Mercurial > hg > soundsoftware-site

diff app/models/message.rb @ 929:5f33065ddc4b redmine-1.3

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Update to Redmine SVN rev 9414 on 1.3-stable branch
author Chris Cannam
date Wed, 27 Jun 2012 14:54:18 +0100
parents cbb26bc654de
children 433d4f72a19b
line wrap: on
line diff
--- a/app/models/message.rb	Fri Feb 24 19:09:32 2012 +0000
+++ b/app/models/message.rb	Wed Jun 27 14:54:18 2012 +0100
@@ -16,6 +16,7 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
 
 class Message < ActiveRecord::Base
+  include Redmine::SafeAttributes
   belongs_to :board
   belongs_to :author, :class_name => 'User', :foreign_key => 'author_id'
   acts_as_tree :counter_cache => :replies_count, :order => "#{Message.table_name}.created_on ASC"
@@ -36,7 +37,6 @@
                             :author_key => :author_id
   acts_as_watchable
 
-  attr_protected :locked, :sticky
   validates_presence_of :board, :subject, :content
   validates_length_of :subject, :maximum => 255
   validate :cannot_reply_to_locked_topic, :on => :create
@@ -48,6 +48,12 @@
   named_scope :visible, lambda {|*args| { :include => {:board => :project},
                                           :conditions => Project.allowed_to_condition(args.shift || User.current, :view_messages, *args) } }
 
+  safe_attributes 'subject', 'content'
+  safe_attributes 'locked', 'sticky', 'board_id',
+    :if => lambda {|message, user|
+      user.allowed_to?(:edit_messages, message.project)
+    }
+
   def visible?(user=User.current)
     !user.nil? && user.allowed_to?(:view_messages, project)
   end