import('ttTeamHelper');
// Access check.
-if (!ttAccessAllowed('view_own_reports')) {
+if (!(ttAccessAllowed('view_own_reports') || ttAccessAllowed('view_reports') || ttAccessAllowed('view_all_reports'))) {
header('Location: access_denied.php');
exit();
}
// Use custom fields plugin if it is enabled.
if ($user->isPluginEnabled('cf')) {
require_once('plugins/CustomFields.class.php');
- $custom_fields = new CustomFields($user->team_id);
+ $custom_fields = new CustomFields($user->group_id);
$smarty->assign('custom_fields', $custom_fields);
}
// Do we need to show checkboxes?
if ($bean->getAttribute('chpaid') ||
($client_id && $bean->getAttribute('chinvoice') && ('no_grouping' == $bean->getAttribute('group_by')) && !$user->isClient())) {
- $smarty->assign('use_checkboxes', true);
+ if ($user->can('manage_invoices'))
+ $smarty->assign('use_checkboxes', true);
}
// Controls for "Mark paid" block.
-if ($bean->getAttribute('chpaid')) {
+if ($user->can('manage_invoices') && $bean->getAttribute('chpaid')) {
$mark_paid_select_options = array('1'=>$i18n->get('dropdown.all'),'2'=>$i18n->get('dropdown.select'));
$form->addInput(array('type'=>'combobox',
'name'=>'mark_paid_select_options',
}
// Controls for "Assign to invoice" block.
-if ($client_id && $bean->getAttribute('chinvoice') && ('no_grouping' == $bean->getAttribute('group_by')) && !$user->isClient()) {
+if ($user->can('manage_invoices') &&
+ ($client_id && $bean->getAttribute('chinvoice') && ('no_grouping' == $bean->getAttribute('group_by')) && !$user->isClient())) {
// Client is selected and we are displaying the invoice column.
- $recent_invoices = ttTeamHelper::getRecentInvoices($user->team_id, $client_id);
+ $recent_invoices = ttTeamHelper::getRecentInvoices($user->group_id, $client_id);
if ($recent_invoices) {
$assign_invoice_select_options = array('1'=>$i18n->get('dropdown.all'),'2'=>$i18n->get('dropdown.select'));
$form->addInput(array('type'=>'combobox',