--- /tmp/Lr7Kie_project.rb 2014-12-19 02:26:38.000000000 +0100
+++ /mnt/donnees/amoi/devs/professionnel/web/rails/v3/redmine/app/models/project.rb 2014-12-19 01:48:46.500365217 +0100
@@ -668,6 +668,15 @@
target.destroy unless target.blank?
end
+ # Ennder 2014-12-18 custom values roles
+ # Returns the custom_field_values that can be edited by the given user
+ def editable_custom_field_values(user=nil)
+ user_real = user || User.current
+ custom_field_values.select do |value|
+ value.custom_field.editable_by?(project, user_real)
+ end
+ end
+
safe_attributes 'name',
'description',
'homepage',
@@ -678,6 +687,32 @@
'tracker_ids',
'issue_custom_field_ids'
+ # Ennder 2014-12-18 custom values roles
+ # Safely sets attributes
+ def safe_attributes=(attrs, user=User.current)
+ return unless attrs.is_a?(Hash)
+
+ attrs = attrs.dup
+
+ attrs = delete_unsafe_attributes(attrs, user)
+ return if attrs.empty?
+
+ if attrs['custom_field_values'].present?
+ editable_custom_field_ids = editable_custom_field_values(user).map {|v| v.custom_field_id.to_s}
+ # TODO: use #select when ruby1.8 support is dropped
+ attrs['custom_field_values'] = attrs['custom_field_values'].reject {|k, v| !editable_custom_field_ids.include?(k.to_s)}
+ end
+
+ if attrs['custom_fields'].present?
+ editable_custom_field_ids = editable_custom_field_values(user).map {|v| v.custom_field_id.to_s}
+ # TODO: use #select when ruby1.8 support is dropped
+ attrs['custom_fields'] = attrs['custom_fields'].reject {|c| !editable_custom_field_ids.include?(c['id'].to_s)}
+ end
+
+ # mass-assignment security bypass
+ assign_attributes attrs, :without_protection => true
+ end
+
safe_attributes 'enabled_module_names',
:if => lambda {|project, user| project.new_record? || user.allowed_to?(:select_project_modules, project) }
--- /tmp/D5JbSb_project_custom_field.rb 2014-12-19 02:26:38.000000000 +0100
+++ /mnt/donnees/amoi/devs/professionnel/web/rails/v3/redmine/app/models/project_custom_field.rb 2014-12-19 01:58:06.053804375 +0100
@@ -19,4 +19,9 @@
def type_name
:label_project_plural
end
+
+ #Ennder 2014-12-18 project custom fields edition roles
+ def editable_by?(project, user=User.current)
+ editable || (roles & user.roles_for_project(project)).present?
+ end
end
--- /tmp/HxpIta__form.html.erb 2014-12-19 02:26:38.000000000 +0100
+++ /mnt/donnees/amoi/devs/professionnel/web/rails/v3/redmine/app/views/custom_fields/_form.html.erb 2014-12-19 01:55:27.873407107 +0100
@@ -66,6 +66,26 @@
<%= f.check_box :searchable %>
<% end %>
<%= f.check_box :is_filter %>
+
+
+
+
+ <% Role.givable.sorted.each do |role| %>
+
+ <% end %>
+ <%= hidden_field_tag 'custom_field[role_ids][]', '' %>
+
<% when "VersionCustomField" %>
<%= f.check_box :is_required %>
--- /tmp/13wo6a__form.html.erb 2014-12-19 02:26:38.000000000 +0100
+++ /mnt/donnees/amoi/devs/professionnel/web/rails/v3/redmine/app/views/projects/_form.html.erb 2014-12-18 01:31:45.763029689 +0100
@@ -22,7 +22,7 @@
<%= wikitoolbar_for 'project_description' %>
-<% @project.custom_field_values.each do |value| %>
+<% @project.editable_custom_field_values.each do |value| %>
<%= custom_field_tag_with_label :project, value %>
<% end %>
<%= call_hook(:view_projects_form, :project => @project, :form => f) %>