##// END OF EJS Templates
jro_apps » redmine
RSS
Prevent mass-assignment when adding/updating a time entry (#10390)....
Jean-Philippe Lang -
r9016:1ec2d98c14bd
parent child
Show More
Side by Side Unified
Context file:
r9016:1ec2d98c14bd Loading diff...:
Show file before | Show file after | Hide comments
@@ -1,336 +1,336
1 # Redmine - project management software
1 # Redmine - project management software
2 # Copyright (C) 2006-2011 Jean-Philippe Lang
2 # Copyright (C) 2006-2011 Jean-Philippe Lang
3 #
3 #
4 # This program is free software; you can redistribute it and/or
4 # This program is free software; you can redistribute it and/or
5 # modify it under the terms of the GNU General Public License
5 # modify it under the terms of the GNU General Public License
6 # as published by the Free Software Foundation; either version 2
6 # as published by the Free Software Foundation; either version 2
7 # of the License, or (at your option) any later version.
7 # of the License, or (at your option) any later version.
8 #
8 #
9 # This program is distributed in the hope that it will be useful,
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
12 # GNU General Public License for more details.
13 #
13 #
14 # You should have received a copy of the GNU General Public License
14 # You should have received a copy of the GNU General Public License
15 # along with this program; if not, write to the Free Software
15 # along with this program; if not, write to the Free Software
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17
17
18 class TimelogController < ApplicationController
18 class TimelogController < ApplicationController
19 menu_item :issues
19 menu_item :issues
20
20
21 before_filter :find_project, :only => [:create]
21 before_filter :find_project, :only => [:create]
22 before_filter :find_time_entry, :only => [:show, :edit, :update]
22 before_filter :find_time_entry, :only => [:show, :edit, :update]
23 before_filter :find_time_entries, :only => [:bulk_edit, :bulk_update, :destroy]
23 before_filter :find_time_entries, :only => [:bulk_edit, :bulk_update, :destroy]
24 before_filter :authorize, :except => [:new, :index, :report]
24 before_filter :authorize, :except => [:new, :index, :report]
25
25
26 before_filter :find_optional_project, :only => [:new, :index, :report]
26 before_filter :find_optional_project, :only => [:new, :index, :report]
27 before_filter :authorize_global, :only => [:new, :index, :report]
27 before_filter :authorize_global, :only => [:new, :index, :report]
28
28
29 accept_rss_auth :index
29 accept_rss_auth :index
30 accept_api_auth :index, :show, :create, :update, :destroy
30 accept_api_auth :index, :show, :create, :update, :destroy
31
31
32 helper :sort
32 helper :sort
33 include SortHelper
33 include SortHelper
34 helper :issues
34 helper :issues
35 include TimelogHelper
35 include TimelogHelper
36 helper :custom_fields
36 helper :custom_fields
37 include CustomFieldsHelper
37 include CustomFieldsHelper
38
38
39 def index
39 def index
40 sort_init 'spent_on', 'desc'
40 sort_init 'spent_on', 'desc'
41 sort_update 'spent_on' => 'spent_on',
41 sort_update 'spent_on' => 'spent_on',
42 'user' => 'user_id',
42 'user' => 'user_id',
43 'activity' => 'activity_id',
43 'activity' => 'activity_id',
44 'project' => "#{Project.table_name}.name",
44 'project' => "#{Project.table_name}.name",
45 'issue' => 'issue_id',
45 'issue' => 'issue_id',
46 'hours' => 'hours'
46 'hours' => 'hours'
47
47
48 retrieve_date_range
48 retrieve_date_range
49
49
50 scope = TimeEntry.visible.spent_between(@from, @to)
50 scope = TimeEntry.visible.spent_between(@from, @to)
51 if @issue
51 if @issue
52 scope = scope.on_issue(@issue)
52 scope = scope.on_issue(@issue)
53 elsif @project
53 elsif @project
54 scope = scope.on_project(@project, Setting.display_subprojects_issues?)
54 scope = scope.on_project(@project, Setting.display_subprojects_issues?)
