git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4492 e93f8b46-1217-0410-a6f0-8f06a7374b81tags/1.1.0
@@ -53,7 +53,7 @@ class MyController < ApplicationController | |||
@user = User.current | |||
@pref = @user.pref | |||
if request.post? | |||
@user.attributes = params[:user] | |||
@user.safe_attributes = params[:user] | |||
@user.mail_notification = params[:notification_option] || 'only_my_events' | |||
@user.pref.attributes = params[:pref] | |||
@user.pref[:no_self_notified] = (params[:no_self_notified] == '1') |
@@ -72,7 +72,8 @@ class ProjectsController < ApplicationController | |||
def create | |||
@issue_custom_fields = IssueCustomField.find(:all, :order => "#{CustomField.table_name}.position") | |||
@trackers = Tracker.all | |||
@project = Project.new(params[:project]) | |||
@project = Project.new | |||
@project.safe_attributes = params[:project] | |||
@project.enabled_module_names = params[:enabled_modules] if params[:enabled_modules] | |||
if validate_parent_id && @project.save | |||
@@ -115,7 +116,8 @@ class ProjectsController < ApplicationController | |||
end | |||
else | |||
Mailer.with_deliveries(params[:notifications] == '1') do | |||
@project = Project.new(params[:project]) | |||
@project = Project.new | |||
@project.safe_attributes = params[:project] | |||
@project.enabled_module_names = params[:enabled_modules] | |||
if validate_parent_id && @project.copy(@source_project, :only => params[:only]) | |||
@project.set_allowed_parent!(params[:project]['parent_id']) if params[:project].has_key?('parent_id') | |||
@@ -181,7 +183,7 @@ class ProjectsController < ApplicationController | |||
end | |||
def update | |||
@project.attributes = params[:project] | |||
@project.safe_attributes = params[:project] | |||
if validate_parent_id && @project.save | |||
@project.set_allowed_parent!(params[:project]['parent_id']) if params[:project].has_key?('parent_id') | |||
respond_to do |format| |
@@ -97,7 +97,8 @@ class UsersController < ApplicationController | |||
@notification_options = User::MAIL_NOTIFICATION_OPTIONS | |||
@notification_option = Setting.default_notification_option | |||
@user = User.new(params[:user]) | |||
@user = User.new | |||
@user.safe_attributes = params[:user] | |||
@user.admin = params[:user][:admin] || false | |||
@user.login = params[:user][:login] | |||
@user.password, @user.password_confirmation = params[:password], params[:password_confirmation] unless @user.auth_source_id | |||
@@ -155,7 +156,7 @@ class UsersController < ApplicationController | |||
@user.password, @user.password_confirmation = params[:password], params[:password_confirmation] | |||
end | |||
@user.group_ids = params[:user][:group_ids] if params[:user][:group_ids] | |||
@user.attributes = params[:user] | |||
@user.safe_attributes = params[:user] | |||
# Was the account actived ? (do it before User#save clears the change) | |||
was_activated = (@user.status_change == [User::STATUS_REGISTERED, User::STATUS_ACTIVE]) | |||
# TODO: Similar to My#account |
@@ -16,6 +16,8 @@ | |||
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. | |||
class Project < ActiveRecord::Base | |||
include Redmine::SafeAttributes | |||
# Project statuses | |||
STATUS_ACTIVE = 1 | |||
STATUS_ARCHIVED = 9 | |||
@@ -520,6 +522,15 @@ class Project < ActiveRecord::Base | |||
def enabled_module_names | |||
enabled_modules.collect(&:name) | |||
end | |||
safe_attributes 'name', | |||
'description', | |||
'homepage', | |||
'is_public', | |||
'identifier', | |||
'custom_field_values', | |||
'custom_fields', | |||
'tracker_ids' | |||
# Returns an array of projects that are in this project's hierarchy | |||
# |
@@ -18,7 +18,8 @@ | |||
require "digest/sha1" | |||
class User < Principal | |||
include Redmine::SafeAttributes | |||
# Account statuses | |||
STATUS_ANONYMOUS = 0 | |||
STATUS_ACTIVE = 1 | |||
@@ -390,6 +391,20 @@ class User < Principal | |||
def allowed_to_globally?(action, options) | |||
allowed_to?(action, nil, options.reverse_merge(:global => true)) | |||
end | |||
safe_attributes 'login', | |||
'firstname', | |||
'lastname', | |||
'mail', | |||
'mail_notification', | |||
'language', | |||
'custom_field_values', | |||
'custom_fields', | |||
'identity_url' | |||
safe_attributes 'status', | |||
'auth_source_id', | |||
:if => lambda {|user, current_user| current_user.admin?} | |||
# Utility method to help check if a user should be notified about an | |||
# event. |
@@ -144,19 +144,27 @@ class ProjectsControllerTest < ActionController::TestCase | |||
end | |||
should "create a new project" do | |||
post :create, :project => { :name => "blog", | |||
:description => "weblog", | |||
:identifier => "blog", | |||
:is_public => 1, | |||
:custom_field_values => { '3' => 'Beta' } | |||
} | |||
post :create, | |||
:project => { | |||
:name => "blog", | |||
:description => "weblog", | |||
:homepage => 'http://weblog', | |||
:identifier => "blog", | |||
:is_public => 1, | |||
:custom_field_values => { '3' => 'Beta' }, | |||
:tracker_ids => ['1', '3'] | |||
} | |||
assert_redirected_to '/projects/blog/settings' | |||
project = Project.find_by_name('blog') | |||
assert_kind_of Project, project | |||
assert project.active? | |||
assert_equal 'weblog', project.description | |||
assert_equal 'http://weblog', project.homepage | |||
assert_equal true, project.is_public? | |||
assert_nil project.parent | |||
assert_equal 'Beta', project.custom_value_for(3).value | |||
assert_equal [1, 3], project.trackers.map(&:id).sort | |||
end | |||
should "create a new subproject" do |