##// END OF EJS Templates
jro_apps » redmine
RSS
Only show issue details in time entry activity events if the issue is visible (#23803)....
Only show issue details in time entry activity events if the issue is visible (#23803). Patch by Holger Just. git-svn-id: http://svn.redmine.org/redmine/trunk@16284 e93f8b46-1217-0410-a6f0-8f06a7374b81
Jean-Philippe Lang - - Load All Authors

File last commit:

r15902:868f83fe357e
r15902:868f83fe357e
Show More
time_entry.rb
166 lines | 6.0 KiB | text/x-ruby | RubyLexer
/ app / models / time_entry.rb
History | Annotation | Raw |Copy content |Copy permalink
# Redmine - project management software
# Copyright (C) 2006-2016 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class TimeEntry < ActiveRecord::Base
include Redmine::SafeAttributes
# could have used polymorphic association
# project association here allows easy loading of time entries at project level with one database trip
belongs_to :project
belongs_to :issue
belongs_to :user
belongs_to :activity, :class_name => 'TimeEntryActivity'
attr_protected :user_id, :tyear, :tmonth, :tweek
acts_as_customizable
acts_as_event :title => Proc.new { |o|
related = o.issue if o.issue && o.issue.visible?
related ||= o.project
"#{l_hours(o.hours)} (#{related.event_title})"
},
:url => Proc.new {|o| {:controller => 'timelog', :action => 'index', :project_id => o.project, :issue_id => o.issue}},
:author => :user,
:group => :issue,
:description => :comments
acts_as_activity_provider :timestamp => "#{table_name}.created_on",
:author_key => :user_id,
:scope => joins(:project).preload(:project)
validates_presence_of :user_id, :activity_id, :project_id, :hours, :spent_on
validates_presence_of :issue_id, :if => lambda { Setting.timelog_required_fields.include?('issue_id') }
validates_presence_of :comments, :if => lambda { Setting.timelog_required_fields.include?('comments') }
validates_numericality_of :hours, :allow_nil => true, :message => :invalid
validates_length_of :comments, :maximum => 1024, :allow_nil => true
validates :spent_on, :date => true
before_validation :set_project_if_nil
validate :validate_time_entry
scope :visible, lambda {|*args|
joins(:project).
where(TimeEntry.visible_condition(args.shift || User.current, *args))
}
scope :on_issue, lambda {|issue|
joins(:issue).
where("#{Issue.table_name}.root_id = #{issue.root_id} AND #{Issue.table_name}.lft >= #{issue.lft} AND #{Issue.table_name}.rgt <= #{issue.rgt}")
}
safe_attributes 'hours', 'comments', 'project_id', 'issue_id', 'activity_id', 'spent_on', 'custom_field_values', 'custom_fields'
# Returns a SQL conditions string used to find all time entries visible by the specified user
def self.visible_condition(user, options={})
Project.allowed_to_condition(user, :view_time_entries, options) do |role, user|
if role.time_entries_visibility == 'all'
nil
elsif role.time_entries_visibility == 'own' && user.id && user.logged?
"#{table_name}.user_id = #{user.id}"
else
'1=0'
end
end
end
# Returns true if user or current user is allowed to view the time entry
def visible?(user=nil)
(user || User.current).allowed_to?(:view_time_entries, self.project) do |role, user|
if role.time_entries_visibility == 'all'
true
elsif role.time_entries_visibility == 'own'
self.user == user
else
false
end
end
end
def initialize(attributes=nil, *args)
super
if new_record? && self.activity.nil?
if default_activity = TimeEntryActivity.default
self.activity_id = default_activity.id
end
self.hours = nil if hours == 0
end
end
def safe_attributes=(attrs, user=User.current)
if attrs
attrs = super(attrs)
if issue_id_changed? && issue
if issue.visible?(user) && user.allowed_to?(:log_time, issue.project)
if attrs[:project_id].blank? && issue.project_id != project_id
self.project_id = issue.project_id
end
@invalid_issue_id = nil
else
@invalid_issue_id = issue_id
end
end
end
attrs
end
def set_project_if_nil
self.project = issue.project if issue && project.nil?
end
def validate_time_entry
errors.add :hours, :invalid if hours && (hours < 0 || hours >= 1000)
errors.add :project_id, :invalid if project.nil?
errors.add :issue_id, :invalid if (issue_id && !issue) || (issue && project!=issue.project) || @invalid_issue_id
errors.add :activity_id, :inclusion if activity_id_changed? && project && !project.activities.include?(activity)
end
def hours=(h)
write_attribute :hours, (h.is_a?(String) ? (h.to_hours || h) : h)
end
def hours
h = read_attribute(:hours)
if h.is_a?(Float)
h.round(2)
else
h
end
end
# tyear, tmonth, tweek assigned where setting spent_on attributes
# these attributes make time aggregations easier
def spent_on=(date)
super
self.tyear = spent_on ? spent_on.year : nil
self.tmonth = spent_on ? spent_on.month : nil
self.tweek = spent_on ? Date.civil(spent_on.year, spent_on.month, spent_on.day).cweek : nil
end
# Returns true if the time entry can be edited by usr, otherwise false
def editable_by?(usr)
visible?(usr) && (
(usr == user && usr.allowed_to?(:edit_own_time_entries, project)) || usr.allowed_to?(:edit_time_entries, project)
)
end
# Returns the custom_field_values that can be edited by the given user
def editable_custom_field_values(user=nil)
visible_custom_field_values
end
# Returns the custom fields that can be edited by the given user
def editable_custom_fields(user=nil)
editable_custom_field_values(user).map(&:custom_field).uniq
end
end