Do not render hidden news edit form if user is not allowed to edit (closes #4068).

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@2954 e93f8b46-1217-0410-a6f0-8f06a7374b81

Do not render hidden news edit form if user is not allowed to edit (closes #4068).
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@2954 e93f8b46-1217-0410-a6f0-8f06a7374b81
04ae25f6 · Jean-Philippe Lang · e5c4cfc6 · 04ae25f6
Commit 04ae25f6 authored Oct 22, 2009 by Jean-Philippe Lang
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 1 deletion

show.rhtml app/views/news/show.rhtml +3 -1

No files found.
--- a/app/views/news/show.rhtml
+++ b/app/views/news/show.rhtml
@@ -9,6 +9,7 @@

 <h2><%=h @news.title %></h2>

+<% if authorize_for('news', 'edit') %>
 <div id="edit-news" style="display:none;">
 <% labelled_tabular_form_for :news, @news, :url => { :action => "edit", :id => @news },
                                           :html => { :id => 'news-form' } do |f| %>
@@ -20,10 +21,11 @@
                     :update => 'preview',
                     :with => "Form.serialize('news-form')"
                   }, :accesskey => accesskey(:preview) %> |
-<%= link_to l(:button_cancel), "#", :onclick => 'Element.hide("edit-news")' %>
+<%= link_to l(:button_cancel), "#", :onclick => 'Element.hide("edit-news"); return false;' %>
 <% end %>
 <div id="preview" class="wiki"></div>
 </div>
+<% end %>

 <p><em><% unless @news.summary.blank? %><%=h @news.summary %><br /><% end %>
 <span class="author"><%= authoring @news.created_on, @news.author %></span></em></p>