X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=report.php;h=3f2074491e64dec85e64864858281048c4f09fdd;hb=2bd9983978cf8d6263e27a531aeb33f365667e37;hp=d712968d9110d05cef8b2d403debd10d2ebd824f;hpb=45c855269d952873285f7a835e82fc2b3eff3971;p=timetracker.git

diff --git a/report.php b/report.php
index d712968d..3f207449 100644
--- a/report.php
+++ b/report.php
@@ -33,7 +33,7 @@ import('ttReportHelper');
 import('ttTeamHelper');
 
 // Access check.
-if (!(ttAccessAllowed('view_own_reports') || ttAccessAllowed('view_reports'))) {
+if (!(ttAccessAllowed('view_own_reports') || ttAccessAllowed('view_reports') || ttAccessAllowed('view_all_reports'))) {
   header('Location: access_denied.php');
   exit();
 }
@@ -70,11 +70,12 @@ $client_id = $bean->getAttribute('client');
 // Do we need to show checkboxes?
 if ($bean->getAttribute('chpaid') ||
    ($client_id && $bean->getAttribute('chinvoice') && ('no_grouping' == $bean->getAttribute('group_by')) && !$user->isClient())) {
-  $smarty->assign('use_checkboxes', true);
+  if ($user->can('manage_invoices'))
+    $smarty->assign('use_checkboxes', true);
 }
 
 // Controls for "Mark paid" block.
-if ($bean->getAttribute('chpaid')) {
+if ($user->can('manage_invoices') && $bean->getAttribute('chpaid')) {
   $mark_paid_select_options = array('1'=>$i18n->get('dropdown.all'),'2'=>$i18n->get('dropdown.select'));
   $form->addInput(array('type'=>'combobox',
     'name'=>'mark_paid_select_options',
@@ -90,7 +91,8 @@ if ($bean->getAttribute('chpaid')) {
 }
 
 // Controls for "Assign to invoice" block.
-if ($client_id && $bean->getAttribute('chinvoice') && ('no_grouping' == $bean->getAttribute('group_by')) && !$user->isClient()) {
+if ($user->can('manage_invoices') &&
+  ($client_id && $bean->getAttribute('chinvoice') && ('no_grouping' == $bean->getAttribute('group_by')) && !$user->isClient())) {
   // Client is selected and we are displaying the invoice column.
   $recent_invoices = ttTeamHelper::getRecentInvoices($user->group_id, $client_id);
   if ($recent_invoices) {