git-svn-id: http://svn.redmine.org/redmine/trunk@14242 e93f8b46-1217-0410-a6f0-8f06a7374b81tags/3.1.0
@@ -76,9 +76,9 @@ class ContextMenusController < ApplicationController | |||
@projects = @time_entries.collect(&:project).compact.uniq | |||
@project = @projects.first if @projects.size == 1 | |||
@activities = TimeEntryActivity.shared.active | |||
@can = {:edit => User.current.allowed_to?(:edit_time_entries, @projects), | |||
:delete => User.current.allowed_to?(:edit_time_entries, @projects) | |||
} | |||
edit_allowed = @time_entries.all? {|t| t.editable_by?(User.current)} | |||
@can = {:edit => edit_allowed, :delete => edit_allowed} | |||
@back = back_url | |||
@options_by_custom_field = {} |
@@ -234,6 +234,7 @@ private | |||
def find_time_entries | |||
@time_entries = TimeEntry.where(:id => params[:id] || params[:ids]).to_a | |||
raise ActiveRecord::RecordNotFound if @time_entries.empty? | |||
raise Unauthorized unless @time_entries.all? {|t| t.editable_by?(User.current)} | |||
@projects = @time_entries.collect(&:project).compact.uniq | |||
@project = @projects.first if @projects.size == 1 | |||
rescue ActiveRecord::RecordNotFound |
@@ -276,6 +276,18 @@ class ContextMenusControllerTest < ActionController::TestCase | |||
end | |||
end | |||
def test_time_entries_context_menu_with_edit_own_time_entries_permission | |||
@request.session[:user_id] = 2 | |||
Role.find_by_name('Manager').remove_permission! :edit_time_entries | |||
Role.find_by_name('Manager').add_permission! :edit_own_time_entries | |||
ids = (0..1).map {TimeEntry.generate!(:user => User.find(2)).id} | |||
get :time_entries, :ids => ids | |||
assert_response :success | |||
assert_template 'context_menus/time_entries' | |||
assert_select 'a:not(.disabled)', :text => 'Edit' | |||
end | |||
def test_time_entries_context_menu_without_edit_permission | |||
@request.session[:user_id] = 2 | |||
Role.find_by_name('Manager').remove_permission! :edit_time_entries |
@@ -425,6 +425,16 @@ class TimelogControllerTest < ActionController::TestCase | |||
assert_template 'bulk_edit' | |||
end | |||
def test_bulk_edit_with_edit_own_time_entries_permission | |||
@request.session[:user_id] = 2 | |||
Role.find_by_name('Manager').remove_permission! :edit_time_entries | |||
Role.find_by_name('Manager').add_permission! :edit_own_time_entries | |||
ids = (0..1).map {TimeEntry.generate!(:user => User.find(2)).id} | |||
get :bulk_edit, :ids => ids | |||
assert_response :success | |||
end | |||
def test_bulk_update | |||
@request.session[:user_id] = 2 | |||
# update time entry activity | |||
@@ -466,6 +476,25 @@ class TimelogControllerTest < ActionController::TestCase | |||
assert_response 403 | |||
end | |||
def test_bulk_update_with_edit_own_time_entries_permission | |||
@request.session[:user_id] = 2 | |||
Role.find_by_name('Manager').remove_permission! :edit_time_entries | |||
Role.find_by_name('Manager').add_permission! :edit_own_time_entries | |||
ids = (0..1).map {TimeEntry.generate!(:user => User.find(2)).id} | |||
post :bulk_update, :ids => ids, :time_entry => { :activity_id => 9 } | |||
assert_response 302 | |||
end | |||
def test_bulk_update_with_edit_own_time_entries_permissions_should_be_denied_for_time_entries_of_other_user | |||
@request.session[:user_id] = 2 | |||
Role.find_by_name('Manager').remove_permission! :edit_time_entries | |||
Role.find_by_name('Manager').add_permission! :edit_own_time_entries | |||
post :bulk_update, :ids => [1, 2], :time_entry => { :activity_id => 9 } | |||
assert_response 403 | |||
end | |||
def test_bulk_update_custom_field | |||
@request.session[:user_id] = 2 | |||
post :bulk_update, :ids => [1, 2], :time_entry => { :custom_field_values => {'10' => '0'} } |