Project

General

Profile

Actions
Copy link

Defect #31587

closed

Time Entries REST API user_id parameter doesn't work

Added by Serhiy Valchuk over 6 years ago. Updated 10 days ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
REST API
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Cant reproduce
Affected version:
2.1.2

Description

I'm trying to use Time Entries REST API and it works as expected except user_id parameter.

When I tried to get time entries https://myredmine/time_entries.json?key=mykey&from=2019-06-01&to=2019-06-30&limit=5&user_id=5 I'm getting time entries of all existing users.

Any suggestions?

Actions
Copy link
 #1

Updated by Go MAEDA almost 6 years ago

  • Status changed from New to Needs feedback

I cannot reproduce the issue with Redmine 4.0.5.devel.19345. The following request returns time entries of user_id 2.

curl 'http://redmine-trunk.test/time_entries.json?from=2000-01-01&to=2019-12-31&user_id=2'
Actions
Copy link
 #2

Updated by Go MAEDA over 1 year ago

  • Status changed from Needs feedback to Closed
  • Resolution set to Cant reproduce
Actions
Copy link
 #3

Updated by Vítězslav Dvořák 10 days ago

`Time Entries API ignores project_id filter and returns entries from all projects when project has no time entries`

  1. Description:

When querying the REST API endpoint `/time_entries.json` with a `project_id` parameter, if the specified project contains no time entries for the current user, the API incorrectly returns entries from all visible projects, instead of an empty result set.

This causes client applications to receive unrelated time entries even though the query explicitly targets a single project.

  1. Steps to reproduce:

1. Log in as a user who has time entries in several projects, but none in project X.
2. Send the following request:

```
   GET /time_entries.json?project_id=X&user_id=<current_user_id>
   ```
3. Observe the response.
  1. Expected behavior:

The API should return:

```json {"time_entries": [], "total_count": 0}
```

when there are no matching time entries in the given project.

  1. Actual behavior:

The API returns all visible time entries from other projects the user has access to.

  1. Notes:
  • The issue only affects the REST API; the web UI filtering behaves correctly.
  • It seems that when no records match, the `@project` variable becomes `nil` and the visibility scope falls back to “all visible projects”.

tested on 3.4.13.stable

Actions
Copy link

Also available in: Atom PDF