X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=WEB-INF%2Flib%2FttReportHelper.class.php;h=38da987911251b710b5ca1d50a1ec535e1e68e3f;hb=a08292683b29da0946e2099e3fd94bc2d19688f3;hp=0d99ce88adf3d4fd391a3229abc8f0a45dfb8769;hpb=49c25be4ace17ab7495824a08c37a061a5a75b25;p=timetracker.git

diff --git a/WEB-INF/lib/ttReportHelper.class.php b/WEB-INF/lib/ttReportHelper.class.php
index 0d99ce88..38da9879 100644
--- a/WEB-INF/lib/ttReportHelper.class.php
+++ b/WEB-INF/lib/ttReportHelper.class.php
@@ -564,35 +564,45 @@ class ttReportHelper {
   }
 
   // The assignToInvoice assigns a set of records to a specific invoice.
-  static function assignToInvoice($invoice_id, $time_log_ids, $expense_item_ids)
-  {
+  static function assignToInvoice($invoice_id, $time_log_ids, $expense_item_ids) {
+    global $user;
     $mdb2 = getConnection();
+
+    $group_id = $user->getGroup();
+    $org_id = $user->org_id;
+
     if ($time_log_ids) {
       $sql = "update tt_log set invoice_id = ".$mdb2->quote($invoice_id).
-        " where id in(".join(', ', $time_log_ids).")";
+        " where id in(".join(', ', $time_log_ids).") and group_id = $group_id and org_id = $org_id";
       $affected = $mdb2->exec($sql);
       if (is_a($affected, 'PEAR_Error')) die($affected->getMessage());
     }
     if ($expense_item_ids) {
       $sql = "update tt_expense_items set invoice_id = ".$mdb2->quote($invoice_id).
-        " where id in(".join(', ', $expense_item_ids).")";
+        " where id in(".join(', ', $expense_item_ids).") and group_id = $group_id and org_id = $org_id";
       $affected = $mdb2->exec($sql);
       if (is_a($affected, 'PEAR_Error')) die($affected->getMessage());
     }
   }
 
   // The markPaid marks a set of records as either paid or unpaid.
-  static function markPaid($time_log_ids, $expense_item_ids, $paid = true)
-  {
+  static function markPaid($time_log_ids, $expense_item_ids, $paid = true) {
+    global $user;
     $mdb2 = getConnection();
+
+    $group_id = $user->getGroup();
+    $org_id = $user->org_id;
+
     $paid_val = (int) $paid;
     if ($time_log_ids) {
-      $sql = "update tt_log set paid = $paid_val where id in(".join(', ', $time_log_ids).")";
+      $sql = "update tt_log set paid = $paid_val".
+        " where id in(".join(', ', $time_log_ids).") and group_id = $group_id and org_id = $org_id";
       $affected = $mdb2->exec($sql);
       if (is_a($affected, 'PEAR_Error')) die($affected->getMessage());
     }
     if ($expense_item_ids) {
-      $sql = "update tt_expense_items set paid = $paid_val where id in(".join(', ', $expense_item_ids).")";
+      $sql = "update tt_expense_items set paid = $paid_val".
+        " where id in(".join(', ', $expense_item_ids).") and group_id = $group_id and org_id = $org_id";
       $affected = $mdb2->exec($sql);
       if (is_a($affected, 'PEAR_Error')) die($affected->getMessage());
     }
@@ -1010,7 +1020,7 @@ class ttReportHelper {
     // Check users.
     $users_in_bean = $bean->getAttribute('users');
     if (is_array($users_in_bean)) {
-      $users_in_group = ttTeamHelper::getUsers();
+      $users_in_group = ttGroupHelper::getUsers();
       foreach ($users_in_group as $user_in_group) {
         $valid_ids[] = $user_in_group['id'];
       }