Don't let users log time on issues they cannot see in their projects (#21150).

git-svn-id: http://svn.redmine.org/redmine/trunk@14796 e93f8b46-1217-0410-a6f0-8f06a7374b81
author: Jean-Philippe Lang <jp_lang@yahoo.fr> 2015-11-04 18:40:15 +0000
committer: Jean-Philippe Lang <jp_lang@yahoo.fr> 2015-11-04 18:40:15 +0000
commit: 945a091c94a9ed651f61e225fa8646479478e9d4 (patch)
tree: 146eb7f80fc8ed8f5b7c9289ca360e766448bbbc /app/models/time_entry.rb
parent: c096dde88ff02872ba35edc4dc403c80a7867b5c (diff)
download: redmine-945a091c94a9ed651f61e225fa8646479478e9d4.tar.gz
redmine-945a091c94a9ed651f61e225fa8646479478e9d4.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/app/models/time_entry.rb b/app/models/time_entry.rb
index b133f502a..ea33c0bc6 100644
--- a/app/models/time_entry.rb
+++ b/app/models/time_entry.rb
@@ -95,7 +95,7 @@ class TimeEntry < ActiveRecord::Base
     if attrs
       attrs = super(attrs)
       if issue_id_changed? && issue
-        if user.allowed_to?(:log_time, issue.project)
+        if issue.visible?(user) && user.allowed_to?(:log_time, issue.project)
           if attrs[:project_id].blank? && issue.project_id != project_id
             self.project_id = issue.project_id
           end
author	Jean-Philippe Lang <jp_lang@yahoo.fr>	2015-11-04 18:40:15 +0000
committer	Jean-Philippe Lang <jp_lang@yahoo.fr>	2015-11-04 18:40:15 +0000
commit	945a091c94a9ed651f61e225fa8646479478e9d4 (patch)
tree	146eb7f80fc8ed8f5b7c9289ca360e766448bbbc /app/models/time_entry.rb
parent	c096dde88ff02872ba35edc4dc403c80a7867b5c (diff)
download	redmine-945a091c94a9ed651f61e225fa8646479478e9d4.tar.gz redmine-945a091c94a9ed651f61e225fa8646479478e9d4.zip