X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=WEB-INF%2Flib%2FttReportHelper.class.php;h=d46e783f758a12c822a032019d8312e7775ca609;hb=1c55e1b9d6da2173f7e946011908c02dd80df26d;hp=74ddd5828258f259698c98c87d7c0b476adb6fec;hpb=6072ff00f2f58e59e2e1138771038b42bc9f32aa;p=timetracker.git

diff --git a/WEB-INF/lib/ttReportHelper.class.php b/WEB-INF/lib/ttReportHelper.class.php
index 74ddd582..d46e783f 100644
--- a/WEB-INF/lib/ttReportHelper.class.php
+++ b/WEB-INF/lib/ttReportHelper.class.php
@@ -64,11 +64,11 @@ class ttReportHelper {
 
     // Prepare sql query part for user list.
     $userlist = $options['users'] ? $options['users'] : '-1';
-    $user_list_part = null;
     if ($user->can('view_reports') || $user->can('view_all_reports') || $user->isClient())
       $user_list_part = " and l.user_id in ($userlist)";
     else
       $user_list_part = " and l.user_id = ".$user->id;
+    $user_list_part .= " and l.group_id = ".$user->getActiveGroup();
 
     // Prepare sql query part for where.
     if ($options['period'])
@@ -106,22 +106,22 @@ class ttReportHelper {
 
     // Prepare user list part.
     $userlist = -1;
-    if (($user->can('view_reports') || $user->isClient())) {
+    if ($user->can('view_reports') || $user->can('view_all_reports') || $user->isClient()) {
       if ($options['users'])
         $userlist = $options['users'];
       else {
-        $active_users = ttTeamHelper::getActiveUsers();
-        foreach ($active_users as $single_user)
+        $group_users = ttTeamHelper::getUsers(); // active and inactive users
+        foreach ($group_users as $single_user)
           $users[] = $single_user['id'];
         $userlist = join(',', $users);
       }
     }
     // Prepare sql query part for user list.
-    $user_list_part = null;
-    if ($user->can('view_reports') || $user->isClient())
+    if ($user->can('view_reports') || $user->can('view_all_reports') || $user->isClient())
       $user_list_part = " and l.user_id in ($userlist)";
     else
       $user_list_part = " and l.user_id = ".$user->id;
+    $user_list_part .= " and l.group_id = ".$user->getActiveGroup();
 
     // Prepare sql query part for where.
     if ($options['period'])
@@ -155,11 +155,11 @@ class ttReportHelper {
 
     // Prepare sql query part for user list.
     $userlist = $options['users'] ? $options['users'] : '-1';
-    $user_list_part = null;
     if ($user->can('view_reports') || $user->can('view_all_reports') || $user->isClient())
       $user_list_part = " and ei.user_id in ($userlist)";
     else
       $user_list_part = " and ei.user_id = ".$user->id;
+    $user_list_part .= " and ei.group_id = ".$user->getActiveGroup();
 
     // Prepare sql query part for where.
     if ($options['period'])
@@ -204,11 +204,11 @@ class ttReportHelper {
       }
     }
     // Prepare sql query part for user list.
-    $user_list_part = null;
-    if ($user->can('view_reports') || $user->isClient())
+    if ($user->can('view_reports') || $user->can('view_all_reports') || $user->isClient())
       $user_list_part = " and ei.user_id in ($userlist)";
     else
       $user_list_part = " and ei.user_id = ".$user->id;
+    $user_list_part .= " and ei.group_id = ".$user->getActiveGroup();
 
     // Prepare sql query part for where.
     if ($options['period'])
@@ -1936,4 +1936,26 @@ class ttReportHelper {
      */
     return $options;
   }
+
+  // verifyBean is a security function to make sure data in bean makes sense for a group.
+  static function verifyBean($bean) {
+    global $user;
+
+    // Check users.
+    $users_in_bean = $bean->getAttribute('users');
+    if (is_array($users_in_bean)) {
+      $users_in_group = ttTeamHelper::getUsers();
+      foreach ($users_in_group as $user_in_group) {
+        $valid_ids[] = $user_in_group['id'];
+      }
+      foreach ($users_in_bean as $user_in_bean) {
+        if (!in_array($user_in_bean, $valid_ids)) {
+          return false;
+        }
+      }
+    }
+
+    // TODO: add additional checks here. Perhaps do it before saving the bean for consistency.
+    return true;
+  }
 }