X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=WEB-INF%2Flib%2FttUser.class.php;h=815eff7c703029dd91657aba72661edcbe1c3766;hb=7706d5a5ca4aa6f4f093beadbf688d2cccaa4bef;hp=f64a76c09ea0194afdbd23658b366a058a35e055;hpb=e3ed046e205a14772a8157def21fea9a14acdde8;p=timetracker.git

diff --git a/WEB-INF/lib/ttUser.class.php b/WEB-INF/lib/ttUser.class.php
index f64a76c0..815eff7c 100644
--- a/WEB-INF/lib/ttUser.class.php
+++ b/WEB-INF/lib/ttUser.class.php
@@ -46,7 +46,9 @@ class ttUser {
   var $project_required = 0;    // Whether project selection is required on time entires.
   var $task_required = 0;       // Whether task selection is required on time entires.
   var $record_type = 0;         // Record type (duration vs start and finish, or both).
+  var $punch_mode = 0;          // Whether punch mode is enabled for user.
   var $allow_overlap = 0;       // Whether to allow overlapping time entries.
+  var $future_entries = 0;      // Whether to allow creating future entries.
   var $uncompleted_indicators = 0; // Uncompleted time entry indicators (show nowhere or on users page).
   var $bcc_email = null;        // Bcc email.
   var $currency = null;         // Currency.
@@ -57,6 +59,7 @@ class ttUser {
   var $lock_spec = null;        // Cron specification for record locking.
   var $workday_minutes = 480;   // Number of work minutes in a regular day.
   var $rights = 0;              // A mask of user rights.
+  var $rights_array = array();  // An array of user rights, planned replacement of array mask.
 
   // Constructor.
   function __construct($login, $id = null) {
@@ -114,7 +117,9 @@ class ttUser {
 
       // Set user config options.
       $this->show_holidays = in_array('show_holidays', $config_array);
+      $this->punch_mode = in_array('punch_mode', $config_array);
       $this->allow_overlap = in_array('allow_overlap', $config_array);
+      $this->future_entries = in_array('future_entries', $config_array);
       $this->uncompleted_indicators = in_array('uncompleted_indicators', $config_array);
 
       // Set "on behalf" id and name.
@@ -126,15 +131,57 @@ class ttUser {
       // Set user rights.
       if ($this->role == ROLE_USER) {
         $this->rights = right_data_entry|right_view_charts|right_view_reports;
+        // TODO: get customized rights from the database instead.
+        // $this->rights_array[] = "data_entry";          // Enter time and expense records into Time Tracker.
+        // $this->rights_array[] = "view_own_data";       // View own reports and charts.
+        // $this->rights_array[] = "manage_own_settings"; // Edit own settings.
+        // $this->rights_array[] = "view_users";          // View user names and roles in a group.
       } elseif ($this->role == ROLE_CLIENT) {
         $this->rights = right_view_reports|right_view_invoices; // TODO: how about right_view_charts, too?
+        // $this->rights_array[] = "view_own_data";       // View own reports, charts, and invoices.
+        // $this->rights_array[] = "manage_own_settings"; // Edit own settings.
       } elseif ($this->role == ROLE_COMANAGER) {
         $this->rights = right_data_entry|right_view_charts|right_view_reports|right_view_invoices|right_manage_team;
+        // $this->rights_array[] = "data_entry";          // Enter time and expense records into Time Tracker.
+        // $this->rights_array[] = "view_own_data";       // View own reports and charts.
+        // $this->rights_array[] = "manage_own_settings"; // Edit own settings.
+        // $this->rights_array[] = "view_users";          // View user names and roles in a group.
+        // $this->rights_array[] = "on_behalf_data_entry";// Can enter data on behalf of lower roles.
+        // $this->rights_array[] = "view_data";           // Can view data for lower roles.
+        $this->rights_array[] = "override_punch_mode"; // Can input any start and finish times for self and lower roles.
+        // TODO: get rights from the database instead.
       } elseif ($this->role == ROLE_MANAGER) {
         $this->rights = right_data_entry|right_view_charts|right_view_reports|right_view_invoices|right_manage_team|right_assign_roles|right_export_team;
+        $this->rights_array[] = "override_punch_mode"; // Can input any start and finish times for self and lower roles.
       } elseif ($this->role == ROLE_SITE_ADMIN) {
         $this->rights = right_administer_site;
       }
+
+/*
+// TODO: redesign of user rights and roles is currently ongoing.
+// As we run our of bits for sure at some point, rights should be strings instead,
+// for example: "data_entry".
+// Also, we need rights editor page and team-customized roles.
+// Move this stuff from here to ttUser class.
+//
+// User access rights - bits that collectively define an access mask to the system (a role).
+// We'll have some bits here (1,2, etc...) reserved for future use.
+define('right_data_entry', 4);     // Right to enter work hours and expenses.
+define('right_view_charts', 8);    // Right to view charts.
+define('right_view_reports', 16);  // Right to view reports.
+define('right_view_invoices', 32); // Right to view invoices.
+define('right_manage_team', 64);   // Right to manage team. Note that this is not full access to team.
+define('right_assign_roles', 128); // Right to assign user roles.
+define('right_export_team', 256);  // Right to export team data to a file.
+define('right_administer_site', 1024); // Admin account right to manage the application as a whole.
+
+// User roles.
+define('ROLE_USER', 4);          // Regular user.
+define('ROLE_CLIENT', 16);       // Client (to view reports and invoices).
+define('ROLE_COMANAGER', 68);    // Team co-manager. Can do many things but not as much as team manager.
+define('ROLE_MANAGER', 324);     // Team manager. Can do everything for a team.
+define('ROLE_SITE_ADMIN', 1024); // Site administrator.
+*/
     }
   }