X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=file_delete.php;h=3ef22aead9ec7dfe562079fcaabfbf2798d2939e;hb=HEAD;hp=50b3e0e9aaad1d9f65872e83c069ed6b7932d4e7;hpb=434a81099f4456d0679755335e31aaf74ad29ecd;p=timetracker.git

diff --git a/file_delete.php b/file_delete.php
index 50b3e0e9..3ef22aea 100644
--- a/file_delete.php
+++ b/file_delete.php
@@ -29,6 +29,7 @@
 require_once('initialize.php');
 import('form.Form');
 import('ttFileHelper');
+import('ttTimeHelper');
 import('ttProjectHelper');
 
 // Access checks.
@@ -39,14 +40,21 @@ if (!$file) {
   exit();
 }
 // Entity-specific checks.
-if ($file['entity_type'] == 'project') {
+$entity_type = $file['entity_type'];
+if ($entity_type == 'time') {
+  if (!(ttAccessAllowed('track_own_time') || ttAccessAllowed('track_time')) || !ttTimeHelper::getRecord($file['entity_id'])) {
+    header('Location: access_denied.php');
+    exit();
+  }
+}
+if ($entity_type == 'project') {
   if (!ttAccessAllowed('manage_projects') || !ttProjectHelper::get($file['entity_id'])) {
     header('Location: access_denied.php');
     exit();
   }
 }
-if ($file['entity_type'] != 'project') {
-  // Currently, files are only associated with projects.
+if ($entity_type != 'project' && $entity_type != 'time') {
+  // Currently, files are only associated with time records and projects.
   // Improve access checks when the feature evolves.
   header('Location: access_denied.php');
   exit();
@@ -60,16 +68,26 @@ $form->addInput(array('type'=>'hidden','name'=>'id','value'=>$cl_file_id));
 $form->addInput(array('type'=>'submit','name'=>'btn_delete','value'=>$i18n->get('label.delete')));
 $form->addInput(array('type'=>'submit','name'=>'btn_cancel','value'=>$i18n->get('button.cancel')));
 
-// TODO: design redirects properly...
 if ($request->isPost()) {
   if ($request->getParameter('btn_delete')) {
-    if (ttProjectHelper::delete($cl_project_id)) {
-      header('Location: projects.php');
+    $fileHelper = new ttFileHelper($err);
+    $deleted = $fileHelper->deleteFile($file);
+    if ($deleted) {
+      if ($entity_type == 'time') {
+        header('Location: time_files.php?id='.$file['entity_id']);
+      }
+      if ($entity_type == 'project') {
+        header('Location: project_files.php?id='.$file['entity_id']);
+      }
       exit();
-    } else
-      $err->add($i18n->get('error.db'));
+    }
   } elseif ($request->getParameter('btn_cancel')) {
-    header('Location: projects.php');
+    if ($entity_type == 'time') {
+      header('Location: time_files.php?id='.$file['entity_id']);
+    }
+    if ($entity_type == 'project') {
+      header('Location: project_files.php?id='.$file['entity_id']);
+    }
     exit();
   }
 } // isPost