global $user;
$mdb2 = getConnection();
+ // Delete associated files.
+ if ($user->isPluginEnabled('at')) {
+ import('ttFileHelper');
+ global $err;
+ $fileHelper = new ttFileHelper($err);
+ if (!$fileHelper->deleteEntityFiles($id, 'time'))
+ return false;
+ }
+
$user_id = $user->getUser();
$group_id = $user->getGroup();
$org_id = $user->org_id;
return false;
}
+ // getRecordForFileView - retrieves a time record identified by its id for
+ // attachment view operation.
+ //
+ // It is different from getRecord, as we want users with appropriate rights
+ // to be able to see other users files, without changing "on behalf" user.
+ // For example, viewing reports for all users and their attached files
+ // from report links.
+ static function getRecordForFileView($id) {
+ // There are several possible situations:
+ //
+ // Record is ours. Check "view_own_reports" or "view_all_reports".
+ // Record is for the current on behalf user. Check "view_reports" or "view_all_reports".
+ // Record is for someone else. Check "view_reports" or "view_all_reports" and rank.
+ //
+ // It looks like the best way is to use 2 queries, obtain user_id first, then check rank.
+
+ global $user;
+
+ $group_id = $user->getGroup();
+ $org_id = $user->org_id;
+
+ $mdb2 = getConnection();
+
+ // Obtain user_id for the time record.
+ $sql = "select l.id, l.user_id, l.timesheet_id, l.invoice_id, l.approved from tt_log l ".
+ " where l.id = $id and l.group_id = $group_id and l.org_id = $org_id and l.status = 1";
+ $res = $mdb2->query($sql);
+ if (is_a($res, 'PEAR_Error')) return false;
+ if (!$res->numRows()) return false;
+
+ $val = $res->fetchRow();
+ $user_id = $val['user_id'];
+
+ // If record is ours.
+ if ($user_id == $user->id) {
+ if ($user->can('view_own_reports') || $user->can('view_all_reports')) {
+ $val['can_edit'] = !($val['timesheet_id'] || $val['invoice_id'] || $val['approved']);
+ return $val;
+ }
+ return false; // No rights.
+ }
+
+ // If record belongs to a user we impersonate.
+ if ($user->behalfUser && $user_id == $user->behalfUser->id) {
+ if ($user->can('view_reports') || $user->can('view_all_reports')) {
+ $val['can_edit'] = !($val['timesheet_id'] || $val['invoice_id'] || $val['approved']);
+ return $val;
+ }
+ return false; // No rights.
+ }
+
+ // Record belongs to someone else. We need to check user rank.
+ if (!($user->can('view_reports') || $user->can('view_all_reports'))) return false;
+ $max_rank = $user->can('view_all_reports') ? MAX_RANK : $user->getMaxRankForGroup($group_id);
+
+ $left_joins = ' left join tt_users u on (l.user_id = u.id)';
+ $left_joins .= ' left join tt_roles r on (u.role_id = r.id)';
+
+ $where_part = " where l.id = $id and l.group_id = $group_id and l.org_id = $org_id and l.status = 1".
+ $where_part .= " and r.rank <= $max_rank";
+
+ $sql = "select l.id, l.user_id, l.timesheet_id, l.invoice_id, l.approved".
+ " from tt_log l $left_joins $where_part";
+ $res = $mdb2->query($sql);
+ if (!is_a($res, 'PEAR_Error')) {
+ if (!$res->numRows()) {
+ return false;
+ }
+ if ($val = $res->fetchRow()) {
+ $val['can_edit'] = false;
+ return $val;
+ }
+ }
+ return false;
+ }
+
// getAllRecords - returns all time records for a certain user.
static function getAllRecords($user_id) {
$result = array();
// getRecords - returns time records for a user for a given date.
static function getRecords($user_id, $date) {
+ // TODO: merge getRecords and getRecordsWithFiles into one function.
global $user;
$mdb2 = getConnection();
if ($user->isPluginEnabled('cl'))
$client_field = ", c.name as client";
+ $include_cf_1 = $user->isPluginEnabled('cf');
+ if ($include_cf_1) {
+ $custom_fields = new CustomFields();
+ $cf_1_type = $custom_fields->fields[0]['type'];
+ if ($cf_1_type == CustomFields::TYPE_TEXT) {
+ $custom_field = ", cfl.value as cf_1";
+ } elseif ($cf_1_type == CustomFields::TYPE_DROPDOWN) {
+ $custom_field = ", cfo.value as cf_1";
+ }
+ }
+
$left_joins = " left join tt_projects p on (l.project_id = p.id)".
