X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=WEB-INF%2Flib%2FttReportHelper.class.php;h=26478c3b73dd30b7b333dfbd3c2833336077509e;hb=1ca0df080b44b700872bec9216d8405b1f90bc11;hp=0d99ce88adf3d4fd391a3229abc8f0a45dfb8769;hpb=49c25be4ace17ab7495824a08c37a061a5a75b25;p=timetracker.git

diff --git a/WEB-INF/lib/ttReportHelper.class.php b/WEB-INF/lib/ttReportHelper.class.php
index 0d99ce88..26478c3b 100644
--- a/WEB-INF/lib/ttReportHelper.class.php
+++ b/WEB-INF/lib/ttReportHelper.class.php
@@ -40,6 +40,9 @@ class ttReportHelper {
   static function getWhere($options) {
     global $user;
 
+    $group_id = $user->getGroup();
+    $org_id = $user->org_id;
+
     // Prepare dropdown parts.
     $dropdown_parts = '';
     if ($options['client_id'])
@@ -61,17 +64,18 @@ class ttReportHelper {
     if ($user->can('view_reports') || $user->can('view_all_reports') || $user->isClient())
       $user_list_part = " and l.user_id in ($userlist)";
     else
-      $user_list_part = " and l.user_id = ".$user->id;
-    $user_list_part .= " and l.group_id = ".$user->getGroup();
+      $user_list_part = " and l.user_id = ".$user->getUser();
+    $user_list_part .= " and l.group_id = $group_id and l.org_id = $org_id";
 
     // Prepare sql query part for where.
+    $dateFormat = $user->getDateFormat();
     if ($options['period'])
-      $period = new Period($options['period'], new DateAndTime($user->date_format));
+      $period = new Period($options['period'], new DateAndTime($dateFormat));
     else {
       $period = new Period();
       $period->setPeriod(
-        new DateAndTime($user->date_format, $options['period_start']),
-        new DateAndTime($user->date_format, $options['period_end']));
+        new DateAndTime($dateFormat, $options['period_start']),
+        new DateAndTime($dateFormat, $options['period_end']));
     }
     $where = " where l.status = 1 and l.date >= '".$period->getStartDate(DB_DATEFORMAT)."' and l.date <= '".$period->getEndDate(DB_DATEFORMAT)."'".
       " $user_list_part $dropdown_parts";
@@ -564,35 +568,45 @@ class ttReportHelper {
   }
 
   // The assignToInvoice assigns a set of records to a specific invoice.
-  static function assignToInvoice($invoice_id, $time_log_ids, $expense_item_ids)
-  {
+  static function assignToInvoice($invoice_id, $time_log_ids, $expense_item_ids) {
+    global $user;
     $mdb2 = getConnection();
+
+    $group_id = $user->getGroup();
+    $org_id = $user->org_id;
+
     if ($time_log_ids) {
       $sql = "update tt_log set invoice_id = ".$mdb2->quote($invoice_id).
-        " where id in(".join(', ', $time_log_ids).")";
+        " where id in(".join(', ', $time_log_ids).") and group_id = $group_id and org_id = $org_id";
       $affected = $mdb2->exec($sql);
       if (is_a($affected, 'PEAR_Error')) die($affected->getMessage());
     }
     if ($expense_item_ids) {
       $sql = "update tt_expense_items set invoice_id = ".$mdb2->quote($invoice_id).
-        " where id in(".join(', ', $expense_item_ids).")";
+        " where id in(".join(', ', $expense_item_ids).") and group_id = $group_id and org_id = $org_id";
       $affected = $mdb2->exec($sql);
       if (is_a($affected, 'PEAR_Error')) die($affected->getMessage());
     }
   }
 
   // The markPaid marks a set of records as either paid or unpaid.
-  static function markPaid($time_log_ids, $expense_item_ids, $paid = true)
-  {
+  static function markPaid($time_log_ids, $expense_item_ids, $paid = true) {
+    global $user;
     $mdb2 = getConnection();
+
+    $group_id = $user->getGroup();
+    $org_id = $user->org_id;
+
     $paid_val = (int) $paid;
     if ($time_log_ids) {
-      $sql = "update tt_log set paid = $paid_val where id in(".join(', ', $time_log_ids).")";
+      $sql = "update tt_log set paid = $paid_val".
+        " where id in(".join(', ', $time_log_ids).") and group_id = $group_id and org_id = $org_id";
       $affected = $mdb2->exec($sql);
       if (is_a($affected, 'PEAR_Error')) die($affected->getMessage());
     }
     if ($expense_item_ids) {
-      $sql = "update tt_expense_items set paid = $paid_val where id in(".join(', ', $expense_item_ids).")";
+      $sql = "update tt_expense_items set paid = $paid_val".
+        " where id in(".join(', ', $expense_item_ids).") and group_id = $group_id and org_id = $org_id";
       $affected = $mdb2->exec($sql);
       if (is_a($affected, 'PEAR_Error')) die($affected->getMessage());
     }
@@ -1010,7 +1024,7 @@ class ttReportHelper {
     // Check users.
     $users_in_bean = $bean->getAttribute('users');
     if (is_array($users_in_bean)) {
-      $users_in_group = ttTeamHelper::getUsers();
+      $users_in_group = ttGroupHelper::getUsers();
       foreach ($users_in_group as $user_in_group) {
         $valid_ids[] = $user_in_group['id'];
       }