diff options
| author | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2008-11-11 15:07:55 +0000 |
|---|---|---|
| committer | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2008-11-11 15:07:55 +0000 |
| commit | 7a05f8ed66918e13315e647ecea620a716c4cbeb (patch) | |
| tree | cb5098c39034e87ee3a22df22da2da087a29c6c8 /app/controllers | |
| parent | cbacc71dff75f6abd6bfc5c4c4200b6c08528e0a (diff) | |
| download | redmine-7a05f8ed66918e13315e647ecea620a716c4cbeb.tar.gz redmine-7a05f8ed66918e13315e647ecea620a716c4cbeb.zip | |
Adds permissions to let users edit and/or delete their messages (#854, patch by Markus Knittig with slight changes).
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@2019 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat (limited to 'app/controllers')
| -rw-r--r-- | app/controllers/messages_controller.rb | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/app/controllers/messages_controller.rb b/app/controllers/messages_controller.rb index 79b4b616a..af39efb21 100644 --- a/app/controllers/messages_controller.rb +++ b/app/controllers/messages_controller.rb @@ -19,7 +19,7 @@ class MessagesController < ApplicationController menu_item :boards before_filter :find_board, :only => [:new, :preview] before_filter :find_message, :except => [:new, :preview] - before_filter :authorize, :except => :preview + before_filter :authorize, :except => [:preview, :edit, :destroy] verify :method => :post, :only => [ :reply, :destroy ], :redirect_to => { :action => :show } verify :xhr => true, :only => :quote @@ -30,7 +30,7 @@ class MessagesController < ApplicationController # Show a topic and its replies def show - @replies = @topic.children + @replies = @topic.children.find(:all, :include => [:author, :attachments, {:board => :project}]) @replies.reverse! if User.current.wants_comments_in_reverse_order? @reply = Message.new(:subject => "RE: #{@message.subject}") render :action => "show", :layout => false if request.xhr? @@ -65,7 +65,8 @@ class MessagesController < ApplicationController # Edit a message def edit - if params[:message] && User.current.allowed_to?(:edit_messages, @project) + render_403 and return false unless @message.editable_by?(User.current) + if params[:message] @message.locked = params[:message]['locked'] @message.sticky = params[:message]['sticky'] end @@ -78,6 +79,7 @@ class MessagesController < ApplicationController # Delete a messages def destroy + render_403 and return false unless @message.destroyable_by?(User.current) @message.destroy redirect_to @message.parent.nil? ? { :controller => 'boards', :action => 'show', :project_id => @project, :id => @board } : |