Mercurial > hg > soundsoftware-site

diff app/models/issue.rb @ 117:af80e5618e9b redmine-1.1

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
* Update to Redmine 1.1-stable branch (Redmine SVN rev 4707)
author Chris Cannam
date Thu, 13 Jan 2011 12:53:21 +0000
parents 94944d00e43c
children b859cc0c4fa1 07fa8a8b56a8
line wrap: on
line diff
--- a/app/models/issue.rb	Fri Nov 19 14:05:24 2010 +0000
+++ b/app/models/issue.rb	Thu Jan 13 12:53:21 2011 +0000
@@ -16,6 +16,8 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
 
 class Issue < ActiveRecord::Base
+  include Redmine::SafeAttributes
+  
   belongs_to :project
   belongs_to :tracker
   belongs_to :status, :class_name => 'IssueStatus', :foreign_key => 'status_id'
@@ -68,8 +70,7 @@
                                   :conditions => ["#{Project.table_name}.status=#{Project::STATUS_ACTIVE}"]
   named_scope :for_gantt, lambda {
     {
-      :include => [:tracker, :status, :assigned_to, :priority, :project, :fixed_version],
-      :order => "#{Issue.table_name}.due_date ASC, #{Issue.table_name}.start_date ASC, #{Issue.table_name}.id ASC"
+      :include => [:tracker, :status, :assigned_to, :priority, :project, :fixed_version]
     }
   }
 
@@ -215,30 +216,29 @@
     write_attribute :estimated_hours, (h.is_a?(String) ? h.to_hours : h)
   end
   
-  SAFE_ATTRIBUTES = %w(
-    tracker_id
-    status_id
-    parent_issue_id
-    category_id
-    assigned_to_id
-    priority_id
-    fixed_version_id
-    subject
-    description
-    start_date
-    due_date
-    done_ratio
-    estimated_hours
-    custom_field_values
-    lock_version
-  ) unless const_defined?(:SAFE_ATTRIBUTES)
+  safe_attributes 'tracker_id',
+    'status_id',
+    'parent_issue_id',
+    'category_id',
+    'assigned_to_id',
+    'priority_id',
+    'fixed_version_id',
+    'subject',
+    'description',
+    'start_date',
+    'due_date',
+    'done_ratio',
+    'estimated_hours',
+    'custom_field_values',
+    'custom_fields',
+    'lock_version',
+    :if => lambda {|issue, user| issue.new_record? || user.allowed_to?(:edit_issues, issue.project) }
   
-  SAFE_ATTRIBUTES_ON_TRANSITION = %w(
-    status_id
-    assigned_to_id
-    fixed_version_id
-    done_ratio
-  ) unless const_defined?(:SAFE_ATTRIBUTES_ON_TRANSITION)
+  safe_attributes 'status_id',
+    'assigned_to_id',
+    'fixed_version_id',
+    'done_ratio',
+    :if => lambda {|issue, user| issue.new_statuses_allowed_to(user).any? }
 
   # Safely sets attributes
   # Should be called from controllers instead of #attributes=
@@ -249,13 +249,8 @@
     return unless attrs.is_a?(Hash)
     
     # User can change issue attributes only if he has :edit permission or if a workflow transition is allowed
-    if new_record? || user.allowed_to?(:edit_issues, project)
-      attrs = attrs.reject {|k,v| !SAFE_ATTRIBUTES.include?(k)}
-    elsif new_statuses_allowed_to(user).any?
-      attrs = attrs.reject {|k,v| !SAFE_ATTRIBUTES_ON_TRANSITION.include?(k)}
-    else
-      return
-    end
+    attrs = delete_unsafe_attributes(attrs, user)
+    return if attrs.empty? 
     
     # Tracker must be set before since new_statuses_allowed_to depends on it.
     if t = attrs.delete('tracker_id')
@@ -276,7 +271,7 @@
       if !user.allowed_to?(:manage_subtasks, project)
         attrs.delete('parent_issue_id')
       elsif !attrs['parent_issue_id'].blank?
-        attrs.delete('parent_issue_id') unless Issue.visible(user).exists?(attrs['parent_issue_id'])
+        attrs.delete('parent_issue_id') unless Issue.visible(user).exists?(attrs['parent_issue_id'].to_i)
       end
     end