Merge branch 'deny-system-notes-edit' into 'master'
Don't allow edit of system notes Fix #1412 See merge request !1052
This commit is contained in:
commit
8aca1ff003
|
@ -30,8 +30,10 @@ class Projects::NotesController < Projects::ApplicationController
|
|||
end
|
||||
|
||||
def update
|
||||
note.update_attributes(note_params)
|
||||
note.reset_events_cache
|
||||
if note.editable?
|
||||
note.update_attributes(note_params)
|
||||
note.reset_events_cache
|
||||
end
|
||||
|
||||
respond_to do |format|
|
||||
format.json { render_note_json(note) }
|
||||
|
@ -40,8 +42,10 @@ class Projects::NotesController < Projects::ApplicationController
|
|||
end
|
||||
|
||||
def destroy
|
||||
note.destroy
|
||||
note.reset_events_cache
|
||||
if note.editable?
|
||||
note.destroy
|
||||
note.reset_events_cache
|
||||
end
|
||||
|
||||
respond_to do |format|
|
||||
format.js { render nothing: true }
|
||||
|
|
|
@ -337,4 +337,8 @@ class Note < ActiveRecord::Base
|
|||
def set_references
|
||||
notice_added_references(project, author)
|
||||
end
|
||||
|
||||
def editable?
|
||||
!system
|
||||
end
|
||||
end
|
||||
|
|
|
@ -9,7 +9,7 @@
|
|||
%i.icon-link
|
||||
Link here
|
||||
|
||||
- if(note.author_id == current_user.try(:id)) || can?(current_user, :admin_note, @project)
|
||||
- if can?(current_user, :admin_note, note) && note.editable?
|
||||
= link_to "#", title: "Edit comment", class: "js-note-edit" do
|
||||
%i.icon-edit
|
||||
Edit
|
||||
|
|
Loading…
Reference in New Issue