Commit 01520d5d authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets

Dont allow edit or remove of system notes

Signed-off-by: default avatarDmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
parent 36361f4e
...@@ -30,8 +30,10 @@ class Projects::NotesController < Projects::ApplicationController ...@@ -30,8 +30,10 @@ class Projects::NotesController < Projects::ApplicationController
end end
def update def update
if note.editable?
note.update_attributes(note_params) note.update_attributes(note_params)
note.reset_events_cache note.reset_events_cache
end
respond_to do |format| respond_to do |format|
format.json { render_note_json(note) } format.json { render_note_json(note) }
...@@ -40,8 +42,10 @@ class Projects::NotesController < Projects::ApplicationController ...@@ -40,8 +42,10 @@ class Projects::NotesController < Projects::ApplicationController
end end
def destroy def destroy
if note.editable?
note.destroy note.destroy
note.reset_events_cache note.reset_events_cache
end
respond_to do |format| respond_to do |format|
format.js { render nothing: true } format.js { render nothing: true }
......
...@@ -337,4 +337,8 @@ class Note < ActiveRecord::Base ...@@ -337,4 +337,8 @@ class Note < ActiveRecord::Base
def set_references def set_references
notice_added_references(project, author) notice_added_references(project, author)
end end
def editable?
!system
end
end end
...@@ -9,7 +9,7 @@ ...@@ -9,7 +9,7 @@
%i.icon-link %i.icon-link
Link here Link here
&nbsp; &nbsp;
- if(note.author_id == current_user.try(:id)) || can?(current_user, :admin_note, @project) - if can?(current_user, :admin_note, note) && note.editable?
= link_to "#", title: "Edit comment", class: "js-note-edit" do = link_to "#", title: "Edit comment", class: "js-note-edit" do
%i.icon-edit %i.icon-edit
Edit Edit
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment