menu_item :boards
before_filter :find_board, :only => [:new, :preview]
before_filter :find_message, :except => [:new, :preview]
- before_filter :authorize, :except => :preview
+ before_filter :authorize, :except => [:preview, :edit, :destroy]
verify :method => :post, :only => [ :reply, :destroy ], :redirect_to => { :action => :show }
verify :xhr => true, :only => :quote
# Show a topic and its replies
def show
- @replies = @topic.children
+ @replies = @topic.children.find(:all, :include => [:author, :attachments, {:board => :project}])
@replies.reverse! if User.current.wants_comments_in_reverse_order?
@reply = Message.new(:subject => "RE: #{@message.subject}")
render :action => "show", :layout => false if request.xhr?
# Edit a message
def edit
- if params[:message] && User.current.allowed_to?(:edit_messages, @project)
+ render_403 and return false unless @message.editable_by?(User.current)
+ if params[:message]
@message.locked = params[:message]['locked']
@message.sticky = params[:message]['sticky']
end
# Delete a messages
def destroy
+ render_403 and return false unless @message.destroyable_by?(User.current)
@message.destroy
redirect_to @message.parent.nil? ?
{ :controller => 'boards', :action => 'show', :project_id => @project, :id => @board } :
def project
board.project
end
+
+ def editable_by?(usr)
+ usr && usr.logged? && (usr.allowed_to?(:edit_messages, project) || (self.author == usr && usr.allowed_to?(:edit_own_messages, project)))
+ end
+
+ def destroyable_by?(usr)
+ usr && usr.logged? && (usr.allowed_to?(:delete_messages, project) || (self.author == usr && usr.allowed_to?(:delete_own_messages, project)))
+ end
private
<div class="contextual">
<%= watcher_tag(@topic, User.current) %>
<%= link_to_remote_if_authorized l(:button_quote), { :url => {:action => 'quote', :id => @topic} }, :class => 'icon icon-comment' %>
- <%= link_to_if_authorized l(:button_edit), {:action => 'edit', :id => @topic}, :class => 'icon icon-edit' %>
- <%= link_to_if_authorized l(:button_delete), {:action => 'destroy', :id => @topic}, :method => :post, :confirm => l(:text_are_you_sure), :class => 'icon icon-del' %>
+ <%= link_to(l(:button_edit), {:action => 'edit', :id => @topic}, :class => 'icon icon-edit') if @message.editable_by?(User.current) %>
+ <%= link_to(l(:button_delete), {:action => 'destroy', :id => @topic}, :method => :post, :confirm => l(:text_are_you_sure), :class => 'icon icon-del') if @message.destroyable_by?(User.current) %>
</div>
<h2><%=h @topic.subject %></h2>
<a name="<%= "message-#{message.id}" %>"></a>
<div class="contextual">
<%= link_to_remote_if_authorized image_tag('comment.png'), { :url => {:action => 'quote', :id => message} }, :title => l(:button_quote) %>
- <%= link_to_if_authorized image_tag('edit.png'), {:action => 'edit', :id => message}, :title => l(:button_edit) %>
- <%= link_to_if_authorized image_tag('delete.png'), {:action => 'destroy', :id => message}, :method => :post, :confirm => l(:text_are_you_sure), :title => l(:button_delete) %>
+ <%= link_to(image_tag('edit.png'), {:action => 'edit', :id => message}, :title => l(:button_edit)) if message.editable_by?(User.current) %>
+ <%= link_to(image_tag('delete.png'), {:action => 'destroy', :id => message}, :method => :post, :confirm => l(:text_are_you_sure), :title => l(:button_delete)) if message.destroyable_by?(User.current) %>
</div>
<div class="message reply">
<h4><%=h message.subject %> - <%= authoring message.created_on, message.author %></h4>
setting_gravatar_enabled: Use Gravatar user icons
label_example: Example
text_repository_usernames_mapping: "Select ou update the Redmine user mapped to each username found in the repository log.\nUsers with the same Redmine and repository username or email are automatically mapped."
