import('ttTimeHelper');
import('DateAndTime');
-// Access check.
-if (!ttAccessCheck(right_data_entry)) {
+// Access checks.
+if (!(ttAccessAllowed('track_own_time') || ttAccessAllowed('track_time'))) {
header('Location: access_denied.php');
exit();
}
-
-// Use Custom Fields plugin if we have one.
-// if (file_exists("plugins/CustomFields.class.php")) {
-// require_once("plugins/CustomFields.class.php");
-// $custom_fields = new CustomFields($user->team_id);
-// }
-
-$cl_id = $request->getParameter('id');
-$time_rec = ttTimeHelper::getRecord($cl_id, $user->getActiveUser());
-
-// Prohibit deleting invoiced records.
-if ($time_rec['invoice_id']) die($i18n->getKey('error.sys'));
+$cl_id = (int)$request->getParameter('id');
+$time_rec = ttTimeHelper::getRecord($cl_id);
+if (!$time_rec || $time_rec['approved'] || $time_rec['timesheet_id'] || $time_rec['invoice_id']) {
+ // Prohibit deleting not ours, approved, assigned to timesheet, or invoiced records.
+ header('Location: access_denied.php');
+ exit();
+}
+// End of access checks.
// Escape comment for presentation.
$time_rec['comment'] = htmlspecialchars($time_rec['comment']);
// Determine if it's okay to delete the record.
$item_date = new DateAndTime(DB_DATEFORMAT, $time_rec['date']);
- // Determine lock date.
- $lock_interval = $user->lock_interval;
- $lockdate = 0;
- if ($lock_interval > 0) {
- $lockdate = new DateAndTime();
- $lockdate->decDay($lock_interval);
- }
+
// Determine if the record is uncompleted.
$uncompleted = ($time_rec['duration'] == '0:00');
- if($lockdate && $item_date->before($lockdate) && !$uncompleted) {
- $err->add($i18n->getKey('error.period_locked'));
- }
+ if ($user->isDateLocked($item_date) && !$uncompleted)
+ $err->add($i18n->get('error.range_locked'));
if ($err->no()) {
-
// Delete the record.
- $result = ttTimeHelper::delete($cl_id, $user->getActiveUser());
-
- if ($result) {
+ if (ttTimeHelper::delete($cl_id)) {
header('Location: time.php');
exit();
} else {
- $err->add($i18n->getKey('error.db'));
+ $err->add($i18n->get('error.db'));
}
}
}
header('Location: time.php');
exit();
}
-} // POST
+} // isPost
$form = new Form('timeRecordForm');
$form->addInput(array('type'=>'hidden','name'=>'id','value'=>$cl_id));
-$form->addInput(array('type'=>'submit','name'=>'delete_button','value'=>$i18n->getKey('label.delete')));
-$form->addInput(array('type'=>'submit','name'=>'cancel_button','value'=>$i18n->getKey('button.cancel')));
+$form->addInput(array('type'=>'submit','name'=>'delete_button','value'=>$i18n->get('label.delete')));
+$form->addInput(array('type'=>'submit','name'=>'cancel_button','value'=>$i18n->get('button.cancel')));
$smarty->assign('time_rec', $time_rec);
$smarty->assign('forms', array($form->getName() => $form->toArray()));
-$smarty->assign('title', $i18n->getKey('title.delete_time_record'));
+$smarty->assign('title', $i18n->get('title.delete_time_record'));
$smarty->assign('content_page_name', 'time_delete.tpl');
$smarty->display('index.tpl');