| @@ -19,6 +19,7 class TimelogController < ApplicationController | |||||
| 19 | menu_item :time_entries |
|
19 | menu_item :time_entries | |
| 20 |
|
20 | |||
| 21 | before_action :find_time_entry, :only => [:show, :edit, :update] |
|
21 | before_action :find_time_entry, :only => [:show, :edit, :update] | |
|
|
22 | before_action :check_editability, :only => [:edit, :update] | |||
| 22 | before_action :find_time_entries, :only => [:bulk_edit, :bulk_update, :destroy] |
|
23 | before_action :find_time_entries, :only => [:bulk_edit, :bulk_update, :destroy] | |
| 23 | before_action :authorize, :only => [:show, :edit, :update, :bulk_edit, :bulk_update, :destroy] |
|
24 | before_action :authorize, :only => [:show, :edit, :update, :bulk_edit, :bulk_update, :destroy] | |
| 24 |
|
25 | |||
| @@ -221,13 +222,16 class TimelogController < ApplicationController | |||||
| 221 | private |
|
222 | private | |
| 222 | def find_time_entry |
|
223 | def find_time_entry | |
| 223 | @time_entry = TimeEntry.find(params[:id]) |
|
224 | @time_entry = TimeEntry.find(params[:id]) | |
|
|
225 | @project = @time_entry.project | |||
|
|
226 | rescue ActiveRecord::RecordNotFound | |||
|
|
227 | render_404 | |||
|
|
228 | end | |||
|
|
229 | ||||
|
|
230 | def check_editability | |||
| 224 | unless @time_entry.editable_by?(User.current) |
|
231 | unless @time_entry.editable_by?(User.current) | |
| 225 | render_403 |
|
232 | render_403 | |
| 226 | return false |
|
233 | return false | |
| 227 | end |
|
234 | end | |
| 228 | @project = @time_entry.project |
|
|||
| 229 | rescue ActiveRecord::RecordNotFound |
|
|||
| 230 | render_404 |
|
|||
| 231 | end |
|
235 | end | |
| 232 |
|
236 | |||
| 233 | def find_time_entries |
|
237 | def find_time_entries | |
General Comments 0
You need to be logged in to leave comments.
Login now