55 end
55 end
56
56
57 respond_to do |format|
57 respond_to do |format|
58 format.html {
58 format.html {
59 # Paginate results
59 # Paginate results
60 @entry_count = scope.count
60 @entry_count = scope.count
61 @entry_pages = Paginator.new self, @entry_count, per_page_option, params['page']
61 @entry_pages = Paginator.new self, @entry_count, per_page_option, params['page']
62 @entries = scope.all(
62 @entries = scope.all(
63 :include => [:project, :activity, :user, {:issue => :tracker}],
63 :include => [:project, :activity, :user, {:issue => :tracker}],
64 :order => sort_clause,
64 :order => sort_clause,
65 :limit => @entry_pages.items_per_page,
65 :limit => @entry_pages.items_per_page,
66 :offset => @entry_pages.current.offset
66 :offset => @entry_pages.current.offset
67 )
67 )
68 @total_hours = scope.sum(:hours).to_f
68 @total_hours = scope.sum(:hours).to_f
69
69
70 render :layout => !request.xhr?
70 render :layout => !request.xhr?
71 }
71 }
72 format.api {
72 format.api {
73 @entry_count = scope.count
73 @entry_count = scope.count
74 @offset, @limit = api_offset_and_limit
74 @offset, @limit = api_offset_and_limit
75 @entries = scope.all(
75 @entries = scope.all(
76 :include => [:project, :activity, :user, {:issue => :tracker}],
76 :include => [:project, :activity, :user, {:issue => :tracker}],
77 :order => sort_clause,
77 :order => sort_clause,
78 :limit => @limit,
78 :limit => @limit,
79 :offset => @offset
79 :offset => @offset
80 )
80 )
81 }
81 }
82 format.atom {
82 format.atom {
83 entries = scope.all(
83 entries = scope.all(
84 :include => [:project, :activity, :user, {:issue => :tracker}],
84 :include => [:project, :activity, :user, {:issue => :tracker}],
85 :order => "#{TimeEntry.table_name}.created_on DESC",
85 :order => "#{TimeEntry.table_name}.created_on DESC",
86 :limit => Setting.feeds_limit.to_i
86 :limit => Setting.feeds_limit.to_i
87 )
87 )
88 render_feed(entries, :title => l(:label_spent_time))
88 render_feed(entries, :title => l(:label_spent_time))
89 }
89 }
90 format.csv {
90 format.csv {
91 # Export all entries
91 # Export all entries
92 @entries = scope.all(
92 @entries = scope.all(
93 :include => [:project, :activity, :user, {:issue => [:tracker, :assigned_to, :priority]}],
93 :include => [:project, :activity, :user, {:issue => [:tracker, :assigned_to, :priority]}],
94 :order => sort_clause
94 :order => sort_clause
95 )
95 )
96 send_data(entries_to_csv(@entries), :type => 'text/csv; header=present', :filename => 'timelog.csv')
96 send_data(entries_to_csv(@entries), :type => 'text/csv; header=present', :filename => 'timelog.csv')
97 }
97 }
98 end
98 end
99 end
99 end
100
100
101 def report
101 def report
102 retrieve_date_range
102 retrieve_date_range
103 @report = Redmine::Helpers::TimeReport.new(@project, @issue, params[:criteria], params[:columns], @from, @to)
103 @report = Redmine::Helpers::TimeReport.new(@project, @issue, params[:criteria], params[:columns], @from, @to)
104
104
105 respond_to do |format|
105 respond_to do |format|
106 format.html { render :layout => !request.xhr? }
106 format.html { render :layout => !request.xhr? }
107 format.csv { send_data(report_to_csv(@report), :type => 'text/csv; header=present', :filename => 'timelog.csv') }
107 format.csv { send_data(report_to_csv(@report), :type => 'text/csv; header=present', :filename => 'timelog.csv') }
108 end
108 end
109 end
109 end
110
110
111 def show
111 def show
112 respond_to do |format|
112 respond_to do |format|
113 # TODO: Implement html response
113 # TODO: Implement html response
114 format.html { render :nothing => true, :status => 406 }
114 format.html { render :nothing => true, :status => 406 }
115 format.api
115 format.api
116 end
116 end
117 end
117 end
118
118
119 def new
119 def new
