diff options
-rw-r--r-- | app/controllers/application.rb | 6 | ||||
-rw-r--r-- | app/controllers/timelog_controller.rb | 40 | ||||
-rw-r--r-- | app/helpers/timelog_helper.rb | 8 | ||||
-rw-r--r-- | app/models/user.rb | 2 | ||||
-rw-r--r-- | app/views/timelog/details.rhtml | 6 | ||||
-rw-r--r-- | app/views/timelog/report.rhtml | 2 | ||||
-rw-r--r-- | config/routes.rb | 2 | ||||
-rw-r--r-- | test/functional/timelog_controller_test.rb | 54 |
8 files changed, 100 insertions, 20 deletions
diff --git a/app/controllers/application.rb b/app/controllers/application.rb index 7a56e61f0..d21d0bd8c 100644 --- a/app/controllers/application.rb +++ b/app/controllers/application.rb @@ -95,11 +95,15 @@ class ApplicationController < ActionController::Base end true end + + def deny_access + User.current.logged? ? render_403 : require_login + end # Authorize the user for the requested action def authorize(ctrl = params[:controller], action = params[:action]) allowed = User.current.allowed_to?({:controller => ctrl, :action => action}, @project) - allowed ? true : (User.current.logged? ? render_403 : require_login) + allowed ? true : deny_access end # make sure that the user is a member of the project (or admin) if project is private diff --git a/app/controllers/timelog_controller.rb b/app/controllers/timelog_controller.rb index f331cdbe4..897a50fe5 100644 --- a/app/controllers/timelog_controller.rb +++ b/app/controllers/timelog_controller.rb @@ -17,7 +17,8 @@ class TimelogController < ApplicationController menu_item :issues - before_filter :find_project, :authorize + before_filter :find_project, :authorize, :only => [:edit, :destroy] + before_filter :find_optional_project, :only => [:report, :details] verify :method => :post, :only => :destroy, :redirect_to => { :action => :details } @@ -53,11 +54,12 @@ class TimelogController < ApplicationController } # Add list and boolean custom fields as available criterias - @project.all_issue_custom_fields.select {|cf| %w(list bool).include? cf.field_format }.each do |cf| + custom_fields = (@project.nil? ? IssueCustomField.for_all : @project.all_issue_custom_fields) + custom_fields.select {|cf| %w(list bool).include? cf.field_format }.each do |cf| @available_criterias["cf_#{cf.id}"] = {:sql => "(SELECT c.value FROM #{CustomValue.table_name} c WHERE c.custom_field_id = #{cf.id} AND c.customized_type = 'Issue' AND c.customized_id = #{Issue.table_name}.id)", :format => cf.field_format, :label => cf.name} - end + end if @project # Add list and boolean time entry custom fields TimeEntryCustomField.find(:all).select {|cf| %w(list bool).include? cf.field_format }.each do |cf| @@ -83,9 +85,10 @@ class TimelogController < ApplicationController sql << " FROM #{TimeEntry.table_name}" sql << " LEFT JOIN #{Issue.table_name} ON #{TimeEntry.table_name}.issue_id = #{Issue.table_name}.id" sql << " LEFT JOIN #{Project.table_name} ON #{TimeEntry.table_name}.project_id = #{Project.table_name}.id" - sql << " WHERE (%s)" % @project.project_condition(Setting.display_subprojects_issues?) - sql << " AND (%s)" % Project.allowed_to_condition(User.current, :view_time_entries) - sql << " AND spent_on BETWEEN '%s' AND '%s'" % [ActiveRecord::Base.connection.quoted_date(@from.to_time), ActiveRecord::Base.connection.quoted_date(@to.to_time)] + sql << " WHERE" + sql << " (%s) AND" % @project.project_condition(Setting.display_subprojects_issues?) if @project + sql << " (%s) AND" % Project.allowed_to_condition(User.current, :view_time_entries) + sql << " (spent_on BETWEEN '%s' AND '%s')" % [ActiveRecord::Base.connection.quoted_date(@from.to_time), ActiveRecord::Base.connection.quoted_date(@to.to_time)] sql << " GROUP BY #{sql_group_by}, tyear, tmonth, tweek, spent_on" @hours = ActiveRecord::Base.connection.select_all(sql) @@ -138,8 +141,13 @@ class TimelogController < ApplicationController sort_update cond = ARCondition.new - cond << (@issue.nil? ? @project.project_condition(Setting.display_subprojects_issues?) : - ["#{TimeEntry.table_name}.issue_id = ?", @issue.id]) + if @project.nil? + cond << Project.allowed_to_condition(User.current, :view_time_entries) + elsif @issue.nil? + cond << @project.project_condition(Setting.display_subprojects_issues?) + else + cond << ["#{TimeEntry.table_name}.issue_id = ?", @issue.id] + end retrieve_date_range cond << ['spent_on BETWEEN ? AND ?', @from, @to] @@ -197,7 +205,7 @@ class TimelogController < ApplicationController @time_entry.destroy flash[:notice] = l(:notice_successful_delete) redirect_to :back - rescue RedirectBackError + rescue ::ActionController::RedirectBackError redirect_to :action => 'details', :project_id => @time_entry.project end @@ -219,6 +227,16 @@ private render_404 end + def find_optional_project + if !params[:issue_id].blank? + @issue = Issue.find(params[:issue_id]) + @project = @issue.project + elsif !params[:project_id].blank? + @project = Project.find(params[:project_id]) + end + deny_access unless User.current.allowed_to?(:view_time_entries, @project, :global => true) + end + # Retrieves the date range based on predefined ranges or specific from/to param dates def retrieve_date_range @free_period = false @@ -261,7 +279,7 @@ private end @from, @to = @to, @from if @from && @to && @from > @to - @from ||= (TimeEntry.minimum(:spent_on, :include => :project, :conditions => @project.project_condition(Setting.display_subprojects_issues?)) || Date.today) - 1 - @to ||= (TimeEntry.maximum(:spent_on, :include => :project, :conditions => @project.project_condition(Setting.display_subprojects_issues?)) || Date.today) + @from ||= (TimeEntry.minimum(:spent_on, :include => :project, :conditions => Project.allowed_to_condition(User.current, :view_time_entries)) || Date.today) - 1 + @to ||= (TimeEntry.maximum(:spent_on, :include => :project, :conditions => Project.allowed_to_condition(User.current, :view_time_entries)) || Date.today) end end diff --git a/app/helpers/timelog_helper.rb b/app/helpers/timelog_helper.rb index 2c1225a7c..f55a8ffe7 100644 --- a/app/helpers/timelog_helper.rb +++ b/app/helpers/timelog_helper.rb @@ -16,6 +16,14 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. module TimelogHelper + def render_timelog_breadcrumb + links = [] + links << link_to(l(:label_project_all), {:project_id => nil, :issue_id => nil}) + links << link_to(h(@project), {:project_id => @project, :issue_id => nil}) if @project + links << link_to_issue(@issue) if @issue + breadcrumb links + end + def activity_collection_for_select_options activities = Enumeration::get_values('ACTI') collection = [] diff --git a/app/models/user.rb b/app/models/user.rb index 05a75e1ad..4f82f61b2 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -243,7 +243,7 @@ class User < ActiveRecord::Base elsif options[:global] # authorize if user has at least one role that has this permission roles = memberships.collect {|m| m.role}.uniq - roles.detect {|r| r.allowed_to?(action)} + roles.detect {|r| r.allowed_to?(action)} || (self.logged? ? Role.non_member.allowed_to?(action) : Role.anonymous.allowed_to?(action)) else false end diff --git a/app/views/timelog/details.rhtml b/app/views/timelog/details.rhtml index f111cbfc0..db62fae66 100644 --- a/app/views/timelog/details.rhtml +++ b/app/views/timelog/details.rhtml @@ -2,11 +2,9 @@ <%= link_to_if_authorized l(:button_log_time), {:controller => 'timelog', :action => 'edit', :project_id => @project, :issue_id => @issue}, :class => 'icon icon-time' %>
</div>
-<h2><%= l(:label_spent_time) %></h2>
+<%= render_timelog_breadcrumb %>
-<% if @issue %>
-<h3><%= link_to(@project.name, {:action => 'details', :project_id => @project}) %> / <%= link_to_issue(@issue) %></h3>
-<% end %>
+<h2><%= l(:label_spent_time) %></h2>
<% form_remote_tag( :url => {}, :method => :get, :update => 'content' ) do %>
<%= hidden_field_tag 'project_id', params[:project_id] %>
