From 2fdbcd35dd8cc2f6b98340825a57afd24ff89670 Mon Sep 17 00:00:00 2001
From: Jean-Philippe Lang
<%= f.select :user_id, user_collection_for_select_options(@time_entry), :required => true %>
+ <% end %><%= f.date_field :spent_on, :size => 10, :required => true %><%= calendar_for('time_entry_spent_on') %>
<%= f.hours_field :hours, :size => 6, :required => true %>
<%= f.text_field :comments, :size => 100, :maxlength => 1024, :required => Setting.timelog_required_fields.include?('comments') %>
diff --git a/config/locales/en.yml b/config/locales/en.yml index 2eb53618b..0ce93f34d 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -224,6 +224,7 @@ en: error_exceeds_maximum_hours_per_day: "Cannot log more than %{max_hours} hours on the same day (%{logged_hours} hours have already been logged)" error_can_not_delete_auth_source: "This authentication mode is in use and cannot be deleted." error_spent_on_future_date: "Cannot log time on a future date" + error_not_allowed_to_log_time_for_other_users: "Your role is not allowed to log time for other users" mail_subject_lost_password: "Your %{value} password" mail_body_lost_password: 'To change your password, click on the following link:' @@ -537,6 +538,7 @@ en: permission_manage_subtasks: Manage subtasks permission_manage_related_issues: Manage related issues permission_import_issues: Import issues + permission_log_foreign_time: Log spent time for other users project_module_issue_tracking: Issue tracking project_module_time_tracking: Time tracking diff --git a/db/migrate/20180501132547_add_author_id_to_time_entries.rb b/db/migrate/20180501132547_add_author_id_to_time_entries.rb new file mode 100644 index 000000000..3d79bf210 --- /dev/null +++ b/db/migrate/20180501132547_add_author_id_to_time_entries.rb @@ -0,0 +1,11 @@ +class AddAuthorIdToTimeEntries < ActiveRecord::Migration[5.1] + def up + add_column :time_entries, :author_id, :integer, :default => nil, :after => :project_id + # Copy existing user_id to author_id + TimeEntry.update_all('author_id = user_id') + end + + def down + remove_column :time_entries, :author_id + end +end diff --git a/lib/redmine.rb b/lib/redmine.rb index 6e7d10974..111653499 100644 --- a/lib/redmine.rb +++ b/lib/redmine.rb @@ -126,6 +126,7 @@ Redmine::AccessControl.map do |map| map.permission :edit_time_entries, {:timelog => [:edit, :update, :destroy, :bulk_edit, :bulk_update]}, :require => :member map.permission :edit_own_time_entries, {:timelog => [:edit, :update, :destroy,:bulk_edit, :bulk_update]}, :require => :loggedin map.permission :manage_project_activities, {:projects => :settings, :project_enumerations => [:update, :destroy]}, :require => :member + map.permission :log_time_for_other_users, :require => :member end map.project_module :news do |map| diff --git a/test/fixtures/time_entries.yml b/test/fixtures/time_entries.yml index 1b3c9caf3..4165c2ab6 100644 --- a/test/fixtures/time_entries.yml +++ b/test/fixtures/time_entries.yml @@ -1,5 +1,5 @@ ---- -time_entries_001: +--- +time_entries_001: created_on: 2007-03-23 12:54:18 +01:00 tweek: 12 tmonth: 3 @@ -12,8 +12,9 @@ time_entries_001: id: 1 hours: 4.25 user_id: 2 + author_id: 2 tyear: 2007 -time_entries_002: +time_entries_002: created_on: 2007-03-23 14:11:04 +01:00 tweek: 11 tmonth: 3 @@ -26,8 +27,9 @@ time_entries_002: id: 2 hours: 150.0 user_id: 1 + author_id: 1 tyear: 2007 -time_entries_003: +time_entries_003: created_on: 2007-04-21 12:20:48 +02:00 tweek: 16 tmonth: 4 @@ -40,8 +42,9 @@ time_entries_003: id: 3 hours: 1.0 user_id: 1 + author_id: 