diff options
| author | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2015-05-30 07:40:57 +0000 |
|---|---|---|
| committer | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2015-05-30 07:40:57 +0000 |
| commit | 6659aad3ef651b714a66d648cef2f25e3fff8516 (patch) | |
| tree | 4f820edcddb221573b29f91a05786eabff94dd7a /app/models/time_entry.rb | |
| parent | 5e28f0b1b6aaabb327d458213f14cf6e5b90ae8a (diff) | |
| download | redmine-6659aad3ef651b714a66d648cef2f25e3fff8516.tar.gz redmine-6659aad3ef651b714a66d648cef2f25e3fff8516.zip | |
Adds a role setting that viewing all or own time entries (#8929).
git-svn-id: http://svn.redmine.org/redmine/trunk@14275 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat (limited to 'app/models/time_entry.rb')
| -rw-r--r-- | app/models/time_entry.rb | 32 |
1 files changed, 30 insertions, 2 deletions
diff --git a/app/models/time_entry.rb b/app/models/time_entry.rb index 87d27c1de..c5a917d96 100644 --- a/app/models/time_entry.rb +++ b/app/models/time_entry.rb @@ -46,7 +46,7 @@ class TimeEntry < ActiveRecord::Base scope :visible, lambda {|*args| joins(:project). - where(Project.allowed_to_condition(args.shift || User.current, :view_time_entries, *args)) + where(TimeEntry.visible_condition(args.shift || User.current, *args)) } scope :on_issue, lambda {|issue| joins(:issue). @@ -55,6 +55,32 @@ class TimeEntry < ActiveRecord::Base safe_attributes 'hours', 'comments', 'project_id', 'issue_id', 'activity_id', 'spent_on', 'custom_field_values', 'custom_fields' + # Returns a SQL conditions string used to find all time entries visible by the specified user + def self.visible_condition(user, options={}) + Project.allowed_to_condition(user, :view_time_entries, options) do |role, user| + if role.time_entries_visibility == 'all' + nil + elsif role.time_entries_visibility == 'own' && user.id && user.logged? + "#{table_name}.user_id = #{user.id}" + else + '1=0' + end + end + end + + # Returns true if user or current user is allowed to view the time entry + def visible?(user=nil) + (user || User.current).allowed_to?(:view_time_entries, self.project) do |role, user| + if role.time_entries_visibility == 'all' + true + elsif role.time_entries_visibility == 'own' + self.user == user + else + false + end + end + end + def initialize(attributes=nil, *args) super if new_record? && self.activity.nil? @@ -116,7 +142,9 @@ class TimeEntry < ActiveRecord::Base # Returns true if the time entry can be edited by usr, otherwise false def editable_by?(usr) - (usr == user && usr.allowed_to?(:edit_own_time_entries, project)) || usr.allowed_to?(:edit_time_entries, project) + visible?(usr) && ( + (usr == user && usr.allowed_to?(:edit_own_time_entries, project)) || usr.allowed_to?(:edit_time_entries, project) + ) end # Returns the custom_field_values that can be edited by the given user |