" left join tt_tasks t on (l.task_id = t.id)";
if ($user->isPluginEnabled('cl'))
$left_joins .= " left join tt_clients c on (l.client_id = c.id)";
+ if ($include_cf_1) {
+ if ($cf_1_type == CustomFields::TYPE_TEXT)
+ $left_joins .= " left join tt_custom_field_log cfl on (l.id = cfl.log_id and cfl.status = 1)";
+ elseif ($cf_1_type == CustomFields::TYPE_DROPDOWN) {
+ $left_joins .= " left join tt_custom_field_log cfl on (l.id = cfl.log_id and cfl.status = 1)".
+ " left join tt_custom_field_options cfo on (cfl.option_id = cfo.id)";
+ }
+ }
$result = array();
$sql = "select l.id as id, TIME_FORMAT(l.start, $sql_time_format) as start,".
" TIME_FORMAT(sec_to_time(time_to_sec(l.start) + time_to_sec(l.duration)), $sql_time_format) as finish,".
" TIME_FORMAT(l.duration, '%k:%i') as duration, p.name as project, t.name as task, l.comment,".
- " l.billable, l.approved, l.timesheet_id, l.invoice_id $client_field from tt_log l $left_joins".
+ " l.billable, l.approved, l.timesheet_id, l.invoice_id $client_field $custom_field from tt_log l $left_joins".
" where l.date = '$date' and l.user_id = $user_id and l.group_id = $group_id and l.org_id = $org_id and l.status = 1".
" order by l.start, l.id";
$res = $mdb2->query($sql);
if ($user->isPluginEnabled('cl'))
$client_field = ", c.name as client";
+ $include_cf_1 = $user->isPluginEnabled('cf');
+ if ($include_cf_1) {
+ $custom_fields = new CustomFields();
+ $cf_1_type = $custom_fields->fields[0]['type'];
+ if ($cf_1_type == CustomFields::TYPE_TEXT) {
+ $custom_field = ", cfl.value as cf_1";
+ } elseif ($cf_1_type == CustomFields::TYPE_DROPDOWN) {
+ $custom_field = ", cfo.value as cf_1";
+ }
+ }
+
$left_joins = " left join tt_projects p on (l.project_id = p.id)".
" left join tt_tasks t on (l.task_id = t.id)";
if ($user->isPluginEnabled('cl'))
$left_joins .= " left join tt_clients c on (l.client_id = c.id)";
+ if ($include_cf_1) {
+ if ($cf_1_type == CustomFields::TYPE_TEXT)
+ $left_joins .= " left join tt_custom_field_log cfl on (l.id = cfl.log_id and cfl.status = 1)";
+ elseif ($cf_1_type == CustomFields::TYPE_DROPDOWN) {
+ $left_joins .= " left join tt_custom_field_log cfl on (l.id = cfl.log_id and cfl.status = 1)".
+ " left join tt_custom_field_options cfo on (cfl.option_id = cfo.id)";
+ }
+ }
$left_joins .= " left join (select distinct entity_id from tt_files".
" where entity_type = 'time' and group_id = $group_id and org_id = $org_id and status = 1) Sub1".
" TIME_FORMAT(sec_to_time(time_to_sec(l.start) + time_to_sec(l.duration)), $sql_time_format) as finish,".
" TIME_FORMAT(l.duration, '%k:%i') as duration, p.name as project, t.name as task, l.comment,".
" if(Sub1.entity_id is null, 0, 1) as has_files,".
- " l.billable, l.approved, l.timesheet_id, l.invoice_id $client_field from tt_log l $left_joins".
+ " l.billable, l.approved, l.timesheet_id, l.invoice_id $client_field $custom_field from tt_log l $left_joins".
" where l.date = '$date' and l.user_id = $user_id and l.group_id = $group_id and l.org_id = $org_id and l.status = 1".
" order by l.start, l.id";
$res = $mdb2->query($sql);