diff options
| author | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2018-12-16 16:28:22 +0000 |
|---|---|---|
| committer | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2018-12-16 16:28:22 +0000 |
| commit | 2fdbcd35dd8cc2f6b98340825a57afd24ff89670 (patch) | |
| tree | bf05ccb4c0ad1109229cea2b5309fab4c27f8e51 /app/controllers/timelog_controller.rb | |
| parent | 537f162f27d91ad99fadd4be74c878adf33f0583 (diff) | |
| download | redmine-2fdbcd35dd8cc2f6b98340825a57afd24ff89670.tar.gz redmine-2fdbcd35dd8cc2f6b98340825a57afd24ff89670.zip | |
Adds a permission to log time for another user (#3848).
Patch by Marius BALTEANU.
git-svn-id: http://svn.redmine.org/redmine/trunk@17755 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat (limited to 'app/controllers/timelog_controller.rb')
| -rw-r--r-- | app/controllers/timelog_controller.rb | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/app/controllers/timelog_controller.rb b/app/controllers/timelog_controller.rb index 47dc7c4f5..f0988fad9 100644 --- a/app/controllers/timelog_controller.rb +++ b/app/controllers/timelog_controller.rb @@ -26,6 +26,8 @@ class TimelogController < ApplicationController before_action :find_optional_issue, :only => [:new, :create] before_action :find_optional_project, :only => [:index, :report] + before_action :authorize_logging_time_for_other_users, :only => [:create, :update] + accept_rss_auth :index accept_api_auth :index, :show, :create, :update, :destroy @@ -90,12 +92,12 @@ class TimelogController < ApplicationController end def new - @time_entry ||= TimeEntry.new(:project => @project, :issue => @issue, :user => User.current, :spent_on => User.current.today) + @time_entry ||= TimeEntry.new(:project => @project, :issue => @issue, :author => User.current, :spent_on => User.current.today) @time_entry.safe_attributes = params[:time_entry] end def create - @time_entry ||= TimeEntry.new(:project => @project, :issue => @issue, :user => User.current, :spent_on => User.current.today) + @time_entry ||= TimeEntry.new(:project => @project, :issue => @issue, :author => User.current, :user => User.current, :spent_on => User.current.today) @time_entry.safe_attributes = params[:time_entry] if @time_entry.project && !User.current.allowed_to?(:log_time, @time_entry.project) render_403 @@ -145,7 +147,6 @@ class TimelogController < ApplicationController def update @time_entry.safe_attributes = params[:time_entry] - call_hook(:controller_timelog_edit_before_save, { :params => params, :time_entry => @time_entry }) if @time_entry.save @@ -254,6 +255,13 @@ private end end + def authorize_logging_time_for_other_users + if !User.current.allowed_to?(:log_time_for_other_users, @project) && params['time_entry'].present? && params['time_entry']['user_id'].present? && params['time_entry']['user_id'].to_i != User.current.id + render_error :message => l(:error_not_allowed_to_log_time_for_other_users), :status => 403 + return false + end + end + def find_time_entries @time_entries = TimeEntry.where(:id => params[:id] || params[:ids]). preload(:project => :time_entry_activities). |