.nil? || @version.allowed_sharings.include?(attributes['sharing']) |
|
|
95 | @version.attributes = attributes | |
|
|
96 | @version.safe_attributes = attributes | |
|
|
96 | 97 | end |
|
|
97 | 98 | |
|
|
98 | 99 | if request.post? |
| @@ -136,7 +137,8 class VersionsController < ApplicationController | |||
|
|
136 | 137 | if request.put? && params[:version] |
|
|
137 | 138 | attributes = params[:version].dup |
|
|
138 | 139 | attributes.delete('sharing') unless @version.allowed_sharings.include?(attributes['sharing']) |
|
|
139 |
|
|
|
|
140 | @version.safe_attributes = attributes | |
|
|
141 | if @version.save | |
|
|
140 | 142 | respond_to do |format| |
|
|
141 | 143 | format.html { |
|
|
142 | 144 | flash[:notice] = l(:notice_successful_update) |
| @@ -16,6 +16,7 | |||
|
|
16 | 16 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
|
|
17 | 17 | |
|
|
18 | 18 | class Version < ActiveRecord::Base |
|
|
19 | include Redmine::SafeAttributes | |
|
|
19 | 20 | after_update :update_issues_from_sharing_change |
|
|
20 | 21 | belongs_to :project |
|
|
21 | 22 | has_many :fixed_issues, :class_name => 'Issue', :foreign_key => 'fixed_version_id', :dependent => :nullify |
| @@ -38,6 +39,15 class Version < ActiveRecord::Base | |||
|
|
38 | 39 | named_scope :visible, lambda {|*args| { :include => :project, |
|
|
39 | 40 | :conditions => Project.allowed_to_condition(args.first || User.current, :view_issues) } } |
|
|
40 | 41 | |
|
|
42 | safe_attributes 'name', | |
|
|
43 | 'description', | |
|
|
44 | 'effective_date', | |
|
|
45 | 'due_date', | |
|
|
46 | 'wiki_page_title', | |
|
|
47 | 'status', | |
|
|
48 | 'sharing', | |
|
|
49 | 'custom_field_values' | |
|
|
50 | ||
|
|
41 | 51 | # Returns true if +user+ or current user is allowed to view the version |
|
|
42 | 52 | def visible?(user=User.current) |
|
|
43 | 53 | user.allowed_to?(:view_issues, self.project) |
General Comments 0
You need to be logged in to leave comments.
Login now