Index: time_entry.rb
===================================================================
--- time_entry.rb	(revision 14976)
+++ time_entry.rb	(working copy)
@@ -24,7 +24,7 @@
   belongs_to :user
   belongs_to :activity, :class_name => 'TimeEntryActivity'
 
-  attr_protected :user_id, :tyear, :tmonth, :tweek
+  attr_protected :tyear, :tmonth, :tweek
 
   acts_as_customizable
   acts_as_event :title => Proc.new {|o| "#{l_hours(o.hours)} (#{(o.issue || o.project).event_title})"},
@@ -54,7 +54,8 @@
   }
 
   safe_attributes 'hours', 'comments', 'project_id', 'issue_id', 'activity_id', 'spent_on', 'custom_field_values', 'custom_fields'
-
+  safe_attributes 'user_id', :if => lambda{ |time_entry, user| user.allowed_to?(:edit_time_entries, time_entry.project) }
+  
   # Returns a SQL conditions string used to find all time entries visible by the specified user
   def self.visible_condition(user, options={})
     Project.allowed_to_condition(user, :view_time_entries, options) do |role, user|
@@ -117,6 +118,7 @@
     errors.add :project_id, :invalid if project.nil?
     errors.add :issue_id, :invalid if (issue_id && !issue) || (issue && project!=issue.project) || @invalid_issue_id
     errors.add :activity_id, :inclusion if activity_id_changed? && project && !project.activities.include?(activity)
+    errors.add :spent_on,  "is too early" if (spent_on < Date.today - 7.day) && ([6,17,95,18].exclude? User.current.id)
   end
 
   def hours=(h)