##// END OF EJS Templates
jro_apps » redmine
RSS
Merged r14242 (#18580)....
Jean-Philippe Lang -
r13870:b51dfd414bc6
parent child
Show More
Side by Side Unified
Context file:
r13870:b51dfd414bc6 Loading diff...:
Show file before | Show file after | Hide comments
@@ -78,9 +78,9 class ContextMenusController < ApplicationController
78 @projects = @time_entries.collect(&:project).compact.uniq
78 @projects = @time_entries.collect(&:project).compact.uniq
79 @project = @projects.first if @projects.size == 1
79 @project = @projects.first if @projects.size == 1
80 @activities = TimeEntryActivity.shared.active
80 @activities = TimeEntryActivity.shared.active
81 @can = {:edit => User.current.allowed_to?(:edit_time_entries, @projects),
81
82 :delete => User.current.allowed_to?(:edit_time_entries, @projects)
82 edit_allowed = @time_entries.all? {|t| t.editable_by?(User.current)}
83 }
83 @can = {:edit => edit_allowed, :delete => edit_allowed}
84 @back = back_url
84 @back = back_url
85
85
86 @options_by_custom_field = {}
86 @options_by_custom_field = {}
Show file before | Show file after | Hide comments
@@ -234,6 +234,7 private
234 def find_time_entries
234 def find_time_entries
235 @time_entries = TimeEntry.where(:id => params[:id] || params[:ids]).all
235 @time_entries = TimeEntry.where(:id => params[:id] || params[:ids]).all
236 raise ActiveRecord::RecordNotFound if @time_entries.empty?
236 raise ActiveRecord::RecordNotFound if @time_entries.empty?
237 raise Unauthorized unless @time_entries.all? {|t| t.editable_by?(User.current)}
237 @projects = @time_entries.collect(&:project).compact.uniq
238 @projects = @time_entries.collect(&:project).compact.uniq
238 @project = @projects.first if @projects.size == 1
239 @project = @projects.first if @projects.size == 1
239 rescue ActiveRecord::RecordNotFound
240 rescue ActiveRecord::RecordNotFound
Show file before | Show file after | Hide comments
@@ -267,6 +267,18 class ContextMenusControllerTest < ActionController::TestCase
267 end
267 end
268 end
268 end
269
269
270 def test_time_entries_context_menu_with_edit_own_time_entries_permission
271 @request.session[:user_id] = 2
272 Role.find_by_name('Manager').remove_permission! :edit_time_entries
273 Role.find_by_name('Manager').add_permission! :edit_own_time_entries
274 ids = (0..1).map {TimeEntry.generate!(:user => User.find(2)).id}
275
276 get :time_entries, :ids => ids
277 assert_response :success
278 assert_template 'context_menus/time_entries'
279 assert_select 'a:not(.disabled)', :text => 'Edit'
280 end
281
270 def test_time_entries_context_menu_without_edit_permission
282 def test_time_entries_context_menu_without_edit_permission
271 @request.session[:user_id] = 2
283 @request.session[:user_id] = 2
272 Role.find_by_name('Manager').remove_permission! :edit_time_entries
284 Role.find_by_name('Manager').remove_permission! :edit_time_entries
Show file before | Show file after | Hide comments
@@ -375,6 +375,16 class TimelogControllerTest < ActionController::TestCase
375 assert_template 'bulk_edit'
375 assert_template 'bulk_edit'
376 end
376 end
377
377
378 def test_bulk_edit_with_edit_own_time_entries_permission
379 @request.session[:user_id] = 2
380 Role.find_by_name('Manager').remove_permission! :edit_time_entries
381 Role.find_by_name('Manager').add_permission! :edit_own_time_entries
382 ids = (0..1).map {TimeEntry.generate!(:user => User.find(2)).id}
383
384 get :bulk_edit, :ids => ids
385 assert_response :success
386 end
387
378 def test_bulk_update
388 def test_bulk_update
379 @request.session[:user_id] = 2
389 @request.session[:user_id] = 2
380 # update time entry activity
390 # update time entry activity
@@ -416,6 +426,25 class TimelogControllerTest < ActionController::TestCase
416 assert_response 403
426 assert_response 403
417 end
427 end
418
428
429 def test_bulk_update_with_edit_own_time_entries_permission
430 @request.session[:user_id] = 2
431 Role.find_by_name('Manager').remove_permission! :edit_time_entries
432 Role.find_by_name('Manager').add_permission! :edit_own_time_entries
433 ids = (0..1).map {TimeEntry.generate!(:user => User.find(2)).id}
434
435 post :bulk_update, :ids => ids, :time_entry => { :activity_id => 9 }
436 assert_response 302
437 end
438
439 def test_bulk_update_with_edit_own_time_entries_permissions_should_be_denied_for_time_entries_of_other_user
440 @request.session[:user_id] = 2
441 Role.find_by_name('Manager').remove_permission! :edit_time_entries
442 Role.find_by_name('Manager').add_permission! :edit_own_time_entries
443
444 post :bulk_update, :ids => [1, 2], :time_entry => { :activity_id => 9 }
445 assert_response 403
446 end
447
419 def test_bulk_update_custom_field
448 def test_bulk_update_custom_field
420 @request.session[:user_id] = 2
449 @request.session[:user_id] = 2
421 post :bulk_update, :ids => [1, 2], :time_entry => { :custom_field_values => {'10' => '0'} }
450 post :bulk_update, :ids => [1, 2], :time_entry => { :custom_field_values => {'10' => '0'} }
General Comments 0
You need to be logged in to leave comments. Login now