Skip to content

O
OHR Support
Commit 59dc1034 authored by Holger Just's avatar Holger Just
Browse files
Options

[#735] Don't allow time entry creation with only edit permission 

Based on a patch by Jean-Philippe Lang.
parent c5b83b87
Hide whitespace changes
Inline Side-by-side
Showing with 14 additions and 2 deletions
lib/redmine.rb
View file @ 59dc1034
......@@ -102,8 +102,8 @@ Redmine::AccessControl.map do |map|
map.project_module :time_tracking do |map|
map.permission :log_time, {:timelog => [:new, :create]}, :require => :loggedin
map.permission :view_time_entries, :timelog => [:index, :show], :time_entry_reports => [:report]
map.permission :edit_time_entries, {:timelog => [:new, :create, :edit, :update, :destroy]}, :require => :member
map.permission :edit_own_time_entries, {:timelog => [:new, :create, :edit, :update, :destroy]}, :require => :loggedin
map.permission :edit_time_entries, {:timelog => [:edit, :update, :destroy]}, :require => :member
map.permission :edit_own_time_entries, {:timelog => [:edit, :update, :destroy]}, :require => :loggedin
map.permission :manage_project_activities, {:project_enumerations => [:update, :destroy]}, :require => :member
end
......
test/functional/timelog_controller_test.rb
View file @ 59dc1034
......@@ -111,6 +111,18 @@ class TimelogControllerTest < ActionController::TestCase
assert_equal 3, t.user_id
end
def test_create_without_log_time_permission_should_be_denied
@request.session[:user_id] = 2
Role.find_by_name('Manager').remove_permission! :log_time
post :create, :project_id => 1,
:time_entry => {:activity_id => '11',
:issue_id => '',
:spent_on => '2008-03-14',
:hours => '7.3'}
assert_response 403
end
def test_update
entry = TimeEntry.find(1)
assert_equal 1, entry.issue_id
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment