X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=timesheets.php;h=b7ce44b8489d1bb0893623d0f1a07d2b8bbf8aa8;hb=764eef2d0dd9c6561f88579dbb4e6323d1702d14;hp=cc43f0dd3339f12bc555764b4b859b41e5aa666f;hpb=88bd95ec82e6b715f84b6bd09c04aebbdb4b5e4d;p=timetracker.git diff --git a/timesheets.php b/timesheets.php index cc43f0dd..b7ce44b8 100644 --- a/timesheets.php +++ b/timesheets.php @@ -32,28 +32,32 @@ import('ttGroupHelper'); import('ttTimesheetHelper'); // Access checks. -if (!(ttAccessAllowed('view_own_timesheets') || ttAccessAllowed('view_timesheets') || ttAccessAllowed('view_all_timesheets'))) { +if (!(ttAccessAllowed('track_own_time') || ttAccessAllowed('track_time'))) { header('Location: access_denied.php'); exit(); } -if (!$user->isPluginEnabled('ts')) { - header('Location: feature_disabled.php'); +if ($user->behalf_id && (!$user->can('track_time') || !$user->checkBehalfId())) { + header('Location: access_denied.php'); // Trying on behalf, but no right or wrong user. exit(); } -if ($user->isClient()) { - header('Location: access_denied.php'); // No timesheets for clients. +if (!$user->behalf_id && !$user->can('track_own_time') && !$user->adjustBehalfId()) { + header('Location: access_denied.php'); // Trying as self, but no right for self, and noone to work on behalf. + exit(); +} +if (!$user->isPluginEnabled('ts')) { + header('Location: feature_disabled.php'); exit(); } if ($request->isPost()) { $userChanged = $request->getParameter('user_changed'); // Reused in multiple places below. - if ($userChanged && !($user->can('view_timesheets') && $user->isUserValid($request->getParameter('user')))) { - header('Location: access_denied.php'); // Group changed, but no rght or wrong user id. TODO: research relevance of this... + if ($userChanged && !($user->can('track_time') && $user->isUserValid($request->getParameter('user')))) { + header('Location: access_denied.php'); // Group changed, but no rght or wrong user id. exit(); } } // End of access checks. -// Determine user for which we display this page. +// Determine user for whom we display this page. if ($request->isPost() && $userChanged) { $user_id = $request->getParameter('user'); $user->setOnBehalfUser($user_id); @@ -63,12 +67,14 @@ if ($request->isPost() && $userChanged) { $group_id = $user->getGroup(); +$showFiles = $user->isPluginEnabled('at'); + // Elements of timesheetsForm. $form = new Form('timesheetsForm'); -if ($user->can('view_timesheets') || $user->can('view_all_timesheets')) { +if ($user->can('track_time')) { $rank = $user->getMaxRankForGroup($group_id); - if ($user->can('view_own_timesheets')) + if ($user->can('track_own_time')) $options = array('status'=>ACTIVE,'max_rank'=>$rank,'include_self'=>true,'self_first'=>true); else $options = array('status'=>ACTIVE,'max_rank'=>$rank); @@ -86,16 +92,15 @@ if ($user->can('view_timesheets') || $user->can('view_all_timesheets')) { } } -$active_timesheets = ttTimesheetHelper::getActiveTimesheets($user_id); -$inactive_timesheets = ttTimesheetHelper::getInactiveTimesheets($user_id); +$active_timesheets = ttTimesheetHelper::getActiveTimesheets(); +$inactive_timesheets = ttTimesheetHelper::getInactiveTimesheets(); $showClient = $user->isPluginEnabled('cl'); -$canEdit = $user->can('manage_own_timesheets') || $user->can('manage_timesheets') || $user->can('manage_all_timesheets'); $smarty->assign('active_timesheets', $active_timesheets); $smarty->assign('inactive_timesheets', $inactive_timesheets); $smarty->assign('show_client', $showClient); -$smarty->assign('can_edit', $canEdit); +$smarty->assign('show_files', $showFiles); $smarty->assign('forms', array($form->getName()=>$form->toArray())); $smarty->assign('title', $i18n->get('title.timesheets')); $smarty->assign('content_page_name', 'timesheets.tpl');