+permission_edit_own_messages: Edit own messages
+permission_delete_won_messages: Delete own messages
setting_gravatar_enabled: Use Gravatar user icons
label_example: Example
text_repository_usernames_mapping: "Select ou update the Redmine user mapped to each username found in the repository log.\nUsers with the same Redmine and repository username or email are automatically mapped."\r
+permission_edit_own_messages: Edit own messages\r
+permission_delete_won_messages: Delete own messages\r
setting_gravatar_enabled: Use Gravatar user icons
label_example: Example
text_repository_usernames_mapping: "Select ou update the Redmine user mapped to each username found in the repository log.\nUsers with the same Redmine and repository username or email are automatically mapped."
+permission_edit_own_messages: Edit own messages
+permission_delete_won_messages: Delete own messages
setting_gravatar_enabled: Use Gravatar user icons
label_example: Example
text_repository_usernames_mapping: "Select ou update the Redmine user mapped to each username found in the repository log.\nUsers with the same Redmine and repository username or email are automatically mapped."
+permission_edit_own_messages: Edit own messages
+permission_delete_won_messages: Delete own messages
setting_gravatar_enabled: Use Gravatar user icons
label_example: Example
text_repository_usernames_mapping: "Select ou update the Redmine user mapped to each username found in the repository log.\nUsers with the same Redmine and repository username or email are automatically mapped."
+permission_edit_own_messages: Edit own messages
+permission_delete_won_messages: Delete own messages
permission_view_messages: View messages
permission_add_messages: Post messages
permission_edit_messages: Edit messages
+permission_edit_own_messages: Edit own messages
permission_delete_messages: Delete messages
+permission_delete_won_messages: Delete own messages
project_module_issue_tracking: Issue tracking
project_module_time_tracking: Time tracking
setting_gravatar_enabled: Use Gravatar user icons
label_example: Example
text_repository_usernames_mapping: "Select ou update the Redmine user mapped to each username found in the repository log.\nUsers with the same Redmine and repository username or email are automatically mapped."
+permission_edit_own_messages: Edit own messages
+permission_delete_won_messages: Delete own messages
setting_gravatar_enabled: Use Gravatar user icons
label_example: Example
text_repository_usernames_mapping: "Select ou update the Redmine user mapped to each username found in the repository log.\nUsers with the same Redmine and repository username or email are automatically mapped."
+permission_edit_own_messages: Edit own messages
+permission_delete_won_messages: Delete own messages
permission_view_messages: Voir les messages
permission_add_messages: Poster un message
permission_edit_messages: Modifier les messages
+permission_edit_own_messages: Modifier ses propres messages
permission_delete_messages: Supprimer les messages
+permission_delete_won_messages: Supprimer ses propres messages
project_module_issue_tracking: Suivi des demandes
project_module_time_tracking: Suivi du temps passé
setting_gravatar_enabled: Use Gravatar user icons
label_example: Example
text_repository_usernames_mapping: "Select ou update the Redmine user mapped to each username found in the repository log.\nUsers with the same Redmine and repository username or email are automatically mapped."
+permission_edit_own_messages: Edit own messages
+permission_delete_won_messages: Delete own messages
setting_gravatar_enabled: Felhasználói fényképek engedélyezése
label_example: Example
text_repository_usernames_mapping: "Select ou update the Redmine user mapped to each username found in the repository log.\nUsers with the same Redmine and repository username or email are automatically mapped."
+permission_edit_own_messages: Edit own messages
+permission_delete_won_messages: Delete own messages
setting_gravatar_enabled: Usa icone utente Gravatar
label_example: Example
text_repository_usernames_mapping: "Select ou update the Redmine user mapped to each username found in the repository log.\nUsers with the same Redmine and repository username or email are automatically mapped."
+permission_edit_own_messages: Edit own messages
+permission_delete_won_messages: Delete own messages
setting_gravatar_enabled: Use Gravatar user icons
label_example: Example
text_repository_usernames_mapping: "Select ou update the Redmine user mapped to each username found in the repository log.\nUsers with the same Redmine and repository username or email are automatically mapped."
+permission_edit_own_messages: Edit own messages
+permission_delete_won_messages: Delete own messages
setting_gravatar_enabled: Use Gravatar user icons
label_example: Example
text_repository_usernames_mapping: "Select ou update the Redmine user mapped to each username found in the repository log.\nUsers with the same Redmine and repository username or email are automatically mapped."
+permission_edit_own_messages: Edit own messages
+permission_delete_won_messages: Delete own messages
setting_gravatar_enabled: Use Gravatar user icons
label_example: Example
text_repository_usernames_mapping: "Select ou update the Redmine user mapped to each username found in the repository log.\nUsers with the same Redmine and repository username or email are automatically mapped."
