Project

General

Profile

Actions

Defect #9405

closed

Any user with :log_time permission can edit time entries via context menu

Added by Jevgen Gyrynovych about 13 years ago. Updated almost 13 years ago.

Status:
Closed
Priority:
High
Category:
Time tracking
Target version:
Start date:
2011-10-11
Due date:
% Done:

0%

Estimated time:
Resolution:
Fixed
Affected version:

Description

In Redmine 1.2.0 or later any user can edit any time entries via context menu.
Example url: http://redmine/projects/testproject/time_entries and click right mouse button on any time entries.
img1.png - user have permission to edit any time entries
img2-4.png - user edit time entries without permission on it.

As you can see, user with permissions have icons for edit time report, but user without permissions can do this via context menu anyway.

PS: I set high priority to ticket. I think, this serious defect?


Files

img1.png (16.7 KB) img1.png Jevgen Gyrynovych, 2011-10-11 19:31
img2.png (13.6 KB) img2.png Jevgen Gyrynovych, 2011-10-11 19:31
img3.png (16.9 KB) img3.png Jevgen Gyrynovych, 2011-10-11 19:31
img4.png (16.4 KB) img4.png Jevgen Gyrynovych, 2011-10-11 19:31
redmine.rb.patch (1.16 KB) redmine.rb.patch Jevgen Gyrynovych, 2011-11-25 15:40

Related issues

Related to Redmine - Feature #7996: Bulk edit and context menu for time entriesClosedToshi MARUYAMA

Actions
Actions #1

Updated by Etienne Massip about 13 years ago

  • Category set to Time tracking
Actions #2

Updated by Mischa The Evil about 13 years ago

  • Priority changed from High to Normal

I'm not able to reproduce this issue with source:/trunk@7623.

Are you sure that you were not testing this with an account configured as an administrator?

Actions #3

Updated by Toshi MARUYAMA about 13 years ago

  • Priority changed from Normal to High

I can reproduce.

Actions #4

Updated by Toshi MARUYAMA about 13 years ago

Actions #5

Updated by Etienne Massip about 13 years ago

  • Target version set to Candidate for next minor release
Actions #6

Updated by Mischa The Evil about 13 years ago

Ahh, I see... Thanks for your clarification on this Toshi. I was testing with an account that did not had the :log_time permission at all :-/

Actions #7

Updated by Jean-Philippe Lang almost 13 years ago

  • Target version changed from Candidate for next minor release to 1.2.3
Actions #8

Updated by Jean-Philippe Lang almost 13 years ago

  • Status changed from New to Resolved

See related commits.

Actions #9

Updated by Jean-Philippe Lang almost 13 years ago

  • Assignee set to Jean-Philippe Lang
Actions #10

Updated by Jevgen Gyrynovych almost 13 years ago

Now it work fine. Thanks.

Actions #11

Updated by Jevgen Gyrynovych almost 13 years ago

I find some problem after apply the patch - when user tried to update ticket(e.g. nuber_of_ticket/edit), he dont have access to "Log time".
It fix that problem.

Actions #12

Updated by Jean-Philippe Lang almost 13 years ago

I don't know what this patch is supposed to fix but :log_time should not allow the user to edit time entries.
I fixed a last point in r7924 which may be related to your fix.

Actions #13

Updated by Jean-Philippe Lang almost 13 years ago

  • Subject changed from any user can edit time entries via context menu to Any user with :log_time permission can edit time entries via context menu
  • Status changed from Resolved to Closed
  • Resolution set to Fixed

Merged in 1.2-stable.

Actions

Also available in: Atom PDF