jro_apps/redmine Commit - r4296:3ba3c540fbb2

Prevents NoMethodError when requesting /time_entries/edit without an id (#6904)....

Jean-Philippe Lang -

r4296:3ba3c540fbb2

parent child

Context file:

r4296:3ba3c540fbb2

Collapse all files

app/controllers/timelog_controller.rb +14 -8

              class TimelogController < ApplicationController
                menu_item :issues
-               before_filter :find_project, :authorize, :only => [:new, :create, :edit, :update, :destroy]
+               before_filter :find_project, :only => [:new, :create]
+               before_filter :find_time_entry, :only => [:edit, :update, :destroy]
+               before_filter :authorize, :except => [:index]
                before_filter :find_optional_project, :only => [:index]
                helper :sort
                end
                def edit
-                 (render_403; return) if @time_entry && !@time_entry.editable_by?(User.current)
                  @time_entry.attributes = params[:time_entry]
                  call_hook(:controller_timelog_edit_before_save, { :params => params, :time_entry => @time_entry })
                verify :method => :put, :only => :update, :render => {:nothing => true, :status => :method_not_allowed }
                def update
-                 (render_403; return) if @time_entry && !@time_entry.editable_by?(User.current)
                  @time_entry.attributes = params[:time_entry]
                  call_hook(:controller_timelog_edit_before_save, { :params => params, :time_entry => @time_entry })
                verify :method => :delete, :only => :destroy, :render => {:nothing => true, :status => :method_not_allowed }
                def destroy
-                 (render_404; return) unless @time_entry
-                 (render_403; return) unless @time_entry.editable_by?(User.current)
                  if @time_entry.destroy && @time_entry.destroyed?
                    flash[:notice] = l(:notice_successful_delete)
                  else
                end
              private
-               def find_project
-                 if params[:id]
+               def find_time_entry
-                   @time_entry = TimeEntry.find(params[:id])
+                 unless @time_entry.editable_by?(User.current)
+                   render_403
+                   return false
+                 end
-                   @project = @time_entry.project
-                 elsif params[:issue_id]
+               rescue ActiveRecord::RecordNotFound
+                 render_404
+               end
+               def find_project
+                 if params[:issue_id]
                    @issue = Issue.find(params[:issue_id])
                    @project = @issue.project
                  elsif params[:project_id]

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages