X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=timesheets.php;h=b7ce44b8489d1bb0893623d0f1a07d2b8bbf8aa8;hb=HEAD;hp=191f7492b07946a580d6662ee1f1bafc09a97226;hpb=a64a8d017c37bec34585e0c345a0c139ac3b43a0;p=timetracker.git diff --git a/timesheets.php b/timesheets.php index 191f7492..b7ce44b8 100644 --- a/timesheets.php +++ b/timesheets.php @@ -28,38 +28,80 @@ require_once('initialize.php'); import('form.Form'); +import('ttGroupHelper'); import('ttTimesheetHelper'); // Access checks. -if (!(ttAccessAllowed('view_own_timesheets') || - ttAccessAllowed('manage_own_timesheets') || - ttAccessAllowed('view_timesheets') || - ttAccessAllowed('manage_timesheets') || - ttAccessAllowed('approve_timesheets'))) { +if (!(ttAccessAllowed('track_own_time') || ttAccessAllowed('track_time'))) { header('Location: access_denied.php'); exit(); } - +if ($user->behalf_id && (!$user->can('track_time') || !$user->checkBehalfId())) { + header('Location: access_denied.php'); // Trying on behalf, but no right or wrong user. + exit(); +} +if (!$user->behalf_id && !$user->can('track_own_time') && !$user->adjustBehalfId()) { + header('Location: access_denied.php'); // Trying as self, but no right for self, and noone to work on behalf. + exit(); +} if (!$user->isPluginEnabled('ts')) { header('Location: feature_disabled.php'); exit(); } +if ($request->isPost()) { + $userChanged = $request->getParameter('user_changed'); // Reused in multiple places below. + if ($userChanged && !($user->can('track_time') && $user->isUserValid($request->getParameter('user')))) { + header('Location: access_denied.php'); // Group changed, but no rght or wrong user id. + exit(); + } +} // End of access checks. -// TODO: determine user properly, using a dropdown. -$user_id = $user->getUser(); +// Determine user for whom we display this page. +if ($request->isPost() && $userChanged) { + $user_id = $request->getParameter('user'); + $user->setOnBehalfUser($user_id); +} else { + $user_id = $user->getUser(); +} + +$group_id = $user->getGroup(); + +$showFiles = $user->isPluginEnabled('at'); -// TODO: fix this for client access. -$active_timesheets = ttTimesheetHelper::getActiveTimesheets($user_id); -$inactive_timesheets = ttTimesheetHelper::getInactiveTimesheets($user_id); -$show_client = $user->isPluginEnabled('cl') && !$user->isClient(); +// Elements of timesheetsForm. +$form = new Form('timesheetsForm'); + +if ($user->can('track_time')) { + $rank = $user->getMaxRankForGroup($group_id); + if ($user->can('track_own_time')) + $options = array('status'=>ACTIVE,'max_rank'=>$rank,'include_self'=>true,'self_first'=>true); + else + $options = array('status'=>ACTIVE,'max_rank'=>$rank); + $user_list = $user->getUsers($options); + if (count($user_list) >= 1) { + $form->addInput(array('type'=>'combobox', + 'onchange'=>'document.timesheetsForm.user_changed.value=1;document.timesheetsForm.submit();', + 'name'=>'user', + 'style'=>'width: 250px;', + 'value'=>$user_id, + 'data'=>$user_list, + 'datakeys'=>array('id','name'))); + $form->addInput(array('type'=>'hidden','name'=>'user_changed')); + $smarty->assign('user_dropdown', 1); + } +} + +$active_timesheets = ttTimesheetHelper::getActiveTimesheets(); +$inactive_timesheets = ttTimesheetHelper::getInactiveTimesheets(); + +$showClient = $user->isPluginEnabled('cl'); $smarty->assign('active_timesheets', $active_timesheets); $smarty->assign('inactive_timesheets', $inactive_timesheets); -$smarty->assign('show_client', $show_client); -$smarty->assign('show_submit_status', !$user->isClient()); -$smarty->assign('show_approval_status', !$user->isClient()); - +$smarty->assign('show_client', $showClient); +$smarty->assign('show_files', $showFiles); +$smarty->assign('forms', array($form->getName()=>$form->toArray())); $smarty->assign('title', $i18n->get('title.timesheets')); $smarty->assign('content_page_name', 'timesheets.tpl'); $smarty->display('index.tpl');