diff --git a/app/views/timelog/report.rhtml b/app/views/timelog/report.rhtml index 97251bc11..eea0d0fc7 100644 --- a/app/views/timelog/report.rhtml +++ b/app/views/timelog/report.rhtml @@ -2,6 +2,8 @@ <%= link_to_if_authorized l(:button_log_time), {:controller => 'timelog', :action => 'edit', :project_id => @project, :issue_id => @issue}, :class => 'icon icon-time' %> </div> +<%= render_timelog_breadcrumb %> + <h2><%= l(:label_spent_time) %></h2> <% form_remote_tag(:url => {}, :update => 'content') do %> diff --git a/config/routes.rb b/config/routes.rb index c34052f86..913a8020f 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -20,7 +20,7 @@ ActionController::Routing::Routes.draw do |map| map.connect 'projects/:project_id/news/:action', :controller => 'news' map.connect 'projects/:project_id/documents/:action', :controller => 'documents' map.connect 'projects/:project_id/boards/:action/:id', :controller => 'boards' - map.connect 'projects/:project_id/timelog/:action/:id', :controller => 'timelog' + map.connect 'projects/:project_id/timelog/:action/:id', :controller => 'timelog', :project_id => /.+/ map.connect 'boards/:board_id/topics/:action/:id', :controller => 'messages' map.with_options :controller => 'repositories' do |omap| diff --git a/test/functional/timelog_controller_test.rb b/test/functional/timelog_controller_test.rb index 7b4622daa..28f2a28e2 100644 --- a/test/functional/timelog_controller_test.rb +++ b/test/functional/timelog_controller_test.rb @@ -78,7 +78,7 @@ class TimelogControllerTest < Test::Unit::TestCase assert_equal 2, entry.user_id end - def destroy + def test_destroy @request.session[:user_id] = 2 post :destroy, :id => 1 assert_redirected_to 'projects/ecookbook/timelog/details' @@ -91,6 +91,29 @@ class TimelogControllerTest < Test::Unit::TestCase assert_template 'report' end + def test_report_all_projects + get :report + assert_response :success + assert_template 'report' + end + + def test_report_all_projects_denied + r = Role.anonymous + r.permissions.delete(:view_time_entries) + r.permissions_will_change! + r.save + get :report + assert_redirected_to '/account/login' + end + + def test_report_all_projects_one_criteria + get :report, :columns => 'week', :from => "2007-04-01", :to => "2007-04-30", :criterias => ['project'] + assert_response :success + assert_template 'report' + assert_not_nil assigns(:total_hours) + assert_equal "8.65", "%.2f" % assigns(:total_hours) + end + def test_report_all_time get :report, :project_id => 1, :criterias => ['project', 'issue'] assert_response :success @@ -148,7 +171,18 @@ class TimelogControllerTest < Test::Unit::TestCase assert_not_nil assigns(:total_hours) assert_equal "0.00", "%.2f" % assigns(:total_hours) end - + + def test_report_all_projects_csv_export + get :report, :columns => 'month', :from => "2007-01-01", :to => "2007-06-30", :criterias => ["project", "member", "activity"], :format => "csv" + assert_response :success + assert_equal 'text/csv', @response.content_type + lines = @response.body.chomp.split("\n") + # Headers + assert_equal 'Project,Member,Activity,2007-1,2007-2,2007-3,2007-4,2007-5,2007-6,Total', lines.first + # Total row + assert_equal 'Total,"","","","",154.25,8.65,"","",162.90', lines.last + end + def test_report_csv_export get :report, :project_id => 1, :columns => 'month', :from => "2007-01-01", :to => "2007-06-30", :criterias => ["project", "member", "activity"], :format => "csv" assert_response :success @@ -159,6 +193,14 @@ class TimelogControllerTest < Test::Unit::TestCase # Total row assert_equal 'Total,"","","","",154.25,8.65,"","",162.90', lines.last end + + def test_details_all_projects + get :details + assert_response :success + assert_template 'details' + assert_not_nil assigns(:total_hours) + assert_equal "162.90", "%.2f" % assigns(:total_hours) + end def test_details_at_project_level get :details, :project_id => 1 @@ -218,6 +260,14 @@ class TimelogControllerTest < Test::Unit::TestCase assert assigns(:items).first.is_a?(TimeEntry) end + def test_details_all_projects_csv_export + get :details, :format => 'csv' + assert_response :success + assert_equal 'text/csv', @response.content_type + assert @response.body.include?("Date,User,Activity,Project,Issue,Tracker,Subject,Hours,Comment\n") + assert @response.body.include?("\n04/21/2007,redMine Admin,Design,eCookbook,3,Bug,Error 281 when updating a recipe,1.0,\"\"\n") + end + def test_details_csv_export get :details, :project_id => 1, :format => 'csv' assert_response :success |