Actions
Defect #41465
open
"Import issues" and "Import time entries" pages are visible to users without "Add issues" and "Log spent time" permissions
Start date:
Due date:
% Done:
0%
Estimated time:
Resolution:
Affected version:
Description
User without log_time permission can access /time_entry/imports/new. (this user has import_time_entry permission)
if the user try to import, internal error occured.
ActionView::Template::Error (undefined method `activities' for nil:NilClass
project.activities
^^^^^^^^^^^):
Causes:
NoMethodError (undefined method `activities' for nil:NilClass
project.activities
^^^^^^^^^^^)
7: <p>
8: <label for="import_mapping_activity"><%= l(:field_activity) %></label>
9: <%= mapping_select_tag @import, 'activity', :required => true,
10: :values => @import.allowed_target_activities.sorted.map {|t| [t.name, t.id]} %>
11: </p>
12:
13: <div class="splitcontent">
app/models/time_entry_import.rb:52:in `allowed_target_activities'
app/views/imports/_time_entries_fields_mapping.html.erb:10
app/views/imports/_time_entries_mapping.html.erb:4
app/views/imports/mapping.html.erb:4
app/views/imports/mapping.html.erb:3
lib/redmine/sudo_mode.rb:78:in `sudo_mode'
so, this patch adds checking log_time permission to `TimeEntryImport.authorized?.`
Files
Updated by 
Updated by
Actions