X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=time_files.php;h=c499b25c9312e6cce4d5a2bd673840daa31abf0b;hb=ccf6c015e1f48d747ae697944c3d50e8fccf8080;hp=2ba0efceaa5a985301b628173d71afea0fdf0260;hpb=f30b876933acf131cbdfbf89ae7717faffa85f2d;p=timetracker.git

diff --git a/time_files.php b/time_files.php
index 2ba0efce..c499b25c 100644
--- a/time_files.php
+++ b/time_files.php
@@ -36,17 +36,16 @@ if (!(ttAccessAllowed('track_own_time') || ttAccessAllowed('track_time'))) {
   header('Location: access_denied.php');
   exit();
 }
+if (!$user->isPluginEnabled('at')) {
+  header('Location: feature_disabled.php');
+  exit();
+}
 $cl_id = (int)$request->getParameter('id');
-$time_rec = ttTimeHelper::getRecord($cl_id);
+$time_rec = ttTimeHelper::getRecordForFileView($cl_id);
 if (!$time_rec) {
   header('Location: access_denied.php');
   exit();
 }
-if (!$user->isPluginEnabled('at')) {
-  header('Location: feature_disabled.php');
-  exit();
-}
-// TODO: review access checks, specifically for on behalf operations.
 // End of access checks.
 
 if ($request->isPost()) {
@@ -83,8 +82,7 @@ if ($request->isPost()) {
   }
 } // isPost
 
-$canEdit = !($time_rec['approved'] || $time_rec['timesheet_id'] || $time_rec['invoice_id']);
-$smarty->assign('can_edit', $canEdit);
+$smarty->assign('can_edit', $time_rec['can_edit']);
 $smarty->assign('forms', array($form->getName()=>$form->toArray()));
 $smarty->assign('files', $files);
 $smarty->assign('title', $i18n->get('title.time_files'));