X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=mobile%2Ftime_delete.php;h=a68da767a861e82fd48a9bfb6420f0bf51c59773;hb=5bf42f1ee383f9be9707927f56b3c16753b81c45;hp=ef955e9a7e3f7e0c38228662d60d17b68c64101f;hpb=33399ff6a8bdfe9b989810dafe9c4dbf3cf3b685;p=timetracker.git diff --git a/mobile/time_delete.php b/mobile/time_delete.php index ef955e9a..a68da767 100644 --- a/mobile/time_delete.php +++ b/mobile/time_delete.php @@ -32,72 +32,57 @@ import('ttUserHelper'); import('ttTimeHelper'); import('DateAndTime'); -// Access check. -if (!ttAccessCheck(right_data_entry)) { +// Access checks. +if (!ttAccessAllowed('track_own_time')) { header('Location: access_denied.php'); exit(); } +$cl_id = (int)$request->getParameter('id'); +$time_rec = ttTimeHelper::getRecord($cl_id); +if (!$time_rec || $time_rec['approved'] || $time_rec['timesheet_id'] || $time_rec['invoice_id']) { + // Prohibit deleting not ours, approved, assigned to timesheet, or invoiced records. + header('Location: access_denied.php'); + exit(); +} +// End of access checks. -// Use Custom Fields plugin if we have one. -// if (file_exists("plugins/CustomFields.class.php")) { -// require_once("plugins/CustomFields.class.php"); -// $custom_fields = new CustomFields($user->team_id); -// } - -$cl_id = $request->getParameter('id'); -$time_rec = ttTimeHelper::getRecord($cl_id, $user->getActiveUser()); - -// Prohibit deleting invoiced records. -if ($time_rec['invoice_id']) die($i18n->getKey('error.sys')); - // Escape comment for presentation. $time_rec['comment'] = htmlspecialchars($time_rec['comment']); - -if ($request->getMethod() == 'POST') { + +if ($request->isPost()) { if ($request->getParameter('delete_button')) { // Delete button pressed. - + // Determine if it's okay to delete the record. $item_date = new DateAndTime(DB_DATEFORMAT, $time_rec['date']); - // Determine lock date. - $lock_interval = $user->lock_interval; - $lockdate = 0; - if ($lock_interval > 0) { - $lockdate = new DateAndTime(); - $lockdate->decDay($lock_interval); - } // Determine if the record is uncompleted. $uncompleted = ($time_rec['duration'] == '0:00'); - - if($lockdate && $item_date->before($lockdate) && !$uncompleted) { - $errors->add($i18n->getKey('error.period_locked')); - } - - if ($errors->isEmpty()) { - - // Delete the record. - $result = ttTimeHelper::delete($cl_id, $user->getActiveUser()); - if ($result) { + if ($user->isDateLocked($item_date) && !$uncompleted) + $err->add($i18n->get('error.range_locked')); + + if ($err->no()) { + // Delete the record. + if (ttTimeHelper::delete($cl_id)) { header('Location: time.php'); exit(); } else { - $errors->add($i18n->getKey('error.db')); + $err->add($i18n->get('error.db')); } } } if ($request->getParameter('cancel_button')) { // Cancel button pressed. - header('Location: time.php'); - exit(); + header('Location: time.php'); + exit(); } -} - +} // isPost + $form = new Form('timeRecordForm'); $form->addInput(array('type'=>'hidden','name'=>'id','value'=>$cl_id)); -$form->addInput(array('type'=>'submit','name'=>'delete_button','value'=>$i18n->getKey('label.delete'))); -$form->addInput(array('type'=>'submit','name'=>'cancel_button','value'=>$i18n->getKey('button.cancel'))); +$form->addInput(array('type'=>'submit','name'=>'delete_button','value'=>$i18n->get('label.delete'))); +$form->addInput(array('type'=>'submit','name'=>'cancel_button','value'=>$i18n->get('button.cancel'))); $smarty->assign('time_rec', $time_rec); $smarty->assign('forms', array($form->getName() => $form->toArray())); -$smarty->assign('title', $i18n->getKey('title.delete_time_record')); +$smarty->assign('title', $i18n->get('title.delete_time_record')); $smarty->assign('content_page_name', 'mobile/time_delete.tpl'); $smarty->display('mobile/index.tpl');