Included team_id in task update sql to avoid risk of misuse.

[timetracker.git] / WEB-INF / templates / header.tpl

diff --git a/WEB-INF/templates/header.tpl b/WEB-INF/templates/header.tpl
index 9ed099a..97ee53d 100644 (file)
--- a/WEB-INF/templates/header.tpl
+++ b/WEB-INF/templates/header.tpl
@@ -54,7 +54,7 @@
       <!-- end of top image -->
 
 {if $authenticated}
-  {if $user->isAdmin()}
+  {if $user->can('administer_site')}
       <!-- top menu for admin -->
       <table cellspacing="0" cellpadding="3" width="100%" border="0">
         <tr>
@@ -83,9 +83,9 @@
         <tr>
           <td class="systemMenu" height="17" align="center">&nbsp;
             <a class="systemMenu" href="logout.php">{$i18n.menu.logout}</a> &middot;
-            {if $user->can('manage_own_settings')}
-              <a class="systemMenu" href="profile_edit.php">{$i18n.menu.profile}</a> &middot;
-            {/if}
+    {if $user->can('manage_own_settings')}
+            <a class="systemMenu" href="profile_edit.php">{$i18n.menu.profile}</a> &middot;
+    {/if}
             <a class="systemMenu" href="{$smarty.const.FORUM_LINK}" target="_blank">{$i18n.menu.forum}</a> &middot;
             <a class="systemMenu" href="{$smarty.const.HELP_LINK}" target="_blank">{$i18n.menu.help}</a>
           </td>
@@ -97,23 +97,23 @@
       <table cellspacing="0" cellpadding="3" width="100%" border="0">
         <tr>
           <td align="center" bgcolor="#d9d9d9" nowrap height="17" background="images/subm_bg.gif">&nbsp;
-    {if $user->can('track_time') || $user->can('track_own_time')}
+    {if $user->can('track_own_time') || $user->can('track_time')}
            <a class="mainMenu" href="time.php">{$i18n.menu.time}</a>
     {/if}
-    {if $user->isPluginEnabled('ex') && ($user->can('track_expenses') || $user->can('track_own_expenses'))}
+    {if $user->isPluginEnabled('ex') && ($user->can('track_own_expenses') || $user->can('track_expenses'))}
             &middot; <a class="mainMenu" href="expenses.php">{$i18n.menu.expenses}</a>
     {/if}
-    {if $user->can('view_invoices') || $user->can('view_own_reports')}
+    {if $user->can('view_own_reports') || $user->can('view_reports')}
             &middot; <a class="mainMenu" href="reports.php">{$i18n.menu.reports}</a> 
     {/if}        
-    {if $user->isPluginEnabled('iv') && ($user->can('manage_invoices') || $user->can('view_own_invoices'))}
+    {if $user->isPluginEnabled('iv') && ($user->can('view_own_invoices') || $user->can('manage_invoices'))}
             &middot; <a class="mainMenu" href="invoices.php">{$i18n.title.invoices}</a>
     {/if}
-    {if ($user->isPluginEnabled('ch') && ($user->can('view_charts') || $user->can('view_own_charts'))) && ($smarty.const.MODE_PROJECTS == $user->tracking_mode
+    {if ($user->isPluginEnabled('ch') && ($user->can('view_own_charts') || $user->can('view_charts'))) && ($smarty.const.MODE_PROJECTS == $user->tracking_mode
       || $smarty.const.MODE_PROJECTS_AND_TASKS == $user->tracking_mode || $user->isPluginEnabled('cl'))}
             &middot; <a class="mainMenu" href="charts.php">{$i18n.menu.charts}</a>
     {/if}
-    {if $user->can('manage_projects') && ($smarty.const.MODE_PROJECTS == $user->tracking_mode || $smarty.const.MODE_PROJECTS_AND_TASKS == $user->tracking_mode)}
+    {if ($user->can('manage_projects') || $user->can('track_own_time') || $user->can('track_time')) && ($smarty.const.MODE_PROJECTS == $user->tracking_mode || $smarty.const.MODE_PROJECTS_AND_TASKS == $user->tracking_mode)}
             &middot; <a class="mainMenu" href="projects.php">{$i18n.menu.projects}</a>
     {/if}
     {if ($smarty.const.MODE_PROJECTS_AND_TASKS == $user->tracking_mode) && $user->can('manage_tasks')}