diff options
Diffstat (limited to 'app/models/user.rb')
| -rw-r--r-- | app/models/user.rb | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/app/models/user.rb b/app/models/user.rb index a43631932..b039ba0b3 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -18,7 +18,8 @@ require "digest/sha1" class User < Principal - + include Redmine::SafeAttributes + # Account statuses STATUS_ANONYMOUS = 0 STATUS_ACTIVE = 1 @@ -390,6 +391,20 @@ class User < Principal def allowed_to_globally?(action, options) allowed_to?(action, nil, options.reverse_merge(:global => true)) end + + safe_attributes 'login', + 'firstname', + 'lastname', + 'mail', + 'mail_notification', + 'language', + 'custom_field_values', + 'custom_fields', + 'identity_url' + + safe_attributes 'status', + 'auth_source_id', + :if => lambda {|user, current_user| current_user.admin?} # Utility method to help check if a user should be notified about an # event. |