import('DateAndTime');
import('ttExpenseHelper');
-// Access check.
-if (!ttAccessAllowed('track_own_expenses') || !$user->isPluginEnabled('ex')) {
+// Access checks.
+if (!(ttAccessAllowed('track_own_expenses') || ttAccessAllowed('track_expenses'))) {
header('Location: access_denied.php');
exit();
}
-
-$cl_id = $request->getParameter('id');
-
+if (!$user->isPluginEnabled('ex')) {
+ header('Location: feature_disabled.php');
+ exit();
+}
+$cl_id = (int)$request->getParameter('id');
// Get the expense item we are editing.
-$expense_item = ttExpenseHelper::getItem($cl_id, $user->getActiveUser());
-
-// Prohibit editing invoiced items.
-if ($expense_item['invoice_id']) die($i18n->get('error.sys'));
+$expense_item = ttExpenseHelper::getItem($cl_id, $user->getUser());
+if (!$expense_item || $expense_item['invoice_id']) {
+ // Prohibit editing not ours or invoiced items.
+ header('Location: access_denied.php');
+ exit();
+}
$item_date = new DateAndTime(DB_DATEFORMAT, $expense_item['date']);
+$confirm_save = $user->getConfirmSave();
// Initialize variables.
$cl_date = $cl_client = $cl_project = $cl_item_name = $cl_cost = null;
// Dropdown for clients in MODE_TIME. Use all active clients.
if (MODE_TIME == $user->tracking_mode && $user->isPluginEnabled('cl')) {
- $active_clients = ttTeamHelper::getActiveClients($user->team_id, true);
+ $active_clients = ttTeamHelper::getActiveClients($user->group_id, true);
$form->addInput(array('type'=>'combobox',
'onchange'=>'fillProjectDropdown(this.value);',
'name'=>'client',
// Dropdown for clients if the clients plugin is enabled.
if ($user->isPluginEnabled('cl')) {
- $active_clients = ttTeamHelper::getActiveClients($user->team_id, true);
+ $active_clients = ttTeamHelper::getActiveClients($user->group_id, true);
// We need an array of assigned project ids to do some trimming.
foreach($project_list as $project)
$projects_assigned_to_user[] = $project['id'];
}
}
// If predefined expenses are configured, add controls to select an expense and quantity.
-$predefined_expenses = ttTeamHelper::getPredefinedExpenses($user->team_id);
+$predefined_expenses = ttTeamHelper::getPredefinedExpenses($user->group_id);
if ($predefined_expenses) {
$form->addInput(array('type'=>'combobox',
'onchange'=>'recalculateCost();',
// Hidden control for record id.
$form->addInput(array('type'=>'hidden','name'=>'id','value'=>$cl_id));
$form->addInput(array('type'=>'hidden','name'=>'browser_today','value'=>'')); // User current date, which gets filled in on btn_save or btn_copy click.
-$form->addInput(array('type'=>'submit','name'=>'btn_save','onclick'=>'browser_today.value=get_date()','value'=>$i18n->get('button.save')));
-$form->addInput(array('type'=>'submit','name'=>'btn_copy','onclick'=>'browser_today.value=get_date()','value'=>$i18n->get('button.copy')));
+$on_click_action = 'browser_today.value=get_date();';
+$form->addInput(array('type'=>'submit','name'=>'btn_copy','onclick'=>$on_click_action,'value'=>$i18n->get('button.copy')));
+if ($confirm_save) $on_click_action .= 'return(confirmSave());';
+$form->addInput(array('type'=>'submit','name'=>'btn_save','onclick'=>$on_click_action,'value'=>$i18n->get('button.save')));
$form->addInput(array('type'=>'submit','name'=>'btn_delete','value'=>$i18n->get('label.delete')));
if ($request->isPost()) {
// Now, an update.
if ($err->no()) {
- if (ttExpenseHelper::update(array('id'=>$cl_id,'date'=>$new_date->toString(DB_DATEFORMAT),'user_id'=>$user->getActiveUser(),
+ if (ttExpenseHelper::update(array('id'=>$cl_id,'date'=>$new_date->toString(DB_DATEFORMAT),'user_id'=>$user->getUser(),
'client_id'=>$cl_client,'project_id'=>$cl_project,'name'=>$cl_item_name,'cost'=>$cl_cost))) {
header('Location: expenses.php?date='.$new_date->toString(DB_DATEFORMAT));
exit();
// Now, a new insert.
if ($err->no()) {
- if (ttExpenseHelper::insert(array('date'=>$new_date->toString(DB_DATEFORMAT),'user_id'=>$user->getActiveUser(),
- 'client_id'=>$cl_client,'project_id'=>$cl_project,'name'=>$cl_item_name,'cost'=>$cl_cost,'status'=>1))) {
+ if (ttExpenseHelper::insert(array('date'=>$new_date->toString(DB_DATEFORMAT),'client_id'=>$cl_client,
+ 'project_id'=>$cl_project,'name'=>$cl_item_name,'cost'=>$cl_cost,'status'=>1))) {
header('Location: expenses.php?date='.$new_date->toString(DB_DATEFORMAT));
exit();
} else
}
} // isPost
+if ($confirm_save) {
+ $smarty->assign('confirm_save', true);
+ $smarty->assign('entry_date', $cl_date);
+}
$smarty->assign('predefined_expenses', $predefined_expenses);
$smarty->assign('client_list', $client_list);
$smarty->assign('project_list', $project_list);