X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=time.php;h=98f6bbaf6e1623b4d7428b4fc4a543fa4ed83903;hb=1c55e1b9d6da2173f7e946011908c02dd80df26d;hp=270a8aaef0c23efed927ae1520a2f7621418c4f3;hpb=fd0872d9e582113346fa1e93557f370286c5c9f2;p=timetracker.git

diff --git a/time.php b/time.php
index 270a8aae..98f6bbaf 100644
--- a/time.php
+++ b/time.php
@@ -34,18 +34,20 @@ import('ttClientHelper');
 import('ttTimeHelper');
 import('DateAndTime');
 
-// This is a now removed check whether user browser supports cookies.
-// if (!isset($_COOKIE['tt_PHPSESSID'])) {
-  // This test gives a false-positive if user goes directly to this page
-  // as from a desktop shortcut (on first request only).
-  // die ("Your browser's cookie functionality is turned off. Please turn it on.");
-// }
-
-// Access check.
-if (!ttAccessAllowed('track_own_time')) {
+// Access checks.
+if (!(ttAccessAllowed('track_own_time') || ttAccessAllowed('track_time'))) {
   header('Location: access_denied.php');
   exit();
 }
+if ($user->behalf_id && (!$user->can('track_time') || !$user->checkBehalfId())) {
+  header('Location: access_denied.php'); // Trying on behalf, but no right or wrong user.
+  exit();
+}
+if (!$user->behalf_id && !$user->can('track_own_time') && !$user->adjustBehalfId()) {
+  header('Location: access_denied.php'); // Trying as self, but no right for self, and noone to work on behalf.
+  exit();
+}
+// End of access checks.
 
 // Initialize and store date in session.
 $cl_date = $request->getParameter('date', @$_SESSION['date']);
@@ -59,7 +61,7 @@ $_SESSION['date'] = $cl_date;
 // Use custom fields plugin if it is enabled.
 if ($user->isPluginEnabled('cf')) {
   require_once('plugins/CustomFields.class.php');
-  $custom_fields = new CustomFields($user->team_id);
+  $custom_fields = new CustomFields($user->group_id);
   $smarty->assign('custom_fields', $custom_fields);
 }
 
@@ -103,9 +105,13 @@ $_SESSION['task'] = $cl_task;
 // Elements of timeRecordForm.
 $form = new Form('timeRecordForm');
 
-if ($user->canManageTeam()) {
-  $user_list = ttTeamHelper::getActiveUsers(array('putSelfFirst'=>true));
-  if (count($user_list) > 1) {
+if ($user->can('track_time')) {
+  if ($user->can('track_own_time'))
+    $options = array('status'=>ACTIVE,'max_rank'=>$user->rank-1,'include_self'=>true,'self_first'=>true);
+  else
+    $options = array('status'=>ACTIVE,'max_rank'=>$user->rank-1);
+  $user_list = $user->getUsers($options);
+  if (count($user_list) >= 1) {
     $form->addInput(array('type'=>'combobox',
       'onchange'=>'this.form.submit();',
       'name'=>'onBehalfUser',
@@ -119,7 +125,7 @@ if ($user->canManageTeam()) {
 
 // Dropdown for clients in MODE_TIME. Use all active clients.
 if (MODE_TIME == $user->tracking_mode && $user->isPluginEnabled('cl')) {
-  $active_clients = ttTeamHelper::getActiveClients($user->team_id, true);
+  $active_clients = ttTeamHelper::getActiveClients($user->group_id, true);
   $form->addInput(array('type'=>'combobox',
     'onchange'=>'fillProjectDropdown(this.value);',
     'name'=>'client',
@@ -145,7 +151,7 @@ if (MODE_PROJECTS == $user->tracking_mode || MODE_PROJECTS_AND_TASKS == $user->t
 
   // Dropdown for clients if the clients plugin is enabled.
   if ($user->isPluginEnabled('cl')) {
-    $active_clients = ttTeamHelper::getActiveClients($user->team_id, true);
+    $active_clients = ttTeamHelper::getActiveClients($user->group_id, true);
     // We need an array of assigned project ids to do some trimming.
     foreach($project_list as $project)
       $projects_assigned_to_user[] = $project['id'];
@@ -173,7 +179,7 @@ if (MODE_PROJECTS == $user->tracking_mode || MODE_PROJECTS_AND_TASKS == $user->t
 }
 
 if (MODE_PROJECTS_AND_TASKS == $user->tracking_mode) {
-  $task_list = ttTeamHelper::getActiveTasks($user->team_id);
+  $task_list = ttTeamHelper::getActiveTasks($user->group_id);
   $form->addInput(array('type'=>'combobox',
     'name'=>'task',
     'style'=>'width: 250px;',
@@ -287,6 +293,7 @@ if ($request->isPost()) {
       $id = ttTimeHelper::insert(array(
         'date' => $cl_date,
         'user_id' => $user->getActiveUser(),
+        'group_id' => $user->getActiveGroup(),
         'client' => $cl_client,
         'project' => $cl_project,
         'task' => $cl_task,
@@ -341,7 +348,7 @@ if ($request->isPost()) {
     }
   }
   elseif ($request->getParameter('onBehalfUser')) {
-    if($user->canManageTeam()) {
+    if($user->can('track_time')) {
       unset($_SESSION['behalf_id']);
       unset($_SESSION['behalf_name']);