Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

lock exported timesheets #798

Merged
merged 12 commits into from May 22, 2019
Merged

lock exported timesheets #798

merged 12 commits into from May 22, 2019

Conversation

kevinpapst
Copy link
Member

@kevinpapst kevinpapst commented May 20, 2019
edited

Description

Exported records are locked to prevent further updates by regular users.
This limitation can be circumvented by users with the new permission edit_exported_timesheet, which by default is given to ROLE_ADMIN and ROLE_SUPER_ADMIN.

These users will see a warning instead:
Bildschirmfoto 2019-05-20 um 14 29 47

A new API method was added to switch the export state of timesheet records.

Fixes #686

Testing

Can be tested at http://demo-branch.kimai.org/

Please try it with both an admin and a regular user. The regular user cannot switch the "exported" state, so you have to either use the export screen or switch it manually in the timesheet administration with the admin user.
Regular user should not be able to edit the exported timesheets.
Admin user should see a warning.

Types of changes

  • New feature (non-breaking change which adds functionality)

Checklist

  • I ran bin/console kimai:codestyle --fix to verify the correct code style
  • I have updated the documentation accordingly
  • I have added tests to cover my changes
  • I agree that this code is used in Kimai and will be published under the MIT license

@kevinpapst kevinpapst added this to the 1.0 milestone May 20, 2019
@kevinpapst kevinpapst mentioned this pull request May 20, 2019
Closed
@j0hannesr0th
Copy link
Contributor

I've tested it.

So for exported objects the user can't edit it since there is not edit button:
grafik

But why can the user still delete the entry? This doesn't make sense to me. If it's exported it should be read only for the user - except he has special privilegs.

@kevinpapst
Copy link
Member Author

Pretty good argument, I simply did not think about it at all :-D
I think I will re-use the permission edit_exported_timesheet or shall we create another permission for deletion?

@j0hannesr0th
Copy link
Contributor

I think reusing

edit_exported_timesheet

would be the best.

@kevinpapst kevinpapst marked this pull request as ready for review May 20, 2019 22:03
@kevinpapst
Copy link
Member Author

added "prevent deletion of exported timesheets"

@kevinpapst kevinpapst merged commit fea3495 into master May 22, 2019
@kevinpapst kevinpapst deleted the lock-exported branch May 22, 2019 20:28
@lock
Copy link

lock bot commented Jul 21, 2019

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. If you use Kimai on a daily basis, please consider donating to support further development of Kimai.

@lock lock bot locked and limited conversation to collaborators Jul 21, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
export feature request
Milestone
1.0
Development

Successfully merging this pull request may close these issues.

Lock exported objects
2 participants
@kevinpapst @j0hannesr0th