X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=WEB-INF%2Flib%2FttFavReportHelper.class.php;h=b056bd819f209455316f0bda780b514a28451c00;hb=ea116938e30f04a448b87956b7660baeec83876e;hp=36600e2194685d7a501eb5843e1b5d50aecd9279;hpb=b43967e75a9a02e61a8ac2263f3b5432556d661f;p=timetracker.git

diff --git a/WEB-INF/lib/ttFavReportHelper.class.php b/WEB-INF/lib/ttFavReportHelper.class.php
index 36600e21..b056bd81 100644
--- a/WEB-INF/lib/ttFavReportHelper.class.php
+++ b/WEB-INF/lib/ttFavReportHelper.class.php
@@ -32,11 +32,17 @@ import('ttTeamHelper');
 class ttFavReportHelper {
 
   // getReports - returns an array of favorite reports for user.
-  static function getReports($user_id) {
+  static function getReports() {
+    global $user;
     $mdb2 = getConnection();
 
+    $user_id = $user->getUser();
+    $group_id = $user->getGroup();
+    $org_id = $user->org_id;
+
     $result = array();
-    $sql = "select * from tt_fav_reports where user_id = $user_id and status = 1";
+    $sql = "select * from tt_fav_reports".
+      " where user_id = $user_id and group_id = $group_id and org_id = $org_id and status = 1";
     $res = $mdb2->query($sql);
     if (!is_a($res, 'PEAR_Error')) {
       while ($val = $res->fetchRow()) {
@@ -47,7 +53,29 @@ class ttFavReportHelper {
     return false;
   }
 
+  // get - returns a report identified by its id for user.
+  static function get($id) {
+    global $user;
+    $mdb2 = getConnection();
+
+    $user_id = $user->getUser();
+    $group_id = $user->getGroup();
+    $org_id = $user->org_id;
+
+    $sql = "select * from tt_fav_reports".
+      " where id = $id and user_id = $user_id and group_id = $group_id and org_id = $org_id and status = 1";
+    $res = $mdb2->query($sql);
+    if (!is_a($res, 'PEAR_Error')) {
+      if ($val = $res->fetchRow()) {
+        return $val;
+      }
+    }
+    return false;
+  }
   // getReport - returns a report identified by its id.
+  // TODO: get rid of this function by encapsulating all cron related tasks in its own class.
+  // Because cron works for all orgs and we want this class to always work in context of
+  // a logged on user, for better security.
   static function getReport($id) {
     $mdb2 = getConnection();