X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=mobile%2Fexpense_edit.php;h=9cae018141e1ff481524795ca222acc95c8eacf8;hb=7a59cd1320f833a7cc2a29f5fd2806f84a4f0e94;hp=7107e785181a9ac1ebccb67a3841af82d74fc752;hpb=fd0872d9e582113346fa1e93557f370286c5c9f2;p=timetracker.git

diff --git a/mobile/expense_edit.php b/mobile/expense_edit.php
index 7107e785..9cae0181 100644
--- a/mobile/expense_edit.php
+++ b/mobile/expense_edit.php
@@ -32,21 +32,26 @@ import('ttTeamHelper');
 import('DateAndTime');
 import('ttExpenseHelper');
 
-// Access check.
-if (!ttAccessAllowed('track_own_expenses') || !$user->isPluginEnabled('ex')) {
+// Access checks.
+if (!(ttAccessAllowed('track_own_expenses') || ttAccessAllowed('track_expenses'))) {
   header('Location: access_denied.php');
   exit();
 }
-
-$cl_id = $request->getParameter('id');
-
+if (!$user->isPluginEnabled('ex')) {
+  header('Location: feature_disabled.php');
+  exit();
+}
+$cl_id = (int)$request->getParameter('id');
 // Get the expense item we are editing.
-$expense_item = ttExpenseHelper::getItem($cl_id, $user->getActiveUser());
-
-// Prohibit editing invoiced items.
-if ($expense_item['invoice_id']) die($i18n->get('error.sys'));
+$expense_item = ttExpenseHelper::getItem($cl_id, $user->getUser());
+if (!$expense_item || $expense_item['invoice_id']) {
+  // Prohibit editing not ours or invoiced items.
+  header('Location: access_denied.php');
+  exit();
+}
 
 $item_date = new DateAndTime(DB_DATEFORMAT, $expense_item['date']);
+$confirm_save = $user->getConfirmSave();
 
 // Initialize variables.
 $cl_date = $cl_client = $cl_project = $cl_item_name = $cl_cost = null;
@@ -69,7 +74,7 @@ $form = new Form('expenseItemForm');
 
 // Dropdown for clients in MODE_TIME. Use all active clients.
 if (MODE_TIME == $user->tracking_mode && $user->isPluginEnabled('cl')) {
-  $active_clients = ttTeamHelper::getActiveClients($user->team_id, true);
+  $active_clients = ttTeamHelper::getActiveClients($user->group_id, true);
   $form->addInput(array('type'=>'combobox',
     'onchange'=>'fillProjectDropdown(this.value);',
     'name'=>'client',
@@ -94,7 +99,7 @@ if (MODE_PROJECTS == $user->tracking_mode || MODE_PROJECTS_AND_TASKS == $user->t
 
   // Dropdown for clients if the clients plugin is enabled.
   if ($user->isPluginEnabled('cl')) {
-    $active_clients = ttTeamHelper::getActiveClients($user->team_id, true);
+    $active_clients = ttTeamHelper::getActiveClients($user->group_id, true);
     // We need an array of assigned project ids to do some trimming. 
     foreach($project_list as $project)
       $projects_assigned_to_user[] = $project['id'];
@@ -120,7 +125,7 @@ if (MODE_PROJECTS == $user->tracking_mode || MODE_PROJECTS_AND_TASKS == $user->t
   }
 }
 // If predefined expenses are configured, add controls to select an expense and quantity.
-$predefined_expenses = ttTeamHelper::getPredefinedExpenses($user->team_id);
+$predefined_expenses = ttTeamHelper::getPredefinedExpenses($user->group_id);
 if ($predefined_expenses) {
     $form->addInput(array('type'=>'combobox',
       'onchange'=>'recalculateCost();',
@@ -138,8 +143,10 @@ $form->addInput(array('type'=>'datefield','name'=>'date','maxlength'=>'20','valu
 // Hidden control for record id.
 $form->addInput(array('type'=>'hidden','name'=>'id','value'=>$cl_id));
 $form->addInput(array('type'=>'hidden','name'=>'browser_today','value'=>'')); // User current date, which gets filled in on btn_save or btn_copy click.
-$form->addInput(array('type'=>'submit','name'=>'btn_save','onclick'=>'browser_today.value=get_date()','value'=>$i18n->get('button.save')));
-$form->addInput(array('type'=>'submit','name'=>'btn_copy','onclick'=>'browser_today.value=get_date()','value'=>$i18n->get('button.copy')));
+$on_click_action = 'browser_today.value=get_date();';
+$form->addInput(array('type'=>'submit','name'=>'btn_copy','onclick'=>$on_click_action,'value'=>$i18n->get('button.copy')));
+if ($confirm_save) $on_click_action .= 'return(confirmSave());';
+$form->addInput(array('type'=>'submit','name'=>'btn_save','onclick'=>$on_click_action,'value'=>$i18n->get('button.save')));
 $form->addInput(array('type'=>'submit','name'=>'btn_delete','value'=>$i18n->get('label.delete')));
 
 if ($request->isPost()) {
@@ -180,7 +187,7 @@ if ($request->isPost()) {
 
     // Now, an update.
     if ($err->no()) {
-      if (ttExpenseHelper::update(array('id'=>$cl_id,'date'=>$new_date->toString(DB_DATEFORMAT),'user_id'=>$user->getActiveUser(),
+      if (ttExpenseHelper::update(array('id'=>$cl_id,'date'=>$new_date->toString(DB_DATEFORMAT),'user_id'=>$user->getUser(),
           'client_id'=>$cl_client,'project_id'=>$cl_project,'name'=>$cl_item_name,'cost'=>$cl_cost))) {
         header('Location: expenses.php?date='.$new_date->toString(DB_DATEFORMAT));
         exit();
@@ -196,8 +203,8 @@ if ($request->isPost()) {
 
     // Now, a new insert.
     if ($err->no()) {
-      if (ttExpenseHelper::insert(array('date'=>$new_date->toString(DB_DATEFORMAT),'user_id'=>$user->getActiveUser(),
-        'client_id'=>$cl_client,'project_id'=>$cl_project,'name'=>$cl_item_name,'cost'=>$cl_cost,'status'=>1))) {
+      if (ttExpenseHelper::insert(array('date'=>$new_date->toString(DB_DATEFORMAT),'client_id'=>$cl_client,
+          'project_id'=>$cl_project,'name'=>$cl_item_name,'cost'=>$cl_cost,'status'=>1))) {
         header('Location: expenses.php?date='.$new_date->toString(DB_DATEFORMAT));
         exit();
       } else
@@ -211,6 +218,10 @@ if ($request->isPost()) {
   }
 } // isPost
 
+if ($confirm_save) {
+  $smarty->assign('confirm_save', true);
+  $smarty->assign('entry_date', $cl_date);
+}
 $smarty->assign('predefined_expenses', $predefined_expenses);
 $smarty->assign('client_list', $client_list);
 $smarty->assign('project_list', $project_list);