Dont allow edit or remove of system notes

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>

Dont allow edit or remove of system notes
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
01520d5d · Dmitriy Zaporozhets · 36361f4e · 01520d5d · 01520d5d · 01520d5d
Commit 01520d5d authored Aug 29, 2014 by Dmitriy Zaporozhets
3 changed files
--- a/app/controllers/projects/notes_controller.rb
+++ b/app/controllers/projects/notes_controller.rb
@@ -30,8 +30,10 @@ class Projects::NotesController < Projects::ApplicationController
  end

  def update
-    note.update_attributes(note_params)
-    note.reset_events_cache
+    if note.editable?
+      note.update_attributes(note_params)
+      note.reset_events_cache
+    end

    respond_to do |format|
      format.json { render_note_json(note) }
@@ -40,8 +42,10 @@ class Projects::NotesController < Projects::ApplicationController
  end

  def destroy
-    note.destroy
-    note.reset_events_cache
+    if note.editable?
+      note.destroy
+      note.reset_events_cache
+    end

    respond_to do |format|
      format.js { render nothing: true }

--- a/app/models/note.rb
+++ b/app/models/note.rb
@@ -337,4 +337,8 @@ class Note < ActiveRecord::Base
  def set_references
    notice_added_references(project, author)
  end
+
+  def editable?
+    !system
+  end
 end
--- a/app/views/projects/notes/_note.html.haml
+++ b/app/views/projects/notes/_note.html.haml
@@ -9,7 +9,7 @@
            %i.icon-link
            Link here
          &nbsp;
-          - if(note.author_id == current_user.try(:id)) || can?(current_user, :admin_note, @project)
+          - if can?(current_user, :admin_note, note) && note.editable?
            = link_to "#", title: "Edit comment", class: "js-note-edit" do
              %i.icon-edit
              Edit