##// END OF EJS Templates
jro_apps » redmine
RSS
Only show issue details in time entry activity events if the issue is visible (#23803)....
Jean-Philippe Lang -
r15902:868f83fe357e
parent child
Show More
Side by Side Unified
Context file:
r15902:868f83fe357e Loading diff...:
Show file before | Show file after | Hide comments
@@ -1,162 +1,166
1 1 # Redmine - project management software
2 2 # Copyright (C) 2006-2016 Jean-Philippe Lang
3 3 #
4 4 # This program is free software; you can redistribute it and/or
5 5 # modify it under the terms of the GNU General Public License
6 6 # as published by the Free Software Foundation; either version 2
7 7 # of the License, or (at your option) any later version.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU General Public License
15 15 # along with this program; if not, write to the Free Software
16 16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17 17
18 18 class TimeEntry < ActiveRecord::Base
19 19 include Redmine::SafeAttributes
20 20 # could have used polymorphic association
21 21 # project association here allows easy loading of time entries at project level with one database trip
22 22 belongs_to :project
23 23 belongs_to :issue
24 24 belongs_to :user
25 25 belongs_to :activity, :class_name => 'TimeEntryActivity'
26 26
27 27 attr_protected :user_id, :tyear, :tmonth, :tweek
28 28
29 29 acts_as_customizable
30 acts_as_event :title => Proc.new {|o| "#{l_hours(o.hours)} (#{(o.issue || o.project).event_title})"},
30 acts_as_event :title => Proc.new { |o|
31 related = o.issue if o.issue && o.issue.visible?
32 related ||= o.project
33 "#{l_hours(o.hours)} (#{related.event_title})"
34 },
31 35 :url => Proc.new {|o| {:controller => 'timelog', :action => 'index', :project_id => o.project, :issue_id => o.issue}},
32 36 :author => :user,
33 37 :group => :issue,
34 38 :description => :comments
35 39
36 40 acts_as_activity_provider :timestamp => "#{table_name}.created_on",
37 41 :author_key => :user_id,
38 42 :scope => joins(:project).preload(:project)
39 43
40 44 validates_presence_of :user_id, :activity_id, :project_id, :hours, :spent_on
41 45 validates_presence_of :issue_id, :if => lambda { Setting.timelog_required_fields.include?('issue_id') }
42 46 validates_presence_of :comments, :if => lambda { Setting.timelog_required_fields.include?('comments') }
43 47 validates_numericality_of :hours, :allow_nil => true, :message => :invalid
44 48 validates_length_of :comments, :maximum => 1024, :allow_nil => true
45 49 validates :spent_on, :date => true
46 50 before_validation :set_project_if_nil
47 51 validate :validate_time_entry
48 52
49 53 scope :visible, lambda {|*args|
50 54 joins(:project).
51 55 where(TimeEntry.visible_condition(args.shift || User.current, *args))
52 56 }
53 57 scope :on_issue, lambda {|issue|
54 58 joins(:issue).
55 59 where("#{Issue.table_name}.root_id = #{issue.root_id} AND #{Issue.table_name}.lft >= #{issue.lft} AND #{Issue.table_name}.rgt <= #{issue.rgt}")
56 60 }
57 61
58 62 safe_attributes 'hours', 'comments', 'project_id', 'issue_id', 'activity_id', 'spent_on', 'custom_field_values', 'custom_fields'
59 63
60 64 # Returns a SQL conditions string used to find all time entries visible by the specified user
61 65 def self.visible_condition(user, options={})
62 66 Project.allowed_to_condition(user, :view_time_entries, options) do |role, user|
63 67 if role.time_entries_visibility == 'all'
64 68 nil
65 69 elsif role.time_entries_visibility == 'own' && user.id && user.logged?
66 70 "#{table_name}.user_id = #{user.id}"
67 71 else
68 72 '1=0'
69 73 end
70 74 end
71 75 end
72 76
73 77 # Returns true if user or current user is allowed to view the time entry
74 78 def visible?(user=nil)
75 79 (user || User.current).allowed_to?(:view_time_entries, self.project) do |role, user|
76 80 if role.time_entries_visibility == 'all'
77 81 true
78 82 elsif role.time_entries_visibility == 'own'
79 83 self.user == user
80 84 else
81 85 false
82 86 end
83 87 end
84 88 end
85 89
86 90 def initialize(attributes=nil, *args)
87 91 super
88 92 if new_record? && self.activity.nil?
89 93 if default_activity = TimeEntryActivity.default
90 94 self.activity_id = default_activity.id
91 95 end
92 96 self.hours = nil if hours == 0
93 97 end
94 98 end
95 99
96 100 def safe_attributes=(attrs, user=User.current)
97 101 if attrs
98 102 attrs = super(attrs)
99 103 if issue_id_changed? && issue
100 104 if issue.visible?(user) && user.allowed_to?(:log_time, issue.project)
101 105 if attrs[:project_id].blank? && issue.project_id != project_id
102 106 self.project_id = issue.project_id
103 107 end
104 108 @invalid_issue_id = nil
105 109 else
106 110 @invalid_issue_id = issue_id
107 111 end
108 112 end
109 113 end
110 114 attrs
111 115 end
112 116
113 117 def set_project_if_nil
114 118 self.project = issue.project if issue && project.nil?
115 119 end
116 120
117 121 def validate_time_entry
118 122 errors.add :hours, :invalid if hours && (hours < 0 || hours >= 1000)
119 123 errors.add :project_id, :invalid if project.nil?
120 124 errors.add :issue_id, :invalid if (issue_id && !issue) || (issue && project!=issue.project) || @invalid_issue_id
121 125 errors.add :activity_id, :inclusion if activity_id_changed? && project && !project.activities.include?(activity)
122 126 end
123 127
124 128 def hours=(h)
125 129 write_attribute :hours, (h.is_a?(String) ? (h.to_hours || h) : h)
126 130 end
127 131
128 132 def hours
129 133 h = read_attribute(:hours)
130 134 if h.is_a?(Float)
131 135 h.round(2)
132 136 else
133 137 h
134 138 end
135 139 end
136 140
137 141 # tyear, tmonth, tweek assigned where setting spent_on attributes
138 142 # these attributes make time aggregations easier
139 143 def spent_on=(date)
140 144 super
141 145 self.tyear = spent_on ? spent_on.year : nil
142 146 self.tmonth = spent_on ? spent_on.month : nil
143 147 self.tweek = spent_on ? Date.civil(spent_on.year, spent_on.month, spent_on.day).cweek : nil
144 148 end
145 149
146 150 # Returns true if the time entry can be edited by usr, otherwise false
147 151 def editable_by?(usr)
148 152 visible?(usr) && (
149 153 (usr == user && usr.allowed_to?(:edit_own_time_entries, project)) || usr.allowed_to?(:edit_time_entries, project)
150 154 )
151 155 end
152 156
153 157 # Returns the custom_field_values that can be edited by the given user
154 158 def editable_custom_field_values(user=nil)
155 159 visible_custom_field_values
156 160 end
157 161
158 162 # Returns the custom fields that can be edited by the given user
159 163 def editable_custom_fields(user=nil)
160 164 editable_custom_field_values(user).map(&:custom_field).uniq
161 165 end
162 166 end
General Comments 0
You need to be logged in to leave comments. Login now