Mercurial > hg > soundsoftware-site
diff lib/redmine/safe_attributes.rb @ 1115:433d4f72a19b redmine-2.2
Update to Redmine SVN revision 11137 on 2.2-stable branch
| author | Chris Cannam |
|---|---|
| date | Mon, 07 Jan 2013 12:01:42 +0000 |
| parents | cbb26bc654de |
| children | 622f24f53b42 |
line wrap: on
line diff
--- a/lib/redmine/safe_attributes.rb Wed Jun 27 14:54:18 2012 +0100 +++ b/lib/redmine/safe_attributes.rb Mon Jan 07 12:01:42 2013 +0000 @@ -1,5 +1,5 @@ # Redmine - project management software -# Copyright (C) 2006-2011 Jean-Philippe Lang +# Copyright (C) 2006-2012 Jean-Philippe Lang # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License @@ -31,7 +31,11 @@ def safe_attributes(*args) @safe_attributes ||= [] if args.empty? - @safe_attributes + if superclass.include?(Redmine::SafeAttributes) + @safe_attributes + superclass.safe_attributes + else + @safe_attributes + end else options = args.last.is_a?(Hash) ? args.pop : {} @safe_attributes << [args, options] @@ -44,14 +48,22 @@ # Example: # book.safe_attributes # => ['title', 'pages'] # book.safe_attributes(book.author) # => ['title', 'pages', 'isbn'] - def safe_attribute_names(user=User.current) + def safe_attribute_names(user=nil) + return @safe_attribute_names if @safe_attribute_names && user.nil? names = [] self.class.safe_attributes.collect do |attrs, options| - if options[:if].nil? || options[:if].call(self, user) + if options[:if].nil? || options[:if].call(self, user || User.current) names += attrs.collect(&:to_s) end end - names.uniq + names.uniq! + @safe_attribute_names = names if user.nil? + names + end + + # Returns true if attr can be set by user or the current user + def safe_attribute?(attr, user=nil) + safe_attribute_names(user).include?(attr.to_s) end # Returns a hash with unsafe attributes removed