From 35dff9428f726cc40dfc0b4432a80f145bb5a619 Mon Sep 17 00:00:00 2001
From: Jean-Philippe Lang <jp_lang@yahoo.fr>
Date: Sat, 26 Nov 2016 09:01:20 +0000
Subject: [PATCH] Merged r15955 and r15956 (#24297).

git-svn-id: http://svn.redmine.org/redmine/branches/3.2-stable@16000 e93f8b46-1217-0410-a6f0-8f06a7374b81
---
 app/controllers/timelog_controller.rb          | 10 +++++++---
 test/integration/api_test/time_entries_test.rb | 11 +++++++++++
 2 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/app/controllers/timelog_controller.rb b/app/controllers/timelog_controller.rb
index 59efb9d78..29c5de32d 100644
--- a/app/controllers/timelog_controller.rb
+++ b/app/controllers/timelog_controller.rb
@@ -19,6 +19,7 @@ class TimelogController < ApplicationController
   menu_item :issues
 
   before_filter :find_time_entry, :only => [:show, :edit, :update]
+  before_filter :check_editability, :only => [:edit, :update]
   before_filter :find_time_entries, :only => [:bulk_edit, :bulk_update, :destroy]
   before_filter :authorize, :only => [:show, :edit, :update, :bulk_edit, :bulk_update, :destroy]
 
@@ -222,13 +223,16 @@ class TimelogController < ApplicationController
 private
   def find_time_entry
     @time_entry = TimeEntry.find(params[:id])
+    @project = @time_entry.project
+  rescue ActiveRecord::RecordNotFound
+    render_404
+  end
+
+  def check_editability
     unless @time_entry.editable_by?(User.current)
       render_403
       return false
     end
-    @project = @time_entry.project
-  rescue ActiveRecord::RecordNotFound
-    render_404
   end
 
   def find_time_entries
diff --git a/test/integration/api_test/time_entries_test.rb b/test/integration/api_test/time_entries_test.rb
index f9d31eb8b..546f19a19 100644
--- a/test/integration/api_test/time_entries_test.rb
+++ b/test/integration/api_test/time_entries_test.rb
@@ -48,6 +48,17 @@ class Redmine::ApiTest::TimeEntriesTest < Redmine::ApiTest::Base
     assert_select 'time_entry id', :text => '2'
   end
 
+  test "GET /time_entries/:id.xml on closed project should return the time entry" do
+    project = TimeEntry.find(2).project
+    project.close
+    project.save!
+
+    get '/time_entries/2.xml', {}, credentials('jsmith')
+    assert_response :success
+    assert_equal 'application/xml', @response.content_type
+    assert_select 'time_entry id', :text => '2'
+  end
+
   test "POST /time_entries.xml with issue_id should create time entry" do
     assert_difference 'TimeEntry.count' do
       post '/time_entries.xml', {:time_entry => {:issue_id => '1', :spent_on => '2010-12-02', :hours => '3.5', :activity_id => '11'}}, credentials('jsmith')
-- 
2.39.5