X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=expense_delete.php;h=d5b4e8d270ef8a3fcc334df11a7edcb141ced6b7;hb=dc00748e76b054fb1163f7a3835b686a752fbf8a;hp=dd3f9125ae6cd767d66e682706ed05a2892ec69c;hpb=a7ba11adfecf6cb906749efe5abce688363aef07;p=timetracker.git diff --git a/expense_delete.php b/expense_delete.php index dd3f9125..d5b4e8d2 100644 --- a/expense_delete.php +++ b/expense_delete.php @@ -32,7 +32,7 @@ import('DateAndTime'); import('ttExpenseHelper'); // Access check. -if (!ttAccessCheck(right_data_entry)) { +if (!ttAccessAllowed('track_own_expenses') || !$user->isPluginEnabled('ex')) { header('Location: access_denied.php'); exit(); } @@ -46,36 +46,25 @@ if ($expense_item['invoice_id']) die($i18n->getKey('error.sys')); if ($request->isPost()) { if ($request->getParameter('delete_button')) { // Delete button pressed. - // Determine if it's okay to delete the record. + // Determine if it is okay to delete the record. + $item_date = new DateAndTime(DB_DATEFORMAT, $expense_item['date']); + if ($user->isDateLocked($item_date)) + $err->add($i18n->getKey('error.range_locked')); - // Determine lock date. - $lock_interval = $user->lock_interval; - $lockdate = 0; - if ($lock_interval > 0) { - $lockdate = new DateAndTime(); - $lockdate->decDay($lock_interval); - } - if ($lockdate) { - $item_date = new DateAndTime(DB_DATEFORMAT); - $item_date->parseVal($expense_item['date'], DB_DATEFORMAT); - if ($item_date->before($lockdate)) - $errors->add($i18n->getKey('error.period_locked')); - } - - if ($errors->no()) { + if ($err->no()) { // Mark the record as deleted. if (ttExpenseHelper::markDeleted($cl_id, $user->getActiveUser())) { header('Location: expenses.php'); exit(); } else - $errors->add($i18n->getKey('error.db')); + $err->add($i18n->getKey('error.db')); } } if ($request->getParameter('cancel_button')) { // Cancel button pressed. header('Location: expenses.php'); exit(); } -} // POST +} // isPost $form = new Form('expenseItemForm'); $form->addInput(array('type'=>'hidden','name'=>'id','value'=>$cl_id));