120 @time_entry ||= TimeEntry.new(:project => @project, :issue => @issue, :user => User.current, :spent_on => User.current.today)
120 @time_entry ||= TimeEntry.new(:project => @project, :issue => @issue, :user => User.current, :spent_on => User.current.today)
121 @time_entry.attributes = params[:time_entry]
121 @time_entry.safe_attributes = params[:time_entry]
122 end
122 end
123
123
124 def create
124 def create
125 @time_entry ||= TimeEntry.new(:project => @project, :issue => @issue, :user => User.current, :spent_on => User.current.today)
125 @time_entry ||= TimeEntry.new(:project => @project, :issue => @issue, :user => User.current, :spent_on => User.current.today)
126 @time_entry.attributes = params[:time_entry]
126 @time_entry.safe_attributes = params[:time_entry]
127
127
128 call_hook(:controller_timelog_edit_before_save, { :params => params, :time_entry => @time_entry })
128 call_hook(:controller_timelog_edit_before_save, { :params => params, :time_entry => @time_entry })
129
129
130 if @time_entry.save
130 if @time_entry.save
131 respond_to do |format|
131 respond_to do |format|
132 format.html {
132 format.html {
133 flash[:notice] = l(:notice_successful_create)
133 flash[:notice] = l(:notice_successful_create)
134 if params[:continue]
134 if params[:continue]
135 if params[:project_id]
135 if params[:project_id]
136 redirect_to :action => 'new', :project_id => @time_entry.project, :issue_id => @time_entry.issue, :back_url => params[:back_url]
136 redirect_to :action => 'new', :project_id => @time_entry.project, :issue_id => @time_entry.issue, :back_url => params[:back_url]
137 else
137 else
138 redirect_to :action => 'new', :back_url => params[:back_url]
138 redirect_to :action => 'new', :back_url => params[:back_url]
139 end
139 end
140 else
140 else
141 redirect_back_or_default :action => 'index', :project_id => @time_entry.project
141 redirect_back_or_default :action => 'index', :project_id => @time_entry.project
142 end
142 end
143 }
143 }
144 format.api { render :action => 'show', :status => :created, :location => time_entry_url(@time_entry) }
144 format.api { render :action => 'show', :status => :created, :location => time_entry_url(@time_entry) }
145 end
145 end
146 else
146 else
147 respond_to do |format|
147 respond_to do |format|
148 format.html { render :action => 'new' }
148 format.html { render :action => 'new' }
149 format.api { render_validation_errors(@time_entry) }
149 format.api { render_validation_errors(@time_entry) }
150 end
150 end
151 end
151 end
152 end
152 end
153
153
154 def edit
154 def edit
155 @time_entry.attributes = params[:time_entry]
155 @time_entry.safe_attributes = params[:time_entry]
156 end
156 end
157
157
158 def update
158 def update
159 @time_entry.attributes = params[:time_entry]
159 @time_entry.safe_attributes = params[:time_entry]
160
160
161 call_hook(:controller_timelog_edit_before_save, { :params => params, :time_entry => @time_entry })
161 call_hook(:controller_timelog_edit_before_save, { :params => params, :time_entry => @time_entry })
162
162
163 if @time_entry.save
163 if @time_entry.save
164 respond_to do |format|
164 respond_to do |format|
165 format.html {
165 format.html {
166 flash[:notice] = l(:notice_successful_update)
166 flash[:notice] = l(:notice_successful_update)
167 redirect_back_or_default :action => 'index', :project_id => @time_entry.project
167 redirect_back_or_default :action => 'index', :project_id => @time_entry.project
168 }
168 }
169 format.api { head :ok }
169 format.api { head :ok }
170 end
170 end
171 else
171 else
172 respond_to do |format|
172 respond_to do |format|
173 format.html { render :action => 'edit' }
173 format.html { render :action => 'edit' }
174 format.api { render_validation_errors(@time_entry) }
174 format.api { render_validation_errors(@time_entry) }
