summaryrefslogtreecommitdiffstats
path: root/app/models/custom_field.rb
diff options
context:
space:
mode:
authorJean-Philippe Lang <jp_lang@yahoo.fr>2016-07-17 07:15:25 +0000
committerJean-Philippe Lang <jp_lang@yahoo.fr>2016-07-17 07:15:25 +0000
commit316eae078cc43cea468e0397ca35fbf8eced8da0 (patch)
tree129992397cd85e7879d28d16f4aae18470c7ecc4 /app/models/custom_field.rb
parent43d8ab8288e1d1f561d3fc530472ddb0042db5fe (diff)
downloadredmine-316eae078cc43cea468e0397ca35fbf8eced8da0.tar.gz
redmine-316eae078cc43cea468e0397ca35fbf8eced8da0.zip
Use safe_attributes for custom fields.
git-svn-id: http://svn.redmine.org/redmine/trunk@15689 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat (limited to 'app/models/custom_field.rb')
-rw-r--r--app/models/custom_field.rb25
1 files changed, 24 insertions, 1 deletions
diff --git a/app/models/custom_field.rb b/app/models/custom_field.rb
index 370ce7090..cd217e766 100644
--- a/app/models/custom_field.rb
+++ b/app/models/custom_field.rb
@@ -16,6 +16,7 @@
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class CustomField < ActiveRecord::Base
+ include Redmine::SafeAttributes
include Redmine::SubclassFactory
has_many :enumerations,
@@ -61,11 +62,33 @@ class CustomField < ActiveRecord::Base
where(:visible => true)
end
}
-
def visible_by?(project, user=User.current)
visible? || user.admin?
end
+ safe_attributes 'name',
+ 'field_format',
+ 'possible_values',
+ 'regexp',
+ 'min_lnegth',
+ 'max_length',
+ 'is_required',
+ 'is_for_all',
+ 'is_filter',
+ 'position',
+ 'searchable',
+ 'default_value',
+ 'editable',
+ 'visible',
+ 'multiple',
+ 'description',
+ 'role_ids',
+ 'url_pattern',
+ 'text_formatting',
+ 'edit_tag_style',
+ 'user_role',
+ 'version_status'
+
def format
@format ||= Redmine::FieldFormat.find(field_format)
end
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-24 15:19:51 +0000