diff --git a/app/models/message.rb b/app/models/message.rb index 5721cb571..5d028870d 100644 --- a/app/models/message.rb +++ b/app/models/message.rb @@ -37,7 +37,6 @@ class Message < ActiveRecord::Base :author_key => :author_id acts_as_watchable - attr_protected :locked, :sticky validates_presence_of :board, :subject, :content validates_length_of :subject, :maximum => 255 validate :cannot_reply_to_locked_topic, :on => :create @@ -50,7 +49,7 @@ class Message < ActiveRecord::Base :conditions => Project.allowed_to_condition(args.shift || User.current, :view_messages, *args) } } safe_attributes 'subject', 'content' - safe_attributes 'locked', 'sticky', + safe_attributes 'locked', 'sticky', 'board_id', :if => lambda {|message, user| user.allowed_to?(:edit_messages, message.project) } diff --git a/test/functional/messages_controller_test.rb b/test/functional/messages_controller_test.rb index 1b892cb7a..d5370e261 100644 --- a/test/functional/messages_controller_test.rb +++ b/test/functional/messages_controller_test.rb @@ -131,6 +131,30 @@ class MessagesControllerTest < ActionController::TestCase assert_equal 'New body', message.content end + def test_post_edit_sticky_and_locked + @request.session[:user_id] = 2 + post :edit, :board_id => 1, :id => 1, + :message => { :subject => 'New subject', + :content => 'New body', + :locked => '1', + :sticky => '1'} + assert_redirected_to '/boards/1/topics/1' + message = Message.find(1) + assert_equal true, message.sticky? + assert_equal true, message.locked? + end + + def test_post_edit_should_allow_to_change_board + @request.session[:user_id] = 2 + post :edit, :board_id => 1, :id => 1, + :message => { :subject => 'New subject', + :content => 'New body', + :board_id => 2} + assert_redirected_to '/boards/2/topics/1' + message = Message.find(1) + assert_equal Board.find(2), message.board + end + def test_reply @request.session[:user_id] = 2 post :reply, :board_id => 1, :id => 1, :reply => { :content => 'This is a test reply', :subject => 'Test reply' }