Do not render hidden news edit form if user is not allowed to edit (closes #4068).

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@2954 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
Jean-Philippe Lang 2009-10-22 17:42:17 +00:00
parent e5c4cfc688
commit 04ae25f6b0
1 changed files with 3 additions and 1 deletions

View File

@ -9,6 +9,7 @@
<h2><%=h @news.title %></h2>
<% if authorize_for('news', 'edit') %>
<div id="edit-news" style="display:none;">
<% labelled_tabular_form_for :news, @news, :url => { :action => "edit", :id => @news },
:html => { :id => 'news-form' } do |f| %>
@ -20,10 +21,11 @@
:update => 'preview',
:with => "Form.serialize('news-form')"
}, :accesskey => accesskey(:preview) %> |
<%= link_to l(:button_cancel), "#", :onclick => 'Element.hide("edit-news")' %>
<%= link_to l(:button_cancel), "#", :onclick => 'Element.hide("edit-news"); return false;' %>
<% end %>
<div id="preview" class="wiki"></div>
</div>
<% end %>
<p><em><% unless @news.summary.blank? %><%=h @news.summary %><br /><% end %>
<span class="author"><%= authoring @news.created_on, @news.author %></span></em></p>