X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;ds=sidebyside;f=WEB-INF%2Flib%2FttExpenseHelper.class.php;h=6d3128fd4ac141ff232c64d89390dc753cc8855a;hb=bd92aeb3404ed8625272abccc9a8766f13ab75e6;hp=ff7879c331e08d9c7b5598086ad29f6c2df06df3;hpb=3e7b58457f94c49a154b2f108f0188682a114aa2;p=timetracker.git diff --git a/WEB-INF/lib/ttExpenseHelper.class.php b/WEB-INF/lib/ttExpenseHelper.class.php index ff7879c3..6d3128fd 100644 --- a/WEB-INF/lib/ttExpenseHelper.class.php +++ b/WEB-INF/lib/ttExpenseHelper.class.php @@ -31,20 +31,24 @@ class ttExpenseHelper { // insert - inserts an entry into tt_expense_items table. static function insert($fields) { + global $user; $mdb2 = getConnection(); $date = $fields['date']; $user_id = (int) $fields['user_id']; + $group_id = (int) $fields['group_id']; $client_id = $fields['client_id']; $project_id = $fields['project_id']; $name = $fields['name']; $cost = str_replace(',', '.', $fields['cost']); $invoice_id = $fields['invoice_id']; $status = $fields['status']; + $paid = (int) $fields['paid']; + $created = ', now(), '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', '.$mdb2->quote($user->id); - $sql = "insert into tt_expense_items (date, user_id, client_id, project_id, name, cost, invoice_id, status) ". - "values (".$mdb2->quote($date).", $user_id, ".$mdb2->quote($client_id).", ".$mdb2->quote($project_id). - ", ".$mdb2->quote($name).", ".$mdb2->quote($cost).", ".$mdb2->quote($invoice_id).", ".$mdb2->quote($status).")"; + $sql = "insert into tt_expense_items (date, user_id, group_id, client_id, project_id, name, cost, invoice_id, paid, created, created_ip, created_by, status) ". + "values (".$mdb2->quote($date).", $user_id, $group_id, ".$mdb2->quote($client_id).", ".$mdb2->quote($project_id). + ", ".$mdb2->quote($name).", ".$mdb2->quote($cost).", ".$mdb2->quote($invoice_id).", $paid $created, ".$mdb2->quote($status).")"; $affected = $mdb2->exec($sql); if (is_a($affected, 'PEAR_Error')) return false; @@ -69,13 +73,14 @@ class ttExpenseHelper { $invoice_id = $fields['invoice_id']; $paid_part = ''; - if ($user->canManageTeam() && $user->isPluginEnabled('ps')) { + if ($user->can('manage_invoices') && $user->isPluginEnabled('ps')) { $paid_part = $fields['paid'] ? ', paid = 1' : ', paid = 0'; } + $modified_part = ', modified = now(), modified_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', modified_by = '.$mdb2->quote($user->id); $sql = "UPDATE tt_expense_items set date = ".$mdb2->quote($date).", user_id = $user_id, client_id = ".$mdb2->quote($client_id). ", project_id = ".$mdb2->quote($project_id).", name = ".$mdb2->quote($name). - ", cost = ".$mdb2->quote($cost)."$paid_part, invoice_id = ".$mdb2->quote($invoice_id). + ", cost = ".$mdb2->quote($cost)."$paid_part $modified_part, invoice_id = ".$mdb2->quote($invoice_id). " WHERE id = $id"; $affected = $mdb2->exec($sql);