if ($user->can('view_reports') || $user->can('view_all_reports') || $user->isClient())
$user_list_part = " and l.user_id in ($userlist)";
else
if ($user->can('view_reports') || $user->can('view_all_reports') || $user->isClient())
$user_list_part = " and l.user_id in ($userlist)";
else
- $user_list_part = " and l.user_id = ".$user->id;
- $user_list_part .= " and l.group_id = ".$user->getGroup();
+ $user_list_part = " and l.user_id = ".$user->getUser();
+ $user_list_part .= " and l.group_id = $group_id and l.org_id = $org_id";
- new DateAndTime($user->date_format, $options['period_start']),
- new DateAndTime($user->date_format, $options['period_end']));
+ new DateAndTime($dateFormat, $options['period_start']),
+ new DateAndTime($dateFormat, $options['period_end']));
}
$where = " where l.status = 1 and l.date >= '".$period->getStartDate(DB_DATEFORMAT)."' and l.date <= '".$period->getEndDate(DB_DATEFORMAT)."'".
" $user_list_part $dropdown_parts";
}
$where = " where l.status = 1 and l.date >= '".$period->getStartDate(DB_DATEFORMAT)."' and l.date <= '".$period->getEndDate(DB_DATEFORMAT)."'".
" $user_list_part $dropdown_parts";
$affected = $mdb2->exec($sql);
if (is_a($affected, 'PEAR_Error')) die($affected->getMessage());
}
if ($expense_item_ids) {
$sql = "update tt_expense_items set invoice_id = ".$mdb2->quote($invoice_id).
$affected = $mdb2->exec($sql);
if (is_a($affected, 'PEAR_Error')) die($affected->getMessage());
}
if ($expense_item_ids) {
$sql = "update tt_expense_items set invoice_id = ".$mdb2->quote($invoice_id).
$affected = $mdb2->exec($sql);
if (is_a($affected, 'PEAR_Error')) die($affected->getMessage());
}
}
// The markPaid marks a set of records as either paid or unpaid.
$affected = $mdb2->exec($sql);
if (is_a($affected, 'PEAR_Error')) die($affected->getMessage());
}
}
// The markPaid marks a set of records as either paid or unpaid.
- $sql = "update tt_log set paid = $paid_val where id in(".join(', ', $time_log_ids).")";
+ $sql = "update tt_log set paid = $paid_val".
+ " where id in(".join(', ', $time_log_ids).") and group_id = $group_id and org_id = $org_id";
$affected = $mdb2->exec($sql);
if (is_a($affected, 'PEAR_Error')) die($affected->getMessage());
}
if ($expense_item_ids) {
$affected = $mdb2->exec($sql);
if (is_a($affected, 'PEAR_Error')) die($affected->getMessage());
}
if ($expense_item_ids) {
- $sql = "update tt_expense_items set paid = $paid_val where id in(".join(', ', $expense_item_ids).")";
+ $sql = "update tt_expense_items set paid = $paid_val".
+ " where id in(".join(', ', $expense_item_ids).") and group_id = $group_id and org_id = $org_id";
$affected = $mdb2->exec($sql);
if (is_a($affected, 'PEAR_Error')) die($affected->getMessage());
}
$affected = $mdb2->exec($sql);
if (is_a($affected, 'PEAR_Error')) die($affected->getMessage());
}