##// END OF EJS Templates
jro_apps » redmine
RSS
Merged r14242 (#18580)....
Jean-Philippe Lang -
r13864:20f56ce0aed9
parent child
Show More
Side by Side Unified
Context file:
r13864:20f56ce0aed9 Loading diff...:
Show file before | Show file after | Hide comments
@@ -76,9 +76,9 class ContextMenusController < ApplicationController
76 @projects = @time_entries.collect(&:project).compact.uniq
76 @projects = @time_entries.collect(&:project).compact.uniq
77 @project = @projects.first if @projects.size == 1
77 @project = @projects.first if @projects.size == 1
78 @activities = TimeEntryActivity.shared.active
78 @activities = TimeEntryActivity.shared.active
79 @can = {:edit => User.current.allowed_to?(:edit_time_entries, @projects),
79
80 :delete => User.current.allowed_to?(:edit_time_entries, @projects)
80 edit_allowed = @time_entries.all? {|t| t.editable_by?(User.current)}
81 }
81 @can = {:edit => edit_allowed, :delete => edit_allowed}
82 @back = back_url
82 @back = back_url
83
83
84 @options_by_custom_field = {}
84 @options_by_custom_field = {}
Show file before | Show file after | Hide comments
@@ -234,6 +234,7 private
234 def find_time_entries
234 def find_time_entries
235 @time_entries = TimeEntry.where(:id => params[:id] || params[:ids]).to_a
235 @time_entries = TimeEntry.where(:id => params[:id] || params[:ids]).to_a
236 raise ActiveRecord::RecordNotFound if @time_entries.empty?
236 raise ActiveRecord::RecordNotFound if @time_entries.empty?
237 raise Unauthorized unless @time_entries.all? {|t| t.editable_by?(User.current)}
237 @projects = @time_entries.collect(&:project).compact.uniq
238 @projects = @time_entries.collect(&:project).compact.uniq
238 @project = @projects.first if @projects.size == 1
239 @project = @projects.first if @projects.size == 1
239 rescue ActiveRecord::RecordNotFound
240 rescue ActiveRecord::RecordNotFound
Show file before | Show file after | Hide comments
@@ -276,6 +276,18 class ContextMenusControllerTest < ActionController::TestCase
276 end
276 end
277 end
277 end
278
278
279 def test_time_entries_context_menu_with_edit_own_time_entries_permission
280 @request.session[:user_id] = 2
281 Role.find_by_name('Manager').remove_permission! :edit_time_entries
282 Role.find_by_name('Manager').add_permission! :edit_own_time_entries
283 ids = (0..1).map {TimeEntry.generate!(:user => User.find(2)).id}
284
285 get :time_entries, :ids => ids
286 assert_response :success
287 assert_template 'context_menus/time_entries'
288 assert_select 'a:not(.disabled)', :text => 'Edit'
289 end
290
279 def test_time_entries_context_menu_without_edit_permission
291 def test_time_entries_context_menu_without_edit_permission
280 @request.session[:user_id] = 2
292 @request.session[:user_id] = 2
281 Role.find_by_name('Manager').remove_permission! :edit_time_entries
293 Role.find_by_name('Manager').remove_permission! :edit_time_entries
Show file before | Show file after | Hide comments
@@ -425,6 +425,16 class TimelogControllerTest < ActionController::TestCase
425 assert_template 'bulk_edit'
425 assert_template 'bulk_edit'
426 end
426 end
427
427
428 def test_bulk_edit_with_edit_own_time_entries_permission
429 @request.session[:user_id] = 2
430 Role.find_by_name('Manager').remove_permission! :edit_time_entries
431 Role.find_by_name('Manager').add_permission! :edit_own_time_entries
432 ids = (0..1).map {TimeEntry.generate!(:user => User.find(2)).id}
433
434 get :bulk_edit, :ids => ids
435 assert_response :success
436 end
437
428 def test_bulk_update
438 def test_bulk_update
429 @request.session[:user_id] = 2
439 @request.session[:user_id] = 2
430 # update time entry activity
440 # update time entry activity
@@ -466,6 +476,25 class TimelogControllerTest < ActionController::TestCase
466 assert_response 403
476 assert_response 403
467 end
477 end
468
478
479 def test_bulk_update_with_edit_own_time_entries_permission
480 @request.session[:user_id] = 2
481 Role.find_by_name('Manager').remove_permission! :edit_time_entries
482 Role.find_by_name('Manager').add_permission! :edit_own_time_entries
483 ids = (0..1).map {TimeEntry.generate!(:user => User.find(2)).id}
484
485 post :bulk_update, :ids => ids, :time_entry => { :activity_id => 9 }
486 assert_response 302
487 end
488
489 def test_bulk_update_with_edit_own_time_entries_permissions_should_be_denied_for_time_entries_of_other_user
490 @request.session[:user_id] = 2
491 Role.find_by_name('Manager').remove_permission! :edit_time_entries
492 Role.find_by_name('Manager').add_permission! :edit_own_time_entries
493
494 post :bulk_update, :ids => [1, 2], :time_entry => { :activity_id => 9 }
495 assert_response 403
496 end
497
469 def test_bulk_update_custom_field
498 def test_bulk_update_custom_field
470 @request.session[:user_id] = 2
499 @request.session[:user_id] = 2
471 post :bulk_update, :ids => [1, 2], :time_entry => { :custom_field_values => {'10' => '0'} }
500 post :bulk_update, :ids => [1, 2], :time_entry => { :custom_field_values => {'10' => '0'} }
General Comments 0
You need to be logged in to leave comments. Login now