git-svn-id: http://svn.redmine.org/redmine/trunk@15621 e93f8b46-1217-0410-a6f0-8f06a7374b81tags/3.4.0
def update | def update | ||||
(render_403; return false) unless @journal.editable_by?(User.current) | (render_403; return false) unless @journal.editable_by?(User.current) | ||||
@journal.notes = params[:notes] if params[:notes] | |||||
@journal.private_notes = params[:private_notes].present? | |||||
(render_403; return false) if @journal.private_notes_changed? && User.current.allowed_to?(:set_notes_private, @journal.issue.project) == false | |||||
@journal.save if @journal.changed? | |||||
@journal.safe_attributes = params[:journal] | |||||
@journal.save | |||||
@journal.destroy if @journal.details.empty? && @journal.notes.blank? | @journal.destroy if @journal.details.empty? && @journal.notes.blank? | ||||
call_hook(:controller_journals_edit_post, { :journal => @journal, :params => params}) | call_hook(:controller_journals_edit_post, { :journal => @journal, :params => params}) | ||||
respond_to do |format| | respond_to do |format| |
:class => 'icon-only icon-edit' | :class => 'icon-only icon-edit' | ||||
) if editable | ) if editable | ||||
links << link_to(l(:button_delete), | links << link_to(l(:button_delete), | ||||
journal_path(journal, :notes => ""), | |||||
journal_path(journal, :journal => {:notes => ""}), | |||||
:remote => true, | :remote => true, | ||||
:method => 'put', :data => {:confirm => l(:text_are_you_sure)}, | :method => 'put', :data => {:confirm => l(:text_are_you_sure)}, | ||||
:title => l(:button_delete), | :title => l(:button_delete), |
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. | ||||
class Journal < ActiveRecord::Base | class Journal < ActiveRecord::Base | ||||
include Redmine::SafeAttributes | |||||
belongs_to :journalized, :polymorphic => true | belongs_to :journalized, :polymorphic => true | ||||
# added as a quick fix to allow eager loading of the polymorphic association | # added as a quick fix to allow eager loading of the polymorphic association | ||||
# since always associated to an issue, for now | # since always associated to an issue, for now | ||||
where("(#{Journal.table_name}.private_notes = ? OR (#{Project.allowed_to_condition(user, :view_private_notes, *args)}))", false) | where("(#{Journal.table_name}.private_notes = ? OR (#{Project.allowed_to_condition(user, :view_private_notes, *args)}))", false) | ||||
} | } | ||||
safe_attributes 'notes', | |||||
:if => lambda {|journal, user| journal.new_record? || journal.editable_by?(user)} | |||||
safe_attributes 'private_notes', | |||||
:if => lambda {|journal, user| user.allowed_to?(:set_notes_private, journal.project)} | |||||
def initialize(*args) | def initialize(*args) | ||||
super | super | ||||
if journalized | if journalized |
:method => 'put', | :method => 'put', | ||||
:id => "journal-#{@journal.id}-form") do %> | :id => "journal-#{@journal.id}-form") do %> | ||||
<%= label_tag "notes", l(:description_notes), :class => "hidden-for-sighted" %> | <%= label_tag "notes", l(:description_notes), :class => "hidden-for-sighted" %> | ||||
<%= text_area_tag :notes, @journal.notes, | |||||
<%= text_area_tag 'journal[notes]', @journal.notes, | |||||
:id => "journal_#{@journal.id}_notes", | :id => "journal_#{@journal.id}_notes", | ||||
:class => 'wiki-edit', | :class => 'wiki-edit', | ||||
:rows => (@journal.notes.blank? ? 10 : [[10, @journal.notes.length / 50].max, 100].min) %> | :rows => (@journal.notes.blank? ? 10 : [[10, @journal.notes.length / 50].max, 100].min) %> | ||||
<% if @journal.issue.safe_attribute? 'private_notes' %> | |||||
<%= check_box_tag 'private_notes', '1', @journal.private_notes, :id => "journal_#{@journal.id}_private_notes" %> <label for="journal_<%= @journal.id %>_private_notes"><%= l(:field_private_notes) %></label> | |||||
<% if @journal.safe_attribute? 'private_notes' %> | |||||
