| @@ -105,7 +105,7 class TimelogController < ApplicationController | |||||
| 105 |
|
105 | |||
| 106 | def new |
|
106 | def new | |
| 107 | @time_entry ||= TimeEntry.new(:project => @project, :issue => @issue, :user => User.current, :spent_on => User.current.today) |
|
107 | @time_entry ||= TimeEntry.new(:project => @project, :issue => @issue, :user => User.current, :spent_on => User.current.today) | |
| 108 | @time_entry.attributes = params[:time_entry] |
|
108 | @time_entry.safe_attributes = params[:time_entry] | |
| 109 |
|
109 | |||
| 110 | call_hook(:controller_timelog_edit_before_save, { :params => params, :time_entry => @time_entry }) |
|
110 | call_hook(:controller_timelog_edit_before_save, { :params => params, :time_entry => @time_entry }) | |
| 111 | render :action => 'edit' |
|
111 | render :action => 'edit' | |
| @@ -114,7 +114,7 class TimelogController < ApplicationController | |||||
| 114 | verify :method => :post, :only => :create, :render => {:nothing => true, :status => :method_not_allowed } |
|
114 | verify :method => :post, :only => :create, :render => {:nothing => true, :status => :method_not_allowed } | |
| 115 | def create |
|
115 | def create | |
| 116 | @time_entry ||= TimeEntry.new(:project => @project, :issue => @issue, :user => User.current, :spent_on => User.current.today) |
|
116 | @time_entry ||= TimeEntry.new(:project => @project, :issue => @issue, :user => User.current, :spent_on => User.current.today) | |
| 117 | @time_entry.attributes = params[:time_entry] |
|
117 | @time_entry.safe_attributes = params[:time_entry] | |
| 118 |
|
118 | |||
| 119 | call_hook(:controller_timelog_edit_before_save, { :params => params, :time_entry => @time_entry }) |
|
119 | call_hook(:controller_timelog_edit_before_save, { :params => params, :time_entry => @time_entry }) | |
| 120 |
|
120 | |||
| @@ -135,14 +135,14 class TimelogController < ApplicationController | |||||
| 135 | end |
|
135 | end | |
| 136 |
|
136 | |||
| 137 | def edit |
|
137 | def edit | |
| 138 | @time_entry.attributes = params[:time_entry] |
|
138 | @time_entry.safe_attributes = params[:time_entry] | |
| 139 |
|
139 | |||
| 140 | call_hook(:controller_timelog_edit_before_save, { :params => params, :time_entry => @time_entry }) |
|
140 | call_hook(:controller_timelog_edit_before_save, { :params => params, :time_entry => @time_entry }) | |
| 141 | end |
|
141 | end | |
| 142 |
|
142 | |||
| 143 | verify :method => :put, :only => :update, :render => {:nothing => true, :status => :method_not_allowed } |
|
143 | verify :method => :put, :only => :update, :render => {:nothing => true, :status => :method_not_allowed } | |
| 144 | def update |
|
144 | def update | |
| 145 | @time_entry.attributes = params[:time_entry] |
|
145 | @time_entry.safe_attributes = params[:time_entry] | |
| 146 |
|
146 | |||
| 147 | call_hook(:controller_timelog_edit_before_save, { :params => params, :time_entry => @time_entry }) |
|
147 | call_hook(:controller_timelog_edit_before_save, { :params => params, :time_entry => @time_entry }) | |
| 148 |
|
148 | |||
| @@ -173,7 +173,7 class TimelogController < ApplicationController | |||||
| 173 | unsaved_time_entry_ids = [] |
|
173 | unsaved_time_entry_ids = [] | |
| 174 | @time_entries.each do |time_entry| |
|
174 | @time_entries.each do |time_entry| | |
| 175 | time_entry.reload |
|
175 | time_entry.reload | |
| 176 | time_entry.attributes = attributes |
|
176 | time_entry.safe_attributes = attributes | |
| 177 | call_hook(:controller_time_entries_bulk_edit_before_save, { :params => params, :time_entry => time_entry }) |
|
177 | call_hook(:controller_time_entries_bulk_edit_before_save, { :params => params, :time_entry => time_entry }) | |
| 178 | unless time_entry.save |
|
178 | unless time_entry.save | |
| 179 | # Keep unsaved time_entry ids to display them in flash error |
|
179 | # Keep unsaved time_entry ids to display them in flash error | |
| @@ -16,6 +16,7 | |||||
| 16 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
|
16 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. | |
| 17 |
|
17 | |||
| 18 | class TimeEntry < ActiveRecord::Base |
|
18 | class TimeEntry < ActiveRecord::Base | |
|
|
19 | include Redmine::SafeAttributes | |||
| 19 | # could have used polymorphic association |
|
20 | # could have used polymorphic association | |
| 20 | # project association here allows easy loading of time entries at project level with one database trip |
|
21 | # project association here allows easy loading of time entries at project level with one database trip | |
| 21 | belongs_to :project |
|
22 | belongs_to :project | |
| @@ -46,6 +47,8 class TimeEntry < ActiveRecord::Base | |||||
| 46 | :conditions => Project.allowed_to_condition(args.shift || User.current, :view_time_entries, *args) |
|
47 | :conditions => Project.allowed_to_condition(args.shift || User.current, :view_time_entries, *args) | |
| 47 | }} |
|
48 | }} | |
| 48 |
|
49 | |||
|
|
50 | safe_attributes 'hours', 'comments', 'issue_id', 'activity_id', 'spent_on', 'custom_field_values' | |||
|
|
51 | ||||
| 49 | def after_initialize |
|
52 | def after_initialize | |
| 50 | if new_record? && self.activity.nil? |
|
53 | if new_record? && self.activity.nil? | |
| 51 | if default_activity = TimeEntryActivity.default |
|
54 | if default_activity = TimeEntryActivity.default | |
General Comments 0
You need to be logged in to leave comments.
Login now