From 41c0d1e856602d66531f73f2f9efc1f0ea0d37a0 Mon Sep 17 00:00:00 2001 From: Alexander Machehin Date: Fri, 2 Mar 2012 22:52:15 +0600 Subject: [PATCH 1/6] [refs #194] fix security and tests --- app/controllers/issues_controller.rb | 6 +++--- spec/controllers/issues_controller_spec.rb | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/app/controllers/issues_controller.rb b/app/controllers/issues_controller.rb index 2d3f13cf5..e6956c7bc 100644 --- a/app/controllers/issues_controller.rb +++ b/app/controllers/issues_controller.rb @@ -4,7 +4,7 @@ class IssuesController < ApplicationController before_filter :authenticate_user! load_and_authorize_resource :project, :except => NON_RESTFUL_ACTION - load_and_authorize_resource :issue, :through => :project, :find_by => :serial_id, :only => [:show, :edit, :update, :destroy] + load_and_authorize_resource :issue, :through => :project, :find_by => :serial_id, :only => [:show, :edit, :update, :destroy, :new, :create] before_filter :load_and_authorize_label, :only => NON_RESTFUL_ACTION layout 'application' @@ -67,8 +67,8 @@ class IssuesController < ApplicationController status = 200 if @issue.save render action, :status => (status || 500), :layout => false else - @issue.title = params[:issue][:title] - @issue.body = params[:issue][:body] + @issue.title = params[:issue][:title] if params[:issue][:title] + @issue.body = params[:issue][:body] if params[:issue][:body] status = 200 if @issue.save render :nothing => true, :status => (status || 500), :layout => false end diff --git a/spec/controllers/issues_controller_spec.rb b/spec/controllers/issues_controller_spec.rb index 907bf98fa..eb2579ae6 100644 --- a/spec/controllers/issues_controller_spec.rb +++ b/spec/controllers/issues_controller_spec.rb @@ -27,7 +27,7 @@ end shared_examples_for 'user with issue update rights' do it 'should be able to perform update action' do put :update, {:id => @issue.serial_id}.merge(@update_params) - response.should redirect_to([@project, @issue]) + response.code.should eq('200') end it 'should update issue title' do From c7b412c0e0b93f439e16c02bc2c3961ad605416f Mon Sep 17 00:00:00 2001 From: Alexander Machehin Date: Fri, 2 Mar 2012 23:38:00 +0600 Subject: [PATCH 2/6] [refs #194] some refactoring --- app/controllers/issues_controller.rb | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/app/controllers/issues_controller.rb b/app/controllers/issues_controller.rb index e6956c7bc..0f47c0679 100644 --- a/app/controllers/issues_controller.rb +++ b/app/controllers/issues_controller.rb @@ -3,15 +3,13 @@ class IssuesController < ApplicationController NON_RESTFUL_ACTION = [:create_label, :update_label, :destroy_label, :search_collaborators] before_filter :authenticate_user! - load_and_authorize_resource :project, :except => NON_RESTFUL_ACTION + load_resource :project load_and_authorize_resource :issue, :through => :project, :find_by => :serial_id, :only => [:show, :edit, :update, :destroy, :new, :create] before_filter :load_and_authorize_label, :only => NON_RESTFUL_ACTION layout 'application' def index(status = 200) - logger.debug "!!!!!!!!!!!!!!!!!!" - logger.debug "request format is #{request.format}" @is_assigned_to_me = params[:filter] == 'to_me' @status = params[:status] == 'closed' ? 'closed' : 'open' @labels = params[:labels] || [] @@ -112,7 +110,6 @@ class IssuesController < ApplicationController private def load_and_authorize_label - @project = Project.find(params[:project_id]) @label = Label.find(params[:label_id]) if params[:label_id] authorize! :write, @project end From dfa361f5c3ee58edde63d4661a9e8751dd3bbd2e Mon Sep 17 00:00:00 2001 From: Alexander Machehin Date: Fri, 2 Mar 2012 23:45:20 +0600 Subject: [PATCH 3/6] [refs #194] fix triggering change event for niceRadio buttons --- app/assets/javascripts/design/radio.