diff --git a/app/models/message.rb b/app/models/message.rb index 51b0b319..1619ef3b 100644 --- a/app/models/message.rb +++ b/app/models/message.rb @@ -41,7 +41,6 @@ class Message < ActiveRecord::Base acts_as_watchable - attr_protected :locked, :sticky validates_presence_of :board, :subject, :content validates_length_of :subject, :maximum => 255 @@ -51,7 +50,7 @@ class Message < ActiveRecord::Base :conditions => Project.allowed_to_condition(args.first || User.current, :view_messages) } } safe_attributes 'subject', 'content' - safe_attributes 'locked', 'sticky', + safe_attributes 'locked', 'sticky', 'board_id', :if => lambda {|message, user| user.allowed_to?(:edit_messages, message.project) } diff --git a/test/functional/messages_controller_test.rb b/test/functional/messages_controller_test.rb index fecc5e26..b92bcc0b 100644 --- a/test/functional/messages_controller_test.rb +++ b/test/functional/messages_controller_test.rb @@ -121,6 +121,30 @@ class MessagesControllerTest < ActionController::TestCase assert_equal 'New body', message.content end + def test_post_edit_sticky_and_locked + @request.session[:user_id] = 2 + post :edit, :board_id => 1, :id => 1, + :message => { :subject => 'New subject', + :content => 'New body', + :locked => '1', + :sticky => '1'} + assert_redirected_to '/boards/1/topics/1' + message = Message.find(1) + assert_equal true, message.sticky? + assert_equal true, message.locked? + end + + def test_post_edit_should_allow_to_change_board + @request.session[:user_id] = 2 + post :edit, :board_id => 1, :id => 1, + :message => { :subject => 'New subject', + :content => 'New body', + :board_id => 2} + assert_redirected_to '/boards/2/topics/1' + message = Message.find(1) + assert_equal Board.find(2), message.board + end + def test_reply @request.session[:user_id] = 2 post :reply, :board_id => 1, :id => 1, :reply => { :content => 'This is a test reply', :subject => 'Test reply' }