diff options
Diffstat (limited to 'app')
| -rw-r--r-- | app/controllers/issues_controller.rb | 1 | ||||
| -rw-r--r-- | app/controllers/timelog_controller.rb | 9 | ||||
| -rw-r--r-- | app/models/time_entry.rb | 8 | ||||
| -rw-r--r-- | app/models/time_entry_import.rb | 3 |
4 files changed, 10 insertions, 11 deletions
diff --git a/app/controllers/issues_controller.rb b/app/controllers/issues_controller.rb index f5103a821..65caee650 100644 --- a/app/controllers/issues_controller.rb +++ b/app/controllers/issues_controller.rb @@ -577,6 +577,7 @@ class IssuesController < ApplicationController time_entry = @time_entry || TimeEntry.new time_entry.project = @issue.project time_entry.issue = @issue + time_entry.author = User.current time_entry.user = User.current time_entry.spent_on = User.current.today time_entry.safe_attributes = params[:time_entry] diff --git a/app/controllers/timelog_controller.rb b/app/controllers/timelog_controller.rb index 4c4e7df79..1d144b983 100644 --- a/app/controllers/timelog_controller.rb +++ b/app/controllers/timelog_controller.rb @@ -28,8 +28,6 @@ class TimelogController < ApplicationController before_action :find_optional_issue, :only => [:new, :create] before_action :find_optional_project, :only => [:index, :report] - before_action :authorize_logging_time_for_other_users, :only => [:create, :update] - accept_rss_auth :index accept_api_auth :index, :show, :create, :update, :destroy @@ -258,13 +256,6 @@ class TimelogController < ApplicationController end end - def authorize_logging_time_for_other_users - if !User.current.allowed_to?(:log_time_for_other_users, @project) && params['time_entry'].present? && params['time_entry']['user_id'].present? && params['time_entry']['user_id'].to_i != User.current.id - render_error :message => l(:error_not_allowed_to_log_time_for_other_users), :status => 403 - return false - end - end - def find_time_entries @time_entries = TimeEntry.where(:id => params[:id] || params[:ids]). preload(:project => :time_entry_activities). diff --git a/app/models/time_entry.rb b/app/models/time_entry.rb index 943613a82..1f3b0a7bf 100644 --- a/app/models/time_entry.rb +++ b/app/models/time_entry.rb @@ -50,6 +50,7 @@ class TimeEntry < ActiveRecord::Base validates_length_of :comments, :maximum => 1024, :allow_nil => true validates :spent_on, :date => true before_validation :set_project_if_nil + #TODO: remove this, author should be always explicitly set before_validation :set_author_if_nil validate :validate_time_entry @@ -116,6 +117,11 @@ class TimeEntry < ActiveRecord::Base @invalid_issue_id = issue_id end end + if user_id_changed? && user_id != author_id && !user.allowed_to?(:log_time_for_other_users, project) + @invalid_user_id = user_id + else + @invalid_user_id = nil + end end attrs end @@ -146,7 +152,7 @@ class TimeEntry < ActiveRecord::Base end end errors.add :project_id, :invalid if project.nil? - if user_id_changed? && user_id != author_id && !self.assignable_users.map(&:id).include?(user_id) + if @invalid_user_id || (user_id_changed? && user_id != author_id && !self.assignable_users.map(&:id).include?(user_id)) errors.add :user_id, :invalid end errors.add :issue_id, :invalid if (issue_id && !issue) || (issue && project!=issue.project) || @invalid_issue_id diff --git a/app/models/time_entry_import.rb b/app/models/time_entry_import.rb index 0ac4429f4..07d2c2276 100644 --- a/app/models/time_entry_import.rb +++ b/app/models/time_entry_import.rb @@ -85,7 +85,7 @@ class TimeEntryImport < Import end user_id = nil - if User.current.allowed_to?(:log_time_for_other_users, project) + if user.allowed_to?(:log_time_for_other_users, project) if user_value user_id = user_value elsif user_name = row_value(row, 'user_id') @@ -98,6 +98,7 @@ class TimeEntryImport < Import attributes = { :project_id => project.id, :activity_id => activity_id, + :author_id => user.id, :user_id => user_id, :issue_id => row_value(row, 'issue_id'), |