Commit 1095d893 authored by jplang's avatar jplang

Fixed that watchers delete links are escaped on the issue view (#10932).

git-svn-id: https://svn.redmine.org/redmine/trunk@9700 e93f8b46-1217-0410-a6f0-8f06a7374b81
parent fd2b231e
......@@ -45,23 +45,27 @@ module WatchersHelper
# Returns a comma separated list of users watching the given object
def watchers_list(object)
remove_allowed = User.current.allowed_to?("delete_#{object.class.name.underscore}_watchers".to_sym, object.project)
content = ''.html_safe
lis = object.watcher_users.collect do |user|
s = avatar(user, :size => "16").to_s + link_to_user(user, :class => 'user').to_s
s = ''.html_safe
s << avatar(user, :size => "16").to_s
s << link_to_user(user, :class => 'user')
if remove_allowed
url = {:controller => 'watchers',
:action => 'destroy',
:object_type => object.class.to_s.underscore,
:object_id => object.id,
:user_id => user}
s += ' ' + link_to_remote(image_tag('delete.png'),
s << ' '
s << link_to_remote(image_tag('delete.png'),
{:url => url},
:href => url_for(url),
:style => "vertical-align: middle",
:class => "delete")
end
content_tag :li, s.html_safe
content << content_tag('li', s)
end
(lis.empty? ? "" : "<ul>#{ lis.join("\n") }</ul>").html_safe
content.present? ? content_tag('ul', content) : content
end
def watchers_checkboxes(object, users, checked=nil)
......
......@@ -1126,6 +1126,36 @@ class IssuesControllerTest < ActionController::TestCase
assert_tag 'a', :attributes => {:href => "/projects/ecookbook/repository/revisions/3"}
end
def test_show_should_display_watchers
@request.session[:user_id] = 2
Issue.find(1).add_watcher User.find(2)
get :show, :id => 1
assert_select 'div#watchers ul' do
assert_select 'li' do
assert_select 'a[href=/users/2]'
assert_select 'a img[alt=Delete]'
end
end
end
def test_show_should_display_watchers_with_gravatars
@request.session[:user_id] = 2
Issue.find(1).add_watcher User.find(2)
with_settings :gravatar_enabled => '1' do
get :show, :id => 1
end
assert_select 'div#watchers ul' do
assert_select 'li' do
assert_select 'img.gravatar'
assert_select 'a[href=/users/2]'
assert_select 'a img[alt=Delete]'
end
end
end
def test_show_with_multi_custom_field
field = CustomField.find(1)
field.update_attribute :multiple, true
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment