Merge branch 'szzh' of http://repository.trustie.net/xianbo/trustie2 into szzh

2014-08-20 10:46:50 +08:00 · 2014-08-20 10:46:50 +08:00 · fae3c45920
parent 7b00008721 337f0ec270
commit fae3c45920
6 changed files with 29 additions and 8 deletions
--- a/app/controllers/messages_controller.rb
+++ b/app/controllers/messages_controller.rb
@ -103,7 +103,11 @@ class MessagesController < ApplicationController

  # Edit a message
  def edit
-    (render_403; return false) unless @message.editable_by?(User.current)
+    if @project
+      (render_403; return false) unless @message.editable_by?(User.current)
+    else
+      (render_403; return false) unless @message.course_editable_by?(User.current)
+    end
    @message.safe_attributes = params[:message]
    if request.post? && @message.save
      attachments = Attachment.attach_files(@message, params[:attachments])
@ -124,7 +128,11 @@ class MessagesController < ApplicationController

  # Delete a messages
  def destroy
-    (render_403; return false) unless @message.destroyable_by?(User.current)
+    if @project
+      (render_403; return false) unless @message.destroyable_by?(User.current)
+    else
+      (render_403; return false) unless @message.course_destroyable_by?(User.current)
+    end
    r = @message.to_param
    @message.destroy
    # modify by nwb
--- a/app/models/message.rb
+++ b/app/models/message.rb
@ -127,6 +127,14 @@ class Message < ActiveRecord::Base
    board.course
  end

+  def course_editable_by?(usr)
+    usr && usr.logged? && (usr.allowed_to?(:edit_messages, course) || (self.author == usr && usr.allowed_to?(:edit_own_messages, course)))
+  end
+
+  def course_destroyable_by?(usr)
+    usr && usr.logged? && (usr.allowed_to?(:delete_messages, course) || (self.author == usr && usr.allowed_to?(:delete_own_messages, course)))
+  end
+
  def editable_by?(usr)
    usr && usr.logged? && (usr.allowed_to?(:edit_messages, project) || (self.author == usr && usr.allowed_to?(:edit_own_messages, project)))
  end
--- a/app/views/courses/show.html.erb
+++ b/app/views/courses/show.html.erb
@ -2,7 +2,7 @@
    <div class="content-title-top-avtive">
      <!-- <h3><%= @author.nil? ? l(:label_activity) : l(:label_user_activity, link_to_user(@author)).html_safe %></h3> -->
      <p class="subtitle">
-        <%= l(:label_date_from_to, :start => format_date(@date_from), :end => format_date(@date_to - 1)) %>
+        <%#= l(:label_date_from_to, :start => format_date(@date_from), :end => format_date(@date_to - 1)) %>
      </p>

      <% @events_by_day.keys.sort.reverse.each do |day| %>
--- a/app/views/messages/_course_show.html.erb
+++ b/app/views/messages/_course_show.html.erb
@ -148,7 +148,7 @@
                              "编辑",
                              {:action => 'edit', :id => message},
                              :title => l(:button_edit)
-                      ) if message.editable_by?(User.current) %>
+                      ) if message.course_editable_by?(User.current) %>
                  <%= link_to(
                              #image_tag('delete.png'),
                              "删除",
@ -156,7 +156,7 @@
                              :method => :post,
                              :data => {:confirm => l(:text_are_you_sure)},
                              :title => l(:button_delete)
-                      ) if message.destroyable_by?(User.current) %>
+                      ) if message.course_destroyable_by?(User.current) %>
                </div></td>
            </tr>
            <tr>
--- a/lib/plugins/acts_as_attachable/lib/acts_as_attachable.rb
+++ b/lib/plugins/acts_as_attachable/lib/acts_as_attachable.rb
@ -43,8 +43,13 @@ module Redmine
        end

        def attachments_visible?(user=User.current)
-          (respond_to?(:visible?) ? visible?(user) : true) &&
-            user.allowed_to?(self.class.attachable_options[:view_permission], self.project)
+          if self.respond_to?(:project)
+            (respond_to?(:visible?) ? visible?(user) : true) &&
+                user.allowed_to?(self.class.attachable_options[:view_permission], self.project)
+          else
+            return true
+          end
+
        end

        def attachments_deletable?(user=User.current)
--- a/plugins/redmine_code_review/app/views/code_review/_new_form.html.erb
+++ b/plugins/redmine_code_review/app/views/code_review/_new_form.html.erb
@ -107,7 +107,7 @@
      <%
      submit_url = url_for(:controller => 'code_review', :action => 'new', :id=>@project)
      %>
-      <%= button_to_function l(:button_apply), "$('#review-form').load('#{submit_url}', $('#review_form').serialize2json())" %>
+      <%= button_to_function l(:label_button_ok), "$('#review-form').load('#{submit_url}', $('#review_form').serialize2json())" %>

      <input type="button" value="<%=h l(:button_cancel) %> " onclick="javascript:hideForm();"/>
      <%= preview_link({ :controller => 'code_review', :action => 'preview', :id => @project}, 'review_form') %>