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/app/assets/javascripts/design/radio.js b/app/assets/javascripts/design/radio.js index 31650da65..179027de2 100644 --- a/app/assets/javascripts/design/radio.js +++ b/app/assets/javascripts/design/radio.js @@ -76,7 +76,8 @@ function changeRadioStart(el) { } el.next().bind("mousedown", function(e) { - changeRadio($(this)) + changeRadio($(this)); + $(this).find("input:radio").change(); }); if($.browser.msie) { el.next().find("input").eq(0).bind("click", function(e) { From 319fcdad86bcc321da73706b3acdd993b6a756ec Mon Sep 17 00:00:00 2001 From: Alexander Machehin Date: Sat, 3 Mar 2012 00:21:46 +0600 Subject: [PATCH 4/6] [refs #194] refactoring --- app/controllers/issues_controller.rb | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/app/controllers/issues_controller.rb b/app/controllers/issues_controller.rb index 0f47c0679..6476d5e93 100644 --- a/app/controllers/issues_controller.rb +++ b/app/controllers/issues_controller.rb @@ -65,9 +65,7 @@ class IssuesController < ApplicationController status = 200 if @issue.save render action, :status => (status || 500), :layout => false else - @issue.title = params[:issue][:title] if params[:issue][:title] - @issue.body = params[:issue][:body] if params[:issue][:body] - status = 200 if @issue.save + status = 200 if @issue.update_attributes(params[:issue]) render :nothing => true, :status => (status || 500), :layout => false end end From 7cd3e40efc1c98840bad14a89bdeb14e0042c0c9 Mon Sep 17 00:00:00 2001 From: Alexander Machehin Date: Sat, 3 Mar 2012 01:23:45 +0600 Subject: [PATCH 5/6] [refs #194] fix accessible list --- app/controllers/issues_controller.rb | 5 ++--- app/models/issue.rb | 2 +- app/views/issues/_index_sidebar.html.haml | 2 +- 3 files changed, 4 insertions(+), 5 deletions(-) diff --git a/app/controllers/issues_controller.rb b/app/controllers/issues_controller.rb index 6476d5e93..71812a6df 100644 --- a/app/controllers/issues_controller.rb +++ b/app/controllers/issues_controller.rb @@ -34,17 +34,16 @@ class IssuesController < ApplicationController end def new - @issue = Issue.new(:project => @project) + @issue = @project.issues.new end def create @user_id = params[:user_id] @user_uname = params[:user_uname] - @issue = Issue.new(params[:issue]) + @issue = @project.issues.new(params[:issue]) @issue.creator_id = current_user.id @issue.user_id = @user_id - @issue.project_id = @project.id if @issue.save @issue.subscribe_creator(current_user.id) diff --git a/app/models/issue.rb b/app/models/issue.rb index d38095d86..dcb65ed79 100644 --- a/app/models/issue.rb +++ b/app/models/issue.rb @@ -23,7 +23,7 @@ class Issue < ActiveRecord::Base after_update :deliver_issue_assign_notification after_update :subscribe_issue_assigned_user - attr_accessible :labelings_attributes, :title, :body, :project, :project_id, :closed_at, :closed_by + attr_accessible :labelings_attributes, :title, :body accepts_nested_attributes_for :labelings, :allow_destroy => true scope :opened, where(:status => 'open', :closed_by => nil, :closed_at => nil) diff --git a/app/views/issues/_index_sidebar.html.haml b/app/views/issues/_index_sidebar.html.haml index 8f0401ccc..8a34ff263 100644 --- a/app/views/issues/_index_sidebar.html.haml +++ b/app/views/issues/_index_sidebar.html.haml @@ -16,5 +16,5 @@ =tracker_search_field(:search_issue, t('layout.issues.search')) .bordered.nopadding %h3.bmargin10=t('layout.issues.new') - = link_to t("layout.add"), new_project_issue_path(@project), :class => 'button' if can? :new, Issue.new(:project_id => @project.id) + = link_to t("layout.add"), new_project_issue_path(@project), :class => 'button' if can? :new, @project.issues.new =render :partial => 'labels' From 9ee3942702aff09d11b9f36eb78d1bc0b81fa587 Mon Sep 17 00:00:00 2001 From: George Vinogradov Date: Sat, 3 Mar 2012 03:25:20 +0400 Subject: [PATCH 6/6] [issue #195] Fixed bug with project creating --- app/views/projects/new.html.haml | 2 -- 1 file changed, 2 deletions(-) diff --git a/app/views/projects/new.html.haml b/app/views/projects/new.html.haml index f723a1960..b540d8a8d 100644 --- a/app/views/projects/new.html.haml +++ b/app/views/projects/new.html.haml @@ -1,5 +1,3 @@ -= render :partial => 'projects/submenu' - %h3.bpadding10 = t("layout.projects.new_header")