X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=expense_delete.php;h=788fb59faf64909eb47b0a484c244cf93137a751;hb=4ebe6fd29283633e5ae7cdb399cc144c38af25fb;hp=d5eccf79d866984fb924ec95e131a009d731a3d0;hpb=6289820a41e9ab79635294c1d6a22583aacf6e77;p=timetracker.git

diff --git a/expense_delete.php b/expense_delete.php
index d5eccf79..788fb59f 100644
--- a/expense_delete.php
+++ b/expense_delete.php
@@ -43,11 +43,12 @@ if (!$user->isPluginEnabled('ex')) {
 $cl_id = (int)$request->getParameter('id');
 // Get the expense item we are deleting.
 $expense_item = ttExpenseHelper::getItem($cl_id);
-if (!$expense_item || $expense_item['invoice_id']) {
-  // Prohibit deleting not ours or invoiced items.
+if (!$expense_item || $expense_item['approved'] || $expense_item['invoice_id']) {
+  // Prohibit deleting not ours, approved, or invoiced items.
   header('Location: access_denied.php');
   exit();
 }
+// End of access checks.
 
 if ($request->isPost()) {
   if ($request->getParameter('delete_button')) { // Delete button pressed.
@@ -77,8 +78,11 @@ $form->addInput(array('type'=>'hidden','name'=>'id','value'=>$cl_id));
 $form->addInput(array('type'=>'submit','name'=>'delete_button','value'=>$i18n->get('label.delete')));
 $form->addInput(array('type'=>'submit','name'=>'cancel_button','value'=>$i18n->get('button.cancel')));
 
-$smarty->assign('expense_item', $expense_item);
+$show_project = MODE_PROJECTS == $user->getTrackingMode() || MODE_PROJECTS_AND_TASKS == $user->getTrackingMode();
+
 $smarty->assign('forms', array($form->getName() => $form->toArray()));
+$smarty->assign('expense_item', $expense_item);
+$smarty->assign('show_project', $show_project);
 $smarty->assign('title', $i18n->get('title.delete_expense'));
 $smarty->assign('content_page_name', 'expense_delete.tpl');
 $smarty->display('index.tpl');