| @@ -80,9 +80,14 class TimeEntry < ActiveRecord::Base | |||
|
|
80 | 80 | def safe_attributes=(attrs, user=User.current) |
|
|
81 | 81 | if attrs |
|
|
82 | 82 | attrs = super(attrs) |
|
|
83 | if issue_id_changed? && attrs[:project_id].blank? && issue && issue.project_id != project_id | |
|
|
84 | if user.allowed_to?(:log_time, issue.project) | |
|
|
85 |
|
|
|
|
83 | if issue_id_changed? && issue | |
|
|
84 | if issue.visible?(user) && user.allowed_to?(:log_time, issue.project) | |
|
|
85 | if attrs[:project_id].blank? && issue.project_id != project_id | |
|
|
86 | self.project_id = issue.project_id | |
|
|
87 | end | |
|
|
88 | @invalid_issue_id = nil | |
|
|
89 | else | |
|
|
90 | @invalid_issue_id = issue_id | |
|
|
86 | 91 | end |
|
|
87 | 92 | end |
|
|
88 | 93 | end |
| @@ -96,7 +101,7 class TimeEntry < ActiveRecord::Base | |||
|
|
96 | 101 | def validate_time_entry |
|
|
97 | 102 | errors.add :hours, :invalid if hours && (hours < 0 || hours >= 1000) |
|
|
98 | 103 | errors.add :project_id, :invalid if project.nil? |
|
|
99 | errors.add :issue_id, :invalid if (issue_id && !issue) || (issue && project!=issue.project) | |
|
|
104 | errors.add :issue_id, :invalid if (issue_id && !issue) || (issue && project!=issue.project) || @invalid_issue_id | |
|
|
100 | 105 | end |
|
|
101 | 106 | |
|
|
102 | 107 | def hours=(h) |
| @@ -13,7 +13,9 | |||
|
|
13 | 13 | <% end %> |
|
|
14 | 14 | <p> |
|
|
15 | 15 | <%= f.text_field :issue_id, :size => 6 %> |
|
|
16 | <span id="time_entry_issue"><%= "#{@time_entry.issue.tracker.name} ##{@time_entry.issue.id}: #{@time_entry.issue.subject}" if @time_entry.issue.try(:visible?) %></span> | |
|
|
16 | <% if @time_entry.issue.try(:visible?) %> | |
|
|
17 | <span id="time_entry_issue"><%= "#{@time_entry.issue.tracker.name} ##{@time_entry.issue.id}: #{@time_entry.issue.subject}" %></span> | |
|
|
18 | <% end %> | |
|
|
17 | 19 | </p> |
|
|
18 | 20 | <p><%= f.text_field :spent_on, :size => 10, :required => true %><%= calendar_for('time_entry_spent_on') %></p> |
|
|
19 | 21 | <p><%= f.text_field :hours, :size => 6, :required => true %></p> |
| @@ -163,6 +163,23 class TimelogControllerTest < ActionController::TestCase | |||
|
|
163 | 163 | assert_equal 3, t.user_id |
|
|
164 | 164 | end |
|
|
165 | 165 | |
|
|
166 | def test_create_on_issue_that_is_not_visible_should_not_disclose_subject | |
|
|
167 | issue = Issue.generate!(:subject => "issue_that_is_not_visible", :is_private => true) | |
|
|
168 | assert !issue.visible?(User.find(3)) | |
|
|
169 | ||
|
|
170 | @request.session[:user_id] = 3 | |
|
|
171 | assert_no_difference 'TimeEntry.count' do | |
|
|
172 | post :create, :time_entry => { | |
|
|
173 | :project_id => '', :issue_id => issue.id.to_s, | |
|
|
174 | :activity_id => '11', :spent_on => '2008-03-14', :hours => '7.3' | |
|
|
175 | } | |
|
|
176 | end | |
|
|
177 | assert_error_tag :content => /Issue is invalid/ | |
|
|
178 | assert_select "input[name=?][value=?]", "time_entry[issue_id]", issue.id.to_s | |
|
|
179 | assert_select "#time_entry_issue", 0 | |
|
|
180 | assert !response.body.include?('issue_that_is_not_visible') | |
|
|
181 | end | |
|
|
182 | ||
|
|
166 | 183 | def test_create_and_continue_at_project_level |
|
|
167 | 184 | @request.session[:user_id] = 2 |
|
|
168 | 185 | assert_difference 'TimeEntry.count' do |
General Comments 0
You need to be logged in to leave comments.
Login now