X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=expense_edit.php;h=cca8225a4e42cc17ce0c378b419616c35089279f;hb=109089e858e28200e714a790883c236230b3922f;hp=15cfcfaf5f056de217c8fe8cdefce5c2d41e9058;hpb=4dcb88a76a3de466ee6116ae0852f53ba2b259a5;p=timetracker.git

diff --git a/expense_edit.php b/expense_edit.php
index 15cfcfaf..cca8225a 100644
--- a/expense_edit.php
+++ b/expense_edit.php
@@ -41,14 +41,14 @@ if (!$user->isPluginEnabled('ex')) {
   header('Location: feature_disabled.php');
   exit();
 }
-
-$cl_id = $request->getParameter('id');
-
+$cl_id = (int)$request->getParameter('id');
 // Get the expense item we are editing.
-$expense_item = ttExpenseHelper::getItem($cl_id, $user->getActiveUser());
-
-// Prohibit editing invoiced items.
-if ($expense_item['invoice_id']) die($i18n->get('error.sys'));
+$expense_item = ttExpenseHelper::getItem($cl_id, $user->getUser());
+if (!$expense_item || $expense_item['invoice_id']) {
+  // Prohibit editing not ours or invoiced items.
+  header('Location: access_denied.php');
+  exit();
+}
 
 $item_date = new DateAndTime(DB_DATEFORMAT, $expense_item['date']);
 
@@ -76,7 +76,7 @@ $form = new Form('expenseItemForm');
 
 // Dropdown for clients in MODE_TIME. Use all active clients.
 if (MODE_TIME == $user->tracking_mode && $user->isPluginEnabled('cl')) {
-  $active_clients = ttTeamHelper::getActiveClients($user->team_id, true);
+  $active_clients = ttTeamHelper::getActiveClients($user->group_id, true);
   $form->addInput(array('type'=>'combobox',
     'onchange'=>'fillProjectDropdown(this.value);',
     'name'=>'client',
@@ -101,7 +101,7 @@ if (MODE_PROJECTS == $user->tracking_mode || MODE_PROJECTS_AND_TASKS == $user->t
 
   // Dropdown for clients if the clients plugin is enabled.
   if ($user->isPluginEnabled('cl')) {
-    $active_clients = ttTeamHelper::getActiveClients($user->team_id, true);
+    $active_clients = ttTeamHelper::getActiveClients($user->group_id, true);
     // We need an array of assigned project ids to do some trimming. 
     foreach($project_list as $project)
       $projects_assigned_to_user[] = $project['id'];
@@ -127,7 +127,7 @@ if (MODE_PROJECTS == $user->tracking_mode || MODE_PROJECTS_AND_TASKS == $user->t
   }
 }
 // If predefined expenses are configured, add controls to select an expense and quantity.
-$predefined_expenses = ttTeamHelper::getPredefinedExpenses($user->team_id);
+$predefined_expenses = ttTeamHelper::getPredefinedExpenses($user->group_id);
 if ($predefined_expenses) {
     $form->addInput(array('type'=>'combobox',
       'onchange'=>'recalculateCost();',
@@ -141,13 +141,14 @@ if ($predefined_expenses) {
 }
 $form->addInput(array('type'=>'textarea','maxlength'=>'800','name'=>'item_name','style'=>'width: 250px; height:'.NOTE_INPUT_HEIGHT.'px;','value'=>$cl_item_name));
 $form->addInput(array('type'=>'text','maxlength'=>'40','name'=>'cost','style'=>'width: 100px;','value'=>$cl_cost));
-if ($user->canManageTeam() && $user->isPluginEnabled('ps'))
+if ($user->can('manage_invoices') && $user->isPluginEnabled('ps'))
   $form->addInput(array('type'=>'checkbox','name'=>'paid','value'=>$cl_paid));
 $form->addInput(array('type'=>'datefield','name'=>'date','maxlength'=>'20','value'=>$cl_date));
 // Hidden control for record id.
 $form->addInput(array('type'=>'hidden','name'=>'id','value'=>$cl_id));
 $form->addInput(array('type'=>'hidden','name'=>'browser_today','value'=>'')); // User current date, which gets filled in on btn_save or btn_copy click.
-$form->addInput(array('type'=>'submit','name'=>'btn_save','onclick'=>'browser_today.value=get_date()','value'=>$i18n->get('button.save')));
+// TODO: improve on conditional confirmSave.
+$form->addInput(array('type'=>'submit','name'=>'btn_save','onclick'=>'browser_today.value=get_date();return(confirmSave())','value'=>$i18n->get('button.save')));
 $form->addInput(array('type'=>'submit','name'=>'btn_copy','onclick'=>'browser_today.value=get_date()','value'=>$i18n->get('button.copy')));
 $form->addInput(array('type'=>'submit','name'=>'btn_delete','value'=>$i18n->get('label.delete')));
 
@@ -189,7 +190,7 @@ if ($request->isPost()) {
 
     // Now, an update.
     if ($err->no()) {
-      if (ttExpenseHelper::update(array('id'=>$cl_id,'date'=>$new_date->toString(DB_DATEFORMAT),'user_id'=>$user->getActiveUser(),
+      if (ttExpenseHelper::update(array('id'=>$cl_id,'date'=>$new_date->toString(DB_DATEFORMAT),'user_id'=>$user->getUser(),
           'client_id'=>$cl_client,'project_id'=>$cl_project,'name'=>$cl_item_name,'cost'=>$cl_cost,'paid'=>$cl_paid))) {
         header('Location: expenses.php?date='.$new_date->toString(DB_DATEFORMAT));
         exit();
@@ -205,8 +206,8 @@ if ($request->isPost()) {
 
     // Now, a new insert.
     if ($err->no()) {
-      if (ttExpenseHelper::insert(array('date'=>$new_date->toString(DB_DATEFORMAT),'user_id'=>$user->getActiveUser(),
-        'client_id'=>$cl_client,'project_id'=>$cl_project,'name'=>$cl_item_name,'cost'=>$cl_cost,'status'=>1))) {
+      if (ttExpenseHelper::insert(array('date'=>$new_date->toString(DB_DATEFORMAT),'client_id'=>$cl_client,
+          'project_id'=>$cl_project,'name'=>$cl_item_name,'cost'=>$cl_cost,'status'=>1))) {
         header('Location: expenses.php?date='.$new_date->toString(DB_DATEFORMAT));
         exit();
       } else
@@ -220,6 +221,9 @@ if ($request->isPost()) {
   }
 } // isPost
 
+// TODO: improve on conditional confirmSave.
+$smarty->assign('entry_date', $cl_date);
+
 $smarty->assign('predefined_expenses', $predefined_expenses);
 $smarty->assign('client_list', $client_list);
 $smarty->assign('project_list', $project_list);