From dbb341e487ddd120a7250cfc67e2cc4967540ce9 Mon Sep 17 00:00:00 2001
From: Cedric VINCENT <cedric.vincent@st.com>
Date: Fri, 11 Sep 2009 14:57:27 +0200
Subject: [PATCH] Allow the current user to record the time spent by another one.

Maybe an exception should be thrown in the controllers if the current
user tries to edit a time entry he is not allowed to, even if it is
already checked in the views.
---
 app/controllers/issues_controller.rb  |   10 +++++++++-
 app/controllers/timelog_controller.rb |   10 +++++++++-
 app/helpers/timelog_helper.rb         |    7 +++++++
 app/views/issues/_edit.rhtml          |    3 +++
 app/views/timelog/edit.rhtml          |    3 +++
 5 files changed, 31 insertions(+), 2 deletions(-)

diff --git a/app/controllers/issues_controller.rb b/app/controllers/issues_controller.rb
index 62102a3..af5e4c3 100644
--- a/app/controllers/issues_controller.rb
+++ b/app/controllers/issues_controller.rb
@@ -177,7 +177,15 @@ class IssuesController < ApplicationController
     end
 
     if request.post?
-      @time_entry = TimeEntry.new(:project => @project, :issue => @issue, :user => User.current, :spent_on => Date.today)
+      if User.current.allowed_to?(:edit_time_entries, @project)
+        user = User.find(Hash[params[:time_entry].to_a]["user_id"].to_i)
+      else
+        # TODO: Maybe I should throw an exception if the current user
+        # tries to edit a time entry he is not allowed to. I don't
+        # think it can happen with the actual flow.
+        user = User.current
+      end
+      @time_entry = TimeEntry.new(:project => @project, :issue => @issue, :user => user, :spent_on => Date.today)
       @time_entry.attributes = params[:time_entry]
       attachments = attach_files(@issue, params[:attachments])
       attachments.each {|a| journal.details << JournalDetail.new(:property => 'attachment', :prop_key => a.id, :value => a.filename)}
diff --git a/app/controllers/timelog_controller.rb b/app/controllers/timelog_controller.rb
index 58df1f5..cb9b958 100644
--- a/app/controllers/timelog_controller.rb
+++ b/app/controllers/timelog_controller.rb
@@ -195,7 +195,15 @@ class TimelogController < ApplicationController
   
   def edit
     render_403 and return if @time_entry && !@time_entry.editable_by?(User.current)
-    @time_entry ||= TimeEntry.new(:project => @project, :issue => @issue, :user => User.current, :spent_on => Date.today)
+    if request.post? and User.current.allowed_to?(:edit_time_entries, @project)
+      user = User.find(Hash[params[:time_entry].to_a]["user_id"].to_i)
+    else
+      # TODO: Maybe I should throw an exception if the current user
+      # tries to edit a time entry he is not allowed to. I don't think
+      # it can happen with the actual flow.
+      user = User.current
+    end
+    @time_entry ||= TimeEntry.new(:project => @project, :issue => @issue, :user => user, :spent_on => Date.today)
     @time_entry.attributes = params[:time_entry]
     if request.post? and @time_entry.save
       flash[:notice] = l(:notice_successful_update)
diff --git a/app/helpers/timelog_helper.rb b/app/helpers/timelog_helper.rb
index 88a4cd8..1d85f94 100644
--- a/app/helpers/timelog_helper.rb
+++ b/app/helpers/timelog_helper.rb
@@ -33,6 +33,13 @@ module TimelogHelper
     activities.each { |a| collection << [a.name, a.id] }
     collection
   end
+
+  def user_collection_for_select_options
+    users = @projects = User.find(:all)
+    collection = []
+    users.each { |a| collection << [a.name, a.id] if a.allowed_to?(:log_time, @project) }
+    collection
+  end
   
   def select_hours(data, criteria, value)
   	if value.to_s.empty?
diff --git a/app/views/issues/_edit.rhtml b/app/views/issues/_edit.rhtml
index 413f217..0f6a6d2 100644
--- a/app/views/issues/_edit.rhtml
+++ b/app/views/issues/_edit.rhtml
@@ -20,6 +20,9 @@
         <% fields_for :time_entry, @time_entry, { :builder => TabularFormBuilder, :lang => current_language} do |time_entry| %>
         <div class="splitcontentleft">
         <p><%= time_entry.text_field :hours, :size => 6, :label => :label_spent_time %> <%= l(:field_hours) %></p>
+        <% if User.current.allowed_to?(:edit_time_entries, @project) %>
+          <p><%= time_entry.select :user_id, user_collection_for_select_options %></p>
+        <% end %>
         </div>
         <div class="splitcontentright">
         <p><%= time_entry.select :activity_id, activity_collection_for_select_options %></p>
diff --git a/app/views/timelog/edit.rhtml b/app/views/timelog/edit.rhtml
index c403d8f..a63b730 100644
--- a/app/views/timelog/edit.rhtml
+++ b/app/views/timelog/edit.rhtml
@@ -6,6 +6,9 @@
 
 <div class="box">
 <p><%= f.text_field :issue_id, :size => 6 %> <em><%= h("#{@time_entry.issue.tracker.name} ##{@time_entry.issue.id}: #{@time_entry.issue.subject}") if @time_entry.issue %></em></p>
+<% if User.current.allowed_to?(:edit_time_entries, @project) %>
+  <p> <%= f.select :user_id, user_collection_for_select_options, :required => true %> </p>
+<% end %>
 <p><%= f.text_field :spent_on, :size => 10, :required => true %><%= calendar_for('time_entry_spent_on') %></p>
 <p><%= f.text_field :hours, :size => 6, :required => true %></p>
 <p><%= f.text_field :comments, :size => 100 %></p>
-- 
1.6.4