Introduced approve_reports and approve_all_reports rights.

[timetracker.git] / report.php

diff --git a/report.php b/report.php
index 7ecabcc..93720cb 100644 (file)
--- a/report.php
+++ b/report.php
@@ -33,7 +33,7 @@ import('ttReportHelper');
 import('ttGroupHelper');
 
 // Access check.
-if (!(ttAccessAllowed('view_own_reports') || ttAccessAllowed('view_reports') || ttAccessAllowed('view_all_reports'))) {
+if (!(ttAccessAllowed('view_own_reports') || ttAccessAllowed('view_reports') || ttAccessAllowed('view_all_reports')  || ttAccessAllowed('view_client_reports'))) {
   header('Location: access_denied.php');
   exit();
 }
@@ -58,10 +58,10 @@ if ($user->isPluginEnabled('cf')) {
   $smarty->assign('custom_fields', $custom_fields);
 }
 
-$form = new Form('reportForm');
+$form = new Form('reportViewForm');
 
 // Report settings are stored in session bean before we get here from reports.php.
-$bean = new ActionForm('reportBean', $form, $request);
+$bean = new ActionForm('reportBean', new Form('reportForm'), $request);
 // If we are in post, load the bean from session, as the constructor does it only in get.
 if ($request->isPost()) $bean->loadBean();
 
@@ -209,6 +209,8 @@ if ($user->isPluginEnabled('ts') && count($report_items) > 0 &&
       break;
     }
   }
+  // Save user_id in session.
+  $bean->saveDetachedAttribute('timesheet_user_id', $first_user_id);
 
   // TODO: Improve this for "view_all_reports" situation.
   // We may need to add "manage_all_timesheets" right.