Added group_id to getWhere parts as additional protection.

[timetracker.git] / group_edit.php

diff --git a/group_edit.php b/group_edit.php
index 676a4d7..01d2ecd 100644 (file)
--- a/group_edit.php
+++ b/group_edit.php
@@ -30,6 +30,7 @@ require_once('initialize.php');
 import('form.Form');
 import('ttUserHelper');
 import('ttRoleHelper');
+import('ttConfigHelper');
 
 // Access checks.
 if (!(ttAccessAllowed('manage_basic_settings') || ttAccessAllowed('manage_advanced_settings'))) {
@@ -38,6 +39,8 @@ if (!(ttAccessAllowed('manage_basic_settings') || ttAccessAllowed('manage_advanc
 }
 // End of access checks.
 
+$config = new ttConfigHelper($user->config);
+
 $advanced_settings = $user->can('manage_advanced_settings');
 if (!defined('CURRENCY_DEFAULT')) define('CURRENCY_DEFAULT', '$');
 
@@ -209,9 +212,7 @@ $form->addInput(array('type'=>'checkbox','name'=>'notifications','value'=>$cl_no
 $form->addInput(array('type'=>'checkbox','name'=>'locking','value'=>$cl_locking,'onchange'=>'handlePluginCheckboxes()'));
 $form->addInput(array('type'=>'checkbox','name'=>'quotas','value'=>$cl_quotas,'onchange'=>'handlePluginCheckboxes()'));
 $form->addInput(array('type'=>'checkbox','name'=>'week_view','value'=>$cl_week_view,'onchange'=>'handlePluginCheckboxes()'));
-if (defined('WORK_UNITS_DEBUG')) {
-  $form->addInput(array('type'=>'checkbox','name'=>'work_units','value'=>$cl_work_units,'onchange'=>'handlePluginCheckboxes()'));
-}
+$form->addInput(array('type'=>'checkbox','name'=>'work_units','value'=>$cl_work_units,'onchange'=>'handlePluginCheckboxes()'));
 
 $form->addInput(array('type'=>'submit','name'=>'btn_save','value'=>$i18n->get('button.save')));
 if ($user->can('delete_group')) $form->addInput(array('type'=>'submit','name'=>'btn_delete','value'=>$i18n->get('button.delete')));
@@ -259,6 +260,8 @@ if ($request->isPost()) {
       $plugins .= ',mq';
     if ($cl_week_view)
       $plugins .= ',wv';
+    if ($cl_work_units)
+      $plugins .= ',wu';
 
     // Recycle week view plugin options as they are not configured on this page.
     $existing_plugins = explode(',', $user->plugins);
@@ -271,18 +274,12 @@ if ($request->isPost()) {
 
     $plugins = trim($plugins, ',');
 
-    // Prepare config string.
-    if ($cl_show_holidays)
-      $config .= ',show_holidays';
-    if ($cl_punch_mode)
-      $config .= ',punch_mode';
-    if ($cl_allow_overlap)
-      $config .= ',allow_overlap';
-    if ($cl_future_entries)
-      $config .= ',future_entries';
-    if ($cl_uncompleted_indicators)
-      $config .= ',uncompleted_indicators';
-    $config = trim($config, ',');
+    // Update config.
+    $config->setDefinedValue('show_holidays', $cl_show_holidays);
+    $config->setDefinedValue('punch_mode', $cl_punch_mode);
+    $config->setDefinedValue('allow_overlap', $cl_allow_overlap);
+    $config->setDefinedValue('future_entries', $cl_future_entries);
+    $config->setDefinedValue('uncompleted_indicators', $cl_uncompleted_indicators);
 
     if ($user->updateGroup(array(
       'name' => $cl_group,
@@ -300,7 +297,7 @@ if ($request->isPost()) {
       'bcc_email' => $cl_bcc_email,
       'allow_ip' => $cl_allow_ip,
       'plugins' => $plugins,
-      'config' => $config))) {
+      'config' => $config->getConfig()))) {
       header('Location: time.php');
       exit();
     } else