diff --git a/lib/open_project/costs/engine.rb b/lib/open_project/costs/engine.rb
index e176ed5de0..45410127e7 100644
--- a/lib/open_project/costs/engine.rb
+++ b/lib/open_project/costs/engine.rb
@@ -121,8 +121,7 @@ module OpenProject::Costs
           href: work_package_time_entries_path(represented.id),
           type: 'text/html',
           title: 'Time entries'
-        } if current_user_allowed_to(:view_time_entries) ||
-             (current_user_allowed_to(:view_own_time_entries) && costs_enabled)
+        } if user_has_time_entry_permissions?
       end
 
       property :cost_object,
@@ -141,6 +140,11 @@ module OpenProject::Costs
                exec_context: :decorator,
                if: -> (*) { costs_enabled && current_user_allowed_to_view_summarized_cost_entries }
 
+      property :spent_time,
+               getter: -> (*) { Duration.new(hours: represented.spent_hours).iso8601 },
+               writeable: false,
+               exec_context: :decorator,
+               if: -> (_) { user_has_time_entry_permissions? }
 
       send(:define_method, :current_user_allowed_to_view_summarized_cost_entries) do
         current_user_allowed_to(:view_cost_entries) ||
@@ -173,6 +177,11 @@ module OpenProject::Costs
       send(:define_method, :cost_object) do
         represented.cost_object
       end
+
+      send(:define_method, :user_has_time_entry_permissions?) do
+        current_user_allowed_to(:view_time_entries) ||
+        (current_user_allowed_to(:view_own_time_entries) && costs_enabled)
+      end
     end
 
     assets %w(angular/work_packages/directives/summarized-cost-entries-directive.js
diff --git a/spec/lib/api/v3/work_packages/work_package_representer_spec.rb b/spec/lib/api/v3/work_packages/work_package_representer_spec.rb
index 3389a3698f..84899831d7 100644
--- a/spec/lib/api/v3/work_packages/work_package_representer_spec.rb
+++ b/spec/lib/api/v3/work_packages/work_package_representer_spec.rb
@@ -75,6 +75,26 @@ describe ::API::V3::WorkPackages::WorkPackageRepresenter do
 
         it { should have_json_path('_embedded/summarizedCostEntries') }
       end
+
+      context 'no view_time_entries permission' do
+        before do
+          allow(user).to receive(:allowed_to?).and_return false
+        end
+
+        it { should_not have_json_path('spentTime') }
+
+      end
+
+      context 'only view_own_time_entries permission' do
+        before do
+          allow(user).to receive(:allowed_to?).and_return false
+          allow(user).to receive(:allowed_to?).with(:view_own_time_entries,
+                                                    cost_object.project)
+                                              .and_return(true)
+        end
+
+        it { should have_json_path('spentTime') }
+      end
     end
   end