| @@ -19,6 +19,7 class TimelogController < ApplicationController | |||
|
|
19 | 19 | menu_item :time_entries |
|
|
20 | 20 | |
|
|
21 | 21 | before_action :find_time_entry, :only => [:show, :edit, :update] |
|
|
22 | before_action :check_editability, :only => [:edit, :update] | |
|
|
22 | 23 | before_action :find_time_entries, :only => [:bulk_edit, :bulk_update, :destroy] |
|
|
23 | 24 | before_action :authorize, :only => [:show, :edit, :update, :bulk_edit, :bulk_update, :destroy] |
|
|
24 | 25 | |
| @@ -221,13 +222,16 class TimelogController < ApplicationController | |||
|
|
221 | 222 | private |
|
|
222 | 223 | def find_time_entry |
|
|
223 | 224 | @time_entry = TimeEntry.find(params[:id]) |
|
|
225 | @project = @time_entry.project | |
|
|
226 | rescue ActiveRecord::RecordNotFound | |
|
|
227 | render_404 | |
|
|
228 | end | |
|
|
229 | ||
|
|
230 | def check_editability | |
|
|
224 | 231 | unless @time_entry.editable_by?(User.current) |
|
|
225 | 232 | render_403 |
|
|
226 | 233 | return false |
|
|
227 | 234 | end |
|
|
228 | @project = @time_entry.project | |
|
|
229 | rescue ActiveRecord::RecordNotFound | |
|
|
230 | render_404 | |
|
|
231 | 235 | end |
|
|
232 | 236 | |
|
|
233 | 237 | def find_time_entries |
General Comments 0
You need to be logged in to leave comments.
Login now