1 tyear: 2007 -time_entries_004: +time_entries_004: created_on: 2007-04-22 12:20:48 +02:00 tweek: 16 tmonth: 4 @@ -50,12 +53,13 @@ time_entries_004: updated_on: 2007-04-22 12:20:48 +02:00 activity_id: 10 spent_on: 2007-04-22 - issue_id: + issue_id: id: 4 hours: 7.65 user_id: 1 + author_id: 1 tyear: 2007 -time_entries_005: +time_entries_005: created_on: 2011-03-22 12:20:48 +02:00 tweek: 12 tmonth: 3 @@ -64,9 +68,10 @@ time_entries_005: updated_on: 2011-03-22 12:20:48 +02:00 activity_id: 10 spent_on: 2011-03-22 - issue_id: + issue_id: id: 5 hours: 7.65 user_id: 1 + author_id: 1 tyear: 2011 - + diff --git a/test/functional/project_enumerations_controller_test.rb b/test/functional/project_enumerations_controller_test.rb index 2d87b13a7..3fa579a3d 100644 --- a/test/functional/project_enumerations_controller_test.rb +++ b/test/functional/project_enumerations_controller_test.rb @@ -143,8 +143,8 @@ class ProjectEnumerationsControllerTest < Redmine::ControllerTest :enumerations => { "9"=> { "parent_id"=>"9", "custom_field_values"=> { - "7" => "1"}, "active"=>"0"} # Design, De-activate - + "7" => "1"}, "active"=>"0"} # Design, De-activate + } } assert_response :redirect @@ -163,10 +163,11 @@ class ProjectEnumerationsControllerTest < Redmine::ControllerTest # TODO: Need to cause an exception on create but these tests # aren't setup for mocking. Just create a record now so the # second one is a dupicate + user = User.find(1) parent = TimeEntryActivity.find(9) TimeEntryActivity.create!({:name => parent.name, :project_id => 1, :position => parent.position, :active => true, :parent_id => 9}) - TimeEntry.create!({:project_id => 1, :hours => 1.0, :user => User.find(1), + TimeEntry.create!({:project_id => 1, :hours => 1.0, :user => user, :author => user, :issue_id => 3, :activity_id => 10, :spent_on => '2009-01-01'}) assert_equal 3, TimeEntry.where(:activity_id => 9, :project_id => 1).count assert_equal 1, TimeEntry.where(:activity_id => 10, :project_id => 1).count diff --git a/test/functional/timelog_controller_test.rb b/test/functional/timelog_controller_test.rb index 1139d0756..572a4d937 100644 --- a/test/functional/timelog_controller_test.rb +++ b/test/functional/timelog_controller_test.rb @@ -102,6 +102,40 @@ class TimelogControllerTest < Redmine::ControllerTest assert_select 'option', :text => 'Inactive Activity', :count => 0 end + def test_new_should_show_user_select_if_user_has_permission + Role.find_by_name('Manager').add_permission! :log_time_for_other_users + @request.session[:user_id] = 2 + + get :new, :params => {:project_id => 1} + assert_response :success + assert_select 'select[name=?]', 'time_entry[user_id]' do + assert_select 'option', 3 + assert_select 'option[value=?]', '2', 2 + assert_select 'option[value=?]', '3', 1 + # locked members should not be available + assert_select 'option[value=?]', '4', 0 + end + end + + def test_new_user_select_should_include_current_user_if_is_logged + @request.session[:user_id] = 1 + + get :new, :params => {:project_id => 1} + assert_response :success + assert_select 'select[name=?]', 'time_entry[user_id]' do + assert_select 'option[value=?]', '1', :text => '<< me >>' + assert_select 'option[value=?]', '1', :text => 'Redmine Admin' + end + end + + def test_new_should_not_show_user_select_if_user_does_not_have_permission + @request.session[:user_id] = 2 + + get :new, :params => {:project_id => 1} + assert_response :success + assert_select 'select[name=?]', 'time_entry[user_id]', 0 + end + def test_post_new_as_js_should_update_activity_options @request.session[:user_id] = 3 post :new, :params => {:time_entry => {:project_id => 1}, :format => 'js'} @@ -268,6 +302,49 @@ class TimelogControllerTest < Redmine::ControllerTest assert !response.body.include?