diff options
| author | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2008-11-11 15:07:55 +0000 |
|---|---|---|
| committer | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2008-11-11 15:07:55 +0000 |
| commit | 7a05f8ed66918e13315e647ecea620a716c4cbeb (patch) | |
| tree | cb5098c39034e87ee3a22df22da2da087a29c6c8 /app | |
| parent | cbacc71dff75f6abd6bfc5c4c4200b6c08528e0a (diff) | |
| download | redmine-7a05f8ed66918e13315e647ecea620a716c4cbeb.tar.gz redmine-7a05f8ed66918e13315e647ecea620a716c4cbeb.zip | |
Adds permissions to let users edit and/or delete their messages (#854, patch by Markus Knittig with slight changes).
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@2019 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat (limited to 'app')
| -rw-r--r-- | app/controllers/messages_controller.rb | 8 | ||||
| -rw-r--r-- | app/models/message.rb | 8 | ||||
| -rw-r--r-- | app/views/messages/show.rhtml | 8 |
3 files changed, 17 insertions, 7 deletions
diff --git a/app/controllers/messages_controller.rb b/app/controllers/messages_controller.rb index 79b4b616a..af39efb21 100644 --- a/app/controllers/messages_controller.rb +++ b/app/controllers/messages_controller.rb @@ -19,7 +19,7 @@ class MessagesController < ApplicationController menu_item :boards before_filter :find_board, :only => [:new, :preview] before_filter :find_message, :except => [:new, :preview] - before_filter :authorize, :except => :preview + before_filter :authorize, :except => [:preview, :edit, :destroy] verify :method => :post, :only => [ :reply, :destroy ], :redirect_to => { :action => :show } verify :xhr => true, :only => :quote @@ -30,7 +30,7 @@ class MessagesController < ApplicationController # Show a topic and its replies def show - @replies = @topic.children + @replies = @topic.children.find(:all, :include => [:author, :attachments, {:board => :project}]) @replies.reverse! if User.current.wants_comments_in_reverse_order? @reply = Message.new(:subject => "RE: #{@message.subject}") render :action => "show", :layout => false if request.xhr? @@ -65,7 +65,8 @@ class MessagesController < ApplicationController # Edit a message def edit - if params[:message] && User.current.allowed_to?(:edit_messages, @project) + render_403 and return false unless @message.editable_by?(User.current) + if params[:message] @message.locked = params[:message]['locked'] @message.sticky = params[:message]['sticky'] end @@ -78,6 +79,7 @@ class MessagesController < ApplicationController # Delete a messages def destroy + render_403 and return false unless @message.destroyable_by?(User.current) @message.destroy redirect_to @message.parent.nil? ? { :controller => 'boards', :action => 'show', :project_id => @project, :id => @board } : diff --git a/app/models/message.rb b/app/models/message.rb index f1cb2d0ba..9a313e822 100644 --- a/app/models/message.rb +++ b/app/models/message.rb @@ -71,6 +71,14 @@ class Message < ActiveRecord::Base def project board.project end + + def editable_by?(usr) + usr && usr.logged? && (usr.allowed_to?(:edit_messages, project) || (self.author == usr && usr.allowed_to?(:edit_own_messages, project))) + end + + def destroyable_by?(usr) + usr && usr.logged? && (usr.allowed_to?(:delete_messages, project) || (self.author == usr && usr.allowed_to?(:delete_own_messages, project))) + end private diff --git a/app/views/messages/show.rhtml b/app/views/messages/show.rhtml index 31696d56d..4143532b1 100644 --- a/app/views/messages/show.rhtml +++ b/app/views/messages/show.rhtml @@ -4,8 +4,8 @@ <div class="contextual"> <%= watcher_tag(@topic, User.current) %> <%= link_to_remote_if_authorized l(:button_quote), { :url => {:action => 'quote', :id => @topic} }, :class => 'icon icon-comment' %> - <%= link_to_if_authorized l(:button_edit), {:action => 'edit', :id => @topic}, :class => 'icon icon-edit' %> - <%= link_to_if_authorized l(:button_delete), {:action => 'destroy', :id => @topic}, :method => :post, :confirm => l(:text_are_you_sure), :class => 'icon icon-del' %> + <%= link_to(l(:button_edit), {:action => 'edit', :id => @topic}, :class => 'icon icon-edit') if @message.editable_by?(User.current) %> + <%= link_to(l(:button_delete), {:action => 'destroy', :id => @topic}, :method => :post, :confirm => l(:text_are_you_sure), :class => 'icon icon-del') if @message.destroyable_by?(User.current) %> </div> <h2><%=h @topic.subject %></h2> @@ -25,8 +25,8 @@ <a name="<%= "message-#{message.id}" %>"></a> <div class="contextual"> <%= link_to_remote_if_authorized image_tag('comment.png'), { :url => {:action => 'quote', :id => message} }, :title => l(:button_quote) %> - <%= link_to_if_authorized image_tag('edit.png'), {:action => 'edit', :id => message}, :title => l(:button_edit) %> - <%= link_to_if_authorized image_tag('delete.png'), {:action => 'destroy', :id => message}, :method => :post, :confirm => l(:text_are_you_sure), :title => l(:button_delete) %> + <%= link_to(image_tag('edit.png'), {:action => 'edit', :id => message}, :title => l(:button_edit)) if message.editable_by?(User.current) %> + <%= link_to(image_tag('delete.png'), {:action => 'destroy', :id => message}, :method => :post, :confirm => l(:text_are_you_sure), :title => l(:button_delete)) if message.destroyable_by?(User.current) %> </div> <div class="message reply"> <h4><%=h message.subject %> - <%= authoring message.created_on, message.author %></h4> |