175 end
175 end
176 end
176 end
177 end
177 end
178
178
179 def bulk_edit
179 def bulk_edit
180 @available_activities = TimeEntryActivity.shared.active
180 @available_activities = TimeEntryActivity.shared.active
181 @custom_fields = TimeEntry.first.available_custom_fields
181 @custom_fields = TimeEntry.first.available_custom_fields
182 end
182 end
183
183
184 def bulk_update
184 def bulk_update
185 attributes = parse_params_for_bulk_time_entry_attributes(params)
185 attributes = parse_params_for_bulk_time_entry_attributes(params)
186
186
187 unsaved_time_entry_ids = []
187 unsaved_time_entry_ids = []
188 @time_entries.each do |time_entry|
188 @time_entries.each do |time_entry|
189 time_entry.reload
189 time_entry.reload
190 time_entry.attributes = attributes
190 time_entry.safe_attributes = attributes
191 call_hook(:controller_time_entries_bulk_edit_before_save, { :params => params, :time_entry => time_entry })
191 call_hook(:controller_time_entries_bulk_edit_before_save, { :params => params, :time_entry => time_entry })
192 unless time_entry.save
192 unless time_entry.save
193 # Keep unsaved time_entry ids to display them in flash error
193 # Keep unsaved time_entry ids to display them in flash error
194 unsaved_time_entry_ids << time_entry.id
194 unsaved_time_entry_ids << time_entry.id
195 end
195 end
196 end
196 end
197 set_flash_from_bulk_time_entry_save(@time_entries, unsaved_time_entry_ids)
197 set_flash_from_bulk_time_entry_save(@time_entries, unsaved_time_entry_ids)
198 redirect_back_or_default({:controller => 'timelog', :action => 'index', :project_id => @projects.first})
198 redirect_back_or_default({:controller => 'timelog', :action => 'index', :project_id => @projects.first})
199 end
199 end
200
200
201 def destroy
201 def destroy
202 destroyed = TimeEntry.transaction do
202 destroyed = TimeEntry.transaction do
203 @time_entries.each do |t|
203 @time_entries.each do |t|
204 unless t.destroy && t.destroyed?
204 unless t.destroy && t.destroyed?
205 raise ActiveRecord::Rollback
205 raise ActiveRecord::Rollback
206 end
206 end
207 end
207 end
208 end
208 end
209
209
210 respond_to do |format|
210 respond_to do |format|
211 format.html {
211 format.html {
212 if destroyed
212 if destroyed
213 flash[:notice] = l(:notice_successful_delete)
213 flash[:notice] = l(:notice_successful_delete)
214 else
214 else
215 flash[:error] = l(:notice_unable_delete_time_entry)
215 flash[:error] = l(:notice_unable_delete_time_entry)
216 end
216 end
217 redirect_back_or_default(:action => 'index', :project_id => @projects.first)
217 redirect_back_or_default(:action => 'index', :project_id => @projects.first)
218 }
218 }
219 format.api {
219 format.api {
220 if destroyed
220 if destroyed
221 head :ok
221 head :ok
222 else
222 else
223 render_validation_errors(@time_entries)
223 render_validation_errors(@time_entries)
224 end
224 end
225 }
225 }
226 end
226 end
227 end
227 end
228
228
229 private
229 private
230 def find_time_entry
230 def find_time_entry
231 @time_entry = TimeEntry.find(params[:id])
231 @time_entry = TimeEntry.find(params[:id])
232 unless @time_entry.editable_by?(User.current)
232 unless @time_entry.editable_by?(User.current)
233 render_403
233 render_403
234 return false
234 return false
235 end
235 end
236 @project = @time_entry.project
236 @project = @time_entry.project
237 rescue ActiveRecord::RecordNotFound
237 rescue ActiveRecord::RecordNotFound
238 render_404
238 render_404
239 end
239 end
240
240
241 def find_time_entries
241 def find_time_entries
242 @time_entries = TimeEntry.find_all_by_id(params[:id] || params[:ids])
242 @time_entries = TimeEntry.find_all_by_id(params[:id] || params[:ids])
243 raise ActiveRecord::RecordNotFound if @time_entries.empty?
243 raise ActiveRecord::RecordNotFound if @time_entries.empty?
