map.project_module :time_tracking do |map|
map.permission :log_time, {:timelog => [:new, :create]}, :require => :loggedin
map.permission :view_time_entries, :timelog => [:index, :show], :time_entry_reports => [:report]
- map.permission :edit_time_entries, {:timelog => [:new, :create, :edit, :update, :destroy, :bulk_edit, :bulk_update]}, :require => :member
- map.permission :edit_own_time_entries, {:timelog => [:new, :create, :edit, :update, :destroy,:bulk_edit, :bulk_update]}, :require => :loggedin
+ map.permission :edit_time_entries, {:timelog => [:edit, :update, :destroy, :bulk_edit, :bulk_update]}, :require => :member
+ map.permission :edit_own_time_entries, {:timelog => [:edit, :update, :destroy,:bulk_edit, :bulk_update]}, :require => :loggedin
map.permission :manage_project_activities, {:project_enumerations => [:update, :destroy]}, :require => :member
end
assert_equal 3, t.user_id
end
+ def test_create_without_log_time_permission_should_be_denied
+ @request.session[:user_id] = 2
+ Role.find_by_name('Manager').remove_permission! :log_time
+ post :create, :project_id => 1,
+ :time_entry => {:activity_id => '11',
+ :issue_id => '',
+ :spent_on => '2008-03-14',
+ :hours => '7.3'}
+
+ assert_response 403
+ end
+
def test_update
entry = TimeEntry.find(1)
assert_equal 1, entry.issue_id