Started to replace canManageTeam calls with right checks.

[timetracker.git] / WEB-INF / lib / ttExpenseHelper.class.php

diff --git a/WEB-INF/lib/ttExpenseHelper.class.php b/WEB-INF/lib/ttExpenseHelper.class.php
index c41a141..7d63ba4 100644 (file)
--- a/WEB-INF/lib/ttExpenseHelper.class.php
+++ b/WEB-INF/lib/ttExpenseHelper.class.php
@@ -41,10 +41,11 @@ class ttExpenseHelper {
     $cost = str_replace(',', '.', $fields['cost']);
     $invoice_id = $fields['invoice_id'];
     $status = $fields['status'];
+    $paid = (int) $fields['paid'];
 
-    $sql = "insert into tt_expense_items (date, user_id, client_id, project_id, name, cost, invoice_id, status) ".
+    $sql = "insert into tt_expense_items (date, user_id, client_id, project_id, name, cost, invoice_id, paid, status) ".
       "values (".$mdb2->quote($date).", $user_id, ".$mdb2->quote($client_id).", ".$mdb2->quote($project_id).
-      ", ".$mdb2->quote($name).", ".$mdb2->quote($cost).", ".$mdb2->quote($invoice_id).", ".$mdb2->quote($status).")";
+      ", ".$mdb2->quote($name).", ".$mdb2->quote($cost).", ".$mdb2->quote($invoice_id).", $paid, ".$mdb2->quote($status).")";
     $affected = $mdb2->exec($sql);
     if (is_a($affected, 'PEAR_Error'))
       return false;
@@ -56,6 +57,7 @@ class ttExpenseHelper {
   // update - updates a record in tt_expense_items table.
   static function update($fields)
   {
+    global $user;
     $mdb2 = getConnection();
 
     $id = (int) $fields['id'];
@@ -67,9 +69,14 @@ class ttExpenseHelper {
     $cost = str_replace(',', '.', $fields['cost']);
     $invoice_id = $fields['invoice_id'];
 
+    $paid_part = '';
+    if ($user->can('manage_invoices') && $user->isPluginEnabled('ps')) {
+      $paid_part = $fields['paid'] ? ', paid = 1' : ', paid = 0';
+    }
+
     $sql = "UPDATE tt_expense_items set date = ".$mdb2->quote($date).", user_id = $user_id, client_id = ".$mdb2->quote($client_id).
       ", project_id = ".$mdb2->quote($project_id).", name = ".$mdb2->quote($name).
-      ", cost = ".$mdb2->quote($cost).", invoice_id = ".$mdb2->quote($invoice_id).
+      ", cost = ".$mdb2->quote($cost)."$paid_part, invoice_id = ".$mdb2->quote($invoice_id).
       " WHERE id = $id";
 
     $affected = $mdb2->exec($sql);
@@ -122,7 +129,7 @@ class ttExpenseHelper {
     if ($user->isPluginEnabled('cl'))
       $left_joins .= " left join tt_clients c on (ei.client_id = c.id)";
 
-    $sql = "select ei.id, ei.date, ei.client_id, ei.project_id, ei.name, ei.cost, ei.invoice_id $client_field, p.name as project_name
+    $sql = "select ei.id, ei.date, ei.client_id, ei.project_id, ei.name, ei.cost, ei.invoice_id, ei.paid $client_field, p.name as project_name
       from tt_expense_items ei
       $left_joins
       where ei.id = $id and ei.user_id = $user_id and ei.status = 1";