+permission_edit_own_messages: Edit own messages
+permission_delete_won_messages: Delete own messages
setting_gravatar_enabled: Use Gravatar user icons
label_example: Example
text_repository_usernames_mapping: "Select ou update the Redmine user mapped to each username found in the repository log.\nUsers with the same Redmine and repository username or email are automatically mapped."
+permission_edit_own_messages: Edit own messages
+permission_delete_won_messages: Delete own messages
setting_gravatar_enabled: Use Gravatar user icons
label_example: Example
text_repository_usernames_mapping: "Select ou update the Redmine user mapped to each username found in the repository log.\nUsers with the same Redmine and repository username or email are automatically mapped."
+permission_edit_own_messages: Edit own messages
+permission_delete_won_messages: Delete own messages
label_example: Example
text_repository_usernames_mapping: "Select ou update the Redmine user mapped to each username found in the repository log.\nUsers with the same Redmine and repository username or email are automatically mapped."
+permission_edit_own_messages: Edit own messages
+permission_delete_won_messages: Delete own messages
setting_gravatar_enabled: Usar ícones do Gravatar
label_example: Exemplo
text_repository_usernames_mapping: "Seleciona ou atualiza os usuários do Redmine mapeando para cada usuário encontrado no log do repositório.\nUsuários com o mesmo login ou email no Redmine e no repositório serão mapeados automaticamente."
+permission_edit_own_messages: Edit own messages\r
+permission_delete_won_messages: Delete own messages\r
setting_gravatar_enabled: Use Gravatar user icons
label_example: Example
text_repository_usernames_mapping: "Select ou update the Redmine user mapped to each username found in the repository log.\nUsers with the same Redmine and repository username or email are automatically mapped."
+permission_edit_own_messages: Edit own messages
+permission_delete_won_messages: Delete own messages
setting_gravatar_enabled: Use Gravatar user icons
label_example: Example
text_repository_usernames_mapping: "Select ou update the Redmine user mapped to each username found in the repository log.\nUsers with the same Redmine and repository username or email are automatically mapped."
+permission_edit_own_messages: Edit own messages
+permission_delete_won_messages: Delete own messages
text_wiki_destroy_confirmation: Вы уверены, что хотите удалить данную Wiki и все ее содержимое?
text_workflow_edit: Выберите роль и трекер для редактирования последовательности состояний
text_repository_usernames_mapping: "Select ou update the Redmine user mapped to each username found in the repository log.\nUsers with the same Redmine and repository username or email are automatically mapped."
+permission_edit_own_messages: Edit own messages
+permission_delete_won_messages: Delete own messages
setting_gravatar_enabled: Použitie uživateľských Gravatar ikon
label_example: Example
text_repository_usernames_mapping: "Select ou update the Redmine user mapped to each username found in the repository log.\nUsers with the same Redmine and repository username or email are automatically mapped."\r
+permission_edit_own_messages: Edit own messages\r
+permission_delete_won_messages: Delete own messages\r
setting_gravatar_enabled: Use Gravatar user icons
label_example: Example
text_repository_usernames_mapping: "Select ou update the Redmine user mapped to each username found in the repository log.\nUsers with the same Redmine and repository username or email are automatically mapped."
+permission_edit_own_messages: Edit own messages
+permission_delete_won_messages: Delete own messages
setting_gravatar_enabled: Use Gravatar user icons
label_example: Example
text_repository_usernames_mapping: "Select ou update the Redmine user mapped to each username found in the repository log.\nUsers with the same Redmine and repository username or email are automatically mapped."
+permission_edit_own_messages: Edit own messages
+permission_delete_won_messages: Delete own messages
setting_gravatar_enabled: Use Gravatar user icons
label_example: Example
text_repository_usernames_mapping: "Select ou update the Redmine user mapped to each username found in the repository log.\nUsers with the same Redmine and repository username or email are automatically mapped."
+permission_edit_own_messages: Edit own messages
+permission_delete_won_messages: Delete own messages
setting_gravatar_enabled: Use Gravatar user icons
label_example: Example
text_repository_usernames_mapping: "Select ou update the Redmine user mapped to each username found in the repository log.\nUsers with the same Redmine and repository username or email are automatically mapped."
