X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=mobile%2Fexpense_delete.php;h=48e74dc0e3394b6bb82a87cb1db441508d995dbf;hb=ccf6c015e1f48d747ae697944c3d50e8fccf8080;hp=c33f5232e49f9deb5b62dd2fe5c1951d50c317a7;hpb=6289820a41e9ab79635294c1d6a22583aacf6e77;p=timetracker.git

diff --git a/mobile/expense_delete.php b/mobile/expense_delete.php
index c33f5232..48e74dc0 100644
--- a/mobile/expense_delete.php
+++ b/mobile/expense_delete.php
@@ -43,11 +43,12 @@ if (!$user->isPluginEnabled('ex')) {
 $cl_id = (int)$request->getParameter('id');
 // Get the expense item we are deleting.
 $expense_item = ttExpenseHelper::getItem($cl_id);
-if (!$expense_item || $expense_item['invoice_id']) {
-  // Prohibit deleting not ours or invoiced items.
+if (!$expense_item || $expense_item['approved'] || $expense_item['invoice_id']) {
+  // Prohibit deleting not ours, approved, or invoiced items.
   header('Location: access_denied.php');
   exit();
 }
+// End of access checks.
 
 if ($request->isPost()) {
   if ($request->getParameter('delete_button')) { // Delete button pressed.
@@ -77,8 +78,11 @@ $form->addInput(array('type'=>'hidden','name'=>'id','value'=>$cl_id));
 $form->addInput(array('type'=>'submit','name'=>'delete_button','value'=>$i18n->get('label.delete')));
 $form->addInput(array('type'=>'submit','name'=>'cancel_button','value'=>$i18n->get('button.cancel')));
 
-$smarty->assign('expense_item', $expense_item);
+$show_project = MODE_PROJECTS == $user->getTrackingMode() || MODE_PROJECTS_AND_TASKS == $user->getTrackingMode();
+
 $smarty->assign('forms', array($form->getName() => $form->toArray()));
+$smarty->assign('expense_item', $expense_item);
+$smarty->assign('show_project', $show_project);
 $smarty->assign('title', $i18n->get('title.delete_expense'));
 $smarty->assign('content_page_name', 'mobile/expense_delete.tpl');
 $smarty->display('mobile/index.tpl');