jro_apps/redmine Commit - r4296:3ba3c540fbb2

17

18

class TimelogController < ApplicationController

18

class TimelogController < ApplicationController

19

menu_item :issues

19

menu_item :issues

20

before_filter :find_project, ~~:authorize~~, :only => [:new, :create, ~~:edit~~, ~~:update~~, ~~:destroy~~]

20

before_filter :find_project, :only => [:new, :create]

21

before_filter :find_time_entry, :only => [:edit, :update, :destroy]

22

before_filter :authorize, :except => [:index]

21

before_filter :find_optional_project, :only => [:index]

23

before_filter :find_optional_project, :only => [:index]

22

24

23

helper :sort

25

helper :sort

108

end

110

end

109

111

110

def edit

112

def edit

111

(render_403; return) if @time_entry && !@time_entry.editable_by?(User.current)

112

@time_entry.attributes = params[:time_entry]

113

@time_entry.attributes = params[:time_entry]

113

114

call_hook(:controller_timelog_edit_before_save, { :params => params, :time_entry => @time_entry })

115

call_hook(:controller_timelog_edit_before_save, { :params => params, :time_entry => @time_entry })

116

117

verify :method => :put, :only => :update, :render => {:nothing => true, :status => :method_not_allowed }

118

verify :method => :put, :only => :update, :render => {:nothing => true, :status => :method_not_allowed }

118

def update

119

def update

119

(render_403; return) if @time_entry && !@time_entry.editable_by?(User.current)

120

@time_entry.attributes = params[:time_entry]

120

@time_entry.attributes = params[:time_entry]

121

122

call_hook(:controller_timelog_edit_before_save, { :params => params, :time_entry => @time_entry })

122

call_hook(:controller_timelog_edit_before_save, { :params => params, :time_entry => @time_entry })

131

132

verify :method => :delete, :only => :destroy, :render => {:nothing => true, :status => :method_not_allowed }

132

verify :method => :delete, :only => :destroy, :render => {:nothing => true, :status => :method_not_allowed }

133

def destroy

133

def destroy

134

(render_404; return) unless @time_entry

135

(render_403; return) unless @time_entry.editable_by?(User.current)

136

if @time_entry.destroy && @time_entry.destroyed?

134

if @time_entry.destroy && @time_entry.destroyed?

137

flash[:notice] = l(:notice_successful_delete)

135

flash[:notice] = l(:notice_successful_delete)

138

else

136

else

144

end

142

end

145

143

146

private

144

private

147

def find_~~project~~

145

def find_time_entry

148

if params[:id]

149

@time_entry = TimeEntry.find(params[:id])

146

@time_entry = TimeEntry.find(params[:id])

147

unless @time_entry.editable_by?(User.current)

148

render_403

149

return false

150

end

150

@project = @time_entry.project

151

@project = @time_entry.project

151

elsif params[:issue_id]

152

rescue ActiveRecord::RecordNotFound

153

render_404

154

end

155

156

def find_project

157

if params[:issue_id]

152

@issue = Issue.find(params[:issue_id])

158

@issue = Issue.find(params[:issue_id])

153

@project = @issue.project

159

@project = @issue.project

154

elsif params[:project_id]

160

elsif params[:project_id]

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

             class TimelogController < ApplicationController
               menu_item :issues
-              before_filter :find_project, :authorize, :only => [:new, :create, :edit, :update, :destroy]
+              before_filter :find_project, :only => [:new, :create]
+              before_filter :find_time_entry, :only => [:edit, :update, :destroy]
+              before_filter :authorize, :except => [:index]
               before_filter :find_optional_project, :only => [:index]
               helper :sort
               end
               def edit
-                (render_403; return) if @time_entry && !@time_entry.editable_by?(User.current)
                 @time_entry.attributes = params[:time_entry]
                 call_hook(:controller_timelog_edit_before_save, { :params => params, :time_entry => @time_entry })
               verify :method => :put, :only => :update, :render => {:nothing => true, :status => :method_not_allowed }
               def update
-                (render_403; return) if @time_entry && !@time_entry.editable_by?(User.current)
                 @time_entry.attributes = params[:time_entry]
                 call_hook(:controller_timelog_edit_before_save, { :params => params, :time_entry => @time_entry })
               verify :method => :delete, :only => :destroy, :render => {:nothing => true, :status => :method_not_allowed }
               def destroy
-                (render_404; return) unless @time_entry
-                (render_403; return) unless @time_entry.editable_by?(User.current)
                 if @time_entry.destroy && @time_entry.destroyed?
                   flash[:notice] = l(:notice_successful_delete)
                 else
               end
             private
-              def find_project
+              def find_time_entry
-                if params[:id]
                 @time_entry = TimeEntry.find(params[:id])
+                unless @time_entry.editable_by?(User.current)
+                  render_403
+                  return false
+                end
                 @project = @time_entry.project
-                elsif params[:issue_id]
+              rescue ActiveRecord::RecordNotFound
+                render_404
+              end
+              def find_project
+                if params[:issue_id]
                   @issue = Issue.find(params[:issue_id])
                   @project = @issue.project
                 elsif params[:project_id]