import('form.Form');
import('ttGroupHelper');
import('DateAndTime');
+import('ttTimeHelper');
import('ttExpenseHelper');
// Access checks.
$cl_id = (int)$request->getParameter('id');
// Get the expense item we are editing.
$expense_item = ttExpenseHelper::getItem($cl_id);
-if (!$expense_item || $expense_item['invoice_id']) {
- // Prohibit editing not ours or invoiced items.
+if (!$expense_item || $expense_item['approved'] || $expense_item['invoice_id']) {
+ // Prohibit editing not ours, approved, or invoiced items.
header('Location: access_denied.php');
exit();
}
if ($new_date->after($browser_today))
$err->add($i18n->get('error.future_date'));
}
+ if (!ttTimeHelper::canAdd()) $err->add($i18n->get('error.expired'));
+ // Finished validating user input.
// Save record.
if ($request->getParameter('btn_save')) {