X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=mobile%2Fexpenses.php;h=25a1c60253402a476a1c22251e5289914787971d;hb=a2c9be17652110a021c2a6ab867ad78ecd1bcc2d;hp=934c63a78eca4634d7001df5cc8171c2f3226004;hpb=fd0872d9e582113346fa1e93557f370286c5c9f2;p=timetracker.git diff --git a/mobile/expenses.php b/mobile/expenses.php index 934c63a7..25a1c602 100644 --- a/mobile/expenses.php +++ b/mobile/expenses.php @@ -33,11 +33,23 @@ import('ttTeamHelper'); import('DateAndTime'); import('ttExpenseHelper'); -// Access check. -if (!ttAccessAllowed('track_own_expenses') || !$user->isPluginEnabled('ex')) { +// Access checks. +if (!(ttAccessAllowed('track_own_expenses') || ttAccessAllowed('track_expenses'))) { header('Location: access_denied.php'); exit(); } +if (!$user->isPluginEnabled('ex')) { + header('Location: feature_disabled.php'); + exit(); +} +if ($user->behalf_id && (!$user->can('track_expenses') || !$user->checkBehalfId())) { + header('Location: access_denied.php'); // Trying on behalf, but no right or wrong user. + exit(); +} +if (!$user->behalf_id && !$user->can('track_own_expenses') && !$user->adjustBehalfId()) { + header('Location: access_denied.php'); // Trying as self, but no right for self, and noone to work on behalf. + exit(); +} // Initialize and store date in session. $cl_date = $request->getParameter('date', @$_SESSION['date']); @@ -64,9 +76,13 @@ $cl_cost = $request->getParameter('cost'); // Elements of expensesForm. $form = new Form('expensesForm'); -if ($user->canManageTeam()) { - $user_list = ttTeamHelper::getActiveUsers(array('putSelfFirst'=>true)); - if (count($user_list) > 1) { +if ($user->can('track_expenses')) { + if ($user->can('track_own_expenses')) + $options = array('status'=>ACTIVE,'max_rank'=>$user->rank-1,'include_self'=>true,'self_first'=>true); + else + $options = array('status'=>ACTIVE,'max_rank'=>$user->rank-1); + $user_list = $user->getUsers($options); + if (count($user_list) >= 1) { $form->addInput(array('type'=>'combobox', 'onchange'=>'this.form.submit();', 'name'=>'onBehalfUser', @@ -80,7 +96,7 @@ if ($user->canManageTeam()) { // Dropdown for clients in MODE_TIME. Use all active clients. if (MODE_TIME == $user->tracking_mode && $user->isPluginEnabled('cl')) { - $active_clients = ttTeamHelper::getActiveClients($user->team_id, true); + $active_clients = ttTeamHelper::getActiveClients($user->group_id, true); $form->addInput(array('type'=>'combobox', 'onchange'=>'fillProjectDropdown(this.value);', 'name'=>'client', @@ -106,7 +122,7 @@ if (MODE_PROJECTS == $user->tracking_mode || MODE_PROJECTS_AND_TASKS == $user->t // Dropdown for clients if the clients plugin is enabled. if ($user->isPluginEnabled('cl')) { - $active_clients = ttTeamHelper::getActiveClients($user->team_id, true); + $active_clients = ttTeamHelper::getActiveClients($user->group_id, true); // We need an array of assigned project ids to do some trimming. foreach($project_list as $project) $projects_assigned_to_user[] = $project['id']; @@ -132,7 +148,7 @@ if (MODE_PROJECTS == $user->tracking_mode || MODE_PROJECTS_AND_TASKS == $user->t } } // If predefined expenses are configured, add controls to select an expense and quantity. -$predefined_expenses = ttTeamHelper::getPredefinedExpenses($user->team_id); +$predefined_expenses = ttTeamHelper::getPredefinedExpenses($user->group_id); if ($predefined_expenses) { $form->addInput(array('type'=>'combobox', 'onchange'=>'recalculateCost();', @@ -176,7 +192,7 @@ if ($request->isPost()) { // Insert record. if ($err->no()) { - if (ttExpenseHelper::insert(array('date'=>$cl_date,'user_id'=>$user->getActiveUser(), + if (ttExpenseHelper::insert(array('date'=>$cl_date,'user_id'=>$user->getActiveUser(),'group_id'=>$user->getActiveGroup(), 'client_id'=>$cl_client,'project_id'=>$cl_project,'name'=>$cl_item_name,'cost'=>$cl_cost,'status'=>1))) { header('Location: expenses.php'); exit(); @@ -184,7 +200,7 @@ if ($request->isPost()) { $err->add($i18n->get('error.db')); } } elseif ($request->getParameter('onBehalfUser')) { - if($user->canManageTeam()) { + if($user->can('track_expenses')) { unset($_SESSION['behalf_id']); unset($_SESSION['behalf_name']);