X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=time_delete.php;h=a7b802b6033fb94eaca988fd0564bdf58d1de05b;hb=9850e2eb4693a013ff10ba4b44c58c72e8501081;hp=7125a57ec9a48df4475ba5b1fc8eba0f3876048d;hpb=098a79f0819ebb89b7d48df4a6b154af4560f68e;p=timetracker.git diff --git a/time_delete.php b/time_delete.php index 7125a57e..a7b802b6 100644 --- a/time_delete.php +++ b/time_delete.php @@ -32,73 +32,58 @@ import('ttUserHelper'); import('ttTimeHelper'); import('DateAndTime'); -// Access check. -if (!ttAccessCheck(right_data_entry)) { +// Access checks. +if (!(ttAccessAllowed('track_own_time') || ttAccessAllowed('track_time'))) { header('Location: access_denied.php'); exit(); } +$cl_id = (int)$request->getParameter('id'); +$time_rec = ttTimeHelper::getRecord($cl_id); +if (!$time_rec || $time_rec['approved'] || $time_rec['timesheet_id'] || $time_rec['invoice_id']) { + // Prohibit deleting not ours, approved, assigned to timesheet, or invoiced records. + header('Location: access_denied.php'); + exit(); +} +// End of access checks. -// Use Custom Fields plugin if we have one. -// if (file_exists("plugins/CustomFields.class.php")) { -// require_once("plugins/CustomFields.class.php"); -// $custom_fields = new CustomFields($user->team_id); -// } - -$cl_id = $request->getParameter('id'); -$time_rec = ttTimeHelper::getRecord($cl_id, $user->getActiveUser()); - -// Prohibit deleting invoiced records. -if ($time_rec['invoice_id']) die($i18n->getKey('error.sys')); - // Escape comment for presentation. $time_rec['comment'] = htmlspecialchars($time_rec['comment']); - -if ($request->getMethod() == 'POST') { - if ($request->getParameter('delete_button')) { // Delete button pressed. - + +if ($request->isPost()) { + if ($request->getParameter('delete_button')) { // Delete button pressed. + // Determine if it's okay to delete the record. $item_date = new DateAndTime(DB_DATEFORMAT, $time_rec['date']); - // Determine lock date. - $lock_interval = $user->lock_interval; - $lockdate = 0; - if ($lock_interval > 0) { - $lockdate = new DateAndTime(); - $lockdate->decDay($lock_interval); - } + // Determine if the record is uncompleted. $uncompleted = ($time_rec['duration'] == '0:00'); - - if($lockdate && $item_date->before($lockdate) && !$uncompleted) { - $errors->add($i18n->getKey('error.period_locked')); - } - - if ($errors->isEmpty()) { - - // Delete the record. - $result = ttTimeHelper::delete($cl_id, $user->getActiveUser()); - if ($result) { + if ($user->isDateLocked($item_date) && !$uncompleted) + $err->add($i18n->get('error.range_locked')); + + if ($err->no()) { + // Delete the record. + if (ttTimeHelper::delete($cl_id)) { header('Location: time.php'); exit(); } else { - $errors->add($i18n->getKey('error.db')); + $err->add($i18n->get('error.db')); } } } if ($request->getParameter('cancel_button')) { // Cancel button pressed. - header('Location: time.php'); - exit(); + header('Location: time.php'); + exit(); } -} - +} // isPost + $form = new Form('timeRecordForm'); $form->addInput(array('type'=>'hidden','name'=>'id','value'=>$cl_id)); -$form->addInput(array('type'=>'submit','name'=>'delete_button','value'=>$i18n->getKey('label.delete'))); -$form->addInput(array('type'=>'submit','name'=>'cancel_button','value'=>$i18n->getKey('button.cancel'))); +$form->addInput(array('type'=>'submit','name'=>'delete_button','value'=>$i18n->get('label.delete'))); +$form->addInput(array('type'=>'submit','name'=>'cancel_button','value'=>$i18n->get('button.cancel'))); $smarty->assign('time_rec', $time_rec); $smarty->assign('forms', array($form->getName() => $form->toArray())); -$smarty->assign('title', $i18n->getKey('title.delete_time_record')); +$smarty->assign('title', $i18n->get('title.delete_time_record')); $smarty->assign('content_page_name', 'time_delete.tpl'); $smarty->display('index.tpl'); -?> \ No newline at end of file