X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=expense_delete.php;h=788fb59faf64909eb47b0a484c244cf93137a751;hb=d18d90a3f3050def6c646eef7d5420c2d2091393;hp=32b9ab6792df831a0690c363061f4f5e960f315b;hpb=c294ba4289d15382b0889be57d63a9297e10291d;p=timetracker.git

diff --git a/expense_delete.php b/expense_delete.php
index 32b9ab67..788fb59f 100644
--- a/expense_delete.php
+++ b/expense_delete.php
@@ -42,12 +42,13 @@ if (!$user->isPluginEnabled('ex')) {
 }
 $cl_id = (int)$request->getParameter('id');
 // Get the expense item we are deleting.
-$expense_item = ttExpenseHelper::getItem($cl_id, $user->getUser());
-if (!$expense_item || $expense_item['invoice_id']) {
-  // Prohibit deleting not ours or invoiced items.
+$expense_item = ttExpenseHelper::getItem($cl_id);
+if (!$expense_item || $expense_item['approved'] || $expense_item['invoice_id']) {
+  // Prohibit deleting not ours, approved, or invoiced items.
   header('Location: access_denied.php');
   exit();
 }
+// End of access checks.
 
 if ($request->isPost()) {
   if ($request->getParameter('delete_button')) { // Delete button pressed.
@@ -77,8 +78,11 @@ $form->addInput(array('type'=>'hidden','name'=>'id','value'=>$cl_id));
 $form->addInput(array('type'=>'submit','name'=>'delete_button','value'=>$i18n->get('label.delete')));
 $form->addInput(array('type'=>'submit','name'=>'cancel_button','value'=>$i18n->get('button.cancel')));
 
-$smarty->assign('expense_item', $expense_item);
+$show_project = MODE_PROJECTS == $user->getTrackingMode() || MODE_PROJECTS_AND_TASKS == $user->getTrackingMode();
+
 $smarty->assign('forms', array($form->getName() => $form->toArray()));
+$smarty->assign('expense_item', $expense_item);
+$smarty->assign('show_project', $show_project);
 $smarty->assign('title', $i18n->get('title.delete_expense'));
 $smarty->assign('content_page_name', 'expense_delete.tpl');
 $smarty->display('index.tpl');