| @@ -17,7 +17,9 | |||||
| 17 |
|
17 | |||
| 18 | class TimelogController < ApplicationController |
|
18 | class TimelogController < ApplicationController | |
| 19 | menu_item :issues |
|
19 | menu_item :issues | |
| 20 |
before_filter :find_project |
|
20 | before_filter :find_project, :only => [:new, :create] | |
|
|
21 | before_filter :find_time_entry, :only => [:edit, :update, :destroy] | |||
|
|
22 | before_filter :authorize, :except => [:index] | |||
| 21 | before_filter :find_optional_project, :only => [:index] |
|
23 | before_filter :find_optional_project, :only => [:index] | |
| 22 |
|
24 | |||
| 23 | helper :sort |
|
25 | helper :sort | |
| @@ -108,7 +110,6 class TimelogController < ApplicationController | |||||
| 108 | end |
|
110 | end | |
| 109 |
|
111 | |||
| 110 | def edit |
|
112 | def edit | |
| 111 | (render_403; return) if @time_entry && !@time_entry.editable_by?(User.current) |
|
|||
| 112 | @time_entry.attributes = params[:time_entry] |
|
113 | @time_entry.attributes = params[:time_entry] | |
| 113 |
|
114 | |||
| 114 | call_hook(:controller_timelog_edit_before_save, { :params => params, :time_entry => @time_entry }) |
|
115 | call_hook(:controller_timelog_edit_before_save, { :params => params, :time_entry => @time_entry }) | |
| @@ -116,7 +117,6 class TimelogController < ApplicationController | |||||
| 116 |
|
117 | |||
| 117 | verify :method => :put, :only => :update, :render => {:nothing => true, :status => :method_not_allowed } |
|
118 | verify :method => :put, :only => :update, :render => {:nothing => true, :status => :method_not_allowed } | |
| 118 | def update |
|
119 | def update | |
| 119 | (render_403; return) if @time_entry && !@time_entry.editable_by?(User.current) |
|
|||
| 120 | @time_entry.attributes = params[:time_entry] |
|
120 | @time_entry.attributes = params[:time_entry] | |
| 121 |
|
121 | |||
| 122 | call_hook(:controller_timelog_edit_before_save, { :params => params, :time_entry => @time_entry }) |
|
122 | call_hook(:controller_timelog_edit_before_save, { :params => params, :time_entry => @time_entry }) | |
| @@ -131,8 +131,6 class TimelogController < ApplicationController | |||||
| 131 |
|
131 | |||
| 132 | verify :method => :delete, :only => :destroy, :render => {:nothing => true, :status => :method_not_allowed } |
|
132 | verify :method => :delete, :only => :destroy, :render => {:nothing => true, :status => :method_not_allowed } | |
| 133 | def destroy |
|
133 | def destroy | |
| 134 | (render_404; return) unless @time_entry |
|
|||
| 135 | (render_403; return) unless @time_entry.editable_by?(User.current) |
|
|||
| 136 | if @time_entry.destroy && @time_entry.destroyed? |
|
134 | if @time_entry.destroy && @time_entry.destroyed? | |
| 137 | flash[:notice] = l(:notice_successful_delete) |
|
135 | flash[:notice] = l(:notice_successful_delete) | |
| 138 | else |
|
136 | else | |
| @@ -144,11 +142,19 class TimelogController < ApplicationController | |||||
| 144 | end |
|
142 | end | |
| 145 |
|
143 | |||
| 146 | private |
|
144 | private | |
|
|
145 | def find_time_entry | |||
|
|
146 | @time_entry = TimeEntry.find(params[:id]) | |||
|
|
147 | unless @time_entry.editable_by?(User.current) | |||
|
|
148 | render_403 | |||
|
|
149 | return false | |||
|
|
150 | end | |||
|
|
151 | @project = @time_entry.project | |||
|
|
152 | rescue ActiveRecord::RecordNotFound | |||
|
|
153 | render_404 | |||
|
|
154 | end | |||
|
|
155 | ||||
| 147 | def find_project |
|
156 | def find_project | |
| 148 | if params[:id] |
|
157 | if params[:issue_id] | |
| 149 | @time_entry = TimeEntry.find(params[:id]) |
|
|||
| 150 | @project = @time_entry.project |
|
|||
| 151 | elsif params[:issue_id] |
|
|||
| 152 | @issue = Issue.find(params[:issue_id]) |
|
158 | @issue = Issue.find(params[:issue_id]) | |
| 153 | @project = @issue.project |
|
159 | @project = @issue.project | |
| 154 | elsif params[:project_id] |
|
160 | elsif params[:project_id] | |
General Comments 0
You need to be logged in to leave comments.
Login now