fixed #123: compatible with Redmine 2.4.0

README.markdown

@@ -28,7 +28,7 @@ It will be individual adjustable for every user and seperate includable for any
 Most current version is available at: [GitHub](https://github.com/hicknhack-software/redmine_time_tracker).
 
 ## Requirements
-* Redmine 2.3.1 or Redmine 2.3.2
+* Redmine 2.4.0
 
 ## Install
 
@@ -84,6 +84,8 @@ Reports are the method of generating invoices for customers. The layout is set u
 
 ## Version History
 
+* 0.9.0 compatible with Redmine 2.4.0
+* 0.8.3 fixed custom saved query usage
 * 0.8.2 fixed missing activity on continue, filters in time recordings now get saved properly
 * 0.8.1 bugfix with permission, new setting for default rounding
 * 0.8.0 many bugfixes, localized time, new menu buttons, improved workflow

app/models/time_booking_query.rb

@@ -18,13 +18,51 @@ class TimeBookingQuery < Query
   scope :visible, lambda { |*args|
     user = args.shift || User.current
     base = Project.allowed_to_condition(user, :index_tt_bookings_list, *args)
-    user_id = user.logged? ? user.id : 0
-
-    includes(:project).where("(#{table_name}.project_id IS NULL OR (#{base})) AND (#{table_name}.is_public = ? OR #{table_name}.user_id = ?)", true, user_id)
+    scope = includes(:project).where("#{table_name}.project_id IS NULL OR (#{base})")
+
+    if user.admin?
+      scope.where("#{table_name}.visibility <> ? OR #{table_name}.user_id = ?", VISIBILITY_PRIVATE, user.id)
+    elsif user.memberships.any?
+      scope.where(%{#{table_name}.visibility = ?
+                     OR (#{table_name}.visibility = ? AND #{table_name}.id IN (
+                      SELECT DISTINCT q.id FROM #{table_name} q
+                       INNER JOIN #{table_name_prefix}queries_roles#{table_name_suffix} qr on qr.query_id = q.id
+                       INNER JOIN #{MemberRole.table_name} mr ON mr.role_id = qr.role_id
+                       INNER JOIN #{Member.table_name} m ON m.id = mr.member_id AND m.user_id = ?
+                       WHERE q.project_id IS NULL OR q.project_id = m.project_id))
+                     OR #{table_name}.user_id = ?},
+                  VISIBILITY_PUBLIC, VISIBILITY_ROLES, user.id, user.id)
+    elsif user.logged?
+      scope.where("#{table_name}.visibility = ? OR #{table_name}.user_id = ?", VISIBILITY_PUBLIC, user.id)
+    else
+      scope.where("#{table_name}.visibility = ?", VISIBILITY_PUBLIC)
+    end
   }
 
+  # Returns true if the query is visible to +user+ or the current user.
   def visible?(user=User.current)
-    (project.nil? || user.allowed_to?(:index_tt_bookings_list, project)) && (self.is_public? || self.user_id == user.id)
+    return true if user.admin?
+    return false unless project.nil? || user.allowed_to?(:index_tt_bookings_list, project)
+    case visibility
+      when VISIBILITY_PUBLIC
+        true
+      when VISIBILITY_ROLES
+        if project
+          (user.roles_for_project(project) & roles).any?
+        else
+          Member.where(:user_id => user.id).joins(:roles).where(:member_roles => {:role_id => roles.map(&:id)}).any?
+        end
+      else
+        user == self.user
+    end
+  end
+
+  def is_private?
+    visibility == VISIBILITY_PRIVATE
+  end
+
+  def is_public?
+    !is_private?
   end
 
   def initialize_available_filters

app/models/time_log_query.rb

@@ -15,13 +15,51 @@ class TimeLogQuery < Query
   scope :visible, lambda { |*args|
     user = args.shift || User.current
     base = Project.allowed_to_condition(user, :index_tt_logs_list, *args)
-    user_id = user.logged? ? user.id : 0
-
-    includes(:project).where("(#{table_name}.project_id IS NULL OR (#{base})) AND (#{table_name}.is_public = ? OR #{table_name}.user_id = ?)", true, user_id)
+    scope = includes(:project).where("#{table_name}.project_id IS NULL OR (#{base})")
+
+    if user.admin?
+      scope.where("#{table_name}.visibility <> ? OR #{table_name}.user_id = ?", VISIBILITY_PRIVATE, user.id)
+    elsif user.memberships.any?
+      scope.where(%{#{table_name}.visibility = ?
+                    OR (#{table_name}.visibility = ? AND #{table_name}.id IN (
+                      SELECT DISTINCT q.id FROM #{table_name} q
+                       INNER JOIN #{table_name_prefix}queries_roles#{table_name_suffix} qr on qr.query_id = q.id
+                       INNER JOIN #{MemberRole.table_name} mr ON mr.role_id = qr.role_id
+                       INNER JOIN #{Member.table_name} m ON m.id = mr.member_id AND m.user_id = ?
+                       WHERE q.project_id IS NULL OR q.project_id = m.project_id))
+                    OR #{table_name}.user_id = ?},
+                  VISIBILITY_PUBLIC, VISIBILITY_ROLES, user.id, user.id)
+    elsif user.logged?
+      scope.where("#{table_name}.visibility = ? OR #{table_name}.user_id = ?", VISIBILITY_PUBLIC, user.id)
+    else
+      scope.where("#{table_name}.visibility = ?", VISIBILITY_PUBLIC)
+    end
   }
 
+  # Returns true if the query is visible to +user+ or the current user.
   def visible?(user=User.current)
-    (project.nil? || user.allowed_to?(:index_tt_logs_list, project)) && (self.is_public? || self.user_id == user.id)
+    return true if user.admin?
+    return false unless project.nil? || user.allowed_to?(:index_tt_logs_list, project)
+    case visibility
+      when VISIBILITY_PUBLIC
+        true
+      when VISIBILITY_ROLES
+        if project
+          (user.roles_for_project(project) & roles).any?
+        else
+          Member.where(:user_id => user.id).joins(:roles).where(:member_roles => {:role_id => roles.map(&:id)}).any?
+        end
+      else
+        user == self.user
+    end
+  end
+
+  def is_private?
+    visibility == VISIBILITY_PRIVATE
+  end
+
+  def is_public?
+    !is_private?
   end
 
   def initialize_available_filters