X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=WEB-INF%2Flib%2FttTimeHelper.class.php;h=c3ae8d6dc9384b3bea43afdc345a73c38e0cec71;hb=70e77a95ac584db9d220b8f6d791baa0de084734;hp=2a47c741e0d688f4d1fddb88f5dd2c157181beae;hpb=2d7329ba9ee02d996db189a87d79a02a877dd924;p=timetracker.git

diff --git a/WEB-INF/lib/ttTimeHelper.class.php b/WEB-INF/lib/ttTimeHelper.class.php
index 2a47c741..c3ae8d6d 100644
--- a/WEB-INF/lib/ttTimeHelper.class.php
+++ b/WEB-INF/lib/ttTimeHelper.class.php
@@ -510,6 +510,15 @@ class ttTimeHelper {
     global $user;
     $mdb2 = getConnection();
 
+    // Delete associated files.
+    if ($user->isPluginEnabled('at')) {
+      import('ttFileHelper');
+      global $err;
+      $fileHelper = new ttFileHelper($err);
+      if (!$fileHelper->deleteEntityFiles($id, 'time'))
+        return false;
+    }
+
     $user_id = $user->getUser();
     $group_id = $user->getGroup();
     $org_id = $user->org_id;
@@ -676,7 +685,7 @@ class ttTimeHelper {
       " TIME_FORMAT(sec_to_time(time_to_sec(l.start) + time_to_sec(l.duration)), $sql_time_format) as finish,".
       " TIME_FORMAT(l.duration, '%k:%i') as duration,".
       " p.name as project_name, t.name as task_name, l.comment, l.client_id, l.project_id, l.task_id,".
-      " l.timesheet_id, l.invoice_id, l.billable, l.paid, l.date from tt_log l".
+      " l.timesheet_id, l.invoice_id, l.billable, l.approved, l.paid, l.date from tt_log l".
       " left join tt_projects p on (p.id = l.project_id)".
       " left join tt_tasks t on (t.id = l.task_id)".
       " where l.id = $id and l.user_id = $user_id and l.group_id = $group_id and l.org_id = $org_id and l.status = 1";
@@ -692,6 +701,82 @@ class ttTimeHelper {
     return false;
   }
 
+  // getRecordForFileView - retrieves a time record identified by its id for
+  // attachment view operation.
+  //
+  // It is different from getRecord, as we want users with appropriate rights
+  // to be able to see other users files, without changing "on behalf" user.
+  // For example, viewing reports for all users and their attached files
+  // from report links.
+  static function getRecordForFileView($id) {
+    // There are several possible situations:
+    //
+    // Record is ours. Check "view_own_reports" or "view_all_reports".
+    // Record is for the current on behalf user. Check "view_reports" or "view_all_reports".
+    // Record is for someone else. Check "view_reports" or "view_all_reports" and rank.
+    //
+    // It looks like the best way is to use 2 queries, obtain user_id first, then check rank.
+
+    global $user;
+
+    $group_id = $user->getGroup();
+    $org_id = $user->org_id;
+
+    $mdb2 = getConnection();
+
+    // Obtain user_id for the time record.
+    $sql = "select l.id, l.user_id, l.timesheet_id, l.invoice_id, l.approved from tt_log l ".
+      " where l.id = $id and l.group_id = $group_id and l.org_id = $org_id and l.status = 1";
+    $res = $mdb2->query($sql);
+    if (is_a($res, 'PEAR_Error')) return false;
+    if (!$res->numRows()) return false;
+
+    $val = $res->fetchRow();
+    $user_id = $val['user_id'];
+
+    // If record is ours.
+    if ($user_id == $user->id) {
+      if ($user->can('view_own_reports') || $user->can('view_all_reports')) {
+        $val['can_edit'] = !($val['timesheet_id'] || $val['invoice_id'] || $val['approved']);
+        return $val;
+      }
+      return false; // No rights.
+    }
+
+    // If record belongs to a user we impersonate.
+    if ($user->behalfUser && $user_id == $user->behalfUser->id) {
+      if ($user->can('view_reports') || $user->can('view_all_reports')) {
+        $val['can_edit'] = !($val['timesheet_id'] || $val['invoice_id'] || $val['approved']);
+        return $val;
+      }
+      return false; // No rights.
+    }
+
+    // Record belongs to someone else. We need to check user rank.
+    if (!($user->can('view_reports') || $user->can('view_all_reports'))) return false;
+    $max_rank = $user->can('view_all_reports') ? MAX_RANK : $user->getMaxRankForGroup($group_id);
+
+    $left_joins = ' left join tt_users u on (l.user_id = u.id)';
+    $left_joins .= ' left join tt_roles r on (u.role_id = r.id)';
+
+    $where_part = " where l.id = $id and l.group_id = $group_id and l.org_id = $org_id and l.status = 1".
+    $where_part .= " and r.rank <= $max_rank";
+
+    $sql = "select l.id, l.user_id, l.timesheet_id, l.invoice_id, l.approved".
+      " from tt_log l $left_joins $where_part";
+    $res = $mdb2->query($sql);
+    if (!is_a($res, 'PEAR_Error')) {
+      if (!$res->numRows()) {
+        return false;
+      }
+      if ($val = $res->fetchRow()) {
+        $val['can_edit'] = false;
+        return $val;
+      }
+    }
+    return false;
+  }
+
   // getAllRecords - returns all time records for a certain user.
   static function getAllRecords($user_id) {
     $result = array();
@@ -753,6 +838,53 @@ class ttTimeHelper {
     return $result;
   }
 
