$cl_id = (int)$request->getParameter('id');
// Get the expense item we are editing.
$expense_item = ttExpenseHelper::getItem($cl_id);
-if (!$expense_item || $expense_item['invoice_id']) {
- // Prohibit editing not ours or invoiced items.
+if (!$expense_item || $expense_item['approved'] || $expense_item['invoice_id']) {
+ // Prohibit editing not ours, approved, or invoiced items.
header('Location: access_denied.php');
exit();
}
if ($request->isPost()) {
// Validate user input.
- if ($user->isPluginEnabled('cl') && $user->isPluginEnabled('cm') && !$cl_client)
+ if ($user->isPluginEnabled('cl') && $user->isOptionEnabled('client_required') && !$cl_client)
$err->add($i18n->get('error.client'));
if ($show_project && !$cl_project)
$err->add($i18n->get('error.project'));