// Prepare sql query part for user list.
$userlist = $options['users'] ? $options['users'] : '-1';
- $user_list_part = null;
if ($user->can('view_reports') || $user->can('view_all_reports') || $user->isClient())
$user_list_part = " and l.user_id in ($userlist)";
else
$user_list_part = " and l.user_id = ".$user->id;
+ $user_list_part .= " and l.group_id = ".$user->getActiveGroup();
// Prepare sql query part for where.
if ($options['period'])
// Prepare user list part.
$userlist = -1;
- if (($user->can('view_reports') || $user->isClient())) {
+ if ($user->can('view_reports') || $user->can('view_all_reports') || $user->isClient()) {
if ($options['users'])
$userlist = $options['users'];
else {
- $active_users = ttTeamHelper::getActiveUsers();
- foreach ($active_users as $single_user)
+ $group_users = ttTeamHelper::getUsers(); // active and inactive users
+ foreach ($group_users as $single_user)
$users[] = $single_user['id'];
$userlist = join(',', $users);
}
}
// Prepare sql query part for user list.
- $user_list_part = null;
- if ($user->can('view_reports') || $user->isClient())
+ if ($user->can('view_reports') || $user->can('view_all_reports') || $user->isClient())
$user_list_part = " and l.user_id in ($userlist)";
else
$user_list_part = " and l.user_id = ".$user->id;
+ $user_list_part .= " and l.group_id = ".$user->getActiveGroup();
// Prepare sql query part for where.
if ($options['period'])
// Prepare sql query part for user list.
$userlist = $options['users'] ? $options['users'] : '-1';
- $user_list_part = null;
if ($user->can('view_reports') || $user->can('view_all_reports') || $user->isClient())
$user_list_part = " and ei.user_id in ($userlist)";
else
$user_list_part = " and ei.user_id = ".$user->id;
+ $user_list_part .= " and ei.group_id = ".$user->getActiveGroup();
// Prepare sql query part for where.
if ($options['period'])
}
}
// Prepare sql query part for user list.
- $user_list_part = null;
- if ($user->can('view_reports') || $user->isClient())
+ if ($user->can('view_reports') || $user->can('view_all_reports') || $user->isClient())
$user_list_part = " and ei.user_id in ($userlist)";
else
$user_list_part = " and ei.user_id = ".$user->id;
+ $user_list_part .= " and ei.group_id = ".$user->getActiveGroup();
// Prepare sql query part for where.
if ($options['period'])
*/
return $options;
}
+
+ // verifyBean is a security function to make sure data in bean makes sense for a group.
+ static function verifyBean($bean) {
+ global $user;
+
+ // Check users.
+ $users_in_bean = $bean->getAttribute('users');
+ if (is_array($users_in_bean)) {
+ $users_in_group = ttTeamHelper::getUsers();
+ foreach ($users_in_group as $user_in_group) {
+ $valid_ids[] = $user_in_group['id'];
+ }
+ foreach ($users_in_bean as $user_in_bean) {
+ if (!in_array($user_in_bean, $valid_ids)) {
+ return false;
+ }
+ }
+ }
+
+ // TODO: add additional checks here. Perhaps do it before saving the bean for consistency.
+ return true;
+ }
}
projects / timetracker.git / blobdiff