244 @projects = @time_entries.collect(&:project).compact.uniq
244 @projects = @time_entries.collect(&:project).compact.uniq
245 @project = @projects.first if @projects.size == 1
245 @project = @projects.first if @projects.size == 1
246 rescue ActiveRecord::RecordNotFound
246 rescue ActiveRecord::RecordNotFound
247 render_404
247 render_404
248 end
248 end
249
249
250 def set_flash_from_bulk_time_entry_save(time_entries, unsaved_time_entry_ids)
250 def set_flash_from_bulk_time_entry_save(time_entries, unsaved_time_entry_ids)
251 if unsaved_time_entry_ids.empty?
251 if unsaved_time_entry_ids.empty?
252 flash[:notice] = l(:notice_successful_update) unless time_entries.empty?
252 flash[:notice] = l(:notice_successful_update) unless time_entries.empty?
253 else
253 else
254 flash[:error] = l(:notice_failed_to_save_time_entries,
254 flash[:error] = l(:notice_failed_to_save_time_entries,
255 :count => unsaved_time_entry_ids.size,
255 :count => unsaved_time_entry_ids.size,
256 :total => time_entries.size,
256 :total => time_entries.size,
257 :ids => '#' + unsaved_time_entry_ids.join(', #'))
257 :ids => '#' + unsaved_time_entry_ids.join(', #'))
258 end
258 end
259 end
259 end
260
260
261 def find_project
261 def find_project
262 if (project_id = (params[:project_id] || params[:time_entry] && params[:time_entry][:project_id])).present?
262 if (project_id = (params[:project_id] || params[:time_entry] && params[:time_entry][:project_id])).present?
263 @project = Project.find(project_id)
263 @project = Project.find(project_id)
264 end
264 end
265 if (issue_id = (params[:issue_id] || params[:time_entry] && params[:time_entry][:issue_id])).present?
265 if (issue_id = (params[:issue_id] || params[:time_entry] && params[:time_entry][:issue_id])).present?
266 @issue = Issue.find(issue_id)
266 @issue = Issue.find(issue_id)
267 @project ||= @issue.project
267 @project ||= @issue.project
268 end
268 end
269 if @project.nil?
269 if @project.nil?
270 render_404
270 render_404
271 return false
271 return false
272 end
272 end
273 rescue ActiveRecord::RecordNotFound
273 rescue ActiveRecord::RecordNotFound
274 render_404
274 render_404
275 end
275 end
276
276
277 def find_optional_project
277 def find_optional_project
278 if !params[:issue_id].blank?
278 if !params[:issue_id].blank?
279 @issue = Issue.find(params[:issue_id])
279 @issue = Issue.find(params[:issue_id])
280 @project = @issue.project
280 @project = @issue.project
281 elsif !params[:project_id].blank?
281 elsif !params[:project_id].blank?
282 @project = Project.find(params[:project_id])
282 @project = Project.find(params[:project_id])
283 end
283 end
284 end
284 end
285
285
286 # Retrieves the date range based on predefined ranges or specific from/to param dates
286 # Retrieves the date range based on predefined ranges or specific from/to param dates
287 def retrieve_date_range
287 def retrieve_date_range
288 @free_period = false
288 @free_period = false
289 @from, @to = nil, nil
289 @from, @to = nil, nil
290
290
291 if params[:period_type] == '1' || (params[:period_type].nil? && !params[:period].nil?)
291 if params[:period_type] == '1' || (params[:period_type].nil? && !params[:period].nil?)
