require_once('initialize.php');
import('form.Form');
+import('ttGroupHelper');
import('ttTimesheetHelper');
// Access checks.
-if (!(ttAccessAllowed('view_own_timesheets') || ttAccessAllowed('view_timesheets') || ttAccessAllowed('view_all_timesheets') || ttAccessAllowed('view_client_timesheets'))) {
+if (!(ttAccessAllowed('track_own_time') || ttAccessAllowed('track_time'))) {
header('Location: access_denied.php');
exit();
}
+if ($user->behalf_id && (!$user->can('track_time') || !$user->checkBehalfId())) {
+ header('Location: access_denied.php'); // Trying on behalf, but no right or wrong user.
+ exit();
+}
+if (!$user->behalf_id && !$user->can('track_own_time') && !$user->adjustBehalfId()) {
+ header('Location: access_denied.php'); // Trying as self, but no right for self, and noone to work on behalf.
+ exit();
+}
if (!$user->isPluginEnabled('ts')) {
header('Location: feature_disabled.php');
exit();
}
if ($request->isPost()) {
- $userChanged = $request->getParameter('user_changed');
+ $userChanged = $request->getParameter('user_changed'); // Reused in multiple places below.
if ($userChanged && !($user->can('track_time') && $user->isUserValid($request->getParameter('user')))) {
header('Location: access_denied.php'); // Group changed, but no rght or wrong user id.
exit();
}
// End of access checks.
-// Determine user for whom we display this page.
+// Determine user for which we display this page.
if ($request->isPost() && $userChanged) {
$user_id = $request->getParameter('user');
+ $user->setOnBehalfUser($user_id);
} else {
$user_id = $user->getUser();
}
// Elements of timesheetsForm.
$form = new Form('timesheetsForm');
-if ($user->can('view_timesheets') || $user->can('view_all_timesheets') || $user->can('manage_timesheets') || $user->can('manage_all_timesheets')) {
+if ($user->can('track_time')) {
$rank = $user->getMaxRankForGroup($group_id);
if ($user->can('track_own_time'))
- $options = array('group_id'=>$group_id,'status'=>ACTIVE,'max_rank'=>$rank,'include_self'=>true,'self_first'=>true);
+ $options = array('status'=>ACTIVE,'max_rank'=>$rank,'include_self'=>true,'self_first'=>true);
else
- $options = array('group_id'=>$group_id,'status'=>ACTIVE,'max_rank'=>$rank);
+ $options = array('status'=>ACTIVE,'max_rank'=>$rank);
$user_list = $user->getUsers($options);
if (count($user_list) >= 1) {
$form->addInput(array('type'=>'combobox',
}
}
+$active_timesheets = ttTimesheetHelper::getActiveTimesheets();
+$inactive_timesheets = ttTimesheetHelper::getInactiveTimesheets();
-
-
-// TODO: fix this for client access.
-$active_timesheets = ttTimesheetHelper::getActiveTimesheets($user_id);
-$inactive_timesheets = ttTimesheetHelper::getInactiveTimesheets($user_id);
-$show_client = $user->isPluginEnabled('cl') && !$user->isClient();
+$showClient = $user->isPluginEnabled('cl');
$smarty->assign('active_timesheets', $active_timesheets);
$smarty->assign('inactive_timesheets', $inactive_timesheets);
-$smarty->assign('show_client', $show_client);
-$smarty->assign('show_submit_status', !$user->isClient());
-$smarty->assign('show_approval_status', !$user->isClient());
+$smarty->assign('show_client', $showClient);
$smarty->assign('forms', array($form->getName()=>$form->toArray()));
$smarty->assign('title', $i18n->get('title.timesheets'));
$smarty->assign('content_page_name', 'timesheets.tpl');