Redmine

  # Ennder 2014-12-18 custom values roles

  # Returns the custom_field_values that can be edited by the given user

  def editable_custom_field_values(user=nil)

    user_real = user || User.current

    custom_field_values.select do |value|

      value.custom_field.editable_by?(project, user_real)

    end

  end

  # Ennder 2014-12-18 custom values roles

  # Safely sets attributes

  def safe_attributes=(attrs, user=User.current)

    return unless attrs.is_a?(Hash)

    attrs = attrs.dup

    attrs = delete_unsafe_attributes(attrs, user)

    return if attrs.empty?

    if attrs['custom_field_values'].present?

      editable_custom_field_ids = editable_custom_field_values(user).map {|v| v.custom_field_id.to_s}

      # TODO: use #select when ruby1.8 support is dropped

      attrs['custom_field_values'] = attrs['custom_field_values'].reject {|k, v| !editable_custom_field_ids.include?(k.to_s)}

    end

    if attrs['custom_fields'].present?

      editable_custom_field_ids = editable_custom_field_values(user).map {|v| v.custom_field_id.to_s}

      # TODO: use #select when ruby1.8 support is dropped

      attrs['custom_fields'] = attrs['custom_fields'].reject {|c| !editable_custom_field_ids.include?(c['id'].to_s)}

    end

    # mass-assignment security bypass

    assign_attributes attrs, :without_protection => true

  end

++ /mnt/donnees/amoi/devs/professionnel/web/rails/v3/redmine/app/models/project_custom_field.rb	2014-12-19 01:58:06.053804375 +0100

  #Ennder 2014-12-18 project custom fields edition roles

  def editable_by?(project, user=User.current)

    editable || (roles & user.roles_for_project(project)).present?

  end

++ /mnt/donnees/amoi/devs/professionnel/web/rails/v3/redmine/app/views/custom_fields/_form.html.erb	2014-12-19 01:55:27.873407107 +0100

    <p>

      <label><%= l(:field_editable) %></label>

      <label class="block">

        <%= radio_button_tag 'custom_field[editable]', 1, @custom_field.editable?, :id => 'custom_field_editable_on',

              :data => {:disables => '.custom_field_role input'} %>

        <%= l(:label_visibility_public) %>

      </label>

      <label class="block">

        <%= radio_button_tag 'custom_field[editable]', 0, !@custom_field.editable?, :id => 'custom_field_editable_off',

              :data => {:enables => '.custom_field_role input'} %>

        <%= l(:label_visibility_roles) %>:

      </label>

      <% Role.givable.sorted.each do |role| %>

        <label class="block custom_field_role" style="padding-left:2em;">

          <%= check_box_tag 'custom_field[role_ids][]', role.id, @custom_field.roles.include?(role), :id => nil %>

          <%= role.name %>

        </label>

      <% end %>

      <%= hidden_field_tag 'custom_field[role_ids][]', '' %>

    </p>

++ /mnt/donnees/amoi/devs/professionnel/web/rails/v3/redmine/app/views/projects/_form.html.erb	2014-12-18 01:31:45.763029689 +0100

<% @project.editable_custom_field_values.each do |value| %>