X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=expense_edit.php;h=877ec663811d9cfe59d405eb76d5f6ee904b4a99;hb=13cfff28242767287408e8fd13d992bc6c6e2086;hp=c42bddc8bb94d7c2d513de5b564dadd77092dbb6;hpb=f8292d356ef3ac53b2bb1183dd462f7c453c20e5;p=timetracker.git

diff --git a/expense_edit.php b/expense_edit.php
index c42bddc8..877ec663 100644
--- a/expense_edit.php
+++ b/expense_edit.php
@@ -30,6 +30,7 @@ require_once('initialize.php');
 import('form.Form');
 import('ttGroupHelper');
 import('DateAndTime');
+import('ttTimeHelper');
 import('ttExpenseHelper');
 
 // Access checks.
@@ -44,8 +45,8 @@ if (!$user->isPluginEnabled('ex')) {
 $cl_id = (int)$request->getParameter('id');
 // Get the expense item we are editing.
 $expense_item = ttExpenseHelper::getItem($cl_id);
-if (!$expense_item || $expense_item['invoice_id']) {
-  // Prohibit editing not ours or invoiced items.
+if (!$expense_item || $expense_item['approved'] || $expense_item['invoice_id']) {
+  // Prohibit editing not ours, approved, or invoiced items.
   header('Location: access_denied.php');
   exit();
 }
@@ -161,22 +162,23 @@ if ($request->isPost()) {
   // Validate user input.
   if ($user->isPluginEnabled('cl') && $user->isPluginEnabled('cm') && !$cl_client)
     $err->add($i18n->get('error.client'));
-  if (MODE_PROJECTS == $trackingMode || MODE_PROJECTS_AND_TASKS == $trackingMode) {
-    if (!$cl_project) $err->add($i18n->get('error.project'));
-  }
+  if ($show_project && !$cl_project)
+    $err->add($i18n->get('error.project'));
   if (!ttValidString($cl_item_name)) $err->add($i18n->get('error.field'), $i18n->get('label.item'));
   if (!ttValidFloat($cl_cost)) $err->add($i18n->get('error.field'), $i18n->get('label.cost'));
   if (!ttValidDate($cl_date)) $err->add($i18n->get('error.field'), $i18n->get('label.date'));
 
   // This is a new date for the expense item.
-  $new_date = new DateAndTime($user->date_format, $cl_date);
+  $new_date = new DateAndTime($user->getDateFormat(), $cl_date);
 
   // Prohibit creating entries in future.
-  if (!$user->future_entries) {
+  if (!$user->getConfigOption('future_entries')) {
     $browser_today = new DateAndTime(DB_DATEFORMAT, $request->getParameter('browser_today', null));
     if ($new_date->after($browser_today))
       $err->add($i18n->get('error.future_date'));
   }
+  if (!ttTimeHelper::canAdd()) $err->add($i18n->get('error.expired'));
+  // Finished validating user input.
 
   // Save record.
   if ($request->getParameter('btn_save')) {
@@ -195,7 +197,7 @@ if ($request->isPost()) {
 
     // Now, an update.
     if ($err->no()) {
-      if (ttExpenseHelper::update(array('id'=>$cl_id,'date'=>$new_date->toString(DB_DATEFORMAT),'user_id'=>$user->getUser(),
+      if (ttExpenseHelper::update(array('id'=>$cl_id,'date'=>$new_date->toString(DB_DATEFORMAT),
           'client_id'=>$cl_client,'project_id'=>$cl_project,'name'=>$cl_item_name,'cost'=>$cl_cost,'paid'=>$cl_paid))) {
         header('Location: expenses.php?date='.$new_date->toString(DB_DATEFORMAT));
         exit();
@@ -230,11 +232,12 @@ if ($confirm_save) {
   $smarty->assign('confirm_save', true);
   $smarty->assign('entry_date', $cl_date);
 }
+$smarty->assign('forms', array($form->getName()=>$form->toArray()));
+$smarty->assign('show_project', $show_project);
 $smarty->assign('predefined_expenses', $predefined_expenses);
 $smarty->assign('client_list', $client_list);
 $smarty->assign('project_list', $project_list);
 $smarty->assign('task_list', $task_list);
-$smarty->assign('forms', array($form->getName()=>$form->toArray()));
 $smarty->assign('title', $i18n->get('title.edit_expense'));
 $smarty->assign('content_page_name', 'expense_edit.tpl');
 $smarty->display('index.tpl');