X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=file_edit.php;h=4a675a502a39dbe12a388bc84d846fccd2670818;hb=9b5a1834db24f25803fc0d461394e4a2bfcc44b7;hp=381508d1cf809002f82f6d3abda93b4ceb3cebd7;hpb=6152f4bd9a8f960c79ae025b775b719930574cc9;p=timetracker.git diff --git a/file_edit.php b/file_edit.php index 381508d1..4a675a50 100644 --- a/file_edit.php +++ b/file_edit.php @@ -29,6 +29,7 @@ require_once('initialize.php'); import('form.Form'); import('ttFileHelper'); +import('ttTimeHelper'); import('ttProjectHelper'); // Access checks. @@ -39,14 +40,21 @@ if (!$file) { exit(); } // Entity-specific checks. -if ($file['entity_type'] == 'project') { +$entity_type = $file['entity_type']; +if ($entity_type == 'time') { + if (!(ttAccessAllowed('track_own_time') || ttAccessAllowed('track_time')) || !ttTimeHelper::getRecord($file['entity_id'])) { + header('Location: access_denied.php'); + exit(); + } +} +if ($entity_type == 'project') { if (!ttAccessAllowed('manage_projects') || !ttProjectHelper::get($file['entity_id'])) { header('Location: access_denied.php'); exit(); } } -if ($file['entity_type'] != 'project') { - // Currently, files are only associated with projects. +if ($entity_type != 'project' && $entity_type != 'time') { + // Currently, files are only associated with time records and projects. // Improve access checks when the feature evolves. header('Location: access_denied.php'); exit(); @@ -75,8 +83,13 @@ if ($request->isPost()) { if ($request->getParameter('btn_save')) { // Update file information. $updated = ttFileHelper::update(array('id' => $cl_file_id,'description' => $cl_description)); - if ($updated && $file['entity_type'] == 'project') { - header('Location: project_files.php?id='.$file['entity_id']); + if ($updated) { + if ($entity_type == 'time') { + header('Location: time_files.php?id='.$file['entity_id']); + } + if ($entity_type == 'project') { + header('Location: project_files.php?id='.$file['entity_id']); + } exit(); } else $err->add($i18n->get('error.db'));