diff --git a/app/controllers/timelog_controller.rb b/app/controllers/timelog_controller.rb index 277b730a1..dfa96d2d7 100644 --- a/app/controllers/timelog_controller.rb +++ b/app/controllers/timelog_controller.rb @@ -262,12 +262,14 @@ private end def find_project + if (project_id = (params[:project_id] || params[:time_entry] && params[:time_entry][:project_id])).present? + @project = Project.find(project_id) + end if (issue_id = (params[:issue_id] || params[:time_entry] && params[:time_entry][:issue_id])).present? @issue = Issue.find(issue_id) - @project = @issue.project - elsif (project_id = (params[:project_id] || params[:time_entry] && params[:time_entry][:project_id])).present? - @project = Project.find(project_id) - else + @project ||= @issue.project + end + if @project.nil? render_404 return false end diff --git a/test/functional/timelog_controller_test.rb b/test/functional/timelog_controller_test.rb index 8a68a5dbf..b5af1b5b8 100644 --- a/test/functional/timelog_controller_test.rb +++ b/test/functional/timelog_controller_test.rb @@ -209,6 +209,20 @@ class TimelogControllerTest < ActionController::TestCase assert_equal 1, time_entry.project_id end + def test_create_without_project_should_fail_with_issue_not_inside_project + @request.session[:user_id] = 2 + assert_no_difference 'TimeEntry.count' do + post :create, :time_entry => {:project_id => '1', + :activity_id => '11', + :issue_id => '5', + :spent_on => '2008-03-14', + :hours => '7.3'} + end + + assert_response :success + assert assigns(:time_entry).errors[:issue_id].present? + end + def test_create_without_project_should_deny_without_permission @request.session[:user_id] = 2 Project.find(3).disable_module!(:time_tracking)