<%= hidden_field_tag 'journal[private_notes]', '0' %> | |||||
<%= check_box_tag 'journal[private_notes]', '1', @journal.private_notes, :id => "journal_#{@journal.id}_private_notes" %> | |||||
<label for="journal_<%= @journal.id %>_private_notes"><%= l(:field_private_notes) %></label> | |||||
<% end %> | <% end %> | ||||
<%= call_hook(:view_journals_notes_form_after_notes, { :journal => @journal}) %> | <%= call_hook(:view_journals_notes_form_after_notes, { :journal => @journal}) %> | ||||
<p><%= submit_tag l(:button_save) %> | <p><%= submit_tag l(:button_save) %> |
def test_update_xhr | def test_update_xhr | ||||
@request.session[:user_id] = 1 | @request.session[:user_id] = 1 | ||||
xhr :post, :update, :id => 2, :notes => 'Updated notes' | |||||
xhr :post, :update, :id => 2, :journal => {:notes => 'Updated notes'} | |||||
assert_response :success | assert_response :success | ||||
assert_template 'update' | assert_template 'update' | ||||
assert_equal 'text/javascript', response.content_type | assert_equal 'text/javascript', response.content_type | ||||
def test_update_xhr_with_private_notes_checked | def test_update_xhr_with_private_notes_checked | ||||
@request.session[:user_id] = 1 | @request.session[:user_id] = 1 | ||||
xhr :post, :update, :id => 2, :private_notes => '1' | |||||
xhr :post, :update, :id => 2, :journal => {:private_notes => '1'} | |||||
assert_response :success | assert_response :success | ||||
assert_template 'update' | assert_template 'update' | ||||
assert_equal 'text/javascript', response.content_type | assert_equal 'text/javascript', response.content_type | ||||
def test_update_xhr_with_private_notes_unchecked | def test_update_xhr_with_private_notes_unchecked | ||||
Journal.find(2).update_attributes(:private_notes => true) | Journal.find(2).update_attributes(:private_notes => true) | ||||
@request.session[:user_id] = 1 | @request.session[:user_id] = 1 | ||||
xhr :post, :update, :id => 2 | |||||
xhr :post, :update, :id => 2, :journal => {:private_notes => '0'} | |||||
assert_response :success | assert_response :success | ||||
assert_template 'update' | assert_template 'update' | ||||
assert_equal 'text/javascript', response.content_type | assert_equal 'text/javascript', response.content_type | ||||
assert_include 'journal-2-private_notes', response.body | assert_include 'journal-2-private_notes', response.body | ||||
end | end | ||||
def test_update_xhr_with_private_notes_changes_and_without_set_private_notes_permission | |||||
def test_update_xhr_without_set_private_notes_permission_should_ignore_private_notes | |||||
@request.session[:user_id] = 2 | @request.session[:user_id] = 2 | ||||
Role.find(1).add_permission! :edit_issue_notes | Role.find(1).add_permission! :edit_issue_notes | ||||
Role.find(1).add_permission! :view_private_notes | Role.find(1).add_permission! :view_private_notes | ||||
Role.find(1).remove_permission! :set_notes_private | Role.find(1).remove_permission! :set_notes_private | ||||
xhr :post, :update, :id => 2, :private_notes => '1' | |||||
assert_response 403 | |||||
xhr :post, :update, :id => 2, :journal => {:private_notes => '1'} | |||||
assert_response :success | |||||
assert_equal false, Journal.find(2).private_notes | |||||
end | end | ||||
def test_update_xhr_with_empty_notes_should_delete_the_journal | def test_update_xhr_with_empty_notes_should_delete_the_journal | ||||
@request.session[:user_id] = 1 | @request.session[:user_id] = 1 | ||||
assert_difference 'Journal.count', -1 do | assert_difference 'Journal.count', -1 do | ||||
xhr :post, :update, :id => 2, :notes => '' | |||||
xhr :post, :update, :id => 2, :journal => {:notes => ''} | |||||
assert_response :success | assert_response :success | ||||
assert_template 'update' | assert_template 'update' | ||||
assert_equal 'text/javascript', response.content_type | assert_equal 'text/javascript', response.content_type |