X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;ds=sidebyside;f=WEB-INF%2Flib%2FttTeamHelper.class.php;h=08c52f453507ed9ce512a5825440a8aa2c060695;hb=109089e858e28200e714a790883c236230b3922f;hp=b861e669e7d30c096726be9725add9cf85ccaf7f;hpb=118c3d9a6326a6b1ebc3c5a018047cec00ffbd62;p=timetracker.git

diff --git a/WEB-INF/lib/ttTeamHelper.class.php b/WEB-INF/lib/ttTeamHelper.class.php
index b861e669..08c52f45 100644
--- a/WEB-INF/lib/ttTeamHelper.class.php
+++ b/WEB-INF/lib/ttTeamHelper.class.php
@@ -60,10 +60,13 @@ class ttTeamHelper {
     global $i18n;
     $mdb2 = getConnection();
 
+    $group_id = $user->getGroup();
+    $org_id = $user->org_id;
+
     if (isset($options['getAllFields']))
-      $sql = "select u.*, r.name as role_name, r.rank from tt_users u left join tt_roles r on (u.role_id = r.id) where u.group_id = $user->group_id and u.status = 1 order by upper(u.name)";
+      $sql = "select u.*, r.name as role_name, r.rank from tt_users u left join tt_roles r on (u.role_id = r.id) where u.group_id = $group_id and u.org_id = $org_id and u.status = 1 order by upper(u.name)";
     else
-      $sql = "select id, name from tt_users where group_id = $user->group_id and status = 1 order by upper(name)";
+      $sql = "select id, name from tt_users where group_id = $group_id and org_id = $org_id and status = 1 order by upper(name)";
     $res = $mdb2->query($sql);
     $user_list = array();
     if (is_a($res, 'PEAR_Error'))
@@ -103,7 +106,7 @@ class ttTeamHelper {
     if (!$val['id'] || !$val['role_id'])
       return false;
 
-    $modified_part = ', modified = now(), modified_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', modified_by = '.$mdb2->quote($user->id);
+    $modified_part = ', modified = now(), modified_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', modified_by = '.$user->id;
 
     // Promote user.
     $sql = "update tt_users set role_id = $user->role_id".$modified_part." where id = $user_id and group_id = $user->group_id";
@@ -290,7 +293,14 @@ class ttTeamHelper {
     $result = array();
     $mdb2 = getConnection();
 
-    $sql = "select id, name, description, rank, rights from tt_roles where group_id = $user->group_id and org_id = $user->org_id and rank < $user->rank and status = 1 order by rank";
+    $group_id = $user->getGroup();
+    $org_id = $user->org_id;
+
+    // Determine max rank. If we are working in on behalf group
+    // then rank restriction does not apply.
+    $max_rank = $user->behalfGroup ? MAX_RANK : $user->rank;
+
+    $sql = "select id, name, description, rank, rights from tt_roles where group_id = $group_id and org_id = $org_id and rank < $max_rank and status = 1 order by rank";
     $res = $mdb2->query($sql);
     $result = array();
     if (!is_a($res, 'PEAR_Error')) {
@@ -348,7 +358,14 @@ class ttTeamHelper {
     $result = array();
     $mdb2 = getConnection();
 
-    $sql = "select id, name, description, rank, rights from tt_roles where group_id = $user->group_id and org_id = $user->org_id and rank < $user->rank and status = 0 order by rank";
+    $group_id = $user->getGroup();
+    $org_id = $user->org_id;
+
+    // Determine max rank. If we are working in on behalf group
+    // then rank restriction does not apply.
+    $max_rank = $user->behalfGroup ? MAX_RANK : $user->rank;
+
+    $sql = "select id, name, description, rank, rights from tt_roles where group_id = $group_id and org_id = $org_id and rank < $max_rank and status = 0 order by rank";
     $res = $mdb2->query($sql);
     $result = array();
     if (!is_a($res, 'PEAR_Error')) {