def update
(render_403; return false) unless @journal.editable_by?(User.current)
- @journal.update_attributes(:notes => params[:notes]) if params[:notes]
+ @journal.notes = params[:notes] if params[:notes]
+ @journal.private_notes = params[:private_notes].present?
+ (render_403; return false) if @journal.private_notes_changed? && User.current.allowed_to?(:set_notes_private, @journal.issue.project) == false
+ @journal.save if @journal.changed?
@journal.destroy if @journal.details.empty? && @journal.notes.blank?
call_hook(:controller_journals_edit_post, { :journal => @journal, :params => params})
respond_to do |format|
css_classes << " editable" if editable
content_tag('div', content.html_safe, :id => "journal-#{journal.id}-notes", :class => css_classes)
end
+
+ def render_private_notes(journal)
+ content = journal.private_notes? ? l(:field_is_private) : ''
+ css_classes = journal.private_notes? ? 'private' : ''
+ content_tag('span', content.html_safe, :id => "journal-#{journal.id}-private_notes", :class => css_classes)
+ end
end
<h4><a href="#note-<%= journal.indice %>" class="journal-link">#<%= journal.indice %></a>
<%= avatar(journal.user, :size => "24") %>
<%= authoring journal.created_on, journal.user, :label => :label_updated_time_by %>
- <%= content_tag('span', l(:field_is_private), :class => 'private') if journal.private_notes? %></h4>
+ <%= render_private_notes(journal) %></h4>
<% if journal.details.any? %>
<ul class="details">
:id => "journal_#{@journal.id}_notes",
:class => 'wiki-edit',
:rows => (@journal.notes.blank? ? 10 : [[10, @journal.notes.length / 50].max, 100].min) %>
+ <% if @journal.issue.safe_attribute? 'private_notes' %>
+ <%= check_box_tag 'private_notes', '1', @journal.private_notes, :id => "journal_#{@journal.id}_private_notes" %> <label for="journal_<%= @journal.id %>_private_notes"><%= l(:field_private_notes) %></label>
+ <% end %>
<%= call_hook(:view_journals_notes_form_after_notes, { :journal => @journal}) %>
<p><%= submit_tag l(:button_save) %>
<%= preview_link preview_edit_issue_path(:project_id => @project, :id => @journal.issue),
<% if @journal.frozen? %>
$("#change-<%= @journal.id %>").remove();
<% else %>
+ $("#change-<%= @journal.id %>").attr('class', '<%= @journal.css_classes %>');
$("#journal-<%= @journal.id %>-notes").replaceWith('<%= escape_javascript(render_notes(@journal.issue, @journal, :reply_links => authorize_for('issues', 'edit'))) %>');
+ $("#journal-<%= @journal.id %>-private_notes").replaceWith('<%= escape_javascript(render_private_notes(@journal)) %>');
$("#journal-<%= @journal.id %>-notes").show();
$("#journal-<%= @journal.id %>-form").remove();
<% end %>
assert_include 'journal-2-notes', response.body
end
+ def test_update_xhr_with_private_notes_checked
+ @request.session[:user_id] = 1
+ xhr :post, :update, :id => 2, :private_notes => '1'
+ assert_response :success
+ assert_template 'update'
+ assert_equal 'text/javascript', response.content_type
+ assert_equal true, Journal.find(2).private_notes
+ assert_include 'change-2', response.body
+ assert_include 'journal-2-private_notes', response.body
+ end
+
+ def test_update_xhr_with_private_notes_unchecked
+ Journal.find(2).update_attributes(:private_notes => true)
+ @request.session[:user_id] = 1
+ xhr :post, :update, :id => 2
+ assert_response :success
+ assert_template 'update'
+ assert_equal 'text/javascript', response.content_type
+ assert_equal false, Journal.find(2).private_notes
+ assert_include 'change-2', response.body
+ assert_include 'journal-2-private_notes', response.body
+ end
+
+ def test_update_xhr_with_private_notes_changes_and_without_set_private_notes_permission
+ @request.session[:user_id] = 2
+ Role.find(1).add_permission! :edit_issue_notes
+ Role.find(1).add_permission! :view_private_notes
+ Role.find(1).remove_permission! :set_notes_private
+
+ xhr :post, :update, :id => 2, :private_notes => '1'
+ assert_response 403
+ end
+
def test_update_xhr_with_empty_notes_should_delete_the_journal
@request.session[:user_id] = 1
assert_difference 'Journal.count', -1 do
projects / redmine.git / commitdiff