('issue_that_is_not_visible') end + def test_create_for_other_user + Role.find_by_name('Manager').add_permission! :log_time_for_other_users + @request.session[:user_id] = 2 + + post :create, :params => { + :project_id => 1, + :time_entry => {:comments => 'Some work on TimelogControllerTest', + # Not the default activity + :activity_id => '11', + :spent_on => '2008-03-14', + :issue_id => '1', + :hours => '7.3', + :user_id => '3' + } + } + + assert_redirected_to '/projects/ecookbook/time_entries' + + t = TimeEntry.last + assert_equal 3, t.user_id + assert_equal 2, t.author_id + end + + def test_create_for_other_user_should_deny_for_user_without_permission + Role.find_by_name('Manager').remove_permission! :log_time_for_other_users + @request.session[:user_id] = 2 + + post :create, :params => { + :project_id => 1, + :time_entry => {:comments => 'Some work on TimelogControllerTest', + # Not the default activity + :activity_id => '11', + :spent_on => '2008-03-14', + :issue_id => '1', + :hours => '7.3', + :user_id => '3' + } + } + + assert_response 403 + assert_select 'p[id=?]', 'errorExplanation', :text => 'Your role is not allowed to log time for other users' + end + def test_create_and_continue_at_project_level @request.session[:user_id] = 2 assert_difference 'TimeEntry.count' do @@ -533,6 +610,21 @@ class TimelogControllerTest < Redmine::ControllerTest assert_select_error /Issue is invalid/ end + def test_update_should_deny_changing_user_for_user_without_permission + Role.find_by_name('Manager').remove_permission! :log_time_for_other_users + @request.session[:user_id] = 2 + + put :update, :params => { + :id => 3, + :time_entry => { + :user_id => '3' + } + } + + assert_response 403 + assert_select 'p[id=?]', 'errorExplanation', :text => 'Your role is not allowed to log time for other users' + end + def test_get_bulk_edit @request.session[:user_id] = 2 @@ -934,9 +1026,9 @@ class TimelogControllerTest < Redmine::ControllerTest end def test_index_should_sort_by_spent_on_and_created_on - t1 = TimeEntry.create!(:user => User.find(1), :project => Project.find(1), :hours => 1, :spent_on => '2012-06-16', :created_on => '2012-06-16 20:00:00', :activity_id => 10) - t2 = TimeEntry.create!(:user => User.find(1), :project => Project.find(1), :hours => 1, :spent_on => '2012-06-16', :created_on => '2012-06-16 20:05:00', :activity_id => 10) - t3 = TimeEntry.create!(:user => User.find(1), :project => Project.find(1), :hours => 1, :spent_on => '2012-06-15', :created_on => '2012-06-16 20:10:00', :activity_id => 10) + t1 = TimeEntry.create!(:author => User.find(1), :user => User.find(1), :project => Project.find(1), :hours => 1, :spent_on => '2012-06-16', :created_on => '2012-06-16 20:00:00', :activity_id => 10) + t2 = TimeEntry.create!(:author => User.find(1), :user => User.find(1), :project => Project.find(1), :hours => 1, :spent_on => '2012-06-16', :created_on => '2012-06-16 20:05:00', :activity_id => 10) + t3 = TimeEntry.create!