From 24538a4af2f8ffd5be45ee57cb6ae19f9c207fd9 Mon Sep 17 00:00:00 2001
From: Holger Just <h.just@finn.de>
Date: Mon, 28 Nov 2011 20:53:33 +0100
Subject: [PATCH] [#735] Log time form on issue update should only be displayed
 with log_time permission

Based on a patch by Jean-Philippe Lang.
---
 app/views/issues/_edit.rhtml              |  4 ++--
 test/functional/issues_controller_test.rb | 16 ++++++++++++++++
 2 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/app/views/issues/_edit.rhtml b/app/views/issues/_edit.rhtml
index d376b36a0..c73b2980f 100644
--- a/app/views/issues/_edit.rhtml
+++ b/app/views/issues/_edit.rhtml
@@ -15,7 +15,7 @@
         <%= render :partial => (@edit_allowed ? 'form' : 'form_update'), :locals => {:f => f} %>
         </fieldset>
     <% end %>
-    <% if authorize_for('timelog', 'edit') %>
+    <% if User.current.allowed_to?(:log_time, @project) %>
         <fieldset class="tabular"><legend><%= l(:button_log_time) %></legend>
         <% fields_for :time_entry, @time_entry, { :builder => TabularFormBuilder, :lang => current_language} do |time_entry| %>
         <div class="splitcontentleft">
@@ -26,7 +26,7 @@
         </div>
         <p><%= time_entry.text_field :comments, :size => 60 %></p>
         <% @time_entry.custom_field_values.each do |value| %>
-        	<p><%= custom_field_tag_with_label :time_entry, value %></p>
+          <p><%= custom_field_tag_with_label :time_entry, value %></p>
         <% end %>
         <% end %>
     </fieldset>
diff --git a/test/functional/issues_controller_test.rb b/test/functional/issues_controller_test.rb
index c5b22708c..27930f6af 100644
--- a/test/functional/issues_controller_test.rb
+++ b/test/functional/issues_controller_test.rb
@@ -781,6 +781,22 @@ class IssuesControllerTest < ActionController::TestCase
     assert_tag :input, :attributes => { :name => 'time_entry[comments]', :value => 'test_get_edit_with_params' }
   end
 
+  def test_get_edit_should_display_the_time_entry_form_with_log_time_permission
+    @request.session[:user_id] = 2
+    Role.find_by_name('Manager').update_attribute :permissions, [:view_issues, :edit_issues, :log_time]
+
+    get :edit, :id => 1
+    assert_tag 'input', :attributes => {:name => 'time_entry[hours]'}
+  end
+
+  def test_get_edit_should_not_display_the_time_entry_form_without_log_time_permission
+    @request.session[:user_id] = 2
+    Role.find_by_name('Manager').remove_permission! :log_time
+
+    get :edit, :id => 1
+    assert_no_tag 'input', :attributes => {:name => 'time_entry[hours]'}
+  end
+
   def test_update_edit_form
     @request.session[:user_id] = 2
     xhr :post, :new, :project_id => 1,
-- 
GitLab