diff --git a/api/tests/utils/mock_data.py b/api/tests/utils/mock_data.py
index ba4ecb103..6a1b3bdaa 100644
--- a/api/tests/utils/mock_data.py
+++ b/api/tests/utils/mock_data.py
@@ -1,6 +1,6 @@
from models.area import Area
from models.customer import Customer
-from models.project import Project, ProjectAllocation
+from models.project import Project, ProjectAllocation, ProjectAssignment
from models.timelog import Task, TaskType, Template
from models.user import User, UserGroup, UserRoles
from models.sector import Sector
@@ -127,6 +127,15 @@
}
],
),
+ (
+ ProjectAssignment,
+ [
+ {
+ "user": 2,
+ "project": 1,
+ }
+ ],
+ ),
(
TaskType,
[
diff --git a/web/services/createTasksService.php b/web/services/createTasksService.php
index 1c4b95a37..0917eea73 100644
--- a/web/services/createTasksService.php
+++ b/web/services/createTasksService.php
@@ -29,6 +29,7 @@
define('PHPREPORT_ROOT', __DIR__ . '/../../');
include_once(PHPREPORT_ROOT . '/web/services/WebServicesFunctions.php');
include_once(PHPREPORT_ROOT . '/model/facade/TasksFacade.php');
+ include_once(PHPREPORT_ROOT . '/model/facade/ProjectsFacade.php');
include_once(PHPREPORT_ROOT . '/model/vo/TaskVO.php');
include_once(PHPREPORT_ROOT . '/model/OperationResult.php');
@@ -207,9 +208,15 @@
$taskVO->setUserId($user->getId());
- if (is_null($taskVO->getProjectId()))
+ // Get projects user is assigned to to make sure they can log time to them
+ $projects = ProjectsFacade::GetAllProjects($user->getLogin());
+ $projectIdList = [];
+ foreach ($projects as $project) {
+ $projectIdList[] = $project->getId();
+ }
+ if (is_null($taskVO->getProjectId()) || !in_array($taskVO->getProjectId(), $projectIdList))
{
- $string = "falseprojectId is not valid";
+ $string = "falseProject is not valid or you are not allowed to log time to this project";
break;
}
//Support 0-hour tasks: reparse end time if initTime == 0 to the end so that order of parse doesn't cause error if end time added before init time by users