diff options
author | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2016-11-26 09:01:20 +0000 |
---|---|---|
committer | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2016-11-26 09:01:20 +0000 |
commit | 35dff9428f726cc40dfc0b4432a80f145bb5a619 (patch) | |
tree | 31bfcb7bc532b36e8ca6fe1e90a1436485b4969f /app/controllers | |
parent | df3ed1da95bfabbc8abbfd1a803c63f298a53bb0 (diff) | |
download | redmine-35dff9428f726cc40dfc0b4432a80f145bb5a619.tar.gz redmine-35dff9428f726cc40dfc0b4432a80f145bb5a619.zip |
Merged r15955 and r15956 (#24297).
git-svn-id: http://svn.redmine.org/redmine/branches/3.2-stable@16000 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat (limited to 'app/controllers')
-rw-r--r-- | app/controllers/timelog_controller.rb | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/app/controllers/timelog_controller.rb b/app/controllers/timelog_controller.rb index 59efb9d78..29c5de32d 100644 --- a/app/controllers/timelog_controller.rb +++ b/app/controllers/timelog_controller.rb @@ -19,6 +19,7 @@ class TimelogController < ApplicationController menu_item :issues before_filter :find_time_entry, :only => [:show, :edit, :update] + before_filter :check_editability, :only => [:edit, :update] before_filter :find_time_entries, :only => [:bulk_edit, :bulk_update, :destroy] before_filter :authorize, :only => [:show, :edit, :update, :bulk_edit, :bulk_update, :destroy] @@ -222,13 +223,16 @@ class TimelogController < ApplicationController private def find_time_entry @time_entry = TimeEntry.find(params[:id]) + @project = @time_entry.project + rescue ActiveRecord::RecordNotFound + render_404 + end + + def check_editability unless @time_entry.editable_by?(User.current) render_403 return false end - @project = @time_entry.project - rescue ActiveRecord::RecordNotFound - render_404 end def find_time_entries |