diff --git a/lib/api/v3/work_packages/schema/work_package_schema_representer.rb b/lib/api/v3/work_packages/schema/work_package_schema_representer.rb index 304046ef64..fbf8433ae8 100644 --- a/lib/api/v3/work_packages/schema/work_package_schema_representer.rb +++ b/lib/api/v3/work_packages/schema/work_package_schema_representer.rb @@ -160,7 +160,10 @@ module API schema :spent_time, type: 'Duration', required: false, - show_if: ->(*) { represented.project&.module_enabled?('costs') } + show_if: ->(*) { + current_user_allowed_to(:view_time_entries, context: represented.project) || + current_user_allowed_to(:view_own_time_entries, context: represented.project) + } schema :percentage_done, type: 'Integer', diff --git a/spec/lib/api/v3/work_packages/schema/work_package_schema_representer_spec.rb b/spec/lib/api/v3/work_packages/schema/work_package_schema_representer_spec.rb index e78789de51..b646a35e65 100644 --- a/spec/lib/api/v3/work_packages/schema/work_package_schema_representer_spec.rb +++ b/spec/lib/api/v3/work_packages/schema/work_package_schema_representer_spec.rb @@ -548,12 +548,8 @@ describe ::API::V3::WorkPackages::Schema::WorkPackageSchemaRepresenter do end describe 'spentTime' do - context 'with \'costs\' enabled' do - before do - allow(project) - .to receive(:module_enabled?) - .and_return(true) - end + context 'with the view_time_entries permission' do + let(:permissions) { %i[edit_work_packages view_time_entries] } it_behaves_like 'has basic schema properties' do let(:path) { 'spentTime' } @@ -564,15 +560,20 @@ describe ::API::V3::WorkPackages::Schema::WorkPackageSchemaRepresenter do end end - context 'with \'costs\' disabled' do - before do - allow(project) - .to receive(:module_enabled?) do |name| - name != 'costs' - end + context 'with the view_own_time_entries permission' do + let(:permissions) { %i[edit_work_packages view_own_time_entries] } + + it_behaves_like 'has basic schema properties' do + let(:path) { 'spentTime' } + let(:type) { 'Duration' } + let(:name) { I18n.t('activerecord.attributes.work_package.spent_time') } + let(:required) { false } + let(:writable) { false } end + end - it 'has no date attribute' do + context 'without any view time_entries permission' do + it 'has no spentTime attribute' do is_expected.to_not have_json_path('spentTime') end end