This commit is contained in:
sw 2014-08-20 10:46:50 +08:00
commit fae3c45920
6 changed files with 29 additions and 8 deletions

View File

@ -103,7 +103,11 @@ class MessagesController < ApplicationController
# Edit a message # Edit a message
def edit def edit
if @project
(render_403; return false) unless @message.editable_by?(User.current) (render_403; return false) unless @message.editable_by?(User.current)
else
(render_403; return false) unless @message.course_editable_by?(User.current)
end
@message.safe_attributes = params[:message] @message.safe_attributes = params[:message]
if request.post? && @message.save if request.post? && @message.save
attachments = Attachment.attach_files(@message, params[:attachments]) attachments = Attachment.attach_files(@message, params[:attachments])
@ -124,7 +128,11 @@ class MessagesController < ApplicationController
# Delete a messages # Delete a messages
def destroy def destroy
if @project
(render_403; return false) unless @message.destroyable_by?(User.current) (render_403; return false) unless @message.destroyable_by?(User.current)
else
(render_403; return false) unless @message.course_destroyable_by?(User.current)
end
r = @message.to_param r = @message.to_param
@message.destroy @message.destroy
# modify by nwb # modify by nwb

View File

@ -127,6 +127,14 @@ class Message < ActiveRecord::Base
board.course board.course
end end
def course_editable_by?(usr)
usr && usr.logged? && (usr.allowed_to?(:edit_messages, course) || (self.author == usr && usr.allowed_to?(:edit_own_messages, course)))
end
def course_destroyable_by?(usr)
usr && usr.logged? && (usr.allowed_to?(:delete_messages, course) || (self.author == usr && usr.allowed_to?(:delete_own_messages, course)))
end
def editable_by?(usr) def editable_by?(usr)
usr && usr.logged? && (usr.allowed_to?(:edit_messages, project) || (self.author == usr && usr.allowed_to?(:edit_own_messages, project))) usr && usr.logged? && (usr.allowed_to?(:edit_messages, project) || (self.author == usr && usr.allowed_to?(:edit_own_messages, project)))
end end

View File

@ -2,7 +2,7 @@
<div class="content-title-top-avtive"> <div class="content-title-top-avtive">
<!-- <h3><%= @author.nil? ? l(:label_activity) : l(:label_user_activity, link_to_user(@author)).html_safe %></h3> --> <!-- <h3><%= @author.nil? ? l(:label_activity) : l(:label_user_activity, link_to_user(@author)).html_safe %></h3> -->
<p class="subtitle"> <p class="subtitle">
<%= l(:label_date_from_to, :start => format_date(@date_from), :end => format_date(@date_to - 1)) %> <%#= l(:label_date_from_to, :start => format_date(@date_from), :end => format_date(@date_to - 1)) %>
</p> </p>
<% @events_by_day.keys.sort.reverse.each do |day| %> <% @events_by_day.keys.sort.reverse.each do |day| %>

View File

@ -148,7 +148,7 @@
"编辑", "编辑",
{:action => 'edit', :id => message}, {:action => 'edit', :id => message},
:title => l(:button_edit) :title => l(:button_edit)
) if message.editable_by?(User.current) %> ) if message.course_editable_by?(User.current) %>
<%= link_to( <%= link_to(
#image_tag('delete.png'), #image_tag('delete.png'),
"删除", "删除",
@ -156,7 +156,7 @@
:method => :post, :method => :post,
:data => {:confirm => l(:text_are_you_sure)}, :data => {:confirm => l(:text_are_you_sure)},
:title => l(:button_delete) :title => l(:button_delete)
) if message.destroyable_by?(User.current) %> ) if message.course_destroyable_by?(User.current) %>
</div></td> </div></td>
</tr> </tr>
<tr> <tr>

View File

@ -43,8 +43,13 @@ module Redmine
end end
def attachments_visible?(user=User.current) def attachments_visible?(user=User.current)
if self.respond_to?(:project)
(respond_to?(:visible?) ? visible?(user) : true) && (respond_to?(:visible?) ? visible?(user) : true) &&
user.allowed_to?(self.class.attachable_options[:view_permission], self.project) user.allowed_to?(self.class.attachable_options[:view_permission], self.project)
else
return true
end
end end
def attachments_deletable?(user=User.current) def attachments_deletable?(user=User.current)

View File

@ -107,7 +107,7 @@
<% <%
submit_url = url_for(:controller => 'code_review', :action => 'new', :id=>@project) submit_url = url_for(:controller => 'code_review', :action => 'new', :id=>@project)
%> %>
<%= button_to_function l(:button_apply), "$('#review-form').load('#{submit_url}', $('#review_form').serialize2json())" %> <%= button_to_function l(:label_button_ok), "$('#review-form').load('#{submit_url}', $('#review_form').serialize2json())" %>
<input type="button" value="<%=h l(:button_cancel) %> " onclick="javascript:hideForm();"/> <input type="button" value="<%=h l(:button_cancel) %> " onclick="javascript:hideForm();"/>
<%= preview_link({ :controller => 'code_review', :action => 'preview', :id => @project}, 'review_form') %> <%= preview_link({ :controller => 'code_review', :action => 'preview', :id => @project}, 'review_form') %>