Nemcio/Redmine
1
0
Fork 0
mirror of https://github.com/redmine/redmine.git synced 2025-11-09 14:56:01 +01:00
Code Issues Packages Projects Releases Activity

Creating time tracking entry for other user through rest API fails with 403 (#32774).

Browse Source 
git-svn-id: http://svn.redmine.org/redmine/trunk@19670 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
Jean-Philippe Lang
2020-04-05 14:28:06 +00:00
parent ba27fe1b4e
commit 3fcaff3670
2 changed files with 23 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
app/controllers/timelog_controller.rb
View File

@@ -279,8 +279,9 @@ class TimelogController < ApplicationController
end end
def find_optional_issue def find_optional_issue
if params[:issue_id].present? if params[:issue_id].present? || params[:time_entry].present? && params[:time_entry][:issue_id].present?
@issue = Issue.find(params[:issue_id]) issue_id = params[:issue_id] || params[:time_entry][:issue_id]
@issue = Issue.find(issue_id)
@project = @issue.project @project = @issue.project
authorize authorize
else else

23
test/integration/api_test/time_entries_test.rb
View File

@@ -144,7 +144,7 @@ class Redmine::ApiTest::TimeEntriesTest < Redmine::ApiTest::Base
assert_select 'errors error', :text => "Hours cannot be blank" assert_select 'errors error', :text => "Hours cannot be blank"
end end
test "POST /time_entries.xml for other user" do test "POST /time_entries.xml with :project_id for other user" do
Role.find_by_name('Manager').add_permission! :log_time_for_other_users Role.find_by_name('Manager').add_permission! :log_time_for_other_users
assert_difference 'TimeEntry.count' do assert_difference 'TimeEntry.count' do
@@ -155,10 +155,27 @@ class Redmine::ApiTest::TimeEntriesTest < Redmine::ApiTest::Base
{:project_id => '1', :spent_on => '2010-12-02', :user_id => '3', {:project_id => '1', :spent_on => '2010-12-02', :user_id => '3',
:hours => '3.5', :activity_id => '11'}}, :hours => '3.5', :activity_id => '11'}},
:headers => credentials('jsmith')) :headers => credentials('jsmith'))
assert_response :created
end end
assert_response :created
assert_equal 'application/xml', @response.content_type entry = TimeEntry.order('id DESC').first
assert_equal 3, entry.user_id
assert_equal 2, entry.author_id
end
test "POST /time_entries.xml with :issue_id for other user" do
Role.find_by_name('Manager').add_permission! :log_time_for_other_users
assert_difference 'TimeEntry.count' do
post(
'/time_entries.xml',
:params =>
{:time_entry =>
{:issue_id => '1', :spent_on => '2010-12-02', :user_id => '3',
:hours => '3.5', :activity_id => '11'}},
:headers => credentials('jsmith'))
assert_response :created
end
entry = TimeEntry.order('id DESC').first entry = TimeEntry.order('id DESC').first
assert_equal 3, entry.user_id assert_equal 3, entry.user_id