292 case params[:period].to_s
292 case params[:period].to_s
293 when 'today'
293 when 'today'
294 @from = @to = Date.today
294 @from = @to = Date.today
295 when 'yesterday'
295 when 'yesterday'
296 @from = @to = Date.today - 1
296 @from = @to = Date.today - 1
297 when 'current_week'
297 when 'current_week'
298 @from = Date.today - (Date.today.cwday - 1)%7
298 @from = Date.today - (Date.today.cwday - 1)%7
299 @to = @from + 6
299 @to = @from + 6
300 when 'last_week'
300 when 'last_week'
301 @from = Date.today - 7 - (Date.today.cwday - 1)%7
301 @from = Date.today - 7 - (Date.today.cwday - 1)%7
302 @to = @from + 6
302 @to = @from + 6
303 when '7_days'
303 when '7_days'
304 @from = Date.today - 7
304 @from = Date.today - 7
305 @to = Date.today
305 @to = Date.today
306 when 'current_month'
306 when 'current_month'
307 @from = Date.civil(Date.today.year, Date.today.month, 1)
307 @from = Date.civil(Date.today.year, Date.today.month, 1)
308 @to = (@from >> 1) - 1
308 @to = (@from >> 1) - 1
309 when 'last_month'
309 when 'last_month'
310 @from = Date.civil(Date.today.year, Date.today.month, 1) << 1
310 @from = Date.civil(Date.today.year, Date.today.month, 1) << 1
311 @to = (@from >> 1) - 1
311 @to = (@from >> 1) - 1
312 when '30_days'
312 when '30_days'
313 @from = Date.today - 30
313 @from = Date.today - 30
314 @to = Date.today
314 @to = Date.today
315 when 'current_year'
315 when 'current_year'
316 @from = Date.civil(Date.today.year, 1, 1)
316 @from = Date.civil(Date.today.year, 1, 1)
317 @to = Date.civil(Date.today.year, 12, 31)
317 @to = Date.civil(Date.today.year, 12, 31)
318 end
318 end
319 elsif params[:period_type] == '2' || (params[:period_type].nil? && (!params[:from].nil? || !params[:to].nil?))
319 elsif params[:period_type] == '2' || (params[:period_type].nil? && (!params[:from].nil? || !params[:to].nil?))
320 begin; @from = params[:from].to_s.to_date unless params[:from].blank?; rescue; end
320 begin; @from = params[:from].to_s.to_date unless params[:from].blank?; rescue; end
321 begin; @to = params[:to].to_s.to_date unless params[:to].blank?; rescue; end
321 begin; @to = params[:to].to_s.to_date unless params[:to].blank?; rescue; end
322 @free_period = true
322 @free_period = true
323 else
323 else
324 # default
324 # default
325 end
325 end
326
326
327 @from, @to = @to, @from if @from && @to && @from > @to
327 @from, @to = @to, @from if @from && @to && @from > @to
328 end
328 end
329
329
330 def parse_params_for_bulk_time_entry_attributes(params)
330 def parse_params_for_bulk_time_entry_attributes(params)
331 attributes = (params[:time_entry] || {}).reject {|k,v| v.blank?}
331 attributes = (params[:time_entry] || {}).reject {|k,v| v.blank?}
332 attributes.keys.each {|k| attributes[k] = '' if attributes[k] == 'none'}
332 attributes.keys.each {|k| attributes[k] = '' if attributes[k] == 'none'}
333 attributes[:custom_field_values].reject! {|k,v| v.blank?} if attributes[:custom_field_values]
333 attributes[:custom_field_values].reject! {|k,v| v.blank?} if attributes[:custom_field_values]
334 attributes
334 attributes
335 end
335 end
336 end
336 end
Show file before | Show file after | Hide comments
@@ -1,117 +1,120
1 # Redmine - project management software
1 # Redmine - project management software
2 # Copyright (C) 2006-2011 Jean-Philippe Lang
2 # Copyright (C) 2006-2011 Jean-Philippe Lang
3 #
3 #
4 # This program is free software; you can redistribute it and/or
4 # This program is free software; you can redistribute it and/or
5 # modify it under the terms of the GNU General Public License
5 # modify it under the terms of the GNU General Public License
6 # as published by the Free Software Foundation; either version 2
6 # as published by the Free Software Foundation; either version 2
7 # of the License, or (at your option) any later version.
7 # of the License, or (at your option) any later version.
8 #
8 #
9 # This program is distributed in the hope that it will be useful,
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
12 # GNU General Public License for more details.