+  // getRecordsWithFiles - returns time records for a user for a given date
+  // with information whether they have attached files (has_files property).
+  // A separate fiunction from getRecords because sql here is more complex.
+  static function getRecordsWithFiles($user_id, $date) {
+    global $user;
+    $mdb2 = getConnection();
+
+    $group_id = $user->getGroup();
+    $org_id = $user->org_id;
+
+    $sql_time_format = "'%k:%i'"; //  24 hour format.
+    if ('%I:%M %p' == $user->getTimeFormat())
+      $sql_time_format = "'%h:%i %p'"; // 12 hour format for MySQL TIME_FORMAT function.
+
+    $client_field = null;
+    if ($user->isPluginEnabled('cl'))
+      $client_field = ", c.name as client";
+
+    $left_joins = " left join tt_projects p on (l.project_id = p.id)".
+      " left join tt_tasks t on (l.task_id = t.id)";
+    if ($user->isPluginEnabled('cl'))
+      $left_joins .= " left join tt_clients c on (l.client_id = c.id)";
+
+    $left_joins .= " left join (select distinct entity_id from tt_files".
+      " where entity_type = 'time' and group_id = $group_id and org_id = $org_id and status = 1) Sub1".
+      " on (l.id = Sub1.entity_id)";
+
+    $result = array();
+    $sql = "select l.id as id, TIME_FORMAT(l.start, $sql_time_format) as start,".
+      " TIME_FORMAT(sec_to_time(time_to_sec(l.start) + time_to_sec(l.duration)), $sql_time_format) as finish,".
+      " TIME_FORMAT(l.duration, '%k:%i') as duration, p.name as project, t.name as task, l.comment,".
+      " if(Sub1.entity_id is null, 0, 1) as has_files,".
+      " l.billable, l.approved, l.timesheet_id, l.invoice_id $client_field from tt_log l $left_joins".
+      " where l.date = '$date' and l.user_id = $user_id and l.group_id = $group_id and l.org_id = $org_id and l.status = 1".
+      " order by l.start, l.id";
+    $res = $mdb2->query($sql);
+    if (!is_a($res, 'PEAR_Error')) {
+      while ($val = $res->fetchRow()) {
+        if($val['duration']=='0:00')
+          $val['finish'] = '';
+        $result[] = $val;
+      }
+    } else return false;
+
+    return $result;
+  }
+
   // canAdd determines if we can add a record in case there is a limit.
   static function canAdd() {
     $mdb2 = getConnection();