##// END OF EJS Templates
jro_apps » redmine
RSS
Backported r14796 (#21150)....
Jean-Philippe Lang -
r14458:4a254b6f0663
parent child
Show More
Side by Side Unified
Context file:
r14458:4a254b6f0663 Loading diff...:
Show file before | Show file after | Hide comments
@@ -80,9 +80,14 class TimeEntry < ActiveRecord::Base
80 def safe_attributes=(attrs, user=User.current)
80 def safe_attributes=(attrs, user=User.current)
81 if attrs
81 if attrs
82 attrs = super(attrs)
82 attrs = super(attrs)
83 if issue_id_changed? && attrs[:project_id].blank? && issue && issue.project_id != project_id
83 if issue_id_changed? && issue
84 if user.allowed_to?(:log_time, issue.project)
84 if issue.visible?(user) && user.allowed_to?(:log_time, issue.project)
85 self.project_id = issue.project_id
85 if attrs[:project_id].blank? && issue.project_id != project_id
86 self.project_id = issue.project_id
87 end
88 @invalid_issue_id = nil
89 else
90 @invalid_issue_id = issue_id
86 end
91 end
87 end
92 end
88 end
93 end
@@ -96,7 +101,7 class TimeEntry < ActiveRecord::Base
96 def validate_time_entry
101 def validate_time_entry
97 errors.add :hours, :invalid if hours && (hours < 0 || hours >= 1000)
102 errors.add :hours, :invalid if hours && (hours < 0 || hours >= 1000)
98 errors.add :project_id, :invalid if project.nil?
103 errors.add :project_id, :invalid if project.nil?
99 errors.add :issue_id, :invalid if (issue_id && !issue) || (issue && project!=issue.project)
104 errors.add :issue_id, :invalid if (issue_id && !issue) || (issue && project!=issue.project) || @invalid_issue_id
100 end
105 end
101
106
102 def hours=(h)
107 def hours=(h)
Show file before | Show file after | Hide comments
@@ -13,7 +13,9
13 <% end %>
13 <% end %>
14 <p>
14 <p>
15 <%= f.text_field :issue_id, :size => 6 %>
15 <%= f.text_field :issue_id, :size => 6 %>
16 <span id="time_entry_issue"><%= "#{@time_entry.issue.tracker.name} ##{@time_entry.issue.id}: #{@time_entry.issue.subject}" if @time_entry.issue.try(:visible?) %></span>
16 <% if @time_entry.issue.try(:visible?) %>
17 <span id="time_entry_issue"><%= "#{@time_entry.issue.tracker.name} ##{@time_entry.issue.id}: #{@time_entry.issue.subject}" %></span>
18 <% end %>
17 </p>
19 </p>
18 <p><%= f.text_field :spent_on, :size => 10, :required => true %><%= calendar_for('time_entry_spent_on') %></p>
20 <p><%= f.text_field :spent_on, :size => 10, :required => true %><%= calendar_for('time_entry_spent_on') %></p>
19 <p><%= f.text_field :hours, :size => 6, :required => true %></p>
21 <p><%= f.text_field :hours, :size => 6, :required => true %></p>
Show file before | Show file after | Hide comments
@@ -163,6 +163,23 class TimelogControllerTest < ActionController::TestCase
163 assert_equal 3, t.user_id
163 assert_equal 3, t.user_id
164 end
164 end
165
165
166 def test_create_on_issue_that_is_not_visible_should_not_disclose_subject
167 issue = Issue.generate!(:subject => "issue_that_is_not_visible", :is_private => true)
168 assert !issue.visible?(User.find(3))
169
170 @request.session[:user_id] = 3
171 assert_no_difference 'TimeEntry.count' do
172 post :create, :time_entry => {
173 :project_id => '', :issue_id => issue.id.to_s,
174 :activity_id => '11', :spent_on => '2008-03-14', :hours => '7.3'
175 }
176 end
177 assert_error_tag :content => /Issue is invalid/
178 assert_select "input[name=?][value=?]", "time_entry[issue_id]", issue.id.to_s
179 assert_select "#time_entry_issue", 0
180 assert !response.body.include?('issue_that_is_not_visible')
181 end
182
166 def test_create_and_continue_at_project_level
183 def test_create_and_continue_at_project_level
167 @request.session[:user_id] = 2
184 @request.session[:user_id] = 2
168 assert_difference 'TimeEntry.count' do
185 assert_difference 'TimeEntry.count' do
General Comments 0
You need to be logged in to leave comments. Login now