13 #
13 #
14 # You should have received a copy of the GNU General Public License
14 # You should have received a copy of the GNU General Public License
15 # along with this program; if not, write to the Free Software
15 # along with this program; if not, write to the Free Software
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17
17
18 class TimeEntry < ActiveRecord::Base
18 class TimeEntry < ActiveRecord::Base
19 include Redmine::SafeAttributes
19 # could have used polymorphic association
20 # could have used polymorphic association
20 # project association here allows easy loading of time entries at project level with one database trip
21 # project association here allows easy loading of time entries at project level with one database trip
21 belongs_to :project
22 belongs_to :project
22 belongs_to :issue
23 belongs_to :issue
23 belongs_to :user
24 belongs_to :user
24 belongs_to :activity, :class_name => 'TimeEntryActivity', :foreign_key => 'activity_id'
25 belongs_to :activity, :class_name => 'TimeEntryActivity', :foreign_key => 'activity_id'
25
26
26 attr_protected :project_id, :user_id, :tyear, :tmonth, :tweek
27 attr_protected :project_id, :user_id, :tyear, :tmonth, :tweek
27
28
28 acts_as_customizable
29 acts_as_customizable
29 acts_as_event :title => Proc.new {|o| "#{l_hours(o.hours)} (#{(o.issue || o.project).event_title})"},
30 acts_as_event :title => Proc.new {|o| "#{l_hours(o.hours)} (#{(o.issue || o.project).event_title})"},
30 :url => Proc.new {|o| {:controller => 'timelog', :action => 'index', :project_id => o.project, :issue_id => o.issue}},
31 :url => Proc.new {|o| {:controller => 'timelog', :action => 'index', :project_id => o.project, :issue_id => o.issue}},
31 :author => :user,
32 :author => :user,
32 :description => :comments
33 :description => :comments
33
34
34 acts_as_activity_provider :timestamp => "#{table_name}.created_on",
35 acts_as_activity_provider :timestamp => "#{table_name}.created_on",
35 :author_key => :user_id,
36 :author_key => :user_id,
36 :find_options => {:include => :project}
37 :find_options => {:include => :project}
37
38
38 validates_presence_of :user_id, :activity_id, :project_id, :hours, :spent_on
39 validates_presence_of :user_id, :activity_id, :project_id, :hours, :spent_on
39 validates_numericality_of :hours, :allow_nil => true, :message => :invalid
40 validates_numericality_of :hours, :allow_nil => true, :message => :invalid
40 validates_length_of :comments, :maximum => 255, :allow_nil => true
41 validates_length_of :comments, :maximum => 255, :allow_nil => true
41 before_validation :set_project_if_nil
42 before_validation :set_project_if_nil
42 validate :validate_time_entry
43 validate :validate_time_entry
43
44
44 named_scope :visible, lambda {|*args| {
45 named_scope :visible, lambda {|*args| {
45 :include => :project,
46 :include => :project,
46 :conditions => Project.allowed_to_condition(args.shift || User.current, :view_time_entries, *args)
47 :conditions => Project.allowed_to_condition(args.shift || User.current, :view_time_entries, *args)
47 }}
48 }}
48 named_scope :on_issue, lambda {|issue| {
49 named_scope :on_issue, lambda {|issue| {
49 :include => :issue,
50 :include => :issue,
50 :conditions => "#{Issue.table_name}.root_id = #{issue.root_id} AND #{Issue.table_name}.lft >= #{issue.lft} AND #{Issue.table_name}.rgt <= #{issue.rgt}"
51 :conditions => "#{Issue.table_name}.root_id = #{issue.root_id} AND #{Issue.table_name}.lft >= #{issue.lft} AND #{Issue.table_name}.rgt <= #{issue.rgt}"
51 }}
52 }}
52 named_scope :on_project, lambda {|project, include_subprojects| {
53 named_scope :on_project, lambda {|project, include_subprojects| {
53 :include => :project,
54 :include => :project,
54 :conditions => project.project_condition(include_subprojects)
55 :conditions => project.project_condition(include_subprojects)
55 }}
56 }}
56 named_scope :spent_between, lambda {|from, to|
57 named_scope :spent_between, lambda {|from, to|
57 if from && to
58 if from && to
58 {:conditions => ["#{TimeEntry.table_name}.spent_on BETWEEN ? AND ?", from, to]}
59 {:conditions => ["#{TimeEntry.table_name}.spent_on BETWEEN ? AND ?", from, to]}
59 elsif from
60 elsif from
60 {:conditions => ["#{TimeEntry.table_name}.spent_on >= ?", from]}
61 {:conditions => ["#{TimeEntry.table_name}.spent_on >= ?", from]}
61 elsif to
62 elsif to
62 {:conditions => ["#{TimeEntry.table_name}.spent_on <= ?", to]}
63 {:conditions => ["#{TimeEntry.table_name}.spent_on <= ?", to]}
63 else
64 else
64 {}
65 {}
65 end
66 end
66 }
67 }
67
68
69 safe_attributes 'hours', 'comments', 'issue_id', 'activity_id', 'spent_on', 'custom_field_values'
70
68 def initialize(attributes=nil, *args)
71 def initialize(attributes=nil, *args)
69 super
72 super
70 if new_record? && self.activity.nil?
73 if new_record? && self.activity.nil?
71 if default_activity = TimeEntryActivity.default
74 if default_activity = TimeEntryActivity.default
72 self.activity_id = default_activity.id
75 self.activity_id = default_activity.id
73 end
76 end
74 self.hours = nil if hours == 0
77 self.hours = nil if hours == 0
75 end
78 end
76 end
79 end
77
80
78 def set_project_if_nil
81 def set_project_if_nil
79 self.project = issue.project if issue && project.nil?
82 self.project = issue.project if issue && project.nil?
80 end
83 end
81
84
82 def validate_time_entry
85 def validate_time_entry
83 errors.add :hours, :invalid if hours && (hours < 0 || hours >= 1000)
86 errors.add :hours, :invalid if hours && (hours < 0 || hours >= 1000)
84 errors.add :project_id, :invalid if project.nil?
87 errors.add :project_id, :invalid if project.nil?
85 errors.add :issue_id, :invalid if (issue_id && !issue) || (issue && project!=issue.project)
88 errors.add :issue_id, :invalid if (issue_id && !issue) || (issue && project!=issue.project)
86 end
89 end
87
90
88 def hours=(h)
91 def hours=(h)
89 write_attribute :hours, (h.is_a?(String) ? (h.to_hours || h) : h)
92 write_attribute :hours, (h.is_a?(String) ? (h.to_hours || h) : h)
90 end
93 end
91
94
92 def hours
95 def hours
93 h = read_attribute(:hours)
96 h = read_attribute(:hours)
94 if h.is_a?(Float)
97 if h.is_a?(Float)
95 h.round(2)
98 h.round(2)
96 else
99 else
97 h
100 h
98 end
101 end
99 end
102 end
100
103
101 # tyear, tmonth, tweek assigned where setting spent_on attributes
104 # tyear, tmonth, tweek assigned where setting spent_on attributes
102 # these attributes make time aggregations easier
105 # these attributes make time aggregations easier
103 def spent_on=(date)
106 def spent_on=(date)
104 super
107 super
105 if spent_on.is_a?(Time)
108 if spent_on.is_a?(Time)
106 self.spent_on = spent_on.to_date
109 self.spent_on = spent_on.to_date
107 end
110 end
108 self.tyear = spent_on ? spent_on.year : nil
111 self.tyear = spent_on ? spent_on.year : nil
109 self.tmonth = spent_on ? spent_on.month : nil
112 self.tmonth = spent_on ? spent_on.month : nil
110 self.tweek = spent_on ? Date.civil(spent_on.year, spent_on.month, spent_on.day).cweek : nil
113 self.tweek = spent_on ? Date.civil(spent_on.year, spent_on.month, spent_on.day).cweek : nil
111 end
114 end
112
115
113 # Returns true if the time entry can be edited by usr, otherwise false
116 # Returns true if the time entry can be edited by usr, otherwise false
114 def editable_by?(usr)
117 def editable_by?(usr)
115 (usr == user && usr.allowed_to?(:edit_own_time_entries, project)) || usr.allowed_to?(:edit_time_entries, project)
118 (usr == user && usr.allowed_to?(:edit_own_time_entries, project)) || usr.allowed_to?(:edit_time_entries, project)
116 end
119 end
117 end
120 end
General Comments 0
You need to be logged in to leave comments. Login now