diff options
| author | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2016-11-26 08:58:41 +0000 |
|---|---|---|
| committer | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2016-11-26 08:58:41 +0000 |
| commit | 6ebb700db2f5d293661f6663e1de6f8ecdb07de2 (patch) | |
| tree | 6ac7e37a408d0c89a6b093066638ef7a1092b1a9 /app/controllers/timelog_controller.rb | |
| parent | 1a374308580e9d5341d9c942a576a1a0ae9afc48 (diff) | |
| download | redmine-6ebb700db2f5d293661f6663e1de6f8ecdb07de2.tar.gz redmine-6ebb700db2f5d293661f6663e1de6f8ecdb07de2.zip | |
Merged r15955 and r15956 (#24297).
git-svn-id: http://svn.redmine.org/redmine/branches/3.3-stable@15999 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat (limited to 'app/controllers/timelog_controller.rb')
| -rw-r--r-- | app/controllers/timelog_controller.rb | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/app/controllers/timelog_controller.rb b/app/controllers/timelog_controller.rb index 66ae97678..7e4d6b71d 100644 --- a/app/controllers/timelog_controller.rb +++ b/app/controllers/timelog_controller.rb @@ -19,6 +19,7 @@ class TimelogController < ApplicationController menu_item :issues before_filter :find_time_entry, :only => [:show, :edit, :update] + before_filter :check_editability, :only => [:edit, :update] before_filter :find_time_entries, :only => [:bulk_edit, :bulk_update, :destroy] before_filter :authorize, :only => [:show, :edit, :update, :bulk_edit, :bulk_update, :destroy] @@ -222,13 +223,16 @@ class TimelogController < ApplicationController private def find_time_entry @time_entry = TimeEntry.find(params[:id]) + @project = @time_entry.project + rescue ActiveRecord::RecordNotFound + render_404 + end + + def check_editability unless @time_entry.editable_by?(User.current) render_403 return false end - @project = @time_entry.project - rescue ActiveRecord::RecordNotFound - render_404 end def find_time_entries |