Access checks re-done using role rights.
[timetracker.git] / task_edit.php
1 <?php
2 // +----------------------------------------------------------------------+
3 // | Anuko Time Tracker
4 // +----------------------------------------------------------------------+
5 // | Copyright (c) Anuko International Ltd. (https://www.anuko.com)
6 // +----------------------------------------------------------------------+
7 // | LIBERAL FREEWARE LICENSE: This source code document may be used
8 // | by anyone for any purpose, and freely redistributed alone or in
9 // | combination with other software, provided that the license is obeyed.
10 // |
11 // | There are only two ways to violate the license:
12 // |
13 // | 1. To redistribute this code in source form, with the copyright
14 // |    notice or license removed or altered. (Distributing in compiled
15 // |    forms without embedded copyright notices is permitted).
16 // |
17 // | 2. To redistribute modified versions of this code in *any* form
18 // |    that bears insufficient indications that the modifications are
19 // |    not the work of the original author(s).
20 // |
21 // | This license applies to this document only, not any other software
22 // | that it may be combined with.
23 // |
24 // +----------------------------------------------------------------------+
25 // | Contributors:
26 // | https://www.anuko.com/time_tracker/credits.htm
27 // +----------------------------------------------------------------------+
28
29 require_once('initialize.php');
30 import('form.Form');
31 import('ttTeamHelper');
32 import('ttTaskHelper');
33
34 // Access check.
35 if (!ttAccessAllowed('manage_tasks') || MODE_PROJECTS_AND_TASKS != $user->tracking_mode) {
36   header('Location: access_denied.php');
37   exit();
38 }
39
40 $cl_task_id = (int)$request->getParameter('id');
41 $projects = ttTeamHelper::getActiveProjects($user->team_id);
42
43 if ($request->isPost()) {
44   $cl_name = trim($request->getParameter('name'));
45   $cl_description = trim($request->getParameter('description'));
46   $cl_status = $request->getParameter('status');
47   $cl_projects = $request->getParameter('projects');
48 } else {
49   $task = ttTaskHelper::get($cl_task_id);
50   $cl_name = $task['name'];
51   $cl_description = $task['description'];
52   $cl_status = $task['status'];
53
54   $assigned_projects = ttTaskHelper::getAssignedProjects($cl_task_id);
55   foreach ($assigned_projects as $project_item)
56     $cl_projects[] = $project_item['id'];
57 }
58
59 $form = new Form('taskForm');
60 $form->addInput(array('type'=>'hidden','name'=>'id','value'=>$cl_task_id));
61 $form->addInput(array('type'=>'text','maxlength'=>'100','name'=>'name','style'=>'width: 250px;','value'=>$cl_name));
62 $form->addInput(array('type'=>'textarea','name'=>'description','style'=>'width: 250px; height: 40px;','value'=>$cl_description));
63 $form->addInput(array('type'=>'combobox','name'=>'status','value'=>$cl_status,
64   'data'=>array(ACTIVE=>$i18n->getKey('dropdown.status_active'),INACTIVE=>$i18n->getKey('dropdown.status_inactive'))));
65 $form->addInput(array('type'=>'checkboxgroup','name'=>'projects','layout'=>'H','data'=>$projects,'datakeys'=>array('id','name'),'value'=>$cl_projects));
66 $form->addInput(array('type'=>'submit','name'=>'btn_save','value'=>$i18n->getKey('button.save')));
67 $form->addInput(array('type'=>'submit','name'=>'btn_copy','value'=>$i18n->getKey('button.copy')));
68
69 if ($request->isPost()) {
70   // Validate user input.
71   if (!ttValidString($cl_name)) $err->add($i18n->getKey('error.field'), $i18n->getKey('label.thing_name'));
72   if (!ttValidString($cl_description, true)) $err->add($i18n->getKey('error.field'), $i18n->getKey('label.description'));
73
74   if ($err->no()) {
75     if ($request->getParameter('btn_save')) {
76       $existing_task = ttTaskHelper::getTaskByName($cl_name);
77       if (!$existing_task || ($cl_task_id == $existing_task['id'])) {
78         // Update task information.
79         if (ttTaskHelper::update(array(
80           'task_id' => $cl_task_id,
81           'name' => $cl_name,
82           'description' => $cl_description,
83           'status' => $cl_status,
84           'projects' => $cl_projects))) {
85           header('Location: tasks.php');
86           exit();
87         } else
88           $err->add($i18n->getKey('error.db'));
89       } else
90         $err->add($i18n->getKey('error.task_exists'));
91     }
92
93     if ($request->getParameter('btn_copy')) {
94       if (!ttTaskHelper::getTaskByName($cl_name)) {
95         if (ttTaskHelper::insert(array(
96           'team_id' => $user->team_id,
97           'name' => $cl_name,
98           'description' => $cl_description,
99           'status' => $cl_status,
100           'projects' => $cl_projects))) {
101           header('Location: tasks.php');
102           exit();
103         } else
104           $err->add($i18n->getKey('error.db'));
105       } else
106         $err->add($i18n->getKey('error.task_exists'));
107     }
108   }
109 } // isPost
110
111 $smarty->assign('forms', array($form->getName()=>$form->toArray()));
112 $smarty->assign('title', $i18n->getKey('title.edit_task'));
113 $smarty->assign('content_page_name', 'task_edit.tpl');
114 $smarty->display('index.tpl');