From 04f08c4a56396ac8b3d99659d9d49aa5c72756f8 Mon Sep 17 00:00:00 2001
From: hjust <hjust@7926756e-e54e-46e6-9721-ed318f58905e>
Date: Mon, 30 Nov 2009 20:56:28 +0000
Subject: [PATCH] HourlyRatesController now uses the new permissions model.

git-svn-id: https://dev.finn.de/svn/cockpit/trunk@340 7926756e-e54e-46e6-9721-ed318f58905e
---
 app/controllers/hourly_rates_controller.rb | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/app/controllers/hourly_rates_controller.rb b/app/controllers/hourly_rates_controller.rb
index 6257ddc853..57de917961 100644
--- a/app/controllers/hourly_rates_controller.rb
+++ b/app/controllers/hourly_rates_controller.rb
@@ -12,7 +12,7 @@ class HourlyRatesController < ApplicationController
   before_filter :find_optional_project, :only => [:show, :edit]
   before_filter :find_project, :only => [:set_rate]
   
-  # #show and #edit have their own authorization
+  # #show, #edit have their own authorization
   before_filter :authorize, :except => [:show, :edit]
   
   def show
@@ -76,7 +76,8 @@ class HourlyRatesController < ApplicationController
     if rate.save
       if request.xhr?
         render :update do |page|
-          if User.current.allowed_to?(:change_rates, @project) || User.current.allowed_to?(:view_all_rates, @project) || User.current = @user && User.current.allowed_to?(:view_own_rate, @project)
+          # TODO: Check, if this also passes if @user has the right :edit_own_hourly_rates???
+          if User.current.allowed_to?(:view_hourly_rates, @project, @user) 
             page.replace_html "rate_for_#{@user.id}", link_to(number_to_currency(rate.rate), :action => User.current.allowed_to?(:change_rates, @project) ? 'edit' : 'show', :id => @user, :project_id => @project)
           end
         end