(:author => User.find(1), :user => User.find(1), :project => Project.find(1), :hours => 1, :spent_on => '2012-06-15', :created_on => '2012-06-16 20:10:00', :activity_id => 10) get :index, :params => { :project_id => 1, @@ -1100,6 +1192,27 @@ class TimelogControllerTest < Redmine::ControllerTest assert_select 'td.issue-category', :text => 'Printing' end + def test_index_with_author_filter + get :index, :params => { + :project_id => 'ecookbook', + :f => ['author_id'], + :op => {'author_id' => '='}, + :v => {'author_id' => ['2']} + } + assert_response :success + assert_equal ['1'], css_select('input[name="ids[]"]').map {|e| e.attr('value')} + end + + def test_index_with_author_column + get :index, :params => { + :project_id => 'ecookbook', + :c => %w(project spent_on issue comments hours author) + } + + assert_response :success + assert_select 'td.author', :text => 'Redmine Admin' + end + def test_index_with_issue_category_sort issue = Issue.find(3) issue.category_id = 2 diff --git a/test/object_helpers.rb b/test/object_helpers.rb index 8dd8df558..0e490efe1 100644 --- a/test/object_helpers.rb +++ b/test/object_helpers.rb @@ -144,6 +144,7 @@ module ObjectHelpers def TimeEntry.generate(attributes={}) entry = TimeEntry.new(attributes) entry.user ||= User.find(2) + entry.author ||= entry.user entry.issue ||= Issue.find(1) unless entry.project entry.project ||= entry.issue.project entry.activity ||= TimeEntryActivity.first diff --git a/test/unit/lib/redmine/export/pdf/issues_pdf_test.rb b/test/unit/lib/redmine/export/pdf/issues_pdf_test.rb index c7b3ae9fb..14f34db24 100644 --- a/test/unit/lib/redmine/export/pdf/issues_pdf_test.rb +++ b/test/unit/lib/redmine/export/pdf/issues_pdf_test.rb @@ -27,8 +27,10 @@ class IssuesPdfHelperTest < ActiveSupport::TestCase query = IssueQuery.new(:project => Project.find(1), :name => '_') query.column_names = [:subject, :spent_hours] issue = Issue.find(2) - TimeEntry.create(:spent_on => Date.today, :hours => 4.3432, :user => User.find(1), + user = User.find(1) + time_entry = TimeEntry.create!(:spent_on => Date.today, :hours => 4.3432, :user => user, :author => user, :project_id => 1, :issue => issue, :activity => TimeEntryActivity.first) + results = fetch_row_values(issue, query, 0) assert_equal ["2", "Add ingredients categories", "4.34"], results end diff --git a/test/unit/time_entry_test.rb b/test/unit/time_entry_test.rb index 2551c6fa4..b2420856a 100644 --- a/test/unit/time_entry_test.rb +++ b/test/unit/time_entry_test.rb @@ -185,6 +185,7 @@ class TimeEntryTest < ActiveSupport::TestCase :issue => issue, :project => project, :user => anon, + :author => anon, :activity => activity) assert_equal 1, te.errors.count end @@ -223,10 +224,27 @@ class TimeEntryTest < ActiveSupport::TestCase def test_create_with_required_issue_id_and_comment_should_be_validated set_language_if_valid 'en' with_settings :timelog_required_fields => ['issue_id' , 'comments'] do - entry = TimeEntry.new(:project => Project.find(1), :spent_on => Date.today, :user => User.find(1), :activity => TimeEntryActivity.first, :hours => 1) + entry = TimeEntry.new(:project => Project.find(1), :spent_on => Date.today, :author => User.find(1), :user => User.find(1), :activity => TimeEntryActivity.first, :hours => 1) assert !entry.save assert_equal ["Comment cannot be blank", "Issue cannot be blank"], entry.errors.full_messages.sort end end + + def test_create_should_validate_user_id + entry = TimeEntry.new(:spent_on => '2010-01-01', + :hours => 10, + :project_id => 1, + :user_id => 4) + + assert !entry.save + assert_equal ["User is invalid"], entry.errors.full_messages.sort + end + + def test_assignable_users_should_include_active_project_members_with_log_time_permission + Role.find(2).remove_permission! :log_time + time_entry = TimeEntry.find(1) + + assert_equal [2], time_entry.assignable_users.map(&:id) + end end -- 2.39.5