import('ttTimesheetHelper');
// Access checks.
-if (!(ttAccessAllowed('view_own_timesheets') || ttAccessAllowed('view_timesheets') || ttAccessAllowed('view_all_timesheets') || ttAccessAllowed('view_client_timesheets'))) {
+if (!(ttAccessAllowed('track_own_time') || ttAccessAllowed('track_time'))) {
header('Location: access_denied.php');
exit();
}
header('Location: feature_disabled.php');
exit();
}
-$timesheet_id = (int)$request->getParameter('id');
-$timesheet = ttTimesheetHelper::getTimesheet($timesheet_id);
+$cl_timesheet_id = (int)$request->getParameter('id');
+$timesheet = ttTimesheetHelper::getTimesheet($cl_timesheet_id);
if (!$timesheet) {
header('Location: access_denied.php');
exit();
}
// TODO: add other checks here for timesheet being appropriate for user role.
-// TODO: if this is a timeheet submit, validate approver id, too.
+// TODO: if this is a timesheet submit, validate approver id, too.
// End of access checks.
if ($request->isPost()) {
$options = ttTimesheetHelper::getReportOptions($timesheet);
$subtotals = ttReportHelper::getSubtotals($options);
$totals = ttReportHelper::getTotals($options);
-$notClient = !$user->isClient();
// Determine which controls to show and obtain date for them.
-$showSubmit = $notClient && !$timesheet['submit_status'];
+$showSubmit = !$timesheet['submit_status'];
if ($showSubmit) $approvers = ttTimesheetHelper::getApprovers($timesheet['user_id']);
-$canApprove = $user->can('approve_timesheets') || $user_>can('approve_all_timesheets');
-$showApprove = $notClient && $timesheet['submit_status'] && $timesheet['approval_status'] == null;
+$canApprove = $user->can('approve_timesheets') || $user->can('approve_all_timesheets');
+$showApprove = $timesheet['submit_status'] && $timesheet['approval_status'] == null;
// Add a form with controls.
$form = new Form('timesheetForm');
projects / timetracker.git / blobdiff