Adds 2 permissions (closes #859):

* edit_time_entries: lets a user edit/delete any time entry * edit_own_time_entries: lets a user edit/delete its own time entries only git-svn-id: http://redmine.rubyforge.org/svn/trunk@1249 e93f8b46-1217-0410-a6f0-8f06a7374b81
author: Jean-Philippe Lang <jp_lang@yahoo.fr> 2008-03-14 21:17:09 +0000
committer: Jean-Philippe Lang <jp_lang@yahoo.fr> 2008-03-14 21:17:09 +0000
commit: 993b60d61eb927cff21ea0b06c1631eb986f6a51 (patch)
tree: 940e5d4f7c08e2e8dfcf02839c63cac8587c44a1 /app
parent: 4957752d122388f15738b47b2872465da81a6d32 (diff)
download: redmine-993b60d61eb927cff21ea0b06c1631eb986f6a51.tar.gz
redmine-993b60d61eb927cff21ea0b06c1631eb986f6a51.zip
4 files changed, 26 insertions, 7 deletions
diff --git a/app/controllers/timelog_controller.rb b/app/controllers/timelog_controller.rb
index d672ac577..38c1fb04c 100644
--- a/app/controllers/timelog_controller.rb
+++ b/app/controllers/timelog_controller.rb
@@ -20,6 +20,8 @@ class TimelogController < ApplicationController
   menu_item :issues
   before_filter :find_project, :authorize
 
+  verify :method => :post, :only => :destroy, :redirect_to => { :action => :details }
+  
   helper :sort
   include SortHelper
   helper :issues
@@ -198,16 +200,24 @@ class TimelogController < ApplicationController
   end
   
   def edit
-    render_404 and return if @time_entry && @time_entry.user != User.current
+    render_403 and return if @time_entry && !@time_entry.editable_by?(User.current)
     @time_entry ||= TimeEntry.new(:project => @project, :issue => @issue, :user => User.current, :spent_on => Date.today)
     @time_entry.attributes = params[:time_entry]
     if request.post? and @time_entry.save
       flash[:notice] = l(:notice_successful_update)
-      redirect_to :action => 'details', :project_id => @time_entry.project, :issue_id => @time_entry.issue
+      redirect_to :action => 'details', :project_id => @time_entry.project
       return
     end    
     @activities = Enumeration::get_values('ACTI')
   end
+  
+  def destroy
+    render_404 and return unless @time_entry
+    render_403 and return unless @time_entry.editable_by?(User.current)
+    @time_entry.destroy
+    flash[:notice] = l(:notice_successful_delete)
+    redirect_to :action => 'details', :project_id => @time_entry.project
+  end
 
 private
   def find_project
@@ -223,5 +233,7 @@ private
       render_404
       return false
     end
+  rescue ActiveRecord::RecordNotFound
+    render_404
   end
 end
diff --git a/app/models/time_entry.rb b/app/models/time_entry.rb
index 0f8f62889..bcf6d1223 100644
--- a/app/models/time_entry.rb
+++ b/app/models/time_entry.rb
@@ -50,7 +50,7 @@ class TimeEntry < ActiveRecord::Base
   
   # Returns true if the time entry can be edited by usr, otherwise false
   def editable_by?(usr)
-    usr == self.user
+    (usr == user && usr.allowed_to?(:edit_own_time_entries, project)) || usr.allowed_to?(:edit_time_entries, project)
   end
   
   def self.visible_by(usr)
diff --git a/app/views/issues/show.rhtml b/app/views/issues/show.rhtml
index d9727cae7..77d9ce640 100644
--- a/app/views/issues/show.rhtml
+++ b/app/views/issues/show.rhtml
@@ -33,7 +33,7 @@
     <td><b><%=l(:field_category)%> :</b></td><td><%=h @issue.category ? @issue.category.name : "-" %></td>
     <% if User.current.allowed_to?(:view_time_entries, @project) %>
     <td><b><%=l(:label_spent_time)%> :</b></td>
-    <td><%= @issue.spent_hours > 0 ? (link_to lwr(:label_f_hour, @issue.spent_hours), {:controller => 'timelog', :action => 'details', :issue_id => @issue}, :class => 'icon icon-time') : "-" %></td>
+    <td><%= @issue.spent_hours > 0 ? (link_to lwr(:label_f_hour, @issue.spent_hours), {:controller => 'timelog', :action => 'details', :project_id => @project, :issue_id => @issue}, :class => 'icon icon-time') : "-" %></td>
     <% end %>
 </tr>
 <tr>
diff --git a/app/views/timelog/_list.rhtml b/app/views/timelog/_list.rhtml
index ae5b6376a..67e3c67d5 100644
--- a/app/views/timelog/_list.rhtml
+++ b/app/views/timelog/_list.rhtml
@@ -23,9 +23,16 @@
 </td>
 <td class="comments"><%=h entry.comments %></td>
 <td class="hours"><%= html_hours("%.2f" % entry.hours) %></td>
-<td align="center"><%= link_to_if_authorized(l(:button_edit), 
-                                             {:controller => 'timelog', :action => 'edit', :id => entry},
-                                             :class => 'icon icon-edit') if entry.editable_by?(User.current) %></td>
+<td align="center">
+<% if entry.editable_by?(User.current) -%>
+    <%= link_to image_tag('edit.png'), {:controller => 'timelog', :action => 'edit', :id => entry},
+                                       :title => l(:button_edit) %>
+    <%= link_to image_tag('delete.png'), {:controller => 'timelog', :action => 'destroy', :id => entry},
+                                         :confirm => l(:text_are_you_sure),
+                                         :method => :post,
+                                         :title => l(:button_delete) %>
+<% end -%>
+</td>
 </tr>
 <% end -%>
 </tbdoy>
author	Jean-Philippe Lang <jp_lang@yahoo.fr>	2008-03-14 21:17:09 +0000
committer	Jean-Philippe Lang <jp_lang@yahoo.fr>	2008-03-14 21:17:09 +0000
commit	993b60d61eb927cff21ea0b06c1631eb986f6a51 (patch)
tree	940e5d4f7c08e2e8dfcf02839c63cac8587c44a1 /app
parent	4957752d122388f15738b47b2872465da81a6d32 (diff)
download	redmine-993b60d61eb927cff21ea0b06c1631eb986f6a51.tar.gz redmine-993b60d61eb927cff21ea0b06c1631eb986f6a51.zip