+permission_edit_own_messages: Edit own messages
+permission_delete_won_messages: Delete own messages
setting_gravatar_enabled: Use Gravatar user icons
label_example: Example
text_repository_usernames_mapping: "Select ou update the Redmine user mapped to each username found in the repository log.\nUsers with the same Redmine and repository username or email are automatically mapped."
+permission_edit_own_messages: Edit own messages
+permission_delete_won_messages: Delete own messages
permission_edit_own_time_entries: Edit own time logs
label_example: Example
text_repository_usernames_mapping: "Select ou update the Redmine user mapped to each username found in the repository log.\nUsers with the same Redmine and repository username or email are automatically mapped."\r
+permission_edit_own_messages: Edit own messages\r
+permission_delete_won_messages: Delete own messages\r
enumeration_doc_categories: 文件分類
enumeration_activities: 活動 (時間追蹤)
text_repository_usernames_mapping: "Select ou update the Redmine user mapped to each username found in the repository log.\nUsers with the same Redmine and repository username or email are automatically mapped."
+permission_edit_own_messages: Edit own messages
+permission_delete_won_messages: Delete own messages
enumeration_activities: 活动(时间跟踪)
label_example: Example
text_repository_usernames_mapping: "Select ou update the Redmine user mapped to each username found in the repository log.\nUsers with the same Redmine and repository username or email are automatically mapped."
+permission_edit_own_messages: Edit own messages
+permission_delete_won_messages: Delete own messages
map.permission :view_messages, {:boards => [:index, :show], :messages => [:show]}, :public => true
map.permission :add_messages, {:messages => [:new, :reply, :quote]}
map.permission :edit_messages, {:messages => :edit}, :require => :member
+ map.permission :edit_own_messages, {:messages => :edit}, :require => :loggedin
map.permission :delete_messages, {:messages => :destroy}, :require => :member
+ map.permission :delete_own_messages, {:messages => :destroy}, :require => :loggedin
end
end
:edit_wiki_pages,
:delete_wiki_pages,
:add_messages,
+ :edit_own_messages,
:view_files,
:manage_files,
:browse_repository,
:view_wiki_pages,
:view_wiki_edits,
:add_messages,
+ :edit_own_messages,
:view_files,
:browse_repository,
:view_changesets]
updated_on: 2007-08-12 17:15:32 +02:00\r
subject: Post 2\r
id: 4\r
- replies_count: 1\r
- last_reply_id: 5\r
+ replies_count: 2\r
+ last_reply_id: 6\r
content: "This is an other post"\r
author_id: \r
parent_id: \r
author_id: 1\r
parent_id: 4\r
board_id: 1\r
+messages_006: \r
+ created_on: <%= 2.days.ago.to_date.to_s(:db) %>\r
+ updated_on: <%= 2.days.ago.to_date.to_s(:db) %>\r
+ subject: 'RE: post 2'\r
+ id: 6\r
+ replies_count: 0\r
+ last_reply_id: \r
+ content: "Another reply to the second post"\r
+ author_id: 3\r
+ parent_id: 4\r
+ board_id: 1\r
- :protect_wiki_pages\r
- :delete_wiki_pages\r
- :add_messages\r
+ - :edit_own_messages\r
+ - :delete_own_messages\r
- :manage_boards\r
- :view_files\r
- :manage_files\r
require File.dirname(__FILE__) + '/../test_helper'
class MessageTest < Test::Unit::TestCase
- fixtures :projects, :boards, :messages, :users, :watchers
+ fixtures :projects, :roles, :members, :boards, :messages, :users, :watchers
def setup
@board = Board.find(1)
assert_equal topics_count, board.topics_count
assert_equal messages_count - 1, board.messages_count
end
+
+ def test_editable_by
+ message = Message.find(6)
+ author = message.author
+ assert message.editable_by?(author)
+
+ author.role_for_project(message.project).remove_permission!(:edit_own_messages)
+ assert !message.reload.editable_by?(author.reload)
+ end
+
+ def test_destroyable_by
+ message = Message.find(6)
+ author = message.author
+ assert message.destroyable_by?(author)
+
+ author.role_for_project(message.project).remove_permission!(:delete_own_messages)
+ assert !message.reload.destroyable_by?(author.reload)
+ end
end
projects / redmine.git / commitdiff