require_once('initialize.php');
import('form.Form');
import('ttInvoiceHelper');
-import('ttSysConfig');
+import('ttUserConfig');
// Access checks.
-if (!(ttAccessAllowed('manage_invoices') || ttAccessAllowed('view_own_invoices'))) {
+if (!(ttAccessAllowed('manage_invoices') || ttAccessAllowed('view_client_invoices'))) {
header('Location: access_denied.php');
exit();
}
header('Location: feature_disabled.php');
exit();
}
-
$cl_invoice_id = (int)$request->getParameter('id');
-$invoice = ttInvoiceHelper::getInvoice($cl_invoice_id);
-$sc = new ttSysConfig($user->id);
+$invoice = ttInvoiceHelper::getInvoice($cl_invoice_id);
+if (!$invoice) {
+ header('Location: access_denied.php');
+ exit();
+}
+// End of access checks.
-// Security check.
-if (!$cl_invoice_id || !$invoice)
- die ($i18n->get('error.sys'));
+$uc = new ttUserConfig();
if ($request->isPost()) {
$cl_receiver = trim($request->getParameter('receiver'));
$cl_subject = trim($request->getParameter('subject'));
$cl_comment = trim($request->getParameter('comment'));
} else {
- $cl_receiver = $sc->getValue(SYSC_LAST_INVOICE_EMAIL);
- $cl_cc = $sc->getValue(SYSC_LAST_INVOICE_CC);
- $cl_subject = $i18n->get('title.invoice').' '.$invoice['name'].', '.$user->team;
+ $cl_receiver = $uc->getValue(SYSC_LAST_INVOICE_EMAIL);
+ $cl_cc = $uc->getValue(SYSC_LAST_INVOICE_CC);
+ $cl_subject = $i18n->get('title.invoice').' '.$invoice['name'].', '.$user->group_name;
}
$form = new Form('mailForm');
if ($err->no()) {
// Save last invoice emails for future use.
- $sc->setValue(SYSC_LAST_INVOICE_EMAIL, $cl_receiver);
- $sc->setValue(SYSC_LAST_INVOICE_CC, $cl_cc);
+ $uc->setValue(SYSC_LAST_INVOICE_EMAIL, $cl_receiver);
+ $uc->setValue(SYSC_LAST_INVOICE_CC, $cl_cc);
$body = ttInvoiceHelper::prepareInvoiceBody($cl_invoice_id, $cl_comment);