Mercurial > hg > soundsoftware-site
diff app/models/.svn/text-base/user.rb.svn-base @ 119:8661b858af72
* Update to Redmine trunk rev 4705
| author | Chris Cannam |
|---|---|
| date | Thu, 13 Jan 2011 14:12:06 +0000 |
| parents | 94944d00e43c |
| children | cd2282d2aa55 07fa8a8b56a8 |
line wrap: on
line diff
--- a/app/models/.svn/text-base/user.rb.svn-base Fri Nov 19 14:05:24 2010 +0000 +++ b/app/models/.svn/text-base/user.rb.svn-base Thu Jan 13 14:12:06 2011 +0000 @@ -18,7 +18,8 @@ require "digest/sha1" class User < Principal - + include Redmine::SafeAttributes + # Account statuses STATUS_ANONYMOUS = 0 STATUS_ACTIVE = 1 @@ -34,13 +35,13 @@ } MAIL_NOTIFICATION_OPTIONS = [ - [:all, :label_user_mail_option_all], - [:selected, :label_user_mail_option_selected], - [:none, :label_user_mail_option_none], - [:only_my_events, :label_user_mail_option_only_my_events], - [:only_assigned, :label_user_mail_option_only_assigned], - [:only_owner, :label_user_mail_option_only_owner] - ] + ['all', :label_user_mail_option_all], + ['selected', :label_user_mail_option_selected], + ['only_my_events', :label_user_mail_option_only_my_events], + ['only_assigned', :label_user_mail_option_only_assigned], + ['only_owner', :label_user_mail_option_only_owner], + ['none', :label_user_mail_option_none] + ] has_and_belongs_to_many :groups, :after_add => Proc.new {|user, group| group.user_added(user)}, :after_remove => Proc.new {|user, group| group.user_removed(user)} @@ -59,7 +60,7 @@ attr_accessor :password, :password_confirmation attr_accessor :last_before_login_on # Prevents unauthorized assignments - attr_protected :login, :admin, :password, :password_confirmation, :hashed_password, :group_ids + attr_protected :login, :admin, :password, :password_confirmation, :hashed_password validates_presence_of :login, :firstname, :lastname, :mail, :if => Proc.new { |user| !user.is_a?(AnonymousUser) } validates_uniqueness_of :login, :if => Proc.new { |user| !user.login.blank? }, :case_sensitive => false @@ -67,11 +68,11 @@ # Login must contain lettres, numbers, underscores only validates_format_of :login, :with => /^[a-z0-9_\-@\.]*$/i validates_length_of :login, :maximum => 30 - validates_format_of :firstname, :lastname, :with => /^[\w\s\'\-\.]*$/i validates_length_of :firstname, :lastname, :maximum => 30 validates_format_of :mail, :with => /^([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})$/i, :allow_nil => true validates_length_of :mail, :maximum => 60, :allow_nil => true validates_confirmation_of :password, :allow_nil => true + validates_inclusion_of :mail_notification, :in => MAIL_NOTIFICATION_OPTIONS.collect(&:first), :allow_blank => true def before_create self.mail_notification = Setting.default_notification_option if self.mail_notification.blank? @@ -264,7 +265,7 @@ # Note that @user.membership.size would fail since AR ignores # :include association option when doing a count if memberships.length < 1 - MAIL_NOTIFICATION_OPTIONS.delete_if {|option| option.first == :selected} + MAIL_NOTIFICATION_OPTIONS.delete_if {|option| option.first == 'selected'} else MAIL_NOTIFICATION_OPTIONS end @@ -390,32 +391,49 @@ def allowed_to_globally?(action, options) allowed_to?(action, nil, options.reverse_merge(:global => true)) end + + safe_attributes 'login', + 'firstname', + 'lastname', + 'mail', + 'mail_notification', + 'language', + 'custom_field_values', + 'custom_fields', + 'identity_url' + + safe_attributes 'status', + 'auth_source_id', + :if => lambda {|user, current_user| current_user.admin?} + + safe_attributes 'group_ids', + :if => lambda {|user, current_user| current_user.admin? && !user.new_record?} # Utility method to help check if a user should be notified about an # event. # # TODO: only supports Issue events currently def notify_about?(object) - case mail_notification.to_sym - when :all + case mail_notification + when 'all' true - when :selected + when 'selected' # Handled by the Project - when :none + when 'none' false - when :only_my_events + when 'only_my_events' if object.is_a?(Issue) && (object.author == self || object.assigned_to == self) true else false end - when :only_assigned + when 'only_assigned' if object.is_a?(Issue) && object.assigned_to == self true else false end - when :only_owner + when 'only_owner' if object.is_a?(Issue) && object.author == self true else